Livuschka | 04.10.2013 14:10 | Code:
löMalwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
Datenbank Version: v2013.10.04.04
Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
user :: USER-PC [Administrator]
04.10.2013 10:37:49
mbam-log-2013-10-04 (10-37-49).txt
Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 339526
Laufzeit: 1 Stunde(n), 58 Minute(n), 39 Sekunde(n)
Infizierte Speicherprozesse: 2
C:\ProgramData\BitGuard\2.6.1694.246\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe (PUP.Optional.PerformerSoft.A) -> 1196 -> Löschen bei Neustart.
C:\ProgramData\BitGuard\2.6.1694.246\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe (PUP.Optional.PerformerSoft.A) -> 288 -> Löschen bei Neustart.
Infizierte Speichermodule: 1
C:\ProgramData\BitGuard\2.6.1694.246\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BitGuard.dll (PUP.Optional.BitGuard.A) -> Löschen bei Neustart.
Infizierte Registrierungsschlüssel: 8
HKLM\SYSTEM\CurrentControlSet\Services\BitGuard (PUP.Optional.PerformerSoft.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SYSTEM\CurrentControlSet\Services\CltMngSvc (PUP.Optional.Conduit.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3} (PUP.Optional.Delta.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect (PUP.Optional.Conduit.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693} (PUP.Optional.PerformerSoft.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\DataMngr_Toolbar (PUP.Optional.DataMngr.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\Software\Conduit\FF (PUP.Optional.Conduit.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings (PUP.Optional.BProtector.A) -> Löschen bei Neustart.
Infizierte Registrierungswerte: 3
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|bProtector Start Page (PUP.BProtector) -> Daten: hxxp://www1.delta-search.com/?babsrc=HP_ss&mntrId=E8DF00197EE8C142&affID=121564&tsp=4982 -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes|bProtectorDefaultScope (PUP.BProtector) -> Daten: {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} -> Löschen bei Neustart.
HKLM\SYSTEM\CurrentControlSet\Services\BitGuard|ImagePath (PUP.Optional.BitGuard.A) -> Daten: C:\ProgramData\BitGuard\2.6.1694.246\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe -> Erfolgreich gelöscht und in Quarantäne gestellt.
Infizierte Dateiobjekte der Registrierung: 2
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|AppInit_DLLs (PUP.Optional.BitGuard.A) -> Bösartig: (c:\PROGRA~2\BitGuard\261694~1.246\{C16C1~1\BitGuard.dll) Gut: () -> Erfolgreich ersetzt und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (PUP.Optional.Conduit) -> Bösartig: (hxxp://search.conduit.com?SearchSource=10&CUI=UN17874549699435402&UM=2&ctid=CT2998365) Gut: (hxxp://www.google.com) -> Erfolgreich ersetzt und in Quarantäne gestellt.
Infizierte Verzeichnisse: 23
C:\Users\user\AppData\Roaming\Babylon (PUP.Optional.Babylon.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files\SearchProtect\Dialogs (PUP.Optional.SearchProtect.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files\SearchProtect\Dialogs\lib (PUP.Optional.SearchProtect.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files\SearchProtect\Dialogs\spbd (PUP.Optional.SearchProtect.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files\SearchProtect\Dialogs\spbd\images (PUP.Optional.SearchProtect.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files\SearchProtect\Dialogs\spsd (PUP.Optional.SearchProtect.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files\SearchProtect\Dialogs\spsd\images (PUP.Optional.SearchProtect.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\user\AppData\Roaming\SearchProtect\Dialogs (PUP.Optional.SearchProtect.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\user\AppData\Roaming\SearchProtect\Dialogs\lib (PUP.Optional.SearchProtect.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\user\AppData\Roaming\SearchProtect\Dialogs\spbd (PUP.Optional.SearchProtect.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\user\AppData\Roaming\SearchProtect\Dialogs\spbd\images (PUP.Optional.SearchProtect.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\user\AppData\Roaming\SearchProtect\Dialogs\spsd (PUP.Optional.SearchProtect.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\user\AppData\Roaming\SearchProtect\Dialogs\spsd\images (PUP.Optional.SearchProtect.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\user\AppData\Roaming\OpenCandy (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\user\AppData\Roaming\OpenCandy\576BFFE2817E4DCF9E54705AEEBEEA00 (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\user\AppData\Roaming\OpenCandy\65C0E6B37BFA4074ADFAAD360DC50EEF (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\user\AppData\Roaming\OpenCandy\C8216865C3A643A7B8C79102A5C48E86 (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\user\AppData\Roaming\OpenCandy\CBEB78C81C534C22946A325791ED79BB (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\user\AppData\Roaming\File Scout (PUP.Optional.FileScout.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\ProgramData\BitGuard\2.6.1694.246 (PUP.Optional.BitGuard.A) -> Löschen bei Neustart.
C:\ProgramData\BitGuard\2.6.1694.246\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8} (PUP.Optional.BitGuard.A) -> Löschen bei Neustart.
C:\ProgramData\BitGuard\2.6.1694.246\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension (PUP.Optional.BitGuard.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\ProgramData\BitGuard\2.6.1694.246\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\traking_settings (PUP.Optional.BitGuard.A) -> Löschen bei Neustart.
Infizierte Dateien: 78
C:\ProgramData\BitGuard\2.6.1694.246\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe (PUP.Optional.PerformerSoft.A) -> Löschen bei Neustart.
C:\Program Files\SearchProtect\bin\CltMngSvc.exe (PUP.Optional.Conduit.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files\SearchProtect\bin\ChromeModule.dll (PUP.Optional.Conduit.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files\SearchProtect\bin\cltmng.exe (PUP.Optional.Conduit.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files\SearchProtect\bin\FirefoxModule.dll (PUP.Optional.Conduit.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files\SearchProtect\bin\InternetExplorerModule.dll (PUP.Optional.Conduit.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files\SearchProtect\bin\SPHook32.dll (PUP.Optional.Conduit.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files\SearchProtect\bin\uninstall.exe (PUP.Optional.Conduit.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files\Trustworthy\TrustworthyToolbarHelper1.exe (PUP.Optional.Conduit.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\ProgramData\BitGuard\2.6.1694.246\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\uninstall.exe (PUP.Optional.PerformerSoft.A) -> Löschen bei Neustart.
C:\Users\user\AppData\Local\Conduit\CT2269050\DVDVideoSoftTBAutoUpdateHelper.exe (PUP.Optional.Conduit.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\user\AppData\Local\Conduit\CT2998365\TrustworthyAutoUpdateHelper.exe (PUP.Optional.Conduit.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\user\AppData\Roaming\File Scout\filescout.exe (PUP.Optional.FileScout.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\user\AppData\Roaming\OpenCandy\65C0E6B37BFA4074ADFAAD360DC50EEF\LatestDLMgr.exe (PUP.Optional.OpenCandy.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\user\AppData\Roaming\OpenCandy\CBEB78C81C534C22946A325791ED79BB\DeltaTB.exe (PUP.Optional.Babylon.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\user\AppData\Roaming\SearchProtect\bin\ChromeModule.dll (PUP.Optional.Conduit.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\user\AppData\Roaming\SearchProtect\bin\cltmng.exe (PUP.Optional.Conduit.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\user\AppData\Roaming\SearchProtect\bin\CltMngSvc.exe (PUP.Optional.Conduit.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\user\AppData\Roaming\SearchProtect\bin\FirefoxModule.dll (PUP.Optional.Conduit.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\user\AppData\Roaming\SearchProtect\bin\InternetExplorerModule.dll (PUP.Optional.Conduit.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\user\AppData\Roaming\SearchProtect\bin\SPHook32.dll (PUP.Optional.Conduit.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\user\AppData\Roaming\SearchProtect\Res\SPSetup.exe (PUP.Optional.Conduit.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\user\Downloads\FreeYouTubeDownload_3.2.11.812.exe (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\user\AppData\Roaming\Babylon\log_file.txt (PUP.Optional.Babylon.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files\SearchProtect\Dialogs\dialogsApi.js (PUP.Optional.SearchProtect.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files\SearchProtect\Dialogs\lib\jquery.min.js (PUP.Optional.SearchProtect.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files\SearchProtect\Dialogs\lib\json2.js (PUP.Optional.SearchProtect.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files\SearchProtect\Dialogs\spbd\bubble.css (PUP.Optional.SearchProtect.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files\SearchProtect\Dialogs\spbd\bubble.js (PUP.Optional.SearchProtect.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files\SearchProtect\Dialogs\spbd\main.html (PUP.Optional.SearchProtect.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files\SearchProtect\Dialogs\spbd\images\information.png (PUP.Optional.SearchProtect.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files\SearchProtect\Dialogs\spbd\images\x-default-LTR.png (PUP.Optional.SearchProtect.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files\SearchProtect\Dialogs\spbd\images\x-default-RTL.png (PUP.Optional.SearchProtect.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files\SearchProtect\Dialogs\spbd\images\x-mouseover-LTR.png (PUP.Optional.SearchProtect.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files\SearchProtect\Dialogs\spbd\images\x-mouseover-RTL.png (PUP.Optional.SearchProtect.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files\SearchProtect\Dialogs\spsd\main.html (PUP.Optional.SearchProtect.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files\SearchProtect\Dialogs\spsd\SearchProtector.css (PUP.Optional.SearchProtect.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files\SearchProtect\Dialogs\spsd\settings.js (PUP.Optional.SearchProtect.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files\SearchProtect\Dialogs\spsd\images\ok-button.png (PUP.Optional.SearchProtect.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files\SearchProtect\Dialogs\spsd\images\separation-line.png (PUP.Optional.SearchProtect.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files\SearchProtect\Dialogs\spsd\images\warning.png (PUP.Optional.SearchProtect.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\user\AppData\Roaming\SearchProtect\Dialogs\dialogsApi.js (PUP.Optional.SearchProtect.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\user\AppData\Roaming\SearchProtect\Dialogs\lib\jquery.min.js (PUP.Optional.SearchProtect.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\user\AppData\Roaming\SearchProtect\Dialogs\lib\json2.js (PUP.Optional.SearchProtect.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\user\AppData\Roaming\SearchProtect\Dialogs\spbd\bubble.css (PUP.Optional.SearchProtect.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\user\AppData\Roaming\SearchProtect\Dialogs\spbd\bubble.js (PUP.Optional.SearchProtect.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\user\AppData\Roaming\SearchProtect\Dialogs\spbd\main.html (PUP.Optional.SearchProtect.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\user\AppData\Roaming\SearchProtect\Dialogs\spbd\images\information.png (PUP.Optional.SearchProtect.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\user\AppData\Roaming\SearchProtect\Dialogs\spbd\images\x-default-LTR.png (PUP.Optional.SearchProtect.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\user\AppData\Roaming\SearchProtect\Dialogs\spbd\images\x-default-RTL.png (PUP.Optional.SearchProtect.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\user\AppData\Roaming\SearchProtect\Dialogs\spbd\images\x-mouseover-LTR.png (PUP.Optional.SearchProtect.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\user\AppData\Roaming\SearchProtect\Dialogs\spbd\images\x-mouseover-RTL.png (PUP.Optional.SearchProtect.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\user\AppData\Roaming\SearchProtect\Dialogs\spsd\main.html (PUP.Optional.SearchProtect.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\user\AppData\Roaming\SearchProtect\Dialogs\spsd\SearchProtector.css (PUP.Optional.SearchProtect.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\user\AppData\Roaming\SearchProtect\Dialogs\spsd\settings.js (PUP.Optional.SearchProtect.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\user\AppData\Roaming\SearchProtect\Dialogs\spsd\images\ok-button.png (PUP.Optional.SearchProtect.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\user\AppData\Roaming\SearchProtect\Dialogs\spsd\images\separation-line.png (PUP.Optional.SearchProtect.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\user\AppData\Roaming\SearchProtect\Dialogs\spsd\images\warning.png (PUP.Optional.SearchProtect.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\user\AppData\Roaming\OpenCandy\65C0E6B37BFA4074ADFAAD360DC50EEF\3596.ico (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\user\AppData\Roaming\OpenCandy\65C0E6B37BFA4074ADFAAD360DC50EEF\TuneUpUtilities2013-2200319_en-US.exe (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\user\AppData\Roaming\OpenCandy\C8216865C3A643A7B8C79102A5C48E86\TuneUpUtilities2013-2200319_en-US.exe (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\user\AppData\Roaming\File Scout\uninst.exe (PUP.Optional.FileScout.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\ProgramData\BitGuard\2.6.1694.246\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BitGuard.dll (PUP.Optional.BitGuard.A) -> Löschen bei Neustart.
C:\ProgramData\BitGuard\2.6.1694.246\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BitGuard.settings (PUP.Optional.BitGuard.A) -> Löschen bei Neustart.
C:\ProgramData\BitGuard\2.6.1694.246\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\bl (PUP.Optional.BitGuard.A) -> Löschen bei Neustart.
C:\ProgramData\BitGuard\2.6.1694.246\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\dm (PUP.Optional.BitGuard.A) -> Löschen bei Neustart.
C:\ProgramData\BitGuard\2.6.1694.246\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\traking_settings\00 (PUP.Optional.BitGuard.A) -> Löschen bei Neustart.
C:\ProgramData\BitGuard\2.6.1694.246\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\traking_settings\01 (PUP.Optional.BitGuard.A) -> Löschen bei Neustart.
C:\ProgramData\BitGuard\2.6.1694.246\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\traking_settings\02 (PUP.Optional.BitGuard.A) -> Löschen bei Neustart.
C:\ProgramData\BitGuard\2.6.1694.246\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\traking_settings\03 (PUP.Optional.BitGuard.A) -> Löschen bei Neustart.
C:\ProgramData\BitGuard\2.6.1694.246\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\traking_settings\10 (PUP.Optional.BitGuard.A) -> Löschen bei Neustart.
C:\ProgramData\BitGuard\2.6.1694.246\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\traking_settings\11 (PUP.Optional.BitGuard.A) -> Löschen bei Neustart.
C:\ProgramData\BitGuard\2.6.1694.246\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\traking_settings\12 (PUP.Optional.BitGuard.A) -> Löschen bei Neustart.
C:\ProgramData\BitGuard\2.6.1694.246\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\traking_settings\13 (PUP.Optional.BitGuard.A) -> Löschen bei Neustart.
C:\ProgramData\BitGuard\2.6.1694.246\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\traking_settings\20 (PUP.Optional.BitGuard.A) -> Löschen bei Neustart.
C:\ProgramData\BitGuard\2.6.1694.246\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\traking_settings\21 (PUP.Optional.BitGuard.A) -> Löschen bei Neustart.
C:\ProgramData\BitGuard\2.6.1694.246\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\traking_settings\22 (PUP.Optional.BitGuard.A) -> Löschen bei Neustart.
C:\ProgramData\BitGuard\2.6.1694.246\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\traking_settings\23 (PUP.Optional.BitGuard.A) -> Löschen bei Neustart.
(Ende) AdwCleaner Logfile: Code:
# AdwCleaner v3.006 - Report created 04/10/2013 at 14:36:23
# Updated 01/10/2013 by Xplode
# Operating System : Windows Vista (TM) Business Service Pack 2 (32 bits)
# Username : user - USER-PC
# Running from : C:\Users\user\Downloads\adwcleaner.exe
# Option : Clean
***** [ Services ] *****
***** [ Files / Folders ] *****
Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\ProgramData\BitGuard
Folder Deleted : C:\Program Files\Conduit
Folder Deleted : C:\Program Files\DVDVideoSoftTB
Folder Deleted : C:\Program Files\Searchprotect
Folder Deleted : C:\Program Files\Softonic
Folder Deleted : C:\Program Files\Trustworthy
Folder Deleted : C:\Program Files\Common Files\AVG Secure Search
Folder Deleted : C:\users\user\AppData\Local\Conduit
Folder Deleted : C:\users\user\AppData\LocalLow\Conduit
Folder Deleted : C:\users\user\AppData\LocalLow\DVDVideoSoftTB
Folder Deleted : C:\users\user\AppData\LocalLow\PriceGong
Folder Deleted : C:\users\user\AppData\LocalLow\Softonic
Folder Deleted : C:\users\user\AppData\LocalLow\Trustworthy
Folder Deleted : C:\users\user\AppData\Roaming\dvdvideosoftiehelpers
Folder Deleted : C:\users\user\AppData\Roaming\pdfforge
Folder Deleted : C:\users\user\AppData\Roaming\Searchprotect
Folder Deleted : C:\users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BitGuard
Folder Deleted : C:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\60jrzfe8.default\ConduitCommon
Folder Deleted : C:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\60jrzfe8.default\Smartbar
Folder Deleted : C:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\60jrzfe8.default\CT1098640
Folder Deleted : C:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\60jrzfe8.default\Extensions\ffxtlbra@softonic.com
Folder Deleted : C:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\60jrzfe8.default\Extensions\{ad32743c-16ef-46ec-977b-dce0c3c85b20}
Folder Deleted : C:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\60jrzfe8.default\Extensions\{ecdee021-0d17-467f-a1ff-c7a115230949}
File Deleted : C:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\60jrzfe8.default\\invalidprefs.js
File Deleted : C:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\60jrzfe8.default\bprotector_extensions.sqlite
File Deleted : C:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\60jrzfe8.default\bprotector_prefs.js
File Deleted : C:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\60jrzfe8.default\searchplugins\Conduit.xml
File Deleted : C:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\60jrzfe8.default\searchplugins\softonic.xml
File Deleted : C:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\60jrzfe8.default\user.js
File Deleted : C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www1.delta-search.com_0.localstorage
File Deleted : C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www1.delta-search.com_0.localstorage-journal
File Deleted : C:\Windows\System32\Tasks\BitGuard
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\oajkkjlecihlfaoeochgpicehlcfhlhh
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\plmlpkfpkijnlijgalnjaacllnjmoamo
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\BitGuard
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F6BE3AB9-EE8F-4282-8D6C-17C8C0290B65}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F6BE3AB9-EE8F-4282-8D6C-17C8C0290B65}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\SoftonicApp.appCore
Key Deleted : HKLM\SOFTWARE\Classes\SoftonicApp.appCore.1
Key Deleted : HKLM\SOFTWARE\Classes\srv.SoftonicSrvc
Key Deleted : HKLM\SOFTWARE\Classes\srv.SoftonicSrvc.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SearchProtect
Key Deleted : HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SearchProtectAll
Key Deleted : HKCU\Software\ee8a8fb438ba12
Key Deleted : HKLM\SOFTWARE\ee8a8fb438ba12
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2269050
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2998365
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{7ABBFE1C-E485-44AA-8F36-353751B4124D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B15F118E-AF21-45E8-A809-29FDD7362565}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{25A3A431-30BB-47C8-AD6A-E1063801134F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{44B50C01-4993-48E2-ADEE-D812BAE2E9A2}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{94496571-6AC5-4836-82D5-D46260C44B17}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A3E2F089-DDBB-4CBF-B06C-5D44DA316ED3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A5679AB0-C59E-49E7-83C4-5289F844A6E0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CA0167C2-6295-41B8-9BDA-704B2F5E4CD9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D3F69D07-0AEE-47AF-87D0-1A67D4F70C68}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FF7D5016-8AB5-446B-BADC-1B2C069E3841}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{087CDC12-0A11-4D1D-8DCF-44185D7C3496}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{088BF3A9-6AE8-47B9-A3FB-26262F236C79}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2AC7B9EB-3881-4EB9-8DEE-0A731A309FDE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{349C0469-ACDD-49DF-9B3E-0D82E7C7DC4D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{41226591-6F7A-4082-B63A-67FE4A0CF7A6}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{55D69CD1-6715-4C40-BF05-9519AC4DC6E6}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66C8FD57-54C4-4D4F-BC95-DCCC763B410A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{717BAE33-7061-4279-8AE5-6C13BC8AF3F9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{84F06F7A-F811-48D7-8B34-3F4145183D8F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{88F6D55F-AA3F-4003-BE69-4AC1998D6492}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A0F66203-1A86-4812-9603-A57E09A4D7A3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BC39D1B3-4471-41C1-AACA-E097FAF4B7AA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DEB85542-1311-4EC6-8A32-5372EB27FC94}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{11D9E165-B8C1-4734-A56C-BC4FCACA966B}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{B15F118E-AF21-45E8-A809-29FDD7362565}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{25A3A431-30BB-47C8-AD6A-E1063801134F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D3F69D07-0AEE-47AF-87D0-1A67D4F70C68}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FF7D5016-8AB5-446B-BADC-1B2C069E3841}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{25A3A431-30BB-47C8-AD6A-E1063801134F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{5018CFD2-804D-4C99-9F81-25EAEA2769DE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{E87806B5-E908-45FD-AF5E-957D83E58E68}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AD32743C-16EF-46EC-977B-DCE0C3C85B20}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D3F69D07-0AEE-47AF-87D0-1A67D4F70C68}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{FF7D5016-8AB5-446B-BADC-1B2C069E3841}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9CF034EA-7B46-48D3-8895-8A14B32AE445}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5B7AF873-AE3F-4D9E-A0C2-803CAF27BDA1}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{45840F23-9E4B-4CCC-97C5-013947D26618}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7B15001B-38B8-4C52-BDEE-A3AF6A3CE43A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F4C7D1A5-97BD-409D-9182-E4F8588CA081}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{25A3A431-30BB-47C8-AD6A-E1063801134F}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{872B5B88-9DB5-4310-BDD0-AC189557E5F5}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{872B5B88-9DB5-4310-BDD0-AC189557E5F5}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{872B5B88-9DB5-4310-BDD0-AC189557E5F5}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{872B5B88-9DB5-4310-BDD0-AC189557E5F5}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{AD32743C-16EF-46EC-977B-DCE0C3C85B20}]
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Delta
Key Deleted : HKCU\Software\filescout
Key Deleted : HKCU\Software\IGearSettings
Key Deleted : HKCU\Software\SearchProtect
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\Trustworthy
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\DVDVideoSoftTB
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKCU\Software\AppDataLow\Software\smartbar
Key Deleted : HKCU\Software\AppDataLow\Software\Trustworthy
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\Delta
Key Deleted : HKLM\Software\DVDVideoSoftTB
Key Deleted : HKLM\Software\SearchProtect
Key Deleted : HKLM\Software\Softonic
Key Deleted : HKLM\Software\Trustworthy
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Softonic
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DVDVideoSoftTB Toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Trustworthy Toolbar
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\AVG Secure Search
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SearchProtect
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Softonic
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\DVDVideoSoftTB Toolbar
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Trustworthy Toolbar
***** [ Browsers ] *****
-\\ Internet Explorer v9.0.8112.16506
-\\ Mozilla Firefox v15.0.1 (de)
[ File : C:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\60jrzfe8.default\prefs.js ]
Line Deleted : user_pref("browser.newtab.url", "hxxp://www1.delta-search.com/?babsrc=NT_ss&mntrId=E8DF00197EE8C142&affID=121564&tsp=4982");
Line Deleted : user_pref("browser.search.defaultthis.engineName", "free-downloads.net Customized Web Search");
Line Deleted : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1098640&SearchSource=3&q={searchTerms}");
Line Deleted : user_pref("browser.search.selectedEngine", "free-downloads.net Customized Web Search");
Line Deleted : user_pref("browser.startup.homepage", "hxxp://search.conduit.com/?ctid=CT1098640&SearchSource=13");
Line Deleted : user_pref("CommunityToolbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT1098640&SearchSource=13,hxxp://search.conduit.com/?ctid=CT1098640&SearchSource=13");
Line Deleted : user_pref("CommunityToolbar.ConduitSearchList", "free-downloads.net Customized Web Search,free-downloads.net Customized Web Search");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/5747/5719/DE", "\"0\");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT1098640", "\"1361884752\");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&locale=EB_LOCALE&ctid=CT1098640", "b5I8zzzMgsg0XG/fawLlFw==");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&locale=EB_LOCALE&ctid=CT1098640", "9uXRY86McHhmOreOHsv6MA==");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&locale=EB_LOCALE&ctid=CT1098640", "I1tfz7EBg4DmNytL9x55lQ==");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&locale=EB_LOCALE&ctid=CT1098640", "ZI41WLbm1fFgx4gn0bs99Q==");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\"73ccf369b586ce1:0\");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.20.0.4", "\"2a1a0d7b586ce1:0\");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT1098640", "\"9971ee9815a5fc569766cf6ddcaaca8e\");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT1098640/CT1098640", "\"ff2166cf607ef66ea9e3a4ff1ec076133\");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=EB_LOCALE", "\"c0f486875a69738d57a17be59b5ea6dd\");
Line Deleted : user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Wed Sep 25 2013 08:01:40 GMT+0200 (Central European Daylight Time)");
Line Deleted : user_pref("CommunityToolbar.globalUserId", "fbb11f16-3b58-4b0a-b405-579808f1dc0f");
Line Deleted : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Line Deleted : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Line Deleted : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT1098640");
Line Deleted : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\user\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\60jrzfe8.default\\conduitCommon\\modules\\3.20.0.4");
Line Deleted : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.20.0.4");
Line Deleted : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Wed Sep 25 2013 08:01:15 GMT+0200 (Central European Daylight Time)");
Line Deleted : user_pref("CommunityToolbar.notifications.alertEnabled", true);
Line Deleted : user_pref("CommunityToolbar.notifications.alertInfoInterval", 1440);
Line Deleted : user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Wed Sep 25 2013 08:01:14 GMT+0200 (Central European Daylight Time)");
Line Deleted : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");
Line Deleted : user_pref("CommunityToolbar.notifications.locale", "en");
Line Deleted : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);
Line Deleted : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Wed Sep 25 2013 08:01:09 GMT+0200 (Central European Daylight Time)");
Line Deleted : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");
Line Deleted : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
Line Deleted : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");
Line Deleted : user_pref("CommunityToolbar.notifications.showTrayIcon", false);
Line Deleted : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
Line Deleted : user_pref("CommunityToolbar.notifications.userId", "335864fd-b0a6-4e2b-9929-02fe3cfd6f4c");
Line Deleted : user_pref("CommunityToolbar.originalHomepage", "hxxp://isearch.babylon.com/?babsrc=HP_ss_Btisdt3&mntrId=E8DF00197EE8C142&affID=121564&tsp=4982");
Line Deleted : user_pref("CommunityToolbar.originalSearchEngine", "free-downloads.net Customized Web Search");
Line Deleted : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "");
Line Deleted : user_pref("CommunityToolbar.ToolbarsList", "CT1098640");
Line Deleted : user_pref("CommunityToolbar.ToolbarsList2", "CT1098640");
Line Deleted : user_pref("CommunityToolbar.ToolbarsList4", "CT1098640");
Line Deleted : user_pref("CT1098640..clientLogIsEnabled", false);
Line Deleted : user_pref("CT1098640..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent");
Line Deleted : user_pref("CT1098640..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation");
Line Deleted : user_pref("CT1098640.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Line Deleted : user_pref("CT1098640.alertChannelId", "5747");
Line Deleted : user_pref("CT1098640.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
Line Deleted : user_pref("CT1098640.backendstorage.mam_gk_appsdata", "7B2261707073223A5B7B226964223A225072696365476F6E67222C2275726C223A22687474703A2F2F7072696365676F6E672E636F6E64756974617070732E636F6D2F4D414D2F763[...]
Line Deleted : user_pref("CT1098640.backendstorage.mam_gk_appsdefaultenabled", "6E756C6C");
Line Deleted : user_pref("CT1098640.backendstorage.mam_gk_appstate_couponbuddy", "6F6666");
Line Deleted : user_pref("CT1098640.backendstorage.mam_gk_appstate_easytobook", "6F6666");
Line Deleted : user_pref("CT1098640.backendstorage.mam_gk_appstate_easytobook_targeted", "6F6666");
Line Deleted : user_pref("CT1098640.backendstorage.mam_gk_appstate_etoro", "6F6666");
Line Deleted : user_pref("CT1098640.backendstorage.mam_gk_appstate_pricegong", "6F6666");
Line Deleted : user_pref("CT1098640.backendstorage.mam_gk_appstate_windowshopper", "6F6666");
Line Deleted : user_pref("CT1098640.backendstorage.mam_gk_appstatereporttime", "31333830303838383835313431");
Line Deleted : user_pref("CT1098640.backendstorage.mam_gk_calledsetupservice", "31");
Line Deleted : user_pref("CT1098640.backendstorage.mam_gk_configuration", "7B22636F6E66696775726174696F6E223A5B7B226964223A2265546F726F222C22637269746572696173223A5B7B2263726974657269614964223A2233643539316638662D64[...]
Line Deleted : user_pref("CT1098640.backendstorage.mam_gk_currentversion", "312E31302E342E30");
Line Deleted : user_pref("CT1098640.backendstorage.mam_gk_eventscache", "7B2261653430356562372D643636392D343933322D383461632D656234633334383165346136223A7B22746F706963223A2273656E645573616765222C2264617461223A7B2263[...]
Line Deleted : user_pref("CT1098640.backendstorage.mam_gk_existingusersrecoverydone", "31");
Line Deleted : user_pref("CT1098640.backendstorage.mam_gk_first_time", "31");
Line Deleted : user_pref("CT1098640.backendstorage.mam_gk_gadgetopen", "30");
Line Deleted : user_pref("CT1098640.backendstorage.mam_gk_lastlogintime", "31333830303838383836313232");
Line Deleted : user_pref("CT1098640.backendstorage.mam_gk_localization", "7B22676164676574436F6E74656E74506F6C696379223A7B2254657874223A22436F6E74656E742D52696368746C696E6965227D2C226761646765744465736372697074696F6[...]
Line Deleted : user_pref("CT1098640.backendstorage.mam_gk_mamenabled", "66616C7365");
Line Deleted : user_pref("CT1098640.backendstorage.mam_gk_new_welcome_experience", "31");
Line Deleted : user_pref("CT1098640.backendstorage.mam_gk_settings1.10.4.0", "7B22537461747573223A22737563636565646564222C2244617461223A7B22696E74657276616C223A3234302C227374616D70223A2234365F30222C22697354657374223[...]
Line Deleted : user_pref("CT1098640.backendstorage.mam_gk_showwelcomegadget", "66616C7365");
Line Deleted : user_pref("CT1098640.backendstorage.mam_gk_user_approval_interacted", "30");
Line Deleted : user_pref("CT1098640.backendstorage.mam_gk_userid", "30323838366166372D613664362D346463352D623039342D633339343862643935626463");
Line Deleted : user_pref("CT1098640.backendstorage.mam_gk_welcomedialogmode", "30");
Line Deleted : user_pref("CT1098640.BrowserCompStateIsOpen_130040840288261367", true);
Line Deleted : user_pref("CT1098640.BrowserCompStateIsOpen_130063583522274916", true);
Line Deleted : user_pref("CT1098640.CommunitiesChangesLastCheckTime", "Wed Sep 25 2013 08:00:54 GMT+0200 (Central European Daylight Time)");
Line Deleted : user_pref("CT1098640.CommunitiesChangesLastUrl", "hxxp://grouping.services.conduit.com/GroupingRequest.ctp?type=ToolbarsInfo&ctids=CT1098640");
Line Deleted : user_pref("CT1098640.CommunityChanged", true);
Line Deleted : user_pref("CT1098640.components.1000234", true);
Line Deleted : user_pref("CT1098640.ConfigurationLastCheckTime", "Wed Sep 25 2013 08:00:56 GMT+0200 (Central European Daylight Time)");
Line Deleted : user_pref("CT1098640.countryCode", "DE");
Line Deleted : user_pref("CT1098640.CT1098640", "CT1098640");
Line Deleted : user_pref("CT1098640.CT1098640.lastNewTabSettings", "{\"isEnabled\":true,\"newTabUrl\":\"hxxp://search.conduit.com/?ctid=CT1098640&octid=CT1098640&SearchSource=15&CUI=SB_CUI&SSPV=EB_SSPV&Lay=1&UM=UM_I[...]
Line Deleted : user_pref("CT1098640.CurrentServerDate", "25-9-2013");
Line Deleted : user_pref("CT1098640.DialogsAlignMode", "LTR");
Line Deleted : user_pref("CT1098640.DialogsGetterLastCheckTime", "Wed Sep 25 2013 08:01:09 GMT+0200 (Central European Daylight Time)");
Line Deleted : user_pref("CT1098640.DownloadDomainsCheckInterval", "168");
Line Deleted : user_pref("CT1098640.DownloadDomainsListLastCheckTime", "Wed Sep 25 2013 08:01:42 GMT+0200 (Central European Daylight Time)");
Line Deleted : user_pref("CT1098640.DownloadDomainsListLastServerUpdateTime", "1201069983");
Line Deleted : user_pref("CT1098640.DownloadReferralCookieData", "");
Line Deleted : user_pref("CT1098640.DSInstall", true);
Line Deleted : user_pref("CT1098640.FirstServerDate", "25-9-2013");
Line Deleted : user_pref("CT1098640.FirstTime", true);
Line Deleted : user_pref("CT1098640.FirstTimeFF3", true);
Line Deleted : user_pref("CT1098640.FirstTimeHiddenVer", true);
Line Deleted : user_pref("CT1098640.FixPageNotFoundErrors", true);
Line Deleted : user_pref("CT1098640.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.conduit.com;apps.conduit.com;services.apps.conduit.com\",\"AppsDetectionUrlPattern\":\"hxxp://appdown[...]
Line Deleted : user_pref("CT1098640.globalFirstTimeInfoLastCheckTime", "Wed Sep 25 2013 08:01:10 GMT+0200 (Central European Daylight Time)");
Line Deleted : user_pref("CT1098640.GroupingServerCheckInterval", 1440);
Line Deleted : user_pref("CT1098640.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Line Deleted : user_pref("CT1098640.HasUserGlobalKeys", true);
Line Deleted : user_pref("CT1098640.HomepageBeforeUnload", "hxxp://search.conduit.com/?ctid=CT1098640&SearchSource=13");
Line Deleted : user_pref("CT1098640.homepageProtectorEnableByLogin", true);
Line Deleted : user_pref("CT1098640.HomePageProtectorEnabled", true);
Line Deleted : user_pref("CT1098640.HPInstall", true);
Line Deleted : user_pref("CT1098640.initDone", true);
Line Deleted : user_pref("CT1098640.Initialize", true);
Line Deleted : user_pref("CT1098640.InitializeCommonPrefs", true);
Line Deleted : user_pref("CT1098640.InstallationAndCookieDataSentCount", 1);
Line Deleted : user_pref("CT1098640.InstallationType", "Unknown");
Line Deleted : user_pref("CT1098640.InstalledDate", "Wed Sep 25 2013 08:01:12 GMT+0200 (Central European Daylight Time)");
Line Deleted : user_pref("CT1098640.InvalidateCache", false);
Line Deleted : user_pref("CT1098640.isAppTrackingManagerOn", false);
Line Deleted : user_pref("CT1098640.isFirstRadioInstallation", false);
Line Deleted : user_pref("CT1098640.IsGrouping", false);
Line Deleted : user_pref("CT1098640.IsInitSetupIni", true);
Line Deleted : user_pref("CT1098640.IsMulticommunity", true);
Line Deleted : user_pref("CT1098640.IsOpenThankYouPage", true);
Line Deleted : user_pref("CT1098640.IsOpenUninstallPage", true);
Line Deleted : user_pref("CT1098640.IsProtectorsInit", true);
Line Deleted : user_pref("CT1098640.LanguagePackLastCheckTime", "Wed Sep 25 2013 08:01:10 GMT+0200 (Central European Daylight Time)");
Line Deleted : user_pref("CT1098640.LanguagePackReloadIntervalMM", 1440);
Line Deleted : user_pref("CT1098640.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx");
Line Deleted : user_pref("CT1098640.LastLogin_3.20.0.4", "Wed Sep 25 2013 08:01:42 GMT+0200 (Central European Daylight Time)");
Line Deleted : user_pref("CT1098640.LatestVersion", "3.20.0.4");
Line Deleted : user_pref("CT1098640.Locale", "en-us");
Line Deleted : user_pref("CT1098640.MCDetectTooltipHeight", "83");
Line Deleted : user_pref("CT1098640.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Line Deleted : user_pref("CT1098640.MCDetectTooltipWidth", "295");
Line Deleted : user_pref("CT1098640.myStuffEnabled", true);
Line Deleted : user_pref("CT1098640.MyStuffEnabledAtInstallation", true);
Line Deleted : user_pref("CT1098640.myStuffPublihserMinWidth", 400);
Line Deleted : user_pref("CT1098640.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOrigin=29&ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID");
Line Deleted : user_pref("CT1098640.myStuffServiceIntervalMM", 1440);
Line Deleted : user_pref("CT1098640.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?ComponentId=EB_MY_STUFF_INSTANCE_GUID&lut=EB_MY_STUFF_LUT");
Line Deleted : user_pref("CT1098640.navigateToUrlOnSearch", false);
Line Deleted : user_pref("CT1098640.OriginalFirstVersion", "3.20.0.4");
Line Deleted : user_pref("CT1098640.RadioIsPodcast", false);
Line Deleted : user_pref("CT1098640.RadioLastCheckTime", "Wed Sep 25 2013 08:01:06 GMT+0200 (Central European Daylight Time)");
Line Deleted : user_pref("CT1098640.RadioLastUpdateIPServer", "0");
Line Deleted : user_pref("CT1098640.RadioLastUpdateServer", "128929877726170000");
Line Deleted : user_pref("CT1098640.RadioMediaID", "4817804");
Line Deleted : user_pref("CT1098640.RadioMediaType", "Media Player");
Line Deleted : user_pref("CT1098640.RadioMenuSelectedID", "EBRadioMenu_CT10986404817804");
Line Deleted : user_pref("CT1098640.RadioShrinkedFromSetup", false);
Line Deleted : user_pref("CT1098640.RadioStationName", "Adult%20Alternative");
Line Deleted : user_pref("CT1098640.RadioStationURL", "hxxp://syndication.choiceradio.com/asxplay/asx-music/406.asx");
Line Deleted : user_pref("CT1098640.revertSettingsEnabled", true);
Line Deleted : user_pref("CT1098640.SavedHomepage", "hxxp://isearch.babylon.com/?babsrc=HP_ss_Btisdt3&mntrId=E8DF00197EE8C142&affID=121564&tsp=4982");
Line Deleted : user_pref("CT1098640.SearchAPILastCheckTime", "Wed Sep 25 2013 08:00:57 GMT+0200 (Central European Daylight Time)");
Line Deleted : user_pref("CT1098640.SearchCaption", "free-downloads.net Customized Web Search");
Line Deleted : user_pref("CT1098640.SearchEngineBeforeUnload", "free-downloads.net Customized Web Search");
Line Deleted : user_pref("CT1098640.SearchFromAddressBarIsInit", true);
Line Deleted : user_pref("CT1098640.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1098640&SearchSource=2&CUI=SB_CUI&UM=UM_ID&q=");
Line Deleted : user_pref("CT1098640.SearchInNewTabEnabled", true);
Line Deleted : user_pref("CT1098640.SearchInNewTabIntervalMM", 1440);
Line Deleted : user_pref("CT1098640.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_TOOLBAR_ID&UM=UM_ID");
Line Deleted : user_pref("CT1098640.SearchInNewTabURLFromSearchAPI", "hxxp://search.conduit.com/?ctid=CT1098640&octid=CT1098640&SearchSource=15&CUI=SB_CUI&SSPV=EB_SSPV&Lay=1&UM=UM_ID");
Line Deleted : user_pref("CT1098640.searchProtectorDialogDelayInSec", 10);
Line Deleted : user_pref("CT1098640.searchProtectorEnableByLogin", true);
Line Deleted : user_pref("CT1098640.SearchProtectorEnabled", true);
Line Deleted : user_pref("CT1098640.SearchProtectorToolbarDisabled", false);
Line Deleted : user_pref("CT1098640.SendProtectorDataViaLogin", true);
Line Deleted : user_pref("CT1098640.ServiceMapLastCheckTime", "Wed Sep 25 2013 08:00:57 GMT+0200 (Central European Daylight Time)");
Line Deleted : user_pref("CT1098640.SettingsLastCheckTime", "Wed Sep 25 2013 08:00:57 GMT+0200 (Central European Daylight Time)");
Line Deleted : user_pref("CT1098640.SettingsLastUpdate", "1380006180");
Line Deleted : user_pref("CT1098640.TBHomePageUrl", "hxxp://search.conduit.com/?ctid=CT1098640&SearchSource=13");
Line Deleted : user_pref("CT1098640.testingCtid", "");
Line Deleted : user_pref("CT1098640.ThirdPartyComponentsInterval", 504);
Line Deleted : user_pref("CT1098640.ThirdPartyComponentsLastCheck", "Wed Sep 25 2013 08:00:53 GMT+0200 (Central European Daylight Time)");
Line Deleted : user_pref("CT1098640.ThirdPartyComponentsLastUpdate", "1331805997");
Line Deleted : user_pref("CT1098640.toolbarAppMetaDataLastCheckTime", "Wed Sep 25 2013 08:01:09 GMT+0200 (Central European Daylight Time)");
Line Deleted : user_pref("CT1098640.toolbarContextMenuLastCheckTime", "Wed Sep 25 2013 08:01:10 GMT+0200 (Central European Daylight Time)");
Line Deleted : user_pref("CT1098640.ToolbarShrinkedFromSetup", false);
Line Deleted : user_pref("CT1098640.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,client.conduit-storage.com,OurToolbar.com,CommunityToolbars.com,ForumToolbar.com,MyBlogToolbar.com,MyCity[...]
Line Deleted : user_pref("CT1098640.TrusteLinkUrl", "hxxp://trust.conduit.com/CT1098640");
Line Deleted : user_pref("CT1098640.usagesFlag", 2);
Line Deleted : user_pref("CT1098640.UserID", "UN66814391811310845");
Line Deleted : user_pref("CT1098640.ValidationData_Toolbar", 1);
Line Deleted : user_pref("CT1098640.WeatherNetwork", "");
Line Deleted : user_pref("CT1098640.WeatherPollDate", "Wed Sep 25 2013 08:01:41 GMT+0200 (Central European Daylight Time)");
Line Deleted : user_pref("CT1098640.WeatherUnit", "C");
Line Deleted : user_pref("CT2998365.defaultSearch", "true");
Line Deleted : user_pref("CT2998365.enableAlerts", "true");
Line Deleted : user_pref("CT2998365.enableFix404ByUser", "FALSE");
Line Deleted : user_pref("CT2998365.enableSearchFromAddressBar", "true");
Line Deleted : user_pref("CT2998365.FirstTime", "true");
Line Deleted : user_pref("CT2998365.FirstTimeFF3", "true");
Line Deleted : user_pref("CT2998365.fixPageNotFoundError", "true");
Line Deleted : user_pref("CT2998365.fixPageNotFoundErrorByUser", "true");
Line Deleted : user_pref("CT2998365.fixUrls", true);
Line Deleted : user_pref("CT2998365.installId", "cidoc");
Line Deleted : user_pref("CT2998365.installType", "conduitnsisintegration");
Line Deleted : user_pref("CT2998365.isCheckedStartAsHidden", true);
Line Deleted : user_pref("CT2998365.lastVersion", "10.14.360.10");
Line Deleted : user_pref("CT2998365.migrateAppsAndComponents", true);
Line Deleted : user_pref("CT2998365.navigationAliasesJson", "{\"EB_MAIN_FRAME_URL\":\"hxxp%3A%2F%2Fwww.fernsehserien.de%2Fwenn-frauen-morden\",\"EB_MAIN_FRAME_TITLE\":\"Wenn%20Frauen%20morden%20bei%20fernsehserien.d[...]
Line Deleted : user_pref("CT2998365.openThankYouPage", "false");
Line Deleted : user_pref("CT2998365.openUninstallPage", "true");
Line Deleted : user_pref("CT2998365.revertSettingsEnabled", "true");
Line Deleted : user_pref("CT2998365.searchInNewTabEnabledByUser", "true");
Line Deleted : user_pref("CT2998365.settingsINI", true);
Line Deleted : user_pref("CT2998365.shouldFirstTimeDialog", "false");
Line Deleted : user_pref("CT2998365.smartbar.CTID", "CT2998365");
Line Deleted : user_pref("CT2998365.smartbar.toolbarName", "Trustworthy ");
Line Deleted : user_pref("CT2998365.smartbar.Uninstall", "0");
Line Deleted : user_pref("CT2998365.startPage", "true");
Line Deleted : user_pref("CT2998365.UserID", "UN30975010023068419");
Line Deleted : user_pref("CT2998365_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1380088849404,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}]");
Line Deleted : user_pref("extensions.delta.admin", false);
Line Deleted : user_pref("extensions.delta.aflt", "babsst");
Line Deleted : user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
Line Deleted : user_pref("extensions.delta.autoRvrt", "false");
Line Deleted : user_pref("extensions.delta.dfltLng", "de");
Line Deleted : user_pref("extensions.delta.excTlbr", false);
Line Deleted : user_pref("extensions.delta.ffxUnstlRst", true);
Line Deleted : user_pref("extensions.delta.id", "e8df04fc00000000000000197ee8c142");
Line Deleted : user_pref("extensions.delta.instlDay", "15939");
Line Deleted : user_pref("extensions.delta.instlRef", "sst");
Line Deleted : user_pref("extensions.delta.newTab", false);
Line Deleted : user_pref("extensions.delta.prdct", "delta");
Line Deleted : user_pref("extensions.delta.prtnrId", "delta");
Line Deleted : user_pref("extensions.delta.rvrt", "false");
Line Deleted : user_pref("extensions.delta.smplGrp", "none");
Line Deleted : user_pref("extensions.delta.tlbrId", "base");
Line Deleted : user_pref("extensions.delta.tlbrSrchUrl", "");
Line Deleted : user_pref("extensions.delta.vrsn", "1.8.24.6");
Line Deleted : user_pref("extensions.delta.vrsni", "1.8.24.6");
Line Deleted : user_pref("extensions.delta.vrsnTs", "1.8.24.614:29:34");
Line Deleted : user_pref("extensions.delta_i.babExt", "");
Line Deleted : user_pref("extensions.delta_i.babTrack", "affID=121564&tsp=4982");
Line Deleted : user_pref("extensions.delta_i.srcExt", "ss");
Line Deleted : user_pref("extensions.enabledAddons", "ffxtlbra@softonic.com:1.5.1,{ad32743c-16ef-46ec-977b-dce0c3c85b20}:10.14.360.10,wrc@avast.com:8.0.1483,{ecdee021-0d17-467f-a1ff-c7a115230949}:3.20.0.4,{b9db16a4-[...]
Line Deleted : user_pref("extensions.softonic.cntry", "DE");
Line Deleted : user_pref("extensions.softonic.cv", "cv5");
Line Deleted : user_pref("extensions.softonic.dfltSrch", true);
Line Deleted : user_pref("extensions.softonic.envrmnt", "production");
Line Deleted : user_pref("extensions.softonic.hdrMd5", "");
Line Deleted : user_pref("extensions.softonic.hmpg", true);
Line Deleted : user_pref("extensions.softonic.lastVrsnTs", "1.5.11.521:12:00");
Line Deleted : user_pref("extensions.softonic.mntrvrsn", "1.3.0");
Line Deleted : user_pref("extensions.softonic.newTab", true);
Line Deleted : user_pref("extensions.softonic.sg", "az");
Line Deleted : user_pref("extensions.softonic.smplGrp", "eng7");
Line Deleted : user_pref("extensions.softonic.tlbrId", "base");
Line Deleted : user_pref("extensions.softonic.vrsnTs", "1.5.11.521:12:00");
Line Deleted : user_pref("extensions.softonic_i.aflt", "SD");
Line Deleted : user_pref("extensions.softonic_i.dfltLng", "de");
Line Deleted : user_pref("extensions.softonic_i.dfltSrch", true);
Line Deleted : user_pref("extensions.softonic_i.dnsErr", true);
Line Deleted : user_pref("extensions.softonic_i.excTlbr", false);
Line Deleted : user_pref("extensions.softonic_i.hmpg", true);
Line Deleted : user_pref("extensions.softonic_i.hmpgUrl", "hxxp://search.softonic.com/MON00016/tb_v1?SearchSource=13&cc=");
Line Deleted : user_pref("extensions.softonic_i.id", "e8df04fc00000000000000219bdc9f93");
Line Deleted : user_pref("extensions.softonic_i.instlDay", "15392");
Line Deleted : user_pref("extensions.softonic_i.instlRef", "MON00016");
Line Deleted : user_pref("extensions.softonic_i.keyWordUrl", "hxxp://search.softonic.com/MON00016/tb_v1?SearchSource=2&cc=&q=");
Line Deleted : user_pref("extensions.softonic_i.newTab", true);
Line Deleted : user_pref("extensions.softonic_i.newTabUrl", "hxxp://search.softonic.com/MON00016/tb_v1?SearchSource=15&cc=");
Line Deleted : user_pref("extensions.softonic_i.prdct", "softonic");
Line Deleted : user_pref("extensions.softonic_i.prtnrId", "softonic");
Line Deleted : user_pref("extensions.softonic_i.smplGrp", "eng7");
Line Deleted : user_pref("extensions.softonic_i.srchPrvdr", "Search the web (Softonic)");
Line Deleted : user_pref("extensions.softonic_i.tlbrId", "de12JANdefault_chrome");
Line Deleted : user_pref("extensions.softonic_i.tlbrSrchUrl", "hxxp://search.softonic.com/MON00016/tb_v1?SearchSource=1&cc=&q=");
Line Deleted : user_pref("extensions.softonic_i.vrsn", "1.5.11.5");
Line Deleted : user_pref("extensions.softonic_i.vrsni", "1.5.11.5");
Line Deleted : user_pref("extensions.softonic_i.vrsnTs", "1.5.11.521:12:00");
Line Deleted : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1098640&SearchSource=2&CUI=SB_CUI&UM=UM_ID&q=");
-\\ Google Chrome v
[ File : C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\preferences ]
Deleted : homepage
Deleted : urls_to_restore_on_startup
*************************
AdwCleaner[R0].txt - [39713 octets] - [04/10/2013 14:30:23]
AdwCleaner[S0].txt - [39158 octets] - [04/10/2013 14:36:23]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [39219 octets] ########## --- --- --- Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.3 (09.27.2013:1)
OS: Windows Vista (TM) Business x86
Ran by user on 04.10.2013 at 14:48:26,91
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2263277548-4208689692-2039669879-1000\Software\SweetIM
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{5076E0A2-5E19-4D6E-A618-6AD44E61B3F7}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{B03D037D-641C-4E9D-A63C-E290136E7EC1}
~~~ Files
~~~ Folders
Successfully deleted: [Folder] "C:\Users\user\appdata\local\cre"
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{1DA7AC4A-B2B7-4A3F-A866-EBA5F1CC5F89}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{2D44E492-C35D-4629-83E9-F8E1667D18C3}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{57536DFB-BF65-4F90-982C-EEB726B595BC}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{7F3205BE-60CE-43CF-A05E-533F43C4E4DE}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{C9D0203D-3C12-4776-A61A-B242FE5E3E5C}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{F1191A25-10FE-41B1-AA0D-03D7AB53821E}
~~~ FireFox
Successfully deleted: [File] C:\user.js
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 04.10.2013 at 14:58:51,52
End of JRT log
FRST Logfile:
FRST Logfile: Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 03-10-2013
Ran by user (administrator) on USER-PC on 04-10-2013 15:05:27
Running from C:\Users\user\Downloads
Microsoft® Windows Vista™ Business Service Pack 2 (X86) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal
==================== Processes (Whitelisted) ===================
(ATI Technologies Inc.) C:\Windows\system32\Ati2evxx.exe
(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
(ATI Technologies Inc.) C:\Windows\system32\Ati2evxx.exe
(Microsoft Corporation) C:\Windows\SYSTEM32\WISPTIS.EXE
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
() C:\Windows\System32\WLTRYSVC.EXE
(Dell Inc.) C:\Windows\System32\bcmwltry.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Dell Inc.) C:\Program Files\Dell\QuickSet\NicConfigSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Microsoft Corporation) C:\Windows\SYSTEM32\WISPTIS.EXE
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
(Dell Inc.) C:\Windows\System32\WLTRAY.EXE
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\w32x86\3\E_FATIHJE.EXE
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
(Microsoft Corporation) C:\Windows\system32\conime.exe
(Google Inc.) C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [Broadcom Wireless Manager UI] - C:\Windows\system32\WLTRAY.exe [3444736 2007-12-08] (Dell Inc.)
HKLM\...\Run: [avast] - C:\Program Files\AVAST Software\Avast\avastUI.exe [4858968 2013-08-30] (AVAST Software)
HKCU\...\Run: [WMPNSCFG] - C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-21] (Microsoft Corporation)
HKCU\...\Run: [EPLTarget\P0000000000000000] - C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIHJE.EXE [249440 2012-02-29] (SEIKO EPSON CORPORATION)
HKU\Default\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\Default User\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x00F6247E5ABBCC01
SearchScopes: HKLM - DefaultScope value is missing.
BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO: PDF Architect Helper - {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Program Files\PDF Architect\PDFIEHelper.dll (pdfforge GbR)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} hxxp://support.dell.com/systemprofiler/SysProExe.CAB
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 0.0.0.0
FireFox:
========
FF ProfilePath: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\60jrzfe8.default
FF DefaultSearchEngine: Google
FF SearchEngineOrder.1: Google
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF Plugin: @java.com/DTPlugin,version=10.9.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.9.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @real.com/nprndlchromebrowserrecordext;version=1.2.0 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlhtml5videoshim;version=1.2.0 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin: @realnetworks.com/npdlplugin;version=1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin - C:\Users\user\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin - C:\Users\user\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @talk.google.com/O3DPlugin - C:\Users\user\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\user\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\user\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF SearchPlugin: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\60jrzfe8.default\searchplugins\firefox-add-ons.xml
FF SearchPlugin: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\60jrzfe8.default\searchplugins\wikipedia-eng.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
FF Extension: DownloadHelper - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\60jrzfe8.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF Extension: Adblock Plus - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\60jrzfe8.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF Extension: No Name - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\60jrzfe8.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKLM\...\Firefox\Extensions: [{B1FC07E1-E05B-4567-8891-E63FBE545BA8}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF HKLM\...\Firefox\Extensions: [FFPDFArchitectConverter@pdfarchitect.com] - C:\Program Files\PDF Architect\FFPDFArchitectExt
FF Extension: PDF Architect Converter For Firefox - C:\Program Files\PDF Architect\FFPDFArchitectExt
Chrome:
=======
CHR HomePage: hxxp://search.conduit.com/?SearchSource=10&ctid=CT1098640
CHR RestoreOnStartup: "hxxp://www.google.de/", null, "hxxp://www1.delta-search.com/?babsrc=HP_ss&mntrId=E8DF00197EE8C142&affID=121564&tsp=4982", "", "hxxp://www.google.com"
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Users\user\AppData\Local\Google\Chrome\Application\21.0.1180.83\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Shockwave Flash) - C:\Users\user\AppData\Local\Google\Chrome\Application\29.0.1547.76\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\user\AppData\Local\Google\Chrome\Application\29.0.1547.76\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\user\AppData\Local\Google\Chrome\Application\29.0.1547.76\pdf.dll ()
CHR Plugin: (Skype Toolbars) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\npSkypeChromePlugin.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Microsoft Windows Media Player Firefox Plugin) - C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll (Microsoft Corporation)
CHR Plugin: (AVG SiteSafety plugin) - C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\11.2.0\\npsitesafety.dll No File
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll No File
CHR Plugin: (RealNetworks(tm) RealDownloader Chrome Background Extension Plug-In (32-bit) ) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
CHR Plugin: (RealNetworks(tm) RealDownloader HTML5VideoShim Plug-In (32-bit) ) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
CHR Plugin: (RealDownloader Plugin) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll No File
CHR Plugin: (Windows Presentation Foundation) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Extension: (AdBlock) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.8_0
CHR Extension: (Chrome In-App Payments service) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0
CHR HKLM\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx
CHR HKLM\...\Chrome\Extension: [kheelobnibmchifldedamogdmhemfjio] - C:\Users\user\AppData\Local\CRE\kheelobnibmchifldedamogdmhemfjio.crx
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx
========================== Services (Whitelisted) =================
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-08-30] (AVAST Software)
S4 lxbk_device; C:\Windows\system32\lxbkcoms.exe [537256 2008-02-19] ( )
R2 nicconfigsvc; C:\Program Files\Dell\QuickSet\NicConfigSvc.exe [390424 2008-02-22] (Dell Inc.)
S4 PDF Architect Helper Service; C:\Program Files\PDF Architect\HelperService.exe [1324104 2013-01-09] (pdfforge GbR)
S4 PDF Architect Service; C:\Program Files\PDF Architect\ConversionService.exe [795208 2013-01-09] (pdfforge GbR)
S4 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [38608 2012-08-09] ()
S4 Skype C2C Service; C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3289472 2013-07-12] (Skype Technologies S.A.)
S4 StarWindServiceAE; C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe [370688 2009-12-23] (StarWind Software)
R2 wltrysvc; C:\Windows\System32\bcmwltry.exe [2506752 2007-12-08] (Dell Inc.)
==================== Drivers (Whitelisted) ====================
R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [29816 2013-08-30] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [66336 2013-08-30] (AVAST Software)
R1 aswRdr; C:\Windows\System32\Drivers\aswRdr.sys [49760 2013-08-30] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [49376 2013-08-30] ()
R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [770344 2013-08-30] (AVAST Software)
R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [369584 2013-08-30] (AVAST Software)
R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [56080 2013-08-30] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [177864 2013-08-30] ()
R0 CLFS; C:\Windows\System32\CLFS.sys [245736 2009-04-11] (Microsoft Corporation)
R3 HBtnKey; C:\Windows\System32\DRIVERS\HBtnKey.sys [11392 2009-10-30] (Dell Inc.)
S3 KMWDFILTER; C:\Windows\System32\DRIVERS\KMWDFILTER.sys [17408 2008-10-09] (Windows (R) Codename Longhorn DDK provider)
R3 NWDellModem; C:\Windows\System32\DRIVERS\nwdelmdm.sys [92288 2007-05-30] (Novatel Wireless Inc.)
R3 NWDellPort; C:\Windows\System32\DRIVERS\nwdelser.sys [92288 2007-05-30] (Novatel Wireless Inc.)
R3 PCASp50; C:\Windows\System32\Drivers\PCASp50.sys [27072 2007-05-30] (Printing Communications Assoc., Inc. (PCAUSA))
S3 s116bus; C:\Windows\System32\DRIVERS\s116bus.sys [83336 2007-04-03] (MCCI Corporation)
S3 s116mdfl; C:\Windows\System32\DRIVERS\s116mdfl.sys [15112 2007-04-03] (MCCI Corporation)
S3 s116mdm; C:\Windows\System32\DRIVERS\s116mdm.sys [108680 2007-04-03] (MCCI Corporation)
S3 s116mgmt; C:\Windows\System32\DRIVERS\s116mgmt.sys [100488 2007-04-03] (MCCI Corporation)
S3 s116nd5; C:\Windows\System32\DRIVERS\s116nd5.sys [23176 2007-04-03] (MCCI Corporation)
S3 s116obex; C:\Windows\System32\DRIVERS\s116obex.sys [98696 2007-04-03] (MCCI Corporation)
S3 s116unic; C:\Windows\System32\DRIVERS\s116unic.sys [99080 2007-04-03] (MCCI Corporation)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [428088 2012-02-22] ()
R2 SSPORT; C:\Windows\system32\Drivers\SSPORT.sys [5120 2009-10-28] (Samsung Electronics)
U3 aul2sedp; C:\Windows\System32\Drivers\aul2sedp.sys [0 ] (Microsoft Corporation)
S3 BCM42RLY; system32\drivers\BCM42RLY.sys [x]
S3 catchme; \??\C:\Users\user\AppData\Local\Temp\catchme.sys [x]
S2 DgiVecp; \??\C:\Windows\system32\Drivers\DgiVecp.sys [x]
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S3 nmwcd; system32\drivers\ccdcmb.sys [x]
S3 nmwcdc; system32\drivers\ccdcmbo.sys [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]
S3 STHDA; system32\drivers\stwrt.sys [x]
S3 upperdev; system32\DRIVERS\usbser_lowerflt.sys [x]
S3 UsbserFilt; system32\DRIVERS\usbser_lowerfltj.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-10-04 15:05 - 2013-10-04 15:05 - 01087213 _____ (Farbar) C:\Users\user\Downloads\FRST.exe
2013-10-04 14:58 - 2013-10-04 14:58 - 00001869 _____ C:\Users\user\Desktop\JRT.txt
2013-10-04 14:48 - 2013-10-04 14:48 - 00000000 ____D C:\Windows\ERUNT
2013-10-04 14:47 - 2013-10-04 14:47 - 01030305 _____ (Thisisu) C:\Users\user\Downloads\JRT.exe
2013-10-04 14:29 - 2013-10-04 14:37 - 00000000 ____D C:\AdwCleaner
2013-10-04 14:29 - 2013-10-04 14:29 - 01045226 _____ C:\Users\user\Downloads\adwcleaner.exe
2013-10-04 10:33 - 2013-10-04 10:33 - 00000000 ____D C:\Users\user\AppData\Roaming\Malwarebytes
2013-10-04 10:30 - 2013-10-04 10:31 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-10-04 10:30 - 2013-10-04 10:30 - 00000906 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-10-04 10:30 - 2013-10-04 10:30 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-10-04 10:30 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-10-04 10:26 - 2013-10-04 10:27 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\user\Downloads\mbam-setup-1.75.0.1300.exe
2013-10-02 17:09 - 2013-10-02 17:09 - 00014878 _____ C:\ComboFix.txt
2013-10-02 16:25 - 2013-10-02 17:10 - 00000000 ____D C:\ComboFix
2013-10-02 16:23 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2013-10-02 16:23 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2013-10-02 16:23 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-10-02 16:23 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-10-02 16:23 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-10-02 16:23 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2013-10-02 16:23 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2013-10-02 16:23 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2013-10-02 16:21 - 2013-10-02 17:10 - 00000000 ____D C:\Qoobox
2013-10-02 16:21 - 2013-10-02 17:02 - 00000000 ____D C:\Windows\erdnt
2013-10-02 16:05 - 2013-10-02 16:06 - 05132885 ____R (Swearware) C:\Users\user\Downloads\ComboFix.exe
2013-09-30 20:07 - 2013-09-30 20:08 - 00022082 _____ C:\Users\user\Downloads\Addition.txt
2013-09-30 19:48 - 2013-09-30 19:48 - 00000000 ____D C:\FRST
2013-09-30 16:02 - 2013-09-30 16:02 - 00176211 _____ C:\Users\user\Downloads\planungvorbereitungauswertung (1)
2013-09-30 16:02 - 2013-09-30 16:02 - 00176211 _____ C:\Users\user\Downloads\planungvorbereitungauswertung
2013-09-29 17:05 - 2013-09-29 17:06 - 02237968 _____ (Kaspersky Lab ZAO) C:\Users\user\Downloads\tdsskiller.exe
2013-09-26 18:43 - 2013-09-26 18:43 - 01029120 _____ C:\Users\user\Downloads\7_Interkulturelle Aspekte - Hamburg- 2005.ppt
2013-09-25 15:03 - 2013-09-25 15:03 - 00028531 _____ C:\Users\user\Downloads\Cartes de rôle A+2 L2 S1 (1).odt
2013-09-21 14:50 - 2013-09-21 14:50 - 00000000 ____D C:\Users\user\Desktop\GrauerStick
2013-09-21 14:47 - 2013-09-21 14:47 - 39815485 _____ C:\Users\user\Downloads\1114343_996x560_VP6_928.flv
2013-09-20 10:14 - 2013-09-19 13:35 - 04148971 _____ C:\Users\user\Desktop\Mord an einem Pädophilen 15 Jähriger steht vor Gericht.wmv
2013-09-20 07:15 - 2013-09-20 07:15 - 00020763 _____ C:\Users\user\Downloads\2013-9-19_Ldn_Politik_Handout_Wahl-O-Mat.odt
2013-09-20 07:13 - 2013-09-20 07:13 - 00067602 _____ C:\Users\user\Downloads\Die Mörderin mit dem Madonnengesicht.pptx
2013-09-19 12:50 - 2013-09-19 12:50 - 00000000 ____D C:\Users\user\Desktop\Graftstatprodukt_8_Jugend
2013-09-18 13:21 - 2013-09-18 13:21 - 00021071 _____ C:\Users\user\Desktop\2013-9-17_Ldn_Politik_Handout-Wahl-O-Mat.odp
2013-09-16 16:31 - 2013-09-16 16:31 - 00025278 _____ C:\Users\user\Downloads\Checkliste Interro L2.odt
2013-09-16 07:59 - 2013-09-16 07:59 - 00000000 ____D C:\Users\user\Desktop\SchwarzerStick
2013-09-16 07:58 - 2013-09-16 08:01 - 00000000 ____D C:\Users\user\Desktop\RoterStick
2013-09-15 23:15 - 2013-09-15 23:16 - 02828552 _____ (AVAST Software) C:\Users\user\Downloads\avast-browser-cleanup_8.0.1484.29.exe
2013-09-14 16:56 - 2013-09-14 16:57 - 05943296 _____ C:\Users\user\Downloads\Geiselname von Gladbeck - ohne Video (1).ppt
2013-09-12 15:15 - 2013-09-22 13:14 - 00000000 ____D C:\Users\user\Documents\grafstat4
2013-09-12 07:15 - 2013-09-12 07:15 - 00000816 _____ C:\Users\Public\Desktop\grafstat4.lnk
2013-09-12 07:14 - 2013-09-12 07:15 - 00000000 ____D C:\Program Files\grafstat4
2013-09-12 07:12 - 2013-09-12 07:12 - 26012592 _____ C:\Users\user\Downloads\grafstat4-2013-4-276.zip
2013-09-12 06:51 - 2013-07-31 12:30 - 12335104 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-09-12 06:51 - 2013-07-31 12:05 - 09738752 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-09-12 06:51 - 2013-07-31 12:00 - 01800704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-09-12 06:51 - 2013-07-31 11:53 - 01104896 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-09-12 06:51 - 2013-07-31 11:52 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-09-12 06:51 - 2013-07-31 11:52 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-09-12 06:51 - 2013-07-31 11:51 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-09-12 06:51 - 2013-07-31 11:49 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-09-12 06:51 - 2013-07-31 11:48 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-09-12 06:51 - 2013-07-31 11:48 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-09-12 06:51 - 2013-07-31 11:48 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-09-12 06:51 - 2013-07-31 11:47 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-09-12 06:51 - 2013-07-31 11:46 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-09-12 06:51 - 2013-07-31 11:45 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-09-12 06:51 - 2013-07-31 11:45 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-09-12 06:51 - 2013-07-31 11:42 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-09-11 08:01 - 2013-08-08 03:45 - 02049536 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-09-11 08:01 - 2013-07-16 06:35 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\themeui.dll
2013-09-09 08:10 - 2013-09-08 14:07 - 00018649 _____ C:\Users\user\Documents\ToDo_Bremen.doc_0.odt
2013-09-05 18:07 - 2013-09-05 18:07 - 00113054 _____ C:\Users\user\Downloads\Puzzle Fruits et légumes.odt
2013-09-05 17:59 - 2013-09-05 17:59 - 01266688 _____ C:\Users\user\Downloads\Fördern_durch_Aufgabenorientierung_Präsentation_Nordverbund_09 (2).ppt
2013-09-05 13:15 - 2013-09-05 13:15 - 22490505 _____ C:\Users\user\Downloads\YouTube_1378379219.mp4
==================== One Month Modified Files and Folders =======
2013-10-04 15:07 - 2011-12-08 13:52 - 00000882 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-10-04 15:05 - 2013-10-04 15:05 - 01087213 _____ (Farbar) C:\Users\user\Downloads\FRST.exe
2013-10-04 14:58 - 2013-10-04 14:58 - 00001869 _____ C:\Users\user\Desktop\JRT.txt
2013-10-04 14:48 - 2013-10-04 14:48 - 00000000 ____D C:\Windows\ERUNT
2013-10-04 14:47 - 2013-10-04 14:47 - 01030305 _____ (Thisisu) C:\Users\user\Downloads\JRT.exe
2013-10-04 14:45 - 2006-11-02 12:33 - 00703388 _____ C:\Windows\system32\PerfStringBackup.INI
2013-10-04 14:44 - 2008-01-21 03:39 - 01617937 _____ C:\Windows\WindowsUpdate.log
2013-10-04 14:40 - 2011-12-08 13:51 - 00000878 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-10-04 14:40 - 2006-11-02 15:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-10-04 14:40 - 2006-11-02 14:47 - 00003712 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-10-04 14:40 - 2006-11-02 14:47 - 00003712 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-10-04 14:38 - 2011-11-25 07:32 - 00000012 _____ C:\Windows\bthservsdp.dat
2013-10-04 14:38 - 2006-11-02 15:01 - 00032652 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-10-04 14:37 - 2013-10-04 14:29 - 00000000 ____D C:\AdwCleaner
2013-10-04 14:29 - 2013-10-04 14:29 - 01045226 _____ C:\Users\user\Downloads\adwcleaner.exe
2013-10-04 14:24 - 2006-11-02 15:00 - 00055274 _____ C:\Windows\PFRO.log
2013-10-04 14:09 - 2012-08-24 16:22 - 00001116 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2263277548-4208689692-2039669879-1000UA.job
2013-10-04 13:49 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\LiveKernelReports
2013-10-04 12:58 - 2012-07-25 11:01 - 00000000 ____D C:\Users\user\Documents\DaF
2013-10-04 11:35 - 2012-07-25 10:48 - 00000000 ____D C:\Users\user\Documents\Privat
2013-10-04 10:33 - 2013-10-04 10:33 - 00000000 ____D C:\Users\user\AppData\Roaming\Malwarebytes
2013-10-04 10:31 - 2013-10-04 10:30 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-10-04 10:30 - 2013-10-04 10:30 - 00000906 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-10-04 10:30 - 2013-10-04 10:30 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-10-04 10:27 - 2013-10-04 10:26 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\user\Downloads\mbam-setup-1.75.0.1300.exe
2013-10-04 10:09 - 2012-08-24 16:22 - 00001064 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2263277548-4208689692-2039669879-1000Core.job
2013-10-04 09:31 - 2006-11-02 12:23 - 00002577 _____ C:\Windows\system32\config.nt
2013-10-04 09:07 - 2013-08-22 20:53 - 00004804 _____ C:\Windows\setupact.log
2013-10-02 17:10 - 2013-10-02 16:25 - 00000000 ____D C:\ComboFix
2013-10-02 17:10 - 2013-10-02 16:21 - 00000000 ____D C:\Qoobox
2013-10-02 17:10 - 2006-11-02 13:18 - 00000000 __RHD C:\Users\Default
2013-10-02 17:10 - 2006-11-02 13:18 - 00000000 ___RD C:\Users\Public
2013-10-02 17:09 - 2013-10-02 17:09 - 00014878 _____ C:\ComboFix.txt
2013-10-02 17:02 - 2013-10-02 16:21 - 00000000 ____D C:\Windows\erdnt
2013-10-02 17:00 - 2006-11-02 12:23 - 00000215 _____ C:\Windows\system.ini
2013-10-02 16:06 - 2013-10-02 16:05 - 05132885 ____R (Swearware) C:\Users\user\Downloads\ComboFix.exe
2013-10-01 08:39 - 2012-01-22 22:00 - 00037888 _____ C:\Users\user\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-09-30 23:10 - 2012-01-01 15:46 - 00000000 ____D C:\Users\user\AppData\Roaming\Skype
2013-09-30 20:08 - 2013-09-30 20:07 - 00022082 _____ C:\Users\user\Downloads\Addition.txt
2013-09-30 19:48 - 2013-09-30 19:48 - 00000000 ____D C:\FRST
2013-09-30 16:02 - 2013-09-30 16:02 - 00176211 _____ C:\Users\user\Downloads\planungvorbereitungauswertung (1)
2013-09-30 16:02 - 2013-09-30 16:02 - 00176211 _____ C:\Users\user\Downloads\planungvorbereitungauswertung
2013-09-30 15:05 - 2012-03-04 00:51 - 00000000 ____D C:\Users\user\AppData\Roaming\Audacity
2013-09-29 17:06 - 2013-09-29 17:05 - 02237968 _____ (Kaspersky Lab ZAO) C:\Users\user\Downloads\tdsskiller.exe
2013-09-28 11:12 - 2011-12-15 12:12 - 00000000 ____D C:\Users\user\AppData\Roaming\Mozilla
2013-09-26 18:43 - 2013-09-26 18:43 - 01029120 _____ C:\Users\user\Downloads\7_Interkulturelle Aspekte - Hamburg- 2005.ppt
2013-09-25 15:03 - 2013-09-25 15:03 - 00028531 _____ C:\Users\user\Downloads\Cartes de rôle A+2 L2 S1 (1).odt
2013-09-23 20:28 - 2012-08-17 12:54 - 00000000 ____D C:\Users\user\Documents\Hausarbeit
2013-09-23 15:29 - 2011-12-08 15:58 - 00000000 ____D C:\Users\user\AppData\Roaming\WinEdt
2013-09-22 13:14 - 2013-09-12 15:15 - 00000000 ____D C:\Users\user\Documents\grafstat4
2013-09-21 16:01 - 2013-01-13 11:00 - 00000000 ____D C:\Users\user\Documents\Lehrprobe_Französisch
2013-09-21 14:50 - 2013-09-21 14:50 - 00000000 ____D C:\Users\user\Desktop\GrauerStick
2013-09-21 14:47 - 2013-09-21 14:47 - 39815485 _____ C:\Users\user\Downloads\1114343_996x560_VP6_928.flv
2013-09-20 20:25 - 2012-08-24 16:26 - 00002037 _____ C:\Users\user\Desktop\Google Chrome.lnk
2013-09-20 10:59 - 2012-01-22 22:08 - 00000000 ____D C:\Users\user\AppData\Roaming\vlc
2013-09-20 07:15 - 2013-09-20 07:15 - 00020763 _____ C:\Users\user\Downloads\2013-9-19_Ldn_Politik_Handout_Wahl-O-Mat.odt
2013-09-20 07:13 - 2013-09-20 07:13 - 00067602 _____ C:\Users\user\Downloads\Die Mörderin mit dem Madonnengesicht.pptx
2013-09-19 13:35 - 2013-09-20 10:14 - 04148971 _____ C:\Users\user\Desktop\Mord an einem Pädophilen 15 Jähriger steht vor Gericht.wmv
2013-09-19 12:50 - 2013-09-19 12:50 - 00000000 ____D C:\Users\user\Desktop\Graftstatprodukt_8_Jugend
2013-09-18 13:21 - 2013-09-18 13:21 - 00021071 _____ C:\Users\user\Desktop\2013-9-17_Ldn_Politik_Handout-Wahl-O-Mat.odp
2013-09-16 16:31 - 2013-09-16 16:31 - 00025278 _____ C:\Users\user\Downloads\Checkliste Interro L2.odt
2013-09-16 08:01 - 2013-09-16 07:58 - 00000000 ____D C:\Users\user\Desktop\RoterStick
2013-09-16 07:59 - 2013-09-16 07:59 - 00000000 ____D C:\Users\user\Desktop\SchwarzerStick
2013-09-15 23:16 - 2013-09-15 23:15 - 02828552 _____ (AVAST Software) C:\Users\user\Downloads\avast-browser-cleanup_8.0.1484.29.exe
2013-09-14 16:57 - 2013-09-14 16:56 - 05943296 _____ C:\Users\user\Downloads\Geiselname von Gladbeck - ohne Video (1).ppt
2013-09-12 08:27 - 2006-11-02 14:47 - 00257528 _____ C:\Windows\system32\FNTCACHE.DAT
2013-09-12 07:15 - 2013-09-12 07:15 - 00000816 _____ C:\Users\Public\Desktop\grafstat4.lnk
2013-09-12 07:15 - 2013-09-12 07:14 - 00000000 ____D C:\Program Files\grafstat4
2013-09-12 07:12 - 2013-09-12 07:12 - 26012592 _____ C:\Users\user\Downloads\grafstat4-2013-4-276.zip
2013-09-12 06:49 - 2013-07-20 12:15 - 00000000 ____D C:\Windows\system32\MRT
2013-09-12 06:42 - 2006-11-02 12:24 - 76725432 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2013-09-09 17:32 - 2013-03-29 14:06 - 00000000 ____D C:\Users\user\Documents\Debeka
2013-09-08 14:07 - 2013-09-09 08:10 - 00018649 _____ C:\Users\user\Documents\ToDo_Bremen.doc_0.odt
2013-09-05 18:07 - 2013-09-05 18:07 - 00113054 _____ C:\Users\user\Downloads\Puzzle Fruits et légumes.odt
2013-09-05 17:59 - 2013-09-05 17:59 - 01266688 _____ C:\Users\user\Downloads\Fördern_durch_Aufgabenorientierung_Präsentation_Nordverbund_09 (2).ppt
2013-09-05 13:15 - 2013-09-05 13:15 - 22490505 _____ C:\Users\user\Downloads\YouTube_1378379219.mp4
2013-09-04 13:09 - 2013-08-22 14:28 - 00000000 ____D C:\Program Files\Common Files\DVDVideoSoft
2013-09-04 13:09 - 2012-03-18 20:31 - 00000000 ____D C:\Users\user\AppData\Roaming\DVDVideoSoft
Some content of TEMP:
====================
C:\Users\user\AppData\Local\Temp\Quarantine.exe
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-10-04 14:46
==================== End Of Log ============================ --- --- ---
--- --- --- |