Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Polizei EInheit 5.2

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 25.07.2012, 23:00   #1
PagOcv
 
Polizei EInheit 5.2 - Standard

Polizei EInheit 5.2



Hallo Leute,

ich bin auch neu hier und wie so einige andere hat auch mich die "Polizei Einheit 5.2..." heimgesucht und meinen Computer lahm gelegt.

Habe mir bisher einiges zu diesem Thema hier am Trojaner-board durchgelesen, und soweit alles was mir möglich war gemacht...

Folgend der Log vom Malware Scan:
(Konnte Malwarebytes jedoch nicht aktualisieren, da durch den Virus natürlich auch die Internetverbindung am betroffenen Computer lahm gelegt ist)

Was mich weiters wundert ist -> wenn ich das Netzwerkkabel und somit die Internetverbindung entferne und den Computer neu starte funktioniert alles aber sobald ich mit dem Netz verbunden bin kommt wieder die "Polizei Warnung" am Desktop und sperrt alles...

Code:
ATTFilter
 Malwarebytes Anti-Malware  (Test) 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.07.03.05

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Rappold :: RAPPOLD-PC [Administrator]

Schutz: Aktiviert

25.07.2012 19:44:22
mbam-log-2012-07-25 (19-44-22).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 222508
Laufzeit: 14 Minute(n), 1 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (PUP.MyWebSearch) -> Keine Aktion durchgeführt.

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\$RECYCLE.BIN\S-1-5-21-237604504-4294741733-4283755352-1000\$RJKXC8P.exe (PUP.OfferBundler.ST) -> Keine Aktion durchgeführt.

(Ende)
         
und die Zwei Logs von OTL bzw. das Extra...

Code:
ATTFilter
OTL logfile created on: 25.07.2012 19:01:05 - Run 1
OTL by OldTimer - Version 3.2.54.1     Folder = C:\Users\Rappold\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,59 Gb Available Physical Memory | 79,36% Memory free
4,23 Gb Paging File | 3,99 Gb Available in Paging File | 94,37% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 208,22 Gb Total Space | 90,09 Gb Free Space | 43,27% Space Free | Partition Type: NTFS
Drive D: | 24,65 Gb Total Space | 18,36 Gb Free Space | 74,50% Space Free | Partition Type: FAT32
 
Computer Name: RAPPOLD-PC | User Name: Rappold | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Rappold\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Programme\WinRAR\RarExt.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MBAMService) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (TeamViewer5) -- C:\Programme\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (FirebirdServerMAGIXInstance) -- C:\Programme\Hofer Foto Service\Common\Database\bin\fbserver.exe (MAGIX®)
SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (x10nets) -- C:\Programme\Common Files\X10\Common\X10nets.exe (X10)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (blbdrive) -- C:\Windows\system32\drivers\blbdrive.sys File not found
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (TrojanKillerDriver) -- C:\Windows\System32\drivers\gtkdrv.sys (Windows (R) Win 7 DDK provider)
DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (3xHybrid) -- C:\Windows\System32\drivers\3xHybrid.sys (Philips Semiconductors GmbH)
DRV - (HdAudAddService) -- C:\Windows\System32\drivers\viahduaa.sys (VIA Technologies, Inc.)
DRV - (XUIF) -- C:\Windows\System32\drivers\x10ufx2.sys (X10 Wireless Technology, Inc.)
DRV - (X10Hid) -- C:\Windows\System32\drivers\x10hid.sys (X10 Wireless Technology, Inc.)
DRV - (R300) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.medion.com/
IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2269050
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GCNV_de
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "data:text/plain,browser.startup.homepage=hxxp://de.google.mozilla.com/firefox?client=firefox-a&rls=com.google:de:official"
FF - prefs.js..CommunityToolbar.SearchFromAddressBarSavedUrl: "data:text/plain,keyword.URL=hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&gfns=1&sourceid=navclient&rls=com.google:de:official&q="
FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaultthis.engineName: "Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "Search"
FF - prefs.js..browser.startup.homepage: "hxxp://search.conduit.com/?ctid=CT2269050&SearchSource=13"
FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.14.1.100013
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.3.2
FF - prefs.js..extensions.enabledItems: {B0BBFC8E-6697-4D2B-8FC4-B5AD9B3B1F11}:0.2
FF - prefs.js..extensions.enabledItems: de-AT@dictionaries.addons.mozilla.org:2.0.2
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:3.13.0.6
FF - prefs.js..extensions.enabledItems: smartwebprinting@hp.com:4.60
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}:6.0.31
FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&q="
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_265.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0:  File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3112ca9c-de6d-4884-a869-9855de68056c}: C:\ProgramData\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c} [2010.02.03 23:14:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010.02.26 11:51:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.15\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.01.13 04:39:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.15\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.05.11 06:17:41 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010.02.26 11:51:25 | 000,000,000 | ---D | M]
 
[2008.11.14 10:33:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rappold\AppData\Roaming\mozilla\Extensions
[2012.07.24 18:23:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rappold\AppData\Roaming\mozilla\Firefox\Profiles\6rz0ztvy.default\extensions
[2010.07.27 10:13:47 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Rappold\AppData\Roaming\mozilla\Firefox\Profiles\6rz0ztvy.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.08.03 19:27:10 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\Rappold\AppData\Roaming\mozilla\Firefox\Profiles\6rz0ztvy.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2012.06.06 12:34:11 | 000,000,000 | ---D | M] (DVDVideoSoftTB Community Toolbar) -- C:\Users\Rappold\AppData\Roaming\mozilla\Firefox\Profiles\6rz0ztvy.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2010.07.27 10:40:19 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\Rappold\AppData\Roaming\mozilla\Firefox\Profiles\6rz0ztvy.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011.01.13 04:28:40 | 000,000,000 | ---D | M] (German Dictionary, extended for Austria) -- C:\Users\Rappold\AppData\Roaming\mozilla\Firefox\Profiles\6rz0ztvy.default\extensions\de-AT@dictionaries.addons.mozilla.org
[2011.07.20 11:26:42 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Rappold\AppData\Roaming\mozilla\Firefox\Profiles\6rz0ztvy.default\extensions\engine@conduit.com
[2012.05.24 18:07:53 | 000,000,000 | ---D | M] ("Ask Toolbar") -- C:\Users\Rappold\AppData\Roaming\mozilla\Firefox\Profiles\6rz0ztvy.default\extensions\toolbar@ask.com
[2011.02.25 20:23:32 | 000,000,881 | ---- | M] () -- C:\Users\Rappold\AppData\Roaming\Mozilla\Firefox\Profiles\6rz0ztvy.default\searchplugins\conduit.xml
[2012.04.20 09:45:13 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.02.15 14:15:16 | 000,000,000 | ---D | M] (Controller) -- C:\Programme\Mozilla Firefox\extensions\{B0BBFC8E-6697-4D2B-8FC4-B5AD9B3B1F11}
[2010.11.05 12:39:25 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011.01.13 02:32:48 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011.08.17 09:50:11 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2012.04.20 09:45:13 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
[2007.08.27 08:50:31 | 000,000,000 | ---D | M] (Google Settings) -- C:\Programme\Mozilla Firefox\extensions\google-cjk@partners.mozilla.com
[2010.02.26 11:51:25 | 000,000,000 | ---D | M] (HP Smart Web Printing) -- C:\PROGRAM FILES\HP\DIGITAL IMAGING\SMART WEB PRINTING\MOZILLAADDON3
[2012.02.15 14:15:16 | 000,000,000 | ---D | M] (Controller) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{B0BBFC8E-6697-4D2B-8FC4-B5AD9B3B1F11}
[2007.10.20 00:14:18 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
[2008.07.24 08:57:00 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
[2010.02.22 11:09:51 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
[2010.11.05 12:39:25 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011.01.13 02:32:48 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011.08.17 09:50:11 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2012.04.20 09:45:13 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
[2012.04.20 09:44:46 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010.11.13 12:50:13 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.11.13 12:50:13 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2010.11.13 12:50:13 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.11.13 12:50:14 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.11.13 12:50:14 | 000,000,801 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - homepage: hxxp://www.google.com
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: hxxp://www.google.com
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\20.0.1132.57\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\20.0.1132.57\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\20.0.1132.57\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Rappold\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Microsoft Office 2003 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Google Updater (Enabled) = C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: YouTube = C:\Users\Rappold\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google-Suche = C:\Users\Rappold\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Google Mail = C:\Users\Rappold\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,736 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: ::1             localhost
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (no name) -  - No CLSID value found.
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Programme\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [A1Webassistent] C:\Program Files\A1\A1 Webassistent\A1Webassistent.exe (mquadr.at software engineering and consulting GmbH, web: www.mquadr.at, mail: office@mquadr.at)
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Google Updater] C:\Program Files\Google\Google Updater\GoogleUpdater.exe (Google)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MSConfig] C:\Windows\System32\msconfig.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [] C:\Users\Rappold\AppData\Local\Temp\goempthnhvhggp.exe ()
O4 - HKCU..\Run: [attrover] rundll32 ",CreateProcessNotify File not found
O4 - HKCU..\Run: [gntqhqql] "C:\Users\Rappold\AppData\Local\xiqepvlb.exe" File not found
O4 - HKCU..\Run: [mcmpfvuv] "C:\Users\Rappold\AppData\Local\snnodpoh.exe" File not found
O4 - HKCU..\Run: [wbljbdlk] "C:\Users\Rappold\AppData\Local\mtvjwnro.exe" File not found
O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - HKCU..\Run: [xthxhbtf] "C:\Users\Rappold\AppData\Local\trrcdvpi.exe" File not found
O4 - Startup: C:\Users\Rappold\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Rappold\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O8 - Extra context menu item: Free YouTube Download - C:\Users\Rappold\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Rappold\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Programme\PokerStars.NET\PokerStarsUpdate.exe (PokerStars)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: blank ([]about in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{87967FC7-7D21-4B00-B80B-7CC90EEA9724}: DhcpNameServer = 10.0.0.138
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{73b40b63-3d2c-11df-9330-0019db4f4857}\Shell - "" = AutoRun
O33 - MountPoints2\{73b40b63-3d2c-11df-9330-0019db4f4857}\Shell\AutoRun\command - "" = K:\LaunchU3.exe -a
O33 - MountPoints2\{9ddb37de-a49b-11de-b32e-0019db4f4857}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL J:\setup.exe
O33 - MountPoints2\{d837fae4-4abc-11e0-99ff-0019db4f4857}\Shell - "" = AutoRun
O33 - MountPoints2\{d837fae4-4abc-11e0-99ff-0019db4f4857}\Shell\AutoRun\command - "" = J:\LaunchU3.exe -a
O33 - MountPoints2\J\Shell - "" = AutoRun
O33 - MountPoints2\J\Shell\AutoRun\command - "" = J:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.07.25 18:18:07 | 000,000,000 | ---D | C] -- C:\Users\Rappold\AppData\Roaming\Malwarebytes
[2012.07.25 18:18:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.07.25 18:18:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.07.25 18:17:59 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.07.25 18:17:58 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.07.25 18:11:06 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Rappold\Desktop\OTL.exe
[2012.07.25 15:44:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GridinSoft Trojan Killer
[2012.07.24 18:13:42 | 000,000,000 | ---D | C] -- C:\Users\Rappold\AppData\Roaming\HPAppData
[2012.07.23 07:26:57 | 000,000,000 | ---D | C] -- C:\Users\Rappold\Documents\Reisekosten_12
[2012.07.11 11:58:18 | 002,047,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012.07.11 11:55:27 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012.07.11 11:55:26 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012.07.11 11:55:26 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012.07.11 11:55:25 | 001,800,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012.07.11 11:55:25 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012.07.11 11:55:24 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012.07.11 11:55:24 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012.07.11 11:17:03 | 000,000,000 | ---D | C] -- C:\ProgramData\F4D561AB000D4D8400695C7C570F1C8B
[2012.07.11 08:51:00 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll
[2012.07.07 20:44:58 | 000,000,000 | ---D | C] -- C:\Users\Rappold\Desktop\Piano_Noten_OCV - Kopie
[1 C:\Users\Rappold\*.tmp files -> C:\Users\Rappold\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.07.25 18:58:23 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.07.25 18:54:04 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.07.25 18:51:18 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.07.25 18:50:16 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.07.25 18:49:12 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.07.25 18:49:12 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.07.25 18:18:00 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.07.25 18:16:22 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Rappold\Desktop\OTL.exe
[2012.07.25 18:12:03 | 000,628,504 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.07.25 18:12:03 | 000,595,798 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.07.25 18:12:03 | 000,126,054 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.07.25 18:12:03 | 000,103,872 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.07.25 15:45:00 | 000,000,940 | ---- | M] () -- C:\Users\Public\Desktop\Trojan Killer.lnk
[2012.07.24 14:06:24 | 000,001,875 | ---- | M] () -- C:\Users\Rappold\Desktop\Avira Free Antivirus Profil Vollständige Systemprüfung.LNK
[2012.07.24 11:50:00 | 000,001,052 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2012.07.23 08:17:32 | 000,002,637 | ---- | M] () -- C:\Users\Rappold\Desktop\Microsoft Office Word 2003.lnk
[2012.07.20 17:19:23 | 000,000,408 | ---- | M] () -- C:\Windows\tasks\1-Klick-Wartung.job
[2012.07.20 15:30:32 | 000,000,562 | ---- | M] () -- C:\Windows\tasks\Norton Security Scan for Rappold.job
[2012.07.12 15:56:44 | 000,001,975 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012.07.12 12:50:46 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012.07.12 12:50:46 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012.07.12 11:45:33 | 000,058,880 | ---- | M] () -- C:\Users\Rappold\AppData\Local\vvsxsljh
[2012.07.12 11:25:21 | 000,058,880 | ---- | M] () -- C:\Users\Rappold\AppData\Local\cokjpnmo
[2012.07.11 14:15:33 | 000,002,665 | ---- | M] () -- C:\Users\Rappold\Desktop\Microsoft Office Excel 2003.lnk
[2012.07.11 12:05:55 | 000,349,488 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.07.11 11:30:04 | 000,000,000 | ---- | M] () -- C:\Users\Rappold\AppData\Roaming\SharedSettings.ccs
[2012.07.11 11:27:28 | 000,058,368 | ---- | M] () -- C:\Users\Rappold\AppData\Local\jltxdcsq
[2012.07.04 06:28:54 | 212,908,824 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012.07.03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.06.29 14:49:43 | 000,202,240 | ---- | M] () -- C:\Users\Rappold\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[1 C:\Users\Rappold\*.tmp files -> C:\Users\Rappold\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.07.25 18:18:00 | 000,000,910 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.07.25 15:45:00 | 000,000,940 | ---- | C] () -- C:\Users\Public\Desktop\Trojan Killer.lnk
[2012.07.24 14:06:24 | 000,001,875 | ---- | C] () -- C:\Users\Rappold\Desktop\Avira Free Antivirus Profil Vollständige Systemprüfung.LNK
[2012.07.12 11:45:33 | 000,058,880 | ---- | C] () -- C:\Users\Rappold\AppData\Local\vvsxsljh
[2012.07.12 11:25:21 | 000,058,880 | ---- | C] () -- C:\Users\Rappold\AppData\Local\cokjpnmo
[2012.07.11 11:30:04 | 000,000,000 | ---- | C] () -- C:\Users\Rappold\AppData\Roaming\SharedSettings.ccs
[2012.07.11 11:27:28 | 000,058,368 | ---- | C] () -- C:\Users\Rappold\AppData\Local\jltxdcsq
[2011.01.13 02:02:12 | 000,000,680 | ---- | C] () -- C:\Users\Rappold\AppData\Local\d3d9caps.dat
[2010.11.13 21:44:56 | 006,329,983 | ---- | C] () -- C:\Users\Rappold\Korsika2010.cpr
[2010.08.11 13:09:44 | 000,000,016 | ---- | C] () -- C:\Users\Rappold\AppData\Roaming\bawuho.dat
[2010.07.26 08:58:52 | 001,575,711 | ---- | C] () -- C:\Users\Rappold\Haus2.jpg
[2007.06.14 14:00:01 | 000,000,305 | ---- | C] () -- C:\ProgramData\addr_file.html
[2007.02.06 18:34:42 | 000,000,164 | ---- | C] () -- C:\Users\Rappold\AppData\Roaming\Default.PLS
[2007.02.06 18:06:51 | 000,000,430 | ---- | C] () -- C:\Users\Rappold\AppData\Roaming\wklnhst.dat
[2007.02.05 11:49:40 | 000,202,240 | ---- | C] () -- C:\Users\Rappold\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 837 bytes -> C:\Users\Rappold\Documents\AnsprechpartnerKunden_xls.eml:OECustomProperty
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:FA5F15C4

< End of report >
         
--------

Code:
ATTFilter
OTL Extras logfile created on: 25.07.2012 19:01:05 - Run 1
OTL by OldTimer - Version 3.2.54.1     Folder = C:\Users\Rappold\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,59 Gb Available Physical Memory | 79,36% Memory free
4,23 Gb Paging File | 3,99 Gb Available in Paging File | 94,37% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 208,22 Gb Total Space | 90,09 Gb Free Space | 43,27% Space Free | Partition Type: NTFS
Drive D: | 24,65 Gb Total Space | 18,36 Gb Free Space | 74,50% Space Free | Partition Type: FAT32
 
Computer Name: RAPPOLD-PC | User Name: Rappold | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [BIPA FotoShop] -- "C:\Program Files\BIPA\BIPA FotoShop\BIPA FotoShop.exe" "%1" ()
Directory [CEWE FOTOSCHAU] -- "C:\Program Files\OnlineFotoservice\OnlineFotoservice\CEWE FOTOSCHAU.exe" -d "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OnlineFotoservice] -- "C:\Program Files\OnlineFotoservice\OnlineFotoservice\OnlineFotoservice.exe" "%1" ()
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{007B2273-0938-432A-B037-A172A540E6B1}" = lport=rpc | protocol=6 | dir=in | app=c:\windows\system32\vdsldr.exe | 
"{0598FE62-116E-4B2F-AC4E-EF0D9B70F5F7}" = lport=rpc | protocol=6 | dir=in | svc=vds | app=c:\windows\system32\vds.exe | 
"{0729A854-539A-4F62-817C-DB4C17D9E100}" = lport=1723 | protocol=6 | dir=in | app=system | 
"{114B0E23-A4A7-4669-8AF2-A168BA6C1FA9}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | app=c:\windows\system32\svchost.exe | 
"{17579E5A-C56E-421D-9537-3504D9A439C4}" = rport=1701 | protocol=17 | dir=out | app=system | 
"{206B0080-80EC-4A4E-B433-0D09A6FE5E36}" = rport=1723 | protocol=6 | dir=out | app=system | 
"{217BD5AE-8BF7-4098-8CA3-D0CF8B3EBE95}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | app=c:\windows\system32\svchost.exe | 
"{3DD6984B-AAD0-4570-82BD-D473EA1F6F74}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | app=c:\windows\system32\svchost.exe | 
"{5DD82C47-3622-464B-9BF0-E72AC58BE3AE}" = lport=rpc | protocol=6 | dir=in | app=c:\windows\system32\services.exe | 
"{71E99DB6-7C62-40F4-9D0C-6C7B53AB72FD}" = lport=rpc | protocol=6 | dir=in | svc=schedule | app=c:\windows\system32\svchost.exe | 
"{857669A1-FAD6-45C6-89D9-C6189D66CE80}" = lport=445 | protocol=6 | dir=in | app=system | 
"{ADA11892-8340-4515-B201-7B6773B35E4F}" = lport=1701 | protocol=17 | dir=in | app=system | 
"{B7271842-9032-4B73-B0AD-3043ECC0E1A3}" = lport=rpc | protocol=6 | dir=in | svc=eventlog | app=c:\windows\system32\svchost.exe | 
"{C3951814-4662-495A-9018-2AE3E45DEAC5}" = lport=rpc | protocol=6 | dir=in | svc=* | app=c:\windows\system32\svchost.exe | 
"{D021D208-CA7C-4284-B3FC-4C4F788ED742}" = lport=445 | protocol=6 | dir=in | app=system | 
"{DCDB7D85-49F4-40F7-B33A-CD0C0A357805}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | app=c:\windows\system32\svchost.exe | 
"{EE74E8A4-69DD-4638-BA71-39D9FF3D2BD0}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | app=c:\windows\system32\svchost.exe | 
"{FE208D57-EFAD-4E65-8159-378A9AA00ACC}" = lport=445 | protocol=6 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03FB4676-3B0D-4ACE-AC2B-B95BA4BA0C50}" = protocol=17 | dir=in | app=c:\program files\a1\a1 webassistent\a1breitband.exe | 
"{067AABF1-CBC1-4AFB-85A7-51FA3F5B52FC}" = dir=in | app=c:\program files\hp\hp software update\hpwucli.exe | 
"{06E14608-1F55-4042-975E-6CBA946571AA}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpoews01.exe | 
"{08471D31-E9EA-44CE-9511-3424B45DAFD0}" = protocol=6 | dir=in | app=c:\program files\a1\a1 breitband\a1breitband.exe | 
"{09D84462-5DD1-44C7-895F-A03734BD6641}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgpc01.exe | 
"{0AF46490-7706-4BC0-B8B5-564F29CE4244}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe | 
"{0B19029E-5D7C-4A97-A89A-7FF4F3BA1A4E}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpsapp.exe | 
"{101CE93D-A9EA-4C82-9E0B-96C25BB77FBA}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{11BA8E68-7FCA-470A-A900-0AB9CC7125FE}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe | 
"{1EE9DFF0-8E9C-4612-8E50-349778AC468B}" = protocol=17 | dir=in | app=c:\users\rappold\appdata\roaming\dropbox\bin\dropbox.exe | 
"{2CB05F5E-6217-4CBA-9AD0-FF588BA9F395}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqfxt08.exe | 
"{2D30E9ED-F0DF-474E-8F54-13CD973E4971}" = protocol=17 | dir=in | app=c:\program files\a1\a1 webassistent\a1modemkonfigurator.exe | 
"{2EF19F9E-2403-4B64-9FF3-95F92A1BE288}" = protocol=6 | dir=in | app=c:\program files\a1\a1 webassistent\a1webassistent.exe | 
"{4726C0EF-0234-4849-BDBA-8300BA0CC594}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgh.exe | 
"{48B6A5FC-7F12-4D58-B8F2-E23423F873B2}" = dir=in | app=c:\program files\hp\digital imaging\smart web printing\smartwebprintexe.exe | 
"{48C0B694-2D38-4C61-B376-6C0D34D11E27}" = dir=in | app=c:\program files\common files\hp\digital imaging\bin\hpqphotocrm.exe | 
"{4965524A-6714-4B4D-8976-CC664FAC9687}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpiscnapp.exe | 
"{4E26E4C9-8D90-47C9-9057-C47729A9B2AF}" = protocol=17 | dir=in | app=c:\program files\a1\a1 breitband\a1breitband.exe | 
"{51F9505F-EDB0-49CE-A7B3-0885A2CC2399}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{5CD4D8BE-8D0C-42A2-8518-B5E8A6F198A4}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version5\teamviewer.exe | 
"{693480CC-7572-4E3F-819B-EB1E8641399B}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe | 
"{6D60B3A0-2ACA-4A33-B90C-E8037EAA3F5C}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{6E0C442C-C5F2-42E9-A8CF-6EE1510ECA12}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgm.exe | 
"{71067FAA-26ED-40D8-9D3E-94249DDEF2C5}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | 
"{712427EE-5549-4F3F-8395-34EE35D96228}" = protocol=17 | dir=in | app=c:\program files\a1\a1 breitband\a1breitband.exe | 
"{7B94D8F3-AAA2-4C3C-BD99-6A272D0BFD03}" = protocol=6 | dir=in | app=c:\users\rappold\appdata\roaming\dropbox\bin\dropbox.exe | 
"{8614985D-5166-43EB-8E5D-9D71F7369FA2}" = protocol=6 | dir=in | app=c:\program files\a1\a1 webassistent\a1breitband.exe | 
"{8BF4CF79-0A78-47EE-8A83-E6F5E717CB61}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpofxm08.exe | 
"{95D302B1-47F2-4873-BD63-96F4EC0673BE}" = protocol=6 | dir=in | app=c:\program files\a1\a1 breitband\a1breitband.exe | 
"{9CF2687D-9389-4C05-8B8E-D6D43F5C3AC2}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgplgtupl.exe | 
"{AAC67D0A-167A-45CD-B772-727132C59EDD}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpfccopy.exe | 
"{AB7028C3-F7F6-4B4B-93EE-F3D7AAF4F85B}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpofxs08.exe | 
"{ABBAE1E0-A0DA-43E5-9ECD-49FD819BA091}" = protocol=17 | dir=in | app=c:\program files\a1\a1 webassistent\a1webassistent.exe | 
"{B0656D20-7A2D-4B1F-AEF8-922BEAA394E4}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqsudi.exe | 
"{B120270F-2284-490C-BAF0-FFCE1A738DAB}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{BE00B9D5-7CC1-4F72-9674-11753D0EFB13}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version5\teamviewer.exe | 
"{BEEDF3DE-CF63-4C40-81C0-B8F4935C46EB}" = protocol=6 | dir=in | app=c:\program files\a1\a1 webassistent\a1wlanassistent.exe | 
"{C1D717FB-292C-476E-A1A3-34F714839226}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposfx08.exe | 
"{C3E4E0D7-02EC-4710-B1AD-7CD83457090D}" = protocol=17 | dir=in | app=c:\program files\a1\a1 webassistent\a1wlanassistent.exe | 
"{C96C99BE-A0C6-4A6E-8278-760C1E03D19B}" = protocol=6 | dir=in | app=c:\program files\a1\a1 servicecenter\a1servicecenter.exe | 
"{CA611568-E348-492A-9FA2-BF8269601DFA}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpse.exe | 
"{E1E6FFD0-9486-4AAC-B6CE-42A60A67F1FD}" = protocol=17 | dir=in | app=c:\program files\a1\a1 servicecenter\a1servicecenter.exe | 
"{E5D15520-D4E8-499C-AD63-7A7FC56C5B2D}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe | 
"{EFC7AC7A-A929-45AD-86B5-FFC2B2F6712F}" = protocol=6 | dir=in | app=c:\program files\a1\a1 webassistent\a1modemkonfigurator.exe | 
"{F0361729-DE89-4D0B-9551-550DF93A1620}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqtra08.exe | 
"{FD383A6C-5CF6-4FAC-94FB-1A48E8A665A5}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{FF6F7C69-A5B1-42E4-ABD2-B16FA8EDE7FA}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpzwiz01.exe | 
"TCP Query User{16A7CFD9-2632-4F51-A640-0FA956BAE3C4}C:\program files\a1\a1 webassistent\a1webassistent.exe" = protocol=6 | dir=in | app=c:\program files\a1\a1 webassistent\a1webassistent.exe | 
"TCP Query User{1830C9BE-34B2-4C29-981E-5094C39CFB41}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"TCP Query User{7D5A9FFC-9155-4430-BA3E-8A0F7F08BEEA}C:\program files\bittorrent\bittorrent.exe" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe | 
"TCP Query User{90E78FC0-EBA4-4C96-918F-9B36C9E7FEE3}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"TCP Query User{B2AA0148-1D2D-4EFB-B414-5DC9D34F3CE0}C:\windows\temp\navbrowser.exe" = protocol=6 | dir=in | app=c:\windows\temp\navbrowser.exe | 
"TCP Query User{C70C3F08-029C-494B-A06E-44E2CB98E207}C:\program files\bittorrent\bittorrent.exe" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe | 
"UDP Query User{0ABBC0FE-51E6-402C-85EC-0DCAC1656FFA}C:\program files\a1\a1 webassistent\a1webassistent.exe" = protocol=17 | dir=in | app=c:\program files\a1\a1 webassistent\a1webassistent.exe | 
"UDP Query User{1F648DB1-86EB-4362-B156-79A289022597}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"UDP Query User{28A54238-823F-44F9-8D08-9FCF7F59E70D}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"UDP Query User{3FC1FC7D-A477-409C-A2DB-1ADD9E18A752}C:\program files\bittorrent\bittorrent.exe" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe | 
"UDP Query User{633A4223-A2F9-44F5-B7BF-B0B19926E751}C:\windows\temp\navbrowser.exe" = protocol=17 | dir=in | app=c:\windows\temp\navbrowser.exe | 
"UDP Query User{D81FB8DD-5EBC-47C9-8E46-524E6F9110D3}C:\program files\bittorrent\bittorrent.exe" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{03A7C57A-B2C8-409b-92E5-524A0DFD0DD3}" = Status
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{087A66B8-1F0F-4a8d-A649-0CFE276AA7C0}" = WebReg
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{19a5dd5e-9675-41ef-b02a-5bdb53fb5557}" = C309a
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{20EFC9AA-BBC1-4DFD-81FF-99654F71CBF8}" = HPPhotoSmartDiscLabel_PrintOnDisc
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{291A06BB-7145-443F-9257-8913A928BD40}" = A1 Webassistent
"{2A329FB6-389D-4396-A974-29656D6864AE}" = MarketResearch
"{2CCBABCB-6427-4A55-B091-49864623C43F}" = Google Toolbar for Firefox
"{2D250E57-9890-44a6-B08F-5C02C991EF24}" = HP Photosmart C309a All-In-One Driver Software 12.0 Rel .5
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{3127F76D-5335-4AC7-BD1E-2F5247A23C24}" = iTunes
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{3700194C-C5DD-439A-BE06-A66960CA4C70}" = MSVCSetup
"{3BE480ED-E17A-431A-981C-5C2EDDBCD3BF}" = Macromedia Flash MX
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4366F05B-950A-4698-863C-93B8C7671031}" = Nero 7 Essentials
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4D304678-738E-42a0-931A-2B022F49DEB8}" = TrayApp
"{4D826618-59C6-11D4-976E-00C04F8EEB39}" = Macromedia FreeHand 10
"{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport
"{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{54C7CFA4-9DDD-40c7-A58F-AF0E7916848C}" = HPPhotoGadget
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{676981B7-A2D9-49D0-9F4C-03018F131DA9}" = DocProc
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{681B698F-C997-42C3-B184-B489C6CA24C9}" = HPPhotoSmartDiscLabelContent1
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6C11D561-620B-47DA-A693-4C597F3CDF40}" = EPSON Smart Panel
"{6C5D7191-140A-11D6-B5A0-0050DA208A93}" = ArcSoft PhotoImpression
"{6EED4269-588D-45b8-A80C-26A9CA62EE4E}" = HPSSupply
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7655E113-C306-11D9-A373-0050BAE317E1}" = MCE Software Encoder 1.1
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7E4FBD52-148F-49EE-AFCC-96FB498F4D7D}" = A1 Servicecenter
"{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support
"{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{87A9A9A9-FAB7-4224-9328-0FA2058C0FD5}" = Network
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B4AB829-DFD3-436D-B808-D9733D76C590}" = Macromedia Dreamweaver MX
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{905A7A49-C6AE-4F77-8E69-AE8B9629D719}" = A1 Internet Software
"{91120407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{930B2432-43D4-11D5-9871-00C04F8EEB39}" = Macromedia Fireworks MX
"{976623F9-9CDD-498a-BC67-1C35A5A547BA}" = hp_pbk_everyday_nature_classic01
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9CCCFD9C-248F-47FE-9496-1680E3E5C163}" = Scan
"{A5BA14E0-7384-11D4-BAE7-00409631A2C8}" = Macromedia Extension Manager
"{A80FA752-C491-4ED9-ABF0-4278563160B2}" = 32 Bit HP CIO Components Installer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC13BA3A-336B-45a4-B3FE-2D3058A7B533}" = Toolbox
"{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.1 - Deutsch
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{B145EC69-66F5-11D8-9D75-000129760D75}" = MakeDisc
"{B28635AB-1DF3-4F07-BFEA-975D911B549B}" = hpphotosmartdisclabelplugin
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser
"{C8BB4912-12D9-42AE-B571-E580D8CD1B5B}" = TuneUp Utilities 2007
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240BD}" = WinZip 14.5
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow! 1.0
"{d3c33f97-7936-4301-815f-2cf4ea5a467f}" = PS_AIO_05_C309_Software_Min
"{D5A9B7C0-8751-11D8-9D75-000129760D75}" = MediaShow 3.0
"{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential
"{D9D8F2CF-FE2D-4644-9762-01F916FE90A9}" = HPPhotoSmartDiscLabel_PaperLabel
"{E1180142-3B31-4DCC-9D27-7AC2D37662BF}" = LightScribe  1.4.124.1
"{E728E952-DD4F-4BCD-A5C8-40FBFEFF91FE}" = OpenOffice.org Installer 1.0
"{EEEB604C-C1A7-4f8c-B03F-56F9C1C9C45F}" = Fax
"{EF9E56EE-0243-4BAD-88F4-5E7508AA7D96}" = Destination Component
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F2AF3E5D-9697-485C-A5AC-E2B9468C446A}" = Safari
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F769B78E-FF0E-4db5-95E2-9F4C8D6352FE}" = DeviceDiscovery
"{FDB5E0F3-86EA-4379-8A2F-1BC2436543E9}" = iCloud
"{FE0646A7-19D0-41B4-A2BB-2C35D644270D}" = Windows Live OneCare safety scanner
"8781-9705-0578-2960" = Medienmanager 1.3.0
"A1 Internet Software" = A1 Internet Software
"A1 Servicecenter" = A1 Servicecenter
"A1 Webassistent" = A1 Webassistent
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop 7.0" = Adobe Photoshop 7.0
"Avira AntiVir Desktop" = Avira Free Antivirus
"BIPA FotoShop" = BIPA FotoShop
"BitTorrent" = BitTorrent
"conduitEngine" = Conduit Engine
"DVDVideoSoftTB Toolbar" = DVDVideoSoftTB Toolbar
"EPSON Printer and Utilities" = EPSON-Drucker-Software
"Finale 2007" = Finale 2007
"Firebird SQL Server D" = Firebird SQL Server - MAGIX Edition 2.0.0.1 (D)
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.7
"Free Studio_is1" = Free Studio version 5.5.0
"Google Chrome" = Google Chrome
"Google Updater" = Google Updater
"GridinSoft Trojan Killer" = Trojan Killer
"Guitar Pro 5_is1" = Guitar Pro 5.0
"HOFER Bestellclient" = HOFER Bestellclient 4.6
"HP Imaging Device Functions" = HP Imaging Device Functions 12.0
"HP Photosmart Essential" = HP Photosmart Essential 3.5
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 12.0
"HPOCR" = OCR Software by I.R.I.S. 12.0
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Plattform-Geräte-Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox (3.5.15)" = Mozilla Firefox (3.5.15)
"NSS" = Norton Security Scan
"NVIDIA Drivers" = NVIDIA Drivers
"OnlineFotoservice" = OnlineFotoservice
"PokerStars.net" = PokerStars.net
"ProSaldoFaBu_is1" = ProSaldo Fahrtenbuch
"Shop for HP Supplies" = Shop for HP Supplies
"Steinberg Cubase SX v2.01" = Steinberg Cubase SX v2.01
"TeamViewer 5" = TeamViewer 5
"Transcribe!_is1" = Transcribe! 8.10
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VLC media player 1.0.3
"WinRAR archiver" = WinRAR 4.10 (32-Bit)
"X10Hardware" = X10 Hardware(TM)
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Ask Toolbar Updater
"Dropbox" = Dropbox
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 19.09.2011 09:41:43 | Computer Name = Rappold-PC | Source = Bonjour Service | ID = 100
Description = DNS Message from «ZERO ADDRESS»:0 to «ZERO ADDRESS»:0 length 0
 too short
 
Error - 19.09.2011 09:41:43 | Computer Name = Rappold-PC | Source = Bonjour Service | ID = 100
Description = WSARecvMsg failed (10038) 
 
Error - 22.09.2011 22:13:27 | Computer Name = Rappold-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 22.09.2011 22:13:27 | Computer Name = Rappold-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 15703
 
Error - 22.09.2011 22:13:27 | Computer Name = Rappold-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 15703
 
Error - 23.09.2011 06:46:32 | Computer Name = Rappold-PC | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 23.09.2011 06:46:32 | Computer Name = Rappold-PC | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 23.09.2011 12:06:07 | Computer Name = Rappold-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 23.09.2011 12:06:07 | Computer Name = Rappold-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 26.09.2011 00:32:07 | Computer Name = Rappold-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 26.09.2011 00:32:07 | Computer Name = Rappold-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
[ Media Center Events ]
Error - 04.05.2007 09:22:15 | Computer Name = Rappold-PC | Source = ehSched | ID = 5
Description = CResourceMgr::GetEhepgdat Error GetEhepgdatDispatcher 0x80080005
 
Error - 14.10.2007 06:09:29 | Computer Name = Rappold-PC | Source = ehRecvr | ID = 3
Description = 
 
Error - 14.10.2007 07:08:49 | Computer Name = Rappold-PC | Source = ehRecvr | ID = 3
Description = 
 
Error - 14.10.2007 07:52:51 | Computer Name = Rappold-PC | Source = ehRecvr | ID = 3
Description = 
 
Error - 07.11.2007 07:40:00 | Computer Name = Rappold-PC | Source = ehRecvr | ID = 3
Description = 
 
Error - 15.04.2008 23:22:02 | Computer Name = Rappold-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: Download von Paket MCESpotlight
 gescheitert.
 
Error - 17.04.2008 22:08:05 | Computer Name = Rappold-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: Download von Paket MCESpotlight
 gescheitert.
 
[ System Events ]
Error - 25.07.2012 12:59:36 | Computer Name = Rappold-PC | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 25.07.2012 12:59:36 | Computer Name = Rappold-PC | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 25.07.2012 12:59:36 | Computer Name = Rappold-PC | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 25.07.2012 12:59:36 | Computer Name = Rappold-PC | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 25.07.2012 12:59:36 | Computer Name = Rappold-PC | Source = Service Control Manager | ID = 7026
Description = 
 
Error - 25.07.2012 12:59:36 | Computer Name = Rappold-PC | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 25.07.2012 12:59:36 | Computer Name = Rappold-PC | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 25.07.2012 12:59:46 | Computer Name = Rappold-PC | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 25.07.2012 12:59:56 | Computer Name = Rappold-PC | Source = DCOM | ID = 10005
Description = 
 
Error - 25.07.2012 13:00:16 | Computer Name = Rappold-PC | Source = Service Control Manager | ID = 7001
Description = 
 
 
< End of report >
         

VIELEN DANK an euch schon mal im voraus für eure super Seite und hoffe ihr könnt auch mir Helfen.

Lg PagOcv

Alt 26.07.2012, 16:55   #2
t'john
/// Helfer-Team
 
Polizei EInheit 5.2 - Standard

Polizei EInheit 5.2





Fixen mit OTL

Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).

  • Deaktiviere etwaige Virenscanner wie Avira, Kaspersky etc.
  • Starte die OTL.exe.
    Vista- und Windows 7-User starten mit Rechtsklick auf das Programm-Icon und wählen "Als Administrator ausführen".
  • Kopiere folgendes Skript in das Textfeld unterhalb von Benuterdefinierte Scans/Fixes:


Code:
ATTFilter
:Processes
killallprocesses

:OTL
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found 
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found 
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found 
DRV - (blbdrive) -- C:\Windows\system32\drivers\blbdrive.sys File not found 
IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.) 
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC 
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT2269050 
IE - HKCU\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.) 
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} 
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC 
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GCNV_de 
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050 
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 
FF - prefs.js..browser.startup.homepage: "data:text/plain,browser.startup.homepage=http://de.google.mozilla.com/firefox?client=firefox-a&rls=com.google:de:official" 
FF - prefs.js..CommunityToolbar.SearchFromAddressBarSavedUrl: "data:text/plain,keyword.URL=http://www.google.com/search?ie=UTF-8&oe=UTF-8&gfns=1&sourceid=navclient&rls=com.google:de:official&q=" 
FF - prefs.js..browser.search.defaultenginename: "Google" 
FF - prefs.js..browser.search.defaultthis.engineName: "Search" 
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}" 
FF - prefs.js..browser.search.selectedEngine: "Search" 
FF - prefs.js..browser.startup.homepage: "http://search.conduit.com/?ctid=CT2269050&SearchSource=13" 
FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.14.1.100013 
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.3.2 
FF - prefs.js..extensions.enabledItems: {B0BBFC8E-6697-4D2B-8FC4-B5AD9B3B1F11}:0.2 
FF - prefs.js..extensions.enabledItems: de-AT@dictionaries.addons.mozilla.org:2.0.2 
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 
FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:3.13.0.6 
FF - prefs.js..extensions.enabledItems: smartwebprinting@hp.com:4.60 
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26 
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}:6.0.31 
FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&q=" 
FF - user.js - File not found 
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found 
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: File not found 
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) 
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) 
[2012.07.24 18:23:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rappold\AppData\Roaming\mozilla\Firefox\Profiles\6rz0ztvy.default\extensions 
[2010.07.27 10:13:47 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Rappold\AppData\Roaming\mozilla\Firefox\Profiles\6rz0ztvy.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} 
[2011.08.03 19:27:10 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\Rappold\AppData\Roaming\mozilla\Firefox\Profiles\6rz0ztvy.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} 
[2012.06.06 12:34:11 | 000,000,000 | ---D | M] (DVDVideoSoftTB Community Toolbar) -- C:\Users\Rappold\AppData\Roaming\mozilla\Firefox\Profiles\6rz0ztvy.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5} 
[2010.07.27 10:40:19 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\Rappold\AppData\Roaming\mozilla\Firefox\Profiles\6rz0ztvy.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} 
[2011.01.13 04:28:40 | 000,000,000 | ---D | M] (German Dictionary, extended for Austria) -- C:\Users\Rappold\AppData\Roaming\mozilla\Firefox\Profiles\6rz0ztvy.default\extensions\de-AT@dictionaries.addons.mozilla.org 
[2011.07.20 11:26:42 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Rappold\AppData\Roaming\mozilla\Firefox\Profiles\6rz0ztvy.default\extensions\engine@conduit.com 
[2012.05.24 18:07:53 | 000,000,000 | ---D | M] ("Ask Toolbar") -- C:\Users\Rappold\AppData\Roaming\mozilla\Firefox\Profiles\6rz0ztvy.default\extensions\toolbar@ask.com 
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll 
CHR - Extension: Google-Suche = C:\Users\Rappold\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ 
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.) 
O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.) 
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) 
O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found. 
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.) 
O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.) 
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) 
O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Programme\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.) 
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) 
O4 - HKLM..\Run: [] File not found 
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask) 
O4 - HKLM..\Run: [Google Updater] C:\Program Files\Google\Google Updater\GoogleUpdater.exe (Google) 
O4 - HKCU..\Run: [] C:\Users\Rappold\AppData\Local\Temp\goempthnhvhggp.exe () 
O4 - HKCU..\Run: [attrover] rundll32 ",CreateProcessNotify File not found 
O4 - HKCU..\Run: [gntqhqql] "C:\Users\Rappold\AppData\Local\xiqepvlb.exe" File not found 
O4 - HKCU..\Run: [mcmpfvuv] "C:\Users\Rappold\AppData\Local\snnodpoh.exe" File not found 
O4 - HKCU..\Run: [wbljbdlk] "C:\Users\Rappold\AppData\Local\mtvjwnro.exe" File not found 
O4 - HKCU..\Run: [xthxhbtf] "C:\Users\Rappold\AppData\Local\trrcdvpi.exe" File not found 
O4 - Startup: C:\Users\Rappold\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Rappold\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) 
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - Reg Error: Value error. File not found 
O32 - HKLM CDRom: AutoRun - 1 
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] 
O33 - MountPoints2\{73b40b63-3d2c-11df-9330-0019db4f4857}\Shell - "" = AutoRun 
O33 - MountPoints2\{73b40b63-3d2c-11df-9330-0019db4f4857}\Shell\AutoRun\command - "" = K:\LaunchU3.exe -a 
O33 - MountPoints2\{9ddb37de-a49b-11de-b32e-0019db4f4857}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL J:\setup.exe 
O33 - MountPoints2\{d837fae4-4abc-11e0-99ff-0019db4f4857}\Shell - "" = AutoRun 
O33 - MountPoints2\{d837fae4-4abc-11e0-99ff-0019db4f4857}\Shell\AutoRun\command - "" = J:\LaunchU3.exe -a 
O33 - MountPoints2\J\Shell - "" = AutoRun 
O33 - MountPoints2\J\Shell\AutoRun\command - "" = J:\LaunchU3.exe -a 

[2012.07.11 11:17:03 | 000,000,000 | ---D | C] -- C:\ProgramData\F4D561AB000D4D8400695C7C570F1C8B 
[2012.07.12 11:45:33 | 000,058,880 | ---- | M] () -- C:\Users\Rappold\AppData\Local\vvsxsljh 
[2012.07.12 11:25:21 | 000,058,880 | ---- | M] () -- C:\Users\Rappold\AppData\Local\cokjpnmo 
[2012.07.11 11:30:04 | 000,000,000 | ---- | M] () -- C:\Users\Rappold\AppData\Roaming\SharedSettings.ccs 
[2012.07.11 11:27:28 | 000,058,368 | ---- | M] () -- C:\Users\Rappold\AppData\Local\jltxdcsq 
@Alternate Data Stream - 837 bytes -> C:\Users\Rappold\Documents\AnsprechpartnerKunden_xls.eml:OECustomProperty 
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:DFC5A2B2 
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:FA5F15C4 

[2012.07.25 18:54:04 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job 
[2012.07.25 18:51:18 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job 
[2012.07.25 18:50:16 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job 
[2012.07.24 11:50:00 | 000,001,052 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job 
[2012.07.20 17:19:23 | 000,000,408 | ---- | M] () -- C:\Windows\tasks\1-Klick-Wartung.job 
[2012.07.20 15:30:32 | 000,000,562 | ---- | M] () -- C:\Windows\tasks\Norton Security Scan for Rappold.job 
:Files

C:\Users\Rappold\AppData\Local\Temp\goempthnhvhggp.exe
C:\Users\Rappold\AppData\Local\Temp\
C:\autoexec.bat -- [ NTFS ]

K:\LaunchU3.exe -a
J:\setup.exe
J:\LaunchU3.exe -a


ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]
[emptyjava]
         
  • Schließe alle Programme.
  • Klicke auf den Fix Button.
  • Wenn OTL einen Neustart verlangt, bitte zulassen.
  • Kopiere den Inhalt des Logfiles hier in Code-Tags in Deinen Thread.
    Nachträglich kannst Du das Logfile hier einsehen => C:\_OTL\MovedFiles\

Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!
__________________

__________________

Alt 29.07.2012, 15:57   #3
PagOcv
 
Polizei EInheit 5.2 - Standard

Polizei EInheit 5.2



Hi t'john

Es scheint soweit alles funktioniert zu haben vielen dank für die schnelle Hilfe.
Und hier noch der Log vom Otl Fix...

Code:
ATTFilter
All processes killed
========== PROCESSES ==========
========== OTL ==========
Service NwlnkFwd stopped successfully!
Service NwlnkFwd deleted successfully!
File  system32\DRIVERS\nwlnkfwd.sys File not found not found.
Service NwlnkFlt stopped successfully!
Service NwlnkFlt deleted successfully!
File  system32\DRIVERS\nwlnkflt.sys File not found not found.
Service IpInIp stopped successfully!
Service IpInIp deleted successfully!
File  system32\DRIVERS\ipinip.sys File not found not found.
Service blbdrive stopped successfully!
Service blbdrive deleted successfully!
File  C:\Windows\system32\drivers\blbdrive.sys File not found not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{872b5b88-9db5-4310-bdd0-ac189557e5f5} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\ deleted successfully.
C:\Programme\DVDVideoSoftTB\prxtbDVDV.dll moved successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{872b5b88-9db5-4310-bdd0-ac189557e5f5} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\ not found.
File C:\Programme\DVDVideoSoftTB\prxtbDVDV.dll not found.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
Prefs.js: "data:text/plain,browser.startup.homepage=hxxp://de.google.mozilla.com/firefox?client=firefox-a&rls=com.google:de:official" removed from browser.startup.homepage
Prefs.js: "data:text/plain,keyword.URL=hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&gfns=1&sourceid=navclient&rls=com.google:de:official&q=" removed from CommunityToolbar.SearchFromAddressBarSavedUrl
Prefs.js: "Google" removed from browser.search.defaultenginename
Prefs.js: "Search" removed from browser.search.defaultthis.engineName
Prefs.js: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}" removed from browser.search.defaulturl
Prefs.js: "Search" removed from browser.search.selectedEngine
Prefs.js: "hxxp://search.conduit.com/?ctid=CT2269050&SearchSource=13" removed from browser.startup.homepage
Prefs.js: toolbar@ask.com:3.14.1.100013 removed from extensions.enabledItems
Prefs.js: engine@conduit.com:3.3.3.2 removed from extensions.enabledItems
Prefs.js: {B0BBFC8E-6697-4D2B-8FC4-B5AD9B3B1F11}:0.2 removed from extensions.enabledItems
Prefs.js: de-AT@dictionaries.addons.mozilla.org:2.0.2 removed from extensions.enabledItems
Prefs.js: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 removed from extensions.enabledItems
Prefs.js: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:3.13.0.6 removed from extensions.enabledItems
Prefs.js: smartwebprinting@hp.com:4.60 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}:6.0.31 removed from extensions.enabledItems
Prefs.js: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&q=" removed from keyword.URL
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@tools.google.com/Google Update;version=3\ deleted successfully.
C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@tools.google.com/Google Update;version=9\ deleted successfully.
File C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll not found.
C:\Users\Rappold\AppData\Roaming\mozilla\Firefox\Profiles\6rz0ztvy.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}\chrome folder moved successfully.
C:\Users\Rappold\AppData\Roaming\mozilla\Firefox\Profiles\6rz0ztvy.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} folder moved successfully.
C:\Users\Rappold\AppData\Roaming\mozilla\Firefox\Profiles\6rz0ztvy.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\searchplugin folder moved successfully.
C:\Users\Rappold\AppData\Roaming\mozilla\Firefox\Profiles\6rz0ztvy.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\Plugins folder moved successfully.
C:\Users\Rappold\AppData\Roaming\mozilla\Firefox\Profiles\6rz0ztvy.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\modules folder moved successfully.
C:\Users\Rappold\AppData\Roaming\mozilla\Firefox\Profiles\6rz0ztvy.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\META-INF folder moved successfully.
C:\Users\Rappold\AppData\Roaming\mozilla\Firefox\Profiles\6rz0ztvy.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\defaults folder moved successfully.
C:\Users\Rappold\AppData\Roaming\mozilla\Firefox\Profiles\6rz0ztvy.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\components folder moved successfully.
C:\Users\Rappold\AppData\Roaming\mozilla\Firefox\Profiles\6rz0ztvy.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\chrome folder moved successfully.
C:\Users\Rappold\AppData\Roaming\mozilla\Firefox\Profiles\6rz0ztvy.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5} folder moved successfully.
C:\Users\Rappold\AppData\Roaming\mozilla\Firefox\Profiles\6rz0ztvy.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\META-INF folder moved successfully.
C:\Users\Rappold\AppData\Roaming\mozilla\Firefox\Profiles\6rz0ztvy.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries folder moved successfully.
C:\Users\Rappold\AppData\Roaming\mozilla\Firefox\Profiles\6rz0ztvy.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\lib folder moved successfully.
C:\Users\Rappold\AppData\Roaming\mozilla\Firefox\Profiles\6rz0ztvy.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\defaults\preferences folder moved successfully.
C:\Users\Rappold\AppData\Roaming\mozilla\Firefox\Profiles\6rz0ztvy.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\defaults\custombuttons folder moved successfully.
C:\Users\Rappold\AppData\Roaming\mozilla\Firefox\Profiles\6rz0ztvy.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\defaults\contenthandling folder moved successfully.
C:\Users\Rappold\AppData\Roaming\mozilla\Firefox\Profiles\6rz0ztvy.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\defaults\components folder moved successfully.
C:\Users\Rappold\AppData\Roaming\mozilla\Firefox\Profiles\6rz0ztvy.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\defaults folder moved successfully.
C:\Users\Rappold\AppData\Roaming\mozilla\Firefox\Profiles\6rz0ztvy.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components folder moved successfully.
C:\Users\Rappold\AppData\Roaming\mozilla\Firefox\Profiles\6rz0ztvy.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\chrome folder moved successfully.
C:\Users\Rappold\AppData\Roaming\mozilla\Firefox\Profiles\6rz0ztvy.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} folder moved successfully.
C:\Users\Rappold\AppData\Roaming\mozilla\Firefox\Profiles\6rz0ztvy.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}\defaults\preferences folder moved successfully.
C:\Users\Rappold\AppData\Roaming\mozilla\Firefox\Profiles\6rz0ztvy.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}\defaults folder moved successfully.
C:\Users\Rappold\AppData\Roaming\mozilla\Firefox\Profiles\6rz0ztvy.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}\chrome folder moved successfully.
C:\Users\Rappold\AppData\Roaming\mozilla\Firefox\Profiles\6rz0ztvy.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} folder moved successfully.
C:\Users\Rappold\AppData\Roaming\mozilla\Firefox\Profiles\6rz0ztvy.default\extensions\toolbar@ask.com\searchplugins folder moved successfully.
C:\Users\Rappold\AppData\Roaming\mozilla\Firefox\Profiles\6rz0ztvy.default\extensions\toolbar@ask.com\logs folder moved successfully.
C:\Users\Rappold\AppData\Roaming\mozilla\Firefox\Profiles\6rz0ztvy.default\extensions\toolbar@ask.com\defaults\preferences folder moved successfully.
C:\Users\Rappold\AppData\Roaming\mozilla\Firefox\Profiles\6rz0ztvy.default\extensions\toolbar@ask.com\defaults folder moved successfully.
C:\Users\Rappold\AppData\Roaming\mozilla\Firefox\Profiles\6rz0ztvy.default\extensions\toolbar@ask.com\datastore folder moved successfully.
C:\Users\Rappold\AppData\Roaming\mozilla\Firefox\Profiles\6rz0ztvy.default\extensions\toolbar@ask.com\chrome\temp\ff-config.Wed-23-Jun-2010-12-39-12-GMT folder moved successfully.
C:\Users\Rappold\AppData\Roaming\mozilla\Firefox\Profiles\6rz0ztvy.default\extensions\toolbar@ask.com\chrome\temp\ff-config.Wed-23-Feb-2011-11-30-03-GMT folder moved successfully.
C:\Users\Rappold\AppData\Roaming\mozilla\Firefox\Profiles\6rz0ztvy.default\extensions\toolbar@ask.com\chrome\temp\ff-config.Wed-13-Jun-2012-06-46-04-GMT folder moved successfully.
C:\Users\Rappold\AppData\Roaming\mozilla\Firefox\Profiles\6rz0ztvy.default\extensions\toolbar@ask.com\chrome\temp\ff-config.Tue-16-Feb-2010-20-00-04-GMT folder moved successfully.
C:\Users\Rappold\AppData\Roaming\mozilla\Firefox\Profiles\6rz0ztvy.default\extensions\toolbar@ask.com\chrome\temp\ff-config.Tue-13-Sep-2011-10-28-18-GMT folder moved successfully.
C:\Users\Rappold\AppData\Roaming\mozilla\Firefox\Profiles\6rz0ztvy.default\extensions\toolbar@ask.com\chrome\temp\ff-config.Tue-10-Jan-2012-11-02-29-GMT folder moved successfully.
C:\Users\Rappold\AppData\Roaming\mozilla\Firefox\Profiles\6rz0ztvy.default\extensions\toolbar@ask.com\chrome\temp\ff-config.Tue-08-Nov-2011-10-34-28-GMT folder moved successfully.
C:\Users\Rappold\AppData\Roaming\mozilla\Firefox\Profiles\6rz0ztvy.default\extensions\toolbar@ask.com\chrome\temp\ff-config.Tue-07-Dec-2010-17-23-54-GMT folder moved successfully.
C:\Users\Rappold\AppData\Roaming\mozilla\Firefox\Profiles\6rz0ztvy.default\extensions\toolbar@ask.com\chrome\temp\ff-config.Tue-06-Sep-2011-09-38-08-GMT folder moved successfully.
C:\Users\Rappold\AppData\Roaming\mozilla\Firefox\Profiles\6rz0ztvy.default\extensions\toolbar@ask.com\chrome\temp\ff-config.Thu-29-Dec-2011-14-23-24-GMT folder moved successfully.
C:\Users\Rappold\AppData\Roaming\mozilla\Firefox\Profiles\6rz0ztvy.default\extensions\toolbar@ask.com\chrome\temp\ff-config.Thu-28-Apr-2011-21-25-42-GMT folder moved successfully.
C:\Users\Rappold\AppData\Roaming\mozilla\Firefox\Profiles\6rz0ztvy.default\extensions\toolbar@ask.com\chrome\temp\ff-config.Thu-26-May-2011-21-57-14-GMT folder moved successfully.
C:\Users\Rappold\AppData\Roaming\mozilla\Firefox\Profiles\6rz0ztvy.default\extensions\toolbar@ask.com\chrome\temp\ff-config.Thu-17-Nov-2011-18-53-24-GMT folder moved successfully.
C:\Users\Rappold\AppData\Roaming\mozilla\Firefox\Profiles\6rz0ztvy.default\extensions\toolbar@ask.com\chrome\temp\ff-config.Thu-14-Jun-2012-07-35-41-GMT folder moved successfully.
C:\Users\Rappold\AppData\Roaming\mozilla\Firefox\Profiles\6rz0ztvy.default\extensions\toolbar@ask.com\chrome\temp\ff-config.Thu-12-May-2011-06-38-55-GMT folder moved successfully.
C:\Users\Rappold\AppData\Roaming\mozilla\Firefox\Profiles\6rz0ztvy.default\extensions\toolbar@ask.com\chrome\temp\ff-config.Sun-31-Jul-2011-09-56-31-GMT folder moved successfully.
C:\Users\Rappold\AppData\Roaming\mozilla\Firefox\Profiles\6rz0ztvy.default\extensions\toolbar@ask.com\chrome\temp\ff-config.Sun-29-May-2011-10-45-31-GMT folder moved successfully.
C:\Users\Rappold\AppData\Roaming\mozilla\Firefox\Profiles\6rz0ztvy.default\extensions\toolbar@ask.com\chrome\temp\ff-config.Sun-23-Jan-2011-13-05-19-GMT folder moved successfully.
C:\Users\Rappold\AppData\Roaming\mozilla\Firefox\Profiles\6rz0ztvy.default\extensions\toolbar@ask.com\chrome\temp\ff-config.Sun-20-Mar-2011-12-54-10-GMT folder moved successfully.
C:\Users\Rappold\AppData\Roaming\mozilla\Firefox\Profiles\6rz0ztvy.default\extensions\toolbar@ask.com\chrome\temp\ff-config.Sat-24-Mar-2012-08-47-39-GMT folder moved successfully.
C:\Users\Rappold\AppData\Roaming\mozilla\Firefox\Profiles\6rz0ztvy.default\extensions\toolbar@ask.com\chrome\temp\ff-config.Sat-17-Oct-2009-14-16-19-GMT folder moved successfully.
C:\Users\Rappold\AppData\Roaming\mozilla\Firefox\Profiles\6rz0ztvy.default\extensions\toolbar@ask.com\chrome\temp\ff-config.Sat-16-Oct-2010-14-53-16-GMT folder moved successfully.
C:\Users\Rappold\AppData\Roaming\mozilla\Firefox\Profiles\6rz0ztvy.default\extensions\toolbar@ask.com\chrome\temp\ff-config.Sat-07-Aug-2010-12-26-43-GMT folder moved successfully.
C:\Users\Rappold\AppData\Roaming\mozilla\Firefox\Profiles\6rz0ztvy.default\extensions\toolbar@ask.com\chrome\temp\ff-config.Mon-21-May-2012-22-20-31-GMT folder moved successfully.
C:\Users\Rappold\AppData\Roaming\mozilla\Firefox\Profiles\6rz0ztvy.default\extensions\toolbar@ask.com\chrome\temp\ff-config.Mon-05-Mar-2012-07-19-07-GMT folder moved successfully.
C:\Users\Rappold\AppData\Roaming\mozilla\Firefox\Profiles\6rz0ztvy.default\extensions\toolbar@ask.com\chrome\temp\ff-config.Fri-11-Dec-2009-19-47-23-GMT folder moved successfully.
C:\Users\Rappold\AppData\Roaming\mozilla\Firefox\Profiles\6rz0ztvy.default\extensions\toolbar@ask.com\chrome\temp\ff-config.Fri-10-Feb-2012-07-55-22-GMT folder moved successfully.
C:\Users\Rappold\AppData\Roaming\mozilla\Firefox\Profiles\6rz0ztvy.default\extensions\toolbar@ask.com\chrome\temp\ff-config.Fri-01-Oct-2010-12-23-17-GMT folder moved successfully.
C:\Users\Rappold\AppData\Roaming\mozilla\Firefox\Profiles\6rz0ztvy.default\extensions\toolbar@ask.com\chrome\temp folder moved successfully.
C:\Users\Rappold\AppData\Roaming\mozilla\Firefox\Profiles\6rz0ztvy.default\extensions\toolbar@ask.com\chrome\skin folder moved successfully.
C:\Users\Rappold\AppData\Roaming\mozilla\Firefox\Profiles\6rz0ztvy.default\extensions\toolbar@ask.com\chrome\content folder moved successfully.
C:\Users\Rappold\AppData\Roaming\mozilla\Firefox\Profiles\6rz0ztvy.default\extensions\toolbar@ask.com\chrome folder moved successfully.
C:\Users\Rappold\AppData\Roaming\mozilla\Firefox\Profiles\6rz0ztvy.default\extensions\toolbar@ask.com folder moved successfully.
C:\Users\Rappold\AppData\Roaming\mozilla\Firefox\Profiles\6rz0ztvy.default\extensions\engine@conduit.com\searchplugin folder moved successfully.
C:\Users\Rappold\AppData\Roaming\mozilla\Firefox\Profiles\6rz0ztvy.default\extensions\engine@conduit.com\META-INF folder moved successfully.
C:\Users\Rappold\AppData\Roaming\mozilla\Firefox\Profiles\6rz0ztvy.default\extensions\engine@conduit.com\lib folder moved successfully.
C:\Users\Rappold\AppData\Roaming\mozilla\Firefox\Profiles\6rz0ztvy.default\extensions\engine@conduit.com\DualPackage folder moved successfully.
C:\Users\Rappold\AppData\Roaming\mozilla\Firefox\Profiles\6rz0ztvy.default\extensions\engine@conduit.com\defaults folder moved successfully.
C:\Users\Rappold\AppData\Roaming\mozilla\Firefox\Profiles\6rz0ztvy.default\extensions\engine@conduit.com\components folder moved successfully.
C:\Users\Rappold\AppData\Roaming\mozilla\Firefox\Profiles\6rz0ztvy.default\extensions\engine@conduit.com\chrome folder moved successfully.
C:\Users\Rappold\AppData\Roaming\mozilla\Firefox\Profiles\6rz0ztvy.default\extensions\engine@conduit.com folder moved successfully.
C:\Users\Rappold\AppData\Roaming\mozilla\Firefox\Profiles\6rz0ztvy.default\extensions\de-AT@dictionaries.addons.mozilla.org\dictionaries folder moved successfully.
C:\Users\Rappold\AppData\Roaming\mozilla\Firefox\Profiles\6rz0ztvy.default\extensions\de-AT@dictionaries.addons.mozilla.org folder moved successfully.
C:\Users\Rappold\AppData\Roaming\mozilla\Firefox\Profiles\6rz0ztvy.default\extensions folder moved successfully.
Folder C:\Users\Rappold\AppData\Roaming\mozilla\Firefox\Profiles\6rz0ztvy.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}\ not found.
Folder C:\Users\Rappold\AppData\Roaming\mozilla\Firefox\Profiles\6rz0ztvy.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\ not found.
Folder C:\Users\Rappold\AppData\Roaming\mozilla\Firefox\Profiles\6rz0ztvy.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\ not found.
Folder C:\Users\Rappold\AppData\Roaming\mozilla\Firefox\Profiles\6rz0ztvy.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}\ not found.
Folder C:\Users\Rappold\AppData\Roaming\mozilla\Firefox\Profiles\6rz0ztvy.default\extensions\de-AT@dictionaries.addons.mozilla.org\ not found.
Folder C:\Users\Rappold\AppData\Roaming\mozilla\Firefox\Profiles\6rz0ztvy.default\extensions\engine@conduit.com\ not found.
Folder C:\Users\Rappold\AppData\Roaming\mozilla\Firefox\Profiles\6rz0ztvy.default\extensions\toolbar@ask.com\ not found.
File C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll not found.
C:\Users\Rappold\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\zh_TW folder moved successfully.
C:\Users\Rappold\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\zh_CN folder moved successfully.
C:\Users\Rappold\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\vi folder moved successfully.
C:\Users\Rappold\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\uk folder moved successfully.
C:\Users\Rappold\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\tr folder moved successfully.
C:\Users\Rappold\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\th folder moved successfully.
C:\Users\Rappold\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\sv folder moved successfully.
C:\Users\Rappold\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\sr folder moved successfully.
C:\Users\Rappold\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\sl folder moved successfully.
C:\Users\Rappold\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\sk folder moved successfully.
C:\Users\Rappold\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\ru folder moved successfully.
C:\Users\Rappold\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\ro folder moved successfully.
C:\Users\Rappold\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\pt_PT folder moved successfully.
C:\Users\Rappold\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\pt_BR folder moved successfully.
C:\Users\Rappold\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\pl folder moved successfully.
C:\Users\Rappold\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\no folder moved successfully.
C:\Users\Rappold\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\nl folder moved successfully.
C:\Users\Rappold\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\lv folder moved successfully.
C:\Users\Rappold\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\lt folder moved successfully.
C:\Users\Rappold\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\ko folder moved successfully.
C:\Users\Rappold\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\ja folder moved successfully.
C:\Users\Rappold\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\it folder moved successfully.
C:\Users\Rappold\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\id folder moved successfully.
C:\Users\Rappold\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\hu folder moved successfully.
C:\Users\Rappold\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\hr folder moved successfully.
C:\Users\Rappold\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\hi folder moved successfully.
C:\Users\Rappold\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\he folder moved successfully.
C:\Users\Rappold\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\fr folder moved successfully.
C:\Users\Rappold\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\fil folder moved successfully.
C:\Users\Rappold\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\fi folder moved successfully.
C:\Users\Rappold\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\et folder moved successfully.
C:\Users\Rappold\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\es_419 folder moved successfully.
C:\Users\Rappold\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\es folder moved successfully.
C:\Users\Rappold\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\en_US folder moved successfully.
C:\Users\Rappold\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\en_GB folder moved successfully.
C:\Users\Rappold\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\en folder moved successfully.
C:\Users\Rappold\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\el folder moved successfully.
C:\Users\Rappold\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\de folder moved successfully.
C:\Users\Rappold\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\da folder moved successfully.
C:\Users\Rappold\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\cs folder moved successfully.
C:\Users\Rappold\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\ca folder moved successfully.
C:\Users\Rappold\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\bg folder moved successfully.
C:\Users\Rappold\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\ar folder moved successfully.
C:\Users\Rappold\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales folder moved successfully.
C:\Users\Rappold\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0 folder moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ deleted successfully.
C:\Programme\ConduitEngine\prxConduitEngine.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\ not found.
File C:\Programme\DVDVideoSoftTB\prxtbDVDV.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
C:\Programme\Ask.com\GenericAskToolbar.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{30F9B915-B755-4826-820B-08FBA6BD249D} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ not found.
File C:\Programme\ConduitEngine\prxConduitEngine.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{872b5b88-9db5-4310-bdd0-ac189557e5f5} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\ not found.
File C:\Programme\DVDVideoSoftTB\prxtbDVDV.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Programme\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{872B5B88-9DB5-4310-BDD0-AC189557E5F5} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}\ not found.
File C:\Programme\DVDVideoSoftTB\prxtbDVDV.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Programme\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ApnUpdater deleted successfully.
C:\Programme\Ask.com\Updater\Updater.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Google Updater deleted successfully.
C:\Programme\Google\Google Updater\GoogleUpdater.exe moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
C:\Users\Rappold\AppData\Local\Temp\goempthnhvhggp.exe moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\attrover deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\gntqhqql deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\mcmpfvuv deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\wbljbdlk deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\xthxhbtf deleted successfully.
C:\Users\Rappold\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk moved successfully.
C:\Users\Rappold\AppData\Roaming\Dropbox\bin\Dropbox.exe moved successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Nach Microsoft E&xel exportieren\ deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{73b40b63-3d2c-11df-9330-0019db4f4857}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73b40b63-3d2c-11df-9330-0019db4f4857}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{73b40b63-3d2c-11df-9330-0019db4f4857}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73b40b63-3d2c-11df-9330-0019db4f4857}\ not found.
File K:\LaunchU3.exe -a not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9ddb37de-a49b-11de-b32e-0019db4f4857}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9ddb37de-a49b-11de-b32e-0019db4f4857}\ not found.
File C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL J:\setup.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d837fae4-4abc-11e0-99ff-0019db4f4857}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d837fae4-4abc-11e0-99ff-0019db4f4857}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d837fae4-4abc-11e0-99ff-0019db4f4857}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d837fae4-4abc-11e0-99ff-0019db4f4857}\ not found.
File J:\LaunchU3.exe -a not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\J\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\J\ not found.
File J:\LaunchU3.exe -a not found.
Folder C:\ProgramData\F4D561AB000D4D8400695C7C570F1C8B\ not found.
C:\Users\Rappold\AppData\Local\vvsxsljh moved successfully.
C:\Users\Rappold\AppData\Local\cokjpnmo moved successfully.
C:\Users\Rappold\AppData\Roaming\SharedSettings.ccs moved successfully.
C:\Users\Rappold\AppData\Local\jltxdcsq moved successfully.
ADS C:\Users\Rappold\Documents\AnsprechpartnerKunden_xls.eml:OECustomProperty deleted successfully.
ADS C:\ProgramData\TEMP:DFC5A2B2 deleted successfully.
ADS C:\ProgramData\TEMP:FA5F15C4 deleted successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job moved successfully.
C:\Windows\Tasks\Adobe Flash Player Updater.job moved successfully.
C:\Windows\Tasks\Google Software Updater.job moved successfully.
C:\Windows\Tasks\1-Klick-Wartung.job moved successfully.
C:\Windows\Tasks\Norton Security Scan for Rappold.job moved successfully.
========== FILES ==========
File\Folder C:\Users\Rappold\AppData\Local\Temp\goempthnhvhggp.exe not found.
C:\Users\Rappold\AppData\Local\Temp\~DEST\0003iw folder moved successfully.
C:\Users\Rappold\AppData\Local\Temp\~DEST\0002iw folder moved successfully.
C:\Users\Rappold\AppData\Local\Temp\~DEST\0001iw folder moved successfully.
C:\Users\Rappold\AppData\Local\Temp\~DEST folder moved successfully.
C:\Users\Rappold\AppData\Local\Temp\{ce82b932-0987-4204-a2d9-05127139fcf5} folder moved successfully.
C:\Users\Rappold\AppData\Local\Temp\{8F3E4597-92FA-4709-98BF-8E018EE961C8} folder moved successfully.
C:\Users\Rappold\AppData\Local\Temp\{8ca9fd02-21f5-4aeb-804b-2f6304a066d8} folder moved successfully.
C:\Users\Rappold\AppData\Local\Temp\{812F84EB-2622-49F2-AF11-7DE1EB718925} folder moved successfully.
C:\Users\Rappold\AppData\Local\Temp\{6C11D561-620B-47DA-A693-4C597F3CDF40} folder moved successfully.
C:\Users\Rappold\AppData\Local\Temp\{4bc7e4fa-3033-46e7-9ffd-bb886854015b} folder moved successfully.
C:\Users\Rappold\AppData\Local\Temp\{46CD42D5-5612-4421-A65B-2DF52A7BA393} folder moved successfully.
C:\Users\Rappold\AppData\Local\Temp\{38A20152-E8B3-435B-9E96-274CC572F349} folder moved successfully.
C:\Users\Rappold\AppData\Local\Temp\__SkypeIEToolbar_Cache\e70d95847a8f5723cfca6b3fd9946506\static\famfamfam folder moved successfully.
C:\Users\Rappold\AppData\Local\Temp\__SkypeIEToolbar_Cache\e70d95847a8f5723cfca6b3fd9946506\static folder moved successfully.
C:\Users\Rappold\AppData\Local\Temp\__SkypeIEToolbar_Cache\e70d95847a8f5723cfca6b3fd9946506\session folder moved successfully.
C:\Users\Rappold\AppData\Local\Temp\__SkypeIEToolbar_Cache\e70d95847a8f5723cfca6b3fd9946506 folder moved successfully.
C:\Users\Rappold\AppData\Local\Temp\__SkypeIEToolbar_Cache folder moved successfully.
C:\Users\Rappold\AppData\Local\Temp\_ISTMP1.DIR\_ISTMP0.DIR folder moved successfully.
C:\Users\Rappold\AppData\Local\Temp\_ISTMP1.DIR folder moved successfully.
C:\Users\Rappold\AppData\Local\Temp\WZSE2.TMP folder moved successfully.
C:\Users\Rappold\AppData\Local\Temp\WPDNSE folder moved successfully.
C:\Users\Rappold\AppData\Local\Temp\Word8.0 folder moved successfully.
C:\Users\Rappold\AppData\Local\Temp\VBE folder moved successfully.
C:\Users\Rappold\AppData\Local\Temp\Temporary Internet Files\Content.IE5\7SCXGNEU folder moved successfully.
C:\Users\Rappold\AppData\Local\Temp\Temporary Internet Files\Content.IE5\5WARHFCI folder moved successfully.
C:\Users\Rappold\AppData\Local\Temp\Temporary Internet Files\Content.IE5\5H4ITF6H folder moved successfully.
C:\Users\Rappold\AppData\Local\Temp\Temporary Internet Files\Content.IE5\4M3W9M8G folder moved successfully.
C:\Users\Rappold\AppData\Local\Temp\Temporary Internet Files\Content.IE5 folder moved successfully.
C:\Users\Rappold\AppData\Local\Temp\Temporary Internet Files folder moved successfully.
C:\Users\Rappold\AppData\Local\Temp\TeamViewer\Version5 folder moved successfully.
C:\Users\Rappold\AppData\Local\Temp\TeamViewer folder moved successfully.
C:\Users\Rappold\AppData\Local\Temp\SilverStreakLog folder moved successfully.
C:\Users\Rappold\AppData\Local\Temp\scoped_dir1868 folder moved successfully.
C:\Users\Rappold\AppData\Local\Temp\Rar$ML0.243 folder moved successfully.
C:\Users\Rappold\AppData\Local\Temp\Rar$EXa0.892 folder moved successfully.
C:\Users\Rappold\AppData\Local\Temp\plugtmp-3 folder moved successfully.
C:\Users\Rappold\AppData\Local\Temp\plugtmp-2 folder moved successfully.
C:\Users\Rappold\AppData\Local\Temp\plugtmp-1 folder moved successfully.
C:\Users\Rappold\AppData\Local\Temp\plugtmp folder moved successfully.
C:\Users\Rappold\AppData\Local\Temp\PCTInstaller folder moved successfully.
C:\Users\Rappold\AppData\Local\Temp\outlook logging folder moved successfully.
C:\Users\Rappold\AppData\Local\Temp\OIS\temp folder moved successfully.
C:\Users\Rappold\AppData\Local\Temp\OIS\cacheFiles folder moved successfully.
C:\Users\Rappold\AppData\Local\Temp\OIS folder moved successfully.
C:\Users\Rappold\AppData\Local\Temp\nswD72E.tmp folder moved successfully.
C:\Users\Rappold\AppData\Local\Temp\nsr4B2E.tmp folder moved successfully.
C:\Users\Rappold\AppData\Local\Temp\nsmABCA.tmp folder moved successfully.
C:\Users\Rappold\AppData\Local\Temp\nsk9BBC.tmp folder moved successfully.
C:\Users\Rappold\AppData\Local\Temp\nsi291F.tmp folder moved successfully.
C:\Users\Rappold\AppData\Local\Temp\nshF9B4.tmp folder moved successfully.
C:\Users\Rappold\AppData\Local\Temp\msohtml1\01 folder moved successfully.
C:\Users\Rappold\AppData\Local\Temp\msohtml1 folder moved successfully.
C:\Users\Rappold\AppData\Local\Temp\msohtml folder moved successfully.
C:\Users\Rappold\AppData\Local\Temp\Microsoft Visual C++ 2010  x86 Redistributable Setup_10.0.40219 folder moved successfully.
C:\Users\Rappold\AppData\Local\Temp\mia3 folder moved successfully.
C:\Users\Rappold\AppData\Local\Temp\mia2 folder moved successfully.
C:\Users\Rappold\AppData\Local\Temp\mia1 folder moved successfully.
C:\Users\Rappold\AppData\Local\Temp\MaglevExpressTemp folder moved successfully.
C:\Users\Rappold\AppData\Local\Temp\m2temp\HTML folder moved successfully.
C:\Users\Rappold\AppData\Local\Temp\m2temp folder moved successfully.
C:\Users\Rappold\AppData\Local\Temp\m2i_20120308025217767 folder moved successfully.
C:\Users\Rappold\AppData\Local\Temp\Low\__SkypeIEToolbar_Cache\e70d95847a8f5723cfca6b3fd9946506\static\famfamfam folder moved successfully.
C:\Users\Rappold\AppData\Local\Temp\Low\__SkypeIEToolbar_Cache\e70d95847a8f5723cfca6b3fd9946506\static folder moved successfully.
C:\Users\Rappold\AppData\Local\Temp\Low\__SkypeIEToolbar_Cache\e70d95847a8f5723cfca6b3fd9946506\session\SnameMenu folder moved successfully.
C:\Users\Rappold\AppData\Local\Temp\Low\__SkypeIEToolbar_Cache\e70d95847a8f5723cfca6b3fd9946506\session\GIF folder moved successfully.
C:\Users\Rappold\AppData\Local\Temp\Low\__SkypeIEToolbar_Cache\e70d95847a8f5723cfca6b3fd9946506\session folder moved successfully.
C:\Users\Rappold\AppData\Local\Temp\Low\__SkypeIEToolbar_Cache\e70d95847a8f5723cfca6b3fd9946506 folder moved successfully.
C:\Users\Rappold\AppData\Local\Temp\Low\__SkypeIEToolbar_Cache folder moved successfully.
C:\Users\Rappold\AppData\Local\Temp\Low\__SkypeDialog_Cache folder moved successfully.
C:\Users\Rappold\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\TCCC49KQ folder moved successfully.
C:\Users\Rappold\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\HDYRBDJ1 folder moved successfully.
C:\Users\Rappold\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\FDLPMRC8 folder moved successfully.
C:\Users\Rappold\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\5WI1LTWR folder moved successfully.
C:\Users\Rappold\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5 folder moved successfully.
C:\Users\Rappold\AppData\Local\Temp\Low\Temporary Internet Files folder moved successfully.
C:\Users\Rappold\AppData\Local\Temp\Low\hsperfdata_Rappold folder moved successfully.
C:\Users\Rappold\AppData\Local\Temp\Low\History\History.IE5 folder moved successfully.
C:\Users\Rappold\AppData\Local\Temp\Low\History folder moved successfully.
C:\Users\Rappold\AppData\Local\Temp\Low\Google Toolbar folder moved successfully.
C:\Users\Rappold\AppData\Local\Temp\Low\Cookies folder moved successfully.
C:\Users\Rappold\AppData\Local\Temp\Low\Adobe\Acrobat\9.0 folder moved successfully.
C:\Users\Rappold\AppData\Local\Temp\Low\Adobe\Acrobat folder moved successfully.
C:\Users\Rappold\AppData\Local\Temp\Low\Adobe folder moved successfully.
C:\Users\Rappold\AppData\Local\Temp\Low folder moved successfully.
C:\Users\Rappold\AppData\Local\Temp\IXP251.TMP folder moved successfully.
C:\Users\Rappold\AppData\Local\Temp\ImageDebug folder moved successfully.
C:\Users\Rappold\AppData\Local\Temp\hsperfdata_Rappold folder moved successfully.
C:\Users\Rappold\AppData\Local\Temp\HpUpdate\25732 folder moved successfully.
C:\Users\Rappold\AppData\Local\Temp\HpUpdate\25545 folder moved successfully.
C:\Users\Rappold\AppData\Local\Temp\HpUpdate\23303 folder moved successfully.
C:\Users\Rappold\AppData\Local\Temp\HpUpdate\17400 folder moved successfully.
C:\Users\Rappold\AppData\Local\Temp\HpUpdate\14907 folder moved successfully.
C:\Users\Rappold\AppData\Local\Temp\HpUpdate\14774 folder moved successfully.
C:\Users\Rappold\AppData\Local\Temp\HpUpdate folder moved successfully.
C:\Users\Rappold\AppData\Local\Temp\HPSUCYHH.4Y9 folder moved successfully.
C:\Users\Rappold\AppData\Local\Temp\HPDiagnosticAlert folder moved successfully.
C:\Users\Rappold\AppData\Local\Temp\History\History.IE5 folder moved successfully.
C:\Users\Rappold\AppData\Local\Temp\History folder moved successfully.
C:\Users\Rappold\AppData\Local\Temp\Google Toolbar folder moved successfully.
C:\Users\Rappold\AppData\Local\Temp\Excel8.0 folder moved successfully.
C:\Users\Rappold\AppData\Local\Temp\E805.dir folder moved successfully.
C:\Users\Rappold\AppData\Local\Temp\DPE folder moved successfully.
C:\Users\Rappold\AppData\Local\Temp\CT2269050\xpi folder moved successfully.
C:\Users\Rappold\AppData\Local\Temp\CT2269050\searchplugin folder moved successfully.
C:\Users\Rappold\AppData\Local\Temp\CT2269050\modules folder moved successfully.
C:\Users\Rappold\AppData\Local\Temp\CT2269050\META-INF folder moved successfully.
C:\Users\Rappold\AppData\Local\Temp\CT2269050\dvdvideosofttb_tb\searchplugin folder moved successfully.
C:\Users\Rappold\AppData\Local\Temp\CT2269050\dvdvideosofttb_tb\META-INF folder moved successfully.
C:\Users\Rappold\AppData\Local\Temp\CT2269050\dvdvideosofttb_tb\lib folder moved successfully.
C:\Users\Rappold\AppData\Local\Temp\CT2269050\dvdvideosofttb_tb\defaults folder moved successfully.
C:\Users\Rappold\AppData\Local\Temp\CT2269050\dvdvideosofttb_tb\components folder moved successfully.
C:\Users\Rappold\AppData\Local\Temp\CT2269050\dvdvideosofttb_tb\chrome folder moved successfully.
C:\Users\Rappold\AppData\Local\Temp\CT2269050\dvdvideosofttb_tb folder moved successfully.
C:\Users\Rappold\AppData\Local\Temp\CT2269050\defaults folder moved successfully.
C:\Users\Rappold\AppData\Local\Temp\CT2269050\conduitengine\searchplugin folder moved successfully.
C:\Users\Rappold\AppData\Local\Temp\CT2269050\conduitengine\META-INF folder moved successfully.
C:\Users\Rappold\AppData\Local\Temp\CT2269050\conduitengine\lib folder moved successfully.
C:\Users\Rappold\AppData\Local\Temp\CT2269050\conduitengine\DualPackage folder moved successfully.
C:\Users\Rappold\AppData\Local\Temp\CT2269050\conduitengine\defaults folder moved successfully.
C:\Users\Rappold\AppData\Local\Temp\CT2269050\conduitengine\components folder moved successfully.
C:\Users\Rappold\AppData\Local\Temp\CT2269050\conduitengine\chrome folder moved successfully.
C:\Users\Rappold\AppData\Local\Temp\CT2269050\conduitengine folder moved successfully.
C:\Users\Rappold\AppData\Local\Temp\CT2269050\components folder moved successfully.
C:\Users\Rappold\AppData\Local\Temp\CT2269050\chrome folder moved successfully.
C:\Users\Rappold\AppData\Local\Temp\CT2269050 folder moved successfully.
C:\Users\Rappold\AppData\Local\Temp\CRX_75DAF8CB7768 folder moved successfully.
C:\Users\Rappold\AppData\Local\Temp\Cookies folder moved successfully.
C:\Users\Rappold\AppData\Local\Temp\comtypes_cache\Dropbox-25 folder moved successfully.
C:\Users\Rappold\AppData\Local\Temp\comtypes_cache folder moved successfully.
C:\Users\Rappold\AppData\Local\Temp\AVSETUP_49e6d043\basic\xp64 folder moved successfully.
C:\Users\Rappold\AppData\Local\Temp\AVSETUP_49e6d043\basic\xp folder moved successfully.
C:\Users\Rappold\AppData\Local\Temp\AVSETUP_49e6d043\basic\vista64 folder moved successfully.
C:\Users\Rappold\AppData\Local\Temp\AVSETUP_49e6d043\basic\nt folder moved successfully.
C:\Users\Rappold\AppData\Local\Temp\AVSETUP_49e6d043\basic\2k folder moved successfully.
C:\Users\Rappold\AppData\Local\Temp\AVSETUP_49e6d043\basic folder moved successfully.
C:\Users\Rappold\AppData\Local\Temp\AVSETUP_49e6d043 folder moved successfully.
C:\Users\Rappold\AppData\Local\Temp\AskSearch folder moved successfully.
C:\Users\Rappold\AppData\Local\Temp\APNScripts folder moved successfully.
C:\Users\Rappold\AppData\Local\Temp\APNLogs folder moved successfully.
C:\Users\Rappold\AppData\Local\Temp\APN-Stub folder moved successfully.
C:\Users\Rappold\AppData\Local\Temp\AntiPhishing folder moved successfully.
C:\Users\Rappold\AppData\Local\Temp\Adobe\Acrobat\9.0 folder moved successfully.
C:\Users\Rappold\AppData\Local\Temp\Adobe\Acrobat folder moved successfully.
C:\Users\Rappold\AppData\Local\Temp\Adobe folder moved successfully.
C:\Users\Rappold\AppData\Local\Temp\acro_rd_dir folder moved successfully.
C:\Users\Rappold\AppData\Local\Temp\A1 Servicecenter folder moved successfully.
C:\Users\Rappold\AppData\Local\Temp\7zS4FE6 folder moved successfully.
C:\Users\Rappold\AppData\Local\Temp\7zS3F4E folder moved successfully.
C:\Users\Rappold\AppData\Local\Temp\7zS0F60\util\ccc folder moved successfully.
C:\Users\Rappold\AppData\Local\Temp\7zS0F60\util folder moved successfully.
C:\Users\Rappold\AppData\Local\Temp\7zS0F60\setup\solutioncenter folder moved successfully.
C:\Users\Rappold\AppData\Local\Temp\7zS0F60\setup\hpproductassistant folder moved successfully.
C:\Users\Rappold\AppData\Local\Temp\7zS0F60\setup\gpbaseservice2 folder moved successfully.
C:\Users\Rappold\AppData\Local\Temp\7zS0F60\setup\flashplayer10 folder moved successfully.
C:\Users\Rappold\AppData\Local\Temp\7zS0F60\setup folder moved successfully.
C:\Users\Rappold\AppData\Local\Temp\7zS0F60\msvc folder moved successfully.
C:\Users\Rappold\AppData\Local\Temp\7zS0F60\licensing\Partners folder moved successfully.
C:\Users\Rappold\AppData\Local\Temp\7zS0F60\licensing\OpenSource folder moved successfully.
C:\Users\Rappold\AppData\Local\Temp\7zS0F60\licensing folder moved successfully.
C:\Users\Rappold\AppData\Local\Temp\7zS0F60 folder moved successfully.
C:\Users\Rappold\AppData\Local\Temp\74B.dir folder moved successfully.
C:\Users\Rappold\AppData\Local\Temp\1C1A.dir folder moved successfully.
C:\Users\Rappold\AppData\Local\Temp folder moved successfully.
File\Folder C:\autoexec.bat -- [ NTFS ] not found.
File\Folder K:\LaunchU3.exe -a not found.
File\Folder J:\setup.exe not found.
File\Folder J:\LaunchU3.exe -a not found.
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache konnte nicht geleert werden: Beim Ausfhren der Funktion ist ein Fehler aufgetreten.
C:\Users\Rappold\Desktop\cmd.bat deleted successfully.
C:\Users\Rappold\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 41 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Public
 
User: Rappold
->Temp folder emptied: 38602229 bytes
->Temporary Internet Files folder emptied: 465846440 bytes
->Java cache emptied: 13023269 bytes
->FireFox cache emptied: 122548859 bytes
->Google Chrome cache emptied: 458627571 bytes
->Apple Safari cache emptied: 20822016 bytes
->Flash cache emptied: 238416 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 348541275 bytes
RecycleBin emptied: 10508425381 bytes
 
Total Files Cleaned = 11.422,00 mb
 
 
[EMPTYFLASH]
 
User: All Users
 
User: Default
->Flash cache emptied: 0 bytes
 
User: Default User
->Flash cache emptied: 0 bytes
 
User: Public
 
User: Rappold
->Flash cache emptied: 0 bytes
 
Total Flash Files Cleaned = 0,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
[EMPTYJAVA]
 
User: All Users
 
User: Default
 
User: Default User
 
User: Public
 
User: Rappold
->Java cache emptied: 0 bytes
 
Total Java Files Cleaned = 0,00 mb
 
 
OTL by OldTimer - Version 3.2.54.1 log created on 07292012_153519

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
         
Mfg PagOcv
__________________

Alt 29.07.2012, 15:58   #4
t'john
/// Helfer-Team
 
Polizei EInheit 5.2 - Standard

Polizei EInheit 5.2



Sehr gut!

Wie laeuft der Rechner?

1. Schritt
Bitte einen Vollscan mit Malwarebytes Anti-Malware machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Malwarebytes Anti-Malware
- Anwendbar auf Windows 2000, XP, Vista und 7.
- Installiere das Programm in den vorgegebenen Pfad.
- Aktiviere "Komplett Scan durchführen" => Scan.
- Wähle alle verfügbaren Laufwerke (ausser CD/DVD) aus und starte den Scan.
- Funde bitte löschen lassen oder in Quarantäne.
- Wenn der Scan beendet ist, klicke auf "Zeige Resultate".
danach:

2. Schritt

Downloade Dir bitte AdwCleaner auf deinen Desktop.

  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Search.
  • Nach Ende des Suchlaufs öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[R1].txt.
__________________
Mfg, t'john
Das TB unterstützen

Alt 29.07.2012, 21:50   #5
PagOcv
 
Polizei EInheit 5.2 - Standard

Polizei EInheit 5.2



Der Rechner läuft wieder wie gewohnt

Vielen Dank nochmal und ich poste dir nochmals die neuesten logs von Malware bzw. Adw-Cleaner.

Code:
ATTFilter
 Malwarebytes Anti-Malware  (Test) 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.07.29.07

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Rappold :: RAPPOLD-PC [Administrator]

Schutz: Aktiviert

29.07.2012 18:44:06
mbam-log-2012-07-29 (21-36-35).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 401944
Laufzeit: 2 Stunde(n), 38 Minute(n), 45 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (PUP.MyWebSearch) -> Keine Aktion durchgeführt.

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 4
C:\_OTL\MovedFiles\07292012_153519\C_Users\Rappold\AppData\Local\Temp\rgnygtgcuex.exe (Trojan.Agent.3D) -> Keine Aktion durchgeführt.
C:\_OTL\MovedFiles\07292012_153519\C_Users\Rappold\AppData\Local\Temp\npkglqqllbg.exe (Trojan.Agent.3D) -> Keine Aktion durchgeführt.
C:\_OTL\MovedFiles\07292012_153519\C_Users\Rappold\AppData\Local\Temp\goempthnhvhggp.exe (Trojan.Agent.3D) -> Keine Aktion durchgeführt.
C:\_OTL\MovedFiles\07292012_153519\C_Users\Rappold\AppData\Local\Temp\kptufvtqtdyevqli.exe (Trojan.Agent.3D) -> Keine Aktion durchgeführt.

(Ende)
         

Code:
ATTFilter
# AdwCleaner v1.703 - Logfile created 07/29/2012 at 21:43:18
# Updated 20/07/2012 by Xplode
# Operating system : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# User : Rappold - RAPPOLD-PC
# Running from : C:\Users\Rappold\Desktop\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

Folder Found : C:\Users\Rappold\AppData\Local\Conduit
Folder Found : C:\Users\Rappold\AppData\LocalLow\AskToolbar
Folder Found : C:\Users\Rappold\AppData\LocalLow\Conduit
Folder Found : C:\Users\Rappold\AppData\LocalLow\ConduitEngine
Folder Found : C:\Users\Rappold\AppData\LocalLow\DVDVideoSoftTB
Folder Found : C:\Users\Rappold\AppData\LocalLow\PriceGong
Folder Found : C:\Users\Rappold\AppData\Roaming\OpenCandy
Folder Found : C:\Users\Rappold\AppData\Roaming\Mozilla\Firefox\Profiles\6rz0ztvy.default\Conduit
Folder Found : C:\Users\Rappold\AppData\Roaming\Mozilla\Firefox\Profiles\6rz0ztvy.default\ConduitEngine
Folder Found : C:\Program Files\Ask.com
Folder Found : C:\Program Files\Conduit
Folder Found : C:\Program Files\ConduitEngine
Folder Found : C:\Program Files\DVDVideoSoftTB
Folder Found : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
File Found : C:\Users\Rappold\AppData\Roaming\Mozilla\Firefox\Profiles\6rz0ztvy.default\searchplugins\Conduit.xml
File Found : C:\Program Files\Mozilla Firefox\.autoreg

***** [Registry] *****
[*] Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2269050
Key Found : HKCU\Software\APN
Key Found : HKCU\Software\AppDataLow\AskToolbarInfo
Key Found : HKCU\Software\AppDataLow\Software\AskToolbar
Key Found : HKCU\Software\AppDataLow\Software\Conduit
Key Found : HKCU\Software\AppDataLow\Software\conduitEngine
Key Found : HKCU\Software\AppDataLow\Software\PriceGong
Key Found : HKCU\Software\AppDataLow\Toolbar
Key Found : HKCU\Software\Ask.com
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\conduitEngine
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Found : HKCU\Software\Softonic
Key Found : HKLM\SOFTWARE\APN
Key Found : HKLM\SOFTWARE\AskToolbar
Key Found : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Found : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Found : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Key Found : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Key Found : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Key Found : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Found : HKLM\SOFTWARE\Conduit
Key Found : HKLM\SOFTWARE\conduitEngine
Key Found : HKLM\SOFTWARE\DVDVideoSoftTB
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Scheduled Update for Ask Toolbar
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DVDVideoSoftTB Toolbar

***** [Registre - GUID] *****

Key Found : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Found : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Found : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Found : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Key Found : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[HKCU\Software\Microsoft\Internet Explorer\Main - Secondary Start Pages] = hxxp://search.conduit.com?SearchSource=10&ctid=CT2269050
hxxp://search.conduit.com?SearchSource=10&ctid=CT2269050

-\\ Mozilla Firefox v3.5.15 (de)

Profile name : default 
File : C:\Users\Rappold\AppData\Roaming\Mozilla\Firefox\Profiles\6rz0ztvy.default\prefs.js

Found : user_pref("CT2269050..clientLogIsEnabled", false);
Found : user_pref("CT2269050..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Found : user_pref("CT2269050..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Found : user_pref("CT2269050.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
Found : user_pref("CT2269050.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Found : user_pref("CT2269050.BrowserCompStateIsOpen_129681780741097243", true);
Found : user_pref("CT2269050.BrowserCompStateIsOpen_129853623028165512", true);
Found : user_pref("CT2269050.CTID", "CT2269050");
Found : user_pref("CT2269050.CurrentServerDate", "23-7-2012");
Found : user_pref("CT2269050.DialogsAlignMode", "LTR");
Found : user_pref("CT2269050.DialogsGetterLastCheckTime", "Sun Jul 22 2012 10:55:33 GMT+0200");
Found : user_pref("CT2269050.DownloadReferralCookieData", "");
Found : user_pref("CT2269050.EMailNotifierPollDate", "Sat Feb 26 2011 12:30:28 GMT+0100");
Found : user_pref("CT2269050.FirstServerDate", "25-2-2011");
Found : user_pref("CT2269050.FirstTime", true);
Found : user_pref("CT2269050.FirstTimeFF3", true);
Found : user_pref("CT2269050.FirstTimeSettingsDone", true);
Found : user_pref("CT2269050.FixPageNotFoundErrors", true);
Found : user_pref("CT2269050.GroupingServerCheckInterval", 1440);
Found : user_pref("CT2269050.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Found : user_pref("CT2269050.HasUserGlobalKeys", true);
Found : user_pref("CT2269050.Initialize", true);
Found : user_pref("CT2269050.InitializeCommonPrefs", true);
Found : user_pref("CT2269050.InstallationAndCookieDataSentCount", 3);
Found : user_pref("CT2269050.InstallationType", "UnknownIntegration");
Found : user_pref("CT2269050.InstalledDate", "Fri Feb 25 2011 19:23:32 GMT+0100");
Found : user_pref("CT2269050.InvalidateCache", false);
Found : user_pref("CT2269050.IsGrouping", false);
Found : user_pref("CT2269050.IsMulticommunity", false);
Found : user_pref("CT2269050.IsOpenThankYouPage", false);
Found : user_pref("CT2269050.IsOpenUninstallPage", false);
Found : user_pref("CT2269050.LanguagePackLastCheckTime", "Tue Jul 24 2012 18:13:54 GMT+0200");
Found : user_pref("CT2269050.LanguagePackReloadIntervalMM", 1440);
Found : user_pref("CT2269050.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Found : user_pref("CT2269050.LastLogin_2.7.2.0", "Sat Feb 26 2011 09:00:13 GMT+0100");
Found : user_pref("CT2269050.LastLogin_3.13.0.6", "Tue Jul 24 2012 18:13:54 GMT+0200");
Found : user_pref("CT2269050.LatestVersion", "3.14.1.0");
Found : user_pref("CT2269050.Locale", "en");
Found : user_pref("CT2269050.LoginCache", 4);
Found : user_pref("CT2269050.MCDetectTooltipHeight", "83");
Found : user_pref("CT2269050.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Found : user_pref("CT2269050.MCDetectTooltipWidth", "295");
Found : user_pref("CT2269050.MyStuffEnabledAtInstallation", true);
Found : user_pref("CT2269050.RadioIsPodcast", false);
Found : user_pref("CT2269050.RadioLastCheckTime", "Fri Feb 25 2011 19:23:34 GMT+0100");
Found : user_pref("CT2269050.RadioLastUpdateIPServer", "3");
Found : user_pref("CT2269050.RadioLastUpdateServer", "129132338014870000");
Found : user_pref("CT2269050.RadioMediaID", "12473383");
Found : user_pref("CT2269050.RadioMediaType", "Media Player");
Found : user_pref("CT2269050.RadioMenuSelectedID", "EBRadioMenu_CT226905012473383");
Found : user_pref("CT2269050.RadioStationName", "Hotmix%20108");
Found : user_pref("CT2269050.RadioStationURL", "hxxp://67.202.67.18:8082");
Found : user_pref("CT2269050.SavedHomepage", "");
Found : user_pref("CT2269050.SearchEngine", "Search||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TER[...]
Found : user_pref("CT2269050.SearchFromAddressBarIsInit", true);
Found : user_pref("CT2269050.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT226[...]
Found : user_pref("CT2269050.SearchInNewTabEnabled", true);
Found : user_pref("CT2269050.SearchInNewTabIntervalMM", 1440);
Found : user_pref("CT2269050.SearchInNewTabLastCheckTime", "Tue Jul 24 2012 18:13:53 GMT+0200");
Found : user_pref("CT2269050.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Found : user_pref("CT2269050.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageServic[...]
Found : user_pref("CT2269050.ServiceMapLastCheckTime", "Tue Jul 24 2012 18:13:53 GMT+0200");
Found : user_pref("CT2269050.SettingsCheckIntervalMin", 120);
Found : user_pref("CT2269050.SettingsLastCheckTime", "Tue Jul 24 2012 18:13:52 GMT+0200");
Found : user_pref("CT2269050.SettingsLastUpdate", "1341904940");
Found : user_pref("CT2269050.ThirdPartyComponentsInterval", 504);
Found : user_pref("CT2269050.ThirdPartyComponentsLastCheck", "Fri Feb 25 2011 19:23:30 GMT+0100");
Found : user_pref("CT2269050.ThirdPartyComponentsLastUpdate", "1246790578");
Found : user_pref("CT2269050.ToolbarShrinkedFromSetup", false);
Found : user_pref("CT2269050.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2269050");
Found : user_pref("CT2269050.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]
Found : user_pref("CT2269050.UserID", "UN05717810944743362");
Found : user_pref("CT2269050.ValidationData_Toolbar", 0);
Found : user_pref("CT2269050.WeatherNetwork", "");
Found : user_pref("CT2269050.WeatherPollDate", "Sat Feb 26 2011 12:20:29 GMT+0100");
Found : user_pref("CT2269050.WeatherUnit", "C");
Found : user_pref("CT2269050.alertChannelId", "666138");
Found : user_pref("CT2269050.clientLogIsEnabled", false);
Found : user_pref("CT2269050.clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asm[...]
Found : user_pref("CT2269050.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]
Found : user_pref("CT2269050.homepageProtectorEnableByLogin", true);
Found : user_pref("CT2269050.initDone", true);
Found : user_pref("CT2269050.myStuffEnabled", true);
Found : user_pref("CT2269050.myStuffPublihserMinWidth", 400);
Found : user_pref("CT2269050.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Found : user_pref("CT2269050.myStuffServiceIntervalMM", 1440);
Found : user_pref("CT2269050.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Found : user_pref("CT2269050.revertSettingsEnabled", true);
Found : user_pref("CT2269050.searchProtectorDialogDelayInSec", 10);
Found : user_pref("CT2269050.searchProtectorEnableByLogin", true);
Found : user_pref("CT2269050.testingCtid", "");
Found : user_pref("CT2269050.toolbarAppMetaDataLastCheckTime", "Tue Jul 24 2012 18:13:54 GMT+0200");
Found : user_pref("CT2269050.uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Reg[...]
Found : user_pref("CT2269050.usagesFlag", 2);
Found : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2269050/CT2269050[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/909619/905414/AT", "\"0\"")[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2269050", [...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.engine.conduit-services.com/DLG.pkg?ver=3.3.3[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.13[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2269050",[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=0", "63[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=3/13/20[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=EB_LOCALE",[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"229[...]
Found : user_pref("CommunityToolbar.EngineOwner", "ConduitEngine");
Found : user_pref("CommunityToolbar.EngineOwnerGuid", "engine@conduit.com");
Found : user_pref("CommunityToolbar.EngineOwnerToolbarId", "conduitengine");
Found : user_pref("CommunityToolbar.IsEngineShown", true);
Found : user_pref("CommunityToolbar.IsMyStuffImportedToEngine", true);
Found : user_pref("CommunityToolbar.OriginalEngineOwner", "ConduitEngine");
Found : user_pref("CommunityToolbar.OriginalEngineOwnerGuid", "engine@conduit.com");
Found : user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", "conduitengine");
Found : user_pref("CommunityToolbar.ToolbarsList", "CT2269050,ConduitEngine");
Found : user_pref("CommunityToolbar.ToolbarsList2", "CT2269050");
Found : user_pref("CommunityToolbar.alert.alertDialogsGetterLastCheckTime", "Thu Jun 28 2012 14:03:23 GMT+02[...]
Found : user_pref("CommunityToolbar.alert.alertInfoInterval", 60);
Found : user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Tue Jul 24 2012 19:13:56 GMT+0200");
Found : user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com");
Found : user_pref("CommunityToolbar.alert.locale", "");
Found : user_pref("CommunityToolbar.alert.loginIntervalMin", 0);
Found : user_pref("CommunityToolbar.alert.loginLastCheckTime", "Tue Jul 24 2012 18:13:47 GMT+0200");
Found : user_pref("CommunityToolbar.alert.loginLastUpdateTime", "");
Found : user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);
Found : user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");
Found : user_pref("CommunityToolbar.alert.showTrayIcon", false);
Found : user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);
Found : user_pref("CommunityToolbar.alert.userId", "aa13ff6d-18d9-4499-9097-a0f40216e765");
Found : user_pref("CommunityToolbar.globalUserId", "2b4c9378-4e63-4b14-9454-d81ee00704b7");
Found : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Found : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Found : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT2269050");
Found : user_pref("ConduitEngine.AppTrackingLastCheckTime", "Thu Jul 19 2012 07:22:58 GMT+0200");
Found : user_pref("ConduitEngine.CTID", "ConduitEngine");
Found : user_pref("ConduitEngine.DialogsGetterLastCheckTime", "Sun Jul 22 2012 10:55:34 GMT+0200");
Found : user_pref("ConduitEngine.FirstServerDate", "04/11/2011 13");
Found : user_pref("ConduitEngine.FirstTime", true);
Found : user_pref("ConduitEngine.FirstTimeFF3", true);
Found : user_pref("ConduitEngine.HasUserGlobalKeys", true);
Found : user_pref("ConduitEngine.Initialize", true);
Found : user_pref("ConduitEngine.InitializeCommonPrefs", true);
Found : user_pref("ConduitEngine.InstalledDate", "Thu Apr 14 2011 12:26:53 GMT+0200");
Found : user_pref("ConduitEngine.IsMulticommunity", false);
Found : user_pref("ConduitEngine.IsOpenThankYouPage", false);
Found : user_pref("ConduitEngine.IsOpenUninstallPage", true);
Found : user_pref("ConduitEngine.LanguagePackLastCheckTime", "Tue Jul 24 2012 18:13:50 GMT+0200");
Found : user_pref("ConduitEngine.LastLogin_3.3.3.2", "Tue Jul 24 2012 18:13:49 GMT+0200");
Found : user_pref("ConduitEngine.SearchFromAddressBarIsInit", true);
Found : user_pref("ConduitEngine.SettingsLastCheckTime", "Tue Jul 24 2012 18:13:50 GMT+0200");
Found : user_pref("ConduitEngine.UserID", "UN65727272573717313");
Found : user_pref("ConduitEngine.componentAlertEnabled", false);
Found : user_pref("ConduitEngine.engineLocale", "de");
Found : user_pref("ConduitEngine.enngineContextMenuLastCheckTime", "Tue Jul 24 2012 18:13:49 GMT+0200");
Found : user_pref("ConduitEngine.globalFirstTimeInfoLastCheckTime", "Tue Jul 24 2012 18:13:50 GMT+0200");
Found : user_pref("ConduitEngine.initDone", true);
Found : user_pref("ConduitEngine.isAppTrackingManagerOn", true);
Found : user_pref("ConduitEngine.usagesFlag", 2);
Found : user_pref("extensions.asktb.InstallDir", "C:\\Program Files\\Ask.com\\");
Found : user_pref("extensions.asktb.abar-war-regex", "conduit\\.com");
Found : user_pref("extensions.asktb.abar-war-timeout", "4000");
Found : user_pref("extensions.asktb.autofill-competitor-query-enabled", true);
Found : user_pref("extensions.asktb.autofill-text-highlight-enabled", true);
Found : user_pref("extensions.asktb.cbid", "J7");
Found : user_pref("extensions.asktb.config-updated", true);
Found : user_pref("extensions.asktb.default-channel-url-mask", "hxxp://www.ask.com/web?q={query}&o={o}&l={l}[...]
Found : user_pref("extensions.asktb.displaybehavior", "");
Found : user_pref("extensions.asktb.displaytext", "");
Found : user_pref("extensions.asktb.dyn-weather-do-locid-lookup-weatherWidget", true);
Found : user_pref("extensions.asktb.fresh-install", false);
Found : user_pref("extensions.asktb.guid", "2119DF8F-4178-4B63-8D02-D4D8B42844D0");
Found : user_pref("extensions.asktb.hxxp-header-whitelist-hosts", "[\"static-dev.en.dev.ask.com\", \"ask.com[...]
Found : user_pref("extensions.asktb.if", "su");
Found : user_pref("extensions.asktb.l", "dis");
Found : user_pref("extensions.asktb.last-config-req", "1343053983460");
Found : user_pref("extensions.asktb.last-search-timestamp", "1305553315817");
Found : user_pref("extensions.asktb.last-v", "3.12.2.100006");
Found : user_pref("extensions.asktb.locale", "de_US");
Found : user_pref("extensions.asktb.lstation", "");
Found : user_pref("extensions.asktb.news-native-on", true);
Found : user_pref("extensions.asktb.o", "14979");
Found : user_pref("extensions.asktb.overlay-reloaded-using-restart", true);
Found : user_pref("extensions.asktb.pstate", "");
Found : user_pref("extensions.asktb.qsrc", "2871");
Found : user_pref("extensions.asktb.r", "8");
Found : user_pref("extensions.asktb.sa", "NO");
Found : user_pref("extensions.asktb.search-history-queries", "x.at||mature free sex movie");
Found : user_pref("extensions.asktb.search-suggestions-enabled", true);
Found : user_pref("extensions.asktb.silent-upgrade", true);
Found : user_pref("extensions.asktb.silent-upgrade-from-pre-newtabs-build", true);
Found : user_pref("extensions.asktb.socialmini-first", true);
Found : user_pref("extensions.asktb.socialmini-interval", "1200000");
Found : user_pref("extensions.asktb.socialmini-max-char-ticker", "33");
Found : user_pref("extensions.asktb.socialmini-max-items", "30");
Found : user_pref("extensions.asktb.socialmini-native-on", true);
Found : user_pref("extensions.asktb.socialmini-speed", "5000");
Found : user_pref("extensions.asktb.socialmini-transition-first-open", false);
Found : user_pref("extensions.asktb.themeid", "");
Found : user_pref("extensions.asktb.timeinstalled", "10.01.2012 09:40:28");
Found : user_pref("extensions.asktb.v", "3.14.1.100013");
Found : user_pref("extensions.asktb.version", "5.14.1.20007");
Found : user_pref("extensions.asktb.volume", "");

-\\ Google Chrome v20.0.1132.57

File : C:\Users\Rappold\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [20860 octets] - [29/07/2012 21:43:18]

########## EOF - C:\AdwCleaner[R1].txt - [20989 octets] ##########
         
Lg PagOcv


Alt 29.07.2012, 21:57   #6
t'john
/// Helfer-Team
 
Polizei EInheit 5.2 - Standard

Polizei EInheit 5.2



Sehr gut!


  • Schließe alle offenen Programme und Browser.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Delete.
  • Bestätige jeweils mit Ok.
  • Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[S1].txt.




danach:


Malware-Scan mit Emsisoft Anti-Malware

Lade die Gratisversion von => Emsisoft Anti-Malware herunter und installiere das Programm.
Lade über Jetzt Updaten die aktuellen Signaturen herunter.
Wähle den Freeware-Modus aus.

Wähle Detail Scan und starte über den Button Scan die Überprüfung des Computers.
Am Ende des Scans nichts loeschen lassen!. Mit Klick auf Bericht speichern das Logfile auf dem Desktop speichern und hier in den Thread posten.

Anleitung: http://www.trojaner-board.de/103809-...i-malware.html
__________________
--> Polizei EInheit 5.2

Alt 14.08.2012, 06:09   #7
t'john
/// Helfer-Team
 
Polizei EInheit 5.2 - Standard

Polizei EInheit 5.2



Fehlende Rückmeldung

Gibt es Probleme beim Abarbeiten obiger Anleitung?

Um Kapazitäten für andere Hilfesuchende freizumachen, lösche ich dieses Thema aus meinen Benachrichtigungen.

Solltest Du weitermachen wollen, schreibe mir eine PN oder eröffne ein neues Thema.
http://www.trojaner-board.de/69886-a...-beachten.html


Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner sauber ist.
__________________
Mfg, t'john
Das TB unterstützen

Antwort

Themen zu Polizei EInheit 5.2
32 bit, antivirus, avira, bho, bonjour, computer, conduit, converter, cubase, desktop, error, excel, failed, firefox, flash player, helper, home, iexplore.exe, install.exe, intranet, logfile, malware, microsoft office 2003, mp3, polizei warnung, recycle.bin, registry, scan, searchscopes, security, software, super, svchost.exe, trojaner-board, virus, vista



Ähnliche Themen: Polizei EInheit 5.2


  1. Polizei Einheit 5.2 Virus Österreich
    Plagegeister aller Art und deren Bekämpfung - 24.04.2013 (4)
  2. POLIZEI Computerkriminalität des criminal intelligence Service Einheit 5.2
    Log-Analyse und Auswertung - 26.09.2012 (2)
  3. Computerkriminalität des CIS Einheit 5.2
    Plagegeister aller Art und deren Bekämpfung - 14.09.2012 (9)
  4. Polizei Einheit 5.2 Computer gesperrt wg. Kinderpornografie, Terrorismus, etc.
    Log-Analyse und Auswertung - 04.09.2012 (18)
  5. Polizei Einheit 5.2 Trojaner sperrt Computer
    Log-Analyse und Auswertung - 04.09.2012 (5)
  6. POLIZEI Einheit 5.2 - Virus ....HILFE!
    Log-Analyse und Auswertung - 16.08.2012 (9)
  7. Windows 7 Polizei Einheit 5.2
    Plagegeister aller Art und deren Bekämpfung - 10.08.2012 (16)
  8. Polizei Einheit 5.2 Virus Österreich
    Log-Analyse und Auswertung - 07.08.2012 (6)
  9. Polizei Einheit 5.2 Virus Österreich Virus
    Log-Analyse und Auswertung - 05.08.2012 (14)
  10. "Polizei Einheit 5.2" Trojaner
    Log-Analyse und Auswertung - 30.07.2012 (2)
  11. Bin Opfer von "Polizei einheit 5.2" Trojaner
    Log-Analyse und Auswertung - 28.07.2012 (23)
  12. Virus: Einheit 5.2 Polizei BPD 100€
    Plagegeister aller Art und deren Bekämpfung - 26.07.2012 (6)
  13. Polizei Trojaner Einheit 5.2 (Österrech)
    Plagegeister aller Art und deren Bekämpfung - 16.07.2012 (8)
  14. Polizei, Einheit 5.2
    Plagegeister aller Art und deren Bekämpfung - 15.07.2012 (1)
  15. Polizei Virus Einheit 5.2 Österreich - Windows funktioniert sonst noch
    Log-Analyse und Auswertung - 09.07.2012 (1)
  16. Virus: Einheit 5.2 Polizei BPD 100€
    Log-Analyse und Auswertung - 02.04.2012 (1)

Zum Thema Polizei EInheit 5.2 - Hallo Leute, ich bin auch neu hier und wie so einige andere hat auch mich die "Polizei Einheit 5.2..." heimgesucht und meinen Computer lahm gelegt. Habe mir bisher einiges zu - Polizei EInheit 5.2...
Archiv
Du betrachtest: Polizei EInheit 5.2 auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.