GVU-Trojaner mit Webcam hat System blockiert, Vista 32bit

Antigone1978 · 27.07.2012, 21:38

Hallo,

vor ca. 2 Wochen habe ich mir einen Trojaner eingefangen. Es ging eine Seite auf, die angeblich von der GVU ist und eine Strafandrohung machte. Gleichzeitig ging meine Webcam an. Welche Version es war, weiß ich leider nicht mehr, da ich beim ersten Schreck nicht darauf geachtet hatte. Den Computer war erstmal blockiert.

Deshlab hatte ich einen vollständigen Scan mit der Malwarebytes Anti-Malware - Software gemacht, bei dem 1 Trojaner (Trojan.ZbotR.Gen, einmal als File, einmal Registry Value) und 2 Adware-Dateien (Adware.GamePlayLabs und Adware.Agent) und 1 Exploit-Datei (Exploit.Drop.2) gefunden und in Quarantäne verschoben wurden.

Danach blockierte der GVU-Trojaner aber weiterhin meinen Computer. Deshalb führte ich den Scan mit der aktualisierten Version der o.g. Software erneut durch und es wurde ein weiterer Trojaner (Trojan.Ransom.Gen) gefunden.

Nun wird mein PC zwar nicht mehr wie vorher blockiert, aber vielleicht befinden sich noch schädliche Dateien in meinem System. Was sollte ich jetzt als nächstes tun? Eine Systemwiederherstellung möchte ich ungern machen, da ich wahrscheinlich keinen Wiederherstellungspunkt habe.

Die gespeicherten Log-Dateien über die Scans habe ich als Anlagen angehängt. Falls ihr noch andere Angaben braucht, einfach Bescheid geben.

Ich hoff, ihr könnt mir weiterhelfen und schon mal vielen Dank im Voraus.

VG Nadine

t'john · 28.07.2012, 14:38

1. Schritt

Bitte einen Vollscan mit Malwarebytes Anti-Malware machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Malwarebytes Anti-Malware
- Anwendbar auf Windows 2000, XP, Vista und 7.
- Installiere das Programm in den vorgegebenen Pfad.
- Aktiviere "Komplett Scan durchführen" => Scan.
- Wähle alle verfügbaren Laufwerke (ausser CD/DVD) aus und starte den Scan.
- Funde bitte löschen lassen oder in Quarantäne.
- Wenn der Scan beendet ist, klicke auf "Zeige Resultate".

2. Schritt

Systemscan mit OTL (bebilderte Anleitung)

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop ( falls noch nicht vorhanden)- Doppelklick auf die OTL.exe
- Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
- Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
- Unter Extra Registry, wähle bitte Use SafeList
- Klicke nun auf Run Scan links oben
- Wenn der Scan beendet wurde werden 2 Logfiles erstellt
- Poste die Logfiles hier in den Thread.

Antigone1978 · 29.07.2012, 08:22

Konnte meinen Eintrag nicht löschen, deshalb diese Nachricht hier, weil man scheinbar irgendwas eingeben muss. Ich bin noch beim Scan und poste heute noch die Logdateien.

Antigone1978 · 29.07.2012, 10:54

Hallo t'john,

vielen Dank erstmal für deine Antwort.

Nachstehend eine Logdatei vom OTL-Scan,die ich nicht anhängen konnte, die anderen sind im Anhang.

VG Nadine

OTL-Logdatei:
OTL EXTRAS Logfile:

Code:

ATTFilter

OTL Extras logfile created on: 29.07.2012 11:30:38 - Run 3
OTL by OldTimer - Version 3.2.55.0     Folder = C:\Users\Nadine\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,99 Gb Total Physical Memory | 0,91 Gb Available Physical Memory | 45,51% Memory free
4,22 Gb Paging File | 2,75 Gb Available in Paging File | 65,12% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 117,54 Gb Total Space | 68,08 Gb Free Space | 57,92% Space Free | Partition Type: NTFS
Drive E: | 113,88 Gb Total Space | 106,63 Gb Free Space | 93,64% Space Free | Partition Type: NTFS
 
Computer Name: NADINE-NOTEBOOK | User Name: Nadine | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [CEWE FOTOSCHAU] -- "C:\Program Files\Mueller Foto\Mueller Foto\CEWE FOTOSCHAU.exe" -d "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Müller Foto] -- "C:\Program Files\Mueller Foto\Mueller Foto\Müller Foto.exe" "%1" ()
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-2664316595-2851453375-3809740440-1000]
"EnableNotifications" = 1
"EnableNotificationsRef" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{066F136D-AF5D-4670-AB51-2856D8FAC5BB}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{143430D7-20D2-4E1D-A128-35E6B1314255}" = lport=445 | protocol=6 | dir=in | app=system | 
"{322BFE7D-9310-4A7D-B561-77CE177E80A7}" = lport=139 | protocol=6 | dir=in | app=system | 
"{39114E5C-89B4-4C59-9570-547317E8D57C}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{395901C5-638D-4A73-A16F-0D3726DB99D0}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{3D23F18E-ED30-4610-B748-D6238EEF8BC6}" = lport=3704 | protocol=6 | dir=in | name=adobe version cue cs3 server | 
"{44D01DDA-4E71-45B3-B774-B53DA5DB114D}" = lport=50900 | protocol=6 | dir=in | name=adobe version cue cs3 server | 
"{4B4BBF25-4F48-4093-B50D-2C554EDD9619}" = lport=10102 | protocol=6 | dir=in | name=tcp 10102 | 
"{4EAC3901-BCAB-41EE-9285-D8FC5339C145}" = rport=138 | protocol=17 | dir=out | app=system | 
"{50C46B05-6964-42D0-BBA0-FA790EF3CA6F}" = rport=139 | protocol=6 | dir=out | app=system | 
"{6CDC997E-5D6D-401C-A76A-ABFCF1C0BC85}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{6D295117-18A5-44EF-A1C9-F3ADF37F9EFC}" = lport=10102 | protocol=6 | dir=in | name=tcp 10102 | 
"{80A639AD-DE92-42B5-B86C-D4E92322C12B}" = lport=3703 | protocol=6 | dir=in | name=adobe version cue cs3 server | 
"{8E5F4BE1-157D-4438-8838-33D8BAEE3325}" = rport=445 | protocol=6 | dir=out | app=system | 
"{9098EED5-6998-48CD-AC1D-1736BD1F5EE4}" = lport=14676 | protocol=6 | dir=in | name=tcp 14676 | 
"{91D23B02-7B05-4E0F-8BA3-6EA34961BC04}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{965272F0-A2D1-48B2-99E8-01742B32B3EF}" = lport=14676 | protocol=6 | dir=in | name=tcp 14676 | 
"{9E92A22F-DF3C-46CE-AE30-DFDE1DEAC4A0}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{9F0224F1-5074-43FC-82E3-A077CCAE2444}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{ABEFC52D-00F4-461E-95E4-D531957E4BD7}" = lport=138 | protocol=17 | dir=in | app=system | 
"{C144A9E5-301C-4214-832A-4F941034D232}" = lport=10563 | protocol=17 | dir=in | name=udp 10563 | 
"{C7175026-4838-4DAB-9E83-C355CC6E4ABA}" = lport=23640 | protocol=17 | dir=in | name=udp 23640 | 
"{C90BDED2-8B6B-4E37-858F-49E4F3B674AF}" = lport=50901 | protocol=6 | dir=in | name=adobe version cue cs3 server | 
"{D2837F66-C0DA-440A-88BC-B6B50069436E}" = lport=137 | protocol=17 | dir=in | app=system | 
"{D4B95EA9-5777-4663-8072-8ABB0F939C41}" = lport=10563 | protocol=17 | dir=in | name=udp 10563 | 
"{E7DD41EC-D880-4F85-A423-ED0E4078E78D}" = rport=137 | protocol=17 | dir=out | app=system | 
"{EA10C1A8-A2B3-4BF1-9C3A-86B830ABC51B}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{EF033BE3-054B-45FC-AD7B-C689072B8008}" = lport=23640 | protocol=17 | dir=in | name=udp 23640 | 
"{F61572DA-1AAA-4F2C-A4BB-2B663174A995}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{FCE143B1-4675-4564-81DD-E5083B308B4F}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0017F552-C087-4E02-8AC7-F950418585D4}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{026AE5BA-9325-4ED0-A0B0-DD97C939F908}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{02D7A406-C216-413E-9DA4-71DFD1FE3A24}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{055FC244-CE12-414A-A1C4-ED4C8209FD58}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{06104651-5C1E-44E6-BA6C-64C26ABB3ED0}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{0685F2E0-6BD0-4EB7-B295-213B97C7E128}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{08DD4B61-DD30-4CC6-B579-CD08AA62A1D2}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{0A5A9409-27BA-4799-986E-39B4B29C6E0A}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{0CF50B4D-8BAE-43C7-9518-05B11A409C97}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{0FAE0E06-CA87-48E4-8073-BEF19FE30FBA}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{128C685E-F0D1-4EC3-8FD5-B4C54BF75DBD}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{1297C819-76A2-4083-BD16-AE7C2B6C65E9}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{142A1012-C834-4A31-A0F9-4D7953EAA063}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{1695F244-EA7D-4C22-A40F-B5D5CE29096D}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{16B0A0EC-1FD3-46F3-BA0C-053D26E38485}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{17799315-1531-48F9-A2C8-66FD8BB9B483}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{19602E5B-DDF8-40D3-B972-8D7944F1D71A}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{1A2FDF67-D40D-448C-84DC-E5191E1D08E9}" = protocol=6 | dir=in | app=c:\program files\sony ericsson\update engine\sony ericsson update engine.exe | 
"{1AAAAB61-1068-4483-833C-DAE34F03B766}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{1CE33933-A12F-4C56-A4A0-B05205169CC6}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{1DABE878-31A7-4DAA-A6DE-6D30B992890B}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{2027044E-238C-47BC-9BD0-1D4833D627C0}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{217B14F9-8419-48A7-8CEF-0AEB5C809AC1}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{21E4A42A-265B-41D5-9489-B162DDF8D7D3}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{23795223-D991-4581-95AB-92054BB46DED}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{24663BE8-EB12-41A0-85EE-D4577BF7FD50}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{24F0C0A4-E564-4047-8543-F5381DD4F0AC}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{25252708-89C9-4287-A181-91EAC9DEACC7}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{25325B96-EBD5-4C53-B7EE-4A0B93EDD154}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{282F3152-EEFE-4A60-A82B-37186834E889}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{2E3E0BDE-FC92-4EF2-8DEA-61B5F2CDE139}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{2F7538C2-7656-44CE-83FF-378F0C9E83DF}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{2FAE0D9D-B36A-4563-A6BF-03A88E0C3890}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{2FEB0892-5206-4D9A-8D55-B49C59F4E883}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{3157E28D-6201-4859-8186-207D93422609}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{33552C1E-5B4A-4D1C-BDAA-EF15EB6BEF69}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{359B4D80-4DCD-4F5E-A836-4275A96C67E1}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{3679053B-C575-42C2-A4A8-F36388389C3A}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{36A47058-0594-46C6-91EB-733034C8E3DB}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{36DB811F-E609-43BE-BF19-875E5BEEB628}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{37DAE5B9-6461-4404-A10C-F5FC755B5DFC}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{38609A66-2FDE-41B5-9ECB-30246253A6BF}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{3C990924-C524-4D40-979D-16C0646A79D4}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{3E2C2E58-619E-441C-A3B6-E8FD49A565AE}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{3EFD15A8-5967-4D7D-960C-0D30420DC75B}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{405C480E-5E26-4ACC-AD82-5C82EA4A4735}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{417882D1-F8C5-4BBC-A9B7-91A79D922E8A}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{42515461-36FB-4ADA-9729-0F013EE328D6}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{427AB6A5-18F0-499A-A454-5048D2E61FE9}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{487364E2-36B7-4063-87CF-0DF7AE25EC32}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{48C4E43E-01AA-48AD-9484-5120D8565987}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{4A031CA5-0878-48D9-A668-30812C7986AA}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{4A9AF296-D41F-4792-8FE1-65FADBA9F66B}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{4C4B3A76-DC8E-4932-A55C-A043F4FD7430}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{4CB49B85-E7FF-4E48-A60E-F7102ED26F31}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{4EAA840E-456E-4C3D-9B93-9337016A4001}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{537EF966-A35E-410E-98DB-9B4EDC2646C6}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{541ADD1A-9BC1-4F6C-9818-8367F1BD7C14}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{5522D651-86A1-4861-AC9E-4FDABAB738ED}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{5567ED1A-5540-4642-B535-68C0A36E21DB}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{55E90547-E2A9-43FF-ACD7-827F00964059}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{5757545D-44C4-4A00-80D7-9341D5297731}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{57D7D828-14D8-4754-BBAF-82360510D5A0}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{5C8ED7C7-8C3E-45AC-8F98-E206ACD1E50F}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{5DDA6FC5-E682-4ABD-A9C0-AC9EA1AD187A}" = protocol=17 | dir=in | app=c:\program files\sony ericsson\update engine\sony ericsson update engine.exe | 
"{5FBEE20A-4B5D-425A-AD4C-9E102CC3988F}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{6021BD71-49B2-4D51-BE2C-C706690DE679}" = protocol=6 | dir=in | app=c:\program files\common files\adobe\adobe version cue cs3\server\bin\versioncuecs3.exe | 
"{6132F7C6-CB13-4091-A7D9-0B98EC2CB6D6}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{6207F7F5-C8A4-48EE-A566-80F9FE46878E}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{62154C5D-C3F2-4241-B465-76BB5DC64FE4}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{6280F297-2204-4DEE-9351-A323C89848F8}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{65ADBFDA-A067-401D-904A-D762AEB6DAB3}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{67C8F788-CC71-45EF-B97D-6596610B797E}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{67EA968E-43C8-4B60-9C04-A6E48711E925}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{68160643-8165-4E12-87EC-1BCB1D688F56}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{70619BBD-0D7C-4D34-AB78-E40C1B25B694}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{713B2697-EB19-4F9F-8AF4-739450D1BA6D}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{75D7E30D-EC06-43EC-96CA-EFCB03983B3F}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{767C313A-4476-4642-8F17-CDCD0AEDD94F}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{769D40CE-7D9F-4FA0-80BC-ECC326B43B5E}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{79D0D477-5CAF-461B-A4D4-4FE8D3F0A9CC}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{7A505717-24B3-4216-A709-FA0A03F24008}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{7B41379D-5630-443B-96EF-90C6060CEBF9}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{7C510DC3-74B9-48DA-A9E5-C1BE582AD0EC}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{7D04C773-9BC1-4D38-AE9C-12AACE96AF0B}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{7EADA5DC-DAF7-4ADA-B9A5-3D2839305710}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{7FBBA4E7-A3B5-4361-ACAA-67C9282C0AB7}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{833B30E1-6C94-4E0B-B846-DEF9EB44AF18}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{8541EF96-CA3E-41A2-952A-CDF67D789373}" = dir=in | app=c:\program files\skype\plugin manager\skypepm.exe | 
"{862AD829-C78C-4C22-8ED6-7DF1385E810D}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{8699F798-0B6A-4D58-9D99-DFA3BBC538F3}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{876015B4-6BD7-4764-8339-5E57D8ED0A38}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{8F0A7116-6EF0-4E7F-82AB-6C9DF5B9FB6C}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{8F2A9041-C47A-4CC0-A304-2964BF833A26}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{9261E73F-253C-4DBB-BB59-BEE21C479D3B}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{926B4364-B06B-41D7-9CD4-92B482C1AE27}" = protocol=17 | dir=out | app=c:\program files\windows media player\wmplayer.exe | 
"{957AEF96-CA8F-43EB-977C-2F4F0F36879F}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{9681EAD6-35D4-41A9-8F4A-67EF5FD9851F}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{973B5840-DD0D-4FCA-A2F2-E231885D70DD}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{974F14AF-E3AA-45CC-839A-D9953E107AA5}" = protocol=17 | dir=in | app=c:\program files\common files\adobe\adobe version cue cs3\server\bin\versioncuecs3.exe | 
"{9770A3BC-4F0A-42E6-A2FD-C9EB1B040198}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{99B31811-854E-4E53-922E-7347EC6AAC57}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{9A5F97DC-6C65-48AA-BA5D-4000AB617749}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{9BAEF11C-EB75-4A43-9937-6AC83C9AEC8A}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{9C8213DB-AD8E-49D1-B293-F1F648E3A137}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{9CEA46FF-D05F-419F-B9A7-318915999E36}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{9EF0B857-87EA-4379-B620-49D9D4ABC2BC}" = protocol=17 | dir=in | app=c:\program files\windows media player\wmplayer.exe | 
"{A064B0F2-58E3-4FC6-A768-0B6C36773528}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{A57DC812-8F0D-4A4A-AB5F-06BA55B9CCF3}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{A84DC564-4558-42BC-8B87-71DFE0E820C3}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{A9FFF10C-9805-4349-82D7-A675129EEA8B}" = protocol=17 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe | 
"{AA988E5A-1962-49A4-9A6A-B4CDFFE0B05A}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{ACBA80DC-AFF0-4B75-A363-17332C7A8F7D}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{AD819095-2B7C-44B0-91BB-27E54DD1A413}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{AFB332F6-0A22-4983-B968-9F1031384794}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{AFB53495-6F67-4FFF-822F-E63F077940DE}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{B06BD4B9-BEF2-4D5A-95A4-0917D2C393F0}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{B243A046-1FCE-444D-B654-201B0B2CE357}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{B38096BC-979D-4CF6-BB98-8A252312F905}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{B3BC54EE-D981-4B0F-B44E-9FD074164859}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{B3BDCC29-5996-4BEB-BD2C-122531051369}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{B3D91DB7-0757-4096-89C0-D9AAAC69AD53}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{B56F0034-9FEB-4149-9A52-71FA2808E9EC}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{B64006E1-E603-4FDA-BCA6-2548DA1B5DDB}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{B7563E7F-CB14-4BA0-AEBE-ECB7664E097F}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{B8250C9A-85C7-48A9-9511-926D9F44EDCA}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{BA72315D-2111-4524-8535-CA32ED44BFAC}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{BB7DF12D-D5AB-4673-851C-303D3A1B312D}" = protocol=6 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe | 
"{BBDE8DAE-4B6F-4D9E-B868-4A0E096AE4B5}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{BC054C44-84DA-48B3-9AD1-D96C5637182F}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{BCA2AD74-DC2F-468D-8812-D7622B3EEFFB}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{BEAD464F-145A-4996-AF0D-77EE51D7457E}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{BFF72897-E97B-4B48-9308-2B711728CD9A}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{C1E5B826-90BC-4EB8-B606-B8763DAE55B2}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{C311FD9A-3C4C-436A-92D0-7A78CC147A29}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{C54E27F8-ECE6-42A4-9F46-97076B9E70EC}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{C645A1A7-E1B2-4005-B85C-9B43252CF6F6}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{C75F2AD5-AB8F-4CE7-8685-CA31CE58090B}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{C89750B0-D3C9-42A7-AD08-45666F9D92C9}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{CB8932B4-5E34-47FE-90BA-A5367A326861}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{CD32E6EA-D280-47BD-9C44-DF36EDED61D7}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{CE1D8C8A-FCA8-4346-BF6D-37B724EB2683}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{CE25FB77-D7DA-44DD-8382-6CFD3023B0D0}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{D045F529-760B-4E35-9A03-802EB8BA1594}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{D16567E7-8FF4-47F8-967F-9F2EF4CA4850}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{D377F07F-907C-4425-BC8B-F4870D93C357}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{D43C8179-7E45-4957-BA66-ADAAB3DCA384}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{D5F3B451-774A-4F5E-80AF-17A8541EB2E6}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{D6A6FF9E-0E7E-4958-8AD1-2FB00760DA5A}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{D6C228C0-6A88-425D-ADFE-3A7A6C78CD13}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{D74B1E61-F84B-4642-8C64-FA6EC93B5F4F}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{D86745E9-96E7-449A-95E0-8C657F5A9891}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{D91A7922-74CE-45DB-B79E-50146A112240}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{DBD537A3-CC62-485A-BB4F-323C4876611C}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{DCF6979A-E440-4776-9BBE-E411F2DF3881}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{DF3BFC54-C821-441A-B4ED-28F63DF6F5B9}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{DF741047-6020-4371-94CF-DECD71BE1E5B}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{E43685AB-3957-4791-8029-29CDF01D21E4}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{E564BD2A-8D98-49CE-86A7-D0DAE7D0D4D4}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{E75A9A8E-C0F0-4D67-A25D-D63428CE7E05}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{E93780A0-663E-435C-A6E7-DF007A66C017}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{EA080D6D-9574-415F-B672-C5080DE2376E}" = protocol=6 | dir=out | app=c:\program files\windows media player\wmplayer.exe | 
"{ED14F6D9-2B42-4E03-9AF0-30A40CC87BB8}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{F25EB377-2A4A-4454-A6E8-31C193310D73}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{F4F0BABD-E65A-41B3-9F89-498B06F12A43}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{F54FCCEA-21E7-4104-8F99-726F5D9DDB30}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{F5B21328-A277-4922-B01D-EF93AC84365E}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{FA9852F3-454D-4187-80B4-6EAB9F21CE86}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{FAA38BD9-CE62-42FD-8736-CB9988ECABF9}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{FB7C48FC-B811-4D7A-BECA-26D69D732DDF}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{FB9BD079-90A9-43FA-B14C-3509A1408F54}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{FBA439AF-D3A6-4723-9458-71CF8C920334}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{FC8E77BA-316A-4121-BAFF-C214E4B05A63}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"TCP Query User{0204CE5F-9937-42AF-BF9C-7B7F09EA2C41}C:\users\nadine\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\nadine\appdata\local\akamai\netsession_win.exe | 
"TCP Query User{1869FC1F-F41D-4CD4-A14B-93AC9D0C9A99}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"TCP Query User{248449A3-48C2-4514-AAD3-49B94F19918B}C:\users\nadine\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\nadine\appdata\local\akamai\netsession_win.exe | 
"TCP Query User{B7534D86-A66C-4CC4-8F05-D6B3C7D3D352}C:\program files\secondlife\slvoice.exe" = protocol=6 | dir=in | app=c:\program files\secondlife\slvoice.exe | 
"TCP Query User{CF5ED155-A38E-4122-9C04-D139B78082F3}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"UDP Query User{0AC688BA-B1BA-48CB-B8E3-C4A2364A3596}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"UDP Query User{152B083D-88C0-40A1-B64F-72943B39496E}C:\users\nadine\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\nadine\appdata\local\akamai\netsession_win.exe | 
"UDP Query User{A6A78750-E40D-40BD-B125-DBCE542B7A9A}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"UDP Query User{D3A87BCF-0AA2-48D1-A0B9-DACFF2AD9AD5}C:\program files\secondlife\slvoice.exe" = protocol=17 | dir=in | app=c:\program files\secondlife\slvoice.exe | 
"UDP Query User{E5A217A8-02B0-4A54-8413-1783BC3AA720}C:\users\nadine\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\nadine\appdata\local\akamai\netsession_win.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{04830D0F-F980-4EC0-89F1-594F2FD2A1B5}" = ElsterFormular 2008/2009
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{0659E943-DDF4-44FC-9FEE-A13B09F8BB08}" = Adobe Flash Media Live Encoder 3.2
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}" = PlayStation(R)Store
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP560_series" = Canon MP560 series MP Drivers
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{1D58229F-C505-45CA-8223-F35F3A34B963}" = Adobe Version Cue CS3 Server
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2290A680-4083-410A-ADCC-7092C67FC052}" = Toshiba Online Product Information
"{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}" = Adobe ExtendScript Toolkit 2
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{2C8574B5-6935-4FCE-860E-F4E8602378FF}" = OfferBox
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{33C8C01E-4787-482B-9D2C-AB8221FCC01D}" = IObit Toolbar v6.0
"{372B31CF-77FB-4E29-860C-A0EA2985AB7F}" = O2Micro Flash Memory Card Reader Driver (x86)
"{37C866E4-AA67-4725-9E95-A39968DD7960}" = Camera Assistant Software for Toshiba
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}" = Google Earth
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{411E0CC3-587A-468C-B461-95FAFD05E4DE}" = Adobe InDesign CS3
"{4393DE35-AD67-4F37-95E4-30F06EA0FDB2}" = Adobe Creative Suite 3 Design Premium
"{491DD193-1B57-4D1C-8B14-18B96992A89F}" = TOSHIBA Supervisor Password
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AA5B8A5-BEEF-4AD8-B11D-4443A042EA4F}" = Adobe Dreamweaver CS3
"{52573F8D-F099-4CB5-9EDE-5C27ECB4A02B}" = TOSHIBA Hardware Setup
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{5518E08A-2053-4A3E-85B2-F912D4666C9F}" = Adobe Setup
"{566BB41D-F006-4956-A5D3-94D8DFFA7F51}" = Adobe Setup
"{56995235-B76E-44A6-BA17-8FF13D3F907A}" = TOSHIBA Benutzerhandbücher
"{5980B928-1C95-4B3E-957B-B02D8147FF9E}" = Desktop SMS
"{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}" = Sony USB Driver
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"{653FCB75-D988-BD9C-B3D4-88676C4F1008}" = Babbel Refresh
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6B708481-748A-4EB4-97C1-CD386244FF77}" = Adobe MotionPicture Color Files
"{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}" = AHV content for Acrobat and Flash
"{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{73B5D990-04EA-4751-B10F-5534770B91F2}" = Adobe Color EU Recommended Settings
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TRDCReminder
"{78C6A78A-8B03-48C8-A47C-78BA1FCA2307}" = TOSHIBA ConfigFree
"{7B63B2922B174135AFC0E1377DD81EC2}" = 
"{7BB5E925-A3DD-48C2-9A82-017AF5982FFE}" = Facebook Messenger 2.1.4590.0
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{835525BE-63BD-4EC4-9425-00CEAD4849C2}" = Widestream6
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C640345-AF96-4ABA-A697-97D2A0B8C6DB}" = Adobe Flash CS3
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8DC42D05-680B-41B0-8878-6C14D24602DB}" = QuickTime
"{90024193-9F13-4877-89D5-A1CDF0CBBF28}" = Feedback Tool
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9F5FD796-86F0-4360-85F8-D54C0F5411EB}" = Steuer-Spar-Erklärung 2011
"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.1 - Deutsch
"{AFA42FE1-A5C3-485F-9180-BFCF5BF1F1C3}" = AAVUpdateManager
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B169BC97-B8AA-4ACA-9CF2-9D0FF5BABDF7}" = Adobe Premiere Pro CS4 Functional Content
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}" = Adobe Setup
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Disc Creator
"{B6659DD8-00A7-4A24-BBFB-C1F6982E5D66}" = PlayStation(R)Network Downloader
"{B671CBFD-4109-4D35-9252-3062D3CCB7B2}" = Adobe SING CS3
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B73CFB12-C814-4638-AFFD-7E3AAFAF0B4E}" = Adobe BridgeTalk Plugin CS3
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BCEDD813-269C-4D8F-A4BA-01FDC66254D3}" = Adobe Flash Video Encoder
"{BE5F3842-8309-4754-92D5-83E02E6077A3}" = Adobe Extension Manager CS3
"{BE9CEAAA-F069-4331-BF2F-8D350F6504F4}" = Adobe Media Encoder CS4 Additional Exporter
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C5BD220A-EFE8-48A5-B70E-9503D535FACE}" = Adobe WAS CS3
"{C6AC04F5-5916-4A02-BC36-AF5BC0A3CBD4}" = Media Go
"{C730E42C-935A-45BB-A0C5-37E5234D111B}" = TOSHIBA Face Recognition
"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser
"{C8D7A672-F697-4572-AC62-C856053A8DBC}" = Adobe Illustrator CS3
"{C950420B-4182-49EA-850A-A6A2ABF06C6B}" = Marvell Miniport Driver
"{CBDF64B0-8CAB-45C7-B3B2-4637C9F88769}" = HDMI Control Manager
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CCD2BAD2-0919-40CB-80CC-E9538B0E4C2E}" = Steuer-Spar-Erklärung 2012
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D3C605D8-3A5E-4BAD-965D-2C61441BF2AC}" = Adobe Photoshop CS3
"{D499F8DE-3F31-4900-9157-61061613704B}" = Adobe Premiere Pro CS4
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{DE3BB35E-C0CE-4CA1-9CB4-CD9E69364BD9}" = Adobe Premiere Pro CS4
"{DEB90B8E-0DCB-48CE-B90E-8842A2BD643E}" = Adobe Media Encoder CS4
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9-Reihe
"{E65C7D8E-186D-484B-BEA8-DEF0331CE600}" = TRORDCLauncher
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}" = Adobe InDesign CS3 Icon Handler
"{EB7A2041-6A16-4BAC-8079-43B985673C2C}" = Avery Zweckform Assistent 3.1
"{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}" = TOSHIBA SD Memory Utilities
"{EE353798-E875-42E0-B58D-7E6696182EA8}" = Adobe Media Encoder CS4 Dolby
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}" = Sony PC Companion 2.10.027
"{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}" = DVD MovieFactory for TOSHIBA
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"{FF29A7E2-FF40-4D07-B7E4-2093DE59E10A}" = Adobe Color NA Extra Settings
"AC3Filter_is1" = AC3Filter 1.63b
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Adobe_061850775b1c6d22bf2a145678e05e0" = Adobe Creative Suite 3 Design Premium hinzufügen oder entfernen
"Adobe_26b63376f4efc354dae41af6b5e3343" = Adobe Premiere Pro CS4
"Adobe_3e054d2218e7aa282c2369d939e58ff" = Adobe ExtendScript Toolkit 2
"Advanced SystemCare 5_is1" = Advanced SystemCare 5
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9
"Ashampoo Burning Studio 2010 Advanced_is1" = Ashampoo Burning Studio 2010 Advanced
"Audiograbber" = Audiograbber 1.83 SE 
"Audiograbber-Lame" = Audiograbber MP3-Plugin
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Bibliographix 7_is1" = Bibliographix 7
"Bibliographix 8_is1" = Bibliographix 8
"Canon MP560 series Benutzerregistrierung" = Canon MP560 series Benutzerregistrierung
"Canon_IJ_Network_Scan_UTILITY" = Canon IJ Network Scan Utility
"Canon_IJ_Network_UTILITY" = Canon IJ Network Tool
"CANONIJINBOXADDON100" = Canon Inkjet Printer Driver Add-On Module
"CANONIJPLM100" = Canon Inkjet Printer/Scanner/Fax Extended Survey Program
"CanonMyPrinter" = Canon Utilities My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"CCleaner" = CCleaner
"CNXT_AUDIO_HDA" = Conexant HD Audio
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_5051&SUBSYS_1179" = HDAUDIO Soft Data Fax Modem with SmartCP
"com.babbel.babbelrefresh.3741A3FCE1D3EB805F84223A94DE5A5CFDAA610D.1" = Babbel Refresh
"CPUID CPU-Z_is1" = CPUID CPU-Z 1.56
"Digital Editions" = Adobe Digital Editions
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup" = DivX-Setup
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"Easy-WebPrint EX" = Canon Easy-WebPrint EX
"ElsterFormular 11.5.0.4546" = ElsterFormular
"facemoods" = Facemoods Toolbar
"Firebird SQL Server D" = Firebird SQL Server - MAGIX Edition 2.0.0.1 (D)
"Free M4a to MP3 Converter_is1" = Free M4a to MP3 Converter 6.2
"Free Video to DVD Converter_is1" = Free Video to DVD Converter version 5.0.8.412
"Game Booster_is1" = Game Booster 3
"Google Desktop" = Google Desktop
"Guitar Pro 5_is1" = Guitar Pro 5.0
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{491DD193-1B57-4D1C-8B14-18B96992A89F}" = TOSHIBA Supervisor Password
"InstallShield_{52573F8D-F099-4CB5-9EDE-5C27ECB4A02B}" = TOSHIBA Hardware Setup
"InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"InstallShield_{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TRDCReminder
"InstallShield_{C730E42C-935A-45BB-A0C5-37E5234D111B}" = TOSHIBA Face Recognition
"InstallShield_{E65C7D8E-186D-484B-BEA8-DEF0331CE600}" = TRORDCLauncher
"InstallShield_{EB7A2041-6A16-4BAC-8079-43B985673C2C}" = Avery Zweckform Assistent 3.1
"InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"IObit Malware Fighter_is1" = IObit Malware Fighter
"LastFM_is1" = Last.fm 1.5.4.27091
"licht am ende des sargs" = licht am ende des sargs  Screen Saver
"MAGIX Digital Foto Maker SE D" = MAGIX Digital Foto Maker SE 4.1.0.835 (D)
"MAGIX Foto Suite D" = MAGIX Foto Suite 1.12.0.89 (D)
"MAGIX Online Druck Service D" = MAGIX Online Druck Service 2.3.2.0 (D)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 14.0.1 (x86 de)" = Mozilla Firefox 14.0.1 (x86 de)
"Mozilla Thunderbird 13.0.1 (x86 de)" = Mozilla Thunderbird 13.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MP Navigator EX 3.0" = Canon MP Navigator EX 3.0
"Müller Foto" = Müller Foto
"myphotobook" = myphotobook 3.5
"Neffy" = Neffy 1,3,29,0
"pdfsam" = pdfsam
"phonostarRadioPlayer_is1" = phonostar-Player Version 2.01.5
"PI15040_HPR_AuR" = Zeugnisse und Referenzschreiben
"Picasa 3" = Picasa 3
"PrimoPDF" = PrimoPDF -- by Nitro PDF Software
"Smart Defrag 2_is1" = Smart Defrag 2
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"toolplugin" = toolplugin
"Update Engine" = Sony Ericsson Update Engine
"Windows Media Encoder 9" = Windows Media Encoder 9-Reihe
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 30.04.2011 06:53:59 | Computer Name = Nadine-Notebook | Source = WinMgmt | ID = 10
Description = 
 
Error - 30.04.2011 11:22:59 | Computer Name = Nadine-Notebook | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 30.04.2011 11:22:59 | Computer Name = Nadine-Notebook | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 30.04.2011 11:24:07 | Computer Name = Nadine-Notebook | Source = WinMgmt | ID = 10
Description = 
 
Error - 01.05.2011 14:17:52 | Computer Name = Nadine-Notebook | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 01.05.2011 14:17:52 | Computer Name = Nadine-Notebook | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 01.05.2011 14:18:58 | Computer Name = Nadine-Notebook | Source = WinMgmt | ID = 10
Description = 
 
Error - 02.05.2011 02:40:23 | Computer Name = Nadine-Notebook | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 02.05.2011 02:40:23 | Computer Name = Nadine-Notebook | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 02.05.2011 02:41:27 | Computer Name = Nadine-Notebook | Source = WinMgmt | ID = 10
Description = 
 
[ Media Center Events ]
Error - 16.03.2010 17:18:13 | Computer Name = Nadine-Notebook | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.WaitForUploadComplete 
failed. Please try to ping www.msn.com prior to filing a bug.; Win32 GetLastError
 returned 10000109  Prozess: DefaultDomain Objektname: Media Center Guide 
 
Error - 28.07.2010 04:31:58 | Computer Name = Nadine-Notebook | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.WaitForUploadComplete 
failed. Please try to ping www.msn.com prior to filing a bug.; Win32 GetLastError
 returned 10000109  Prozess: DefaultDomain Objektname: Media Center Guide 
 
Error - 30.07.2010 15:35:10 | Computer Name = Nadine-Notebook | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerRecord failed; Win32
 GetLastError returned 10000105  Prozess: DefaultDomain Objektname: Media Center Guide

 
Error - 30.07.2010 15:54:45 | Computer Name = Nadine-Notebook | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.WaitForUploadComplete 
failed. Please try to ping www.msn.com prior to filing a bug.; Win32 GetLastError
 returned 10000109  Prozess: DefaultDomain Objektname: Media Center Guide 
 
Error - 09.11.2010 13:28:08 | Computer Name = Nadine-Notebook | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.WaitForUploadComplete 
failed. Please try to ping www.msn.com prior to filing a bug.; Win32 GetLastError
 returned 10000109  Prozess: DefaultDomain Objektname: Media Center Guide 
 
Error - 19.11.2010 05:34:03 | Computer Name = Nadine-Notebook | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.WaitForUploadComplete 
failed. Please try to ping www.msn.com prior to filing a bug.; Win32 GetLastError
 returned 10000109  Prozess: DefaultDomain Objektname: Media Center Guide 
 
Error - 19.11.2010 05:34:24 | Computer Name = Nadine-Notebook | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerRecord failed; Win32
 GetLastError returned 10000105  Prozess: DefaultDomain Objektname: Media Center Guide

 
Error - 22.11.2010 06:30:51 | Computer Name = Nadine-Notebook | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerRecord failed; Win32
 GetLastError returned 10000105  Prozess: DefaultDomain Objektname: Media Center Guide

 
Error - 20.05.2011 03:30:14 | Computer Name = Nadine-Notebook | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.WaitForUploadComplete 
failed. Please try to ping www.msn.com prior to filing a bug.; Win32 GetLastError
 returned 10000109  Prozess: DefaultDomain Objektname: Media Center Guide 
 
Error - 11.03.2012 08:54:54 | Computer Name = Nadine-Notebook | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.WaitForUploadComplete 
failed. Please try to ping www.msn.com prior to filing a bug.; Win32 GetLastError
 returned 10000109  Prozess: DefaultDomain Objektname: Media Center Guide 
 
[ OSession Events ]
Error - 08.02.2009 07:11:19 | Computer Name = Nadine-Notebook | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 9
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 08.02.2009 07:21:46 | Computer Name = Nadine-Notebook | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 2
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 10.02.2009 14:50:34 | Computer Name = Nadine-Notebook | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 10
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 10.02.2009 17:30:22 | Computer Name = Nadine-Notebook | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 1457
 seconds with 120 seconds of active time.  This session ended with a crash.
 
Error - 26.02.2009 12:44:25 | Computer Name = Nadine-Notebook | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.6331.5000, Microsoft Office Version: 12.0.4518.1014. This session lasted 2334
 seconds with 60 seconds of active time.  This session ended with a crash.
 
Error - 11.10.2009 09:56:12 | Computer Name = Nadine-Notebook | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 48
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 18.03.2010 12:48:11 | Computer Name = Nadine-Notebook | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 4099
 seconds with 2940 seconds of active time.  This session ended with a crash.
 
Error - 09.06.2010 07:40:31 | Computer Name = Nadine-Notebook | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 10897
 seconds with 2580 seconds of active time.  This session ended with a crash.
 
Error - 02.04.2012 04:00:36 | Computer Name = Nadine-Notebook | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3973
 seconds with 2160 seconds of active time.  This session ended with a crash.
 
Error - 02.04.2012 04:11:44 | Computer Name = Nadine-Notebook | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 660
 seconds with 300 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 28.07.2012 03:10:59 | Computer Name = Nadine-Notebook | Source = volmgr | ID = 262190
Description = Die Initialisierung des Speicherabbildes ist fehlgeschlagen.
 
Error - 28.07.2012 03:12:40 | Computer Name = Nadine-Notebook | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 28.07.2012 03:12:40 | Computer Name = Nadine-Notebook | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 28.07.2012 03:32:16 | Computer Name = Nadine-Notebook | Source = volsnap | ID = 393236
Description = Die Schattenkopien von Volume "\\?...138-11dd-98be-806e6f6e6963}" 
wurden aufgrund von einem fehlgeschlagenen Rechenvorgang bezüglich verfügbarem Speicher
 abgebrochen.
 
Error - 28.07.2012 03:32:22 | Computer Name = Nadine-Notebook | Source = volsnap | ID = 393236
Description = Die Schattenkopien von Volume "C:" wurden aufgrund von einem fehlgeschlagenen
 Rechenvorgang bezüglich verfügbarem Speicher abgebrochen.
 
Error - 28.07.2012 03:32:25 | Computer Name = Nadine-Notebook | Source = volsnap | ID = 393236
Description = Die Schattenkopien von Volume "E:" wurden aufgrund von einem fehlgeschlagenen
 Rechenvorgang bezüglich verfügbarem Speicher abgebrochen.
 
Error - 29.07.2012 02:48:52 | Computer Name = Nadine-Notebook | Source = volmgr | ID = 262190
Description = Die Initialisierung des Speicherabbildes ist fehlgeschlagen.
 
Error - 29.07.2012 02:49:02 | Computer Name = Nadine-Notebook | Source = volmgr | ID = 262190
Description = Die Initialisierung des Speicherabbildes ist fehlgeschlagen.
 
Error - 29.07.2012 02:50:48 | Computer Name = Nadine-Notebook | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 29.07.2012 02:50:48 | Computer Name = Nadine-Notebook | Source = Service Control Manager | ID = 7000
Description = 
 
 
< End of report >

--- --- ---

t'john · 29.07.2012, 12:10

Fixen mit OTL

Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).

Deaktiviere etwaige Virenscanner wie Avira, Kaspersky etc.
Starte die OTL.exe.
Vista- und Windows 7-User starten mit Rechtsklick auf das Programm-Icon und wählen "Als Administrator ausführen".
Kopiere folgendes Skript in das Textfeld unterhalb von Benuterdefinierte Scans/Fixes:

Code:

ATTFilter

:OTL
 
SRV - (IJPLMSVC) -- C:\Programme\Canon\IJPLM\ijplmsvc.exe () 
DRV - (XDva369) -- C:\Windows\system32\XDva369.sys File not found 
DRV - (Tosrfcom) -- File not found 
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found 
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found 
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found 
IE - HKLM\..\SearchScopes,DefaultScope = {8729EACD-BD3E-4769-B5E5-CE2ED74F6EC0} 
IE - HKLM\..\SearchScopes\{8729EACD-BD3E-4769-B5E5-CE2ED74F6EC0}: "URL" = http://www.google.de/search?q={searchTerms}&rls=com.microsoft:*:IE-SearchBox&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7; 
IE - HKCU\..\URLSearchHook: {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - C:\Programme\IObit Toolbar\IE\6.0\iobitToolbarIE.dll (Spigot, Inc.) 
IE - HKCU\..\SearchScopes,DefaultScope = {3124709E-EC84-469B-AB42-5DE298ADE240} 
IE - HKCU\..\SearchScopes\{3124709E-EC84-469B-AB42-5DE298ADE240}: "URL" = http://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=382950&p={searchTerms} 
IE - HKCU\..\SearchScopes\{47F5713E-0EBE-4971-A854-96687E310C63}: "URL" = http://www.dict.cc/?s={searchTerms} 
IE - HKCU\..\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}: "URL" = http://127.0.0.1:4664/search&s=FRgNOMb0jMRvB8lwr5qKEbntg-o?q={searchTerms} 
IE - HKCU\..\SearchScopes\{8729EACD-BD3E-4769-B5E5-CE2ED74F6EC0}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGLL_de 
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local; 
FF - prefs.js..browser.search.defaultenginename: "Search the web" 
FF - prefs.js..browser.search.order.1: "Search the web" 
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=382950&ilc=12" 
FF - prefs.js..browser.search.selectedEngine: "Search the web" 
FF - prefs.js..browser.search.useDBForOrder: true 
FF - prefs.js..browser.startup.homepage: "www.google.de/" 
FF - prefs.js..keyword.URL: "http://www.browsersafesearch.com?client=mozilla-firefox&cd=UTF-8&search=1&q=" 
FF - prefs.js..network.proxy.no_proxies_on: "*.local" 
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found 

[2011.12.02 21:23:10 | 000,000,000 | ---D | M] (Facemoods) -- C:\Users\Nadine\AppData\Roaming\mozilla\Firefox\Profiles\6ogd6bqp.default\extensions\ffxtlbr@Facemoods.com 

O2 - BHO: (IObit Toolbar) - {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - C:\Programme\IObit Toolbar\IE\6.0\iobitToolbarIE.dll (Spigot, Inc.) 
O2 - BHO: (CescrtHlpr Object) - {64182481-4F71-486b-A045-B233BD0DA8FC} - C:\Programme\facemoods.com\facemoods\1.4.17.11\bh\facemoods.dll (facemoods.com BHO) 
O2 - BHO: (no name) - {ee1babcf-cbe2-4c07-8e18-dfe6fc08c30a} - No CLSID value found. 
O3 - HKLM\..\Toolbar: (IObit Toolbar) - {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - C:\Programme\IObit Toolbar\IE\6.0\iobitToolbarIE.dll (Spigot, Inc.) 
O3 - HKLM\..\Toolbar: (facemoods Toolbar) - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - C:\Programme\facemoods.com\facemoods\1.4.17.11\facemoodsTlbr.dll (facemoods.com) 
O3 - HKLM\..\Toolbar: (toolplugin) - {DFEFCDEE-CF1A-4FC8-89AF-189327213627} - C:\Users\Nadine\AppData\Roaming\toolplugin\toolbar.dll File not found 
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found. 
O3 - HKCU\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Programme\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.) 
O4 - HKLM..\Run: [] File not found 
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe () 
O4 - HKLM..\Run: [facemoods] C:\Program Files\facemoods.com\facemoods\1.4.17.11\facemoodssrv.exe (facemoods.com) 
O4 - HKLM..\Run: [NDSTray.exe] NDSTray.exe File not found 
O4 - HKLM..\Run: [SearchSettings] C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.) 
O4 - HKCU..\Run: [Akamai NetSession Interface] "C:\Users\Nadine\AppData\Local\Akamai\netsession_win.exe" File not found 
O4 - HKCU..\Run: [Sony Ericsson PC Companion] "C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe" /Background File not found 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 
O9 - Extra Button: eBay - Der weltweite Online Marktplatz - {76577871-04EC-495E-A12B-91F7C3600AFA} - http://rover.ebay.com/rover/1/707-44556-9400-3/4 File not found 
O9 - Extra Button: Amazon.de - {8A918C1D-E123-4E36-B562-5C1519E434CE} - http://www.amazon.de/exec/obidos/redirect-home?tag=Toshibadebholink-21&site=home File not found 
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Value error.) 
O32 - HKLM CDRom: AutoRun - 1 
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] 
O33 - MountPoints2\{6af4e8d4-c242-11e0-80bb-001f3ba8f0f9}\Shell - "" = AutoRun 
O33 - MountPoints2\{6af4e8d4-c242-11e0-80bb-001f3ba8f0f9}\Shell\AutoRun\command - "" = D:\Startme.exe 
O33 - MountPoints2\{7123647c-f750-11dd-98eb-001f3ba8f0f9}\Shell\AutoRun\command - "" = D:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe 


[2012.07.12 07:00:26 | 004,503,728 | ---- | M] () -- C:\ProgramData\go_0molg.pad 

[2012.07.05 20:12:30 | 000,000,000 | ---D | C] -- C:\Program Files\Application Updater 
[2012.07.05 20:12:29 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Spigot 
[2012.07.05 20:12:29 | 000,000,000 | ---D | C] -- C:\Program Files\IObit Toolbar 

[2012.07.29 08:53:22 | 000,000,000 | ---D | M] (Widgi Toolbar Platform) -- C:\PROGRAM FILES\COMMON FILES\SPIGOT\WTXPCOM 
 

[2012.07.29 11:05:00 | 000,000,940 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2664316595-2851453375-3809740440-1002UA.job 
[2012.07.29 11:01:22 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job 
[2012.07.27 23:05:00 | 000,000,918 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2664316595-2851453375-3809740440-1002Core.job 

:Files
C:\Users\Garfield\AppData\Local\Temp\
C:\Users\Nadine\AppData\Local\Temp\
C:\Users\Nadine\AppData\Roaming\Goko\
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[emptyflash]

Schließe alle Programme.
Klicke auf den Fix Button.
Wenn OTL einen Neustart verlangt, bitte zulassen.
Kopiere den Inhalt des Logfiles hier in Code-Tags in Deinen Thread.
Nachträglich kannst Du das Logfile hier einsehen => C:\_OTL\MovedFiles\

Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!

Antigone1978 · 29.07.2012, 13:31

Nachstehend die besagte Logdatei.

Wusste nicht genau, ob das mit "Code Tag" gemeint war.

Ist mein PC jetzt wieder vollkommen sauber oder muss ich noch irgendetwas unternehmen?

VG
Nadine

All processes killed
========== OTL ==========
Service IJPLMSVC stopped successfully!
Service IJPLMSVC deleted successfully!
C:\Programme\Canon\IJPLM\ijplmsvc.exe moved successfully.
Service XDva369 stopped successfully!
Service XDva369 deleted successfully!
File C:\Windows\system32\XDva369.sys File not found not found.
Service Tosrfcom stopped successfully!
Service Tosrfcom deleted successfully!
File File not found not found.
Service NwlnkFwd stopped successfully!
Service NwlnkFwd deleted successfully!
File system32\DRIVERS\nwlnkfwd.sys File not found not found.
Service NwlnkFlt stopped successfully!
Service NwlnkFlt deleted successfully!
File system32\DRIVERS\nwlnkflt.sys File not found not found.
Service IpInIp stopped successfully!
Service IpInIp deleted successfully!
File system32\DRIVERS\ipinip.sys File not found not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{8729EACD-BD3E-4769-B5E5-CE2ED74F6EC0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8729EACD-BD3E-4769-B5E5-CE2ED74F6EC0}\ not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{0BDA0769-FD72-49F4-9266-E1FB004F4D8F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0BDA0769-FD72-49F4-9266-E1FB004F4D8F}\ deleted successfully.
C:\Programme\IObit Toolbar\IE\6.0\iobitToolbarIE.dll moved successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{3124709E-EC84-469B-AB42-5DE298ADE240}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3124709E-EC84-469B-AB42-5DE298ADE240}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{47F5713E-0EBE-4971-A854-96687E310C63}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{47F5713E-0EBE-4971-A854-96687E310C63}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{70D46D94-BF1E-45ED-B567-48701376298E}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{8729EACD-BD3E-4769-B5E5-CE2ED74F6EC0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8729EACD-BD3E-4769-B5E5-CE2ED74F6EC0}\ not found.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
Prefs.js: "Search the web" removed from browser.search.defaultenginename
Prefs.js: "Search the web" removed from browser.search.order.1
Prefs.js: "chr-greentree_ff&type=382950&ilc=12" removed from browser.search.param.yahoo-fr
Prefs.js: "Search the web" removed from browser.search.selectedEngine
Prefs.js: true removed from browser.search.useDBForOrder
Prefs.js: "www.google.de/" removed from browser.startup.homepage
Prefs.js: "hxxp://www.browsersafesearch.com?client=mozilla-firefox&cd=UTF-8&search=1&q=" removed from keyword.URL
Prefs.js: "*.local" removed from network.proxy.no_proxies_on
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0\ deleted successfully.
C:\Users\Nadine\AppData\Roaming\mozilla\Firefox\Profiles\6ogd6bqp.default\extensions\ffxtlbr@Facemoods.com\defaults\preferences folder moved successfully.
C:\Users\Nadine\AppData\Roaming\mozilla\Firefox\Profiles\6ogd6bqp.default\extensions\ffxtlbr@Facemoods.com\defaults folder moved successfully.
C:\Users\Nadine\AppData\Roaming\mozilla\Firefox\Profiles\6ogd6bqp.default\extensions\ffxtlbr@Facemoods.com\components folder moved successfully.
C:\Users\Nadine\AppData\Roaming\mozilla\Firefox\Profiles\6ogd6bqp.default\extensions\ffxtlbr@Facemoods.com folder moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0BDA0769-FD72-49F4-9266-E1FB004F4D8F}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0BDA0769-FD72-49F4-9266-E1FB004F4D8F}\ not found.
File C:\Programme\IObit Toolbar\IE\6.0\iobitToolbarIE.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{64182481-4F71-486b-A045-B233BD0DA8FC}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{64182481-4F71-486b-A045-B233BD0DA8FC}\ deleted successfully.
C:\Programme\facemoods.com\facemoods\1.4.17.11\bh\facemoods.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ee1babcf-cbe2-4c07-8e18-dfe6fc08c30a}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ee1babcf-cbe2-4c07-8e18-dfe6fc08c30a}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{0BDA0769-FD72-49F4-9266-E1FB004F4D8F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0BDA0769-FD72-49F4-9266-E1FB004F4D8F}\ not found.
File C:\Programme\IObit Toolbar\IE\6.0\iobitToolbarIE.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{DB4E9724-F518-4dfd-9C7C-78B52103CAB9} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DB4E9724-F518-4dfd-9C7C-78B52103CAB9}\ deleted successfully.
C:\Programme\facemoods.com\facemoods\1.4.17.11\facemoodsTlbr.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{DFEFCDEE-CF1A-4FC8-89AF-189327213627} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DFEFCDEE-CF1A-4FC8-89AF-189327213627}\ deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{47833539-D0C5-4125-9FA8-0819E2EAAC93}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{759D9886-0C6F-4498-BAB6-4A5F47C6C72F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{759D9886-0C6F-4498-BAB6-4A5F47C6C72F}\ deleted successfully.
File WebPrint EX\ewpexhlp.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\DivXUpdate deleted successfully.
C:\Programme\DivX\DivX Update\DivXUpdate.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\facemoods deleted successfully.
C:\Programme\facemoods.com\facemoods\1.4.17.11\facemoodssrv.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\NDSTray.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SearchSettings deleted successfully.
C:\Programme\Common Files\Spigot\Search Settings\SearchSettings.exe moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Akamai NetSession Interface deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Sony Ericsson PC Companion deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableLUA deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{76577871-04EC-495E-A12B-91F7C3600AFA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{76577871-04EC-495E-A12B-91F7C3600AFA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{8A918C1D-E123-4E36-B562-5C1519E434CE}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8A918C1D-E123-4E36-B562-5C1519E434CE}\ not found.
Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
C:\Windows\Downloaded Program Files\erma.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6af4e8d4-c242-11e0-80bb-001f3ba8f0f9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6af4e8d4-c242-11e0-80bb-001f3ba8f0f9}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6af4e8d4-c242-11e0-80bb-001f3ba8f0f9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6af4e8d4-c242-11e0-80bb-001f3ba8f0f9}\ not found.
File D:\Startme.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7123647c-f750-11dd-98eb-001f3ba8f0f9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7123647c-f750-11dd-98eb-001f3ba8f0f9}\ not found.
File D:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe not found.
C:\ProgramData\go_0molg.pad moved successfully.
C:\Program Files\Application Updater folder moved successfully.
C:\Program Files\Common Files\Spigot\wtxpcom\components folder moved successfully.
C:\Program Files\Common Files\Spigot\wtxpcom\chrome\content folder moved successfully.
C:\Program Files\Common Files\Spigot\wtxpcom\chrome folder moved successfully.
C:\Program Files\Common Files\Spigot\wtxpcom folder moved successfully.
C:\Program Files\Common Files\Spigot\Search Settings\Res folder moved successfully.
C:\Program Files\Common Files\Spigot\Search Settings\Lang folder moved successfully.
C:\Program Files\Common Files\Spigot\Search Settings folder moved successfully.
C:\Program Files\Common Files\Spigot folder moved successfully.
C:\Program Files\IObit Toolbar\Res\Lang folder moved successfully.
C:\Program Files\IObit Toolbar\Res folder moved successfully.
C:\Program Files\IObit Toolbar\IE\6.0 folder moved successfully.
C:\Program Files\IObit Toolbar\IE folder moved successfully.
C:\Program Files\IObit Toolbar\FF\chrome folder moved successfully.
C:\Program Files\IObit Toolbar\FF folder moved successfully.
C:\Program Files\IObit Toolbar folder moved successfully.
Folder C:\PROGRAM FILES\COMMON FILES\SPIGOT\WTXPCOM\ not found.
C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2664316595-2851453375-3809740440-1002UA.job moved successfully.
C:\Windows\Tasks\Adobe Flash Player Updater.job moved successfully.
C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2664316595-2851453375-3809740440-1002Core.job moved successfully.
========== FILES ==========
C:\Users\Garfield\AppData\Local\Temp\WPDNSE folder moved successfully.
C:\Users\Garfield\AppData\Local\Temp\scoped_dir9520 folder moved successfully.
C:\Users\Garfield\AppData\Local\Temp\scoped_dir9513 folder moved successfully.
C:\Users\Garfield\AppData\Local\Temp\scoped_dir7572 folder moved successfully.
C:\Users\Garfield\AppData\Local\Temp\scoped_dir6710 folder moved successfully.
C:\Users\Garfield\AppData\Local\Temp\scoped_dir5682 folder moved successfully.
C:\Users\Garfield\AppData\Local\Temp\scoped_dir5667 folder moved successfully.
C:\Users\Garfield\AppData\Local\Temp\scoped_dir32529 folder moved successfully.
C:\Users\Garfield\AppData\Local\Temp\scoped_dir25768 folder moved successfully.
C:\Users\Garfield\AppData\Local\Temp\scoped_dir15892 folder moved successfully.
C:\Users\Garfield\AppData\Local\Temp\scoped_dir1409 folder moved successfully.
C:\Users\Garfield\AppData\Local\Temp\scoped_dir1402 folder moved successfully.
C:\Users\Garfield\AppData\Local\Temp\scoped_dir1396 folder moved successfully.
C:\Users\Garfield\AppData\Local\Temp\scoped_dir12631 folder moved successfully.
C:\Users\Garfield\AppData\Local\Temp\plugtmp-2 folder moved successfully.
C:\Users\Garfield\AppData\Local\Temp\plugtmp-1 folder moved successfully.
C:\Users\Garfield\AppData\Local\Temp\plugtmp folder moved successfully.
C:\Users\Garfield\AppData\Local\Temp\Low folder moved successfully.
C:\Users\Garfield\AppData\Local\Temp\is357113909 folder moved successfully.
C:\Users\Garfield\AppData\Local\Temp\hsperfdata_Garfield folder moved successfully.
C:\Users\Garfield\AppData\Local\Temp\e4jB97F.tmp_dir folder moved successfully.
C:\Users\Garfield\AppData\Local\Temp\divDCF5.tmp folder moved successfully.
C:\Users\Garfield\AppData\Local\Temp\divD7D7.tmp folder moved successfully.
C:\Users\Garfield\AppData\Local\Temp\divD539.tmp folder moved successfully.
C:\Users\Garfield\AppData\Local\Temp\divA5DF.tmp folder moved successfully.
C:\Users\Garfield\AppData\Local\Temp\divA505.tmp folder moved successfully.
C:\Users\Garfield\AppData\Local\Temp\div2174.tmp folder moved successfully.
C:\Users\Garfield\AppData\Local\Temp\div208A.tmp folder moved successfully.
C:\Users\Garfield\AppData\Local\Temp\DDMCache folder moved successfully.
C:\Users\Garfield\AppData\Local\Temp\acro_rd_dir folder moved successfully.
C:\Users\Garfield\AppData\Local\Temp folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp\xmr.6012 folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp\xmr.5700 folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp\xmr.4332 folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp\WZSE1.TMP\16.14 folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp\WZSE1.TMP folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp\WZSE0.TMP folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp\WPDNSE folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp\Word8.0 folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp\VCB\Setup\Files folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp\VCB\Setup\Drivers folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp\VCB\Setup\Applications folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp\VCB\Setup folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp\VCB\Languages\ZHH folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp\VCB\Languages\TRK folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp\VCB\Languages\THA folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp\VCB\Languages\SVE folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp\VCB\Languages\RUS folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp\VCB\Languages\PTG folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp\VCB\Languages\PLK folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp\VCB\Languages\NOR folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp\VCB\Languages\NLD folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp\VCB\Languages\KOR folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp\VCB\Languages\JPN folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp\VCB\Languages\ITA folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp\VCB\Languages\HUN folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp\VCB\Languages\HEB folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp\VCB\Languages\FRC folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp\VCB\Languages\FRA folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp\VCB\Languages\FIN folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp\VCB\Languages\ESP folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp\VCB\Languages\ESM folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp\VCB\Languages\ENU folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp\VCB\Languages\ENG folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp\VCB\Languages\ELL folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp\VCB\Languages\DEU folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp\VCB\Languages\DAN folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp\VCB\Languages\CSY folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp\VCB\Languages\CHT folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp\VCB\Languages\CHS folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp\VCB\Languages\ARB folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp\VCB\Languages folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp\VCB\Graphics folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp\VCB folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp\VBE folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp\TCDC2FA.tmp folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp\TCD937D.tmp folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp\TCD543B.tmp folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp\Sony Ericsson\Sony Ericsson PC Companion\Plugins\{E835B76A-F006-429D-A9FE-76D7E5FF2268}\Graphics folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp\Sony Ericsson\Sony Ericsson PC Companion\Plugins\{E835B76A-F006-429D-A9FE-76D7E5FF2268} folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp\Sony Ericsson\Sony Ericsson PC Companion\Plugins\{CD7587C5-4C01-4A60-B237-C2A36BE1C08C}\Graphics folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp\Sony Ericsson\Sony Ericsson PC Companion\Plugins\{CD7587C5-4C01-4A60-B237-C2A36BE1C08C} folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp\Sony Ericsson\Sony Ericsson PC Companion\Plugins\{C8C6DF5B-5825-47CD-B985-40A46C71CDE3}\Graphics folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp\Sony Ericsson\Sony Ericsson PC Companion\Plugins\{C8C6DF5B-5825-47CD-B985-40A46C71CDE3} folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp\Sony Ericsson\Sony Ericsson PC Companion\Plugins\{AB721AEB-D18E-4038-86AB-15DA8DF362E0}\Graphics folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp\Sony Ericsson\Sony Ericsson PC Companion\Plugins\{AB721AEB-D18E-4038-86AB-15DA8DF362E0} folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp\Sony Ericsson\Sony Ericsson PC Companion\Plugins\{6CFB6439-7DDC-4785-9BEC-861F027E201E}\Graphics folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp\Sony Ericsson\Sony Ericsson PC Companion\Plugins\{6CFB6439-7DDC-4785-9BEC-861F027E201E} folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp\Sony Ericsson\Sony Ericsson PC Companion\Plugins\{37AA65A5-2530-4218-B3A4-2308F6ED34FC}\Graphics folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp\Sony Ericsson\Sony Ericsson PC Companion\Plugins\{37AA65A5-2530-4218-B3A4-2308F6ED34FC} folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp\Sony Ericsson\Sony Ericsson PC Companion\Plugins\{3124D88B-D984-410D-B211-FAFAD93F03DF}\Graphics folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp\Sony Ericsson\Sony Ericsson PC Companion\Plugins\{3124D88B-D984-410D-B211-FAFAD93F03DF} folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp\Sony Ericsson\Sony Ericsson PC Companion\Plugins\{028A6B8A-ABD2-420C-B622-9A5C8552BBEC}\Graphics folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp\Sony Ericsson\Sony Ericsson PC Companion\Plugins\{028A6B8A-ABD2-420C-B622-9A5C8552BBEC} folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp\Sony Ericsson\Sony Ericsson PC Companion\Plugins folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp\Sony Ericsson\Sony Ericsson PC Companion\AutoUpdate folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp\Sony Ericsson\Sony Ericsson PC Companion folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp\Sony Ericsson folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp\Sony\Sony PC Companion\Plugins\{C8C6DF5B-5825-47CD-B985-40A46C71CDE3}\Graphics folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp\Sony\Sony PC Companion\Plugins\{C8C6DF5B-5825-47CD-B985-40A46C71CDE3} folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp\Sony\Sony PC Companion\Plugins\{AB721AEB-D18E-4038-86AB-15DA8DF362E0}\Graphics folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp\Sony\Sony PC Companion\Plugins\{AB721AEB-D18E-4038-86AB-15DA8DF362E0} folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp\Sony\Sony PC Companion\Plugins\{6CFB6439-7DDC-4785-9BEC-861F027E201E}\Graphics folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp\Sony\Sony PC Companion\Plugins\{6CFB6439-7DDC-4785-9BEC-861F027E201E} folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp\Sony\Sony PC Companion\Plugins\{37AA65A5-2530-4218-B3A4-2308F6ED34FC}\Graphics folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp\Sony\Sony PC Companion\Plugins\{37AA65A5-2530-4218-B3A4-2308F6ED34FC} folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp\Sony\Sony PC Companion\Plugins folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp\Sony\Sony PC Companion\AutoUpdate folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp\Sony\Sony PC Companion folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp\Sony folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp\ppcrlui_4364_2.ui folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp\plugtmp-9 folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp\plugtmp-8 folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp\plugtmp-7 folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp\plugtmp-6 folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp\plugtmp-5 folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp\plugtmp-4 folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp\plugtmp-3 folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp\plugtmp-26 folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp\plugtmp-25 folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp\plugtmp-24 folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp\plugtmp-23 folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp\plugtmp-22 folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp\plugtmp-21 folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp\plugtmp-20 folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp\plugtmp-2 folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp\plugtmp-19 folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp\plugtmp-18 folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp\plugtmp-17 folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp\plugtmp-16 folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp\plugtmp-15 folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp\plugtmp-14 folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp\plugtmp-13 folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp\plugtmp-12 folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp\plugtmp-11 folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp\plugtmp-10 folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp\plugtmp-1 folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp\plugtmp folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp\Picasa3\Picasa filecheck folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp\Picasa3 folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp\PCCompanion\Plugins\{C8C6DF5B-5825-47CD-B985-40A46C71CDE3}\Setup\WMF folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp\PCCompanion\Plugins\{C8C6DF5B-5825-47CD-B985-40A46C71CDE3}\Setup\QT folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp\PCCompanion\Plugins\{C8C6DF5B-5825-47CD-B985-40A46C71CDE3}\Setup\MG\Setup\Net20\sve folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp\PCCompanion\Plugins\{C8C6DF5B-5825-47CD-B985-40A46C71CDE3}\Setup\MG\Setup\Net20\rus folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp\PCCompanion\Plugins\{C8C6DF5B-5825-47CD-B985-40A46C71CDE3}\Setup\MG\Setup\Net20\ptg folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp\PCCompanion\Plugins\{C8C6DF5B-5825-47CD-B985-40A46C71CDE3}\Setup\MG\Setup\Net20\ptb folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp\PCCompanion\Plugins\{C8C6DF5B-5825-47CD-B985-40A46C71CDE3}\Setup\MG\Setup\Net20\plk folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp\PCCompanion\Plugins\{C8C6DF5B-5825-47CD-B985-40A46C71CDE3}\Setup\MG\Setup\Net20\nor folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp\PCCompanion\Plugins\{C8C6DF5B-5825-47CD-B985-40A46C71CDE3}\Setup\MG\Setup\Net20\nld folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp\PCCompanion\Plugins\{C8C6DF5B-5825-47CD-B985-40A46C71CDE3}\Setup\MG\Setup\Net20\kor folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp\PCCompanion\Plugins\{C8C6DF5B-5825-47CD-B985-40A46C71CDE3}\Setup\MG\Setup\Net20\jpn folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp\PCCompanion\Plugins\{C8C6DF5B-5825-47CD-B985-40A46C71CDE3}\Setup\MG\Setup\Net20\ita folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp\PCCompanion\Plugins\{C8C6DF5B-5825-47CD-B985-40A46C71CDE3}\Setup\MG\Setup\Net20\fra folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp\PCCompanion\Plugins\{C8C6DF5B-5825-47CD-B985-40A46C71CDE3}\Setup\MG\Setup\Net20\fin folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp\PCCompanion\Plugins\{C8C6DF5B-5825-47CD-B985-40A46C71CDE3}\Setup\MG\Setup\Net20\esp folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp\PCCompanion\Plugins\{C8C6DF5B-5825-47CD-B985-40A46C71CDE3}\Setup\MG\Setup\Net20\deu folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp\PCCompanion\Plugins\{C8C6DF5B-5825-47CD-B985-40A46C71CDE3}\Setup\MG\Setup\Net20\dan folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp\PCCompanion\Plugins\{C8C6DF5B-5825-47CD-B985-40A46C71CDE3}\Setup\MG\Setup\Net20\cht folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp\PCCompanion\Plugins\{C8C6DF5B-5825-47CD-B985-40A46C71CDE3}\Setup\MG\Setup\Net20\chs folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp\PCCompanion\Plugins\{C8C6DF5B-5825-47CD-B985-40A46C71CDE3}\Setup\MG\Setup\Net20 folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp\PCCompanion\Plugins\{C8C6DF5B-5825-47CD-B985-40A46C71CDE3}\Setup\MG\Setup folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp\PCCompanion\Plugins\{C8C6DF5B-5825-47CD-B985-40A46C71CDE3}\Setup\MG folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp\PCCompanion\Plugins\{C8C6DF5B-5825-47CD-B985-40A46C71CDE3}\Setup folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp\PCCompanion\Plugins\{C8C6DF5B-5825-47CD-B985-40A46C71CDE3} folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp\PCCompanion\Plugins\{6CFB6439-7DDC-4785-9BEC-861F027E201E} folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp\PCCompanion\Plugins folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp\PCCompanion folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp\OneNoteRuntimeCache\OneNoteRuntimeCache_Files folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp\OneNoteRuntimeCache folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp\OIS\temp folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp\OIS\cacheFiles folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp\OIS folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp\msohtmlclip1\01 folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp\msohtmlclip1 folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp\msohtmlclip folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp\moz_mapi folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp\MozillaMailnews folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp\mozilla-media-cache folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp\Media Go\Prepared folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp\Media Go\MGUpdate_2.1.392 folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp\Media Go\MGUpdate_2.0.317 folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp\Media Go\MGUpdate_1.8.121 folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp\Media Go\Gracenote folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp\Media Go folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp\Low folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp\KB2656351_10.0.30319 folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp\KB2572078_10.0.30319 folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp\KB2539636_10.0.30319 folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp\KB2518870_10.0.30319 folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp\is233770471 folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp\is1373634743 folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp\is-6JEQO.tmp folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp\hsperfdata_Nadine folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp\foxtab\thumbsRCT folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp\foxtab\thumbs folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp\foxtab folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp\FotoSchauBilder folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp\F631.dir folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp\DownloadMngWeb folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp\DownloadMngPhone folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp\divFDED.tmp folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp\divFD70.tmp folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp\divFB8D.tmp folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp\divFA26.tmp folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp\divF8A0.tmp folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp\divF852.tmp folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp\divF7D5.tmp folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp\divF6FC.tmp folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp\divF6FB.tmp folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp\divF6EB.tmp folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp\divF601.tmp folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp\divF2C.tmp folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp\divF2B8.tmp folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp\divF2A7.tmp folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp\divF23A.tmp folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp\divF19F.tmp folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp\divF19E.tmp folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp\divEFAB.tmp folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp\divEEE0.tmp folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp\divEEC1.tmp folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp\divEE25.tmp folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp\divEDE6.tmp folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp\divEDA8.tmp folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp\divED98.tmp folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp\divEB09.tmp folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp\divEA8C.tmp folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp\divE7EE.tmp folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp\divE790.tmp folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp\divE6E4.tmp folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp\divE5CB.tmp folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp\divE58D.tmp folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp\divE4F1.tmp folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp\divE4D2.tmp folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp\divE455.tmp folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp\divE3C9.tmp folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp\divE37B.tmp folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp\divE23.tmp folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp\divE214.tmp folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp\divE204.tmp folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp\divE0BD.tmp folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp\divE07E.tmp folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp\divE05F.tmp folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp\divDCA7.tmp folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp\divDBFC.tmp folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp\divDBAE.tmp folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp\divDA38.tmp folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp\divD96D.tmp folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp\divD96.tmp folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp\divD95D.tmp folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp\divD91F.tmp folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp\divD873.tmp folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp\divD7C7.tmp folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp\divD641.tmp folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp\divD4FA.tmp folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp\divD42F.tmp folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp\divD400.tmp folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp\divD3B2.tmp folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp\divD1EE.tmp folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp\divD171.tmp folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp\divD123.tmp folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp\divD104.tmp folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp\divD0D5.tmp folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp\divCF20.tmp folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp\divCBC6.tmp folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp\divCAFB.tmp folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp\divCADC.tmp folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp\divC8CA.tmp folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp\divC8BA.tmp folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp\divC85D.tmp folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp\divC7FF.tmp folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp\divC744.tmp folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp\divC65A.tmp folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp\divC62B.tmp folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp\divC60C.tmp folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp\divC42A.tmp folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp\divC3BB.tmp folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp\divC37D.tmp folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp\divC1E7.tmp folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp\divC11C.tmp folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp\divC042.tmp folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp\divC023.tmp folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp\divBF96.tmp folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp\divBDC3.tmp folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp\divBDC2.tmp folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp\divBD2.tmp folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp\divBC6B.tmp folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp\divBC2D.tmp folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp\divBBB0.tmp folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp\divBB91.tmp folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp\divBAA7.tmp folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp\divBA49.tmp folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp\divBA0C.tmp folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp\divBA0B.tmp folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp\divB98E.tmp folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp\divB95F.tmp folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp\divB885.tmp folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp\divB79B.tmp folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp\divB6B1.tmp folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp\divB672.tmp folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp\divB634.tmp folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp\divB5E6.tmp folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp\divB5B7.tmp folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp\divB588.tmp folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp\divB4AE.tmp folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp\divB3B4.tmp folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp\divB385.tmp folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp\divB337.tmp folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp\divB2DA.tmp folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp\divB2CA.tmp folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp\divB1F0.tmp folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp\divB192.tmp folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp\divB115.tmp folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp\divB0E7.tmp folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp\divAF03.tmp folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp\divAE8.tmp folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp\divAD9C.tmp folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp\divACC4.tmp folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp\divAB7A.tmp folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp\divAAA5.tmp folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp\divA9D5.tmp folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp\divA958.tmp folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp\divA90A.tmp folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp\divA8FB.tmp folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp\divA7B3.tmp folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp\divA794.tmp folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp\divA63D.tmp folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp\divA581.tmp folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp\divA4E5.tmp folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp\divA4D6.tmp folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp\divA1CA.tmp folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp\divA093.tmp folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp\div9E51.tmp folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp\div9E03.tmp folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp\div9CF.tmp folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp\div9BF0.tmp folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp\div991.tmp folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp\div9896.tmp folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp\div952D.tmp folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp\div9471.tmp folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp\div93F5.tmp folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp\div91F2.tmp folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp\div8F53.tmp folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp\div8E88.tmp folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp\div8D50.tmp folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp\div8D31.tmp folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp\div8C96.tmp folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp\div8B3E.tmp folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp\div8AB1.tmp folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp\div8A73.tmp folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp\div897.tmp folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp\div7DD.tmp folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp\div7DC.tmp folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp\div7CDC.tmp folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp\div7A4D.tmp folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp\div7944.tmp folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp\div78B7.tmp folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp\div729F.tmp folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp\div71F4.tmp folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp\div6BDC.tmp folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp\div698.tmp folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp\div688.tmp folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp\div6853.tmp folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp\div6814.tmp folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp\div63A2.tmp folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp\div5FBB.tmp folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp\div5E26.tmp folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp\div5C90.tmp folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp\div5B0A.tmp folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp\div5936.tmp folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp\div58E8.tmp folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp\div57CF.tmp folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp\div5733.tmp folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp\div56F5.tmp folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp\div55DD.tmp folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp\div54D.tmp folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp\div5169.tmp folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp\div4BAF.tmp folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp\div4A38.tmp folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp\div475B.tmp folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp\div4604.tmp folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp\div43B3.tmp folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp\div4105.tmp folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp\div40EA.tmp folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp\div3E28.tmp folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp\div3DDA.tmp folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp\div3C82.tmp folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp\div3ABE.tmp folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp\div3976.tmp folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp\div3800.tmp folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp\div3793.tmp folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp\div3310.tmp folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp\div30A1.tmp folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp\div3052.tmp folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp\div2BA1.tmp folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp\div2AB7.tmp folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp\div2857.tmp folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp\div1F3.tmp folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp\div1DEB.tmp folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp\div1A5.tmp folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp\div1A14.tmp folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp\div18CD.tmp folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp\div1862.tmp folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp\div17C5.tmp folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp\div17C4.tmp folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp\div166.tmp folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp\div165D.tmp folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp\div1573.tmp folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp\div1312.tmp folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp\div10F0.tmp folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp\div10D2.tmp folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp\div10D1.tmp folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp\div1045.tmp folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp\DDMCache folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp\BB4.dir folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp\Adobe Premiere Pro Preview Files\München.PRV folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp\Adobe Premiere Pro Preview Files folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp\Adobe\Acrobat\9.0 folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp\Adobe\Acrobat folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp\Adobe folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp\acro_rd_dir\Temporary Internet Files\Content.IE5\WDRBP15E folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp\acro_rd_dir\Temporary Internet Files\Content.IE5\KLYQK3V6 folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp\acro_rd_dir\Temporary Internet Files\Content.IE5\8UWFWLJT folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp\acro_rd_dir\Temporary Internet Files\Content.IE5\6R1B8BRN folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp\acro_rd_dir\Temporary Internet Files\Content.IE5 folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp\acro_rd_dir\Temporary Internet Files folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp\acro_rd_dir\History\History.IE5 folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp\acro_rd_dir\History folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp\acro_rd_dir\Cookies folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp\acro_rd_dir folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp\3AAF.dir folder moved successfully.
C:\Users\Nadine\AppData\Local\Temp folder moved successfully.
C:\Users\Nadine\AppData\Roaming\Goko folder moved successfully.
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\Nadine\Desktop\cmd.bat deleted successfully.
C:\Users\Nadine\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56504 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Garfield
->Temporary Internet Files folder emptied: 2087178 bytes
->Java cache emptied: 11991 bytes
->FireFox cache emptied: 68126619 bytes
->Flash cache emptied: 63785 bytes

User: Gast
->Temp folder emptied: 50566 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->FireFox cache emptied: 6480982 bytes
->Flash cache emptied: 56504 bytes

User: Nadine
->Temporary Internet Files folder emptied: 246442606 bytes
->Java cache emptied: 45049251 bytes
->FireFox cache emptied: 122913846 bytes
->Flash cache emptied: 176039 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 2497729 bytes
RecycleBin emptied: 191534 bytes

Total Files Cleaned = 471,00 mb

[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Garfield
->Flash cache emptied: 0 bytes

User: Gast
->Flash cache emptied: 0 bytes

User: Nadine
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0,00 mb

OTL by OldTimer - Version 3.2.55.0 log created on 07292012_135159

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

t'john · 29.07.2012, 14:03

Sehr gut!

Wie laeuft der Rechner?

1. Schritt

Bitte einen Vollscan mit Malwarebytes Anti-Malware machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Malwarebytes Anti-Malware
- Anwendbar auf Windows 2000, XP, Vista und 7.
- Installiere das Programm in den vorgegebenen Pfad.
- Aktiviere "Komplett Scan durchführen" => Scan.
- Wähle alle verfügbaren Laufwerke (ausser CD/DVD) aus und starte den Scan.
- Funde bitte löschen lassen oder in Quarantäne.
- Wenn der Scan beendet ist, klicke auf "Zeige Resultate".

danach:

2. Schritt

Downloade Dir bitte AdwCleaner auf deinen Desktop.

Starte die adwcleaner.exe mit einem Doppelklick.
Klicke auf Search.
Nach Ende des Suchlaufs öffnet sich eine Textdatei.
Poste mir den Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner[R1].txt.

Antigone1978 · 29.07.2012, 16:54

Der Rechner läuft etwas langsamer als sonst, beim Öffnen von Anwendungen.

Ich habe beide Scans in den Anhang gepackt.

Wie gehts jetzt weiter oder fertig? (Bitte nicht nochmal einen Scan mit Malwarebytes :-/.) :-)

t'john · 29.07.2012, 18:22

Sehr gut!

Schließe alle offenen Programme und Browser.
Starte die adwcleaner.exe mit einem Doppelklick.
Klicke auf Delete.
Bestätige jeweils mit Ok.
Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
Poste mir den Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner[S1].txt.

danach:

Malware-Scan mit Emsisoft Anti-Malware

Lade die Gratisversion von => Emsisoft Anti-Malware herunter und installiere das Programm.
Lade über Jetzt Updaten die aktuellen Signaturen herunter.
Wähle den Freeware-Modus aus.

Wähle Detail Scan und starte über den Button Scan die Überprüfung des Computers.
Am Ende des Scans nichts loeschen lassen!. Mit Klick auf Bericht speichern das Logfile auf dem Desktop speichern und hier in den Thread posten.

Anleitung: http://www.trojaner-board.de/103809-...i-malware.html

Antigone1978 · 29.07.2012, 21:14

Anbei wieder die Logdateien.

VG Nadine

t'john · 29.07.2012, 21:15

Sehr gut!

Deinstalliere:
Emsisoft Anti-Malware

ESET Online Scanner

Vorbereitung

Schließe evtl. vorhandene externe Festplatten und/oder sonstigen Wechselmedien (z. B. evtl. vorhandene USB-Sticks) an den Rechner an.
Bitte während des Online-Scans Anti-Virus-Programm und Firewall deaktivieren.
Vista/Win7-User: Bitte den Browser unbedingt als Administrator starten.

Los geht's

Lade und starte Eset Smartinstaller
Haken setzen bei YES, I accept the Terms of Use.
Klick auf Start.
Haken setzen bei Remove found threads und Scan archives.
Klick auf Start.
Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Finish drücken.
Browser schließen.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (manchmal auch C:\Programme\Eset\log.txt) suchen und mit Deinem Editor öffnen.
Logfile hier posten.
Deinstallation: Systemsteuerung => Software => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Antigone1978 · 29.07.2012, 23:45

Logdatei vom Scan mit Eset:

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=c417d5d542c6624c9ef979c15d9df213
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-07-29 10:38:09
# local_time=2012-07-30 12:38:09 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=1797 16775165 100 100 134565 119109331 42049 0
# compatibility_mode=5892 16776573 100 100 115503 181126752 0 0
# compatibility_mode=8192 67108863 100 0 160 160 0 0
# scanned=244126
# found=13
# cleaned=13
# scan_time=7464
C:\Windows\Installer\5c582.msi probably a variant of Win32/Toolbar.Widgi application (deleted - quarantined) 00000000000000000000000000000000 C
C:\_OTL\MovedFiles\07292012_135159\C_Program Files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll a variant of Win32/Toolbar.Widgi application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\_OTL\MovedFiles\07292012_135159\C_Program Files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.10 a variant of Win32/Toolbar.Widgi application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\_OTL\MovedFiles\07292012_135159\C_Program Files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.11 a variant of Win32/Toolbar.Widgi application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\_OTL\MovedFiles\07292012_135159\C_Program Files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.12 a variant of Win32/Toolbar.Widgi application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\_OTL\MovedFiles\07292012_135159\C_Program Files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.14 a variant of Win32/Toolbar.Widgi application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\_OTL\MovedFiles\07292012_135159\C_Program Files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.5 a variant of Win32/Toolbar.Widgi application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\_OTL\MovedFiles\07292012_135159\C_Program Files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.6 a variant of Win32/Toolbar.Widgi application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\_OTL\MovedFiles\07292012_135159\C_Program Files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.7 a variant of Win32/Toolbar.Widgi application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\_OTL\MovedFiles\07292012_135159\C_Program Files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.8 a variant of Win32/Toolbar.Widgi application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\_OTL\MovedFiles\07292012_135159\C_Users\Garfield\AppData\Local\Temp\is357113909\ezLookerSilent_DDD_FTT_BG_BD_BVD.exe probably a variant of Win32/Adware.HLQFYSH application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\_OTL\MovedFiles\07292012_135159\C_Users\Nadine\AppData\Local\Temp\is233770471\MyBabylonTB.exe Win32/Toolbar.Babylon application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
G:\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx Win32/Conficker.AA worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

t'john · 30.07.2012, 15:22

Fixen mit OTL

Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).

Deaktiviere etwaige Virenscanner wie Avira, Kaspersky etc.
Starte die OTL.exe.
Vista- und Windows 7-User starten mit Rechtsklick auf das Programm-Icon und wählen "Als Administrator ausführen".
Kopiere folgendes Skript in das Textfeld unterhalb von Benuterdefinierte Scans/Fixes:

Code:

ATTFilter

:OTL
:Files
G:\RECYCLER\
:Commands
[purity]
[emptytemp]
[emptyflash]
[emptyjava]
[CLEARALLRESTOREPOINTS]
[Reboot]

Schließe alle Programme.
Klicke auf den Fix Button.
Wenn OTL einen Neustart verlangt, bitte zulassen.
Kopiere den Inhalt des Logfiles hier in Code-Tags in Deinen Thread.
Nachträglich kannst Du das Logfile hier einsehen => C:\_OTL\MovedFiles\

Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!

Antigone1978 · 30.07.2012, 19:16

All processes killed
========== OTL ==========
========== FILES ==========
Folder G:\RECYCLER not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Garfield
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Gast
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Nadine
->Temp folder emptied: 246114 bytes
->Temporary Internet Files folder emptied: 1297834 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 83745057 bytes
->Flash cache emptied: 1126 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 66180 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 81,00 mb

[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Garfield
->Flash cache emptied: 0 bytes

User: Gast
->Flash cache emptied: 0 bytes

User: Nadine
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0,00 mb

[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: Garfield
->Java cache emptied: 0 bytes

User: Gast

User: Nadine
->Java cache emptied: 0 bytes

User: Public

Total Java Files Cleaned = 0,00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.55.0 log created on 07302012_200744

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

t'john · 30.07.2012, 19:58

Java aktualisieren

Dein Java ist nicht mehr aktuell. Älter Versionen enthalten Sicherheitslücken, die von Malware missbraucht werden können.

Downloade dir bitte die neueste Java-Version von hier
Speichere die jxpiinstall.exe
Schließe alle laufenden Programme. Speziell deinen Browser.
Starte die jxpiinstall.exe. Diese wird den Installer für die neueste Java Version ( Java 7 Update 5 ) herunter laden.
Wenn die Installation beendet wurde
Start --> Systemsteuerung --> Programme und deinstalliere alle älteren Java Versionen.
Starte deinen Rechner neu sobald alle älteren Versionen deinstalliert wurden.

Nach dem Neustart

Öffne erneut die Systemsteuerung --> Programme und klicke auf das Java Symbol.
Im Reiter Allgemein, klicke unter Temporäre Internetdateien auf Einstellungen.
Klicke auf Dateien löschen....
Gehe sicher das überall ein Hacken gesetzt ist und klicke OK.
Klicke erneut OK.

Dann so einstellen: http://www.trojaner-board.de/105213-...tellungen.html

GVU-Trojaner mit Webcam hat System blockiert, Vista 32bit

Plagegeister aller Art und deren Bekämpfung: GVU-Trojaner mit Webcam hat System blockiert, Vista 32bit