Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: 100€ Trojaner

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 25.08.2012, 08:41   #1
Nick11
 
100€ Trojaner - Standard

100€ Trojaner



Ich hab mir den 100€ Trojaner eingefangen und möchte den jetzt gern wieder los werden. Bitte dringend um Hilfe!

Alt 25.08.2012, 15:25   #2
t'john
/// Helfer-Team
 
100€ Trojaner - Standard

100€ Trojaner





1. Schritt

Bitte einen Vollscan mit Malwarebytes Anti-Malware machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Malwarebytes Anti-Malware
- Anwendbar auf Windows 2000, XP, Vista und 7.
- Installiere das Programm in den vorgegebenen Pfad.
- Aktualisiere die Datenbank!
- Aktiviere "Komplett Scan durchführen" => Scan.
- Wähle alle verfügbaren Laufwerke (ausser CD/DVD) aus und starte den Scan.
- Funde bitte löschen lassen oder in Quarantäne.
- Wenn der Scan beendet ist, klicke auf "Zeige Resultate".

2. Schritt
Systemscan mit OTL (bebilderte Anleitung)

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop ( falls noch nicht vorhanden)- Doppelklick auf die OTL.exe

  • Vista und Win7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Wähle Scanne Alle Benuzer
  • Oben findest Du ein Kästchen mit Ausgabe. Wähle bitte Minimale Ausgabe
  • Unter Extra Registrierung, wähle bitte Benutze SafeList
  • Klicke nun auf Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in den Thread.
__________________

__________________

Alt 25.08.2012, 21:42   #3
Nick11
 
100€ Trojaner - Standard

100€ Trojaner



Code:
ATTFilter
 Malwarebytes Anti-Malware  (Test) 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.08.25.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Tom :: TOM-PC [Administrator]

Schutz: Aktiviert

25.08.2012 17:17:28
mbam-log-2012-08-25 (17-17-28).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 472427
Laufzeit: 1 Stunde(n), 24 Minute(n), 24 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 35
HKCR\CrossriderApp0002258.BHO (PUP.CrossFire.Gen) -> Keine Aktion durchgeführt.
HKCR\CrossriderApp0002258.BHO.1 (PUP.CrossFire.Gen) -> Keine Aktion durchgeführt.
HKCR\CrossriderApp0002258.FBApi (PUP.CrossFire.Gen) -> Keine Aktion durchgeführt.
HKCR\CrossriderApp0002258.FBApi.1 (PUP.CrossFire.Gen) -> Keine Aktion durchgeführt.
HKCR\CrossriderApp0002258.Sandbox (PUP.CrossFire.Gen) -> Keine Aktion durchgeführt.
HKCR\CrossriderApp0002258.Sandbox.1 (PUP.CrossFire.Gen) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\215 APPS (PUP.CrossFire.SA) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Google\Chrome\Extensions\mpfapcdfbbledbojijcbcclmlieaoogk (PUP.GamesPlayLab) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\mpfapcdfbbledbojijcbcclmlieaoogk (PUP.GamesPlayLab) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110011221158} (PUP.GamePlayLab) -> Keine Aktion durchgeführt.
HKCR\CLSID\{11111111-1111-1111-1111-110011221158} (PUP.GamePlayLab) -> Keine Aktion durchgeführt.
HKCR\TypeLib\{44444444-4444-4444-4444-440044224458} (PUP.GamePlayLab) -> Keine Aktion durchgeführt.
HKCR\Interface\{55555555-5555-5555-5555-550055225558} (PUP.GamePlayLab) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110011221158} (PUP.GamePlayLab) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110011221158} (PUP.GamePlayLab) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110011221158} (PUP.GamePlayLab) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011221158} (PUP.GamePlayLab) -> Keine Aktion durchgeführt.
HKCR\CLSID\{11111111-1111-1111-1111-110011221158} (Adware.GamePlayLabs) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\TypeLib\{44444444-4444-4444-4444-440044224458} (Adware.GamePlayLabs) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\Interface\{55555555-5555-5555-5555-550055225558} (Adware.GamePlayLabs) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\CrossriderApp0002258.BHO.1 (Adware.GamePlayLabs) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110011221158} (Adware.GamePlayLabs) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110011221158} (Adware.GamePlayLabs) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110011221158} (Adware.GamePlayLabs) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110011221158} (Adware.GamePlayLabs) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011221158} (Adware.GamePlayLabs) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\CLSID\{22222222-2222-2222-2222-220022222258} (Adware.GamePlayLab) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\CrossriderApp0002258.Sandbox.1 (Adware.GamePlayLab) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\CrossriderApp0002258.Sandbox (Adware.GamePlayLab) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\CLSID\{33333333-3333-3333-3333-330033223358} (Adware.GamePlayLab) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\CrossriderApp0002258.FBApi.1 (Adware.GamePlayLab) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\CrossriderApp0002258.FBApi (Adware.GamePlayLab) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\CrossriderApp0002258.BHO (Adware.GamePlayLab) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\I Want This (Adware.GamePlayLabs) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\Software\Cr_Installer\2258 (Adware.GamePlayLab) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Registrierungswerte: 3
HKCU\Software\InstalledBrowserExtensions\215 Apps|2258 (PUP.CrossFire.SA) -> Daten: I Want This -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon|shell (Trojan.Agent) -> Daten: explorer.exe,C:\Users\Tom\AppData\Roaming\msconfig.dat -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\I Want This|Publisher (Adware.GamePlayLab) -> Daten: 215 Apps -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 3
C:\Program Files (x86)\I Want This (Adware.GamePlayLab) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Tom\AppData\Local\I Want This (Adware.GamePlayLab) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Tom\AppData\Local\I Want This\Chrome (Adware.GamePlayLab) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateien: 11
C:\Program Files (x86)\I Want This\I Want This.dll (PUP.GamePlayLab) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\I Want This\I Want This.dll (Adware.GamePlayLabs) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\I Want This\I Want This.exe (Adware.GamePlayLabs) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\I Want This\I Want ThisGui.exe (Adware.GamePlayLabs) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\I Want This\Uninstall.exe (Adware.GamePlayLabs) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Tom\AppData\Local\Temp\poqcjy2615xxhym4.exe (Trojan.Winlock.P) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Tom\AppData\Roaming\msconfig.dat (Trojan.Winlock.P) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\I Want This\I Want This.ini (Adware.GamePlayLab) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\I Want This\I Want This.ico (Adware.GamePlayLab) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\I Want This\I Want ThisInstaller.log (Adware.GamePlayLab) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Tom\AppData\Local\I Want This\Chrome\I Want This.crx (Adware.GamePlayLab) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
         
Code:
ATTFilter
OTL Extras logfile created on: 25.08.2012 17:17:13 - Run 1
OTL by OldTimer - Version 3.2.58.1     Folder = C:\Users\Tom\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,87 Gb Total Physical Memory | 1,62 Gb Available Physical Memory | 41,87% Memory free
7,73 Gb Paging File | 5,38 Gb Available in Paging File | 69,58% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 284,90 Gb Total Space | 172,84 Gb Free Space | 60,67% Space Free | Partition Type: NTFS
Drive D: | 12,90 Gb Total Space | 2,15 Gb Free Space | 16,67% Space Free | Partition Type: NTFS
Drive E: | 99,34 Mb Total Space | 92,67 Mb Free Space | 93,29% Space Free | Partition Type: FAT32
Drive F: | 1,17 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: TOM-PC | User Name: Tom | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04328A93-AADD-4E4F-A69F-DC32B5559725}" = lport=6900 | protocol=6 | dir=in | name=league of legends launcher | 
"{0DB1E2DA-C010-4229-BB5A-27268C4353A4}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{15FE363B-543F-400F-8538-7BA4AC22E2A1}" = lport=6924 | protocol=17 | dir=in | name=league of legends launcher | 
"{177FA8DD-04B5-46C6-BBDE-7EAD1314A3A9}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{20D5D77D-0F1B-4F95-B60F-47B9D12527BB}" = rport=138 | protocol=17 | dir=out | app=system | 
"{340B3CF7-BA38-49EC-8267-53088097DDC8}" = rport=139 | protocol=6 | dir=out | app=system | 
"{36BBAFD3-0B26-43F1-9F10-620E182295DB}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{3BA5CB01-6ABF-42BD-AA93-C568E4966C9A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{3DD96895-CC74-4D78-9D23-F40DDB9E8660}" = lport=138 | protocol=17 | dir=in | app=system | 
"{46030286-EB0A-4CE8-9C38-3E3C100D9680}" = rport=445 | protocol=6 | dir=out | app=system | 
"{4B49D4C3-FAB6-46E3-A306-AE40833562A2}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{5831E781-EDFD-4E64-89E5-CCAF1E6B3BDC}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{5AB22B9A-6717-45A3-9953-A8D19521A095}" = lport=139 | protocol=6 | dir=in | app=system | 
"{740689E7-A5AE-4117-9B48-80687D176C98}" = lport=6924 | protocol=6 | dir=in | name=league of legends launcher | 
"{75A552F3-42DA-44C0-A768-8D6DC97B20D6}" = lport=8396 | protocol=6 | dir=in | name=league of legends launcher | 
"{75CF5C9F-E615-4D4D-8BED-75BE612F5039}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{8BEA4802-9240-448A-848F-1ADC2F3AC512}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{96328D4F-D7EB-4B7F-AB4F-570059ABFD96}" = lport=8396 | protocol=17 | dir=in | name=league of legends launcher | 
"{9759071E-88CB-4A37-A175-BB96456C768A}" = lport=6900 | protocol=17 | dir=in | name=league of legends launcher | 
"{9E9B9BDE-6437-4A9B-BCE7-940AB380889E}" = lport=445 | protocol=6 | dir=in | app=system | 
"{B0D79F1A-5DC6-43DA-B478-A48EADB2A139}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{B28D8C21-17A8-44C4-A368-915E6F1E55F3}" = rport=137 | protocol=17 | dir=out | app=system | 
"{B70466D1-8978-43B6-A247-9EA27501DEC4}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{B7C820C9-2817-459D-BC3A-89B8FF749A8A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{C21B98BF-8991-46CD-A00F-6B27C1C8B363}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{C2A4F617-3EB7-4BD8-BDF5-38EAD47544AF}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{C3E4BFB3-3D3B-4845-B89E-D9999BD48C33}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{D85DC7F0-626D-4A47-B389-85E312186104}" = rport=1701 | protocol=17 | dir=out | app=system | 
"{E232C074-7A87-4E01-B92D-8F9DC45CF30A}" = lport=137 | protocol=17 | dir=in | app=system | 
"{EA5F9762-8EDC-4659-A403-88ED202E8172}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{F83B02E7-7B17-453B-9C5C-5516E42303C5}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{FC52094E-191C-4D65-BE19-BFC25BF0B67C}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{FE7B679E-207B-4E5B-B34A-551359E56C76}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{019C4A90-7AD1-4500-9DC1-883E01993AE9}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{02B4D243-57F1-4C07-B086-90793DE65D73}" = protocol=47 | dir=out | app=system | 
"{05CA72A5-C3A6-4EB6-B402-EC590A3B6025}" = protocol=17 | dir=in | app=c:\riot games\league of legends\game\league of legends.exe | 
"{0C1FECA3-38AC-44B7-AD91-AF0795D015F1}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{0C35B25F-BC5A-4AEE-ADEC-459E18F84C08}" = protocol=47 | dir=out | app=system | 
"{0C481D45-662D-40EF-A30A-6A398B69E99D}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"{0D54533B-E6AA-4E19-AE82-A6981F3BF103}" = protocol=6 | dir=in | app=c:\program files (x86)\thq\gas powered games\supreme commander\bin\supremecommander.exe | 
"{0E4DF93B-EFA3-484B-9173-2EB61481E8BB}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{0F921614-5F03-4C04-8CF9-9486C7616C68}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{15378545-6BDD-4E24-A152-7D640B099223}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{15396705-B136-456C-9286-19BBB386657C}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{17719B71-7F03-4870-AE14-29B671B7C046}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{18499A7D-0D66-4E1E-BBAE-778DCC915951}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{188E0252-EFE2-484D-A782-17E908380A3A}" = protocol=17 | dir=in | app=c:\program files (x86)\gamespy arcade\aphex.exe | 
"{1A82EAE1-A8FF-4CE1-8785-DB7B084841EF}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{1C1BCEA7-5C8A-40B2-A7B4-7D87202BBCAB}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{1CE4CB4A-1D0A-418B-9DDF-60BE62D1BA3E}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{1DCCC0B7-0A94-458F-8DB1-B322FD6E6B03}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{22074981-8FAE-4088-873E-7D4B31DB4BEB}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{2316C53D-9F57-4BC6-B488-59D675FA22D9}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{261DEDE8-3D63-407B-87FD-C6F84ED9E40D}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{2621FCF5-2AFD-49AD-B11B-E7DD2CC81A71}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{263EE38A-B860-47ED-87E1-B120234C279C}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{268B4D28-BA45-475D-8F9B-4A0D3300C007}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{2C3A955E-92B5-4FFD-9E68-1E01DDFC3EBC}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{2CBC7C45-DE25-4668-930A-62A9E0347A06}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{2D716706-A849-4861-B7BC-3983AAFB1A5B}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{30806EF5-67E4-4DBA-8A96-FCE383E05AED}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{323E9EB7-EDC7-4793-AB0B-D4BB44875B6C}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{328EEFEC-DF65-41AC-A4ED-4C65DE8DD481}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{33313735-2378-455F-98FB-B405B9183F77}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{33D77285-2066-44C7-B99E-421CBFF65D9D}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{35D5F64B-6B08-47C1-9B09-39D36DCE298C}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{3775BD16-B534-4FD2-AA36-D19262FC7CC9}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{37B6A74B-0833-4A01-9C41-49BE1CFD0F34}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe | 
"{3C46D31E-071A-4FAC-81C7-3B378ABD68DC}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{3C48A4A8-493B-45E1-9314-0E2B05BA188F}" = protocol=17 | dir=in | app=c:\program files (x86)\firefly studios\stronghold legends\strongholdlegends.exe | 
"{3C73A0A8-D374-456F-832F-4FACAEEF8F52}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{4084D452-3861-417E-9968-93E4C6E57C9B}" = protocol=17 | dir=in | app=c:\program files (x86)\thq\gas powered games\supreme commander - forged alliance\bin\forgedalliance.exe | 
"{445738ED-4296-41FA-BD19-779FE66636A0}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{4702503C-CDFE-4452-94D4-D24A5C875A31}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{48F4FABB-5762-49C4-9262-A215757DB030}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{4B962625-8989-4BED-9609-598AA8BE9BED}" = protocol=17 | dir=in | app=c:\riot games\league of legends\air\lolclient.exe | 
"{4CDF15CA-E82B-498D-87DF-FAF423B26F1E}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{4E43069E-5B65-4E02-8798-BA615D67CB25}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{4EA71765-35D2-4B05-B64E-EDEF4008D3BD}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{50F99DC9-17F8-4CB1-8D50-5ECCFCB42556}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{5735C0B7-E036-448E-9BE9-48AF9BF749C7}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{58241D18-D4E7-429C-948A-943246EA2504}" = protocol=17 | dir=in | app=c:\program files (x86)\firefly studios\stronghold 2\stronghold2.exe | 
"{58AF8E6C-8FC9-42E9-9FFC-21A67CC48FB3}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{5B8A7442-27BE-4E7C-A3B9-0391426FDDCD}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{5B9E711F-C54E-4762-BFF5-640D86119C2A}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{5C03DDC3-7BE8-48A4-9EF6-91B3CBF34B82}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{5C6B2C81-A046-4AC2-B9A4-913A1425483F}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"{5CC554EA-D5DF-44C0-BFE2-15CE89A9FDB4}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft games\age of empires iii\age3.exe | 
"{5E5B0239-D9AA-443D-9F04-FD823D091D34}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{61360434-9331-43DC-99E7-B9C4AC2EF62A}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{614DCD4C-A350-4EA0-90D0-8FE41DE6E6DA}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{6263D84D-10A2-4111-A3DB-9730B8AA1EE1}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd8\powerdvd8.exe | 
"{651A9A00-67C7-4C4E-B067-702319225ECE}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{691D750D-F29E-470E-B7EF-217D582AFFF8}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{6BF44E58-0DA8-423E-8923-772C65147460}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{6D050DD4-FD71-4E2D-886B-ACE4928B3176}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{6D1DD4D3-A5E4-46AD-BA7A-478F0FEE9B6E}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{6F2F00C6-152B-4DDC-B6EB-48FBC7842C4D}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{70E96FA2-EF85-4392-96B8-B221EB74CBC7}" = protocol=6 | dir=in | app=c:\program files (x86)\firefly studios\stronghold legends\strongholdlegends.exe | 
"{725253CD-90EC-4D64-9BDF-8C9C94DE3CFE}" = protocol=17 | dir=in | app=c:\program files (x86)\firefly studios\stronghold crusader\stronghold crusader.exe | 
"{74EE0065-2103-4612-B5D2-5836BCB76304}" = protocol=17 | dir=in | app=c:\program files (x86)\thq\gas powered games\gpgnet\gpg.multiplayer.client.exe | 
"{779C56DB-9F9A-424B-B242-1A6219A4C981}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{78FDDB69-F8E4-479B-97D9-ADCDF68168E7}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{7B32C8A0-DB4F-4F43-BE9C-B82AB0435329}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{7B6D9BD5-BDAD-40D8-95EE-0985ADDE155E}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{7CD10729-7BEE-43AF-9268-D0BC3C70E12F}" = protocol=17 | dir=in | app=c:\program files (x86)\firefly studios\stronghold crusader\stronghold_crusader_extreme.exe | 
"{7FED34CB-FEF0-4D4C-89BC-5CF97EC9104D}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{843E67B3-2659-4F1D-8B9A-C994F63C4EAA}" = protocol=6 | dir=in | app=c:\program files (x86)\firefly studios\stronghold crusader\stronghold crusader.exe | 
"{887473DC-DA23-4BFA-B157-88E167A13B46}" = protocol=6 | dir=in | app=c:\program files (x86)\firefly studios\stronghold crusader\stronghold_crusader_extreme.exe | 
"{893ADC47-5D22-4637-8A2A-7E258023EBE3}" = protocol=6 | dir=in | app=c:\program files (x86)\firefly studios\stronghold 2\stronghold2.exe | 
"{8B0570CF-DF70-4F40-A041-30F1B308909E}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | 
"{8C5587EC-17AB-4F12-B0F0-6AFE503CB178}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{8D2B5895-68AE-41EC-B071-AE03177290ED}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{9033391D-0280-46C7-A1B3-D0F1A3F1B1F3}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{92717381-C740-4E48-9DD0-21F065BD6C01}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{92C99BD7-E838-4F28-9F7B-7BD23AF10733}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{93D7CAE5-3407-4AE4-9153-31FD5014AFA8}" = protocol=47 | dir=out | app=system | 
"{987764CA-D7E7-40F6-9001-286B590EB3FF}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{999143D5-2FF0-4D35-9000-1E8D3F68E2B4}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{9AB48E18-2AE3-41C0-B8A0-E12A74918629}" = protocol=17 | dir=in | app=c:\program files (x86)\thq\gas powered games\supreme commander\bin\supremecommander.exe | 
"{9B43A491-5403-4836-BF5C-94DCAEB368B5}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{9E3FE310-9418-4AE6-8811-AAB67A557AE7}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{9EB32412-4A41-4D91-8F51-CCFC6E9BE4F0}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{9F7084B2-706F-4518-8B5D-B170A7CC9536}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{A0D3F516-87B7-4705-8ABD-323051491317}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{A307022E-D4C0-4323-9C78-2F28E837764E}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{A3FAA6DA-9A1A-4AC9-BD29-20BB79A2E589}" = protocol=6 | dir=in | app=c:\users\tom\appdata\local\akamai\netsession_win.exe | 
"{A4653F3B-6FF0-4CD9-8DF1-775B5C65B1DA}" = protocol=6 | dir=in | app=c:\program files (x86)\gamespy arcade\aphex.exe | 
"{AA549838-195C-41B0-BF6D-D95E8FFAA068}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{AADEF6C4-9A3C-4FBA-9141-D952CDB08571}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{AF40A6A8-B877-439A-9C75-01032B8968A7}" = protocol=6 | dir=in | app=c:\riot games\league of legends\game\league of legends.exe | 
"{AF8A3B70-A0A0-4611-92C1-92CB96758FA3}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{AFE970BA-1A85-49A7-8FFC-43DAC9E2A1E1}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{B2581E3A-2F01-416A-A184-8C3676E48F5D}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{B2D98D8D-4F58-4EB0-AED1-2E3DB49CE783}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{BA723294-D9C1-40B7-885D-F18F834CEA7D}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft games\age of empires ii\empires2.exe | 
"{BC8F0A85-DE54-45FA-9A55-3B47236F7858}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{BDEAFC09-8889-471B-81DC-D541DE53C597}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{BE58807B-EFBF-4FED-81AF-439F20202981}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{C0DCB0C4-DAE2-4FCA-A5AC-826630AF9C4C}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{C1618A7C-CE33-468E-9736-50356CE14372}" = protocol=6 | dir=in | app=c:\program files (x86)\thq\gas powered games\gpgnet\gpg.multiplayer.client.exe | 
"{C5880007-B61E-4C35-A02D-1B666C626569}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{C5DFEF6B-8774-40D7-A455-7FE09B7C0265}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{C6301FEC-4190-4F98-8AE6-A42A54D86357}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{C686436E-3980-4DEA-8002-332FA99F3C75}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{C6AD0825-F667-4ED8-A462-0F13CE4CBE19}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{C778891D-706F-4DC0-8B72-36D6526E7A50}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{CC1F4F6F-B385-416F-837B-2CD5395D882B}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{CC5E5326-5DF9-4AF2-9DBE-7E9BB02F36D4}" = protocol=6 | dir=in | app=c:\program files (x86)\thq\gas powered games\supreme commander - forged alliance\bin\forgedalliance.exe | 
"{CDD830DE-91CC-44FC-8CBD-E757E024C72A}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{CF2F1278-0CD8-4057-B2CD-995AB5BAEB10}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{D1AEE942-327D-4985-A82E-D20D7871386E}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{D2550A00-E9A3-4C2F-B07D-169FB550B83C}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr.exe | 
"{D460C0F2-76F2-48E8-AA6B-51FA0E580E27}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{D580BE42-6565-43DD-A61B-5552D7C9C659}" = protocol=6 | dir=in | app=c:\riot games\league of legends\air\lolclient.exe | 
"{D5B5D360-6FCB-4DCA-BCFA-788E71113BDA}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{D63BFE37-F962-4897-9774-1F6E0F689862}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{D6ECEB85-69F1-415C-88FC-BA81E4119D4D}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{D957E78E-19E6-4D16-B776-9CF1A7EE246E}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{DF80792C-23DE-4DD5-9F96-34BF33294A85}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{E15F9285-047D-443C-A47B-6FAB510749C2}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{E3468BCB-1763-486F-B7DC-ED919A545D92}" = protocol=17 | dir=in | app=c:\users\tom\appdata\local\akamai\netsession_win.exe | 
"{E46F3FDE-1520-40AA-9891-A6DBABE01515}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{E660608F-B47F-4BCB-9F3F-FD3AC9EB3D77}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{EC046FE2-1D9A-4BDD-953E-4A2A0B158517}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{EC3D8EFB-2E47-4D74-B02D-B34D38B7DC67}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{EC8C9F63-B5DE-452A-AA91-D8E7FD032093}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft games\age of empires iii\age3.exe | 
"{ECC985C5-A5E7-40FA-980E-6B3E7B5D00DF}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{EE373EB2-54FC-4591-91C7-0F9283005A5F}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{EF283393-76AE-4583-BD7E-B779CE7A4D7E}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{EFEB5DA0-740E-46FD-8BFA-7DBEC437D79B}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{F2E54FE2-0365-467E-9232-E30623B59CEE}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{F30C8439-B2E1-4952-AF2C-8589ECE05086}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft games\age of empires ii\empires2.exe | 
"{F42188C1-D41F-498C-9F73-5179A0133A59}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{F4CE74E7-B75D-47DE-9196-195D694B8854}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{F624364E-29F7-4316-9D6B-5356A3AF27B2}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{F879415D-EEE9-4C27-8671-938A755276ED}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{F8FD2EF1-02CF-4AD5-9037-924A2C799E4F}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{F91F2B4B-F7FA-467D-B2CF-5B10B6E55941}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{F98CE989-595A-4AED-AF79-7AA5F2F24B2E}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{FB809B1E-375E-4FF7-8B09-6C4C5DEBDBCD}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{FC5CE6D7-1965-411E-B23D-CE37994EF8E0}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{FCFA23B1-518A-4224-9A3A-4889A90EF39F}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{FD2EDEE1-520C-48EA-987B-84E4708DDFB6}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{FE993B0C-0AF8-4CDC-B44A-9C41C5F2D150}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{FEE3BCD4-4A00-40E4-B04B-CEC01760D25F}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"TCP Query User{035CA394-54CD-4C52-A398-048C10CBE43D}C:\program files (x86)\microsoft games\age of empires ii\empires2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft games\age of empires ii\empires2.exe | 
"TCP Query User{1EBA2089-A72B-4A68-B720-6EB3F3EC932E}C:\games\world_of_tanks\worldoftanks.exe" = protocol=6 | dir=in | app=c:\games\world_of_tanks\worldoftanks.exe | 
"TCP Query User{21BFCADF-AC85-429F-84BC-0F6BC4131537}C:\windows\syswow64\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\dplaysvr.exe | 
"TCP Query User{25837F75-53EF-4094-8D1A-7B60872878FF}C:\program files (x86)\microsoft games\age of empires ii\age2_x1\age2_x1.exe" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft games\age of empires ii\age2_x1\age2_x1.exe | 
"TCP Query User{32A4208F-4F31-4661-8959-8BEFDD367CAB}C:\games\world_of_tanks\wotlauncher.exe" = protocol=6 | dir=in | app=c:\games\world_of_tanks\wotlauncher.exe | 
"TCP Query User{40AF7F81-A938-4414-B24C-41F4CD8C75AA}C:\program files (x86)\microsoft games\age of empires ii\age2_x1\age2_x1.exe" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft games\age of empires ii\age2_x1\age2_x1.exe | 
"TCP Query User{472D34D4-B040-49DB-A26D-7E2C8AE8C767}C:\program files (x86)\die gilde 2 - gold edition\guildii.exe" = protocol=6 | dir=in | app=c:\program files (x86)\die gilde 2 - gold edition\guildii.exe | 
"TCP Query User{58CDAA1B-BEC1-458B-A848-9124A501CF4F}C:\program files (x86)\oovoo\oovoo.exe" = protocol=6 | dir=in | app=c:\program files (x86)\oovoo\oovoo.exe | 
"TCP Query User{5EF86524-844E-4FDE-B443-59DC73747EAC}C:\windows\syswow64\java.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\java.exe | 
"TCP Query User{6961096E-E144-4348-B06D-314037B3185D}C:\users\tom\desktop\spiele\flatout2\flatout2.exe" = protocol=6 | dir=in | app=c:\users\tom\desktop\spiele\flatout2\flatout2.exe | 
"TCP Query User{6BA77C11-81BE-469C-A634-28C7E57BDFAD}C:\program files (x86)\anno 1602 königs-edition\1602.exe" = protocol=6 | dir=in | app=c:\program files (x86)\anno 1602 königs-edition\1602.exe | 
"TCP Query User{6C42CF75-0AEC-4D60-B5DF-6549B42245DD}C:\program files (x86)\metin2\metin2.bin" = protocol=6 | dir=in | app=c:\program files (x86)\metin2\metin2.bin | 
"TCP Query User{866E08D3-D794-4B2B-B690-612A021CE0D8}C:\program files (x86)\microsoft games\age of empires ii\age2_x1_1.0e_1600x900.exe" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft games\age of empires ii\age2_x1_1.0e_1600x900.exe | 
"TCP Query User{8C2B5BD3-0433-4564-8952-1D79C286718B}C:\program files (x86)\xfire\xfire.exe" = protocol=6 | dir=in | app=c:\program files (x86)\xfire\xfire.exe | 
"TCP Query User{90833A77-6E55-416D-A9E3-D9B75697C13A}C:\users\tom\desktop\spiele\neuer ordner (2)\iw3mp.exe" = protocol=6 | dir=in | app=c:\users\tom\desktop\spiele\neuer ordner (2)\iw3mp.exe | 
"TCP Query User{A4DCBA5B-B51A-449C-8DEB-A882434F8A72}C:\program files (x86)\metin2\metin2client.bin" = protocol=6 | dir=in | app=c:\program files (x86)\metin2\metin2client.bin | 
"TCP Query User{AC1C21C4-FF69-42C9-9BD6-AC341F2F4B92}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"TCP Query User{ACEC055D-380E-42FF-8891-2B5F2F6FAD36}C:\program files (x86)\xpage internet studio 6 special edition\jre\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\xpage internet studio 6 special edition\jre\bin\javaw.exe | 
"TCP Query User{E17B1E6B-25DA-4580-B0F1-B06D81043E5F}G:\cod 1.41\coduomp.exe" = protocol=6 | dir=in | app=g:\cod 1.41\coduomp.exe | 
"TCP Query User{EF0AA60D-BC89-4E34-9C92-6CC0DB4794DF}C:\windows\syswow64\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\dplaysvr.exe | 
"TCP Query User{FE1919A5-0233-4C86-BD78-9409C6B59B2F}C:\riot games\league of legends\lol.launcher.exe" = protocol=6 | dir=in | app=c:\riot games\league of legends\lol.launcher.exe | 
"UDP Query User{18993770-AEB7-441A-A9DE-5B67B0647538}C:\riot games\league of legends\lol.launcher.exe" = protocol=17 | dir=in | app=c:\riot games\league of legends\lol.launcher.exe | 
"UDP Query User{2DFA7E1C-AEBE-4E06-B04C-34FA068ED456}C:\windows\syswow64\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\dplaysvr.exe | 
"UDP Query User{2F97D01B-FF2E-484E-B5F7-E83A9C788D2F}C:\games\world_of_tanks\wotlauncher.exe" = protocol=17 | dir=in | app=c:\games\world_of_tanks\wotlauncher.exe | 
"UDP Query User{48033787-FD22-44CB-BC66-CCEC28CC3FD9}C:\program files (x86)\metin2\metin2client.bin" = protocol=17 | dir=in | app=c:\program files (x86)\metin2\metin2client.bin | 
"UDP Query User{4CFB6677-6244-4786-A178-CA5BB4D861D4}C:\program files (x86)\anno 1602 königs-edition\1602.exe" = protocol=17 | dir=in | app=c:\program files (x86)\anno 1602 königs-edition\1602.exe | 
"UDP Query User{52FCFCD0-E4DD-4D2D-996D-E131294AC686}C:\program files (x86)\microsoft games\age of empires ii\age2_x1_1.0e_1600x900.exe" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft games\age of empires ii\age2_x1_1.0e_1600x900.exe | 
"UDP Query User{62B7BAC5-8BCE-4B82-844B-0301E74DCED8}C:\users\tom\desktop\spiele\flatout2\flatout2.exe" = protocol=17 | dir=in | app=c:\users\tom\desktop\spiele\flatout2\flatout2.exe | 
"UDP Query User{7300712A-F8D3-443E-88DA-C552EC9C1298}C:\program files (x86)\xpage internet studio 6 special edition\jre\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\xpage internet studio 6 special edition\jre\bin\javaw.exe | 
"UDP Query User{8A45BB41-0452-4267-9E97-307C9FEF0B7B}C:\program files (x86)\microsoft games\age of empires ii\empires2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft games\age of empires ii\empires2.exe | 
"UDP Query User{949B81AE-F7DD-4D2B-B0BD-679F55F1CCC3}C:\windows\syswow64\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\dplaysvr.exe | 
"UDP Query User{AA9F03B5-C72D-4F71-9D11-4C67FAF19A44}C:\windows\syswow64\java.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\java.exe | 
"UDP Query User{BA0FEB8A-8E5B-4656-88C7-A94705E3A6A8}C:\program files (x86)\metin2\metin2.bin" = protocol=17 | dir=in | app=c:\program files (x86)\metin2\metin2.bin | 
"UDP Query User{BD3DD25A-911D-4C90-998F-884A2810F3A7}C:\program files (x86)\xfire\xfire.exe" = protocol=17 | dir=in | app=c:\program files (x86)\xfire\xfire.exe | 
"UDP Query User{C083C7E4-4A0C-4AF3-BE46-A455EE772D66}G:\cod 1.41\coduomp.exe" = protocol=17 | dir=in | app=g:\cod 1.41\coduomp.exe | 
"UDP Query User{CE07F1A0-11A2-46EF-A2AE-9980D8070BF8}C:\users\tom\desktop\spiele\neuer ordner (2)\iw3mp.exe" = protocol=17 | dir=in | app=c:\users\tom\desktop\spiele\neuer ordner (2)\iw3mp.exe | 
"UDP Query User{CF9A6887-625A-432E-BB3A-E82C0F9F12AF}C:\program files (x86)\oovoo\oovoo.exe" = protocol=17 | dir=in | app=c:\program files (x86)\oovoo\oovoo.exe | 
"UDP Query User{D346DBBB-CBBF-43A2-9E75-B20C87F93DDE}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"UDP Query User{E11679FC-728A-4F24-A1CE-36C19CECC21C}C:\program files (x86)\microsoft games\age of empires ii\age2_x1\age2_x1.exe" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft games\age of empires ii\age2_x1\age2_x1.exe | 
"UDP Query User{F008FEA0-ACE5-4EFA-ABD6-8C0D039717E4}C:\program files (x86)\microsoft games\age of empires ii\age2_x1\age2_x1.exe" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft games\age of empires ii\age2_x1\age2_x1.exe | 
"UDP Query User{F0520DDB-614C-453C-808B-07F658448591}C:\games\world_of_tanks\worldoftanks.exe" = protocol=17 | dir=in | app=c:\games\world_of_tanks\worldoftanks.exe | 
"UDP Query User{F1D3A5E4-F0D2-4C99-86CC-C711FBA2F453}C:\program files (x86)\die gilde 2 - gold edition\guildii.exe" = protocol=17 | dir=in | app=c:\program files (x86)\die gilde 2 - gold edition\guildii.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{1C55470A-7C9E-4C63-B466-6AFFC69E94E9}" = Windows Live Family Safety
"{26A24AE4-039D-4CA4-87B4-2F86416017FF}" = Java(TM) 6 Update 17 (64-bit)
"{46A5FBE9-ADB3-4493-A1CC-B4CFFD24D26A}" = Windows Live Family Safety
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FBBDC2C-0ED4-A201-7EA3-EE6A848F76D5}" = ccc-utility64
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{68201122-5B1D-70CF-6B4B-AB7732A782A5}" = ATI Catalyst Install Manager
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo Layers Runtime 1.10.01
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"8EA3E06A12B0DACD40B4C1EE7ADE0EA5151433DC" = Windows-Treiberpaket - Prolific (Ser2pl) Ports  (02/12/2007 3.0.1.0)
"CCleaner" = CCleaner
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"SynTPDeinstKey" = Synaptics Pointing Device Driver
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01339AE5-04D4-43F8-008E-13AD788DC4F7}" = SimCity 4
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}" = Messenger Companion
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{077A7810-A937-4465-AD08-ACED9807995F}" = ANNO 1602 Königs-Edition
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{0893F6E8-D9F5-6225-6C08-F05E509BB84A}" = CCC Help French
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{109F3C58-CC58-777F-B937-3347F0A6A5E5}" = CCC Help Danish
"{10CCF16B-F1C9-4B24-9570-B4CCEE42392D}" = LightScribe System Software
"{114B6A6A-3B55-7796-3250-AA3FC23743A9}" = CCC Help Czech
"{11D0053C-4160-6257-91F6-0EDBAD10B66B}" = CCC Help Spanish
"{12904FE6-E6B8-4259-8C33-B5D44A610EE6}" = 39703 x64
"{16D2C649-CBA8-44EE-B730-12584667D487}" = Stronghold 2
"{17B4760F-334B-475D-829F-1A3E94A6A4E6}" = HP Setup
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1EAC1D02-C6AC-4FA6-9A44-96258C37C812}_is1" = World of Tanks
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{24D188C8-4071-5F61-42AF-F45115DEC4AA}" = CCC Help Thai
"{25A1E6A4-2DBD-4AC0-8650-8EA9A45B183D}" = Supreme Commander
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{31D95937-B237-405D-920C-A3EF4E482395}" = Supreme Commander - Forged Alliance
"{32D95703-A0EC-C75C-1D49-542887F73B89}" = Catalyst Control Center Localization All
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons
"{3718C4EC-BF5C-79FF-87FF-C08E8D21E052}" = CCC Help Chinese Standard
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Windows 7
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3A057951-7CF8-BB44-C823-3E6E8AF6BFB7}" = CCC Help Chinese Traditional
"{3BD8D466-E5ED-AE3D-A089-BBDDA1EA2AB5}" = CCC Help Greek
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}" = HP Advisor
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{43BA31BA-04BD-2EA3-0A60-A9C54E06D3F2}" = muvee Reveal
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = Recovery Manager
"{49404BCA-BC5F-519A-9822-07F4C0711C75}" = Catalyst Control Center Graphics Previews Vista
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4C6C8AA5-24BD-6AEA-1091-7056CEC7E7C0}" = Catalyst Control Center Graphics Light
"{4D3D893B-51CF-E89A-D536-0A658AE46140}" = CCC Help Swedish
"{51119170-3D3F-B137-E735-AE9D315B5CF4}" = Catalyst Control Center Graphics Full Existing
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{66A405D2-BA14-4594-BF36-B3B544F0754E}" = Stronghold Legends
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{68A0F54D-DB64-0ED9-C563-CE85C26CEE15}" = Catalyst Control Center Graphics Full New
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.1.0
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp" = WildTangent Games App (HP Games)
"{70F8B183-99EB-4304-BA35-080E2DFFD2A3}" = Age of Empires III
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{75053DEE-4BE5-3C4B-3FFC-3DA37ADE0347}" = CCC Help Hungarian
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77973724-A5B7-4A2A-CAB5-D6EEE02C06FC}" = CCC Help Korean
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7A852BDE-016A-CDAC-1401-E99317CB956C}" = CCC Help Italian
"{7B2CC3DF-64FA-44AE-8F57-B0F915147E4F}_is1" = Need For Speed™ World
"{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"{8132E9B3-7B40-8577-9CFE-8CB2DD0F21B3}" = ccc-core-static
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{84CE8562-9563-DEDA-FA31-F3BCF58B670B}" = CCC Help Polish
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{85E15059-42E9-4EAF-3CE9-17374870BA85}" = CCC Help German
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows Vista and Later
"{8C3727F2-8E37-49E4-820C-03B1677F53B6}" = Stronghold Crusader Extreme
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{918A9082-6287-4D25-9002-5E5D5E4971CB}" = League of Legends
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{935BEAF7-6AAC-18BA-A8FF-8198602502DA}" = CCC Help Portuguese
"{95140000-007A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9AA66F70-CCBB-8E9E-0D8D-59E23EF770A4}" = Catalyst Control Center Core Implementation
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A8F4F0BB-0A1C-3A5A-97B8-F7150725C173}" = CCC Help Turkish
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{AE6FD3D5-6302-815B-B27D-61A2D296BD94}" = CCC Help Finnish
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{BA2F3EBC-FE07-4AB5-B906-14DF2C74C523}" = Age of Empires II - the Conquerors WideScreen Patcher
"{BC146E5F-A2B0-40DB-90E7-2833807E98DF}" = HP User Guides 0183
"{C194D333-B84A-4BB7-B35E-060732D98DC4}" = GPGNet
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C93CFC00-267B-3564-273A-E2061DCF0DD1}" = CCC Help Norwegian
"{CA43FE4F-9FF2-4AD7-88F0-CC3BAC17B226}" = HP Support Assistant
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CFF8B8E8-E086-4DE0-935F-FE22CAB54F80}" = Microsoft Search Enhancement Pack
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D46D081B-F60E-467E-A7C4-117B70D76731}" = HP Update
"{D668BFA1-12CA-0692-D3BA-15CED8E126D2}" = CCC Help English
"{D8DFA46A-39F7-4368-810D-18AFCFDDAEAF}" = Adobe Shockwave Player
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E0897770-46C9-4322-AD44-8BFA6BE217B2}" = Catalyst Control Center - Branding
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E5D5AC01-2095-566B-D92F-759DA0CB382B}" = Catalyst Control Center Graphics Previews Common
"{E8CF5CE7-02DC-042B-70B8-4A47F394663A}" = Catalyst Control Center InstallProxy
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8
"{EF15B806-FF50-B61F-490D-29373E8C0623}" = CCC Help Japanese
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1D7AC58-554A-4A58-B784-B61558B1449A}" = QLBCASL
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{F9A43C0C-F274-4EC0-B02E-202C15C09C00}" = HP Wireless Assistant
"{FAA7F8FF-3C05-4A61-8F14-D8A6E9ED6623}" = ooVoo
"{FAEE8E0C-4D05-7079-2E05-23BB831BBA73}" = CCC Help Dutch
"{FDAB5C9C-76E1-E1D9-9CD6-9DAEFF8B9ECB}" = CCC Help Russian
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Age of Empires 2.0" = Microsoft Age of Empires II
"Age of Empires II - The Conquerors - 1.0e Patch FINAL_is1" = Age of Empires II - The Conquerors - 1.0e Patch FINAL
"Age of Empires II: The Conquerors Expansion 1.0" = Microsoft Age of Empires II: The Conquerors Expansion
"Akamai" = Akamai NetSession Interface Service
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Clonk Endeavour" = Clonk Endeavour 4.95.5
"Dia" = Dia (nur entfernen)
"Die Gilde 2 - Gold Edition" = Die Gilde 2 - Gold Edition
"FarmingSimulator2009DE_is1" = Landwirtschafts-Simulator 2009
"Free YouTube Download_is1" = Free YouTube Download version 3.1.27.508
"GameSpy Arcade" = GameSpy Arcade
"I Want This" = I Want This
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{70F8B183-99EB-4304-BA35-080E2DFFD2A3}" = Age of Empires III
"InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"InstallShield_{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
"InstallShield_{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"Lazarus Education" = Lazarus Education 0.9.28.2
"LOCO" = LOCO EVOLUTION
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300
"Metin2_is1" = Metin2
"Mozilla Firefox 10.0.2 (x86 de)" = Mozilla Firefox 10.0.2 (x86 de)
"softonic" = Softonic toolbar  on IE and Chrome
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"WinLiveSuite" = Windows Live Essentials
"XMind" = XMind
"Xpage Internet Studio 6 Special Edition" = Xpage Internet Studio 6 Special Edition
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Akamai" = Akamai NetSession Interface
"Uncompressor" = Uncompressor
"UnityWebPlayer" = Unity Web Player
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 25.08.2012 11:04:04 | Computer Name = Tom-PC | Source = Microsoft-Windows-CAPI2 | ID = 4110
Description = Fehler beim Hinzufügen des Zertifikats zu Drittanbieter-Stammzertifizierungsstellen.
 Fehler: Zugriff verweigert  
 
Error - 25.08.2012 11:04:11 | Computer Name = Tom-PC | Source = Microsoft-Windows-CAPI2 | ID = 4110
Description = Fehler beim Hinzufügen des Zertifikats zu Drittanbieter-Stammzertifizierungsstellen.
 Fehler: Zugriff verweigert  
 
Error - 25.08.2012 11:15:12 | Computer Name = Tom-PC | Source = Microsoft-Windows-CAPI2 | ID = 4110
Description = Fehler beim Hinzufügen des Zertifikats zu Drittanbieter-Stammzertifizierungsstellen.
 Fehler: Zugriff verweigert  
 
Error - 25.08.2012 11:16:02 | Computer Name = Tom-PC | Source = Microsoft-Windows-CAPI2 | ID = 4110
Description = Fehler beim Hinzufügen des Zertifikats zu Drittanbieter-Stammzertifizierungsstellen.
 Fehler: Zugriff verweigert  
 
Error - 25.08.2012 11:16:02 | Computer Name = Tom-PC | Source = Microsoft-Windows-CAPI2 | ID = 4110
Description = Fehler beim Hinzufügen des Zertifikats zu Drittanbieter-Stammzertifizierungsstellen.
 Fehler: Zugriff verweigert  
 
Error - 25.08.2012 11:16:03 | Computer Name = Tom-PC | Source = Microsoft-Windows-CAPI2 | ID = 4110
Description = Fehler beim Hinzufügen des Zertifikats zu Drittanbieter-Stammzertifizierungsstellen.
 Fehler: Zugriff verweigert  
 
Error - 25.08.2012 11:16:09 | Computer Name = Tom-PC | Source = Microsoft-Windows-CAPI2 | ID = 4110
Description = Fehler beim Hinzufügen des Zertifikats zu Drittanbieter-Stammzertifizierungsstellen.
 Fehler: Zugriff verweigert  
 
Error - 25.08.2012 11:16:09 | Computer Name = Tom-PC | Source = Microsoft-Windows-CAPI2 | ID = 4110
Description = Fehler beim Hinzufügen des Zertifikats zu Drittanbieter-Stammzertifizierungsstellen.
 Fehler: Zugriff verweigert  
 
Error - 25.08.2012 11:16:09 | Computer Name = Tom-PC | Source = Microsoft-Windows-CAPI2 | ID = 4110
Description = Fehler beim Hinzufügen des Zertifikats zu Drittanbieter-Stammzertifizierungsstellen.
 Fehler: Zugriff verweigert  
 
Error - 25.08.2012 11:16:09 | Computer Name = Tom-PC | Source = Microsoft-Windows-CAPI2 | ID = 4110
Description = Fehler beim Hinzufügen des Zertifikats zu Drittanbieter-Stammzertifizierungsstellen.
 Fehler: Zugriff verweigert  
 
Error - 25.08.2012 11:17:03 | Computer Name = Tom-PC | Source = Application Hang | ID = 1002
Description = Programm OTL.exe, Version 3.2.58.1 kann nicht mehr unter Windows ausgeführt
 werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: f28    Startzeit: 
01cd82d3d0192844    Endzeit: 0    Anwendungspfad: C:\Users\Tom\Desktop\OTL.exe    Berichts-ID:
   
 
[ Hewlett-Packard Events ]
Error - 06.11.2011 06:19:02 | Computer Name = Tom-PC | Source = HPSF.exe | ID = 4000
Description = 
 
Error - 20.11.2011 07:48:13 | Computer Name = Tom-PC | Source = HPSF.exe | ID = 4000
Description = 
 
Error - 12.12.2012 08:23:06 | Computer Name = Tom-PC | Source = HPSF.exe | ID = 4000
Description = 
 
Error - 21.12.2012 11:45:44 | Computer Name = Tom-PC | Source = HPSF.exe | ID = 4000
Description = 
 
Error - 01.04.2012 11:08:27 | Computer Name = Tom-PC | Source = HPSF.exe | ID = 4000
Description = 
 
Error - 01.04.2012 11:08:39 | Computer Name = Tom-PC | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088   bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateDetail(String
 category)     bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetectCore()

   bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
 Boolean localScan)  Message: Failed to perform update.  StackTrace:   bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateDetail(String
 category)     bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetectCore()

   bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
 Boolean localScan)  Source: HP.ActiveCheckLocalMode.SessionManager  InnerException.Message:
 Das Objekt "/f378d5ca_9c98_4ec6_8a75_53b3f82b0a66/1hcyba9wzufi429g++urjj+d_5.rem"
 wurde getrennt oder ist nicht auf dem Server vorhanden.    Name: hpsa_service.exe  Version:
 06.00.01.01  Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
 de-DE  RAM: 3957  Ram Utilization: 30  TargetSite: Void UpdateDetail(System.String)  
 
Error - 06.05.2012 04:45:50 | Computer Name = Tom-PC | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088   bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateDetail(String
 category)     bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetectCore()

   bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
 Boolean localScan)  Message: Failed to perform update.  StackTrace:   bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateDetail(String
 category)     bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetectCore()

   bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
 Boolean localScan)  Source: HP.ActiveCheckLocalMode.SessionManager  InnerException.Message:
 Das Objekt "/36122c24_44ab_4967_90ac_f279b138f2b2/7qdtywqk694qdctwxbqrhvj5_5.rem"
 wurde getrennt oder ist nicht auf dem Server vorhanden.    Name: hpsa_service.exe  Version:
 06.00.01.01  Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
 de-DE  RAM: 3957  Ram Utilization:   TargetSite: Void UpdateDetail(System.String)  
 
Error - 06.05.2012 04:45:52 | Computer Name = Tom-PC | Source = HPSF.exe | ID = 4000
Description = 
 
Error - 17.06.2012 06:54:05 | Computer Name = Tom-PC | Source = HPSF.exe | ID = 4000
Description = 
 
Error - 17.06.2012 06:54:09 | Computer Name = Tom-PC | Source = hpsa_service.exe | ID = 2000
Description = 
 
[ System Events ]
Error - 08.08.2012 08:39:33 | Computer Name = Tom-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
 
Error - 08.08.2012 08:39:34 | Computer Name = Tom-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
 
Error - 08.08.2012 08:39:34 | Computer Name = Tom-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
 
Error - 08.08.2012 08:39:35 | Computer Name = Tom-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
 
Error - 08.08.2012 08:40:21 | Computer Name = Tom-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
 
Error - 08.08.2012 08:40:22 | Computer Name = Tom-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
 
Error - 08.08.2012 08:40:22 | Computer Name = Tom-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
 
Error - 08.08.2012 08:40:23 | Computer Name = Tom-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
 
Error - 08.08.2012 08:40:23 | Computer Name = Tom-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
 
Error - 24.08.2012 09:52:47 | Computer Name = Tom-PC | Source = DCOM | ID = 10010
Description = 
 
 
< End of report >
         
Code:
ATTFilter
OTL logfile created on: 25.08.2012 17:17:13 - Run 1
OTL by OldTimer - Version 3.2.58.1     Folder = C:\Users\Tom\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,87 Gb Total Physical Memory | 1,62 Gb Available Physical Memory | 41,87% Memory free
7,73 Gb Paging File | 5,38 Gb Available in Paging File | 69,58% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 284,90 Gb Total Space | 172,84 Gb Free Space | 60,67% Space Free | Partition Type: NTFS
Drive D: | 12,90 Gb Total Space | 2,15 Gb Free Space | 16,67% Space Free | Partition Type: NTFS
Drive E: | 99,34 Mb Total Space | 92,67 Mb Free Space | 93,29% Space Free | Partition Type: FAT32
Drive F: | 1,17 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: TOM-PC | User Name: Tom | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Users\Tom\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe (Adobe Systems, Inc.)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Riot Games\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.94\deploy\LoLLauncher.exe ()
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe ()
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company)
PRC - C:\Program Files (x86)\Windows Media Player\wmplayer.exe (Microsoft Corporation)
PRC - C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.0.196\deploy\LolClient.exe (Adobe Systems Inc.)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll ()
MOD - C:\Riot Games\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.94\deploy\LoLLauncher.exe ()
MOD - C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (AERTFilters) -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe (Andrea Electronics Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (Akamai) -- c:\program files (x86)\common files\akamai/netsession_win_4f7fccd.dll ()
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (HP Support Assistant Service) -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe (Hewlett-Packard Company)
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (HPDrvMntSvc.exe) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company)
SRV - (GamesAppService) -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe (WildTangent, Inc.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (ezSharedSvc) -- C:\Windows\SysWOW64\ezsvc7.dll (EasyBits Sofware AS)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation)
DRV:64bit: - (hamachi) -- C:\Windows\SysNative\drivers\hamachi.sys (LogMeIn, Inc.)
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (HECIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (xnacc) -- C:\Windows\SysNative\drivers\xnacc.sys (Microsoft Corporation)
DRV:64bit: - (SrvHsfV92) -- C:\Windows\SysNative\drivers\VSTDPV6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfWinac) -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfHDA) -- C:\Windows\SysNative\drivers\VSTAZL6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (AgereSoftModem) -- C:\Windows\SysNative\drivers\agrsm64.sys (LSI Corp)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (yukonw7) -- C:\Windows\SysNative\drivers\yk62x64.sys (Marvell)
DRV:64bit: - (netw5v64) -- C:\Windows\SysNative\drivers\netw5v64.sys (Intel Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (HpqKbFiltr) -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.)
DRV:64bit: - (Ser2pl) -- C:\Windows\SysNative\drivers\ser2pl64.sys (Prolific Technology Inc.)
DRV - (RSUSBSTOR) -- C:\Windows\SysWOW64\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (ISODrive) -- C:\UltraISO\drivers\ISODrv64.sys (EZB Systems, Inc.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT/4
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPNOT/4
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE:64bit: - HKLM\..\SearchScopes\{6D68C820-0057-4195-9466-D0441BE62FBB}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT/4
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPNOT/4
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{6D68C820-0057-4195-9466-D0441BE62FBB}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2736476
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = hxxp://g.uk.msn.com/HPNOT/4
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.babylon.com/?babsrc=HP_Prot
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&affID=109986&babsrc=SP_ss&mntrId=7a2ec57c00000000000000ff6a000461
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = 
IE - HKCU\..\SearchScopes\{C3CCC466-91D3-4ACC-82D6-A36FBB6B24DE}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050&SSPV=IENOSGBR
IE - HKCU\..\SearchScopes\{E5BE4961-553D-445A-9254-4EC490299F9B}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=OVO2&o=2160&src=kw&q={searchTerms}&locale=&apn_ptnrs=^A2H&apn_dtid=^YYYYYY^YY^DE&apn_uid=ef376a0d-a577-44ec-a571-f55d30232c12&apn_sauid=442893E4-9A87-4578-B7DE-808645FAC53A
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>
 
========== FireFox ==========
 
FF - prefs.js..CT2269050.browser.search.defaultthis.engineName: true
FF - prefs.js..Smartbar.SearchFromAddressBarSavedUrl: "data:text/plain,keyword.URL=hxxp://go.gmx.net/br/moz4_keyurl_search/?su="
FF - prefs.js..browser.search.defaultengine: "Google"
FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..browser.search.selectedEngine: "Search the web (Babylon)"
FF - prefs.js..browser.startup.homepage: "gmx.de"
FF - prefs.js..keyword.URL: "hxxp://search.babylon.com/?affID=109986&babsrc=KW_ss&mntrId=7a2ec57c00000000000000ff6a000461&q="
FF - prefs.js..network.proxy.type: 0
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_271.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Tom\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.12.13 21:34:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2011.04.25 11:01:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tom\AppData\Roaming\mozilla\Extensions
[2012.06.02 22:49:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tom\AppData\Roaming\mozilla\Firefox\Profiles\jwu9ya39.default\extensions
[2012.05.22 19:53:32 | 000,000,000 | ---D | M] (DVDVideoSoftTB) -- C:\Users\Tom\AppData\Roaming\mozilla\Firefox\Profiles\jwu9ya39.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2012.05.22 19:50:11 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Tom\AppData\Roaming\mozilla\Firefox\Profiles\jwu9ya39.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.05.14 20:05:34 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Tom\AppData\Roaming\mozilla\Firefox\Profiles\jwu9ya39.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2012.06.02 20:58:19 | 000,000,000 | ---D | M] ("I Want This") -- C:\Users\Tom\AppData\Roaming\mozilla\Firefox\Profiles\jwu9ya39.default\extensions\crossriderapp2258@crossrider.com
[2012.03.18 22:29:30 | 000,000,000 | ---D | M] (Softonic Toolbar) -- C:\Users\Tom\AppData\Roaming\mozilla\Firefox\Profiles\jwu9ya39.default\extensions\ffxtlbra@softonic.com
[2011.11.19 22:36:40 | 000,000,000 | ---D | M] (Yontoo Layers) -- C:\Users\Tom\AppData\Roaming\mozilla\Firefox\Profiles\jwu9ya39.default\extensions\plugin@yontoo.com
[2012.01.03 17:27:44 | 000,002,333 | ---- | M] () -- C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\jwu9ya39.default\searchplugins\askcom.xml
[2012.05.22 19:54:00 | 000,000,921 | ---- | M] () -- C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\jwu9ya39.default\searchplugins\conduit.xml
[2012.12.13 21:34:22 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011.04.25 11:01:04 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\distribution\extensions
[2011.04.25 11:01:04 | 000,000,000 | ---D | M] (GMX Toolbar) -- C:\Program Files (x86)\Mozilla Firefox\distribution\extensions\toolbar@gmx.net
[2012.12.13 21:34:17 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.02.01 21:19:29 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.06.02 20:58:38 | 000,002,313 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
[2012.02.01 21:19:29 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.02.01 21:19:29 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.02.01 21:19:29 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.02.01 21:19:29 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.02.01 21:19:29 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (I Want This) - {11111111-1111-1111-1111-110011221158} - C:\Program Files (x86)\I Want This\I Want This.dll (215 Apps)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll File not found
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Softonic Helper Object) - {E87806B5-E908-45FD-AF5E-957D83E58E68} - C:\Program Files (x86)\Softonic\softonic\1.5.11.5\bh\softonic.dll (Softonic.com)
O2 - BHO: (Yontoo Layers) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo Layers Runtime\YontooIEClient.dll (Yontoo LLC)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Softonic Toolbar) - {5018CFD2-804D-4C99-9F81-25EAEA2769DE} - C:\Program Files (x86)\Softonic\softonic\1.5.11.5\softonicTlbr.dll (Softonic.com)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\Tom\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc)
O4 - HKCU..\Run: [ooVoo.exe] C:\Program Files (x86)\ooVoo\oovoo.exe (ooVoo LLC)
O4 - HKCU..\Run: [Power2GoExpress]  File not found
O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx (WRC Class)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{31544726-9649-4EC4-BE6F-4621F3D004A7}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8DA24F72-EB71-4CC1-912A-E01DF83FDE24}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKCU Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKCU Winlogon: Shell - (C:\Users\Tom\AppData\Roaming\msconfig.dat) - C:\Users\Tom\AppData\Roaming\msconfig.dat (34f34h4)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.03.16 17:42:52 | 000,000,047 | R--- | M] () - F:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{5527f63f-5a97-11df-ab64-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{5527f63f-5a97-11df-ab64-806e6f6e6963}\Shell\AutoRun\command - "" = F:\cdstart.exe -- [2009.03.16 17:30:25 | 020,744,822 | R--- | M] (RMS, hxxp://www.rms.to)
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.12.13 21:34:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012.12.13 20:28:41 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2012.12.13 20:28:41 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2012.12.13 20:28:41 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2012.12.13 20:28:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2012.08.25 17:04:36 | 000,000,000 | ---D | C] -- C:\Users\Tom\AppData\Roaming\Malwarebytes
[2012.08.25 17:04:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.08.25 17:04:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.08.25 17:04:16 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.08.25 17:04:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.08.25 09:21:00 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Tom\Desktop\OTL.exe
[2012.08.25 09:19:49 | 010,652,120 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\Tom\Desktop\mbam-setup-1.62.0.1300.exe
[2012.08.24 00:04:50 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012.08.24 00:04:50 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012.08.24 00:04:49 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012.08.24 00:04:49 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012.08.24 00:04:48 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012.08.24 00:04:48 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012.08.24 00:04:48 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012.08.24 00:04:48 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012.08.24 00:04:47 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012.08.24 00:04:47 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012.08.24 00:04:47 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012.08.24 00:04:46 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012.08.24 00:04:46 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012.08.23 20:25:07 | 000,503,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\srcore.dll
[2012.08.23 20:25:00 | 000,751,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll
[2012.08.23 20:25:00 | 000,492,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll
[2012.08.23 20:25:00 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\splwow64.exe
[2012.08.23 20:24:56 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netapi32.dll
[2012.08.23 20:24:56 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\browcli.dll
[2012.08.23 20:24:56 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\browcli.dll
[2012.08.23 20:24:51 | 000,956,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\localspl.dll
[2012.07.29 12:47:45 | 000,000,000 | ---D | C] -- C:\Users\Tom\Documents\Eigene Spiele
[2012.07.29 12:43:37 | 005,619,712 | ---- | C] (Gas Powered Games) -- C:\Users\Tom\Documents\supcom_fa_patch_1.5.3596_to_1.5.3599.exe
[2012.01.11 16:01:10 | 000,110,080 | ---- | C] (34f34h4) -- C:\Users\Tom\AppData\Roaming\msconfig.dat
[4 C:\Users\Tom\Documents\*.tmp files -> C:\Users\Tom\Documents\*.tmp -> ]
[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.12.18 13:53:04 | 000,000,004 | -H-- | M] () -- C:\Users\Tom\Desktop\__iw3sp
[2012.12.13 20:28:33 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2012.12.13 20:28:33 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2012.12.13 20:28:33 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2012.12.13 20:28:32 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll
[2012.08.25 17:14:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.08.25 17:04:18 | 000,001,073 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.08.25 16:41:00 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.08.25 13:41:08 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.08.25 12:25:35 | 001,550,078 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.08.25 12:25:35 | 000,673,206 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.08.25 12:25:35 | 000,632,056 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.08.25 12:25:35 | 000,138,558 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.08.25 12:25:35 | 000,113,436 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.08.25 12:24:17 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.08.25 09:27:58 | 000,050,477 | ---- | M] () -- C:\Users\Tom\Desktop\Defogger.exe
[2012.08.25 09:24:33 | 010,652,120 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\Tom\Desktop\mbam-setup-1.62.0.1300.exe
[2012.08.25 09:21:26 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Tom\Desktop\OTL.exe
[2012.08.25 09:03:44 | 000,000,045 | ---- | M] () -- C:\Users\Tom\AppData\Roaming\msconfig.ini
[2012.08.25 08:51:35 | 000,023,024 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.08.25 08:51:35 | 000,023,024 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.08.25 08:43:57 | 3112,587,264 | -HS- | M] () -- C:\hiberfil.sys
[2012.08.24 13:41:24 | 000,000,324 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForTom.job
[2012.08.24 09:57:13 | 000,416,568 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.08.23 21:14:57 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012.08.23 21:14:57 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012.07.29 12:43:48 | 005,619,712 | ---- | M] (Gas Powered Games) -- C:\Users\Tom\Documents\supcom_fa_patch_1.5.3596_to_1.5.3599.exe
[4 C:\Users\Tom\Documents\*.tmp files -> C:\Users\Tom\Documents\*.tmp -> ]
[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.12.18 13:53:04 | 000,000,004 | -H-- | C] () -- C:\Users\Tom\Desktop\__iw3sp
[2012.08.25 17:04:18 | 000,001,073 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.08.25 09:27:57 | 000,050,477 | ---- | C] () -- C:\Users\Tom\Desktop\Defogger.exe
[2012.08.24 13:38:43 | 000,000,045 | ---- | C] () -- C:\Users\Tom\AppData\Roaming\msconfig.ini
[2011.12.06 14:07:17 | 000,000,000 | ---- | C] () -- C:\Users\Tom\AppData\Local\{98F58632-D766-490A-B093-469E76A201F0}
[2011.07.27 20:27:55 | 000,000,000 | ---- | C] () -- C:\Users\Tom\AppData\Local\{5E0198DD-B87C-446C-AE0D-193E39EF2B1E}
[2011.07.24 09:00:27 | 000,000,000 | ---- | C] () -- C:\Users\Tom\AppData\Local\{2FA090F9-A4B8-41B8-8DD7-D9918D1FF1EA}
[2011.07.09 13:29:36 | 000,000,017 | ---- | C] () -- C:\Users\Tom\AppData\Local\resmon.resmoncfg
[2011.06.25 20:56:19 | 000,000,000 | ---- | C] () -- C:\Users\Tom\AppData\Local\{4C1DAC23-4746-4617-9E5B-E5CF8A066078}
[2011.05.27 18:55:04 | 000,103,736 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011.05.27 18:55:03 | 000,066,872 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011.05.27 18:55:01 | 000,000,331 | ---- | C] () -- C:\Windows\game.ini
[2011.05.23 07:19:54 | 000,000,000 | ---- | C] () -- C:\Users\Tom\AppData\Local\{8A3875B3-F0F1-4F88-A6F8-BD9A67F56946}
[2011.05.15 19:37:21 | 000,001,854 | ---- | C] () -- C:\Users\Tom\AppData\Roaming\GhostObjGAFix.xml
[2011.04.25 11:01:13 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2011.03.01 15:15:55 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\Access.dat
[2011.02.26 21:26:26 | 000,000,032 | ---- | C] () -- C:\Windows\CD_Start.INI
[2010.09.27 17:51:50 | 000,000,091 | ---- | C] () -- C:\Users\Tom\AppData\Local\fusioncache.dat
[2010.09.27 17:49:50 | 001,569,622 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010.05.08 20:40:49 | 000,000,000 | ---- | C] () -- C:\Users\Tom\AppData\Roaming\wklnhst.dat
 
========== LOP Check ==========
 
[2011.06.13 20:04:41 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\.minecraft
[2011.07.26 15:38:18 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\Anvil-Soft
[2012.06.02 20:58:32 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\Babylon
[2010.06.20 09:10:53 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\Clonk
[2012.05.23 15:17:01 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\DVDVideoSoft
[2012.05.22 19:50:11 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\DVDVideoSoftIEHelpers
[2010.11.13 13:06:58 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\GetRightToGo
[2011.02.15 16:26:40 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\LolClient
[2012.05.25 17:30:18 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\LolClient2
[2011.07.03 21:10:10 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\Need for Speed World
[2012.03.11 20:39:41 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\ooVoo Details
[2012.05.22 19:51:48 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\OpenCandy
[2012.05.19 23:54:57 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\OpenClonk
[2011.03.09 20:20:41 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\OpenOffice.org
[2010.05.08 19:39:56 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\PlayFirst
[2010.05.08 20:40:50 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\Template
[2012.05.20 16:01:20 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\TS3Client
[2011.03.12 00:34:48 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\Tunngle
[2011.11.09 22:11:48 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\Unity
[2012.07.13 20:46:04 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\wargaming.net
[2011.01.18 17:39:49 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\Windows Live Writer
[2010.05.08 19:36:32 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\_MDLogs
[2012.07.15 19:03:53 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >
         
__________________

Alt 26.08.2012, 00:49   #4
t'john
/// Helfer-Team
 
100€ Trojaner - Standard

100€ Trojaner





Fixen mit OTL

Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).

  • Deaktiviere etwaige Virenscanner wie Avira, Kaspersky etc.
  • Starte die OTL.exe.
    Vista- und Windows 7-User starten mit Rechtsklick auf das Programm-Icon und wählen "Als Administrator ausführen".
  • Kopiere folgendes Skript in das Textfeld unterhalb von Benuterdefinierte Scans/Fixes:


Code:
ATTFilter
:OTL
SRV - (Akamai) -- c:\program files (x86)\common files\akamai/netsession_win_4f7fccd.dll () 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} 
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 
IE:64bit: - HKLM\..\SearchScopes\{6D68C820-0057-4195-9466-D0441BE62FBB}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox 
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} 
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 
IE - HKLM\..\SearchScopes\{6D68C820-0057-4195-9466-D0441BE62FBB}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox 
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2736476 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/?babsrc=HP_Prot 
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} 
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC 
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&affID=109986&babsrc=SP_ss&mntrId=7a2ec57c00000000000000ff6a000461 
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = 
IE - HKCU\..\SearchScopes\{C3CCC466-91D3-4ACC-82D6-A36FBB6B24DE}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050&SSPV=IENOSGBR 
IE - HKCU\..\SearchScopes\{E5BE4961-553D-445A-9254-4EC490299F9B}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=OVO2&o=2160&src=kw&q={searchTerms}&locale=&apn_ptnrs=^A2H&apn_dtid=^YYYYYY^YY^DE&apn_uid=ef376a0d-a577-44ec-a571-f55d30232c12&apn_sauid=442893E4-9A87-4578-B7DE-808645FAC53A 
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local; 
FF - prefs.js..CT2269050.browser.search.defaultthis.engineName: true 
FF - prefs.js..Smartbar.SearchFromAddressBarSavedUrl: "data:text/plain,keyword.URL=http://go.gmx.net/br/moz4_keyurl_search/?su=" 
FF - prefs.js..browser.search.defaultengine: "Google" 
FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)" 
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)" 
FF - prefs.js..browser.search.selectedEngine: "Search the web (Babylon)" 
FF - prefs.js..browser.startup.homepage: "gmx.de" 
FF - prefs.js..keyword.URL: "http://search.babylon.com/?affID=109986&babsrc=KW_ss&mntrId=7a2ec57c00000000000000ff6a000461&q=" 
FF - prefs.js..network.proxy.type: 0 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_271.dll File not found 
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found 
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll File not found 
O2 - BHO: (Softonic Helper Object) - {E87806B5-E908-45FD-AF5E-957D83E58E68} - C:\Program Files (x86)\Softonic\softonic\1.5.11.5\bh\softonic.dll (Softonic.com) 
O3 - HKLM\..\Toolbar: (Softonic Toolbar) - {5018CFD2-804D-4C99-9F81-25EAEA2769DE} - C:\Program Files (x86)\Softonic\softonic\1.5.11.5\softonicTlbr.dll (Softonic.com) 
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found. 
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) 
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\Tom\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc) 
O4 - HKCU..\Run: [Power2GoExpress] File not found 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) 
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) 
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) 
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) 
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) 
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) 
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) 
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found 
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found 
O20 - HKCU Winlogon: Shell - (C:\Users\Tom\AppData\Roaming\msconfig.dat) - C:\Users\Tom\AppData\Roaming\msconfig.dat (34f34h4) 
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. 
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. 
O32 - HKLM CDRom: AutoRun - 1 
O32 - AutoRun File - [2009.03.16 17:42:52 | 000,000,047 | R--- | M] () - F:\autorun.inf -- [ CDFS ] 
O33 - MountPoints2\{5527f63f-5a97-11df-ab64-806e6f6e6963}\Shell - "" = AutoRun 
O33 - MountPoints2\{5527f63f-5a97-11df-ab64-806e6f6e6963}\Shell\AutoRun\command - "" = F:\cdstart.exe -- [2009.03.16 17:30:25 | 020,744,822 | R--- | M] (RMS, http://www.rms.to) 
[2012.07.29 12:43:37 | 005,619,712 | ---- | C] (Gas Powered Games) -- C:\Users\Tom\Documents\supcom_fa_patch_1.5.3596_to_1.5.3599.exe 
[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] 

[2012.06.02 20:58:32 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\Babylon 
[2012.01.11 16:01:10 | 000,110,080 | ---- | C] (34f34h4) -- C:\Users\Tom\AppData\Roaming\msconfig.dat 

:Files

C:\Users\Tom\AppData\Local\{*}
C:\ProgramData\*.exe
C:\ProgramData\TEMP
C:\Users\Tom\AppData\Local\Temp\*.exe
C:\Users\Tom\AppData\LocalLow\Sun\Java\Deployment\cache
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
         
  • Schließe alle Programme.
  • Klicke auf den Fix Button.
  • Wenn OTL einen Neustart verlangt, bitte zulassen.
  • Kopiere den Inhalt des Logfiles hier in Code-Tags in Deinen Thread.
    Nachträglich kannst Du das Logfile hier einsehen => C:\_OTL\MovedFiles\<datum_nummer.log>

Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!
__________________
Mfg, t'john
Das TB unterstützen

Alt 26.08.2012, 09:39   #5
Nick11
 
100€ Trojaner - Standard

100€ Trojaner



Code:
ATTFilter
All processes killed
========== OTL ==========
Service Akamai stopped successfully!
Service Akamai deleted successfully!
c:\program files (x86)\common files\akamai/netsession_win_4f7fccd.dll moved successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6D68C820-0057-4195-9466-D0441BE62FBB}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6D68C820-0057-4195-9466-D0441BE62FBB}\ not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6D68C820-0057-4195-9466-D0441BE62FBB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6D68C820-0057-4195-9466-D0441BE62FBB}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{C3CCC466-91D3-4ACC-82D6-A36FBB6B24DE}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C3CCC466-91D3-4ACC-82D6-A36FBB6B24DE}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{E5BE4961-553D-445A-9254-4EC490299F9B}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E5BE4961-553D-445A-9254-4EC490299F9B}\ not found.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
Prefs.js: true removed from CT2269050.browser.search.defaultthis.engineName
Prefs.js: "data:text/plain,keyword.URL=hxxp://go.gmx.net/br/moz4_keyurl_search/?su=" removed from Smartbar.SearchFromAddressBarSavedUrl
Prefs.js: "Google" removed from browser.search.defaultengine
Prefs.js: "Search the web (Babylon)" removed from browser.search.defaultenginename
Prefs.js: "Search the web (Babylon)" removed from browser.search.order.1
Prefs.js: "Search the web (Babylon)" removed from browser.search.selectedEngine
Prefs.js: "gmx.de" removed from browser.startup.homepage
Prefs.js: "hxxp://search.babylon.com/?affID=109986&babsrc=KW_ss&mntrId=7a2ec57c00000000000000ff6a000461&q=" removed from keyword.URL
Prefs.js: 0 removed from network.proxy.type
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@adobe.com/FlashPlayer\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E87806B5-E908-45FD-AF5E-957D83E58E68}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E87806B5-E908-45FD-AF5E-957D83E58E68}\ deleted successfully.
C:\Program Files (x86)\Softonic\softonic\1.5.11.5\bh\softonic.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{5018CFD2-804D-4C99-9F81-25EAEA2769DE} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5018CFD2-804D-4C99-9F81-25EAEA2769DE}\ deleted successfully.
C:\Program Files (x86)\Softonic\softonic\1.5.11.5\softonicTlbr.dll moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.
64bit-Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ deleted successfully.
C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Akamai NetSession Interface deleted successfully.
C:\Users\Tom\AppData\Local\Akamai\netsession_win.exe moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Power2GoExpress deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\Windows\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell not found.
File C:\Users\Tom\AppData\Roaming\msconfig.dat not found.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
File move failed. F:\autorun.inf scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5527f63f-5a97-11df-ab64-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5527f63f-5a97-11df-ab64-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5527f63f-5a97-11df-ab64-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5527f63f-5a97-11df-ab64-806e6f6e6963}\ not found.
File move failed. F:\cdstart.exe scheduled to be moved on reboot.
C:\Users\Tom\Documents\supcom_fa_patch_1.5.3596_to_1.5.3599.exe moved successfully.
C:\Windows\SysWow64\ConduitEngine.tmp deleted successfully.
C:\Windows\SysWow64\RENDB41.tmp deleted successfully.
C:\Users\Tom\AppData\Roaming\Babylon folder moved successfully.
File C:\Users\Tom\AppData\Roaming\msconfig.dat not found.
========== FILES ==========
C:\Users\Tom\AppData\Local\{031CFA56-54A8-4DCC-A67C-ECEDF1881A2B} folder moved successfully.
C:\Users\Tom\AppData\Local\{048EA1B3-E9CE-4627-B4EC-D034249B376D} folder moved successfully.
C:\Users\Tom\AppData\Local\{04CA9B66-1764-463A-A79C-C6F8B8E351FF} folder moved successfully.
C:\Users\Tom\AppData\Local\{05D98076-D5CB-462A-9CE8-460E05F448AF} folder moved successfully.
C:\Users\Tom\AppData\Local\{069712DE-54CD-407F-A896-16DAF859CB5E} folder moved successfully.
C:\Users\Tom\AppData\Local\{075C2C9A-E1B4-4099-B403-CCBADF2AFDFF} folder moved successfully.
C:\Users\Tom\AppData\Local\{094B55AB-C0FA-48C3-A991-61FA8C237BF2} folder moved successfully.
C:\Users\Tom\AppData\Local\{0CDD03B6-F75A-4360-A6B3-28ECF1371905} folder moved successfully.
C:\Users\Tom\AppData\Local\{10A1989E-C899-4CE7-9C48-B38DE56D50EA} folder moved successfully.
C:\Users\Tom\AppData\Local\{113E2E06-3240-4627-9DBD-F64D972B1531} folder moved successfully.
C:\Users\Tom\AppData\Local\{1414646B-B78F-4D47-8771-167D46D1D205} folder moved successfully.
C:\Users\Tom\AppData\Local\{14465A5E-44BD-4B48-9785-8F4064D09C2D} folder moved successfully.
C:\Users\Tom\AppData\Local\{17826D6B-9C14-4181-95EF-76C3E9381566} folder moved successfully.
C:\Users\Tom\AppData\Local\{1A18DFA5-E224-4AFE-A9DE-03F3AD06E015} folder moved successfully.
C:\Users\Tom\AppData\Local\{1B6717A1-B6AC-4445-8FE1-00E40F02F4D5} folder moved successfully.
C:\Users\Tom\AppData\Local\{1E48E6B5-50BE-4E4E-A126-340EB5B25396} folder moved successfully.
C:\Users\Tom\AppData\Local\{1E6ACE8C-78F4-4436-9C52-5D29C88BCB1F} folder moved successfully.
C:\Users\Tom\AppData\Local\{1F60FD34-F4B6-4F51-8EC4-8304A501C85B} folder moved successfully.
C:\Users\Tom\AppData\Local\{1FF533F5-3C92-4F6E-AAF1-B9F353D734A2} folder moved successfully.
C:\Users\Tom\AppData\Local\{206A8011-10B5-4509-BEF1-88B63A7C1A09} folder moved successfully.
C:\Users\Tom\AppData\Local\{2076EB38-410F-4226-B6B0-F6D085146BC8} folder moved successfully.
C:\Users\Tom\AppData\Local\{2193F696-3CEA-4F82-A8E7-85180D436DA1} folder moved successfully.
C:\Users\Tom\AppData\Local\{24745354-5350-4DA2-A553-C5BBCCA87E01} folder moved successfully.
C:\Users\Tom\AppData\Local\{27C5C63D-0D7A-4DA3-AA17-FF9DA9A7E6EC} folder moved successfully.
C:\Users\Tom\AppData\Local\{28B98DD4-4F9F-4F0D-B7F8-4AA5A682D2D0} folder moved successfully.
C:\Users\Tom\AppData\Local\{2CE519A8-4091-40CE-8FA4-790F790B0801} folder moved successfully.
C:\Users\Tom\AppData\Local\{2F939BC0-564E-4684-94DA-1BC58CB5AF7E} folder moved successfully.
C:\Users\Tom\AppData\Local\{2FA090F9-A4B8-41B8-8DD7-D9918D1FF1EA} moved successfully.
C:\Users\Tom\AppData\Local\{32856B13-C6D8-4578-9641-2689EDDCEA62} folder moved successfully.
C:\Users\Tom\AppData\Local\{35E0D955-6844-4EDA-8DC6-5D3790E5C862} folder moved successfully.
C:\Users\Tom\AppData\Local\{3776F2C1-14D8-4009-B53C-3B8E4493EAA7} folder moved successfully.
C:\Users\Tom\AppData\Local\{37D1DA3C-18A3-48EA-AB44-CC2CFC53B304} folder moved successfully.
C:\Users\Tom\AppData\Local\{38234D31-5682-42FD-8DD0-08E8AF38613B} folder moved successfully.
C:\Users\Tom\AppData\Local\{3A1B604B-4136-4226-BD5B-F908F10D1C68} folder moved successfully.
C:\Users\Tom\AppData\Local\{3D8F8430-4921-4204-80FE-C1AC89FB53ED} folder moved successfully.
C:\Users\Tom\AppData\Local\{3E03B878-BF74-4DB8-83E5-D00A1337D487} folder moved successfully.
C:\Users\Tom\AppData\Local\{3F2D05D8-D4B0-45A6-8E47-700113EF983E} folder moved successfully.
C:\Users\Tom\AppData\Local\{3FA0E317-C64B-4F2F-87C7-C6A12BF81936} folder moved successfully.
C:\Users\Tom\AppData\Local\{415DE9E8-F9D8-47DA-A47B-FBE081CED91E} folder moved successfully.
C:\Users\Tom\AppData\Local\{42413943-9BE3-425E-BFD6-BA47AE4A4FFC} folder moved successfully.
C:\Users\Tom\AppData\Local\{46A47895-AF54-4358-90BC-593B20416D1D} folder moved successfully.
C:\Users\Tom\AppData\Local\{479BC00A-9A3E-4E8A-9D5F-5DFA97D2A0CF} folder moved successfully.
C:\Users\Tom\AppData\Local\{4964FC23-51F6-4A01-B231-983B8ACF7F63} folder moved successfully.
C:\Users\Tom\AppData\Local\{49A3CFFA-FDDC-4AA5-8E86-9BFC048D301D} folder moved successfully.
C:\Users\Tom\AppData\Local\{4B829C9F-2B82-4153-BA61-5D09B5B934B9} folder moved successfully.
C:\Users\Tom\AppData\Local\{4C1DAC23-4746-4617-9E5B-E5CF8A066078} moved successfully.
C:\Users\Tom\AppData\Local\{4D38C50D-B428-424C-8E85-F9E6C7593DF2} folder moved successfully.
C:\Users\Tom\AppData\Local\{509EB0D2-E0B0-47FA-94CA-CAC63411BAEC} folder moved successfully.
C:\Users\Tom\AppData\Local\{51DB663C-EEC1-483F-848E-FE429040EB76} folder moved successfully.
C:\Users\Tom\AppData\Local\{55CFC2D1-F0B2-42CB-A2FA-235EBB0A2F5B} folder moved successfully.
C:\Users\Tom\AppData\Local\{5604482B-73B3-4FD5-946E-EF7591A82D58} folder moved successfully.
C:\Users\Tom\AppData\Local\{59BF3F00-975B-46B5-8DFB-2B29DCA89870} folder moved successfully.
C:\Users\Tom\AppData\Local\{5A2D9112-BB2C-485E-88C5-467C7E288E43} folder moved successfully.
C:\Users\Tom\AppData\Local\{5A7811B5-7394-4293-931D-A4BEDD5A7F68} folder moved successfully.
C:\Users\Tom\AppData\Local\{5D08EC83-9C85-4998-B0CD-EC9871D90C38} folder moved successfully.
C:\Users\Tom\AppData\Local\{5E0198DD-B87C-446C-AE0D-193E39EF2B1E} moved successfully.
C:\Users\Tom\AppData\Local\{65CBB6E8-1314-4F14-98E4-AD97050A41F7} folder moved successfully.
C:\Users\Tom\AppData\Local\{66FB0461-94A0-43D7-90D9-099E494C85A3} folder moved successfully.
C:\Users\Tom\AppData\Local\{68C42FF5-10B9-467E-9911-5794076ADFB0} folder moved successfully.
C:\Users\Tom\AppData\Local\{6CC0C98A-5AFF-41BF-91BF-112C50CBA9C7} folder moved successfully.
C:\Users\Tom\AppData\Local\{706091F4-A241-47AC-A62D-7214488AC581} folder moved successfully.
C:\Users\Tom\AppData\Local\{71628089-E4DA-4790-831D-1465C44C9C3A} folder moved successfully.
C:\Users\Tom\AppData\Local\{7225C472-D0D0-45EC-92C2-0817E01089CA} folder moved successfully.
C:\Users\Tom\AppData\Local\{723F01DB-7A13-44DF-BC3A-AD0C82D5FE2C} folder moved successfully.
C:\Users\Tom\AppData\Local\{7316D60E-17AF-4A1E-B9E9-6F406D530988} folder moved successfully.
C:\Users\Tom\AppData\Local\{73F51F72-E1FE-47AE-AEB0-12B6A6EB1FE1} folder moved successfully.
C:\Users\Tom\AppData\Local\{7457EEEF-93CD-4F74-A3AD-A2C026DBD560} folder moved successfully.
C:\Users\Tom\AppData\Local\{74DCCB38-938F-49A4-B628-30C0B73624E0} folder moved successfully.
C:\Users\Tom\AppData\Local\{7596BAC1-AD68-4BD5-9B1C-47095392B3BD} folder moved successfully.
C:\Users\Tom\AppData\Local\{76AED143-8F09-437F-B5FA-D73B9EE01EE3} folder moved successfully.
C:\Users\Tom\AppData\Local\{795A0671-9D9A-4DC7-B571-AD2C3238CE10} folder moved successfully.
C:\Users\Tom\AppData\Local\{7D6C5942-2DB0-4431-8B3B-CF6882AE225C} folder moved successfully.
C:\Users\Tom\AppData\Local\{80B0BE65-C5B6-42A3-97E6-40354BF338A7} folder moved successfully.
C:\Users\Tom\AppData\Local\{818DBD6E-E0E4-450E-9592-3BF7BEB2A925} folder moved successfully.
C:\Users\Tom\AppData\Local\{862C4BDA-708E-40D0-894A-9EA39488C765} folder moved successfully.
C:\Users\Tom\AppData\Local\{89384EEB-2A0C-4BEB-BFE2-600FDD38CAEC} folder moved successfully.
C:\Users\Tom\AppData\Local\{8A3875B3-F0F1-4F88-A6F8-BD9A67F56946} moved successfully.
C:\Users\Tom\AppData\Local\{8AEAA6AD-F810-49D5-B3F2-75CC8CCCC986} folder moved successfully.
C:\Users\Tom\AppData\Local\{8B7CFC6A-0A05-4805-BC4B-A08DF4D37C02} folder moved successfully.
C:\Users\Tom\AppData\Local\{8DF9BABC-1DF2-46AC-9AC4-AF47B9084804} folder moved successfully.
C:\Users\Tom\AppData\Local\{8E9297B4-3EAB-4390-8078-EDD048BBE81A} folder moved successfully.
C:\Users\Tom\AppData\Local\{90CB8A15-2507-427A-97BD-2124E0870F3F} folder moved successfully.
C:\Users\Tom\AppData\Local\{919E3D0F-C09B-4E4D-AF6F-20AFF9A66AB9} folder moved successfully.
C:\Users\Tom\AppData\Local\{91EBFFAA-FBFF-49FD-86B5-D5FF180C03DB} folder moved successfully.
C:\Users\Tom\AppData\Local\{96616B32-CFA6-450A-9416-74154203AD8B} folder moved successfully.
C:\Users\Tom\AppData\Local\{96735323-68B5-41CE-B588-C0EB0B15DEEA} folder moved successfully.
C:\Users\Tom\AppData\Local\{98F58632-D766-490A-B093-469E76A201F0} moved successfully.
C:\Users\Tom\AppData\Local\{9BDB62AF-2E7E-46A0-A512-2004E8D409B7} folder moved successfully.
C:\Users\Tom\AppData\Local\{9D1C7C52-2A94-4972-B337-F05CA9037B60} folder moved successfully.
C:\Users\Tom\AppData\Local\{9F014671-ED02-47A5-A97A-43BF6910DDBF} folder moved successfully.
C:\Users\Tom\AppData\Local\{A0C99A4B-6848-4DDF-B0FC-B3B02E5244F6} folder moved successfully.
C:\Users\Tom\AppData\Local\{A2CBFDD8-7A6C-471A-A699-AD09491AF75A} folder moved successfully.
C:\Users\Tom\AppData\Local\{A30D4206-5F1D-4E65-A7E9-ABF8A8815938} folder moved successfully.
C:\Users\Tom\AppData\Local\{A395FB8D-A10C-4B77-986F-2CB1751B86FC} folder moved successfully.
C:\Users\Tom\AppData\Local\{A5D95078-CC93-4FD8-B457-87624B0E9355} folder moved successfully.
C:\Users\Tom\AppData\Local\{A6E19295-8851-4B45-A170-1C0851C32D73} folder moved successfully.
C:\Users\Tom\AppData\Local\{A85ACF2C-6A95-4066-BF7C-B5C009F8EE20} folder moved successfully.
C:\Users\Tom\AppData\Local\{A9A5A2F2-6BC9-4380-B535-733D87BF5AEF} folder moved successfully.
C:\Users\Tom\AppData\Local\{B02AB14D-6946-4F05-AA02-4EA79DF75570} folder moved successfully.
C:\Users\Tom\AppData\Local\{B0A26123-B02F-49F9-B345-109A8BE8D506} folder moved successfully.
C:\Users\Tom\AppData\Local\{B1F33F96-7946-45EA-A416-5DB9EC46D74A} folder moved successfully.
C:\Users\Tom\AppData\Local\{B287170C-4F46-4912-810C-5949CEED8656} folder moved successfully.
C:\Users\Tom\AppData\Local\{B3CCD269-452B-40B3-9189-526F854038D8} folder moved successfully.
C:\Users\Tom\AppData\Local\{B5060860-7D25-4C92-8F3D-95C8FCB19510} folder moved successfully.
C:\Users\Tom\AppData\Local\{B8BB9B1F-1BA5-43E0-98A4-08864785E152} folder moved successfully.
C:\Users\Tom\AppData\Local\{C017AB59-26E5-411E-AA44-E22805A0EB7B} folder moved successfully.
C:\Users\Tom\AppData\Local\{C062D14E-2DFA-4008-B7EB-E6D9EF49F59C} folder moved successfully.
C:\Users\Tom\AppData\Local\{C0B614B6-3C22-49BE-829E-0DA8D3F54BD7} folder moved successfully.
C:\Users\Tom\AppData\Local\{C426E4CA-C475-4D00-8D32-A760B4011C31} folder moved successfully.
C:\Users\Tom\AppData\Local\{C665ECE9-0CF7-4D71-AA12-00CD3D880C93} folder moved successfully.
C:\Users\Tom\AppData\Local\{C869CB0C-7453-4BAE-86C7-C1E96E46A762} folder moved successfully.
C:\Users\Tom\AppData\Local\{C8C9C099-4495-4C88-829D-2B7E3BB6CF33} folder moved successfully.
C:\Users\Tom\AppData\Local\{CA9A7D6F-F8BD-490D-AFBC-81EB9484C019} folder moved successfully.
C:\Users\Tom\AppData\Local\{CA9EA22F-AC92-4A52-A282-9BBECE0737F0} folder moved successfully.
C:\Users\Tom\AppData\Local\{CB614AFC-4CA7-4B7F-B1C3-D995EAC0F68B} folder moved successfully.
C:\Users\Tom\AppData\Local\{CC9EB833-7B0D-447E-A3F6-E92EFA942370} folder moved successfully.
C:\Users\Tom\AppData\Local\{CF731A02-AC5E-437D-B2F8-BA964BBC5D1F} folder moved successfully.
C:\Users\Tom\AppData\Local\{CFC7A427-442A-4381-886F-FECE402FA9B3} folder moved successfully.
C:\Users\Tom\AppData\Local\{D13092EB-6B1D-46B8-8CDE-DF86FBC26ABA} folder moved successfully.
C:\Users\Tom\AppData\Local\{D2EBC228-1D1F-45C2-BF60-AB90AFB72B84} folder moved successfully.
C:\Users\Tom\AppData\Local\{D97310FF-3160-4F69-9FC6-FB977E989FFD} folder moved successfully.
C:\Users\Tom\AppData\Local\{DA2C6DEC-1284-4F4F-A1D2-95CC6D820D9D} folder moved successfully.
C:\Users\Tom\AppData\Local\{DC0B91FA-D09A-42AF-8B3B-935942C498C5} folder moved successfully.
C:\Users\Tom\AppData\Local\{DC1811D4-40BD-4F9E-903F-E0DDA822297C} folder moved successfully.
C:\Users\Tom\AppData\Local\{DE02CFE5-162F-470A-94E2-84F1360C25E6} folder moved successfully.
C:\Users\Tom\AppData\Local\{DEDE4DB5-8C8F-4310-937A-2318DF7A60DA} folder moved successfully.
C:\Users\Tom\AppData\Local\{E0ACBADF-3A05-483B-8F9D-BD5229B84054} folder moved successfully.
C:\Users\Tom\AppData\Local\{EA3946CE-0C9E-497E-BF29-AB829E6F9B19} folder moved successfully.
C:\Users\Tom\AppData\Local\{EC7F936A-433D-41BC-AC6B-25FA443B06F3} folder moved successfully.
C:\Users\Tom\AppData\Local\{F45F1271-FC7C-44A4-B006-6D375063B7F7} folder moved successfully.
C:\Users\Tom\AppData\Local\{F5DEEF45-1CD4-4B8A-AE41-E2F239E3AAF1} folder moved successfully.
C:\Users\Tom\AppData\Local\{F738FCBF-04A8-46A6-8D06-2F3A662D8609} folder moved successfully.
C:\Users\Tom\AppData\Local\{F829CA5D-1B20-40FD-A735-88BE5832AF22} folder moved successfully.
C:\Users\Tom\AppData\Local\{FB4253CA-D5E4-40D0-9378-93598468D70F} folder moved successfully.
C:\Users\Tom\AppData\Local\{FCDD2E19-2F24-41D1-BC8E-EB6F5911FA57} folder moved successfully.
C:\Users\Tom\AppData\Local\{FDFB5B65-A00A-4315-98A3-5DC4C9C976CA} folder moved successfully.
C:\Users\Tom\AppData\Local\{FFC7FB02-BC0B-4CDE-B86B-AA135755D33A} folder moved successfully.
File\Folder C:\ProgramData\*.exe not found.
C:\ProgramData\Temp\{D36DD326-7280-11D8-97C8-000129760CBE} folder moved successfully.
C:\ProgramData\Temp\{CB099890-1D5F-11D5-9EA9-0050BAE317E1} folder moved successfully.
C:\ProgramData\Temp\{C59C179C-668D-49A9-B6EA-0121CCFC1243} folder moved successfully.
C:\ProgramData\Temp\{9867824A-C86D-4A83-8F3C-E7A86BE0AFD3} folder moved successfully.
C:\ProgramData\Temp\{80E158EA-7181-40FE-A701-301CE6BE64AB} folder moved successfully.
C:\ProgramData\Temp\{5DB1DF0C-AABC-4362-8A6D-CEFDFB036E41} folder moved successfully.
C:\ProgramData\Temp\{4FC670EB-5F02-4B07-90DB-022B86BFEFD0} folder moved successfully.
C:\ProgramData\Temp\{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5} folder moved successfully.
C:\ProgramData\Temp\{40BF1E83-20EB-11D8-97C5-0009C5020658} folder moved successfully.
C:\ProgramData\Temp\{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47} folder moved successfully.
C:\ProgramData\Temp\{23F3DA62-2D9E-4A69-B8D5-BE8E9E148092} folder moved successfully.
C:\ProgramData\Temp\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79} folder moved successfully.
C:\ProgramData\Temp\{051B9612-4D82-42AC-8C63-CD2DCEDC1CB3} folder moved successfully.
C:\ProgramData\Temp\{01FB4998-33C4-4431-85ED-079E3EEFE75D} folder moved successfully.
C:\ProgramData\Temp folder moved successfully.
File\Folder C:\Users\Tom\AppData\Local\Temp\*.exe not found.
C:\Users\Tom\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\tmp folder moved successfully.
C:\Users\Tom\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\muffin folder moved successfully.
C:\Users\Tom\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\host folder moved successfully.
C:\Users\Tom\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9 folder moved successfully.
C:\Users\Tom\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\8 folder moved successfully.
C:\Users\Tom\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\7 folder moved successfully.
C:\Users\Tom\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63 folder moved successfully.
C:\Users\Tom\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62 folder moved successfully.
C:\Users\Tom\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61 folder moved successfully.
C:\Users\Tom\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\60 folder moved successfully.
C:\Users\Tom\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6 folder moved successfully.
C:\Users\Tom\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59 folder moved successfully.
C:\Users\Tom\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58 folder moved successfully.
C:\Users\Tom\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57 folder moved successfully.
C:\Users\Tom\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\56 folder moved successfully.
C:\Users\Tom\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55 folder moved successfully.
C:\Users\Tom\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54 folder moved successfully.
C:\Users\Tom\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53 folder moved successfully.
C:\Users\Tom\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52 folder moved successfully.
C:\Users\Tom\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\51 folder moved successfully.
C:\Users\Tom\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50 folder moved successfully.
C:\Users\Tom\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5 folder moved successfully.
C:\Users\Tom\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49 folder moved successfully.
C:\Users\Tom\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48 folder moved successfully.
C:\Users\Tom\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47 folder moved successfully.
C:\Users\Tom\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46 folder moved successfully.
C:\Users\Tom\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\45 folder moved successfully.
C:\Users\Tom\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44 folder moved successfully.
C:\Users\Tom\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43 folder moved successfully.
C:\Users\Tom\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\42 folder moved successfully.
C:\Users\Tom\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41 folder moved successfully.
C:\Users\Tom\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\40 folder moved successfully.
C:\Users\Tom\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\4 folder moved successfully.
C:\Users\Tom\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\39 folder moved successfully.
C:\Users\Tom\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38 folder moved successfully.
C:\Users\Tom\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\37 folder moved successfully.
C:\Users\Tom\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36 folder moved successfully.
C:\Users\Tom\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35 folder moved successfully.
C:\Users\Tom\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34 folder moved successfully.
C:\Users\Tom\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33 folder moved successfully.
C:\Users\Tom\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32 folder moved successfully.
C:\Users\Tom\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31 folder moved successfully.
C:\Users\Tom\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\30 folder moved successfully.
C:\Users\Tom\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\3 folder moved successfully.
C:\Users\Tom\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29 folder moved successfully.
C:\Users\Tom\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28 folder moved successfully.
C:\Users\Tom\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27 folder moved successfully.
C:\Users\Tom\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26 folder moved successfully.
C:\Users\Tom\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25 folder moved successfully.
C:\Users\Tom\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\24 folder moved successfully.
C:\Users\Tom\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\23 folder moved successfully.
C:\Users\Tom\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22 folder moved successfully.
C:\Users\Tom\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21 folder moved successfully.
C:\Users\Tom\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20 folder moved successfully.
C:\Users\Tom\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2 folder moved successfully.
C:\Users\Tom\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\19 folder moved successfully.
C:\Users\Tom\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18 folder moved successfully.
C:\Users\Tom\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17 folder moved successfully.
C:\Users\Tom\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16 folder moved successfully.
C:\Users\Tom\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15 folder moved successfully.
C:\Users\Tom\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\14 folder moved successfully.
C:\Users\Tom\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\13 folder moved successfully.
C:\Users\Tom\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12 folder moved successfully.
C:\Users\Tom\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\11 folder moved successfully.
C:\Users\Tom\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10 folder moved successfully.
C:\Users\Tom\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1 folder moved successfully.
C:\Users\Tom\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0 folder moved successfully.
C:\Users\Tom\AppData\LocalLow\Sun\Java\Deployment\cache\6.0 folder moved successfully.
C:\Users\Tom\AppData\LocalLow\Sun\Java\Deployment\cache folder moved successfully.
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\Tom\Desktop\cmd.bat deleted successfully.
C:\Users\Tom\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56475 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Public
 
User: Tom
->Temp folder emptied: 265372109 bytes
->Temporary Internet Files folder emptied: 29620012 bytes
->FireFox cache emptied: 233893549 bytes
->Flash cache emptied: 80284 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1378681 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 11710937 bytes
RecycleBin emptied: 641036998 bytes
 
Total Files Cleaned = 1.128,00 mb
 
 
OTL by OldTimer - Version 3.2.58.1 log created on 08262012_103215

Files\Folders moved on Reboot...
File move failed. F:\autorun.inf scheduled to be moved on reboot.
File move failed. F:\cdstart.exe scheduled to be moved on reboot.
C:\Users\Tom\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
         
Code:
ATTFilter
All processes killed
========== OTL ==========
Service Akamai stopped successfully!
Service Akamai deleted successfully!
c:\program files (x86)\common files\akamai/netsession_win_4f7fccd.dll moved successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6D68C820-0057-4195-9466-D0441BE62FBB}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6D68C820-0057-4195-9466-D0441BE62FBB}\ not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6D68C820-0057-4195-9466-D0441BE62FBB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6D68C820-0057-4195-9466-D0441BE62FBB}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{C3CCC466-91D3-4ACC-82D6-A36FBB6B24DE}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C3CCC466-91D3-4ACC-82D6-A36FBB6B24DE}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{E5BE4961-553D-445A-9254-4EC490299F9B}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E5BE4961-553D-445A-9254-4EC490299F9B}\ not found.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
Prefs.js: true removed from CT2269050.browser.search.defaultthis.engineName
Prefs.js: "data:text/plain,keyword.URL=hxxp://go.gmx.net/br/moz4_keyurl_search/?su=" removed from Smartbar.SearchFromAddressBarSavedUrl
Prefs.js: "Google" removed from browser.search.defaultengine
Prefs.js: "Search the web (Babylon)" removed from browser.search.defaultenginename
Prefs.js: "Search the web (Babylon)" removed from browser.search.order.1
Prefs.js: "Search the web (Babylon)" removed from browser.search.selectedEngine
Prefs.js: "gmx.de" removed from browser.startup.homepage
Prefs.js: "hxxp://search.babylon.com/?affID=109986&babsrc=KW_ss&mntrId=7a2ec57c00000000000000ff6a000461&q=" removed from keyword.URL
Prefs.js: 0 removed from network.proxy.type
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@adobe.com/FlashPlayer\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E87806B5-E908-45FD-AF5E-957D83E58E68}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E87806B5-E908-45FD-AF5E-957D83E58E68}\ deleted successfully.
C:\Program Files (x86)\Softonic\softonic\1.5.11.5\bh\softonic.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{5018CFD2-804D-4C99-9F81-25EAEA2769DE} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5018CFD2-804D-4C99-9F81-25EAEA2769DE}\ deleted successfully.
C:\Program Files (x86)\Softonic\softonic\1.5.11.5\softonicTlbr.dll moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.
64bit-Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ deleted successfully.
C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Akamai NetSession Interface deleted successfully.
C:\Users\Tom\AppData\Local\Akamai\netsession_win.exe moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Power2GoExpress deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\Windows\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell not found.
File C:\Users\Tom\AppData\Roaming\msconfig.dat not found.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
File move failed. F:\autorun.inf scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5527f63f-5a97-11df-ab64-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5527f63f-5a97-11df-ab64-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5527f63f-5a97-11df-ab64-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5527f63f-5a97-11df-ab64-806e6f6e6963}\ not found.
File move failed. F:\cdstart.exe scheduled to be moved on reboot.
C:\Users\Tom\Documents\supcom_fa_patch_1.5.3596_to_1.5.3599.exe moved successfully.
C:\Windows\SysWow64\ConduitEngine.tmp deleted successfully.
C:\Windows\SysWow64\RENDB41.tmp deleted successfully.
C:\Users\Tom\AppData\Roaming\Babylon folder moved successfully.
File C:\Users\Tom\AppData\Roaming\msconfig.dat not found.
========== FILES ==========
C:\Users\Tom\AppData\Local\{031CFA56-54A8-4DCC-A67C-ECEDF1881A2B} folder moved successfully.
C:\Users\Tom\AppData\Local\{048EA1B3-E9CE-4627-B4EC-D034249B376D} folder moved successfully.
C:\Users\Tom\AppData\Local\{04CA9B66-1764-463A-A79C-C6F8B8E351FF} folder moved successfully.
C:\Users\Tom\AppData\Local\{05D98076-D5CB-462A-9CE8-460E05F448AF} folder moved successfully.
C:\Users\Tom\AppData\Local\{069712DE-54CD-407F-A896-16DAF859CB5E} folder moved successfully.
C:\Users\Tom\AppData\Local\{075C2C9A-E1B4-4099-B403-CCBADF2AFDFF} folder moved successfully.
C:\Users\Tom\AppData\Local\{094B55AB-C0FA-48C3-A991-61FA8C237BF2} folder moved successfully.
C:\Users\Tom\AppData\Local\{0CDD03B6-F75A-4360-A6B3-28ECF1371905} folder moved successfully.
C:\Users\Tom\AppData\Local\{10A1989E-C899-4CE7-9C48-B38DE56D50EA} folder moved successfully.
C:\Users\Tom\AppData\Local\{113E2E06-3240-4627-9DBD-F64D972B1531} folder moved successfully.
C:\Users\Tom\AppData\Local\{1414646B-B78F-4D47-8771-167D46D1D205} folder moved successfully.
C:\Users\Tom\AppData\Local\{14465A5E-44BD-4B48-9785-8F4064D09C2D} folder moved successfully.
C:\Users\Tom\AppData\Local\{17826D6B-9C14-4181-95EF-76C3E9381566} folder moved successfully.
C:\Users\Tom\AppData\Local\{1A18DFA5-E224-4AFE-A9DE-03F3AD06E015} folder moved successfully.
C:\Users\Tom\AppData\Local\{1B6717A1-B6AC-4445-8FE1-00E40F02F4D5} folder moved successfully.
C:\Users\Tom\AppData\Local\{1E48E6B5-50BE-4E4E-A126-340EB5B25396} folder moved successfully.
C:\Users\Tom\AppData\Local\{1E6ACE8C-78F4-4436-9C52-5D29C88BCB1F} folder moved successfully.
C:\Users\Tom\AppData\Local\{1F60FD34-F4B6-4F51-8EC4-8304A501C85B} folder moved successfully.
C:\Users\Tom\AppData\Local\{1FF533F5-3C92-4F6E-AAF1-B9F353D734A2} folder moved successfully.
C:\Users\Tom\AppData\Local\{206A8011-10B5-4509-BEF1-88B63A7C1A09} folder moved successfully.
C:\Users\Tom\AppData\Local\{2076EB38-410F-4226-B6B0-F6D085146BC8} folder moved successfully.
C:\Users\Tom\AppData\Local\{2193F696-3CEA-4F82-A8E7-85180D436DA1} folder moved successfully.
C:\Users\Tom\AppData\Local\{24745354-5350-4DA2-A553-C5BBCCA87E01} folder moved successfully.
C:\Users\Tom\AppData\Local\{27C5C63D-0D7A-4DA3-AA17-FF9DA9A7E6EC} folder moved successfully.
C:\Users\Tom\AppData\Local\{28B98DD4-4F9F-4F0D-B7F8-4AA5A682D2D0} folder moved successfully.
C:\Users\Tom\AppData\Local\{2CE519A8-4091-40CE-8FA4-790F790B0801} folder moved successfully.
C:\Users\Tom\AppData\Local\{2F939BC0-564E-4684-94DA-1BC58CB5AF7E} folder moved successfully.
C:\Users\Tom\AppData\Local\{2FA090F9-A4B8-41B8-8DD7-D9918D1FF1EA} moved successfully.
C:\Users\Tom\AppData\Local\{32856B13-C6D8-4578-9641-2689EDDCEA62} folder moved successfully.
C:\Users\Tom\AppData\Local\{35E0D955-6844-4EDA-8DC6-5D3790E5C862} folder moved successfully.
C:\Users\Tom\AppData\Local\{3776F2C1-14D8-4009-B53C-3B8E4493EAA7} folder moved successfully.
C:\Users\Tom\AppData\Local\{37D1DA3C-18A3-48EA-AB44-CC2CFC53B304} folder moved successfully.
C:\Users\Tom\AppData\Local\{38234D31-5682-42FD-8DD0-08E8AF38613B} folder moved successfully.
C:\Users\Tom\AppData\Local\{3A1B604B-4136-4226-BD5B-F908F10D1C68} folder moved successfully.
C:\Users\Tom\AppData\Local\{3D8F8430-4921-4204-80FE-C1AC89FB53ED} folder moved successfully.
C:\Users\Tom\AppData\Local\{3E03B878-BF74-4DB8-83E5-D00A1337D487} folder moved successfully.
C:\Users\Tom\AppData\Local\{3F2D05D8-D4B0-45A6-8E47-700113EF983E} folder moved successfully.
C:\Users\Tom\AppData\Local\{3FA0E317-C64B-4F2F-87C7-C6A12BF81936} folder moved successfully.
C:\Users\Tom\AppData\Local\{415DE9E8-F9D8-47DA-A47B-FBE081CED91E} folder moved successfully.
C:\Users\Tom\AppData\Local\{42413943-9BE3-425E-BFD6-BA47AE4A4FFC} folder moved successfully.
C:\Users\Tom\AppData\Local\{46A47895-AF54-4358-90BC-593B20416D1D} folder moved successfully.
C:\Users\Tom\AppData\Local\{479BC00A-9A3E-4E8A-9D5F-5DFA97D2A0CF} folder moved successfully.
C:\Users\Tom\AppData\Local\{4964FC23-51F6-4A01-B231-983B8ACF7F63} folder moved successfully.
C:\Users\Tom\AppData\Local\{49A3CFFA-FDDC-4AA5-8E86-9BFC048D301D} folder moved successfully.
C:\Users\Tom\AppData\Local\{4B829C9F-2B82-4153-BA61-5D09B5B934B9} folder moved successfully.
C:\Users\Tom\AppData\Local\{4C1DAC23-4746-4617-9E5B-E5CF8A066078} moved successfully.
C:\Users\Tom\AppData\Local\{4D38C50D-B428-424C-8E85-F9E6C7593DF2} folder moved successfully.
C:\Users\Tom\AppData\Local\{509EB0D2-E0B0-47FA-94CA-CAC63411BAEC} folder moved successfully.
C:\Users\Tom\AppData\Local\{51DB663C-EEC1-483F-848E-FE429040EB76} folder moved successfully.
C:\Users\Tom\AppData\Local\{55CFC2D1-F0B2-42CB-A2FA-235EBB0A2F5B} folder moved successfully.
C:\Users\Tom\AppData\Local\{5604482B-73B3-4FD5-946E-EF7591A82D58} folder moved successfully.
C:\Users\Tom\AppData\Local\{59BF3F00-975B-46B5-8DFB-2B29DCA89870} folder moved successfully.
C:\Users\Tom\AppData\Local\{5A2D9112-BB2C-485E-88C5-467C7E288E43} folder moved successfully.
C:\Users\Tom\AppData\Local\{5A7811B5-7394-4293-931D-A4BEDD5A7F68} folder moved successfully.
C:\Users\Tom\AppData\Local\{5D08EC83-9C85-4998-B0CD-EC9871D90C38} folder moved successfully.
C:\Users\Tom\AppData\Local\{5E0198DD-B87C-446C-AE0D-193E39EF2B1E} moved successfully.
C:\Users\Tom\AppData\Local\{65CBB6E8-1314-4F14-98E4-AD97050A41F7} folder moved successfully.
C:\Users\Tom\AppData\Local\{66FB0461-94A0-43D7-90D9-099E494C85A3} folder moved successfully.
C:\Users\Tom\AppData\Local\{68C42FF5-10B9-467E-9911-5794076ADFB0} folder moved successfully.
C:\Users\Tom\AppData\Local\{6CC0C98A-5AFF-41BF-91BF-112C50CBA9C7} folder moved successfully.
C:\Users\Tom\AppData\Local\{706091F4-A241-47AC-A62D-7214488AC581} folder moved successfully.
C:\Users\Tom\AppData\Local\{71628089-E4DA-4790-831D-1465C44C9C3A} folder moved successfully.
C:\Users\Tom\AppData\Local\{7225C472-D0D0-45EC-92C2-0817E01089CA} folder moved successfully.
C:\Users\Tom\AppData\Local\{723F01DB-7A13-44DF-BC3A-AD0C82D5FE2C} folder moved successfully.
C:\Users\Tom\AppData\Local\{7316D60E-17AF-4A1E-B9E9-6F406D530988} folder moved successfully.
C:\Users\Tom\AppData\Local\{73F51F72-E1FE-47AE-AEB0-12B6A6EB1FE1} folder moved successfully.
C:\Users\Tom\AppData\Local\{7457EEEF-93CD-4F74-A3AD-A2C026DBD560} folder moved successfully.
C:\Users\Tom\AppData\Local\{74DCCB38-938F-49A4-B628-30C0B73624E0} folder moved successfully.
C:\Users\Tom\AppData\Local\{7596BAC1-AD68-4BD5-9B1C-47095392B3BD} folder moved successfully.
C:\Users\Tom\AppData\Local\{76AED143-8F09-437F-B5FA-D73B9EE01EE3} folder moved successfully.
C:\Users\Tom\AppData\Local\{795A0671-9D9A-4DC7-B571-AD2C3238CE10} folder moved successfully.
C:\Users\Tom\AppData\Local\{7D6C5942-2DB0-4431-8B3B-CF6882AE225C} folder moved successfully.
C:\Users\Tom\AppData\Local\{80B0BE65-C5B6-42A3-97E6-40354BF338A7} folder moved successfully.
C:\Users\Tom\AppData\Local\{818DBD6E-E0E4-450E-9592-3BF7BEB2A925} folder moved successfully.
C:\Users\Tom\AppData\Local\{862C4BDA-708E-40D0-894A-9EA39488C765} folder moved successfully.
C:\Users\Tom\AppData\Local\{89384EEB-2A0C-4BEB-BFE2-600FDD38CAEC} folder moved successfully.
C:\Users\Tom\AppData\Local\{8A3875B3-F0F1-4F88-A6F8-BD9A67F56946} moved successfully.
C:\Users\Tom\AppData\Local\{8AEAA6AD-F810-49D5-B3F2-75CC8CCCC986} folder moved successfully.
C:\Users\Tom\AppData\Local\{8B7CFC6A-0A05-4805-BC4B-A08DF4D37C02} folder moved successfully.
C:\Users\Tom\AppData\Local\{8DF9BABC-1DF2-46AC-9AC4-AF47B9084804} folder moved successfully.
C:\Users\Tom\AppData\Local\{8E9297B4-3EAB-4390-8078-EDD048BBE81A} folder moved successfully.
C:\Users\Tom\AppData\Local\{90CB8A15-2507-427A-97BD-2124E0870F3F} folder moved successfully.
C:\Users\Tom\AppData\Local\{919E3D0F-C09B-4E4D-AF6F-20AFF9A66AB9} folder moved successfully.
C:\Users\Tom\AppData\Local\{91EBFFAA-FBFF-49FD-86B5-D5FF180C03DB} folder moved successfully.
C:\Users\Tom\AppData\Local\{96616B32-CFA6-450A-9416-74154203AD8B} folder moved successfully.
C:\Users\Tom\AppData\Local\{96735323-68B5-41CE-B588-C0EB0B15DEEA} folder moved successfully.
C:\Users\Tom\AppData\Local\{98F58632-D766-490A-B093-469E76A201F0} moved successfully.
C:\Users\Tom\AppData\Local\{9BDB62AF-2E7E-46A0-A512-2004E8D409B7} folder moved successfully.
C:\Users\Tom\AppData\Local\{9D1C7C52-2A94-4972-B337-F05CA9037B60} folder moved successfully.
C:\Users\Tom\AppData\Local\{9F014671-ED02-47A5-A97A-43BF6910DDBF} folder moved successfully.
C:\Users\Tom\AppData\Local\{A0C99A4B-6848-4DDF-B0FC-B3B02E5244F6} folder moved successfully.
C:\Users\Tom\AppData\Local\{A2CBFDD8-7A6C-471A-A699-AD09491AF75A} folder moved successfully.
C:\Users\Tom\AppData\Local\{A30D4206-5F1D-4E65-A7E9-ABF8A8815938} folder moved successfully.
C:\Users\Tom\AppData\Local\{A395FB8D-A10C-4B77-986F-2CB1751B86FC} folder moved successfully.
C:\Users\Tom\AppData\Local\{A5D95078-CC93-4FD8-B457-87624B0E9355} folder moved successfully.
C:\Users\Tom\AppData\Local\{A6E19295-8851-4B45-A170-1C0851C32D73} folder moved successfully.
C:\Users\Tom\AppData\Local\{A85ACF2C-6A95-4066-BF7C-B5C009F8EE20} folder moved successfully.
C:\Users\Tom\AppData\Local\{A9A5A2F2-6BC9-4380-B535-733D87BF5AEF} folder moved successfully.
C:\Users\Tom\AppData\Local\{B02AB14D-6946-4F05-AA02-4EA79DF75570} folder moved successfully.
C:\Users\Tom\AppData\Local\{B0A26123-B02F-49F9-B345-109A8BE8D506} folder moved successfully.
C:\Users\Tom\AppData\Local\{B1F33F96-7946-45EA-A416-5DB9EC46D74A} folder moved successfully.
C:\Users\Tom\AppData\Local\{B287170C-4F46-4912-810C-5949CEED8656} folder moved successfully.
C:\Users\Tom\AppData\Local\{B3CCD269-452B-40B3-9189-526F854038D8} folder moved successfully.
C:\Users\Tom\AppData\Local\{B5060860-7D25-4C92-8F3D-95C8FCB19510} folder moved successfully.
C:\Users\Tom\AppData\Local\{B8BB9B1F-1BA5-43E0-98A4-08864785E152} folder moved successfully.
C:\Users\Tom\AppData\Local\{C017AB59-26E5-411E-AA44-E22805A0EB7B} folder moved successfully.
C:\Users\Tom\AppData\Local\{C062D14E-2DFA-4008-B7EB-E6D9EF49F59C} folder moved successfully.
C:\Users\Tom\AppData\Local\{C0B614B6-3C22-49BE-829E-0DA8D3F54BD7} folder moved successfully.
C:\Users\Tom\AppData\Local\{C426E4CA-C475-4D00-8D32-A760B4011C31} folder moved successfully.
C:\Users\Tom\AppData\Local\{C665ECE9-0CF7-4D71-AA12-00CD3D880C93} folder moved successfully.
C:\Users\Tom\AppData\Local\{C869CB0C-7453-4BAE-86C7-C1E96E46A762} folder moved successfully.
C:\Users\Tom\AppData\Local\{C8C9C099-4495-4C88-829D-2B7E3BB6CF33} folder moved successfully.
C:\Users\Tom\AppData\Local\{CA9A7D6F-F8BD-490D-AFBC-81EB9484C019} folder moved successfully.
C:\Users\Tom\AppData\Local\{CA9EA22F-AC92-4A52-A282-9BBECE0737F0} folder moved successfully.
C:\Users\Tom\AppData\Local\{CB614AFC-4CA7-4B7F-B1C3-D995EAC0F68B} folder moved successfully.
C:\Users\Tom\AppData\Local\{CC9EB833-7B0D-447E-A3F6-E92EFA942370} folder moved successfully.
C:\Users\Tom\AppData\Local\{CF731A02-AC5E-437D-B2F8-BA964BBC5D1F} folder moved successfully.
C:\Users\Tom\AppData\Local\{CFC7A427-442A-4381-886F-FECE402FA9B3} folder moved successfully.
C:\Users\Tom\AppData\Local\{D13092EB-6B1D-46B8-8CDE-DF86FBC26ABA} folder moved successfully.
C:\Users\Tom\AppData\Local\{D2EBC228-1D1F-45C2-BF60-AB90AFB72B84} folder moved successfully.
C:\Users\Tom\AppData\Local\{D97310FF-3160-4F69-9FC6-FB977E989FFD} folder moved successfully.
C:\Users\Tom\AppData\Local\{DA2C6DEC-1284-4F4F-A1D2-95CC6D820D9D} folder moved successfully.
C:\Users\Tom\AppData\Local\{DC0B91FA-D09A-42AF-8B3B-935942C498C5} folder moved successfully.
C:\Users\Tom\AppData\Local\{DC1811D4-40BD-4F9E-903F-E0DDA822297C} folder moved successfully.
C:\Users\Tom\AppData\Local\{DE02CFE5-162F-470A-94E2-84F1360C25E6} folder moved successfully.
C:\Users\Tom\AppData\Local\{DEDE4DB5-8C8F-4310-937A-2318DF7A60DA} folder moved successfully.
C:\Users\Tom\AppData\Local\{E0ACBADF-3A05-483B-8F9D-BD5229B84054} folder moved successfully.
C:\Users\Tom\AppData\Local\{EA3946CE-0C9E-497E-BF29-AB829E6F9B19} folder moved successfully.
C:\Users\Tom\AppData\Local\{EC7F936A-433D-41BC-AC6B-25FA443B06F3} folder moved successfully.
C:\Users\Tom\AppData\Local\{F45F1271-FC7C-44A4-B006-6D375063B7F7} folder moved successfully.
C:\Users\Tom\AppData\Local\{F5DEEF45-1CD4-4B8A-AE41-E2F239E3AAF1} folder moved successfully.
C:\Users\Tom\AppData\Local\{F738FCBF-04A8-46A6-8D06-2F3A662D8609} folder moved successfully.
C:\Users\Tom\AppData\Local\{F829CA5D-1B20-40FD-A735-88BE5832AF22} folder moved successfully.
C:\Users\Tom\AppData\Local\{FB4253CA-D5E4-40D0-9378-93598468D70F} folder moved successfully.
C:\Users\Tom\AppData\Local\{FCDD2E19-2F24-41D1-BC8E-EB6F5911FA57} folder moved successfully.
C:\Users\Tom\AppData\Local\{FDFB5B65-A00A-4315-98A3-5DC4C9C976CA} folder moved successfully.
C:\Users\Tom\AppData\Local\{FFC7FB02-BC0B-4CDE-B86B-AA135755D33A} folder moved successfully.
File\Folder C:\ProgramData\*.exe not found.
C:\ProgramData\Temp\{D36DD326-7280-11D8-97C8-000129760CBE} folder moved successfully.
C:\ProgramData\Temp\{CB099890-1D5F-11D5-9EA9-0050BAE317E1} folder moved successfully.
C:\ProgramData\Temp\{C59C179C-668D-49A9-B6EA-0121CCFC1243} folder moved successfully.
C:\ProgramData\Temp\{9867824A-C86D-4A83-8F3C-E7A86BE0AFD3} folder moved successfully.
C:\ProgramData\Temp\{80E158EA-7181-40FE-A701-301CE6BE64AB} folder moved successfully.
C:\ProgramData\Temp\{5DB1DF0C-AABC-4362-8A6D-CEFDFB036E41} folder moved successfully.
C:\ProgramData\Temp\{4FC670EB-5F02-4B07-90DB-022B86BFEFD0} folder moved successfully.
C:\ProgramData\Temp\{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5} folder moved successfully.
C:\ProgramData\Temp\{40BF1E83-20EB-11D8-97C5-0009C5020658} folder moved successfully.
C:\ProgramData\Temp\{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47} folder moved successfully.
C:\ProgramData\Temp\{23F3DA62-2D9E-4A69-B8D5-BE8E9E148092} folder moved successfully.
C:\ProgramData\Temp\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79} folder moved successfully.
C:\ProgramData\Temp\{051B9612-4D82-42AC-8C63-CD2DCEDC1CB3} folder moved successfully.
C:\ProgramData\Temp\{01FB4998-33C4-4431-85ED-079E3EEFE75D} folder moved successfully.
C:\ProgramData\Temp folder moved successfully.
File\Folder C:\Users\Tom\AppData\Local\Temp\*.exe not found.
C:\Users\Tom\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\tmp folder moved successfully.
C:\Users\Tom\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\muffin folder moved successfully.
C:\Users\Tom\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\host folder moved successfully.
C:\Users\Tom\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9 folder moved successfully.
C:\Users\Tom\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\8 folder moved successfully.
C:\Users\Tom\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\7 folder moved successfully.
C:\Users\Tom\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63 folder moved successfully.
C:\Users\Tom\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62 folder moved successfully.
C:\Users\Tom\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61 folder moved successfully.
C:\Users\Tom\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\60 folder moved successfully.
C:\Users\Tom\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6 folder moved successfully.
C:\Users\Tom\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59 folder moved successfully.
C:\Users\Tom\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58 folder moved successfully.
C:\Users\Tom\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57 folder moved successfully.
C:\Users\Tom\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\56 folder moved successfully.
C:\Users\Tom\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55 folder moved successfully.
C:\Users\Tom\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54 folder moved successfully.
C:\Users\Tom\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53 folder moved successfully.
C:\Users\Tom\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52 folder moved successfully.
C:\Users\Tom\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\51 folder moved successfully.
C:\Users\Tom\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50 folder moved successfully.
C:\Users\Tom\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5 folder moved successfully.
C:\Users\Tom\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49 folder moved successfully.
C:\Users\Tom\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48 folder moved successfully.
C:\Users\Tom\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47 folder moved successfully.
C:\Users\Tom\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46 folder moved successfully.
C:\Users\Tom\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\45 folder moved successfully.
C:\Users\Tom\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44 folder moved successfully.
C:\Users\Tom\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43 folder moved successfully.
C:\Users\Tom\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\42 folder moved successfully.
C:\Users\Tom\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41 folder moved successfully.
C:\Users\Tom\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\40 folder moved successfully.
C:\Users\Tom\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\4 folder moved successfully.
C:\Users\Tom\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\39 folder moved successfully.
C:\Users\Tom\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38 folder moved successfully.
C:\Users\Tom\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\37 folder moved successfully.
C:\Users\Tom\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36 folder moved successfully.
C:\Users\Tom\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35 folder moved successfully.
C:\Users\Tom\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34 folder moved successfully.
C:\Users\Tom\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33 folder moved successfully.
C:\Users\Tom\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32 folder moved successfully.
C:\Users\Tom\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31 folder moved successfully.
C:\Users\Tom\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\30 folder moved successfully.
C:\Users\Tom\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\3 folder moved successfully.
C:\Users\Tom\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29 folder moved successfully.
C:\Users\Tom\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28 folder moved successfully.
C:\Users\Tom\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27 folder moved successfully.
C:\Users\Tom\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26 folder moved successfully.
C:\Users\Tom\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25 folder moved successfully.
C:\Users\Tom\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\24 folder moved successfully.
C:\Users\Tom\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\23 folder moved successfully.
C:\Users\Tom\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22 folder moved successfully.
C:\Users\Tom\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21 folder moved successfully.
C:\Users\Tom\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20 folder moved successfully.
C:\Users\Tom\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2 folder moved successfully.
C:\Users\Tom\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\19 folder moved successfully.
C:\Users\Tom\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18 folder moved successfully.
C:\Users\Tom\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17 folder moved successfully.
C:\Users\Tom\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16 folder moved successfully.
C:\Users\Tom\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15 folder moved successfully.
C:\Users\Tom\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\14 folder moved successfully.
C:\Users\Tom\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\13 folder moved successfully.
C:\Users\Tom\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12 folder moved successfully.
C:\Users\Tom\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\11 folder moved successfully.
C:\Users\Tom\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10 folder moved successfully.
C:\Users\Tom\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1 folder moved successfully.
C:\Users\Tom\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0 folder moved successfully.
C:\Users\Tom\AppData\LocalLow\Sun\Java\Deployment\cache\6.0 folder moved successfully.
C:\Users\Tom\AppData\LocalLow\Sun\Java\Deployment\cache folder moved successfully.
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\Tom\Desktop\cmd.bat deleted successfully.
C:\Users\Tom\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56475 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Public
 
User: Tom
->Temp folder emptied: 265372109 bytes
->Temporary Internet Files folder emptied: 29620012 bytes
->FireFox cache emptied: 233893549 bytes
->Flash cache emptied: 80284 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1378681 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 11710937 bytes
RecycleBin emptied: 641036998 bytes
 
Total Files Cleaned = 1.128,00 mb
 
 
OTL by OldTimer - Version 3.2.58.1 log created on 08262012_103215

Files\Folders moved on Reboot...
File move failed. F:\autorun.inf scheduled to be moved on reboot.
File move failed. F:\cdstart.exe scheduled to be moved on reboot.
C:\Users\Tom\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
         


Alt 27.08.2012, 00:20   #6
t'john
/// Helfer-Team
 
100€ Trojaner - Standard

100€ Trojaner



Sehr gut!

Wie laeuft der Rechner?

1. Schritt
Bitte einen Vollscan mit Malwarebytes Anti-Malware machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Malwarebytes Anti-Malware
- Anwendbar auf Windows 2000, XP, Vista und 7.
- Installiere das Programm in den vorgegebenen Pfad.
- Aktualisiere die Datenbank!
- Aktiviere "Komplett Scan durchführen" => Scan.
- Wähle alle verfügbaren Laufwerke (ausser CD/DVD) aus und starte den Scan.
- Funde bitte löschen lassen oder in Quarantäne.
- Wenn der Scan beendet ist, klicke auf "Zeige Resultate".
danach:

2. Schritt

Downloade Dir bitte AdwCleaner auf deinen Desktop.

  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Search.
  • Nach Ende des Suchlaufs öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[R1].txt.
__________________
--> 100€ Trojaner

Alt 29.08.2012, 18:56   #7
Nick11
 
100€ Trojaner - Standard

100€ Trojaner



Rechner läuft super wie vorher. Hier der Log:

Code:
ATTFilter
 Malwarebytes Anti-Malware  (Test) 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.08.29.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Tom :: TOM-PC [Administrator]

Schutz: Aktiviert

29.08.2012 17:26:10
mbam-log-2012-08-29 (17-26-10).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 470914
Laufzeit: 1 Stunde(n), 25 Minute(n), 45 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 5
HKCU\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\215 APPS (PUP.CrossFire.SA) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Google\Chrome\Extensions\mpfapcdfbbledbojijcbcclmlieaoogk (PUP.GamesPlayLab) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\mpfapcdfbbledbojijcbcclmlieaoogk (PUP.GamesPlayLab) -> Keine Aktion durchgeführt.
HKCR\Interface\{66666666-6666-6666-6666-660066226658} (Adware.GamePlayLab) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\TypeLib\{44444444-4444-4444-4444-440044224458} (Adware.GamePlayLab) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Registrierungswerte: 1
HKCU\Software\InstalledBrowserExtensions\215 Apps|2258 (PUP.CrossFire.SA) -> Daten: I Want This -> Keine Aktion durchgeführt.

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
         
Code:
ATTFilter
# AdwCleaner v1.801 - Logfile created 08/29/2012 at 19:56:03
# Updated 14/08/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Tom - TOM-PC
# Boot Mode : Normal
# Running from : C:\Users\Tom\Downloads\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

Folder Found : C:\Users\Tom\AppData\Local\Conduit
Folder Found : C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_mpfapcdfbbledbojijcbcclmlieaoogk_0
Folder Found : C:\Users\Tom\AppData\Local\OpenCandy
Folder Found : C:\Users\Tom\AppData\LocalLow\BabylonToolbar
Folder Found : C:\Users\Tom\AppData\LocalLow\Conduit
Folder Found : C:\Users\Tom\AppData\LocalLow\PriceGong
Folder Found : C:\Users\Tom\AppData\Roaming\OpenCandy
Folder Found : C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\jwu9ya39.default\CT2269050
Folder Found : C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\jwu9ya39.default\Smartbar
Folder Found : C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\jwu9ya39.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
Folder Found : C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\jwu9ya39.default\extensions\crossriderapp2258@crossrider.com
Folder Found : C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\jwu9ya39.default\extensions\ffxtlbra@softonic.com
Folder Found : C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\jwu9ya39.default\extensions\plugin@yontoo.com
Folder Found : C:\ProgramData\Babylon
Folder Found : C:\ProgramData\Tarma Installer
Folder Found : C:\Program Files (x86)\Softonic
Folder Found : C:\Program Files (x86)\Yontoo Layers Runtime
File Found : C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\jwu9ya39.default\searchplugins\Askcom.xml
File Found : C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\jwu9ya39.default\searchplugins\Conduit.xml
File Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
File Found : C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml
File Found : C:\user.js

***** [Registry] *****
[*] Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2269050[*] Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2304157[*] Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2736476
Key Found : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Found : HKCU\Software\AppDataLow\Software\I Want This
Key Found : HKCU\Software\AppDataLow\Software\PriceGong
Key Found : HKCU\Software\AppDataLow\Software\SmartBar
Key Found : HKCU\Software\Cr_Installer
Key Found : HKCU\Software\InstalledBrowserExtensions
Key Found : HKCU\Software\Softonic
Key Found : HKLM\SOFTWARE\Babylon
Key Found : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
Key Found : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Found : HKLM\SOFTWARE\Classes\S
Key Found : HKLM\SOFTWARE\Classes\Softonic.dskBnd
Key Found : HKLM\SOFTWARE\Classes\Softonic.dskBnd.1
Key Found : HKLM\SOFTWARE\Classes\Softonic.SoftonicHlpr
Key Found : HKLM\SOFTWARE\Classes\Softonic.SoftonicHlpr.1
Key Found : HKLM\SOFTWARE\Classes\SoftonicApp.appCore
Key Found : HKLM\SOFTWARE\Classes\SoftonicApp.appCore.1
Key Found : HKLM\SOFTWARE\Classes\srv.SoftonicSrvc
Key Found : HKLM\SOFTWARE\Classes\srv.SoftonicSrvc.1
Key Found : HKLM\SOFTWARE\Classes\YontooIEClient.Api
Key Found : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1
Key Found : HKLM\SOFTWARE\Classes\YontooIEClient.Layers
Key Found : HKLM\SOFTWARE\Classes\YontooIEClient.Layers.1
Key Found : HKLM\SOFTWARE\Conduit
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\mpfapcdfbbledbojijcbcclmlieaoogk
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com]
[x64] Key Found : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
[x64] Key Found : HKCU\Software\AppDataLow\Software\I Want This
[x64] Key Found : HKCU\Software\AppDataLow\Software\PriceGong
[x64] Key Found : HKCU\Software\AppDataLow\Software\SmartBar
[x64] Key Found : HKCU\Software\Cr_Installer
[x64] Key Found : HKCU\Software\InstalledBrowserExtensions
[x64] Key Found : HKCU\Software\Softonic
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\escort.DLL
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
[x64] Key Found : HKLM\SOFTWARE\Classes\Conduit.Engine
[x64] Key Found : HKLM\SOFTWARE\Classes\S
[x64] Key Found : HKLM\SOFTWARE\Classes\Softonic.dskBnd
[x64] Key Found : HKLM\SOFTWARE\Classes\Softonic.dskBnd.1
[x64] Key Found : HKLM\SOFTWARE\Classes\Softonic.SoftonicHlpr
[x64] Key Found : HKLM\SOFTWARE\Classes\Softonic.SoftonicHlpr.1
[x64] Key Found : HKLM\SOFTWARE\Classes\SoftonicApp.appCore
[x64] Key Found : HKLM\SOFTWARE\Classes\SoftonicApp.appCore.1
[x64] Key Found : HKLM\SOFTWARE\Classes\srv.SoftonicSrvc
[x64] Key Found : HKLM\SOFTWARE\Classes\srv.SoftonicSrvc.1
[x64] Key Found : HKLM\SOFTWARE\Classes\YontooIEClient.Api
[x64] Key Found : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1
[x64] Key Found : HKLM\SOFTWARE\Classes\YontooIEClient.Layers
[x64] Key Found : HKLM\SOFTWARE\Classes\YontooIEClient.Layers.1
[x64] Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
[x64] Key Found : HKLM\SOFTWARE\Tarma Installer

***** [Registre - GUID] *****

Key Found : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Found : HKLM\SOFTWARE\Classes\AppID\{7ABBFE1C-E485-44AA-8F36-353751B4124D}
Key Found : HKLM\SOFTWARE\Classes\AppID\{B15F118E-AF21-45E8-A809-29FDD7362565}
Key Found : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Found : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{44B50C01-4993-48E2-ADEE-D812BAE2E9A2}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{7E84186E-B5DE-4226-8A66-6E49C6B511B4}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{A3E2F089-DDBB-4CBF-B06C-5D44DA316ED3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{A5679AB0-C59E-49E7-83C4-5289F844A6E0}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{CA0167C2-6295-41B8-9BDA-704B2F5E4CD9}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Key Found : HKLM\SOFTWARE\Classes\Interface\{087CDC12-0A11-4D1D-8DCF-44185D7C3496}
Key Found : HKLM\SOFTWARE\Classes\Interface\{088BF3A9-6AE8-47B9-A3FB-26262F236C79}
Key Found : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Found : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Found : HKLM\SOFTWARE\Classes\Interface\{2AC7B9EB-3881-4EB9-8DEE-0A731A309FDE}
Key Found : HKLM\SOFTWARE\Classes\Interface\{349C0469-ACDD-49DF-9B3E-0D82E7C7DC4D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{41226591-6F7A-4082-B63A-67FE4A0CF7A6}
Key Found : HKLM\SOFTWARE\Classes\Interface\{55D69CD1-6715-4C40-BF05-9519AC4DC6E6}
Key Found : HKLM\SOFTWARE\Classes\Interface\{66C8FD57-54C4-4D4F-BC95-DCCC763B410A}
Key Found : HKLM\SOFTWARE\Classes\Interface\{717BAE33-7061-4279-8AE5-6C13BC8AF3F9}
Key Found : HKLM\SOFTWARE\Classes\Interface\{77777777-7777-7777-7777-770077227758}
Key Found : HKLM\SOFTWARE\Classes\Interface\{84F06F7A-F811-48D7-8B34-3F4145183D8F}
Key Found : HKLM\SOFTWARE\Classes\Interface\{88F6D55F-AA3F-4003-BE69-4AC1998D6492}
Key Found : HKLM\SOFTWARE\Classes\Interface\{A0F66203-1A86-4812-9603-A57E09A4D7A3}
Key Found : HKLM\SOFTWARE\Classes\Interface\{BC39D1B3-4471-41C1-AACA-E097FAF4B7AA}
Key Found : HKLM\SOFTWARE\Classes\Interface\{DEB85542-1311-4EC6-8A32-5372EB27FC94}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{11D9E165-B8C1-4734-A56C-BC4FCACA966B}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{B15F118E-AF21-45E8-A809-29FDD7362565}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9CF034EA-7B46-48D3-8895-8A14B32AE445}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{5018CFD2-804D-4C99-9F81-25EAEA2769DE}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{E87806B5-E908-45FD-AF5E-957D83E58E68}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5018CFD2-804D-4C99-9F81-25EAEA2769DE}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E87806B5-E908-45FD-AF5E-957D83E58E68}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\{7ABBFE1C-E485-44AA-8F36-353751B4124D}
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\{B15F118E-AF21-45E8-A809-29FDD7362565}
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{087CDC12-0A11-4D1D-8DCF-44185D7C3496}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{088BF3A9-6AE8-47B9-A3FB-26262F236C79}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{2AC7B9EB-3881-4EB9-8DEE-0A731A309FDE}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{349C0469-ACDD-49DF-9B3E-0D82E7C7DC4D}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{41226591-6F7A-4082-B63A-67FE4A0CF7A6}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550055225558}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{55D69CD1-6715-4C40-BF05-9519AC4DC6E6}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660066226658}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{66C8FD57-54C4-4D4F-BC95-DCCC763B410A}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{717BAE33-7061-4279-8AE5-6C13BC8AF3F9}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{77777777-7777-7777-7777-770077227758}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{84F06F7A-F811-48D7-8B34-3F4145183D8F}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{88F6D55F-AA3F-4003-BE69-4AC1998D6492}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{A0F66203-1A86-4812-9603-A57E09A4D7A3}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{BC39D1B3-4471-41C1-AACA-E097FAF4B7AA}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{DEB85542-1311-4EC6-8A32-5372EB27FC94}
[x64] Key Found : HKLM\SOFTWARE\Classes\TypeLib\{11D9E165-B8C1-4734-A56C-BC4FCACA966B}
[x64] Key Found : HKLM\SOFTWARE\Classes\TypeLib\{B15F118E-AF21-45E8-A809-29FDD7362565}
[x64] Key Found : HKLM\SOFTWARE\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{5018CFD2-804D-4C99-9F81-25EAEA2769DE}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{E87806B5-E908-45FD-AF5E-957D83E58E68}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5018CFD2-804D-4C99-9F81-25EAEA2769DE}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E87806B5-E908-45FD-AF5E-957D83E58E68}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
[x64] Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v10.0.2 (de)

Profile name : default 
File : C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\jwu9ya39.default\prefs.js

Found : user_pref("CT2269050.1000082.isPlayDisplay", "true");
Found : user_pref("CT2269050.1000082.state", "{\"state\":\"stopped\",\"text\":\"Hotmix 108\",\"description\"[...]
Found : user_pref("CT2269050.1000234.TWC_TMP_city", "");
Found : user_pref("CT2269050.1000234.TWC_TMP_country", "DE");
Found : user_pref("CT2269050.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Found : user_pref("CT2269050.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"tru[...]
Found : user_pref("CT2269050.FirstTime", "true");
Found : user_pref("CT2269050.FirstTimeFF3", "true");
Found : user_pref("CT2269050.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT226[...]
Found : user_pref("CT2269050.UserID", "UN83246051853990458");
Found : user_pref("CT2269050.addressBarTakeOverEnabledInHidden", "true");
Found : user_pref("CT2269050.autoDisableScopes", -1);
Found : user_pref("CT2269050.browser.search.defaultthis.engineName", "");
Found : user_pref("CT2269050.defaultSearch", "true");
Found : user_pref("CT2269050.embeddedsData", "[{\"appId\":\"128834881989343895\",\"apiPermissions\":{\"cross[...]
Found : user_pref("CT2269050.enableAlerts", "false");
Found : user_pref("CT2269050.enableSearchFromAddressBar", "true");
Found : user_pref("CT2269050.firstTimeDialogOpened", "true");
Found : user_pref("CT2269050.fixPageNotFoundError", "true");
Found : user_pref("CT2269050.fixPageNotFoundErrorInHidden", "true");
Found : user_pref("CT2269050.installId", "ConduitNSISIntegration");
Found : user_pref("CT2269050.installType", "ConduitNSISIntegration");
Found : user_pref("CT2269050.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Found : user_pref("CT2269050.isNewTabEnabled", true);
Found : user_pref("CT2269050.isPerformedSmartBarTransition", "true");
Found : user_pref("CT2269050.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Found : user_pref("CT2269050.keyword", true);
Found : user_pref("CT2269050.navigationAliasesJson", "{\"EB_MAIN_FRAME_URL\":\"hxxp%3A%2F%2Falaris.schueler.[...]
Found : user_pref("CT2269050.openThankYouPage", "false");
Found : user_pref("CT2269050.openUninstallPage", "true");
Found : user_pref("CT2269050.search.searchAppId", "128834881989343895");
Found : user_pref("CT2269050.search.searchCount", "0");
Found : user_pref("CT2269050.searchInNewTabEnabledInHidden", "true");
Found : user_pref("CT2269050.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Found : user_pref("CT2269050.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"d[...]
Found : user_pref("CT2269050.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"2\[...]
Found : user_pref("CT2269050.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"d[...]
Found : user_pref("CT2269050.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"strin[...]
Found : user_pref("CT2269050.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"strin[...]
Found : user_pref("CT2269050.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data[...]
Found : user_pref("CT2269050.serviceLayer_service_usage_toolbarUsageCount", "{\"dataType\":\"number\",\"data[...]
Found : user_pref("CT2269050.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1337709277544");
Found : user_pref("CT2269050.serviceLayer_services_appTracking_lastUpdate", "1337709281165");
Found : user_pref("CT2269050.serviceLayer_services_appsMetadata_lastUpdate", "1337709236382");
Found : user_pref("CT2269050.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1337709277803");
Found : user_pref("CT2269050.serviceLayer_services_login_10.10.2.10_lastUpdate", "1337709245238");
Found : user_pref("CT2269050.serviceLayer_services_optimizer_lastUpdate", "1337709232791");
Found : user_pref("CT2269050.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1337709257532");
Found : user_pref("CT2269050.serviceLayer_services_searchAPI_lastUpdate", "1337709221084");
Found : user_pref("CT2269050.serviceLayer_services_serviceMap_lastUpdate", "1337709218983");
Found : user_pref("CT2269050.serviceLayer_services_toolbarContextMenu_lastUpdate", "1337709234010");
Found : user_pref("CT2269050.serviceLayer_services_toolbarSettings_lastUpdate", "1337709225404");
Found : user_pref("CT2269050.serviceLayer_services_translation_lastUpdate", "1337709263145");
Found : user_pref("CT2269050.settingsINI", true);
Found : user_pref("CT2269050.shouldFirstTimeDialog", "false");
Found : user_pref("CT2269050.smartbar.CTID", "CT2269050");
Found : user_pref("CT2269050.smartbar.Uninstall", "0");
Found : user_pref("CT2269050.smartbar.homepage", true);
Found : user_pref("CT2269050.smartbar.toolbarName", "DVDVideoSoftTB ");
Found : user_pref("CT2269050.toolbarBornServerTime", "22-5-2012");
Found : user_pref("CT2269050.toolbarCurrentServerTime", "22-5-2012");
Found : user_pref("CT2269050.toolbarDisabled", "true");
Found : user_pref("Smartbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT2269050&SearchSource=1[...]
Found : user_pref("Smartbar.ConduitSearchEngineList", "DVDVideoSoftTB Customized Web Search");
Found : user_pref("Smartbar.ConduitSearchUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050[...]
Found : user_pref("Smartbar.keywordURLSelectedCTID", "CT2269050");
Found : user_pref("browser.babylon.HPOnNewTab", "search.babylon.com");
Found : user_pref("extensions.BabylonToolbar_i.aflt", "babsst");
Found : user_pref("extensions.BabylonToolbar_i.babExt", "");
Found : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=109986");
Found : user_pref("extensions.BabylonToolbar_i.hardId", "7a2ec57c00000000000000ff6a000461");
Found : user_pref("extensions.BabylonToolbar_i.id", "7a2ec57c00000000000000ff6a000461");
Found : user_pref("extensions.BabylonToolbar_i.instlDay", "15493");
Found : user_pref("extensions.BabylonToolbar_i.instlRef", "sst");
Found : user_pref("extensions.BabylonToolbar_i.newTab", true);
Found : user_pref("extensions.BabylonToolbar_i.newTabUrl", "hxxp://search.babylon.com/?affID=109986&babsrc=N[...]
Found : user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar");
Found : user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon");
Found : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
Found : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
Found : user_pref("extensions.BabylonToolbar_i.tlbrId", "tb9");
Found : user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17");
Found : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.1720:58:48");
Found : user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17");
Found : user_pref("extensions.softonic_i.aflt", "orgnl");
Found : user_pref("extensions.softonic_i.dfltLng", "");
Found : user_pref("extensions.softonic_i.excTlbr", false);
Found : user_pref("extensions.softonic_i.id", "7a2ec57c00000000000000ff6a000461");
Found : user_pref("extensions.softonic_i.instlDay", "15419");
Found : user_pref("extensions.softonic_i.instlRef", "MON00001");
Found : user_pref("extensions.softonic_i.newTab", false);
Found : user_pref("extensions.softonic_i.prdct", "softonic");
Found : user_pref("extensions.softonic_i.prtnrId", "softonic");
Found : user_pref("extensions.softonic_i.smplGrp", "eng7");
Found : user_pref("extensions.softonic_i.tlbrId", "eng7");
Found : user_pref("extensions.softonic_i.tlbrSrchUrl", "hxxp://search.softonic.com/MON00001/tb_v1?SearchSour[...]
Found : user_pref("extensions.softonic_i.vrsn", "1.5.11.5");
Found : user_pref("extensions.softonic_i.vrsnTs", "1.5.11.516:10:23");
Found : user_pref("extensions.softonic_i.vrsni", "1.5.11.5");

*************************

AdwCleaner[R1].txt - [21676 octets] - [29/08/2012 17:27:58]
AdwCleaner[R2].txt - [21644 octets] - [29/08/2012 19:56:03]

########## EOF - C:\AdwCleaner[R2].txt - [21773 octets] ##########
         

Alt 29.08.2012, 22:03   #8
t'john
/// Helfer-Team
 
100€ Trojaner - Standard

100€ Trojaner



Sehr gut!


  • Schließe alle offenen Programme und Browser.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Delete.
  • Bestätige jeweils mit Ok.
  • Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[S1].txt.




danach:


Malware-Scan mit Emsisoft Anti-Malware

Lade die Gratisversion von => Emsisoft Anti-Malware herunter und installiere das Programm.
Lade über Jetzt Updaten die aktuellen Signaturen herunter.
Wähle den Freeware-Modus aus.

Wähle Detail Scan und starte über den Button Scan die Überprüfung des Computers.
Am Ende des Scans nichts loeschen lassen!. Mit Klick auf Bericht speichern das Logfile auf dem Desktop speichern und hier in den Thread posten.

Anleitung: http://www.trojaner-board.de/103809-...i-malware.html
__________________
Mfg, t'john
Das TB unterstützen

Alt 01.09.2012, 11:36   #9
Nick11
 
100€ Trojaner - Standard

100€ Trojaner



Code:
ATTFilter
# AdwCleaner v1.801 - Logfile created 08/31/2012 at 14:06:32
# Updated 14/08/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Tom - TOM-PC
# Boot Mode : Normal
# Running from : C:\Users\Tom\Downloads\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Users\Tom\AppData\Local\Conduit
Folder Deleted : C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_mpfapcdfbbledbojijcbcclmlieaoogk_0
Folder Deleted : C:\Users\Tom\AppData\Local\OpenCandy
Folder Deleted : C:\Users\Tom\AppData\LocalLow\BabylonToolbar
Folder Deleted : C:\Users\Tom\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Tom\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\Tom\AppData\Roaming\OpenCandy
Folder Deleted : C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\jwu9ya39.default\CT2269050
Folder Deleted : C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\jwu9ya39.default\Smartbar
Folder Deleted : C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\jwu9ya39.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
Folder Deleted : C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\jwu9ya39.default\extensions\crossriderapp2258@crossrider.com
Folder Deleted : C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\jwu9ya39.default\extensions\ffxtlbra@softonic.com
Folder Deleted : C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\jwu9ya39.default\extensions\plugin@yontoo.com
Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\ProgramData\Tarma Installer
Folder Deleted : C:\Program Files (x86)\Softonic
Folder Deleted : C:\Program Files (x86)\Yontoo Layers Runtime
File Deleted : C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\jwu9ya39.default\searchplugins\Askcom.xml
File Deleted : C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\jwu9ya39.default\searchplugins\Conduit.xml
File Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml
File Deleted : C:\user.js

***** [Registry] *****
[*] Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2269050[*] Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2304157[*] Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2736476
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\I Want This
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\Cr_Installer
Key Deleted : HKCU\Software\InstalledBrowserExtensions
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKLM\SOFTWARE\Babylon
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
Key Deleted : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Deleted : HKLM\SOFTWARE\Classes\S
Key Deleted : HKLM\SOFTWARE\Classes\Softonic.dskBnd
Key Deleted : HKLM\SOFTWARE\Classes\Softonic.dskBnd.1
Key Deleted : HKLM\SOFTWARE\Classes\Softonic.SoftonicHlpr
Key Deleted : HKLM\SOFTWARE\Classes\Softonic.SoftonicHlpr.1
Key Deleted : HKLM\SOFTWARE\Classes\SoftonicApp.appCore
Key Deleted : HKLM\SOFTWARE\Classes\SoftonicApp.appCore.1
Key Deleted : HKLM\SOFTWARE\Classes\srv.SoftonicSrvc
Key Deleted : HKLM\SOFTWARE\Classes\srv.SoftonicSrvc.1
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Layers
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Layers.1
Key Deleted : HKLM\SOFTWARE\Conduit
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\mpfapcdfbbledbojijcbcclmlieaoogk
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com]
[x64] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
[x64] Key Deleted : HKLM\SOFTWARE\Tarma Installer

***** [Registre - GUID] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{7ABBFE1C-E485-44AA-8F36-353751B4124D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B15F118E-AF21-45E8-A809-29FDD7362565}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{44B50C01-4993-48E2-ADEE-D812BAE2E9A2}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7E84186E-B5DE-4226-8A66-6E49C6B511B4}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A3E2F089-DDBB-4CBF-B06C-5D44DA316ED3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A5679AB0-C59E-49E7-83C4-5289F844A6E0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CA0167C2-6295-41B8-9BDA-704B2F5E4CD9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{087CDC12-0A11-4D1D-8DCF-44185D7C3496}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{088BF3A9-6AE8-47B9-A3FB-26262F236C79}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2AC7B9EB-3881-4EB9-8DEE-0A731A309FDE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{349C0469-ACDD-49DF-9B3E-0D82E7C7DC4D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{41226591-6F7A-4082-B63A-67FE4A0CF7A6}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{55D69CD1-6715-4C40-BF05-9519AC4DC6E6}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66C8FD57-54C4-4D4F-BC95-DCCC763B410A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{717BAE33-7061-4279-8AE5-6C13BC8AF3F9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{77777777-7777-7777-7777-770077227758}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{84F06F7A-F811-48D7-8B34-3F4145183D8F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{88F6D55F-AA3F-4003-BE69-4AC1998D6492}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A0F66203-1A86-4812-9603-A57E09A4D7A3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BC39D1B3-4471-41C1-AACA-E097FAF4B7AA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DEB85542-1311-4EC6-8A32-5372EB27FC94}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{11D9E165-B8C1-4734-A56C-BC4FCACA966B}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{B15F118E-AF21-45E8-A809-29FDD7362565}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9CF034EA-7B46-48D3-8895-8A14B32AE445}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{5018CFD2-804D-4C99-9F81-25EAEA2769DE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{E87806B5-E908-45FD-AF5E-957D83E58E68}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5018CFD2-804D-4C99-9F81-25EAEA2769DE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E87806B5-E908-45FD-AF5E-957D83E58E68}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{087CDC12-0A11-4D1D-8DCF-44185D7C3496}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{088BF3A9-6AE8-47B9-A3FB-26262F236C79}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2AC7B9EB-3881-4EB9-8DEE-0A731A309FDE}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{349C0469-ACDD-49DF-9B3E-0D82E7C7DC4D}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{41226591-6F7A-4082-B63A-67FE4A0CF7A6}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550055225558}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{55D69CD1-6715-4C40-BF05-9519AC4DC6E6}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660066226658}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66C8FD57-54C4-4D4F-BC95-DCCC763B410A}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{717BAE33-7061-4279-8AE5-6C13BC8AF3F9}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{77777777-7777-7777-7777-770077227758}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{84F06F7A-F811-48D7-8B34-3F4145183D8F}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{88F6D55F-AA3F-4003-BE69-4AC1998D6492}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A0F66203-1A86-4812-9603-A57E09A4D7A3}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BC39D1B3-4471-41C1-AACA-E097FAF4B7AA}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DEB85542-1311-4EC6-8A32-5372EB27FC94}

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v10.0.2 (de)

Profile name : default 
File : C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\jwu9ya39.default\prefs.js

C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\jwu9ya39.default\user.js ... Deleted !

Deleted : user_pref("CT2269050.1000082.isPlayDisplay", "true");
Deleted : user_pref("CT2269050.1000082.state", "{\"state\":\"stopped\",\"text\":\"Hotmix 108\",\"description\"[...]
Deleted : user_pref("CT2269050.1000234.TWC_TMP_city", "");
Deleted : user_pref("CT2269050.1000234.TWC_TMP_country", "DE");
Deleted : user_pref("CT2269050.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Deleted : user_pref("CT2269050.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"tru[...]
Deleted : user_pref("CT2269050.FirstTime", "true");
Deleted : user_pref("CT2269050.FirstTimeFF3", "true");
Deleted : user_pref("CT2269050.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT226[...]
Deleted : user_pref("CT2269050.UserID", "UN83246051853990458");
Deleted : user_pref("CT2269050.addressBarTakeOverEnabledInHidden", "true");
Deleted : user_pref("CT2269050.autoDisableScopes", -1);
Deleted : user_pref("CT2269050.browser.search.defaultthis.engineName", "");
Deleted : user_pref("CT2269050.defaultSearch", "true");
Deleted : user_pref("CT2269050.embeddedsData", "[{\"appId\":\"128834881989343895\",\"apiPermissions\":{\"cross[...]
Deleted : user_pref("CT2269050.enableAlerts", "false");
Deleted : user_pref("CT2269050.enableSearchFromAddressBar", "true");
Deleted : user_pref("CT2269050.firstTimeDialogOpened", "true");
Deleted : user_pref("CT2269050.fixPageNotFoundError", "true");
Deleted : user_pref("CT2269050.fixPageNotFoundErrorInHidden", "true");
Deleted : user_pref("CT2269050.installId", "ConduitNSISIntegration");
Deleted : user_pref("CT2269050.installType", "ConduitNSISIntegration");
Deleted : user_pref("CT2269050.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Deleted : user_pref("CT2269050.isNewTabEnabled", true);
Deleted : user_pref("CT2269050.isPerformedSmartBarTransition", "true");
Deleted : user_pref("CT2269050.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Deleted : user_pref("CT2269050.keyword", true);
Deleted : user_pref("CT2269050.navigationAliasesJson", "{\"EB_MAIN_FRAME_URL\":\"hxxp%3A%2F%2Falaris.schueler.[...]
Deleted : user_pref("CT2269050.openThankYouPage", "false");
Deleted : user_pref("CT2269050.openUninstallPage", "true");
Deleted : user_pref("CT2269050.search.searchAppId", "128834881989343895");
Deleted : user_pref("CT2269050.search.searchCount", "0");
Deleted : user_pref("CT2269050.searchInNewTabEnabledInHidden", "true");
Deleted : user_pref("CT2269050.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Deleted : user_pref("CT2269050.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"d[...]
Deleted : user_pref("CT2269050.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"2\[...]
Deleted : user_pref("CT2269050.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"d[...]
Deleted : user_pref("CT2269050.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"strin[...]
Deleted : user_pref("CT2269050.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"strin[...]
Deleted : user_pref("CT2269050.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data[...]
Deleted : user_pref("CT2269050.serviceLayer_service_usage_toolbarUsageCount", "{\"dataType\":\"number\",\"data[...]
Deleted : user_pref("CT2269050.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1337709277544");
Deleted : user_pref("CT2269050.serviceLayer_services_appTracking_lastUpdate", "1337709281165");
Deleted : user_pref("CT2269050.serviceLayer_services_appsMetadata_lastUpdate", "1337709236382");
Deleted : user_pref("CT2269050.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1337709277803");
Deleted : user_pref("CT2269050.serviceLayer_services_login_10.10.2.10_lastUpdate", "1337709245238");
Deleted : user_pref("CT2269050.serviceLayer_services_optimizer_lastUpdate", "1337709232791");
Deleted : user_pref("CT2269050.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1337709257532");
Deleted : user_pref("CT2269050.serviceLayer_services_searchAPI_lastUpdate", "1337709221084");
Deleted : user_pref("CT2269050.serviceLayer_services_serviceMap_lastUpdate", "1337709218983");
Deleted : user_pref("CT2269050.serviceLayer_services_toolbarContextMenu_lastUpdate", "1337709234010");
Deleted : user_pref("CT2269050.serviceLayer_services_toolbarSettings_lastUpdate", "1337709225404");
Deleted : user_pref("CT2269050.serviceLayer_services_translation_lastUpdate", "1337709263145");
Deleted : user_pref("CT2269050.settingsINI", true);
Deleted : user_pref("CT2269050.shouldFirstTimeDialog", "false");
Deleted : user_pref("CT2269050.smartbar.CTID", "CT2269050");
Deleted : user_pref("CT2269050.smartbar.Uninstall", "0");
Deleted : user_pref("CT2269050.smartbar.homepage", true);
Deleted : user_pref("CT2269050.smartbar.toolbarName", "DVDVideoSoftTB ");
Deleted : user_pref("CT2269050.toolbarBornServerTime", "22-5-2012");
Deleted : user_pref("CT2269050.toolbarCurrentServerTime", "22-5-2012");
Deleted : user_pref("CT2269050.toolbarDisabled", "true");
Deleted : user_pref("Smartbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT2269050&SearchSource=1[...]
Deleted : user_pref("Smartbar.ConduitSearchEngineList", "DVDVideoSoftTB Customized Web Search");
Deleted : user_pref("Smartbar.ConduitSearchUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050[...]
Deleted : user_pref("Smartbar.keywordURLSelectedCTID", "CT2269050");
Deleted : user_pref("browser.babylon.HPOnNewTab", "search.babylon.com");
Deleted : user_pref("extensions.BabylonToolbar_i.aflt", "babsst");
Deleted : user_pref("extensions.BabylonToolbar_i.babExt", "");
Deleted : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=109986");
Deleted : user_pref("extensions.BabylonToolbar_i.hardId", "7a2ec57c00000000000000ff6a000461");
Deleted : user_pref("extensions.BabylonToolbar_i.id", "7a2ec57c00000000000000ff6a000461");
Deleted : user_pref("extensions.BabylonToolbar_i.instlDay", "15493");
Deleted : user_pref("extensions.BabylonToolbar_i.instlRef", "sst");
Deleted : user_pref("extensions.BabylonToolbar_i.newTab", true);
Deleted : user_pref("extensions.BabylonToolbar_i.newTabUrl", "hxxp://search.babylon.com/?affID=109986&babsrc=N[...]
Deleted : user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar");
Deleted : user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon");
Deleted : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
Deleted : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
Deleted : user_pref("extensions.BabylonToolbar_i.tlbrId", "tb9");
Deleted : user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17");
Deleted : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.1720:58:48");
Deleted : user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17");
Deleted : user_pref("extensions.softonic_i.aflt", "orgnl");
Deleted : user_pref("extensions.softonic_i.dfltLng", "");
Deleted : user_pref("extensions.softonic_i.excTlbr", false);
Deleted : user_pref("extensions.softonic_i.id", "7a2ec57c00000000000000ff6a000461");
Deleted : user_pref("extensions.softonic_i.instlDay", "15419");
Deleted : user_pref("extensions.softonic_i.instlRef", "MON00001");
Deleted : user_pref("extensions.softonic_i.newTab", false);
Deleted : user_pref("extensions.softonic_i.prdct", "softonic");
Deleted : user_pref("extensions.softonic_i.prtnrId", "softonic");
Deleted : user_pref("extensions.softonic_i.smplGrp", "eng7");
Deleted : user_pref("extensions.softonic_i.tlbrId", "eng7");
Deleted : user_pref("extensions.softonic_i.tlbrSrchUrl", "hxxp://search.softonic.com/MON00001/tb_v1?SearchSour[...]
Deleted : user_pref("extensions.softonic_i.vrsn", "1.5.11.5");
Deleted : user_pref("extensions.softonic_i.vrsnTs", "1.5.11.516:10:23");
Deleted : user_pref("extensions.softonic_i.vrsni", "1.5.11.5");

*************************

AdwCleaner[R1].txt - [21676 octets] - [29/08/2012 17:27:58]
AdwCleaner[R2].txt - [21653 octets] - [29/08/2012 19:56:03]
AdwCleaner[S1].txt - [18924 octets] - [31/08/2012 14:06:32]

########## EOF - C:\AdwCleaner[S1].txt - [19053 octets] ##########
         
Zählst du unter "Am Ende des Scans nichts loeschen lassen!" auch nichts in die Quarantäne verschieben?

Alt 01.09.2012, 16:55   #10
t'john
/// Helfer-Team
 
100€ Trojaner - Standard

100€ Trojaner



Kannst du verschieben.
__________________
Mfg, t'john
Das TB unterstützen

Alt 08.09.2012, 11:39   #11
Nick11
 
100€ Trojaner - Standard

100€ Trojaner



Emsisoft Anti-Malware - Version 6.6
Letztes Update: 08.09.2012 10:35:27

Scan Einstellungen:

Scan Methode: Detail Scan
Objekte: Rootkits, Speicher, Traces, C:\, D:\, E:\
Archiv Scan: An
ADS Scan: An

Scan Beginn: 08.09.2012 10:36:18

Value: hkey_current_user\software\gamespy\gamespy arcade --> instdir gefunden: Trace.Registry.gamespy arcade!E1

Gescannt 730158
Gefunden 1

Scan Ende: 08.09.2012 12:22:57
Scan Zeit: 1:46:39

Value: hkey_current_user\software\gamespy\gamespy arcade --> instdir Quarantäne Trace.Registry.gamespy arcade!E1

Quarantäne 1

Alt 09.09.2012, 02:07   #12
t'john
/// Helfer-Team
 
100€ Trojaner - Standard

100€ Trojaner



Sehr gut!



Deinstalliere:
Emsisoft Anti-Malware


ESET Online Scanner

Vorbereitung

  • Schließe evtl. vorhandene externe Festplatten und/oder sonstigen Wechselmedien (z. B. evtl. vorhandene USB-Sticks) an den Rechner an.
  • Bitte während des Online-Scans Anti-Virus-Programm und Firewall deaktivieren.
  • Vista/Win7-User: Bitte den Browser unbedingt als Administrator starten.
Los geht's

  • Lade und starte Eset Smartinstaller
  • Haken setzen bei YES, I accept the Terms of Use.
  • Klick auf Start.
  • Haken setzen bei Remove found threads und Scan archives.
  • Klick auf Start.
  • Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Finish drücken.
  • Browser schließen.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (manchmal auch C:\Programme\Eset\log.txt) suchen und mit Deinem Editor öffnen.
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset
__________________
Mfg, t'john
Das TB unterstützen

Alt 24.04.2013, 16:33   #13
t'john
/// Helfer-Team
 
100€ Trojaner - Standard

100€ Trojaner



Fehlende Rückmeldung

Gibt es Probleme beim Abarbeiten obiger Anleitung?

Um Kapazitäten für andere Hilfesuchende freizumachen, lösche ich dieses Thema aus meinen Benachrichtigungen.

Solltest Du weitermachen wollen, schreibe mir eine PN oder eröffne ein neues Thema.
http://www.trojaner-board.de/69886-a...-beachten.html


Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner sauber ist.
__________________
Mfg, t'john
Das TB unterstützen

Antwort

Themen zu 100€ Trojaner
100€ trojaner, adware.gameplaylab, adware.gameplaylabs, dringend, eingefangen, gefangen, gen, hilfe!, pup.crossfire.gen, pup.crossfire.sa, pup.gameplaylab, pup.gamesplaylab, troja, trojan.agent, trojan.winlock.p, trojane, trojaner, trojaner eingefangen



Zum Thema 100€ Trojaner - Ich hab mir den 100€ Trojaner eingefangen und möchte den jetzt gern wieder los werden. Bitte dringend um Hilfe! - 100€ Trojaner...
Archiv
Du betrachtest: 100€ Trojaner auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.