Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   GVU Computer gesperrt (https://www.trojaner-board.de/123204-gvu-computer-gesperrt.html)

DIGE 31.08.2012 20:08
GVU Computer gesperrt
 
Hallo habe mir den GVU "Computer gesperrt" Virus eingefangen.
In den Hilfen steht immer eine Systemwiederherstellung machen.
Ich komme aber nicht zur EIngabeaufforderung um eine Systemwiederherstllung zu starten.
Zudem ist mein CD Laufwerk defekt, so dass meine BOOT-CD von Paragon (habe vor 3 Tagen ein Backup erstellt, nicht startet.
Was kann ich tun?
Habe sehr wertvolle Daten auf dem PC
Mein Betriebssystem ist VISTA

t'john 01.09.2012 02:46
:hallo:

Falls abgesicherter Modus (mit Netzwerktreibern) nicht geht

Von einem sauberen PC OTL.exe runterladen auf USB Stick.
Infizierten Rechner ohne Internet starten. OTL.exe auf Desktop kopieren und Log erstellen.

Systemscan mit OTL (bebilderte Anleitung)

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop ( falls noch nicht vorhanden)- Doppelklick auf die OTL.exe
- Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
- Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
- Unter Extra Registry, wähle bitte Use SafeList
- Klicke nun auf Run Scan links oben
- Wenn der Scan beendet wurde werden 2 Logfiles erstellt
- Poste die Logfiles hier in den Thread.

DIGE 01.09.2012 06:16
Irgendwie (keine Ahnung wie) ist es mir gelungen den PC im abgesicherten Modus zu starten und eine Systemwiederherstullung durchzuführen. PC scheint nun wieder zu funktionieren...

Hallo t`john

Danke für deine schnelle Reaktion.
Hier sind die zwei Dateien (hoffe ich habe es richtig gemacht...)

Bin in diesen Sachen sehr unerfahren, bitte höflich um eine verständliche Antwort, was nun zu tun ist.

(P.S. Habe es geschafft, meinen PC in eine frühere Systemwiederherstellung zu bringen und habe den ganzen Tag keine Unauffälligkeit mehr bemerkt)OTL Logfile:
Code:
OTL logfile created on: 01.09.2012 18:54:43 - Run 1
OTL by OldTimer - Version 3.2.59.1    Folder = C:\Users\Egid\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,25 Gb Total Physical Memory | 1,68 Gb Available Physical Memory | 51,81% Memory free
6,71 Gb Paging File | 5,09 Gb Available in Paging File | 75,87% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 462,64 Gb Total Space | 163,85 Gb Free Space | 35,42% Space Free | Partition Type: NTFS
Drive D: | 19,99 Gb Total Space | 1,85 Gb Free Space | 9,27% Space Free | Partition Type: FAT32
Drive E: | 448,87 Gb Total Space | 235,40 Gb Free Space | 52,44% Space Free | Partition Type: NTFS
Drive K: | 931,51 Gb Total Space | 93,45 Gb Free Space | 10,03% Space Free | Partition Type: NTFS
Drive N: | 1863,01 Gb Total Space | 565,66 Gb Free Space | 30,36% Space Free | Partition Type: NTFS
 
Computer Name: EGID-PC0509 | User Name: Egid | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Egid\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Avira\AntiVir Desktop\avscan.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avcenter.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Guard-ICQ\GuardICQ.exe ()
PRC - C:\Program Files\Microsoft Office 2007\Office14\OUTLOOK.EXE (Microsoft Corporation)
PRC - C:\Program Files\Microsoft Office 2007\Office14\MSOSYNC.EXE (Microsoft Corporation)
PRC - C:\Program Files\Samsung\FW LiveUpdate\FWManager.exe ( )
PRC - C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG)
PRC - C:\Program Files\ControlCenter4\BrCcUxSys.exe (Brother Industries, Ltd.)
PRC - C:\Program Files\ControlCenter4\BrCtrlCntr.exe (Brother Industries, Ltd.)
PRC - C:\Program Files\Application Updater\ApplicationUpdater.exe (Spigot, Inc.)
PRC - C:\Program Files\Paragon Software\Backup and Recovery 10 Suite\program\dbhservice.exe (Paragon Software Group)
PRC - C:\Program Files\Paragon Software\Backup and Recovery 10 Suite\program\dbhagent.exe (Paragon Software Group)
PRC - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
PRC - C:\Program Files\Nuance\PaperPort\pptd40nt.exe (Nuance Communications, Inc.)
PRC - C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe (Nuance Communications, Inc.)
PRC - C:\Program Files\Nuance\PDF Viewer Plus\pdfPro5Hook.exe (Nuance Communications, Inc.)
PRC - C:\Program Files\MAGIX\PC_Check_Tuning_2010\MxTray.exe ()
PRC - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
PRC - C:\Program Files\avmwlanstick\WLanNetService.exe (AVM Berlin)
PRC - C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe (Acresso Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\TechniSat DVB\bin\Server4PC.exe (TechniSat Digital, S.A.)
PRC - C:\Windows\Samsung\PanelMgr\SSMMgr.exe ()
PRC - C:\Program Files\RALINK\Common\RaUI.exe (Ralink Technology, Corp.)
PRC - C:\Program Files\RALINK\Common\RalinkRegistryWriter.exe ()
PRC - C:\Program Files\Common Files\AVM\De_serv.exe (AVM Berlin)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe ()
PRC - C:\Windows\System32\PSIService.exe ()
PRC - C:\Program Files\SANYO\XactiScreenCapture\SetClip.exe (SANYO Electric Co., Ltd.)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files\Guard-ICQ\GuardICQ.exe ()
MOD - C:\Program Files\Samsung\FW LiveUpdate\LiveUpdate.dat ()
MOD - C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF ()
MOD - C:\Program Files\Microsoft Office 2007\Office14\ADDINS\UmOutlookAddin.dll ()
MOD - C:\Program Files\MAGIX\PC_Check_Tuning_2010\MxTray.exe ()
MOD - C:\Program Files\MAGIX\PC_Check_Tuning_2010\MFL_u_VC8.dll ()
MOD - C:\Program Files\Brother\BrUtilities\BrLogAPI.dll ()
MOD - C:\Program Files\WinRAR\RarExt.dll ()
MOD - C:\Program Files\TechniSat DVB\bin\libbz2.dll ()
MOD - C:\Windows\Samsung\PanelMgr\SSMMgr.exe ()
MOD - C:\Program Files\MAGIX\PC_Check_Tuning_2010\PlayRIpl.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (Guard.Mail.ru) -- C:\Program Files\Guard-ICQ\GuardICQ.exe ()
SRV - (Sony PC Companion) -- C:\Program Files\Sony\Sony PC Companion\PCCService.exe (Avanquest Software)
SRV - (Fabs) -- C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG)
SRV - (FirebirdServerMAGIXInstance) -- C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe (MAGIX®)
SRV - (Application Updater) -- C:\Program Files\Application Updater\ApplicationUpdater.exe (Spigot, Inc.)
SRV - (Disk Utility Dienst) -- C:\Program Files\Paragon Software\Backup and Recovery 10 Suite\program\dbhservice.exe (Paragon Software Group)
SRV - (ACDaemon) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
SRV - (PDFProFiltSrvPP) -- C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe (Nuance Communications, Inc.)
SRV - (BrYNSvc) -- C:\Program Files\Browny02\BrYNSvc.exe (Brother Industries, Ltd.)
SRV - (Nero BackItUp Scheduler 4.0) -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
SRV - (AVM WLAN Connection Service) -- C:\Program Files\avmwlanstick\WLanNetService.exe (AVM Berlin)
SRV - (RalinkRegistryWriter) -- C:\Program Files\RALINK\Common\RalinkRegistryWriter.exe ()
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (de_serv) -- C:\Program Files\Common Files\AVM\De_serv.exe (AVM Berlin)
SRV - (IAANTMON) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (DTSRVC) -- C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe ()
SRV - (ProtexisLicensing) -- C:\Windows\System32\PSIService.exe ()
SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation)
SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation)
SRV - (PCLEPCI) -- C:\Windows\System32\drivers\Pclepci.sys (Pinnacle Systems GmbH)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (cpuz132) -- C:\Users\Egid\AppData\Local\Temp\cpuz132\cpuz132_x32.sys File not found
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH)
DRV - (ggsemc) -- C:\Windows\System32\drivers\ggsemc.sys (Sony Ericsson Mobile Communications)
DRV - (ggflt) -- C:\Windows\System32\drivers\ggflt.sys (Sony Ericsson Mobile Communications)
DRV - (Uim_IM) -- C:\Windows\System32\drivers\Uim_IM.sys (Paragon)
DRV - (hotcore3) -- C:\Windows\System32\drivers\hotcore3.sys (Paragon Software Group)
DRV - (UimBus) -- C:\Windows\System32\drivers\UimBus.sys (Windows (R) 2000 DDK provider)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (BrUsbSIb) -- C:\Windows\System32\drivers\BrUsbSib.sys (Brother Industries Ltd.)
DRV - (BrSerIb) -- C:\Windows\System32\drivers\BrSerIb.sys (Brother Industries Ltd.)
DRV - ({B154377D-700F-42cc-9474-23858FBDF4BD}) -- C:\Program Files\HomeCinema\PowerDVD9\000.fcl (CyberLink Corp.)
DRV - (ACEDRV05) -- C:\Windows\System32\drivers\ACEDRV05.sys (Protect Software GmbH)
DRV - (atksgt) -- C:\Windows\System32\drivers\atksgt.sys ()
DRV - (lirsgt) -- C:\Windows\System32\drivers\lirsgt.sys ()
DRV - (ACEDRV07) -- C:\Windows\System32\drivers\ACEDRV07.sys (Protect Software GmbH)
DRV - (FWLANUSB) -- C:\Windows\System32\drivers\fwlanusb.sys (AVM GmbH)
DRV - (avmeject) -- C:\Windows\System32\drivers\avmeject.sys (AVM Berlin)
DRV - (WINUSB) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (DiskSec) -- C:\Windows\System32\drivers\disksec.sys (MAGIX)
DRV - (mod7700) -- C:\Windows\System32\drivers\dvb7700all.sys (DiBcom)
DRV - (SKYNETU2) -- C:\Windows\System32\drivers\SkyNETU2.sys (TechniSat Digital, S.A.)
DRV - (e1express) -- C:\Windows\System32\drivers\e1e6032.sys (Intel Corporation)
DRV - (NETFRITZ) -- C:\Windows\System32\drivers\Netfritz.sys (AVM Berlin)
DRV - (netr28u) -- C:\Windows\System32\drivers\netr28u.sys (Ralink Technology Corp.)
DRV - (DgiVecp) -- C:\Windows\System32\drivers\DGIVECP.SYS (Samsung Electronics Co., Ltd.)
DRV - (SSPORT) -- C:\Windows\System32\drivers\SSPORT.SYS (Samsung Electronics)
DRV - (MarvinBus) -- C:\Windows\System32\drivers\MarvinBus.sys (Pinnacle Systems GmbH)
DRV - (PdiPorts) -- C:\Windows\System32\drivers\PdiPorts.sys (Portrait Displays, Inc.)
DRV - (FPCIBASE) -- C:\Windows\System32\drivers\fpcibase.sys (AVM Berlin)
DRV - (AVMCOWAN) -- C:\Windows\System32\drivers\avmcowan.sys (AVM GmbH)
DRV - (RTL8023xp) -- C:\Windows\System32\drivers\Rtnicxp.sys (Realtek Semiconductor Corporation                          )
DRV - (pfc) -- C:\Windows\System32\drivers\pfc.sys (Padus, Inc.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = Welcome to ALDI
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://start.facemoods.com/?a=make&s={searchTerms}&f=4
IE - HKLM\..\URLSearchHook:  - No CLSID value found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found
IE - HKLM\..\URLSearchHook: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files\DVDVideoSoft\prxtbDVD0.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDC
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKU\.DEFAULT\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDC
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKU\S-1-5-18\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDC
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-2098766894-1304471659-3782201599-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = Welcome to ALDI
IE - HKU\S-1-5-21-2098766894-1304471659-3782201599-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Babylon Search
IE - HKU\S-1-5-21-2098766894-1304471659-3782201599-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-2098766894-1304471659-3782201599-1000\..\URLSearchHook:  - No CLSID value found
IE - HKU\S-1-5-21-2098766894-1304471659-3782201599-1000\..\URLSearchHook: {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\pdfforge Toolbar\SearchSettings.dll (Spigot, Inc.)
IE - HKU\S-1-5-21-2098766894-1304471659-3782201599-1000\..\URLSearchHook: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files\DVDVideoSoft\prxtbDVD0.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-2098766894-1304471659-3782201599-1000\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKU\S-1-5-21-2098766894-1304471659-3782201599-1000\..\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}: "URL" = hxxp://start.facemoods.com/?a=make&s={searchTerms}&f=4
IE - HKU\S-1-5-21-2098766894-1304471659-3782201599-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&affID=112555&tt=130812_ffmnt_3312_8&babsrc=SP_ss&mntrId=cedae390000000000000000777640932
IE - HKU\S-1-5-21-2098766894-1304471659-3782201599-1000\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKU\S-1-5-21-2098766894-1304471659-3782201599-1000\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDC_de
IE - HKU\S-1-5-21-2098766894-1304471659-3782201599-1000\..\SearchScopes\{7BB23F66-02EA-4D8D-A639-6576F3806E4C}: "URL" = hxxp://search.yahoo.com/search?ei=utf-8&fr=chr-greentree_ie&p={searchTerms}
IE - HKU\S-1-5-21-2098766894-1304471659-3782201599-1000\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050
IE - HKU\S-1-5-21-2098766894-1304471659-3782201599-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=302398"
FF - prefs.js..browser.search.selectedEngine: "Search the web (Babylon)"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.schule-rieden.de"
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.4
FF - prefs.js..extensions.enabledItems: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f}:2.5.6.0
FF - prefs.js..extensions.enabledItems: pdfforge@mybrowserbar.com:1.1.2
FF - prefs.js..extensions.enabledItems: searchsettings@spigot.com:1.2.3
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:2.7.0.14
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.2.5.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..keyword.URL: "hxxp://search.babylon.com/?babsrc=SP_ss&mntrId=cedae390000000000000000777640932&tlver=1.6.4.6&instlRef=sst&babTrack&q="
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_271.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MI69DF~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MI69DF~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@SonyCreativeSoftware.com/Media Go,version=1.0: C:\Program Files\Sony\Media Go\npmediago.dll (Sony Media Software and Services Inc)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011.05.16 17:16:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011.05.16 17:16:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\fmconverter@gmail.com: C:\Program Files\Freemake\Freemake Video Converter\BrowserPlugin\Firefox\ [2011.12.11 10:18:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.08.31 21:26:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.08.17 23:58:55 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.08.31 21:26:57 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.08.17 23:58:55 | 000,000,000 | ---D | M]
 
[2009.12.05 13:40:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Egid\AppData\Roaming\mozilla\Extensions
[2009.09.04 17:31:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Egid\AppData\Roaming\mozilla\Extensions\sz@mast.er
[2012.08.31 21:32:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Egid\AppData\Roaming\mozilla\Firefox\Profiles\vmwcru4g.default\extensions
[2010.04.27 14:35:12 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Egid\AppData\Roaming\mozilla\Firefox\Profiles\vmwcru4g.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012.07.25 21:04:01 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\Egid\AppData\Roaming\mozilla\Firefox\Profiles\vmwcru4g.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2011.08.02 23:40:27 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Egid\AppData\Roaming\mozilla\Firefox\Profiles\vmwcru4g.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.03.31 10:04:00 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Egid\AppData\Roaming\mozilla\Firefox\Profiles\vmwcru4g.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011.03.26 14:34:58 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Egid\AppData\Roaming\mozilla\Firefox\Profiles\vmwcru4g.default\extensions\engine@conduit.com
[2012.08.15 23:40:38 | 000,000,000 | ---D | M] (Babylon) -- C:\Users\Egid\AppData\Roaming\mozilla\Firefox\Profiles\vmwcru4g.default\extensions\ffxtlbr@babylon.com
[2012.09.01 15:21:13 | 000,000,950 | ---- | M] () -- C:\Users\Egid\AppData\Roaming\Mozilla\Firefox\Profiles\vmwcru4g.default\searchplugins\icqplugin-1.xml
[2012.03.27 12:31:30 | 000,000,950 | ---- | M] () -- C:\Users\Egid\AppData\Roaming\Mozilla\Firefox\Profiles\vmwcru4g.default\searchplugins\icqplugin-2.xml
[2012.03.30 15:14:11 | 000,000,950 | ---- | M] () -- C:\Users\Egid\AppData\Roaming\Mozilla\Firefox\Profiles\vmwcru4g.default\searchplugins\icqplugin-3.xml
[2012.05.05 09:59:04 | 000,000,950 | ---- | M] () -- C:\Users\Egid\AppData\Roaming\Mozilla\Firefox\Profiles\vmwcru4g.default\searchplugins\icqplugin-4.xml
[2012.07.03 12:22:54 | 000,000,950 | ---- | M] () -- C:\Users\Egid\AppData\Roaming\Mozilla\Firefox\Profiles\vmwcru4g.default\searchplugins\icqplugin-5.xml
[2012.07.24 17:24:40 | 000,000,950 | ---- | M] () -- C:\Users\Egid\AppData\Roaming\Mozilla\Firefox\Profiles\vmwcru4g.default\searchplugins\icqplugin-6.xml
[2012.07.31 19:38:13 | 000,000,950 | ---- | M] () -- C:\Users\Egid\AppData\Roaming\Mozilla\Firefox\Profiles\vmwcru4g.default\searchplugins\icqplugin-7.xml
[2012.08.31 12:18:39 | 000,000,950 | ---- | M] () -- C:\Users\Egid\AppData\Roaming\Mozilla\Firefox\Profiles\vmwcru4g.default\searchplugins\icqplugin-8.xml
[2012.03.18 11:14:58 | 000,001,056 | ---- | M] () -- C:\Users\Egid\AppData\Roaming\Mozilla\Firefox\Profiles\vmwcru4g.default\searchplugins\icqplugin.xml
[2012.03.19 17:22:01 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012.08.20 12:52:49 | 000,138,614 | ---- | M] () (No name found) -- C:\USERS\EGID\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VMWCRU4G.DEFAULT\EXTENSIONS\{D40F5E7B-D2CF-4856-B441-CC613EEFFBE3}.XPI
[2012.07.19 17:31:36 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.06.25 22:41:24 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.08.15 23:39:11 | 000,002,362 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2012.08.31 09:40:35 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.06.25 22:41:24 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011.12.11 10:20:43 | 000,002,047 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fcmdSrch.xml
[2012.06.25 22:41:24 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.25 22:41:24 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.25 22:41:24 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: ::1            localhost
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (ICQ Sparberater) - {0766C1B9-B2DC-46E5-8934-4F3D6B42B1BD} - C:\Program Files\icq\Internet Explorer\icq.dll (solute gmbh)
O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (PlusIEEventHelper Class) - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files\Nuance\PDF Viewer Plus\bin\PlusIEContextMenu.dll (Zeon Corporation)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (CescrtHlpr Object) - {64182481-4F71-486b-A045-B233BD0DA8FC} - C:\Program Files\facemoods.com\facemoods\1.4.17.11\bh\facemoods.dll (facemoods.com BHO)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 2007\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\1.1.2\pdfforgeToolbarIE.dll (Spigot, Inc.)
O2 - BHO: (FDMIECookiesBHO Class) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll ()
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Reg Error: Value error.) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\pdfforge Toolbar\SearchSettings.dll (Spigot, Inc.)
O2 - BHO: (DVDVideoSoftTB Toolbar) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files\DVDVideoSoft\prxtbDVD0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (&TerraTec Home Cinema) - {AD6E6555-FB2C-47D4-8339-3E2965509877} - C:\Program Files\TerraTec\TerraTec Home Cinema\THCDeskBand.dll (TerraTec Electronic GmbH)
O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\1.1.2\pdfforgeToolbarIE.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (facemoods Toolbar) - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - C:\Program Files\facemoods.com\facemoods\1.4.17.11\facemoodsTlbr.dll (facemoods.com)
O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files\DVDVideoSoft\prxtbDVD0.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-2098766894-1304471659-3782201599-1000\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {E9911EC6-1BCC-40B0-9993-E0EEA7F6953F} - C:\Program Files\DVDVideoSoft\prxtbDVD0.dll (Conduit Ltd.)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [BrStsMon00] C:\Program Files\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [ControlCenter4] C:\Program Files\ControlCenter4\BrCcBoot.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [DBHAgent] C:\Program Files\Paragon Software\Backup and Recovery 10 Suite\program\dbhagent.exe (Paragon Software Group)
O4 - HKLM..\Run: [facemoods] C:\Program Files\facemoods.com\facemoods\1.4.17.11\facemoodssrv.exe (facemoods.com)
O4 - HKLM..\Run: [Guard.Mail.ru.gui] C:\Program Files\Guard-ICQ\GuardICQ.exe ()
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [IndexSearch] C:\Program Files\Nuance\PaperPort\IndexSearch.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [Name of App] C:\Program Files\SAMSUNG\FW LiveUpdate\FWManager.exe ( )
O4 - HKLM..\Run: [NWEReboot]  File not found
O4 - HKLM..\Run: [PaperPort PTD] C:\Program Files\Nuance\PaperPort\pptd40nt.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PDF5 Registry Controller] C:\Program Files\Nuance\PDF Viewer Plus\RegistryController.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PDFHook] C:\Program Files\Nuance\PDF Viewer Plus\pdfPro5Hook.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PPort12reminder] C:\Program Files\Nuance\PaperPort\Ereg\Ereg.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\SSMMgr.exe ()
O4 - HKLM..\Run: [TrayServer] C:\Program Files\MAGIX\Video_deluxe_MX_Plus\Trayserver_DE.exe (MAGIX AG)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-2098766894-1304471659-3782201599-1000..\Run: [fsm]  File not found
O4 - HKU\S-1-5-21-2098766894-1304471659-3782201599-1000..\Run: [ICQ] C:\Program Files\ICQ7.7\ICQ.exe (ICQ, LLC.)
O4 - HKU\S-1-5-21-2098766894-1304471659-3782201599-1000..\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe (Acresso Corporation)
O4 - HKU\S-1-5-21-2098766894-1304471659-3782201599-1000..\Run: [OfficeSyncProcess] C:\Program Files\Microsoft Office 2007\Office14\MSOSYNC.EXE (Microsoft Corporation)
O7 - HKU\S-1-5-21-2098766894-1304471659-3782201599-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 0
O7 - HKU\S-1-5-21-2098766894-1304471659-3782201599-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O8 - Extra context menu item: An OneNote s&enden - C:\Program Files\Microsoft Office 2007\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Egid\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Program Files\Microsoft Office 2007\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Save YouTube Video as MP3 - C:\Program Files\Common Files\DVDVideoSoft\Dll\IEContextMenuY.dll (DVSTeam)
O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - eBay - eine der größten deutschen Shopping-Websites File not found
O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - eBay - eine der größten deutschen Shopping-Websites File not found
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 2007\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 2007\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Program Files\ICQ7.7\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Program Files\ICQ7.7\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 2007\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 2007\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {4F63D44B-6274-4D60-8AB1-CAA7116B8AF3} file:///C:/Users/Egid/Desktop/components/A9.ocx (A9Helper.A9)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0C5C3694-D3A9-46BF-BE77-7BD029D19A78}: NameServer = 192.168.120.252,192.168.120.253
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{560BD452-69EC-4EDB-A29A-717196D72941}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9A1B7779-C1A6-4BD4-B61E-F88EEC3175B6}: DhcpNameServer = 192.168.2.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Egid\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Egid\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 0
O32 - AutoRun File - [2009.05.31 18:47:05 | 000,000,121 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2011.08.16 03:19:41 | 000,000,000 | RH-D | M] - N:\autorun -- [ NTFS ]
O32 - Unable to obtain root file information for disk N:\
O33 - MountPoints2\{1cc4fa29-0c0c-11df-900c-000777640932}\Shell - "" = AutoRun
O33 - MountPoints2\{1cc4fa29-0c0c-11df-900c-000777640932}\Shell\AutoRun\command - "" = L:\LaunchU3.exe -a
O33 - MountPoints2\{2144d007-4a37-11de-9fe8-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{2144d007-4a37-11de-9fe8-806e6f6e6963}\Shell\AutoRun\command - "" = F:\autorun.exe 1302-II-2012.pdf
O33 - MountPoints2\{4a882d31-3103-11e0-8e70-0008c9b0bd1c}\Shell - "" = AutoRun
O33 - MountPoints2\{4a882d31-3103-11e0-8e70-0008c9b0bd1c}\Shell\AutoRun\command - "" = M:\Startme.exe
O33 - MountPoints2\{4d2c829d-3513-11e0-9d21-0008c9b0bd1c}\Shell - "" = AutoRun
O33 - MountPoints2\{4d2c829d-3513-11e0-9d21-0008c9b0bd1c}\Shell\AutoRun\command - "" = K:\Startme.exe
O33 - MountPoints2\{a3c04a3f-c91d-11de-ba83-000777640932}\Shell - "" = AutoRun
O33 - MountPoints2\{a3c04a3f-c91d-11de-ba83-000777640932}\Shell\AutoRun\command - "" = K:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.09.01 18:52:01 | 000,598,528 | ---- | C] (OldTimer Tools) -- C:\Users\Egid\Desktop\OTL.exe
[2012.08.31 21:44:13 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012.08.31 21:43:53 | 000,246,760 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2012.08.31 21:43:37 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2012.08.31 21:43:37 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2012.08.31 21:43:37 | 000,093,672 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2012.08.31 11:22:49 | 000,000,000 | ---D | C] -- C:\Program Files\Applian Technologies
[2012.08.28 11:17:28 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2012.08.15 23:38:57 | 000,000,000 | ---D | C] -- C:\Users\Egid\AppData\Roaming\Babylon
[2012.08.15 23:38:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon
[2012.08.15 23:38:55 | 000,000,000 | ---D | C] -- C:\Users\Egid\AppData\Roaming\YourFileDownloader
[2012.08.15 23:38:55 | 000,000,000 | ---D | C] -- C:\Program Files\YourFileDownloader
[2012.08.15 21:43:27 | 000,000,000 | ---D | C] -- C:\Users\Egid\AppData\Local\Pop Art Studio 6.2
[2012.08.15 21:40:23 | 000,000,000 | ---D | C] -- C:\Program Files\Pop Art Studio 6.2
[2012.08.15 13:35:01 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012.08.15 13:35:00 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012.08.15 13:35:00 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012.08.15 13:34:59 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012.08.15 13:34:59 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012.08.15 13:34:59 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012.08.15 13:34:58 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012.08.15 13:34:52 | 002,047,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012.08.10 11:37:42 | 000,000,000 | ---D | C] -- C:\Users\Egid\AppData\Local\LooksBuilder
[2012.03.13 16:13:18 | 001,531,392 | ---- | C] (Toshiba Samsung Storage Technology Corporation) -- C:\Users\Egid\AppData\Roaming\tsdnwin.dll
[2009.06.01 15:37:18 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\Egid\AppData\Roaming\pcouffin.sys
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.09.01 19:02:09 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.09.01 18:52:32 | 000,598,528 | ---- | M] (OldTimer Tools) -- C:\Users\Egid\Desktop\OTL.exe
[2012.09.01 18:48:27 | 000,002,701 | ---- | M] () -- C:\Users\Egid\Desktop\Microsoft Outlook 2010.lnk
[2012.09.01 18:17:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.09.01 17:16:25 | 000,000,336 | -H-- | M] () -- C:\Windows\tasks\DBH.C92D5951-5D12-4f6a-9D08-7D54596BD0C0.main.job
[2012.09.01 17:06:43 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.09.01 17:06:43 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.09.01 15:11:57 | 000,647,408 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.09.01 15:11:57 | 000,603,436 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.09.01 15:11:57 | 000,132,224 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.09.01 15:11:57 | 000,109,258 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.09.01 15:07:37 | 000,000,464 | ---- | M] () -- C:\Users\Egid\AppData\Roaming\SamsungLiveUpdateConfig.ini
[2012.09.01 15:06:47 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.09.01 15:06:45 | 000,000,324 | ---- | M] () -- C:\Windows\tasks\PCCT - MAGIX AG.job
[2012.09.01 15:06:41 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.09.01 15:06:36 | 3487,748,096 | -HS- | M] () -- C:\hiberfil.sys
[2012.09.01 11:10:40 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2012.08.31 23:12:57 | 000,148,992 | ---- | M] () -- C:\Users\Egid\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.08.31 21:43:29 | 000,093,672 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2012.08.31 21:43:28 | 000,821,736 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\npDeployJava1.dll
[2012.08.31 21:43:28 | 000,746,984 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\deployJava1.dll
[2012.08.31 21:43:28 | 000,246,760 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2012.08.31 21:43:28 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2012.08.31 21:43:28 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2012.08.31 21:16:42 | 000,001,356 | ---- | M] () -- C:\Users\Egid\AppData\Local\d3d9caps.dat
[2012.08.31 20:35:47 | 083,023,306 | ---- | M] () -- C:\ProgramData\nud0repor.pad
[2012.08.29 16:38:58 | 000,000,068 | -H-- | M] () -- C:\Users\Egid\Documents\PP11Thumbs.ptn2
[2012.08.25 14:27:00 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2012.08.20 23:05:00 | 005,008,141 | ---- | M] () -- C:\Users\Egid\Desktop\gang_1.JPG
[2012.08.20 23:05:00 | 005,005,869 | ---- | M] () -- C:\Users\Egid\Desktop\aula_1.JPG
[2012.08.20 23:05:00 | 004,982,682 | ---- | M] () -- C:\Users\Egid\Desktop\gang_2.JPG
[2012.08.20 19:36:22 | 000,001,843 | ---- | M] () -- C:\Users\Public\Desktop\Sony PC Companion 2.1.lnk
[2012.08.15 23:39:28 | 000,000,317 | ---- | M] () -- C:\user.js
[2012.08.15 21:40:34 | 000,002,016 | ---- | M] () -- C:\Users\Public\Desktop\Pop Art Studio 6.2.lnk
[2012.08.15 19:20:50 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012.08.15 19:20:50 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012.08.15 18:35:41 | 000,903,808 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.08.10 12:13:16 | 000,000,349 | ---- | M] () -- C:\Users\Public\Documents\PCLECHAL.INI
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.08.31 21:28:19 | 3487,748,096 | -HS- | C] () -- C:\hiberfil.sys
[2012.08.31 19:53:04 | 083,023,306 | ---- | C] () -- C:\ProgramData\nud0repor.pad
[2012.08.20 23:05:00 | 005,008,141 | ---- | C] () -- C:\Users\Egid\Desktop\gang_1.JPG
[2012.08.20 23:05:00 | 005,005,869 | ---- | C] () -- C:\Users\Egid\Desktop\aula_1.JPG
[2012.08.20 23:05:00 | 004,982,682 | ---- | C] () -- C:\Users\Egid\Desktop\gang_2.JPG
[2012.08.15 23:39:27 | 000,000,317 | ---- | C] () -- C:\user.js
[2012.08.15 21:40:34 | 000,002,016 | ---- | C] () -- C:\Users\Public\Desktop\Pop Art Studio 6.2.lnk
[2012.08.15 21:40:34 | 000,002,016 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pop Art Studio 6.2.lnk
[2012.03.13 15:56:30 | 000,000,464 | ---- | C] () -- C:\Users\Egid\AppData\Roaming\SamsungLiveUpdateConfig.ini
[2012.03.11 17:21:20 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2012.03.01 22:20:46 | 000,001,536 | -HS- | C] () -- C:\Users\Egid\PPMetaData.bin
[2012.03.01 18:46:11 | 000,000,816 | ---- | C] () -- C:\Windows\Brpfx04a.ini
[2012.03.01 18:46:11 | 000,000,159 | ---- | C] () -- C:\Windows\brpcfx.ini
[2012.03.01 18:42:11 | 000,000,066 | ---- | C] () -- C:\Windows\Brfaxrx.ini
[2012.03.01 18:42:10 | 000,000,000 | ---- | C] () -- C:\Windows\brdfxspd.dat
[2012.03.01 18:42:04 | 000,045,056 | ---- | C] () -- C:\Windows\System32\BRTCPCON.DLL
[2012.03.01 18:42:02 | 000,000,114 | ---- | C] () -- C:\Windows\System32\BRLMW03A.INI
[2012.03.01 18:42:01 | 000,000,050 | ---- | C] () -- C:\Windows\System32\BRADM10A.DAT
[2012.01.18 20:02:23 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll
[2011.12.05 16:54:11 | 000,060,304 | ---- | C] () -- C:\Users\Egid\g2mdlhlpx.exe
[2011.08.20 01:27:04 | 000,000,000 | ---- | C] () -- C:\Users\Egid\AppData\Local\{24537E77-A71A-4935-BDD1-D5D2E97AEF42}
[2011.08.20 01:25:05 | 000,000,000 | ---- | C] () -- C:\Users\Egid\AppData\Local\{4B136CBF-AD25-44AC-8FD6-D1B26BF30602}
[2011.08.03 13:21:58 | 004,077,568 | ---- | C] () -- C:\Windows\QLMGXRenderer.dll
[2011.07.30 16:56:12 | 000,407,103 | ---- | C] () -- C:\Users\Egid\DSC00035.jpg
[2011.07.19 16:15:57 | 046,116,864 | ---- | C] () -- C:\Users\Egid\GOND - 02.mpg
[2011.07.04 17:35:14 | 000,280,397 | ---- | C] () -- C:\Users\Egid\COrniKalender.cpr
[2011.06.22 18:50:46 | 000,000,000 | ---- | C] () -- C:\Users\Egid\AppData\Local\{44C6D06C-B400-416F-82B7-2EB5EE31E224}
[2011.06.22 18:48:45 | 000,000,000 | ---- | C] () -- C:\Users\Egid\AppData\Local\{8355DBDF-78FA-49CD-8774-0A4F942214DE}
[2011.06.04 01:39:14 | 000,160,379 | ---- | C] () -- C:\Windows\Sqirlz Morph Uninstaller.exe
[2011.04.23 10:34:18 | 000,077,166 | ---- | C] () -- C:\Users\Egid\DesktopMonsterMash5.JPG
[2011.02.05 16:54:56 | 000,038,425 | ---- | C] () -- C:\Users\Egid\AppData\Roaming\Kommagetrennte Werte (DOS).ADR
[2010.11.15 19:59:56 | 000,000,046 | ---- | C] () -- C:\Windows\Speed.INI
[2010.08.04 10:28:34 | 000,001,356 | ---- | C] () -- C:\Users\Egid\AppData\Local\d3d9caps.dat
[2010.02.19 11:20:39 | 000,000,909 | ---- | C] () -- C:\Users\Egid\eve2.ini
[2009.08.07 17:28:45 | 000,000,801 | ---- | C] () -- C:\Users\Egid\AppData\Local\RT2870_{560BD452-69EC-4EDB-A29A-717196D72941}_prof
[2009.07.08 20:22:46 | 000,027,043 | ---- | C] () -- C:\Users\Egid\AppData\Roaming\UserTile.png
[2009.06.23 16:34:58 | 000,033,017 | ---- | C] () -- C:\Users\Egid\jap.conf
[2009.06.05 15:45:13 | 000,000,976 | ---- | C] () -- C:\Users\Egid\AppData\Roaming\wklnhst.dat
[2009.06.01 15:37:18 | 000,087,608 | ---- | C] () -- C:\Users\Egid\AppData\Roaming\inst.exe
[2009.06.01 15:37:18 | 000,007,887 | ---- | C] () -- C:\Users\Egid\AppData\Roaming\pcouffin.cat
[2009.06.01 15:37:18 | 000,001,144 | ---- | C] () -- C:\Users\Egid\AppData\Roaming\pcouffin.inf
[2009.05.27 12:47:51 | 000,148,992 | ---- | C] () -- C:\Users\Egid\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 110 bytes -> C:\ProgramData\Temp:888AFB86

< End of report >
--- --- ---



OTL Logfile:
Code:
OTL Extras logfile created on: 01.09.2012 18:54:43 - Run 1
OTL by OldTimer - Version 3.2.59.1    Folder = C:\Users\Egid\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,25 Gb Total Physical Memory | 1,68 Gb Available Physical Memory | 51,81% Memory free
6,71 Gb Paging File | 5,09 Gb Available in Paging File | 75,87% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 462,64 Gb Total Space | 163,85 Gb Free Space | 35,42% Space Free | Partition Type: NTFS
Drive D: | 19,99 Gb Total Space | 1,85 Gb Free Space | 9,27% Space Free | Partition Type: FAT32
Drive E: | 448,87 Gb Total Space | 235,40 Gb Free Space | 52,44% Space Free | Partition Type: NTFS
Drive K: | 931,51 Gb Total Space | 93,45 Gb Free Space | 10,03% Space Free | Partition Type: NTFS
Drive N: | 1863,01 Gb Total Space | 565,66 Gb Free Space | 30,36% Space Free | Partition Type: NTFS
 
Computer Name: EGID-PC0509 | User Name: Egid | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-2098766894-1304471659-3782201599-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office 2007\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office 2007\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Fotoschau] -- "C:\Program Files\Pixum\Pixum EasyBook\Fotoschau.exe" -d "%1" ()
Directory [Pixum EasyBook] -- "C:\Program Files\Pixum\Pixum EasyBook\Pixum EasyBook.exe" "%1" ()
Directory [Pixum Fotobuch] -- "C:\Program Files\Pixum\Pixum EasyBook\Pixum Fotobuch.exe" "%1" ()
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00FC8807-95CA-4FAF-A9A2-C9E25666D59A}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office 2007\office14\outlook.exe |
"{042FB088-06B4-48C0-8B0F-A70BC071975F}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{08770AA8-38BD-4D5A-830C-BDB2A56BD62A}" = rport=5722 | protocol=6 | dir=out | svc=dfsr | app=%systemroot%\system32\dfsr.exe |
"{0CFCF193-F04F-4B37-BF7A-65E59FF45106}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{0DAA3D22-CDBA-4888-8208-401082516196}" = rport=137 | protocol=17 | dir=out | app=system |
"{15C78C88-E310-4F83-B575-003354F314E6}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{1F3F9385-C11C-4FF7-9BD5-6CDDF5796593}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{1FAE400C-F83B-4E94-84FF-67E8736AE13D}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{2512B013-D717-4833-8288-A791B9EE5010}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{296DF532-6401-45CE-B25C-34B93A2BE082}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\p2phost.exe |
"{2BE4D513-223F-4608-8771-AF75E92311F9}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{2E655BED-420F-4754-A694-348257E59964}" = lport=5357 | protocol=6 | dir=in | app=system |
"{317871A6-FD59-4624-AB4B-1B55B1F2F3CB}" = rport=138 | protocol=17 | dir=out | app=system |
"{32441F37-050E-45EC-ACC0-4361ADB10562}" = lport=3540 | protocol=17 | dir=in | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe |
"{367AB72E-82F4-4C79-8FD8-EE0323B5265B}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{3B8FEF5B-9986-47B9-A145-CD254F9A8EB9}" = rport=5357 | protocol=6 | dir=out | app=system |
"{4F216140-07F5-4235-96D5-FEEAC276F30B}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\p2phost.exe |
"{4FFC586E-3D50-4DDD-BB57-1ED45F31486F}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{543E9D1B-FFD6-4729-8320-2082C5C800EB}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{56696065-60CE-4100-BBC1-68EBE5C1C3B0}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{59244433-ABD0-4549-8394-E9490AD3788B}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\netproj.exe |
"{6CFC2EA9-734F-4B37-BCFD-86D725B39A8F}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\p2phost.exe |
"{73247DFD-F161-4782-87F7-FA68B2624306}" = rport=5358 | protocol=6 | dir=out | app=system |
"{75A808AF-5DC3-4FE7-98A6-DE1F7AB192FD}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{81CCE84F-4D83-41A3-B148-9A3FFA87B9C5}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{82DB4B2A-3EDE-4DD4-BA96-12C9C07C4316}" = rport=139 | protocol=6 | dir=out | app=system |
"{85088707-DD0E-435F-9BCF-16D7497DC9E9}" = lport=2869 | protocol=6 | dir=in | app=system |
"{85FADAEA-5A46-4C1B-84A7-B6AB0A86DF26}" = lport=3540 | protocol=17 | dir=in | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe |
"{8B6963DD-F188-4C3B-A978-AE7A1369BFEF}" = rport=3540 | protocol=17 | dir=out | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe |
"{8C2D2959-8D83-4090-8685-AE862D1DF0EE}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{940D77A9-ADAC-4A00-BBE6-090B71B8971E}" = lport=138 | protocol=17 | dir=in | app=system |
"{978745AA-9C9A-4789-9B9C-1404542673B4}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{9B9787BD-594C-4372-8B18-97DE94FB45A4}" = lport=139 | protocol=6 | dir=in | app=system |
"{9FC0399B-88EF-4D7E-9EF2-96D06D3F52DA}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{A3BCFB50-F896-4120-B765-33A401EBB32F}" = rport=2869 | protocol=6 | dir=out | app=system |
"{AAADA4DD-E54C-4EA9-A186-397FEFB8B16E}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\p2phost.exe |
"{AB8F899D-450B-42DF-A34A-28E3B88E54C1}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\netproj.exe |
"{B1890496-781F-40CF-B399-1295DA48BCCA}" = lport=445 | protocol=6 | dir=in | app=system |
"{B3C9AE64-D71C-43C7-9F58-7A140A8DCFE2}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{B4914F46-90C1-4263-B4F8-BAA163561617}" = lport=5722 | protocol=6 | dir=in | svc=dfsr | app=%systemroot%\system32\dfsr.exe |
"{B7B95D8F-A7D7-49EF-9292-6913B161AD51}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{BC6EFF68-2AB0-4273-A3D5-688E94A32AB3}" = rport=3540 | protocol=17 | dir=out | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe |
"{BC73157C-03AF-4BF1-8DD7-497D02046226}" = lport=3587 | protocol=6 | dir=in | svc=p2psvc | app=%systemroot%\system32\svchost.exe |
"{C3927D80-FFD0-4A87-B705-DF4EEED25D90}" = lport=2869 | protocol=6 | dir=in | app=system |
"{C6134382-1309-4CC9-B8BC-8F01B0BD52A5}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\netproj.exe |
"{D08C7945-325D-43A5-9DF9-087A2DC56048}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{D2DD9EF9-1F4B-4D02-8C97-4DDF32C2C79C}" = lport=137 | protocol=17 | dir=in | app=system |
"{D95735FC-5198-4536-874D-F3C3C5403EF8}" = lport=5358 | protocol=6 | dir=in | app=system |
"{D9BC79EE-5EA0-4007-AA4C-D7BFFFA0AB15}" = rport=3587 | protocol=6 | dir=out | svc=p2psvc | app=%systemroot%\system32\svchost.exe |
"{D9CBDF6F-15D5-4B53-BAE2-711C6C100E91}" = lport=5722 | protocol=6 | dir=in | svc=dfsr | app=%systemroot%\system32\dfsr.exe |
"{DBD6E789-BF12-43A7-A0A6-F3D357EBAC1A}" = rport=445 | protocol=6 | dir=out | app=system |
"{E395534D-8565-4565-B55D-06655971EC75}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{E439110F-B254-45BF-AD0E-84213B13D128}" = lport=3587 | protocol=6 | dir=in | svc=p2psvc | app=%systemroot%\system32\svchost.exe |
"{E580841E-5CA1-47F4-9AD3-8CD23AD77966}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{EDBDE5D3-35B6-4513-BEEF-17FB7B0AFA2E}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\netproj.exe |
"{F4BC5A67-F358-4F36-B36D-A9F65338D78F}" = rport=3587 | protocol=6 | dir=out | svc=p2psvc | app=%systemroot%\system32\svchost.exe |
"{F98A99BF-0880-41D4-9BFB-1776BCA39A3F}" = rport=5722 | protocol=6 | dir=out | svc=dfsr | app=%systemroot%\system32\dfsr.exe |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03D60D05-EBAB-4A15-A5A3-069CC86F2092}" = protocol=6 | dir=in | app=%systemroot%\system32\p2phost.exe |
"{071DE1CA-B5F9-45B1-AD02-3D74EB07B49B}" = protocol=17 | dir=in | app=c:\program files\terratec\terratec home cinema\cinergydvr.exe |
"{0765B742-55A1-4E70-882D-D34D00A280C3}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{0799E2D1-6549-42E5-A9A3-20C317C240C0}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{0B00ACF0-57AC-47F5-8A90-1FD09AA5A469}" = protocol=6 | dir=out | app=%systemroot%\system32\netproj.exe |
"{0F10AEFD-0C26-4D6A-9035-AD254F4A69AA}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{157F3C4D-CCAB-4B9B-B34B-A2B384C01F9D}" = protocol=17 | dir=out | app=%programfiles%\windows collaboration\wincollab.exe |
"{191547AD-2F3E-43A6-8EB0-0C3EF9FD48F7}" = protocol=6 | dir=in | app=c:\program files\pinnacle\studio 11\programs\pmsregisterfile.exe |
"{196FD7E4-1C87-477B-9DAB-1FD6EAD5B48D}" = protocol=17 | dir=in | app=c:\program files\icq7.7\icq.exe |
"{23148D76-5BB3-442B-863F-91F0560D65CD}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{275C990C-2946-4E71-AC14-994E00FB77F8}" = protocol=6 | dir=in | app=c:\program files\pinnacle\studio 12\programs\rm.exe |
"{2B79B2F7-370A-4A02-9281-BFA647701B82}" = protocol=6 | dir=in | app=c:\program files\icq7.7\icq.exe |
"{2E97A291-8D1E-499F-9681-11E0EADE1AC4}" = protocol=17 | dir=in | app=c:\program files\icq7.7\icq.exe |
"{31A7D2A7-BF4D-490F-B48E-E3F0BBE351C0}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{337F9517-FD46-4514-8438-A4DD573FF238}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{34BB2BAE-4BC7-4CAC-BB3A-CF442EBB70DB}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{36D4DAE7-FD56-4F82-80D6-71F8A139D5E3}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{378EAF9E-E148-4EC2-B40F-2292D38C90E8}" = protocol=6 | dir=in | app=c:\program files\icq7.7\icq.exe |
"{38EC47D9-7D59-46D3-89C2-3D115F380804}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{3A67C064-6210-4DBD-8205-053F04F8DEF9}" = protocol=6 | dir=in | app=c:\program files\microsoft office 2007\office14\onenote.exe |
"{3AC3B890-C269-4834-8AD0-2F3999DB0D5A}" = protocol=6 | dir=in | app=c:\users\egid\appdata\local\temp\{b121714a-cb14-4518-8288-872148dff06c}\{63b9bab5-f36a-4a3b-9e5c-68a7f212bfb9}\insttool.exe |
"{3D8FCD8E-4D5E-41AA-91C8-0F01C6288C45}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{3FF31D11-2763-42D5-A306-94BBFEF9F6CC}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{425BB387-D53C-4895-BEB2-5A58E6695377}" = protocol=6 | dir=in | app=%programfiles%\windows collaboration\wincollab.exe |
"{44E3F3DA-D2F3-46F4-954A-4CD56F505E7E}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{493B1211-FC9A-42CA-BAC8-0F2C4A8454BE}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{49A1F62C-5993-4B52-BE28-CB8A90AA6CD8}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{502E3F26-A00C-489F-A176-3BED23D3D66C}" = protocol=17 | dir=in | app=c:\program files\pinnacle\studio 11\programs\studio.exe |
"{5880CA80-7F3F-4810-9C17-24BC5119CA2B}" = protocol=6 | dir=in | app=c:\program files\pinnacle\studio 11\programs\studio.exe |
"{5922012F-606C-4CC0-9B60-31B80FC49AD1}" = protocol=17 | dir=in | app=c:\program files\sony ericsson\update engine\sony ericsson update engine.exe |
"{597D03B1-3876-4222-B0E1-408A84B84F1C}" = protocol=17 | dir=in | app=c:\program files\pinnacle\studio 11\programs\pmsregisterfile.exe |
"{5B46585A-C0E7-4CCB-82FE-0B402D6E2D8A}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{5E3EE684-E60F-4A6E-8E76-1FDBFB4506F8}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 |
"{5FC076B6-1988-493D-844D-C7A47E66BAD1}" = protocol=6 | dir=in | app=c:\program files\pinnacle\studio 11\programs\rm.exe |
"{603DA18F-01DB-46A2-BCAE-E1A0DC79FEC4}" = protocol=17 | dir=in | app=c:\users\egid\appdata\local\temp\{b121714a-cb14-4518-8288-872148dff06c}\{63b9bab5-f36a-4a3b-9e5c-68a7f212bfb9}\insttool.exe |
"{61230D2A-7ED3-4140-A595-45B892792E72}" = protocol=17 | dir=in | app=c:\program files\pinnacle\studio 12\programs\umi.exe |
"{6CA20E6B-AC06-4C76-AFB8-E42E98FBCD65}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{6F58F852-0EBD-461A-96B7-F15BA69C7B64}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{74BDCDFD-4E32-4C73-BBE7-FE171660CB0B}" = protocol=6 | dir=out | app=%systemroot%\system32\p2phost.exe |
"{74C31217-AEA6-4C6A-9155-2969F81D5D8E}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{75A692F1-6A28-40FA-B8B6-5F6DB408A5ED}" = protocol=17 | dir=out | app=%programfiles%\windows collaboration\wincollab.exe |
"{7A12AA9B-95CE-4EB4-9B79-85B8A77362D8}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{7B6E2F98-207E-41C4-B621-783CFADD9EB1}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{7D8EFDC4-68D1-465D-8738-FC89DAAB1AB6}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{805D2BE8-6B70-4F2C-8EBB-2DE85AC08D78}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{844444AA-08CA-4B8C-83A7-3777436AB560}" = protocol=17 | dir=in | app=c:\program files\pinnacle\studio 11\programs\umi.exe |
"{847DA146-EDA5-4354-B995-CC6E4F56475C}" = protocol=17 | dir=in | app=c:\program files\terratec\terratec home cinema\tvtvsetup\tvtv_wizard.exe |
"{8C3B0297-AF48-48E6-887C-83812543E26C}" = protocol=17 | dir=in | app=c:\program files\pinnacle\studio 12\programs\rm.exe |
"{8E863BF9-F7A4-4063-B36D-027BE5D3907B}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{911C15CC-FEC8-42B6-8BDB-367CAF2D5EB9}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{94CA47A8-9A41-4E41-BDC1-8E39C529C518}" = protocol=6 | dir=in | app=c:\program files\icq7.7\icq.exe |
"{9EA3979B-69C8-4982-B550-035AFFE9F8A0}" = protocol=6 | dir=out | app=%programfiles%\windows collaboration\wincollab.exe |
"{A61AA807-6A45-4265-837B-E8C7C7F18BB3}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{A9224B03-C6FE-435F-B6C5-3F13978869E3}" = protocol=6 | dir=in | app=c:\program files\pinnacle\studio 12\programs\studio.exe |
"{AE998515-806E-482E-9145-C388F566331F}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{AF001D10-8BD2-45C0-9451-7734953D3F19}" = protocol=6 | dir=in | app=c:\program files\pinnacle\studio 12\programs\umi.exe |
"{AF1CC9B9-9353-4E82-A750-A349DCB5E556}" = protocol=17 | dir=in | app=c:\program files\yourfiledownloader\downloader.exe |
"{AF27D8BA-FE72-4DDE-95AF-59CDD64EA7BD}" = protocol=17 | dir=in | app=c:\program files\yourfiledownloader\yourfile.exe |
"{B4637204-2552-493B-95B4-F533B43CA3AD}" = protocol=17 | dir=in | app=%programfiles%\windows collaboration\wincollab.exe |
"{B9A4CFCB-CBEF-48FE-8D9D-3FE153A28E0F}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{BDA30BF2-C41B-43AB-98ED-F5E0CEBCFB9F}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{BDA3DB0D-06AC-4CF1-91B7-844558FAD586}" = dir=in | app=c:\program files\homecinema\powerdvd9\powerdvd9.exe |
"{C6A32003-0499-4471-B338-349E4D430582}" = protocol=17 | dir=in | app=c:\program files\icq7.7\icq.exe |
"{C6CD18E8-773D-44A4-8B11-7D00E05AC930}" = protocol=6 | dir=out | app=%programfiles%\windows collaboration\wincollab.exe |
"{C6EB1591-5865-4589-89C2-E3915E42F284}" = dir=in | app=c:\program files\homecinema\powerdirector\pdr.exe |
"{C91BDFA9-B17F-4E8A-B531-BDFDDA2D1592}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{CA4391D3-B733-4898-AC58-AE726DED34B2}" = protocol=6 | dir=in | app=c:\program files\terratec\terratec home cinema\tvtvsetup\tvtv_wizard.exe |
"{CAE3D73F-8A37-4AC9-B875-2BBA95FDA8F6}" = dir=in | app=c:\program files\homecinema\powerdvd9\powerdvd cinema\powerdvdcinema.exe |
"{CF15653E-78A4-4F27-994D-3AC461E0547E}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{D1D4AC82-5FEC-4104-9F12-E7D0C7F41866}" = protocol=17 | dir=in | app=c:\program files\microsoft office 2007\office14\onenote.exe |
"{D3696A30-A31A-4AC9-B176-BC1E1AFB5543}" = protocol=6 | dir=in | app=c:\program files\yourfiledownloader\yourfile.exe |
"{D58C25CC-E8A6-46CB-93D2-9D1843516B9F}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{DA579214-1BEB-4EF0-AFDC-BCD9916A2ABD}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{DB4DD889-9965-4145-8D46-DC4B67C83FEC}" = protocol=17 | dir=in | app=c:\program files\pinnacle\studio 11\programs\rm.exe |
"{E12C8ED5-276E-4658-AA47-75B4AFCEE5F9}" = protocol=17 | dir=in | app=%programfiles%\windows collaboration\wincollab.exe |
"{E4B11751-2DC1-4379-81B9-0040FA1E5D26}" = protocol=6 | dir=out | app=%systemroot%\system32\p2phost.exe |
"{EA9F67EB-C877-47CB-8EA5-D43896B887E0}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{EAB47393-7450-41F2-9433-1C8DB39A14BE}" = protocol=6 | dir=in | app=c:\program files\terratec\terratec home cinema\cinergydvr.exe |
"{EBF5BABA-EFAE-48D9-8683-156691D8ACB7}" = protocol=6 | dir=in | app=c:\program files\pinnacle\studio 11\programs\umi.exe |
"{EC3F2042-271B-494D-B66E-59E2D16C405F}" = protocol=6 | dir=in | app=%programfiles%\windows collaboration\wincollab.exe |
"{EDCE2816-25CD-4386-BB32-92ACDFCC221F}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{F2EC6BB6-1260-4E2C-90FA-E3EBB2AB3D1F}" = protocol=6 | dir=in | app=%systemroot%\system32\p2phost.exe |
"{F47DDFCF-2ECC-445B-9904-F1D9981CD181}" = protocol=6 | dir=in | app=c:\program files\yourfiledownloader\downloader.exe |
"{F907EA9D-0678-4A37-B120-32190D039CB7}" = protocol=6 | dir=in | app=c:\program files\sony ericsson\update engine\sony ericsson update engine.exe |
"{F9666C09-38DB-4643-97C7-37D953B555B3}" = protocol=17 | dir=in | app=c:\program files\pinnacle\studio 12\programs\studio.exe |
"{FB3F7550-A9D1-4659-A078-4E66DEA7506F}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{FEF4C7FC-B5F5-4850-A512-D7E0DC7B2E70}" = protocol=6 | dir=in | app=%systemroot%\system32\netproj.exe |
"TCP Query User{0102BB09-C6A3-4888-A469-C845E1088414}C:\program files\terratec\terratec home cinema\versioncheck\versioncheck.exe" = protocol=6 | dir=in | app=c:\program files\terratec\terratec home cinema\versioncheck\versioncheck.exe |
"TCP Query User{2B5AA364-6D88-47C6-8327-7E730763D8C5}C:\program files\free download manager\fdm.exe" = protocol=6 | dir=in | app=c:\program files\free download manager\fdm.exe |
"TCP Query User{3AA25234-4AF8-4815-A23D-3B63A0277CC9}C:\program files\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
"TCP Query User{6E3547E7-1DE6-4A06-BFA0-B53CAC49D69C}C:\program files\dvbviewerte\skystarir.exe" = protocol=6 | dir=in | app=c:\program files\dvbviewerte\skystarir.exe |
"TCP Query User{7579038F-FC85-4647-BF45-D5620F9CC430}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"TCP Query User{81D8FE82-D890-43D1-85F0-9DE7BBF35AFD}C:\program files\zattoo\zattoo2.exe" = protocol=6 | dir=in | app=c:\program files\zattoo\zattoo2.exe |
"TCP Query User{9C8FFAA6-2775-489D-9971-694DB02D4D67}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{A534C6D8-22EA-4669-BD57-53200A5010A1}C:\program files\zattoo\zattood.exe" = protocol=6 | dir=in | app=c:\program files\zattoo\zattood.exe |
"TCP Query User{D75CCB1C-68F8-45E5-94C8-013A224BC89D}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"TCP Query User{EB6A0498-A645-451C-A697-1564E38FD538}C:\users\egid\temp\teamviewer3\teamviewer.exe" = protocol=6 | dir=in | app=c:\users\egid\temp\teamviewer3\teamviewer.exe |
"TCP Query User{F931BDD9-5EA8-485F-88AD-F3375A8A3A91}C:\program files\pinnacle\studio 11\programs\studio.exe" = protocol=6 | dir=in | app=c:\program files\pinnacle\studio 11\programs\studio.exe |
"UDP Query User{17EB1DDE-34DF-42D0-A02E-D3F53B22CBEA}C:\program files\free download manager\fdm.exe" = protocol=17 | dir=in | app=c:\program files\free download manager\fdm.exe |
"UDP Query User{18137B51-0302-490F-ACF1-B8F76AA5B634}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{1C757139-9718-460C-8949-229364D06AA7}C:\program files\zattoo\zattood.exe" = protocol=17 | dir=in | app=c:\program files\zattoo\zattood.exe |
"UDP Query User{21A3AC4B-437B-41E1-B913-33C7E9CEE352}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"UDP Query User{4257B3F6-9783-4C3F-B4AC-E5553F9DC020}C:\users\egid\temp\teamviewer3\teamviewer.exe" = protocol=17 | dir=in | app=c:\users\egid\temp\teamviewer3\teamviewer.exe |
"UDP Query User{426B51CF-B847-427C-94F1-F152EFB26E12}C:\program files\dvbviewerte\skystarir.exe" = protocol=17 | dir=in | app=c:\program files\dvbviewerte\skystarir.exe |
"UDP Query User{53957FCF-241C-4DEC-AD89-DE1360DEBA95}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"UDP Query User{AF4522CB-7AB8-4C30-B78D-AB41E6DA7CCC}C:\program files\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
"UDP Query User{BD86568A-700A-4D4C-A996-56BBEBAB4CCD}C:\program files\pinnacle\studio 11\programs\studio.exe" = protocol=17 | dir=in | app=c:\program files\pinnacle\studio 11\programs\studio.exe |
"UDP Query User{D7F55BD8-2949-4FE4-BD85-84C38D1D177B}C:\program files\terratec\terratec home cinema\versioncheck\versioncheck.exe" = protocol=17 | dir=in | app=c:\program files\terratec\terratec home cinema\versioncheck\versioncheck.exe |
"UDP Query User{F102DFBC-4030-4C05-8059-FFCF395A1251}C:\program files\zattoo\zattoo2.exe" = protocol=17 | dir=in | app=c:\program files\zattoo\zattoo2.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{ADDBE07D-95B8-4789-9C76-187FFF9624B4}" = CorelDRAW Essential Edition 3
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{02B244A2-7F6A-42E8-A36F-8C385D7A1625}" = Gothic III
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{059A00AC-1205-423C-91C7-7E6168D804DA}" = MainConcept DTV Decoder Standard
"{068724F8-D8BE-4B43-8DDD-B9FE9E49FD76}" = Scansoft PDF Professional
"{0766C1B9-B2DC-46E5-8934-4F3D6B42B1BD}" = ICQ Sparberater
"{08BE0A17-0AB8-4B0C-88E2-EB1B4977A511}" = Lernwerkstatt 8
"{0A07E5D2-DAFB-42A9-8927-05C5F8E35F1A}" = Serif PagePlus 11
"{0C63E1C5-3F20-4453-9822-83040C3AD1BD}" = Synchronizer
"{0DEA342C-15CB-4F52-97B6-06A9C4B9C06F}" = SDK
"{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}" = PlayStation(R)Store
"{110B1ADF-2EAE-4E8F-B501-D2A1E6D8ED9D}" = Studio 11
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{11F5D779-7BD9-465A-BBC4-10701386BCB9}" = FW LiveUpdate
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{134007CC-7026-46C2-B46F-40D9FD2AF385}" = Technisat DVB-VC80 Redistributable Modules
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{1883A84D-94AA-432C-9519-FA31B6B118B9}" = forteManager
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1E1DFF42-2EE8-4852-A7AB-C5174321D68F}" = Paragon Backup & Recovery™ 10 Suite
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 7
"{28656860-4728-433C-8AD4-D1A930437BC8}" = Nuance PDF Viewer Plus
"{2E718C8B-F270-4B72-8D92-32707E232B1C}" = MAGIX Guitar Backing Maker
"{2F952048-3220-4AC7-A206-D01EFC774BB2}" = Studio 11
"{33cdd03e-1ab1-4918-9e7d-088c0387c233}" = Nero 9 Essentials
"{37327654-EBF7-410C-9161-C24D68E02753}" = Xacti Screen Capture 1.1
"{37F79692-6F8A-487E-BF5A-A1E3227D9830}" = HFX Volume 2
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3ACC4600-1D54-4484-9484-AF9BD4DB262C}" = MAGIX Video deluxe MX Plus
"{3ACCCFB3-7B17-4E9F-ACB0-46868FCD4487}" = Brother MFL-Pro Suite MFC-7360N
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{40B3D357-96DE-4889-A8F4-C533A39E3608}" = CrazyTalk v4.6 Messenger
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{42442CA9-90E6-4011-BB55-7C263F6D5EC1}" = BIAS SoundSoap PE 2.1
"{45A1BF92-700A-4408-B95E-79F462E3D67D}" = Studio 11 Bonus DVD
"{468B359F-BAEF-466F-BB82-5EDEA1D8B2FB}" = HFX Volume 1
"{4807B2A8-B986-4059-90EF-592995FF8987}" = MAGIX Video Pro X3
"{485DF5E7-8379-4BFA-BAE1-9B8DBFE0D6B4}" = Paragon Drive Backup™ 9 Professional
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A9849CA-E11C-4F24-8BB1-97C717A1C898}" = LightScribe System Software
"{4AB8B41B-3AF1-46BE-99B0-0ACD3B300C0A}" = Junk Mail filter update
"{4D43D635-6FDA-4fa5-AA9B-23CF73D058EA}" = Nero StartSmart OEM
"{505AFDC0-5E72-4928-8368-5DEA385E3647}" = CorelDRAW Graphics Suite 12
"{520CD4F0-9DAC-4C5C-8CA1-D0210CFF6062}" = Media Go
"{561BA752-EC65-4B50-A9C0-9C8A618B2873}" = Samplitude Music Studio MX
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5791B7D3-8B34-4218-9750-6A8E45D0AD32}" = pdfforge Toolbar v1.1.2
"{5A166C0B-9557-4364-A057-F946D674E6AC}" = Windows Live Mail
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5BD4122B-DF26-4FED-9BC6-D1B355BB6804}" = Eve v2
"{5C81B189-5456-40C4-9313-7FE6FA6DD64C}" = Office-Bibliothek
"{5EB90C06-964F-4195-B83E-BD7E55C88415}" = Pinnacle Video Treiber
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5F65ECEE-EB1D-4C85-8D8C-9C7CE2DBB1D6}" = Karte Europa
"{60CE924D-12CB-4A96-8B75-18F92CE1D585}" = CrazyTalk v6.2 PRO
"{63B9BAB5-F36A-4A3B-9E5C-68A7F212BFB9}" = TerraTec Home Cinema
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6B96DADA-1A27-4A04-8CB2-CC45168D05FA}" = Windows Live Fotogalerie
"{6C0A559F-8583-4B5A-8B50-20BEE15D8E64}" = Nuance PaperPort 12
"{6C5F8503-55D2-4398-858C-362B7A7AF51C}" = Firebird SQL Server - MAGIX Edition
"{6EF2FDAB-7FBF-4AB9-92CD-594BDDB6A56B}" = PaperPort Image Printer
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7655E113-C306-11D9-A373-0050BAE317E1}" = MCE Software Encoder 1.1
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7748ac8c-18e3-43bb-959b-088faea16fb2}" = Nero StartSmart
"{77F665FD-3F60-4B0A-AE14-EC124B7A7FCE}" = ICQ7.7
"{7B3F0113-E63C-4D6D-AF19-111A3165CCA2}" = Text-To-Speech-Runtime
"{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"{81821BF8-DA20-4F8C-AA87-F70A274828D4}" = Windows Live Writer
"{835686C5-8650-49EB-8CA0-4528B4035495}" = Windows Live Call
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{837B6259-6FF5-4E66-87C1-A5A15ED36FF4}" = Windows Live Messenger
"{83E2CFA9-E0EB-4E08-9F85-43E577FF3D60}" = Windows Live Anmelde-Assistent
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C1E2925-14F8-45AA-B999-1E2A74BF5607}" = Windows Live Sync
"{8C20787A-7402-4FA7-BF25-6E5750930FDC}" = PowerDVD
"{8EF276E0-1D97-4B9D-BB29-013165F567CA}" = MAGIX Video deluxe 17 Premium
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.SingleImage_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.SingleImage_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.SingleImage_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{904CCF62-818D-4675-BC76-D37EB399F917}" = Windows Mobile-Gerätecenter
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager
"{928F7AD1-3F55-46EB-BCAB-8FE77283705F}" = MAGIX Speed burnR (MSI)
"{943D1EE8-C9C2-47B2-847A-FDF64C80CDE7}" = Xara Designer Pro 7
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9FE67144-F235-4FAB-8E0E-1C04D724B2CE}" = Studio Premium Pack 1
"{A062A15F-9CAC-4B88-98DF-87628A0BD721}" = Corel MediaOne
"{A334F1BA-0A1D-4ED6-B4F9-4066157CA15D}" = DE
"{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC64C316-5914-4741-84C4-CC4A2729544D}" = Digieffects Phenomena Particle Effects
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{ADDBE07D-95B8-4789-9C76-187FFF9624B4}" = CorelDRAW Essential Edition 3
"{AE8CD487-C865-433E-A8CF-6FA7961E690F}" = MAGIX Screenshare
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B2CF1869-8727-4F9C-BA7D-807CA9F7C528}" = Magic Bullet Quick Looks (for MAGIX)
"{b2ec4a38-b545-4a00-8214-13fe0e915e6d}" = Advertising Center
"{B6659DD8-00A7-4A24-BBFB-C1F6982E5D66}" = PlayStation(R)Network Downloader
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"{B7E2A724-2774-4AC2-9F0A-B58C7319B6E6}" = Sony Vegas Pro 8.0
"{BAC80EF3-E106-4AEA-8C57-F217F9BC7358}" = Microsoft SQL Server 2005 Compact Edition [DEU]
"{bd5ca0da-71ad-43da-b19e-6eee0c9adc9a}" = Nero ControlCenter
"{BF962E1B-D17A-4713-A100-6531A132D83D}_is1" = Foto-Mosaik-Edda 5.5.0
"{C1212AE3-DBB9-4365-8473-F8ABC7B06BBB}" = Pinnacle Instant DVD Recorder
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser
"{C772B18A-FA66-481A-B546-62550C106467}" = Pop Art Studio 6.2
"{C9A19950-2341-4BA8-8CBD-E9DBF097D638}" = MAGIX Slideshow Maker 2
"{CA9B76C4-4E1F-4946-80B1-9E5E8886D7AE}" = Studio Premium Pack 2
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"{CC874CBB-BD87-4126-9465-AE73BB62D6E0}" = Studio Ultimate
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D032A7F0-8B5C-4603-8B46-235025D5F9C1}" = TechniSat DVB-PC TV Star
"{D041EB9E-890A-4098-8F94-51DA194AC72A}" = Pinnacle Studio 12
"{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow
"{D5068583-D569-468B-9755-5FBF5848F46F}" = Sony Picture Utility
"{D7F96308-7721-4D4F-B3EB-E3623CB9FF36}" = MAGIX Video Pro X4
"{dba84796-8503-4ff0-af57-1747dd9a166d}" = Nero Online Upgrade
"{DD1865F0-AD73-40FB-B23E-1822E02396FF}" = NVIDIA PhysX
"{DF5F687F-8018-4542-9F98-7084E9022917}" = Windows Live Essentials
"{E3D04529-6EDB-11D8-A372-0050BAE317E1}" = CyberLink PowerDVD Copy
"{E7044E25-3038-4A76-9064-344AC038043E}" = Windows Mobile-Gerätecenter: Treiberupdate
"{e8a80433-302b-4ff1-815d-fcc8eac482ff}" = Nero Installer
"{E91E8912-769D-42F0-8408-0E329443BABC}" = Ralink Wireless LAN
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{EF781A5C-58F5-4BFD-87F9-E4F14D382F25}" = Pinnacle Instant DVD Recorder
"{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}" = Sony PC Companion 2.10.094
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F155045F-ED68-473B-822C-8EDE83BA9626}" = ArcSoft Panorama Maker 4
"{F1EDF79D-5F1E-4E49-9E01-4C2EE56C24BA}" = Marco Polo Mobile Navigator 3
"{F428D0FB-765D-40EB-BDD8-A1E7F5C597FA}" = Update Manager
"{F69E83CF-B440-43F8-89E6-6EA80712109B}" = Windows Live Communications Platform
"{F9AEEC34-CF00-4CBD-9E36-DF9DC4002685}" = Yahoo! Desktop Login
"99_is1" = Jawbreaker
"Adobe Acrobat 5.0" = Adobe Acrobat 5.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"AlbumShaper_2.1" = Album Shaper 2.1
"ALDI Bestellsoftware" = ALDI Bestellsoftware 4.9
"AlphaMagic Gradients for Hollywood FX PRO" = AlphaMagic Gradients for Hollywood FX PRO
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9
"Avira AntiVir Desktop" = Avira Free Antivirus
"AVMWLANCLI" = AVM FRITZ!WLAN
"Bayerische Druckschriften_is1" = Bayerische Druckschriften (2.0)
"Cartoonist_is1" = Cartoonist 1.3
"CCleaner" = CCleaner
"CDex" = CDex extraction audio
"Cinergy T USB XXS" = Cinergy T USB XXS V2.03.02.12
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup.divx.com" = DivX-Setup
"DVBViewer_is1" = DVBViewer Technisat Edition
"DVDFab 6_is1" = DVDFab 6.0.4.0 (28/07/2009)
"DVDVideoSoft Toolbar" = DVDVideoSoft Toolbar
"facemoods" = Facemoods Toolbar
"FairStars Audio Converter_is1" = FairStars Audio Converter 1.46
"FastStone Capture" = FastStone Capture 5.3
"FLV Player" = FLV Player 2.0 (build 25)
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.7
"Free Download Manager_is1" = Free Download Manager 3.0
"Free FLV Converter_is1" = Free FLV Converter V 6.93.0
"Free Video to Mp3 Converter_is1" = Free Video to Mp3 Converter version 3.1
"Free YouTube Download_is1" = Free YouTube Download 2.3
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.8.815
"Freemake Video Converter_is1" = Freemake Video Converter Version 3.0.0
"FRITZ! 2.0" = AVM FRITZ!
"Google Updater" = Google Updater
"GreenBox_is1" = GreenBox 1.0
"Guard.Mail.ru" = Guard.ICQ
"Guitar Pro 5_is1" = Guitar Pro 5.2
"Hollywood FX 5" = Pinnacle Hollywood FX 5
"Indeo® Software" = Indeo® Software
"InstallShield_{08BE0A17-0AB8-4B0C-88E2-EB1B4977A511}" = Lernwerkstatt 8
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{5BD4122B-DF26-4FED-9BC6-D1B355BB6804}" = Eve v2
"InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"InstallShield_{8C20787A-7402-4FA7-BF25-6E5750930FDC}" = PowerDVD
"InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow
"JAP" = JAP
"Kartenspiele I" = Kartenspiele I
"LastFM_is1" = Last.fm 1.5.4.27091
"lgx4.lgx.server" = G DATA Logox4 Speechengine
"MAGIX 3D Maker D" = MAGIX 3D Maker (embeded)
"MAGIX FunPix Maker D" = MAGIX FunPix Maker 1.0.0.0 (D)
"MAGIX Goya burnR D" = MAGIX Goya burnR (D)
"MAGIX Music Cleaning Lab 15 deluxe D" = MAGIX Music Cleaning Lab 15 deluxe 10.0.2.0 (D)
"MAGIX Music Maker 16 Premium D" = MAGIX Music Maker 16 Premium
"MAGIX PC Check & Tuning 2010 D" = MAGIX PC Check & Tuning 2010 5.0.11.687 (D)
"MAGIX Screenshare D" = MAGIX Screenshare
"MAGIX Speed burnR D" = MAGIX Speed burnR
"MAGIX Video deluxe 16 Premium D" = MAGIX Video deluxe 16 Premium 9.0.0.54 (D)
"MAGIX Video deluxe 2007 PLUS D" = MAGIX Video deluxe 2007 PLUS (D)
"MAGIX_{561BA752-EC65-4B50-A9C0-9C8A618B2873}" = Samplitude Music Studio MX
"MAGIX_{928F7AD1-3F55-46EB-BCAB-8FE77283705F}" = MAGIX Speed burnR (MSI)
"MAGIX_{943D1EE8-C9C2-47B2-847A-FDF64C80CDE7}" = Xara Designer Pro 7
"MAGIX_{AC64C316-5914-4741-84C4-CC4A2729544D}" = Digieffects Phenomena Particle Effects
"MAGIX_{AE8CD487-C865-433E-A8CF-6FA7961E690F}" = MAGIX Screenshare
"MAGIX_{D7F96308-7721-4D4F-B3EB-E3623CB9FF36}" = MAGIX Video Pro X4
"MAGIX_MSI_Guitar_Backing_Maker" = MAGIX Guitar Backing Maker
"MAGIX_MSI_Slideshow_Maker_2" = MAGIX Slideshow Maker 2
"MAGIX_MSI_Videodeluxe17_premium" = MAGIX Video deluxe 17 Premium
"MAGIX_MSI_Videodeluxe17_pro" = MAGIX Video Pro X3
"MAGIX_MSI_Videodeluxe18_plus" = MAGIX Video deluxe MX Plus
"Mediaport" = Mediaport
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"MOBackup-DatensicherungfürOutlook" = MOBackup - Datensicherung für Outlook (Vollversion)
"Mozilla Firefox 14.0.1 (x86 de)" = Mozilla Firefox 14.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NewBlueFX Light Blends" = NewBlueFX Light Blends
"NewBlueFX Premium Effects" = NewBlueFX Premium Effects
"NVIDIA Drivers" = NVIDIA Drivers
"Office14.SingleImage" = Microsoft Office Professional 2010
"Pädagogische Zeichensätze 1_is1" = Pädagogische Zeichensätze 1 (2.0)
"Pelikan KD" = Kursive Druckschrift
"Pelikan VA" = Vereinfachte Ausgangsschrift
"PerfectFTP" = PerfectFTP
"Perry Rhodan_is1" = Perry Rhodan
"Pixum EasyBook" = Pixum EasyBook
"Pixum Fotobuch" = Pixum Fotobuch
"Power Video Converter_is1" = Power Video Converter 1.5.54
"proDAD-Adorage-3.0" = proDAD Adorage 3.0
"proDAD-Heroglyph-2.5" = proDAD Heroglyph 2.5
"proDAD-Mercalli-1.0" = proDAD Mercalli 1.0
"proDAD-Mercalli-2.0" = proDAD Mercalli 2.0
"proDAD-Vitascene-1.0" = proDAD Vitascene 1.0
"Samsung CLP-300 Series" = Samsung CLP-300 Series
"Schulschriften" = Schulschriften
"SCLS" = MSU Screen Capture Lossless Codec v1.2 (Remove Only)
"ShapeCollage" = Shape Collage
"Silben-Generator" = Silben-Generator
"Snapshot" = Snapshot (remove only)
"Software Informer_is1" = Software Informer 1.0 BETA
"Sqirlz Morph" = Sqirlz Morph
"stax-Pinnacle_is1" = SureThing Express Labeler
"Telekom TK-Soft" = Telekom TK-Soft
"Ulead iPhoto Express 1.1" = Ulead iPhoto Express 1.1
"Uninstall_is1" = Uninstall 1.0.0.1
"Update Engine" = Sony Ericsson Update Engine
"Vereinfachte Ausgangsschrift_is1" = Vereinfachte Ausgangsschrift (2.0)
"Virtual DJ - Atomix Productions" = Virtual DJ - Atomix Productions
"VirtualCloneDrive" = VirtualCloneDrive
"VLC media player" = VLC media player 2.0.1
"WaveLab" = WaveLab
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"XviD" = XviD MPEG-4 Codec
"Zattoo" = Zattoo 3.3.3 Beta
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-2098766894-1304471659-3782201599-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"493772c2b42d22b9" = Click MusicalKEYS
"GoToMeeting" = GoToMeeting 5.1.0.880
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 31.08.2012 15:16:07 | Computer Name = Egid-PC0509 | Source = EventSystem | ID = 4609
Description =
 
Error - 31.08.2012 15:16:48 | Computer Name = Egid-PC0509 | Source = WinMgmt | ID = 10
Description =
 
Error - 31.08.2012 15:28:42 | Computer Name = Egid-PC0509 | Source = Avira Antivirus | ID = 4110
Description = Während der Initialisierung der Suchengine trat ein unbekannter Fehler
 auf!  Fehlercode: 0x35
 
Error - 31.08.2012 15:29:40 | Computer Name = Egid-PC0509 | Source = WinMgmt | ID = 10
Description =
 
Error - 31.08.2012 15:47:42 | Computer Name = Egid-PC0509 | Source = WinMgmt | ID = 10
Description =
 
Error - 31.08.2012 17:32:18 | Computer Name = Egid-PC0509 | Source = WinMgmt | ID = 10
Description =
 
Error - 31.08.2012 17:53:23 | Computer Name = Egid-PC0509 | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung FLVPlayer.exe, Version 0.0.0.0, Zeitstempel
0x48374e32, fehlerhaftes Modul FlashPlayer.3.1.1k.ocx, Version 9.0.124.0, Zeitstempel
 0x47e8643e, Ausnahmecode 0xc0000005, Fehleroffset 0x000c274c,  Prozess-ID 0x1154,
 Anwendungsstartzeit 01cd87c1caff5584.
 
Error - 01.09.2012 03:11:29 | Computer Name = Egid-PC0509 | Source = WinMgmt | ID = 10
Description =
 
Error - 01.09.2012 05:08:04 | Computer Name = Egid-PC0509 | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung FLVPlayer.exe, Version 0.0.0.0, Zeitstempel
0x48374e32, fehlerhaftes Modul FlashPlayer.3.1.1k.ocx, Version 9.0.124.0, Zeitstempel
 0x47e8643e, Ausnahmecode 0xc0000005, Fehleroffset 0x000c274c,  Prozess-ID 0x10b0,
 Anwendungsstartzeit 01cd8820cff6fe73.
 
Error - 01.09.2012 09:07:17 | Computer Name = Egid-PC0509 | Source = WinMgmt | ID = 10
Description =
 
[ System Events ]
Error - 31.08.2012 17:41:53 | Computer Name = Egid-PC0509 | Source = Service Control Manager | ID = 7001
Description =
 
Error - 01.09.2012 03:11:24 | Computer Name = Egid-PC0509 | Source = DCOM | ID = 10005
Description =
 
Error - 01.09.2012 03:11:29 | Computer Name = Egid-PC0509 | Source = Service Control Manager | ID = 7000
Description =
 
Error - 01.09.2012 03:11:29 | Computer Name = Egid-PC0509 | Source = Service Control Manager | ID = 7001
Description =
 
Error - 01.09.2012 03:11:29 | Computer Name = Egid-PC0509 | Source = Service Control Manager | ID = 7001
Description =
 
Error - 01.09.2012 09:07:17 | Computer Name = Egid-PC0509 | Source = Service Control Manager | ID = 7000
Description =
 
Error - 01.09.2012 09:07:17 | Computer Name = Egid-PC0509 | Source = Service Control Manager | ID = 7001
Description =
 
Error - 01.09.2012 09:07:30 | Computer Name = Egid-PC0509 | Source = DCOM | ID = 10005
Description =
 
Error - 01.09.2012 09:07:30 | Computer Name = Egid-PC0509 | Source = Service Control Manager | ID = 7001
Description =
 
Error - 01.09.2012 09:08:00 | Computer Name = Egid-PC0509 | Source = VDS Dynamic Provider | ID = 16908298
Description =
 
 
< End of report >
--- --- ---

t'john 02.09.2012 09:35
Die Bereinigung besteht aus mehreren Schritten, die ausgefuehrt werden muessen.
Diese Nacheinander abarbeiten und die 4 Logs, die dabei erstellt werden bitte in deine naechste Antwort einfuegen.

Sollte der OTL-FIX nicht richig durchgelaufen sein. Fahre nicht fort, sondern mede dies bitte.

1. Schritt

Fixen mit OTL

Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).

  • Deaktiviere etwaige Virenscanner wie Avira, Kaspersky etc.
  • Starte die OTL.exe.
    Vista- und Windows 7-User starten mit Rechtsklick auf das Programm-Icon und wählen "Als Administrator ausführen".
  • Kopiere folgendes Skript in das Textfeld unterhalb von Benuterdefinierte Scans/Fixes:
  • Der Fix fängt mit :OTL an. Vergewissere dich, dass du ihn richtig kopiert hast.


Code:
:OTL
SRV - (Guard.Mail.ru) -- C:\Program Files\Guard-ICQ\GuardICQ.exe ()
SRV - (Application Updater) -- C:\Program Files\Application Updater\ApplicationUpdater.exe (Spigot, Inc.)
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (cpuz132) -- C:\Users\Egid\AppData\Local\Temp\cpuz132\cpuz132_x32.sys File not found
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.facemoods.com/?a=make&s={searchTerms}&f=4
IE - HKLM\..\URLSearchHook: - No CLSID value found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found
IE - HKLM\..\URLSearchHook: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files\DVDVideoSoft\prxtbDVD0.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDC
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKU\.DEFAULT\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDC
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKU\S-1-5-18\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDC
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2098766894-1304471659-3782201599-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Babylon Search
IE - HKU\S-1-5-21-2098766894-1304471659-3782201599-1000\..\URLSearchHook: - No CLSID value found
IE - HKU\S-1-5-21-2098766894-1304471659-3782201599-1000\..\URLSearchHook: {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\pdfforge Toolbar\SearchSettings.dll (Spigot, Inc.)
IE - HKU\S-1-5-21-2098766894-1304471659-3782201599-1000\..\URLSearchHook: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files\DVDVideoSoft\prxtbDVD0.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-2098766894-1304471659-3782201599-1000\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKU\S-1-5-21-2098766894-1304471659-3782201599-1000\..\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}: "URL" = http://start.facemoods.com/?a=make&s={searchTerms}&f=4
IE - HKU\S-1-5-21-2098766894-1304471659-3782201599-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&affID=112555&tt=130812_ffmnt_3312_8&babsrc=SP_ss&mntrId=cedae390000000000000000777640932
IE - HKU\S-1-5-21-2098766894-1304471659-3782201599-1000\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = http://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKU\S-1-5-21-2098766894-1304471659-3782201599-1000\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDC_de
IE - HKU\S-1-5-21-2098766894-1304471659-3782201599-1000\..\SearchScopes\{7BB23F66-02EA-4D8D-A639-6576F3806E4C}: "URL" = http://search.yahoo.com/search?ei=utf-8&fr=chr-greentree_ie&p={searchTerms}
IE - HKU\S-1-5-21-2098766894-1304471659-3782201599-1000\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050
IE - HKU\S-1-5-21-2098766894-1304471659-3782201599-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=302398"
FF - prefs.js..browser.search.selectedEngine: "Search the web (Babylon)"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.schule-rieden.de"
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.4
FF - prefs.js..extensions.enabledItems: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f}:2.5.6.0
FF - prefs.js..extensions.enabledItems: pdfforge@mybrowserbar.com:1.1.2
FF - prefs.js..extensions.enabledItems: searchsettings@spigot.com:1.2.3
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:2.7.0.14
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.2.5.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..keyword.URL: "http://search.babylon.com/?babsrc=SP_ss&mntrId=cedae390000000000000000777640932&tlver=1.6.4.6&instlRef=sst&babTrack&q="
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (CescrtHlpr Object) - {64182481-4F71-486b-A045-B233BD0DA8FC} - C:\Program Files\facemoods.com\facemoods\1.4.17.11\bh\facemoods.dll (facemoods.com BHO)
O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\1.1.2\pdfforgeToolbarIE.dll (Spigot, Inc.)
O2 - BHO: (Reg Error: Value error.) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\pdfforge Toolbar\SearchSettings.dll (Spigot, Inc.)
O2 - BHO: (DVDVideoSoftTB Toolbar) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files\DVDVideoSoft\prxtbDVD0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\1.1.2\pdfforgeToolbarIE.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (facemoods Toolbar) - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - C:\Program Files\facemoods.com\facemoods\1.4.17.11\facemoodsTlbr.dll (facemoods.com)
O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files\DVDVideoSoft\prxtbDVD0.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-2098766894-1304471659-3782201599-1000\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {E9911EC6-1BCC-40B0-9993-E0EEA7F6953F} - C:\Program Files\DVDVideoSoft\prxtbDVD0.dll (Conduit Ltd.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [facemoods] C:\Program Files\facemoods.com\facemoods\1.4.17.11\facemoodssrv.exe (facemoods.com)
O4 - HKLM..\Run: [Guard.Mail.ru.gui] C:\Program Files\Guard-ICQ\GuardICQ.exe ()
O4 - HKLM..\Run: [NWEReboot] File not found
O4 - HKU\S-1-5-21-2098766894-1304471659-3782201599-1000..\Run: [fsm] File not found
O4 - HKU\S-1-5-21-2098766894-1304471659-3782201599-1000..\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe (Acresso Corporation)
O7 - HKU\S-1-5-21-2098766894-1304471659-3782201599-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 0
O7 - HKU\S-1-5-21-2098766894-1304471659-3782201599-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - eBay - eine der größten deutschen Shopping-Websites File not found
O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - eBay - eine der größten deutschen Shopping-Websites File not found
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O32 - HKLM CDRom: AutoRun - 0
O32 - AutoRun File - [2009.05.31 18:47:05 | 000,000,121 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{1cc4fa29-0c0c-11df-900c-000777640932}\Shell - "" = AutoRun
O33 - MountPoints2\{1cc4fa29-0c0c-11df-900c-000777640932}\Shell\AutoRun\command - "" = L:\LaunchU3.exe -a
O33 - MountPoints2\{2144d007-4a37-11de-9fe8-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{2144d007-4a37-11de-9fe8-806e6f6e6963}\Shell\AutoRun\command - "" = F:\autorun.exe 1302-II-2012.pdf
O33 - MountPoints2\{4a882d31-3103-11e0-8e70-0008c9b0bd1c}\Shell - "" = AutoRun
O33 - MountPoints2\{4a882d31-3103-11e0-8e70-0008c9b0bd1c}\Shell\AutoRun\command - "" = M:\Startme.exe
O33 - MountPoints2\{4d2c829d-3513-11e0-9d21-0008c9b0bd1c}\Shell - "" = AutoRun
O33 - MountPoints2\{4d2c829d-3513-11e0-9d21-0008c9b0bd1c}\Shell\AutoRun\command - "" = K:\Startme.exe
O33 - MountPoints2\{a3c04a3f-c91d-11de-ba83-000777640932}\Shell - "" = AutoRun
O33 - MountPoints2\{a3c04a3f-c91d-11de-ba83-000777640932}\Shell\AutoRun\command - "" = K:\AutoRun.exe
[2012.08.15 23:38:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[2012.08.31 20:35:47 | 083,023,306 | ---- | M] () -- C:\ProgramData\nud0repor.pad

@Alternate Data Stream - 110 bytes -> C:\ProgramData\Temp:888AFB86
[2011.03.26 14:34:58 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Egid\AppData\Roaming\mozilla\Firefox\Profiles\vmwcru4g.default\extensions\engine@conduit.com
[2012.08.15 23:40:38 | 000,000,000 | ---D | M] (Babylon) -- C:\Users\Egid\AppData\Roaming\mozilla\Firefox\Profiles\vmwcru4g.default\extensions\ffxtlbr@babylon.com

[2012.08.15 23:39:28 | 000,000,317 | ---- | M] () -- C:\user.js
[2012.08.15 23:38:57 | 000,000,000 | ---D | C] -- C:\Users\Egid\AppData\Roaming\Babylon
[2012.09.01 17:16:25 | 000,000,336 | -H-- | M] () -- C:\Windows\tasks\DBH.C92D5951-5D12-4f6a-9D08-7D54596BD0C0.main.job

:Files

C:\Users\Egid\AppData\Local\{*}
C:\ProgramData\*.exe
C:\ProgramData\TEMP
C:\Users\Egid\AppData\Local\Temp\*.exe
C:\Users\Egid\AppData\LocalLow\Sun\Java\Deployment\cache
%APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
%SystemRoot%\System32\*.tmp
%SystemRoot%\SysWOW64\*.tmp
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
  • Schließe alle Programme.
  • Klicke auf den Fix Button.
  • Wenn OTL einen Neustart verlangt, bitte zulassen.
  • Kopiere den Inhalt des Logfiles hier in Code-Tags in Deinen Thread.
    Nachträglich kannst Du das Logfile hier einsehen => C:\_OTL\MovedFiles\<datum_nummer.log>

Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!



2. Schritt
Bitte einen Vollscan mit Malwarebytes Anti-Malware machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Malwarebytes Anti-Malware
- Anwendbar auf Windows 2000, XP, Vista und 7.
- Installiere das Programm in den vorgegebenen Pfad.
- Aktualisiere die Datenbank!
- Aktiviere "Komplett Scan durchführen" => Scan.
- Wähle alle verfügbaren Laufwerke (ausser CD/DVD) aus und starte den Scan.
- Funde bitte löschen lassen oder in Quarantäne.
- Wenn der Scan beendet ist, klicke auf "Zeige Resultate".
danach:

3. Schritt

Downloade Dir bitte AdwCleaner auf deinen Desktop.

  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Search.
  • Nach Ende des Suchlaufs öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[R1].txt.



4. Schritt
  • Schließe alle offenen Programme und Browser.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Delete.
  • Bestätige jeweils mit Ok.
  • Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[S1].txt.

DIGE 03.09.2012 22:35
Hallo...
(Bin so dumm...;:)

Was bedeutet C in deiem und welchen Inhaltner Logfile....

DIGE

Hallo...
(Bin so dumm...;

Was bedeutet Codetags in deinem reat und welchen Inhalt einer Logfile.... (Schritt 1 unten)

DIGE

t'john 04.09.2012 18:08
zu 1. Im Datei-Explorer suchen.


zu 2. Poste ohne Tags

DIGE 04.09.2012 21:34
HIer ist die Datei von Schritt 1:



All processes killed
========== OTL ==========
Service Guard.Mail.ru stopped successfully!
Service Guard.Mail.ru deleted successfully!
C:\Program Files\Guard-ICQ\GuardICQ.exe moved successfully.
Service Application Updater stopped successfully!
Service Application Updater deleted successfully!
C:\Program Files\Application Updater\ApplicationUpdater.exe moved successfully.
Service NwlnkFwd stopped successfully!
Service NwlnkFwd deleted successfully!
File system32\DRIVERS\nwlnkfwd.sys File not found not found.
Service NwlnkFlt stopped successfully!
Service NwlnkFlt deleted successfully!
File system32\DRIVERS\nwlnkflt.sys File not found not found.
Service IpInIp stopped successfully!
Service IpInIp deleted successfully!
File system32\DRIVERS\ipinip.sys File not found not found.
Service cpuz132 stopped successfully!
Service cpuz132 deleted successfully!
File C:\Users\Egid\AppData\Local\Temp\cpuz132\cpuz132_x32.sys File not found not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search\\SearchAssistant| /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{855F3B16-6D32-4fe6-8A56-BBB695989046} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4fe6-8A56-BBB695989046}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}\ deleted successfully.
C:\Program Files\DVDVideoSoft\prxtbDVD0.dll moved successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}\ not found.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}\ not found.
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKU\S-1-5-21-2098766894-1304471659-3782201599-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry value HKEY_USERS\S-1-5-21-2098766894-1304471659-3782201599-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-2098766894-1304471659-3782201599-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{E312764E-7706-43F1-8DAB-FCDD2B1E416D} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}\ deleted successfully.
C:\Program Files\pdfforge Toolbar\SearchSettings.dll moved successfully.
Registry value HKEY_USERS\S-1-5-21-2098766894-1304471659-3782201599-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}\ not found.
File C:\Program Files\DVDVideoSoft\prxtbDVD0.dll not found.
HKEY_USERS\S-1-5-21-2098766894-1304471659-3782201599-1000\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-2098766894-1304471659-3782201599-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0D7562AE-8EF6-416d-A838-AB665251703A}\ not found.
Registry key HKEY_USERS\S-1-5-21-2098766894-1304471659-3782201599-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.
Registry key HKEY_USERS\S-1-5-21-2098766894-1304471659-3782201599-1000\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6552C7DD-90A4-4387-B795-F8F96747DE19}\ not found.
Registry key HKEY_USERS\S-1-5-21-2098766894-1304471659-3782201599-1000\Software\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}\ not found.
Registry key HKEY_USERS\S-1-5-21-2098766894-1304471659-3782201599-1000\Software\Microsoft\Internet Explorer\SearchScopes\{7BB23F66-02EA-4D8D-A639-6576F3806E4C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7BB23F66-02EA-4D8D-A639-6576F3806E4C}\ not found.
Registry key HKEY_USERS\S-1-5-21-2098766894-1304471659-3782201599-1000\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
HKU\S-1-5-21-2098766894-1304471659-3782201599-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
Prefs.js: "Search the web (Babylon)" removed from browser.search.defaultenginename
Prefs.js: "Search the web (Babylon)" removed from browser.search.order.1
Prefs.js: "chr-greentree_ff&type=302398" removed from browser.search.param.yahoo-fr
Prefs.js: "Search the web (Babylon)" removed from browser.search.selectedEngine
Prefs.js: true removed from browser.search.useDBForOrder
Prefs.js: "www.schule-rieden.de" removed from browser.startup.homepage
Prefs.js: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.4 removed from extensions.enabledItems
Prefs.js: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f}:2.5.6.0 removed from extensions.enabledItems
Prefs.js: pdfforge@mybrowserbar.com:1.1.2 removed from extensions.enabledItems
Prefs.js: searchsettings@spigot.com:1.2.3 removed from extensions.enabledItems
Prefs.js: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 removed from extensions.enabledItems
Prefs.js: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:2.7.0.14 removed from extensions.enabledItems
Prefs.js: engine@conduit.com:3.2.5.2 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 removed from extensions.enabledItems
Prefs.js: "hxxp://search.babylon.com/?babsrc=SP_ss&mntrId=cedae390000000000000000777640932&tlver=1.6.4.6&instlRef=sst&babTrack&q=" removed from keyword.URL
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ deleted successfully.
C:\Program Files\ConduitEngine\prxConduitEngine.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{64182481-4F71-486b-A045-B233BD0DA8FC}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{64182481-4F71-486b-A045-B233BD0DA8FC}\ deleted successfully.
C:\Program Files\facemoods.com\facemoods\1.4.17.11\bh\facemoods.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B922D405-6D13-4A2B-AE89-08A030DA4402}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B922D405-6D13-4A2B-AE89-08A030DA4402}\ deleted successfully.
C:\Program Files\pdfforge Toolbar\IE\1.1.2\pdfforgeToolbarIE.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}\ not found.
File C:\Program Files\pdfforge Toolbar\SearchSettings.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}\ not found.
File C:\Program Files\DVDVideoSoft\prxtbDVD0.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{B922D405-6D13-4A2B-AE89-08A030DA4402} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B922D405-6D13-4A2B-AE89-08A030DA4402}\ not found.
File C:\Program Files\pdfforge Toolbar\IE\1.1.2\pdfforgeToolbarIE.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{DB4E9724-F518-4dfd-9C7C-78B52103CAB9} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DB4E9724-F518-4dfd-9C7C-78B52103CAB9}\ deleted successfully.
C:\Program Files\facemoods.com\facemoods\1.4.17.11\facemoodsTlbr.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}\ not found.
File C:\Program Files\DVDVideoSoft\prxtbDVD0.dll not found.
Registry value HKEY_USERS\S-1-5-21-2098766894-1304471659-3782201599-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{E9911EC6-1BCC-40B0-9993-E0EEA7F6953F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E9911EC6-1BCC-40B0-9993-E0EEA7F6953F}\ not found.
File C:\Program Files\DVDVideoSoft\prxtbDVD0.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\facemoods deleted successfully.
C:\Program Files\facemoods.com\facemoods\1.4.17.11\facemoodssrv.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Guard.Mail.ru.gui deleted successfully.
File C:\Program Files\Guard-ICQ\GuardICQ.exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\NWEReboot deleted successfully.
Registry value HKEY_USERS\S-1-5-21-2098766894-1304471659-3782201599-1000\Software\Microsoft\Windows\CurrentVersion\Run\\fsm deleted successfully.
Registry value HKEY_USERS\S-1-5-21-2098766894-1304471659-3782201599-1000\Software\Microsoft\Windows\CurrentVersion\Run\\ISUSPM deleted successfully.
C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe moved successfully.
Registry value HKEY_USERS\S-1-5-21-2098766894-1304471659-3782201599-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutorun deleted successfully.
Registry value HKEY_USERS\S-1-5-21-2098766894-1304471659-3782201599-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA}\ not found.
Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
C:\Windows\Downloaded Program Files\erma.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\AUTOEXEC.BAT moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1cc4fa29-0c0c-11df-900c-000777640932}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1cc4fa29-0c0c-11df-900c-000777640932}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1cc4fa29-0c0c-11df-900c-000777640932}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1cc4fa29-0c0c-11df-900c-000777640932}\ not found.
File L:\LaunchU3.exe -a not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2144d007-4a37-11de-9fe8-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2144d007-4a37-11de-9fe8-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2144d007-4a37-11de-9fe8-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2144d007-4a37-11de-9fe8-806e6f6e6963}\ not found.
File F:\autorun.exe 1302-II-2012.pdf not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4a882d31-3103-11e0-8e70-0008c9b0bd1c}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4a882d31-3103-11e0-8e70-0008c9b0bd1c}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4a882d31-3103-11e0-8e70-0008c9b0bd1c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4a882d31-3103-11e0-8e70-0008c9b0bd1c}\ not found.
File M:\Startme.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4d2c829d-3513-11e0-9d21-0008c9b0bd1c}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4d2c829d-3513-11e0-9d21-0008c9b0bd1c}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4d2c829d-3513-11e0-9d21-0008c9b0bd1c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4d2c829d-3513-11e0-9d21-0008c9b0bd1c}\ not found.
File K:\Startme.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a3c04a3f-c91d-11de-ba83-000777640932}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a3c04a3f-c91d-11de-ba83-000777640932}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a3c04a3f-c91d-11de-ba83-000777640932}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a3c04a3f-c91d-11de-ba83-000777640932}\ not found.
File K:\AutoRun.exe not found.
C:\ProgramData\Babylon folder moved successfully.
C:\Windows\System32\ConduitEngine.tmp deleted successfully.
C:\ProgramData\nud0repor.pad moved successfully.
ADS C:\ProgramData\Temp:888AFB86 deleted successfully.
C:\Users\Egid\AppData\Roaming\mozilla\Firefox\Profiles\vmwcru4g.default\extensions\engine@conduit.com\searchplugin folder moved successfully.
C:\Users\Egid\AppData\Roaming\mozilla\Firefox\Profiles\vmwcru4g.default\extensions\engine@conduit.com\META-INF folder moved successfully.
C:\Users\Egid\AppData\Roaming\mozilla\Firefox\Profiles\vmwcru4g.default\extensions\engine@conduit.com\lib folder moved successfully.
C:\Users\Egid\AppData\Roaming\mozilla\Firefox\Profiles\vmwcru4g.default\extensions\engine@conduit.com\DualPackage folder moved successfully.
C:\Users\Egid\AppData\Roaming\mozilla\Firefox\Profiles\vmwcru4g.default\extensions\engine@conduit.com\defaults folder moved successfully.
C:\Users\Egid\AppData\Roaming\mozilla\Firefox\Profiles\vmwcru4g.default\extensions\engine@conduit.com\components folder moved successfully.
C:\Users\Egid\AppData\Roaming\mozilla\Firefox\Profiles\vmwcru4g.default\extensions\engine@conduit.com\chrome folder moved successfully.
C:\Users\Egid\AppData\Roaming\mozilla\Firefox\Profiles\vmwcru4g.default\extensions\engine@conduit.com folder moved successfully.
C:\Users\Egid\AppData\Roaming\mozilla\Firefox\Profiles\vmwcru4g.default\extensions\ffxtlbr@babylon.com\content\imgs\mnRadio folder moved successfully.
C:\Users\Egid\AppData\Roaming\mozilla\Firefox\Profiles\vmwcru4g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs folder moved successfully.
C:\Users\Egid\AppData\Roaming\mozilla\Firefox\Profiles\vmwcru4g.default\extensions\ffxtlbr@babylon.com\content\imgs folder moved successfully.
C:\Users\Egid\AppData\Roaming\mozilla\Firefox\Profiles\vmwcru4g.default\extensions\ffxtlbr@babylon.com\content folder moved successfully.
C:\Users\Egid\AppData\Roaming\mozilla\Firefox\Profiles\vmwcru4g.default\extensions\ffxtlbr@babylon.com\components folder moved successfully.
C:\Users\Egid\AppData\Roaming\mozilla\Firefox\Profiles\vmwcru4g.default\extensions\ffxtlbr@babylon.com folder moved successfully.
C:\user.js moved successfully.
C:\Users\Egid\AppData\Roaming\Babylon folder moved successfully.
C:\Windows\Tasks\DBH.C92D5951-5D12-4f6a-9D08-7D54596BD0C0.main.job moved successfully.
========== FILES ==========
C:\Users\Egid\AppData\Local\{24537E77-A71A-4935-BDD1-D5D2E97AEF42} moved successfully.
C:\Users\Egid\AppData\Local\{44C6D06C-B400-416F-82B7-2EB5EE31E224} moved successfully.
C:\Users\Egid\AppData\Local\{4B136CBF-AD25-44AC-8FD6-D1B26BF30602} moved successfully.
C:\Users\Egid\AppData\Local\{8355DBDF-78FA-49CD-8774-0A4F942214DE} moved successfully.
File\Folder C:\ProgramData\*.exe not found.
C:\ProgramData\Temp\{D36DD326-7280-11D8-97C8-000129760CBE} folder moved successfully.
C:\ProgramData\Temp\{CB099890-1D5F-11D5-9EA9-0050BAE317E1} folder moved successfully.
C:\ProgramData\Temp\{C59C179C-668D-49A9-B6EA-0121CCFC1243} folder moved successfully.
C:\ProgramData\Temp\{B7A0CE06-068E-11D6-97FD-0050BACBF861} folder moved successfully.
C:\ProgramData\Temp\{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8} folder moved successfully.
C:\ProgramData\Temp\{8C20787A-7402-4FA7-BF25-6E5750930FDC} folder moved successfully.
C:\ProgramData\Temp\{80E158EA-7181-40FE-A701-301CE6BE64AB} folder moved successfully.
C:\ProgramData\Temp\{5DB1DF0C-AABC-4362-8A6D-CEFDFB036E41} folder moved successfully.
C:\ProgramData\Temp\{40BF1E83-20EB-11D8-97C5-0009C5020658} folder moved successfully.
C:\ProgramData\Temp folder moved successfully.
C:\Users\Egid\AppData\Local\Temp\jre-7u7-windows-i586-iftw.exe moved successfully.
C:\Users\Egid\AppData\Local\Temp\toolbar18309665.exe moved successfully.
C:\Users\Egid\AppData\Local\Temp\uninstall18909645.exe moved successfully.
C:\Users\Egid\AppData\Local\Temp\vlc-2.0.2-win32.exe moved successfully.
C:\Users\Egid\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\tmp folder moved successfully.
C:\Users\Egid\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\muffin folder moved successfully.
C:\Users\Egid\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\host folder moved successfully.
C:\Users\Egid\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9 folder moved successfully.
C:\Users\Egid\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\8 folder moved successfully.
C:\Users\Egid\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\7 folder moved successfully.
C:\Users\Egid\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63 folder moved successfully.
C:\Users\Egid\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62 folder moved successfully.
C:\Users\Egid\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61 folder moved successfully.
C:\Users\Egid\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\60 folder moved successfully.
C:\Users\Egid\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6 folder moved successfully.
C:\Users\Egid\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59 folder moved successfully.
C:\Users\Egid\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58 folder moved successfully.
C:\Users\Egid\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57 folder moved successfully.
C:\Users\Egid\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\56 folder moved successfully.
C:\Users\Egid\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55 folder moved successfully.
C:\Users\Egid\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54 folder moved successfully.
C:\Users\Egid\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53 folder moved successfully.
C:\Users\Egid\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52 folder moved successfully.
C:\Users\Egid\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\51 folder moved successfully.
C:\Users\Egid\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50 folder moved successfully.
C:\Users\Egid\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5 folder moved successfully.
C:\Users\Egid\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49 folder moved successfully.
C:\Users\Egid\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48 folder moved successfully.
C:\Users\Egid\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47 folder moved successfully.
C:\Users\Egid\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46 folder moved successfully.
C:\Users\Egid\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\45 folder moved successfully.
C:\Users\Egid\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44 folder moved successfully.
C:\Users\Egid\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43 folder moved successfully.
C:\Users\Egid\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\42 folder moved successfully.
C:\Users\Egid\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41 folder moved successfully.
C:\Users\Egid\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\40 folder moved successfully.
C:\Users\Egid\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\4 folder moved successfully.
C:\Users\Egid\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\39 folder moved successfully.
C:\Users\Egid\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38 folder moved successfully.
C:\Users\Egid\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\37 folder moved successfully.
C:\Users\Egid\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36 folder moved successfully.
C:\Users\Egid\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35 folder moved successfully.
C:\Users\Egid\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34 folder moved successfully.
C:\Users\Egid\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33 folder moved successfully.
C:\Users\Egid\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32 folder moved successfully.
C:\Users\Egid\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31 folder moved successfully.
C:\Users\Egid\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\30 folder moved successfully.
C:\Users\Egid\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\3 folder moved successfully.
C:\Users\Egid\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29 folder moved successfully.
C:\Users\Egid\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28 folder moved successfully.
C:\Users\Egid\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27 folder moved successfully.
C:\Users\Egid\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26 folder moved successfully.
C:\Users\Egid\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25 folder moved successfully.
C:\Users\Egid\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\24 folder moved successfully.
C:\Users\Egid\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\23 folder moved successfully.
C:\Users\Egid\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22 folder moved successfully.
C:\Users\Egid\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21 folder moved successfully.
C:\Users\Egid\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20 folder moved successfully.
C:\Users\Egid\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2 folder moved successfully.
C:\Users\Egid\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\19 folder moved successfully.
C:\Users\Egid\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18 folder moved successfully.
C:\Users\Egid\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17 folder moved successfully.
C:\Users\Egid\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16 folder moved successfully.
C:\Users\Egid\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15 folder moved successfully.
C:\Users\Egid\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\14 folder moved successfully.
C:\Users\Egid\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\13 folder moved successfully.
C:\Users\Egid\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12 folder moved successfully.
C:\Users\Egid\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\11 folder moved successfully.
C:\Users\Egid\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10 folder moved successfully.
C:\Users\Egid\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1 folder moved successfully.
C:\Users\Egid\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0 folder moved successfully.
C:\Users\Egid\AppData\LocalLow\Sun\Java\Deployment\cache\6.0 folder moved successfully.
C:\Users\Egid\AppData\LocalLow\Sun\Java\Deployment\cache folder moved successfully.
File/Folder C:\Users\Egid\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk not found.
File/Folder C:\Windows\System32\*.tmp not found.
File/Folder C:\Windows\SysWOW64\*.tmp not found.
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache konnte nicht geleert werden: Beim Ausfhren der Funktion ist ein Fehler aufgetreten.
C:\Users\Egid\Desktop\cmd.bat deleted successfully.
C:\Users\Egid\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 41 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Egid
->Temp folder emptied: 31115563 bytes
->Temporary Internet Files folder emptied: 90335144 bytes
->FireFox cache emptied: 91920024 bytes
->Flash cache emptied: 542 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 2037776 bytes
RecycleBin emptied: 262770264 bytes

Total Files Cleaned = 456,00 mb


OTL by OldTimer - Version 3.2.59.1 log created on 09042012_222643

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

Die Resultate von Schritt 2 (Malwarebytes)


Malwarebytes Anti-Malware (Test) 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.09.04.10

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Egid :: EGID-PC0509 [Administrator]

Schutz: Aktiviert

04.09.2012 22:44:41
mbam-log-2012-09-04 (22-44-41).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|K:\|N:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 1027334
Laufzeit: 2 Stunde(n), 51 Minute(n), 44 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 2
C:\Program Files\HomeCinema\MediaShow4\subsys\BigBang\Runtime\MUITransfer\MUITransfer.dll (Trojan.Hiloti.Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\_OTL\MovedFiles\09042012_222643\C_Users\Egid\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\3\79c84c83-1daf41cd (Trojan.FakeMS) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

Ergebnisse von Schritt 3 (AdwCleaner)

# AdwCleaner v2.000 - Datei am 09/05/2012 um 09:30:56 erstellt
# Aktualisiert am 30/08/2012 von Xplode
# Betriebssystem : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# Benutzer : Egid - EGID-PC0509
# Normaler Modus : Normal
# Ausgeführt unter : C:\Users\Egid\Desktop\adwcleaner.exe
# Option [Suche]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gefunden : C:\Program Files\Mozilla Firefox\extensions\pdfforge@mybrowserbar.com
Datei Gefunden : C:\Program Files\Mozilla Firefox\extensions\searchsettings@spigot.com
Datei Gefunden : C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml
Datei Gefunden : C:\Program Files\Mozilla Firefox\searchplugins\fcmdSrch.xml
Ordner Gefunden : C:\Program Files\Application Updater
Ordner Gefunden : C:\Program Files\Common Files\DVDVideoSoft
Ordner Gefunden : C:\Program Files\Conduit
Ordner Gefunden : C:\Program Files\ConduitEngine
Ordner Gefunden : C:\Program Files\DVDVideoSoft
Ordner Gefunden : C:\Program Files\facemoods.com
Ordner Gefunden : C:\Program Files\Free Offers from Freeze.com
Ordner Gefunden : C:\Program Files\pdfforge Toolbar
Ordner Gefunden : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
Ordner Gefunden : C:\Users\Egid\AppData\Local\Conduit
Ordner Gefunden : C:\Users\Egid\AppData\LocalLow\boost_interprocess
Ordner Gefunden : C:\Users\Egid\AppData\LocalLow\Conduit
Ordner Gefunden : C:\Users\Egid\AppData\LocalLow\ConduitEngine
Ordner Gefunden : C:\Users\Egid\AppData\LocalLow\DVDVideoSoft
Ordner Gefunden : C:\Users\Egid\AppData\LocalLow\facemoods.com
Ordner Gefunden : C:\Users\Egid\AppData\LocalLow\pdfforge
Ordner Gefunden : C:\Users\Egid\AppData\LocalLow\PriceGong
Ordner Gefunden : C:\Users\Egid\AppData\LocalLow\Search Settings
Ordner Gefunden : C:\Users\Egid\AppData\Roaming\DVDVideoSoft
Ordner Gefunden : C:\Users\Egid\AppData\Roaming\Mozilla\Firefox\Profiles\vmwcru4g.default\Conduit
Ordner Gefunden : C:\Users\Egid\AppData\Roaming\Mozilla\Firefox\Profiles\vmwcru4g.default\ConduitEngine
Ordner Gefunden : C:\Users\Egid\AppData\Roaming\pdfforge
Ordner Gefunden : C:\Users\Egid\Documents\DVDVideoSoft

***** [Registrierungsdatenbank] *****

Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\Conduit
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\conduitEngine
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\conduitEngine
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\DVDVideoSoft
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\pdfforge
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\PriceGong
Schlüssel Gefunden : HKCU\Software\AppDataLow\Toolbar
Schlüssel Gefunden : HKCU\Software\DVDVideoSoft
Schlüssel Gefunden : HKCU\Software\facemoods.com
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\Search Settings
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\DVDVideoSoft Toolbar
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\facemoods
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{30F9B915-B755-4826-820B-08FBA6BD249D}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{30F9B915-B755-4826-820B-08FBA6BD249D}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{64182481-4F71-486B-A045-B233BD0DA8FC}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{B922D405-6D13-4A2B-AE89-08A030DA4402}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{DB4E9724-F518-4DFD-9C7C-78B52103CAB9}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{E9911EC6-1BCC-40B0-9993-E0EEA7F6953F}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30F9B915-B755-4826-820B-08FBA6BD249D}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30F9B915-B755-4826-820B-08FBA6BD249D}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{64182481-4F71-486B-A045-B233BD0DA8FC}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B922D405-6D13-4A2B-AE89-08A030DA4402}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DB4E9724-F518-4DFD-9C7C-78B52103CAB9}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E9911EC6-1BCC-40B0-9993-E0EEA7F6953F}
Schlüssel Gefunden : HKCU\Software\Softonic
Schlüssel Gefunden : HKLM\Software\Babylon
Schlüssel Gefunden : HKLM\Software\BabylonToolbar
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{AD25754E-D76C-42B3-A335-2F81478B722F}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{50A52C9C-B35C-4BC6-980A-C35984BF4F9E}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{A5B99E41-E157-4209-8AAC-DB003A816079}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{AD20D01C-C939-4DD2-8C55-56935A48987E}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{DDE2C74F-58CC-4D71-8CE1-09DEBB8CFB78}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{E95EAD3F-18C6-4304-9DC6-BD6FD8E11D37}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Conduit.Engine
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\escort.escrtBtn.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\esrv.escrtSrvc
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\esrv.escrtSrvc.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\facemoods.dskBnd
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\facemoods.dskBnd.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\facemoods.facemoodsHlpr
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\facemoods.facemoodsHlpr.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\facemoods.xtrnl
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\facemoods.xtrnl.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\facemoodsApp.appCore
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\facemoodsApp.appCore.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{542FA950-C57A-4E17-B3E1-D935DFE15DEE}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{5B035F86-41B5-40F1-AAAD-3D219F30244E}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{6365AC7B-9920-4D8B-AF5D-3BDFEAC340A8}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{6A934270-717F-4BC3-BA59-BC9BED47A8D2}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{74C012C4-00FB-4F04-9AFB-4AD5449D2018}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{78888F8B-D5E4-43CE-89F5-C8C18223AF64}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{79B13431-CCAC-4097-8889-D0289E5E924F}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{8B8558F6-DC26-4F39-8417-34B8934AA459}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{8C8D5C57-3CAD-4CF9-BCAD-F873678DA883}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{981334CB-7B8B-431F-B86D-67B7426B125B}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{9E393F82-2644-4AB6-B994-1AD39D6C59EE}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{A3A2A5C0-1306-4D1A-A093-9CECA4230002}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{C1C2FC43-F042-4F17-AEDB-C5ABF3B42E4B}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{C8D424EF-CB21-49A0-8659-476FBAB0F8E8}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{F7EC6286-297C-4981-9DCC-FD7F57BC24C9}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Toolbar.CT2269050
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{09C554C3-109B-483C-A06B-F14172F1A947}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{12A5F606-B1EC-474C-83ED-95E99FD8058E}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{AD25754E-D76C-42B3-A335-2F81478B722F}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Schlüssel Gefunden : HKLM\Software\Conduit
Schlüssel Gefunden : HKLM\Software\conduitEngine
Schlüssel Gefunden : HKLM\Software\conduitEngine
Schlüssel Gefunden : HKLM\Software\DVDVideoSoft
Schlüssel Gefunden : HKLM\Software\facemoods.com
Schlüssel Gefunden : HKLM\Software\Freeze.com
Schlüssel Gefunden : HKLM\SOFTWARE\Google\Chrome\Extensions\ihflimipbcaljfnojhhknppphnnciiif
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0DF42123-1872-406B-8F41-68E5CFCECD34}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B922D405-6D13-4A2B-AE89-08A030DA4402}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DDC6FE59-9BFA-47BF-BE20-49C244E6A13F}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FED865DF-B8BB-4741-BF86-2621E9E20644}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FFDF9EF3-3C3A-4F05-9A6E-5D3B778EC567}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{50A52C9C-B35C-4BC6-980A-C35984BF4F9E}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Conduit Engine
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DVDVideoSoft Toolbar
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\facemoods
Schlüssel Gefunden : HKLM\Software\pdfforge
Schlüssel Gefunden : HKLM\Software\Search Settings

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v14.0.1 (de)

Profilname : default
Datei : C:\Users\Egid\AppData\Roaming\Mozilla\Firefox\Profiles\vmwcru4g.default\prefs.js

Gefunden : user_pref("CT2269050.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Gefunden : user_pref("CT2269050.CTID", "CT2269050");
Gefunden : user_pref("CT2269050.CurrentServerDate", "31-7-2010");
Gefunden : user_pref("CT2269050.DialogsAlignMode", "LTR");
Gefunden : user_pref("CT2269050.DownloadReferralCookieData", "");
Gefunden : user_pref("CT2269050.EMailNotifierPollDate", "Sat Jul 31 2010 10:11:29 GMT+0200");
Gefunden : user_pref("CT2269050.ExternalComponentPollDate8877840225553681985", "Wed Jul 28 2010 07:18:29 GMT+02[...]
Gefunden : user_pref("CT2269050.FirstServerDate", "21-2-2010");
Gefunden : user_pref("CT2269050.FirstTime", true);
Gefunden : user_pref("CT2269050.FirstTimeFF3", true);
Gefunden : user_pref("CT2269050.FirstTimeSettingsDone", true);
Gefunden : user_pref("CT2269050.FixPageNotFoundErrors", true);
Gefunden : user_pref("CT2269050.GroupingServerCheckInterval", 1440);
Gefunden : user_pref("CT2269050.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Gefunden : user_pref("CT2269050.Initialize", true);
Gefunden : user_pref("CT2269050.InitializeCommonPrefs", true);
Gefunden : user_pref("CT2269050.InstallationAndCookieDataSentCount", 3);
Gefunden : user_pref("CT2269050.InstalledDate", "Sun Feb 21 2010 18:16:43 GMT+0100");
Gefunden : user_pref("CT2269050.InvalidateCache", false);
Gefunden : user_pref("CT2269050.IsGrouping", false);
Gefunden : user_pref("CT2269050.IsMulticommunity", false);
Gefunden : user_pref("CT2269050.IsOpenThankYouPage", false);
Gefunden : user_pref("CT2269050.IsOpenUninstallPage", false);
Gefunden : user_pref("CT2269050.LanguagePackLastCheckTime", "Fri Jul 30 2010 13:00:53 GMT+0200");
Gefunden : user_pref("CT2269050.LanguagePackReloadIntervalMM", 1440);
Gefunden : user_pref("CT2269050.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Gefunden : user_pref("CT2269050.LastLogin_2.5.6.0", "Tue Mar 16 2010 07:37:48 GMT+0100");
Gefunden : user_pref("CT2269050.LastLogin_2.7.0.14", "Sat Jul 31 2010 10:06:31 GMT+0200");
Gefunden : user_pref("CT2269050.LatestVersion", "2.1.0.18");
Gefunden : user_pref("CT2269050.Locale", "en");
Gefunden : user_pref("CT2269050.LoginCache", 4);
Gefunden : user_pref("CT2269050.MCDetectTooltipHeight", "83");
Gefunden : user_pref("CT2269050.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Gefunden : user_pref("CT2269050.MCDetectTooltipWidth", "295");
Gefunden : user_pref("CT2269050.RadioIsPodcast", false);
Gefunden : user_pref("CT2269050.RadioLastCheckTime", "Fri Jul 30 2010 13:00:45 GMT+0200");
Gefunden : user_pref("CT2269050.RadioLastUpdateIPServer", "3");
Gefunden : user_pref("CT2269050.RadioLastUpdateServer", "129132338014870000");
Gefunden : user_pref("CT2269050.RadioMediaID", "12473390");
Gefunden : user_pref("CT2269050.RadioMediaType", "Media Player");
Gefunden : user_pref("CT2269050.RadioMenuSelectedID", "EBRadioMenu_CT2269050_RECENT12473390");
Gefunden : user_pref("CT2269050.RadioShrinked", "expanded");
Gefunden : user_pref("CT2269050.RadioStationName", "1.FM%20-%20Blues");
Gefunden : user_pref("CT2269050.RadioStationURL", "hxxp://blues.1.fm/energyblues128k");
Gefunden : user_pref("CT2269050.SHRINK_TOOLBAR", 1);
Gefunden : user_pref("CT2269050.SearchEngine", "Search||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TER[...]
Gefunden : user_pref("CT2269050.SearchFromAddressBarIsInit", true);
Gefunden : user_pref("CT2269050.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT226[...]
Gefunden : user_pref("CT2269050.SearchInNewTabEnabled", true);
Gefunden : user_pref("CT2269050.SearchInNewTabIntervalMM", 1440);
Gefunden : user_pref("CT2269050.SearchInNewTabLastCheckTime", "Fri Jul 30 2010 13:00:44 GMT+0200");
Gefunden : user_pref("CT2269050.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Gefunden : user_pref("CT2269050.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageServic[...]
Gefunden : user_pref("CT2269050.SettingsCheckIntervalMin", 120);
Gefunden : user_pref("CT2269050.SettingsLastCheckTime", "Sat Jul 31 2010 10:06:29 GMT+0200");
Gefunden : user_pref("CT2269050.SettingsLastUpdate", "1280150171");
Gefunden : user_pref("CT2269050.ThirdPartyComponentsInterval", 504);
Gefunden : user_pref("CT2269050.ThirdPartyComponentsLastCheck", "Wed Jul 28 2010 07:18:28 GMT+0200");
Gefunden : user_pref("CT2269050.ThirdPartyComponentsLastUpdate", "1268576297");
Gefunden : user_pref("CT2269050.TrusteLinkUrl", "hxxp://www.truste.org/pvr.php?page=validate&softwareProgramId=[...]
Gefunden : user_pref("CT2269050.UserID", "UN04851431070117773");
Gefunden : user_pref("CT2269050.ValidationData_Search", 0);
Gefunden : user_pref("CT2269050.ValidationData_Toolbar", 2);
Gefunden : user_pref("CT2269050.WeatherNetwork", "");
Gefunden : user_pref("CT2269050.WeatherPollDate", "Sat Jul 31 2010 10:14:45 GMT+0200");
Gefunden : user_pref("CT2269050.WeatherUnit", "C");
Gefunden : user_pref("CT2269050.alertChannelId", "666138");
Gefunden : user_pref("CT2269050.backendstorage.hxxp://cmg1_conduit-widgets_com/pitsi.state", "434C4F5345");
Gefunden : user_pref("CT2269050.clientLogIsEnabled", false);
Gefunden : user_pref("CT2269050.clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asm[...]
Gefunden : user_pref("CT2269050.myStuffEnabled", true);
Gefunden : user_pref("CT2269050.myStuffPublihserMinWidth", 400);
Gefunden : user_pref("CT2269050.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Gefunden : user_pref("CT2269050.myStuffServiceIntervalMM", 1440);
Gefunden : user_pref("CT2269050.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Gefunden : user_pref("CT2269050.uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Reg[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/909619/905414/DE", "\"0\"")[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.engine.conduit-services.com/DLG.pkg?ver=3.3.3[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=0", "63[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=1/11/20[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=2/17/20[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=2/22/20[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=3/13/20[...]
Gefunden : user_pref("CommunityToolbar.EngineOwner", "ConduitEngine");
Gefunden : user_pref("CommunityToolbar.EngineOwnerGuid", "engine@conduit.com");
Gefunden : user_pref("CommunityToolbar.EngineOwnerToolbarId", "conduitengine");
Gefunden : user_pref("CommunityToolbar.IsEngineShown", true);
Gefunden : user_pref("CommunityToolbar.IsMyStuffImportedToEngine", true);
Gefunden : user_pref("CommunityToolbar.MiniIPageGadgetSize.hxxp://widgets.tictacti.com/Shared/Apps/GameArcade/G[...]
Gefunden : user_pref("CommunityToolbar.OriginalEngineOwner", "ConduitEngine");
Gefunden : user_pref("CommunityToolbar.OriginalEngineOwnerGuid", "engine@conduit.com");
Gefunden : user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", "conduitengine");
Gefunden : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "chrome://browser-region/locale/region.pr[...]
Gefunden : user_pref("CommunityToolbar.ToolbarsList", "CT2269050,ConduitEngine");
Gefunden : user_pref("CommunityToolbar.ToolbarsList2", "CT2269050");
Gefunden : user_pref("CommunityToolbar.alert.alertDialogsGetterLastCheckTime", "Mon Jun 06 2011 15:16:12 GMT+02[...]
Gefunden : user_pref("CommunityToolbar.alert.alertInfoInterval", 1440);
Gefunden : user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Mon Jun 27 2011 15:25:20 GMT+0200");
Gefunden : user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com");
Gefunden : user_pref("CommunityToolbar.alert.locale", "en");
Gefunden : user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);
Gefunden : user_pref("CommunityToolbar.alert.loginLastCheckTime", "Mon Jun 27 2011 15:25:12 GMT+0200");
Gefunden : user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1305622559");
Gefunden : user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);
Gefunden : user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");
Gefunden : user_pref("CommunityToolbar.alert.showTrayIcon", false);
Gefunden : user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);
Gefunden : user_pref("CommunityToolbar.alert.userId", "43ce3020-d6e3-45c3-95d5-9dd2602d63a2");
Gefunden : user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Fri Jul 30 2010 13:00:45 GMT+0200");
Gefunden : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Gefunden : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Gefunden : user_pref("ConduitEngine.AppTrackingLastCheckTime", "Tue Jun 14 2011 17:01:33 GMT+0200");
Gefunden : user_pref("ConduitEngine.CTID", "ConduitEngine");
Gefunden : user_pref("ConduitEngine.DialogsGetterLastCheckTime", "Sat Jun 25 2011 18:54:26 GMT+0200");
Gefunden : user_pref("ConduitEngine.FirstServerDate", "01/15/2011 00");
Gefunden : user_pref("ConduitEngine.FirstTime", true);
Gefunden : user_pref("ConduitEngine.FirstTimeFF3", true);
Gefunden : user_pref("ConduitEngine.HasUserGlobalKeys", true);
Gefunden : user_pref("ConduitEngine.Initialize", true);
Gefunden : user_pref("ConduitEngine.InitializeCommonPrefs", true);
Gefunden : user_pref("ConduitEngine.InstalledDate", "Fri Jan 14 2011 22:18:05 GMT+0100");
Gefunden : user_pref("ConduitEngine.IsMulticommunity", false);
Gefunden : user_pref("ConduitEngine.IsOpenThankYouPage", false);
Gefunden : user_pref("ConduitEngine.IsOpenUninstallPage", true);
Gefunden : user_pref("ConduitEngine.LanguagePackLastCheckTime", "Mon Jun 27 2011 15:25:14 GMT+0200");
Gefunden : user_pref("ConduitEngine.LastLogin_3.2.5.2", "Fri Mar 25 2011 17:33:45 GMT+0100");
Gefunden : user_pref("ConduitEngine.LastLogin_3.3.3.2", "Mon Jun 27 2011 15:25:15 GMT+0200");
Gefunden : user_pref("ConduitEngine.SearchFromAddressBarIsInit", true);
Gefunden : user_pref("ConduitEngine.SettingsLastCheckTime", "Mon Jun 27 2011 15:25:14 GMT+0200");
Gefunden : user_pref("ConduitEngine.UserID", "UN74203688261170548");
Gefunden : user_pref("ConduitEngine.componentAlertEnabled", false);
Gefunden : user_pref("ConduitEngine.engineLocale", "de");
Gefunden : user_pref("ConduitEngine.enngineContextMenuLastCheckTime", "Mon Jun 27 2011 15:25:14 GMT+0200");
Gefunden : user_pref("ConduitEngine.globalFirstTimeInfoLastCheckTime", "Mon Jun 27 2011 15:25:15 GMT+0200");
Gefunden : user_pref("ConduitEngine.initDone", true);
Gefunden : user_pref("ConduitEngine.isAppTrackingManagerOn", true);
Gefunden : user_pref("ConduitEngine.usagesFlag", 2);
Gefunden : user_pref("browser.newtab.url", "hxxp://search.babylon.com/?affID=112555&tt=130812_ffmnt_3312_8&babs[...]
Gefunden : user_pref("extensions.BabylonToolbar.admin", false);
Gefunden : user_pref("extensions.BabylonToolbar.aflt", "babsst");
Gefunden : user_pref("extensions.BabylonToolbar.autoRvrt", "false");
Gefunden : user_pref("extensions.BabylonToolbar.babExt", "");
Gefunden : user_pref("extensions.BabylonToolbar.babTrack", "affID=112555&tt=130812_ffmnt_3312_8");
Gefunden : user_pref("extensions.BabylonToolbar.babext", "babExt");
Gefunden : user_pref("extensions.BabylonToolbar.babtrack", "babTrack");
Gefunden : user_pref("extensions.BabylonToolbar.bbdpng", 18);
Gefunden : user_pref("extensions.BabylonToolbar.cntry", "DE");
Gefunden : user_pref("extensions.BabylonToolbar.dfltLng", "en");
Gefunden : user_pref("extensions.BabylonToolbar.dfltlng", "en");
Gefunden : user_pref("extensions.BabylonToolbar.dfltsrch", "false");
Gefunden : user_pref("extensions.BabylonToolbar.envrmnt", "production");
Gefunden : user_pref("extensions.BabylonToolbar.excTlbr", false);
Gefunden : user_pref("extensions.BabylonToolbar.firstrun", false);
Gefunden : user_pref("extensions.BabylonToolbar.hdrMd5", "A3757A972873B48D9AB3EF4CCBD11B62");
Gefunden : user_pref("extensions.BabylonToolbar.hmpg", false);
Gefunden : user_pref("extensions.BabylonToolbar.hrdid", "cedae390000000000000000777640932");
Gefunden : user_pref("extensions.BabylonToolbar.id", "cedae390000000000000000777640932");
Gefunden : user_pref("extensions.BabylonToolbar.instlDay", "15567");
Gefunden : user_pref("extensions.BabylonToolbar.instlRef", "sst");
Gefunden : user_pref("extensions.BabylonToolbar.instlday", "15567");
Gefunden : user_pref("extensions.BabylonToolbar.instlref", "sst");
Gefunden : user_pref("extensions.BabylonToolbar.isdcmntcmplt", false);
Gefunden : user_pref("extensions.BabylonToolbar.keywordurl", "");
Gefunden : user_pref("extensions.BabylonToolbar.lastVrsnTs", "1.6.4.623:39:27");
Gefunden : user_pref("extensions.BabylonToolbar.lastdp", 18);
Gefunden : user_pref("extensions.BabylonToolbar.mntrvrsn", "1.3.0");
Gefunden : user_pref("extensions.BabylonToolbar.newTab", false);
Gefunden : user_pref("extensions.BabylonToolbar.newtab", "false");
Gefunden : user_pref("extensions.BabylonToolbar.newtaburl", "");
Gefunden : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");
Gefunden : user_pref("extensions.BabylonToolbar.prtnrId", "babylon");
Gefunden : user_pref("extensions.BabylonToolbar.prtnrid", "babylon");
Gefunden : user_pref("extensions.BabylonToolbar.savedVrsnTs", "1");
Gefunden : user_pref("extensions.BabylonToolbar.sg", "none");
Gefunden : user_pref("extensions.BabylonToolbar.smplGrp", "none");
Gefunden : user_pref("extensions.BabylonToolbar.smplgrp", "none");
Gefunden : user_pref("extensions.BabylonToolbar.srcExt", "ss");
Gefunden : user_pref("extensions.BabylonToolbar.srcext", "ss");
Gefunden : user_pref("extensions.BabylonToolbar.srch", "");
Gefunden : user_pref("extensions.BabylonToolbar.srchprvdr", "");
Gefunden : user_pref("extensions.BabylonToolbar.tlbrId", "base");
Gefunden : user_pref("extensions.BabylonToolbar.tlbrSrchUrl", "hxxp://www.google.com/search?babsrc=TB_ggl&q=");
Gefunden : user_pref("extensions.BabylonToolbar.tlbrid", "base");
Gefunden : user_pref("extensions.BabylonToolbar.tlbrsrchurl", "hxxp://www.google.com/search?babsrc=TB_ggl&q=");
Gefunden : user_pref("extensions.BabylonToolbar.vrsn", "1.6.4.6");
Gefunden : user_pref("extensions.BabylonToolbar.vrsnTs", "1.6.4.623:39:27");
Gefunden : user_pref("extensions.BabylonToolbar.vrsni", "1.6.4.6");
Gefunden : user_pref("extensions.BabylonToolbar.vrsnts", "1.6.4.623:39:27");
Gefunden : user_pref("extensions.BabylonToolbar_i.babExt", "");
Gefunden : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=112555&tt=130812_ffmnt_3312_8");
Gefunden : user_pref("extensions.BabylonToolbar_i.newTab", false);
Gefunden : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
Gefunden : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
Gefunden : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.6.4.623:39:27");

*************************

AdwCleaner[R1].txt - [25683 octets] - [05/09/2012 09:30:56]

BEIM SCHLIEßEN DES ADWCleaners FRAGT DIESER OB ER LÖSCHEN SOLL?
Soll ich oder soll ich nicht?

t'john 05.09.2012 14:04
Sehr gut! :daumenhoc


  • Schließe alle offenen Programme und Browser.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Delete.
  • Bestätige jeweils mit Ok.
  • Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[S1].txt.




danach:


Malware-Scan mit Emsisoft Anti-Malware

Lade die Gratisversion von => Emsisoft Anti-Malware herunter und installiere das Programm.
Lade über Jetzt Updaten die aktuellen Signaturen herunter.
Wähle den Freeware-Modus aus.

Wähle Detail Scan und starte über den Button Scan die Überprüfung des Computers.
Am Ende des Scans nichts loeschen lassen!. Mit Klick auf Bericht speichern das Logfile auf dem Desktop speichern und hier in den Thread posten.

Anleitung: http://www.trojaner-board.de/103809-...i-malware.html

DIGE 05.09.2012 15:51
Hier ist Schritt 4!

# AdwCleaner v2.000 - Datei am 09/05/2012 um 16:46:13 erstellt
# Aktualisiert am 30/08/2012 von Xplode
# Betriebssystem : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# Benutzer : Egid - EGID-PC0509
# Normaler Modus : Normal
# Ausgeführt unter : C:\Users\Egid\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gelöscht : C:\Program Files\Mozilla Firefox\extensions\pdfforge@mybrowserbar.com
Datei Gelöscht : C:\Program Files\Mozilla Firefox\extensions\searchsettings@spigot.com
Datei Gelöscht : C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml
Datei Gelöscht : C:\Program Files\Mozilla Firefox\searchplugins\fcmdSrch.xml
Ordner Gelöscht : C:\Program Files\Application Updater
Ordner Gelöscht : C:\Program Files\Common Files\DVDVideoSoft
Ordner Gelöscht : C:\Program Files\Conduit
Ordner Gelöscht : C:\Program Files\ConduitEngine
Ordner Gelöscht : C:\Program Files\DVDVideoSoft
Ordner Gelöscht : C:\Program Files\facemoods.com
Ordner Gelöscht : C:\Program Files\Free Offers from Freeze.com
Ordner Gelöscht : C:\Program Files\pdfforge Toolbar
Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
Ordner Gelöscht : C:\Users\Egid\AppData\Local\Conduit
Ordner Gelöscht : C:\Users\Egid\AppData\LocalLow\boost_interprocess
Ordner Gelöscht : C:\Users\Egid\AppData\LocalLow\Conduit
Ordner Gelöscht : C:\Users\Egid\AppData\LocalLow\ConduitEngine
Ordner Gelöscht : C:\Users\Egid\AppData\LocalLow\DVDVideoSoft
Ordner Gelöscht : C:\Users\Egid\AppData\LocalLow\facemoods.com
Ordner Gelöscht : C:\Users\Egid\AppData\LocalLow\pdfforge
Ordner Gelöscht : C:\Users\Egid\AppData\LocalLow\PriceGong
Ordner Gelöscht : C:\Users\Egid\AppData\LocalLow\Search Settings
Ordner Gelöscht : C:\Users\Egid\AppData\Roaming\DVDVideoSoft
Ordner Gelöscht : C:\Users\Egid\AppData\Roaming\Mozilla\Firefox\Profiles\vmwcru4g.default\Conduit
Ordner Gelöscht : C:\Users\Egid\AppData\Roaming\Mozilla\Firefox\Profiles\vmwcru4g.default\ConduitEngine
Ordner Gelöscht : C:\Users\Egid\AppData\Roaming\pdfforge
Ordner Gelöscht : C:\Users\Egid\Documents\DVDVideoSoft

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\conduitEngine
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\DVDVideoSoft
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\pdfforge
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\PriceGong
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Toolbar
Schlüssel Gelöscht : HKCU\Software\DVDVideoSoft
Schlüssel Gelöscht : HKCU\Software\facemoods.com
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\Search Settings
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\DVDVideoSoft Toolbar
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\facemoods
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{30F9B915-B755-4826-820B-08FBA6BD249D}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{64182481-4F71-486B-A045-B233BD0DA8FC}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{B922D405-6D13-4A2B-AE89-08A030DA4402}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{DB4E9724-F518-4DFD-9C7C-78B52103CAB9}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{E9911EC6-1BCC-40B0-9993-E0EEA7F6953F}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30F9B915-B755-4826-820B-08FBA6BD249D}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{64182481-4F71-486B-A045-B233BD0DA8FC}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B922D405-6D13-4A2B-AE89-08A030DA4402}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DB4E9724-F518-4DFD-9C7C-78B52103CAB9}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E9911EC6-1BCC-40B0-9993-E0EEA7F6953F}
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKLM\Software\Babylon
Schlüssel Gelöscht : HKLM\Software\BabylonToolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{AD25754E-D76C-42B3-A335-2F81478B722F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{50A52C9C-B35C-4BC6-980A-C35984BF4F9E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{A5B99E41-E157-4209-8AAC-DB003A816079}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AD20D01C-C939-4DD2-8C55-56935A48987E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{DDE2C74F-58CC-4D71-8CE1-09DEBB8CFB78}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E95EAD3F-18C6-4304-9DC6-BD6FD8E11D37}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Conduit.Engine
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\escort.escrtBtn.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\esrv.escrtSrvc
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\esrv.escrtSrvc.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\facemoods.dskBnd
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\facemoods.dskBnd.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\facemoods.facemoodsHlpr
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\facemoods.facemoodsHlpr.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\facemoods.xtrnl
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\facemoods.xtrnl.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\facemoodsApp.appCore
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\facemoodsApp.appCore.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{542FA950-C57A-4E17-B3E1-D935DFE15DEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{5B035F86-41B5-40F1-AAAD-3D219F30244E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{6365AC7B-9920-4D8B-AF5D-3BDFEAC340A8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{6A934270-717F-4BC3-BA59-BC9BED47A8D2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{74C012C4-00FB-4F04-9AFB-4AD5449D2018}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{78888F8B-D5E4-43CE-89F5-C8C18223AF64}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{79B13431-CCAC-4097-8889-D0289E5E924F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8B8558F6-DC26-4F39-8417-34B8934AA459}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8C8D5C57-3CAD-4CF9-BCAD-F873678DA883}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{981334CB-7B8B-431F-B86D-67B7426B125B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9E393F82-2644-4AB6-B994-1AD39D6C59EE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A3A2A5C0-1306-4D1A-A093-9CECA4230002}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C1C2FC43-F042-4F17-AEDB-C5ABF3B42E4B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C8D424EF-CB21-49A0-8659-476FBAB0F8E8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{F7EC6286-297C-4981-9DCC-FD7F57BC24C9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2269050
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{09C554C3-109B-483C-A06B-F14172F1A947}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{12A5F606-B1EC-474C-83ED-95E99FD8058E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{AD25754E-D76C-42B3-A335-2F81478B722F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Schlüssel Gelöscht : HKLM\Software\Conduit
Schlüssel Gelöscht : HKLM\Software\conduitEngine
Schlüssel Gelöscht : HKLM\Software\DVDVideoSoft
Schlüssel Gelöscht : HKLM\Software\facemoods.com
Schlüssel Gelöscht : HKLM\Software\Freeze.com
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\ihflimipbcaljfnojhhknppphnnciiif
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0DF42123-1872-406B-8F41-68E5CFCECD34}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B922D405-6D13-4A2B-AE89-08A030DA4402}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DDC6FE59-9BFA-47BF-BE20-49C244E6A13F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FED865DF-B8BB-4741-BF86-2621E9E20644}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FFDF9EF3-3C3A-4F05-9A6E-5D3B778EC567}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{50A52C9C-B35C-4BC6-980A-C35984BF4F9E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Conduit Engine
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DVDVideoSoft Toolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\facemoods
Schlüssel Gelöscht : HKLM\Software\pdfforge
Schlüssel Gelöscht : HKLM\Software\Search Settings

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16421

Wiederhergestellt : [HKCU\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]

-\\ Mozilla Firefox v14.0.1 (de)

Profilname : default
Datei : C:\Users\Egid\AppData\Roaming\Mozilla\Firefox\Profiles\vmwcru4g.default\prefs.js

C:\Users\Egid\AppData\Roaming\Mozilla\Firefox\Profiles\vmwcru4g.default\user.js ... Gelöscht !

Gelöscht : user_pref("CT2269050.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Gelöscht : user_pref("CT2269050.CTID", "CT2269050");
Gelöscht : user_pref("CT2269050.CurrentServerDate", "31-7-2010");
Gelöscht : user_pref("CT2269050.DialogsAlignMode", "LTR");
Gelöscht : user_pref("CT2269050.DownloadReferralCookieData", "");
Gelöscht : user_pref("CT2269050.EMailNotifierPollDate", "Sat Jul 31 2010 10:11:29 GMT+0200");
Gelöscht : user_pref("CT2269050.ExternalComponentPollDate8877840225553681985", "Wed Jul 28 2010 07:18:29 GMT+02[...]
Gelöscht : user_pref("CT2269050.FirstServerDate", "21-2-2010");
Gelöscht : user_pref("CT2269050.FirstTime", true);
Gelöscht : user_pref("CT2269050.FirstTimeFF3", true);
Gelöscht : user_pref("CT2269050.FirstTimeSettingsDone", true);
Gelöscht : user_pref("CT2269050.FixPageNotFoundErrors", true);
Gelöscht : user_pref("CT2269050.GroupingServerCheckInterval", 1440);
Gelöscht : user_pref("CT2269050.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Gelöscht : user_pref("CT2269050.Initialize", true);
Gelöscht : user_pref("CT2269050.InitializeCommonPrefs", true);
Gelöscht : user_pref("CT2269050.InstallationAndCookieDataSentCount", 3);
Gelöscht : user_pref("CT2269050.InstalledDate", "Sun Feb 21 2010 18:16:43 GMT+0100");
Gelöscht : user_pref("CT2269050.InvalidateCache", false);
Gelöscht : user_pref("CT2269050.IsGrouping", false);
Gelöscht : user_pref("CT2269050.IsMulticommunity", false);
Gelöscht : user_pref("CT2269050.IsOpenThankYouPage", false);
Gelöscht : user_pref("CT2269050.IsOpenUninstallPage", false);
Gelöscht : user_pref("CT2269050.LanguagePackLastCheckTime", "Fri Jul 30 2010 13:00:53 GMT+0200");
Gelöscht : user_pref("CT2269050.LanguagePackReloadIntervalMM", 1440);
Gelöscht : user_pref("CT2269050.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Gelöscht : user_pref("CT2269050.LastLogin_2.5.6.0", "Tue Mar 16 2010 07:37:48 GMT+0100");
Gelöscht : user_pref("CT2269050.LastLogin_2.7.0.14", "Sat Jul 31 2010 10:06:31 GMT+0200");
Gelöscht : user_pref("CT2269050.LatestVersion", "2.1.0.18");
Gelöscht : user_pref("CT2269050.Locale", "en");
Gelöscht : user_pref("CT2269050.LoginCache", 4);
Gelöscht : user_pref("CT2269050.MCDetectTooltipHeight", "83");
Gelöscht : user_pref("CT2269050.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Gelöscht : user_pref("CT2269050.MCDetectTooltipWidth", "295");
Gelöscht : user_pref("CT2269050.RadioIsPodcast", false);
Gelöscht : user_pref("CT2269050.RadioLastCheckTime", "Fri Jul 30 2010 13:00:45 GMT+0200");
Gelöscht : user_pref("CT2269050.RadioLastUpdateIPServer", "3");
Gelöscht : user_pref("CT2269050.RadioLastUpdateServer", "129132338014870000");
Gelöscht : user_pref("CT2269050.RadioMediaID", "12473390");
Gelöscht : user_pref("CT2269050.RadioMediaType", "Media Player");
Gelöscht : user_pref("CT2269050.RadioMenuSelectedID", "EBRadioMenu_CT2269050_RECENT12473390");
Gelöscht : user_pref("CT2269050.RadioShrinked", "expanded");
Gelöscht : user_pref("CT2269050.RadioStationName", "1.FM%20-%20Blues");
Gelöscht : user_pref("CT2269050.RadioStationURL", "hxxp://blues.1.fm/energyblues128k");
Gelöscht : user_pref("CT2269050.SHRINK_TOOLBAR", 1);
Gelöscht : user_pref("CT2269050.SearchEngine", "Search||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TER[...]
Gelöscht : user_pref("CT2269050.SearchFromAddressBarIsInit", true);
Gelöscht : user_pref("CT2269050.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT226[...]
Gelöscht : user_pref("CT2269050.SearchInNewTabEnabled", true);
Gelöscht : user_pref("CT2269050.SearchInNewTabIntervalMM", 1440);
Gelöscht : user_pref("CT2269050.SearchInNewTabLastCheckTime", "Fri Jul 30 2010 13:00:44 GMT+0200");
Gelöscht : user_pref("CT2269050.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Gelöscht : user_pref("CT2269050.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageServic[...]
Gelöscht : user_pref("CT2269050.SettingsCheckIntervalMin", 120);
Gelöscht : user_pref("CT2269050.SettingsLastCheckTime", "Sat Jul 31 2010 10:06:29 GMT+0200");
Gelöscht : user_pref("CT2269050.SettingsLastUpdate", "1280150171");
Gelöscht : user_pref("CT2269050.ThirdPartyComponentsInterval", 504);
Gelöscht : user_pref("CT2269050.ThirdPartyComponentsLastCheck", "Wed Jul 28 2010 07:18:28 GMT+0200");
Gelöscht : user_pref("CT2269050.ThirdPartyComponentsLastUpdate", "1268576297");
Gelöscht : user_pref("CT2269050.TrusteLinkUrl", "hxxp://www.truste.org/pvr.php?page=validate&softwareProgramId=[...]
Gelöscht : user_pref("CT2269050.UserID", "UN04851431070117773");
Gelöscht : user_pref("CT2269050.ValidationData_Search", 0);
Gelöscht : user_pref("CT2269050.ValidationData_Toolbar", 2);
Gelöscht : user_pref("CT2269050.WeatherNetwork", "");
Gelöscht : user_pref("CT2269050.WeatherPollDate", "Sat Jul 31 2010 10:14:45 GMT+0200");
Gelöscht : user_pref("CT2269050.WeatherUnit", "C");
Gelöscht : user_pref("CT2269050.alertChannelId", "666138");
Gelöscht : user_pref("CT2269050.backendstorage.hxxp://cmg1_conduit-widgets_com/pitsi.state", "434C4F5345");
Gelöscht : user_pref("CT2269050.clientLogIsEnabled", false);
Gelöscht : user_pref("CT2269050.clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asm[...]
Gelöscht : user_pref("CT2269050.myStuffEnabled", true);
Gelöscht : user_pref("CT2269050.myStuffPublihserMinWidth", 400);
Gelöscht : user_pref("CT2269050.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Gelöscht : user_pref("CT2269050.myStuffServiceIntervalMM", 1440);
Gelöscht : user_pref("CT2269050.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Gelöscht : user_pref("CT2269050.uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Reg[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/909619/905414/DE", "\"0\"")[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.engine.conduit-services.com/DLG.pkg?ver=3.3.3[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=0", "63[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=1/11/20[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=2/17/20[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=2/22/20[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=3/13/20[...]
Gelöscht : user_pref("CommunityToolbar.EngineOwner", "ConduitEngine");
Gelöscht : user_pref("CommunityToolbar.EngineOwnerGuid", "engine@conduit.com");
Gelöscht : user_pref("CommunityToolbar.EngineOwnerToolbarId", "conduitengine");
Gelöscht : user_pref("CommunityToolbar.IsEngineShown", true);
Gelöscht : user_pref("CommunityToolbar.IsMyStuffImportedToEngine", true);
Gelöscht : user_pref("CommunityToolbar.MiniIPageGadgetSize.hxxp://widgets.tictacti.com/Shared/Apps/GameArcade/G[...]
Gelöscht : user_pref("CommunityToolbar.OriginalEngineOwner", "ConduitEngine");
Gelöscht : user_pref("CommunityToolbar.OriginalEngineOwnerGuid", "engine@conduit.com");
Gelöscht : user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", "conduitengine");
Gelöscht : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "chrome://browser-region/locale/region.pr[...]
Gelöscht : user_pref("CommunityToolbar.ToolbarsList", "CT2269050,ConduitEngine");
Gelöscht : user_pref("CommunityToolbar.ToolbarsList2", "CT2269050");
Gelöscht : user_pref("CommunityToolbar.alert.alertDialogsGetterLastCheckTime", "Mon Jun 06 2011 15:16:12 GMT+02[...]
Gelöscht : user_pref("CommunityToolbar.alert.alertInfoInterval", 1440);
Gelöscht : user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Mon Jun 27 2011 15:25:20 GMT+0200");
Gelöscht : user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com");
Gelöscht : user_pref("CommunityToolbar.alert.locale", "en");
Gelöscht : user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);
Gelöscht : user_pref("CommunityToolbar.alert.loginLastCheckTime", "Mon Jun 27 2011 15:25:12 GMT+0200");
Gelöscht : user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1305622559");
Gelöscht : user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);
Gelöscht : user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");
Gelöscht : user_pref("CommunityToolbar.alert.showTrayIcon", false);
Gelöscht : user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);
Gelöscht : user_pref("CommunityToolbar.alert.userId", "43ce3020-d6e3-45c3-95d5-9dd2602d63a2");
Gelöscht : user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Fri Jul 30 2010 13:00:45 GMT+0200");
Gelöscht : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Gelöscht : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Gelöscht : user_pref("ConduitEngine.AppTrackingLastCheckTime", "Tue Jun 14 2011 17:01:33 GMT+0200");
Gelöscht : user_pref("ConduitEngine.CTID", "ConduitEngine");
Gelöscht : user_pref("ConduitEngine.DialogsGetterLastCheckTime", "Sat Jun 25 2011 18:54:26 GMT+0200");
Gelöscht : user_pref("ConduitEngine.FirstServerDate", "01/15/2011 00");
Gelöscht : user_pref("ConduitEngine.FirstTime", true);
Gelöscht : user_pref("ConduitEngine.FirstTimeFF3", true);
Gelöscht : user_pref("ConduitEngine.HasUserGlobalKeys", true);
Gelöscht : user_pref("ConduitEngine.Initialize", true);
Gelöscht : user_pref("ConduitEngine.InitializeCommonPrefs", true);
Gelöscht : user_pref("ConduitEngine.InstalledDate", "Fri Jan 14 2011 22:18:05 GMT+0100");
Gelöscht : user_pref("ConduitEngine.IsMulticommunity", false);
Gelöscht : user_pref("ConduitEngine.IsOpenThankYouPage", false);
Gelöscht : user_pref("ConduitEngine.IsOpenUninstallPage", true);
Gelöscht : user_pref("ConduitEngine.LanguagePackLastCheckTime", "Mon Jun 27 2011 15:25:14 GMT+0200");
Gelöscht : user_pref("ConduitEngine.LastLogin_3.2.5.2", "Fri Mar 25 2011 17:33:45 GMT+0100");
Gelöscht : user_pref("ConduitEngine.LastLogin_3.3.3.2", "Mon Jun 27 2011 15:25:15 GMT+0200");
Gelöscht : user_pref("ConduitEngine.SearchFromAddressBarIsInit", true);
Gelöscht : user_pref("ConduitEngine.SettingsLastCheckTime", "Mon Jun 27 2011 15:25:14 GMT+0200");
Gelöscht : user_pref("ConduitEngine.UserID", "UN74203688261170548");
Gelöscht : user_pref("ConduitEngine.componentAlertEnabled", false);
Gelöscht : user_pref("ConduitEngine.engineLocale", "de");
Gelöscht : user_pref("ConduitEngine.enngineContextMenuLastCheckTime", "Mon Jun 27 2011 15:25:14 GMT+0200");
Gelöscht : user_pref("ConduitEngine.globalFirstTimeInfoLastCheckTime", "Mon Jun 27 2011 15:25:15 GMT+0200");
Gelöscht : user_pref("ConduitEngine.initDone", true);
Gelöscht : user_pref("ConduitEngine.isAppTrackingManagerOn", true);
Gelöscht : user_pref("ConduitEngine.usagesFlag", 2);
Gelöscht : user_pref("browser.newtab.url", "hxxp://search.babylon.com/?affID=112555&tt=130812_ffmnt_3312_8&babs[...]
Gelöscht : user_pref("extensions.BabylonToolbar.admin", false);
Gelöscht : user_pref("extensions.BabylonToolbar.aflt", "babsst");
Gelöscht : user_pref("extensions.BabylonToolbar.autoRvrt", "false");
Gelöscht : user_pref("extensions.BabylonToolbar.babExt", "");
Gelöscht : user_pref("extensions.BabylonToolbar.babTrack", "affID=112555&tt=130812_ffmnt_3312_8");
Gelöscht : user_pref("extensions.BabylonToolbar.babext", "babExt");
Gelöscht : user_pref("extensions.BabylonToolbar.babtrack", "babTrack");
Gelöscht : user_pref("extensions.BabylonToolbar.bbdpng", 18);
Gelöscht : user_pref("extensions.BabylonToolbar.cntry", "DE");
Gelöscht : user_pref("extensions.BabylonToolbar.dfltLng", "en");
Gelöscht : user_pref("extensions.BabylonToolbar.dfltlng", "en");
Gelöscht : user_pref("extensions.BabylonToolbar.dfltsrch", "false");
Gelöscht : user_pref("extensions.BabylonToolbar.envrmnt", "production");
Gelöscht : user_pref("extensions.BabylonToolbar.excTlbr", false);
Gelöscht : user_pref("extensions.BabylonToolbar.firstrun", false);
Gelöscht : user_pref("extensions.BabylonToolbar.hdrMd5", "A3757A972873B48D9AB3EF4CCBD11B62");
Gelöscht : user_pref("extensions.BabylonToolbar.hmpg", false);
Gelöscht : user_pref("extensions.BabylonToolbar.hrdid", "cedae390000000000000000777640932");
Gelöscht : user_pref("extensions.BabylonToolbar.id", "cedae390000000000000000777640932");
Gelöscht : user_pref("extensions.BabylonToolbar.instlDay", "15567");
Gelöscht : user_pref("extensions.BabylonToolbar.instlRef", "sst");
Gelöscht : user_pref("extensions.BabylonToolbar.instlday", "15567");
Gelöscht : user_pref("extensions.BabylonToolbar.instlref", "sst");
Gelöscht : user_pref("extensions.BabylonToolbar.isdcmntcmplt", false);
Gelöscht : user_pref("extensions.BabylonToolbar.keywordurl", "");
Gelöscht : user_pref("extensions.BabylonToolbar.lastVrsnTs", "1.6.4.623:39:27");
Gelöscht : user_pref("extensions.BabylonToolbar.lastdp", 18);
Gelöscht : user_pref("extensions.BabylonToolbar.mntrvrsn", "1.3.0");
Gelöscht : user_pref("extensions.BabylonToolbar.newTab", false);
Gelöscht : user_pref("extensions.BabylonToolbar.newtab", "false");
Gelöscht : user_pref("extensions.BabylonToolbar.newtaburl", "");
Gelöscht : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");
Gelöscht : user_pref("extensions.BabylonToolbar.prtnrId", "babylon");
Gelöscht : user_pref("extensions.BabylonToolbar.prtnrid", "babylon");
Gelöscht : user_pref("extensions.BabylonToolbar.savedVrsnTs", "1");
Gelöscht : user_pref("extensions.BabylonToolbar.sg", "none");
Gelöscht : user_pref("extensions.BabylonToolbar.smplGrp", "none");
Gelöscht : user_pref("extensions.BabylonToolbar.smplgrp", "none");
Gelöscht : user_pref("extensions.BabylonToolbar.srcExt", "ss");
Gelöscht : user_pref("extensions.BabylonToolbar.srcext", "ss");
Gelöscht : user_pref("extensions.BabylonToolbar.srch", "");
Gelöscht : user_pref("extensions.BabylonToolbar.srchprvdr", "");
Gelöscht : user_pref("extensions.BabylonToolbar.tlbrId", "base");
Gelöscht : user_pref("extensions.BabylonToolbar.tlbrSrchUrl", "hxxp://www.google.com/search?babsrc=TB_ggl&q=");
Gelöscht : user_pref("extensions.BabylonToolbar.tlbrid", "base");
Gelöscht : user_pref("extensions.BabylonToolbar.tlbrsrchurl", "hxxp://www.google.com/search?babsrc=TB_ggl&q=");
Gelöscht : user_pref("extensions.BabylonToolbar.vrsn", "1.6.4.6");
Gelöscht : user_pref("extensions.BabylonToolbar.vrsnTs", "1.6.4.623:39:27");
Gelöscht : user_pref("extensions.BabylonToolbar.vrsni", "1.6.4.6");
Gelöscht : user_pref("extensions.BabylonToolbar.vrsnts", "1.6.4.623:39:27");
Gelöscht : user_pref("extensions.BabylonToolbar_i.babExt", "");
Gelöscht : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=112555&tt=130812_ffmnt_3312_8");
Gelöscht : user_pref("extensions.BabylonToolbar_i.newTab", false);
Gelöscht : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
Gelöscht : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
Gelöscht : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.6.4.623:39:27");

*************************

AdwCleaner[R1].txt - [25814 octets] - [05/09/2012 09:30:56]
AdwCleaner[R2].txt - [25875 octets] - [05/09/2012 09:35:14]
AdwCleaner[S1].txt - [25989 octets] - [05/09/2012 16:46:13]

########## EOF - C:\AdwCleaner[S1].txt - [26050 octets] ##########


Hoffe ALLES RICHTIG GEMACHT zu haben... ;-)
lg
DIGE

Ist die Sache jetzt erledigt?

t'john 06.09.2012 02:20
Schaue bitte in der Anleitung (http://www.trojaner-board.de/103809-...i-malware.html) nach, wo du die Logfiles finden kannst.
Poste das Logfile bitte.

DIGE 06.09.2012 08:27
Beim Installationsversuch der EMI-Antimal-Software behauptet diese, das Programm sei auf meinem PC schon einmal getestet worden...
Wüsste aber nicht, dass dies so ist...

Muss ich das Programm jetzt kaufen oder gibt es eine Alternative?

Wenn ja, muss ich das ganze Paket für 50 Euro oder nur das Teilpaket für 12 Euro kaufen?

lg
DIGE

Beim Installationsversuch der EMI-Antimal-Software behauptet diese, das Programm sei auf meinem PC schon einmal getestet worden...
Wüsste aber nicht, dass dies so ist...

Muss ich das Programm jetzt kaufen oder gibt es eine Alternative?

Wenn ja, muss ich das ganze Paket für 50 Euro oder nur das Teilpaket für 12 Euro kaufen?

lg
DIGE

t'john 06.09.2012 18:24
Nix kaufen!

Siehe Anleitung fuer kostenlosen Scan!

DIGE 07.09.2012 07:24
Hier der Bericht

Emsisoft Anti-Malware - Version 6.6
Letztes Update: 06.09.2012 23:40:30

Scan Einstellungen:

Scan Methode: Detail Scan
Objekte: Rootkits, Speicher, Traces, C:\, D:\, E:\, K:\, N:\
Archiv Scan: An
ADS Scan: An

Scan Beginn: 06.09.2012 23:52:02

C:\_OTL\MovedFiles\09042012_222643\C_Program Files\pdfforge Toolbar\SearchSettings.dll gefunden: Adware.Win32.Toolbar.Dealio!E1
C:\_OTL\MovedFiles\09042012_222643\C_Program Files\Application Updater\ApplicationUpdater.exe gefunden: Adware.Win32.Toolbar.Dealio.AMN!E1
C:\_OTL\MovedFiles\09042012_222643\C_Users\Egid\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12\583588cc-1ac3a521 gefunden: Exploit.Java.CVE!E1
C:\Windows\Installer\$PatchCache$\Managed\3D7B197543B881247905A6E8540DDA23\1.1.2\applicationupdater.exe.2AEA64FA_898D_4F2B_A6D4_6ACAB09B67CA gefunden: Adware.Win32.Toolbar.Dealio.AMN!E1
C:\Users\Egid\Downloads\PDFCreator-1_2_3_setup.exe gefunden: Riskware.Win32.Toolbar.Widgi.AMN!E1
C:\Users\Egid\Desktop\Tools\ipscan.exe gefunden: Riskware.NetTool.Win32.Delf.f!E1

Gescannt 660601
Gefunden 6

Scan Ende: 07.09.2012 08:24:56
Scan Zeit: 8:32:54

C:\Users\Egid\Desktop\Tools\ipscan.exe Quarantäne Riskware.NetTool.Win32.Delf.f!E1
C:\Users\Egid\Downloads\PDFCreator-1_2_3_setup.exe Quarantäne Riskware.Win32.Toolbar.Widgi.AMN!E1
C:\_OTL\MovedFiles\09042012_222643\C_Users\Egid\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12\583588cc-1ac3a521 Quarantäne Exploit.Java.CVE!E1
C:\_OTL\MovedFiles\09042012_222643\C_Program Files\Application Updater\ApplicationUpdater.exe Quarantäne Adware.Win32.Toolbar.Dealio.AMN!E1
C:\Windows\Installer\$PatchCache$\Managed\3D7B197543B881247905A6E8540DDA23\1.1.2\applicationupdater.exe.2AEA64FA_898D_4F2B_A6D4_6ACAB09B67CA Quarantäne Adware.Win32.Toolbar.Dealio.AMN!E1
C:\_OTL\MovedFiles\09042012_222643\C_Program Files\pdfforge Toolbar\SearchSettings.dll Quarantäne Adware.Win32.Toolbar.Dealio!E1

Quarantäne 6

t'john 07.09.2012 15:24
Sehr gut! :daumenhoc



Deinstalliere:
Emsisoft Anti-Malware


ESET Online Scanner

Vorbereitung

  • Schließe evtl. vorhandene externe Festplatten und/oder sonstigen Wechselmedien (z. B. evtl. vorhandene USB-Sticks) an den Rechner an.
  • Bitte während des Online-Scans Anti-Virus-Programm und Firewall deaktivieren.
  • Vista/Win7-User: Bitte den Browser unbedingt als Administrator starten.
Los geht's

  • Lade und starte Eset Smartinstaller
  • Haken setzen bei YES, I accept the Terms of Use.
  • Klick auf Start.
  • Haken setzen bei Remove found threads und Scan archives.
  • Klick auf Start.
  • Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Finish drücken.
  • Browser schließen.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (manchmal auch C:\Programme\Eset\log.txt) suchen und mit Deinem Editor öffnen.
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

DIGE 07.09.2012 22:07
HIer der ESET-Logfile:


ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=5727d7fd2675ed46959e90dd52c3c51f
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-09-07 08:03:33
# local_time=2012-09-07 10:03:33 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=1792 16777215 100 0 28150476 28150476 0 0
# compatibility_mode=4096 16777215 100 0 0 0 0 0
# compatibility_mode=5892 16776638 100 100 58177579 184565858 0 0
# compatibility_mode=8192 67108863 100 0 755 755 0 0
# scanned=931280
# found=3
# cleaned=3
# scan_time=15082
C:\Program Files\PDFCreator\Toolbar\pdfforge Toolbar_setup.exe Win32/Toolbar.Widgi application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\Egid\Downloads\DownloadAcceleratorSetup.exe a variant of Win32/InstallCore.AG application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\_OTL\MovedFiles\09042012_222643\C_Program Files\pdfforge Toolbar\IE\1.1.2\pdfforgeToolbarIE.dll probably a variant of Win32/Toolbar.Widgi application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

t'john 08.09.2012 18:54
Java aktualisieren

Dein Java ist nicht mehr aktuell. Älter Versionen enthalten Sicherheitslücken, die von Malware missbraucht werden können.
  • Downloade dir bitte die neueste Java-Version von hier
  • Speichere die jxpiinstall.exe
  • Schließe alle laufenden Programme. Speziell deinen Browser.
  • Starte die jxpiinstall.exe. Diese wird den Installer für die neueste Java Version ( Java 7 Update 7 ) herunter laden.
  • Wenn die Installation beendet wurde
    Start --> Systemsteuerung --> Programme und deinstalliere alle älteren Java Versionen.
  • Starte deinen Rechner neu sobald alle älteren Versionen deinstalliert wurden.
Nach dem Neustart
  • Öffne erneut die Systemsteuerung --> Programme und klicke auf das Java Symbol.
  • Im Reiter Allgemein, klicke unter Temporäre Internetdateien auf Einstellungen.
  • Klicke auf Dateien löschen....
  • Gehe sicher das überall ein Hacken gesetzt ist und klicke OK.
  • Klicke erneut OK.


Dann so einstellen: http://www.trojaner-board.de/105213-...tellungen.html

Danach poste (kopieren und einfuegen) mir, was du hier angezeigt bekommst: PluginCheck


Java deaktivieren

Aufgrund derezeitigen Sicherheitsluecke:

http://www.trojaner-board.de/122961-...ktivieren.html

Danach poste mir (kopieren und einfuegen), was du hier angezeigt bekommst: PluginCheck

DIGE 09.09.2012 11:17
Das Ergebnis des PluginChecks

PluginCheck

Der PluginCheck hilft die größten Sicherheitslücken beim Surfen im Internet zu schliessen.
Überprüft wird: Browser, Flash, Java und Adobe Reader Version.

Firefox 15.0.1 ist aktuell

Flash (11,4,402,265) ist aktuell.

Java (1,7,0,7) ist aktuell.

Adobe Reader 10,1,4,38 ist aktuell.


Soll ich jetzt Java deaktivieren?
Wann soll ich es Wieder deaktivieren?
Auf meinem PC läuft noch 9 Tage die Testversion von" Malewarebytes" - DEINSTALLIEREN oder KAUFEN?

PluginCheck bei deaktiviertem Java

Der PluginCheck hilft die größten Sicherheitslücken beim Surfen im Internet zu schliessen.
Überprüft wird: Browser, Flash, Java und Adobe Reader Version.

Firefox 15.0.1 ist aktuell

Flash (11,4,402,265) ist aktuell.

Java ist Installiert aber nicht aktiviert.

Adobe Reader 10,1,4,38 ist aktuell.

t'john 09.09.2012 23:42
Zitat:
Auf meinem PC läuft noch 9 Tage die Testversion von" Malewarebytes" - DEINSTALLIEREN oder KAUFEN?
Deinstallieren, kostenlose Version installieren.

DIGE 10.09.2012 07:51
Frage 1:
Kann ich jetzt davon asgehen, dass ich den GVU-Trojaner los bin?

Frage 2
Soll Java deaktiviert bleiben?

cu
DIGE

t'john 10.09.2012 20:56
ja und ja ;)

Sehr gut! :daumenhoc

damit bist Du sauber und entlassen! :)

adwCleaner entfernen

  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Uninstall.
  • Bestätige mit Ja.




Tool-Bereinigung mit OTL


Wir werden nun die CleanUp!-Funktion von OTL nutzen, um die meisten Programme, die wir zur Bereinigung installiert haben, wieder von Deinem System zu löschen.
  • Bitte lade Dir (falls noch nicht vorhanden) OTL von OldTimer herunter.
  • Speichere es auf Deinem Desktop.
  • Doppelklick auf OTL.exe um das Programm auszuführen.
    Vista- und Windows 7-User starten mit Rechtsklick auf das Programm-Icon und wählen "Als Administrator ausführen".
  • Klicke auf den Button "Bereinigung"
  • OTL fragt eventuell nach einem Neustart.
    Sollte es dies tun, so lasse dies bitte zu.
Anmerkung: Nach dem Neustart werden OTL und andere Helferprogramme, die Du im Laufe der Bereinigung heruntergeladen hast, nicht mehr vorhanden sein. Sie wurden entfernt. Es ist daher Ok, wenn diese Programme nicht mehr vorhanden sind. Sollten noch welche übrig geblieben sein, lösche sie manuell.


Zurücksetzen der Sicherheitszonen

Lasse die Sicherheitszonen wieder zurücksetzen, da diese manipuliert wurden um den Browser für weitere Angriffe zu öffnen.
Gehe dabei so vor: http://www.trojaner-board.de/111805-...ecksetzen.html


Systemwiederherstellungen leeren

Damit der Rechner nicht mit einer infizierten Systemwiederherstellung erneut infiziert werden kann, muessen wir diese leeren. Dazu schalten wir sie einmal aus und dann wieder ein:
Systemwiederherstellung deaktivieren Tutorial fuer Windows XP, Windows Vista, Windows 7
Danach wieder aktivieren.


Aufräumen mit CCleaner

Lasse mit CCleaner (Download) (Anleitung) Fehler in der

  • Registry beheben (mehrmals, solange bis keine Fehler mehr gefunden werden) und
  • temporäre Dateien löschen.




Lektuere zum abarbeiten:
http://www.trojaner-board.de/90880-d...tallation.html
http://www.trojaner-board.de/105213-...tellungen.html
PluginCheck
http://www.trojaner-board.de/96344-a...-rechners.html
Secunia Online Software Inspector
http://www.trojaner-board.de/71715-k...iendungen.html
http://www.trojaner-board.de/83238-a...sschalten.html
PC wird immer langsamer - was tun?

DIGE 11.09.2012 18:07
Ganz vielen Dank für dein große Hllfe (und Geduld :-)

DIGE

t'john 12.09.2012 08:18
:)

wuensche eine virenfreie Zeit :)


Alle Zeitangaben in WEZ +1. Es ist jetzt 13:35 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55