fe0_zip.exe Fehlermeldung nach Hochfahren

Feli2209 · 31.07.2012, 09:50

Hallo,

folgendes Problem:

Ich hatte/habe den GVU Trojaner. Mit Kaspersky Rescue Disk 10 konnte ich mein System wieder zum laufen bekommen. Jetzt sagt mir aber mein System direkt nach dem Hochfahren dass die o. g. Datei nicht gefunden werden kann...

Habe mich ein wenig durchgegooglet(bei euren Themen fündig geworden, Problem fe0_zip.exe ?!) hab jetzt Malware runtergeladen und durchlaufen lassen. Ebenso OTL.

Wie bekomme ich mein System Sauber?

t'john · 31.07.2012, 11:59

1. Schritt

Bitte einen Vollscan mit Malwarebytes Anti-Malware machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Malwarebytes Anti-Malware
- Anwendbar auf Windows 2000, XP, Vista und 7.
- Installiere das Programm in den vorgegebenen Pfad.
- Aktiviere "Komplett Scan durchführen" => Scan.
- Wähle alle verfügbaren Laufwerke (ausser CD/DVD) aus und starte den Scan.
- Funde bitte löschen lassen oder in Quarantäne.
- Wenn der Scan beendet ist, klicke auf "Zeige Resultate".

2. Schritt

Systemscan mit OTL (bebilderte Anleitung)

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop ( falls noch nicht vorhanden)- Doppelklick auf die OTL.exe
- Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
- Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
- Unter Extra Registry, wähle bitte Use SafeList
- Klicke nun auf Run Scan links oben
- Wenn der Scan beendet wurde werden 2 Logfiles erstellt
- Poste die Logfiles hier in den Thread.

Feli2209 · 31.07.2012, 17:13

Malwarebytes Anti-Malware (Test) 1.62.0.1300
Malwarebytes : Free Anti-Malware download

Datenbank Version: v2012.07.31.04

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Felix :: FELIX-PC [Administrator]

Schutz: Aktiviert

31.07.2012 08:54:33
mbam-log-2012-07-31 (08-54-33).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|H:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 565592
Laufzeit: 2 Stunde(n), 43 Minute(n), 26 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 2
HKCR\CLSID\{DD31495E-290C-41CF-8C66-7415383F82DE} (Trojan.Banker) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DD31495E-290C-41CF-8C66-7415383F82DE} (Trojan.Banker) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 1
C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013 (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateien: 4
C:\Users\Felix\Downloads\Programmdateien\SoftonicDownloader_fuer_easeus-data-recovery-wizard.exe (PUP.OfferBundler.ST) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Felix\Downloads\Programmdateien\SoftonicDownloader_fuer_sweet-home-3d.exe (PUP.OfferBundler.ST) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Felix\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk (Trojan.Ransom.Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\Desktop.ini (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 31.07.2012 12:04:11 - Run 1
OTL by OldTimer - Version 3.2.55.0     Folder = C:\Users\Felix\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 0,72 Gb Available Physical Memory | 36,14% Memory free
4,23 Gb Paging File | 2,66 Gb Available in Paging File | 62,75% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 455,93 Gb Total Space | 322,20 Gb Free Space | 70,67% Space Free | Partition Type: NTFS
Drive H: | 1863,01 Gb Total Space | 1418,89 Gb Free Space | 76,16% Space Free | Partition Type: NTFS
 
Computer Name: FELIX-PC | User Name: Felix | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Felix\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Users\Felix\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - c:\Programme\Ocster Backup\bin\backupService-ox.exe ()
PRC - C:\Programme\Ocster Backup\bin\backupClient-ox.exe ()
PRC - c:\Programme\Ocster Backup\bin\oxHelper.exe ()
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation)
PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Programme\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
PRC - C:\Programme\Winamp\winampa.exe (Nullsoft, Inc.)
PRC - C:\Programme\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.)
PRC - C:\Programme\Common Files\LogiShrd\LQCVFX\COCIManager.exe ()
PRC - C:\Programme\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
PRC - C:\Programme\Logitech\LWS\Webcam Software\CameraHelperShell.exe ()
PRC - C:\Programme\avmwlanstick\WLanGUI.exe (AVM Berlin)
PRC - C:\Programme\avmwlanstick\WLanNetService.exe (AVM Berlin)
PRC - C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
PRC - C:\Programme\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Programme\ICQ6Toolbar\ICQ Service.exe ()
PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
PRC - C:\Programme\Common Files\Ahead\Lib\NMIndexStoreSvr.exe (Nero AG)
PRC - C:\Programme\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
PRC - C:\Programme\SANYO\XactiScreenCapture\SetClip.exe (SANYO Electric Co., Ltd.)
PRC - C:\Windows\System32\wpcumi.exe (Microsoft Corporation)
PRC - C:\Programme\Common Files\microsoft shared\VS7DEBUG\MDM.EXE (Microsoft Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Programme\Mozilla Firefox\mozjs.dll ()
MOD - C:\Programme\Ocster Backup\bin\backupClient-ox.exe ()
MOD - C:\Programme\Ocster Backup\bin\deemon.dll ()
MOD - C:\Programme\Ocster Backup\bin\veem.dll ()
MOD - C:\Programme\Ocster Backup\bin\minizutil.dll ()
MOD - C:\Programme\Ocster Backup\bin\updateman.dll ()
MOD - C:\Programme\Ocster Backup\bin\featback.dll ()
MOD - C:\Programme\Ocster Backup\bin\backupCore.dll ()
MOD - C:\Programme\Ocster Backup\bin\backupClientLib.dll ()
MOD - C:\Programme\Ocster Backup\bin\scoolite.dll ()
MOD - C:\Programme\Ocster Backup\bin\netutil.dll ()
MOD - C:\Programme\Ocster Backup\bin\lzmaUtil.dll ()
MOD - c:\Programme\Ocster Backup\bin\ox.dll ()
MOD - C:\Programme\Ocster Backup\bin\twirl.dll ()
MOD - C:\Programme\Ocster Backup\bin\tomb.dll ()
MOD - c:\Programme\Ocster Backup\bin\oxHelper.exe ()
MOD - C:\Programme\Ocster Backup\bin\party.dll ()
MOD - C:\Programme\Ocster Backup\bin\lzma.dll ()
MOD - C:\Programme\Ocster Backup\bin\sqlite.dll ()
MOD - C:\Programme\Ocster Backup\bin\zlibutil.dll ()
MOD - c:\Programme\Ocster Backup\bin\wxmsw28u_xrc_vc_ox.dll ()
MOD - c:\Programme\Ocster Backup\bin\wxbase28u_xml_vc_ox.dll ()
MOD - c:\Programme\Ocster Backup\bin\wxmsw28u_html_vc_ox.dll ()
MOD - c:\Programme\Ocster Backup\bin\wxmsw28u_adv_vc_ox.dll ()
MOD - c:\Programme\Ocster Backup\bin\wxmsw28u_core_vc_ox.dll ()
MOD - c:\Programme\Ocster Backup\bin\wxbase28u_net_vc_ox.dll ()
MOD - c:\Programme\Ocster Backup\bin\wxbase28u_vc_ox.dll ()
MOD - C:\Programme\Ocster Backup\bin\zdll.dll ()
MOD - C:\Programme\Common Files\LogiShrd\LWSPlugins\LWS\Applets\CameraHelper\DevManagerCore.dll ()
MOD - C:\Programme\Common Files\LogiShrd\LQCVFX\COCIManager.exe ()
MOD - C:\Programme\Logitech\LWS\Webcam Software\CameraHelperShell.exe ()
MOD - C:\Programme\Logitech\LWS\Webcam Software\ImageFormats\QJpeg4.dll ()
MOD - C:\Programme\Logitech\LWS\Webcam Software\ImageFormats\QGif4.dll ()
MOD - C:\Programme\Logitech\LWS\Webcam Software\QTXml4.dll ()
MOD - C:\Programme\Logitech\LWS\Webcam Software\QTGui4.dll ()
MOD - C:\Programme\Logitech\LWS\Webcam Software\QTCore4.dll ()
MOD - C:\Programme\WinRAR\RarExt.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MBAMService) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (ocster_backup) -- c:\Programme\Ocster Backup\bin\backupService-ox.exe ()
SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (nvUpdatusService) -- C:\Programme\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
SRV - (UMVPFSrv) -- C:\Programme\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.)
SRV - (AVM WLAN Connection Service) -- C:\Programme\avmwlanstick\WLanNetService.exe (AVM Berlin)
SRV - (WAS) -- C:\Windows\System32\inetsrv\iisw3adm.dll (Microsoft Corporation)
SRV - (W3SVC) -- C:\Windows\System32\inetsrv\iisw3adm.dll (Microsoft Corporation)
SRV - (ACDaemon) -- C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
SRV - (TeamViewer5) -- C:\Programme\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (ICQ Service) -- C:\Programme\ICQ6Toolbar\ICQ Service.exe ()
SRV - (AppHostSvc) -- C:\Windows\System32\inetsrv\apphostsvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (MDM) -- C:\Programme\Common Files\microsoft shared\VS7DEBUG\MDM.EXE (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (USBAAPL) -- System32\Drivers\usbaapl.sys File not found
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (blbdrive) -- C:\Windows\system32\drivers\blbdrive.sys File not found
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH)
DRV - (LVUVC) -- C:\Windows\System32\drivers\lvuvc.sys (Logitech Inc.)
DRV - (LVRS) -- C:\Windows\System32\drivers\lvrs.sys (Logitech Inc.)
DRV - (fwlanusb4) -- C:\Windows\System32\drivers\fwlanusb4.sys (AVM GmbH)
DRV - (avmeject) -- C:\Windows\System32\drivers\avmeject.sys (AVM Berlin)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (LVPr2Mon) -- C:\Windows\System32\drivers\LVPr2Mon.sys ()
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek                                            )
DRV - (teamviewervpn) -- C:\Windows\System32\drivers\teamviewervpn.sys (TeamViewer GmbH)
DRV - (USBModem) -- C:\Windows\System32\drivers\lgusbmodem.sys (LG Electronics Inc.)
DRV - (UsbDiag) -- C:\Windows\System32\drivers\lgusbdiag.sys (LG Electronics Inc.)
DRV - (usbbus) -- C:\Windows\System32\drivers\lgusbbus.sys (LG Electronics Inc.)
DRV - (LVUSBSta) -- C:\Windows\System32\drivers\LVUSBSta.sys (Logitech Inc.)
DRV - (JRAID) -- C:\Windows\System32\drivers\jraid.sys (JMicron Technology Corp.)
DRV - (ViPrt) -- C:\Windows\System32\drivers\ViPrt.sys (VIA Technologies, Inc.)
DRV - (ViBus) -- C:\Windows\System32\drivers\ViBus.sys (VIA Technologies, Inc.)
DRV - (Afc) -- C:\Windows\System32\drivers\afc.sys (Arcsoft, Inc.)
DRV - (MTsensor) -- C:\Windows\System32\drivers\ASACPI.sys ()
DRV - (xfilt) -- C:\Windows\System32\drivers\xfilt.sys (VIA Technologies,Inc)
DRV - (videX32) -- C:\Windows\System32\drivers\videX32.sys (VIA Technologies, Inc.)
DRV - (JGOGO) -- C:\Windows\System32\drivers\JGOGO.sys (JMicron )
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\URLSearchHook: {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - C:\Programme\DVDVideoSoftTB_DE\prxtbDVDV.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {7e111a5c-3d11-4f56-9463-5310c3c69025} - C:\Programme\Freeware.de\prxtbFree.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2736476
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://google.icq.com/search/search_frame.php
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2625848
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook:  - No CLSID value found
IE - HKCU\..\URLSearchHook: {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - C:\Programme\DVDVideoSoftTB_DE\prxtbDVDV.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {7e111a5c-3d11-4f56-9463-5310c3c69025} - C:\Programme\Freeware.de\prxtbFree.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKCU\..\URLSearchHook: {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/web/{searchTerms}?babsrc=SP_ss&ss=1&affID=100365&mntrId=b81f935c000000000000001bfc45943d
IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://www.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7SUNC_de
IE - HKCU\..\SearchScopes\{9B8898B7-5F19-4D41-8A5F-84007F7F4E0B}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=386496&p={searchTerms}
IE - HKCU\..\SearchScopes\{BE90BB3A-E2C8-45C6-A723-95DAB2691096}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2625848
IE - HKCU\..\SearchScopes\{BE9654C9-9D79-42ec-B55A-3CAEB12DBF58}: "URL" = hxxp://www.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 108.166.95.58:8080
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.defaultthis.engineName: "Freeware.de Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2736476&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=386496"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: de-DE@dictionaries.addons.mozilla.org:2.0.2
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.5
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {7b13ec3e-999a-4b70-b9cb-2617b8323822}:2.7.1.3
FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1351351&q="
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_268.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\Felix\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( )
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Felix\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll (Amazon.com, Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.06.19 20:03:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.04.15 07:31:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 14.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012.07.07 20:53:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 14.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\extensions\\{9A207F60-3F1C-4ED0-972D-0A4CDFBFF803}: C:\Users\Felix\AppData\Roaming\13001.027 [2012.07.18 12:04:50 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.06.19 20:03:53 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.04.15 07:31:48 | 000,000,000 | ---D | M]
 
[2010.11.18 19:18:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Felix\AppData\Roaming\mozilla\Extensions
[2010.11.18 19:18:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Felix\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012.07.15 17:40:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Felix\AppData\Roaming\mozilla\Firefox\Profiles\e3ojcy8n.default\extensions
[2010.04.27 14:02:13 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Felix\AppData\Roaming\mozilla\Firefox\Profiles\e3ojcy8n.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012.07.15 17:40:00 | 000,000,000 | ---D | M] (Freeware.de Community Toolbar) -- C:\Users\Felix\AppData\Roaming\mozilla\Firefox\Profiles\e3ojcy8n.default\extensions\{7e111a5c-3d11-4f56-9463-5310c3c69025}
[2012.07.15 17:40:00 | 000,000,000 | ---D | M] (ST Deutsch Community Toolbar) -- C:\Users\Felix\AppData\Roaming\mozilla\Firefox\Profiles\e3ojcy8n.default\extensions\{8dbb6d8e-e4a6-4e3b-9753-af78b226441c}
[2012.07.05 15:02:27 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Felix\AppData\Roaming\mozilla\Firefox\Profiles\e3ojcy8n.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2010.12.10 22:34:00 | 000,000,000 | ---D | M] (German Dictionary) -- C:\Users\Felix\AppData\Roaming\mozilla\Firefox\Profiles\e3ojcy8n.default\extensions\de-DE@dictionaries.addons.mozilla.org
[2008.01.16 01:55:51 | 000,001,878 | ---- | M] () -- C:\Users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\e3ojcy8n.default\searchplugins\aolsearch.xml
[2011.08.29 17:19:24 | 000,000,925 | ---- | M] () -- C:\Users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\e3ojcy8n.default\searchplugins\conduit.xml
[2012.07.02 13:50:31 | 000,000,950 | ---- | M] () -- C:\Users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\e3ojcy8n.default\searchplugins\icqplugin-1.xml
[2008.07.17 14:55:40 | 000,000,950 | ---- | M] () -- C:\Users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\e3ojcy8n.default\searchplugins\icqplugin-10.xml
[2009.07.25 12:54:39 | 000,000,950 | ---- | M] () -- C:\Users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\e3ojcy8n.default\searchplugins\icqplugin-11.xml
[2009.08.23 16:32:45 | 000,000,950 | ---- | M] () -- C:\Users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\e3ojcy8n.default\searchplugins\icqplugin-12.xml
[2009.09.30 08:18:54 | 000,000,950 | ---- | M] () -- C:\Users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\e3ojcy8n.default\searchplugins\icqplugin-13.xml
[2009.11.05 09:22:23 | 000,000,950 | ---- | M] () -- C:\Users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\e3ojcy8n.default\searchplugins\icqplugin-14.xml
[2010.01.06 16:53:02 | 000,000,950 | ---- | M] () -- C:\Users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\e3ojcy8n.default\searchplugins\icqplugin-15.xml
[2010.02.19 10:41:19 | 000,000,961 | ---- | M] () -- C:\Users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\e3ojcy8n.default\searchplugins\icqplugin-16.xml
[2010.04.22 07:52:26 | 000,000,961 | ---- | M] () -- C:\Users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\e3ojcy8n.default\searchplugins\icqplugin-17.xml
[2010.06.27 10:14:05 | 000,000,961 | ---- | M] () -- C:\Users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\e3ojcy8n.default\searchplugins\icqplugin-18.xml
[2010.07.24 08:34:31 | 000,000,961 | ---- | M] () -- C:\Users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\e3ojcy8n.default\searchplugins\icqplugin-19.xml
[2007.12.01 12:53:40 | 000,000,949 | ---- | M] () -- C:\Users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\e3ojcy8n.default\searchplugins\icqplugin-2.xml
[2010.09.17 22:16:52 | 000,000,961 | ---- | M] () -- C:\Users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\e3ojcy8n.default\searchplugins\icqplugin-20.xml
[2010.10.22 08:50:53 | 000,000,961 | ---- | M] () -- C:\Users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\e3ojcy8n.default\searchplugins\icqplugin-21.xml
[2010.11.17 15:18:57 | 000,000,961 | ---- | M] () -- C:\Users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\e3ojcy8n.default\searchplugins\icqplugin-22.xml
[2010.12.11 23:55:39 | 000,000,961 | ---- | M] () -- C:\Users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\e3ojcy8n.default\searchplugins\icqplugin-23.xml
[2011.03.05 16:07:37 | 000,000,961 | ---- | M] () -- C:\Users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\e3ojcy8n.default\searchplugins\icqplugin-24.xml
[2011.03.27 18:24:56 | 000,000,961 | ---- | M] () -- C:\Users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\e3ojcy8n.default\searchplugins\icqplugin-25.xml
[2011.03.27 18:26:40 | 000,000,950 | ---- | M] () -- C:\Users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\e3ojcy8n.default\searchplugins\icqplugin-26.xml
[2008.02.08 10:18:03 | 000,000,949 | ---- | M] () -- C:\Users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\e3ojcy8n.default\searchplugins\icqplugin-3.xml
[2008.02.08 11:50:56 | 000,000,949 | ---- | M] () -- C:\Users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\e3ojcy8n.default\searchplugins\icqplugin-4.xml
[2008.03.28 11:54:04 | 000,000,949 | ---- | M] () -- C:\Users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\e3ojcy8n.default\searchplugins\icqplugin-5.xml
[2008.04.18 08:06:25 | 000,000,949 | ---- | M] () -- C:\Users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\e3ojcy8n.default\searchplugins\icqplugin-6.xml
[2008.06.18 11:49:22 | 000,000,950 | ---- | M] () -- C:\Users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\e3ojcy8n.default\searchplugins\icqplugin-7.xml
[2008.07.02 07:02:43 | 000,000,950 | ---- | M] () -- C:\Users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\e3ojcy8n.default\searchplugins\icqplugin-8.xml
[2008.07.05 10:13:00 | 000,000,950 | ---- | M] () -- C:\Users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\e3ojcy8n.default\searchplugins\icqplugin-9.xml
[2009.07.13 17:12:02 | 000,000,944 | ---- | M] () -- C:\Users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\e3ojcy8n.default\searchplugins\icqplugin.xml
[2012.03.19 18:14:46 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2009.07.22 18:24:23 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2012.07.18 12:04:50 | 000,000,000 | ---D | M] (Java Link Helper) -- C:\USERS\FELIX\APPDATA\ROAMING\13001.027
[2011.04.20 09:26:12 | 000,330,316 | ---- | M] () (No name found) -- C:\USERS\FELIX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\E3OJCY8N.DEFAULT\EXTENSIONS\PERSONAS@CHRISTOPHER.BEARD.XPI
[2012.06.19 20:03:52 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.03.07 01:10:52 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011.07.11 23:48:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
[2012.06.19 20:03:50 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.07.19 00:19:47 | 000,002,319 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2012.06.19 20:03:50 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.06.19 20:03:50 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.19 20:03:50 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.19 20:03:50 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.19 20:03:50 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,736 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: ::1             localhost
O2 - BHO: (DVDVideoSoftTB DE Toolbar) - {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - C:\Programme\DVDVideoSoftTB_DE\prxtbDVDV.dll (Conduit Ltd.)
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Freeware.de Toolbar) - {7e111a5c-3d11-4f56-9463-5310c3c69025} - C:\Programme\Freeware.de\prxtbFree.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (DVDVideoSoftTB DE Toolbar) - {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - C:\Program Files\DVDVideoSoftTB_DE\prxtbDVDV.dll̀ File not found
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Freeware.de Toolbar) - {7e111a5c-3d11-4f56-9463-5310c3c69025} - C:\Programme\Freeware.de\prxtbFree.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoftTB DE Toolbar) - {0027DA2D-C9F2-4B0B-AE05-E2CD1BDB6CFF} - C:\Programme\DVDVideoSoftTB_DE\prxtbDVDV.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [AVMWlanClient] C:\Programme\avmwlanstick\WLanGUI.exe (AVM Berlin)
O4 - HKLM..\Run: [LWS] C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Ocster Backup] C:\Program Files\Ocster Backup\bin\backupClient-ox.exe ()
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [WPCUMI] C:\Windows\System32\wpcumi.exe (Microsoft Corporation)
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Felix\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Felix\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\Felix\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Xacti Screen Capture 1.1.lnk = C:\Users\Felix\AppData\Roaming\Microsoft\Installer\{37327654-EBF7-410C-9161-C24D68E02753}\_E47B9B72500055712D025F.exe ()
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Felix\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: fritz.repeater ([]* in Lokales Intranet)
O15 - HKCU\..Trusted Domains: microsoft.com ([*.windowsupdate] http in Trusted sites)
O15 - HKCU\..Trusted Domains: microsoft.com ([*.windowsupdate] https in Trusted sites)
O15 - HKCU\..Trusted Domains: microsoft.com ([update] http in Trusted sites)
O15 - HKCU\..Trusted Domains: windowsupdate.com ([download] http in Trusted sites)
O15 - HKCU\..Trusted Ranges: Range1 ([*] in Lokales Intranet)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{466C248C-6E69-4D12-8380-15A3C927AD48}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5108DFFA-589C-428F-A9C5-B553136A4C55}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech Inc.)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Felix\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Felix\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2010.07.10 03:06:04 | 000,000,000 | RH-D | M] - H:\autorun -- [ NTFS ]
O32 - Unable to obtain root file information for disk H:\
O33 - MountPoints2\{15a47284-266b-11e1-9848-001bfc45943d}\Shell - "" = AutoRun
O33 - MountPoints2\{15a47284-266b-11e1-9848-001bfc45943d}\Shell\AutoRun\command - "" = D:\pushinst.exe
O33 - MountPoints2\{3d20d5a9-5f43-11e0-a731-001bfc45943d}\Shell - "" = AutoRun
O33 - MountPoints2\{3d20d5a9-5f43-11e0-a731-001bfc45943d}\Shell\AutoRun\command - "" = D:\LGAutoRun.exe
O33 - MountPoints2\{44787f46-8090-11dd-a3c8-001bfc45943d}\Shell\AutoRun\command - "" = J:\StartPortableApps.exe
O33 - MountPoints2\{cba05e3a-c807-11e1-856c-bc054306331c}\Shell - "" = AutoRun
O33 - MountPoints2\{cba05e3a-c807-11e1-856c-bc054306331c}\Shell\AutoRun\command - "" = K:\HTC_Sync_Manager_PC.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.07.31 12:02:50 | 000,597,504 | ---- | C] (OldTimer Tools) -- C:\Users\Felix\Desktop\OTL.exe
[2012.07.31 08:53:21 | 000,000,000 | ---D | C] -- C:\Users\Felix\AppData\Roaming\Malwarebytes
[2012.07.31 08:53:05 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.07.31 08:53:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.07.31 08:53:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.07.31 08:53:04 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.07.24 19:42:57 | 000,000,000 | ---D | C] -- C:\Users\Felix\AppData\Local\Ocster Backup
[2012.07.24 19:42:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ocster Backup
[2012.07.24 19:42:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Ocster Backup
[2012.07.24 19:42:30 | 000,000,000 | ---D | C] -- C:\Program Files\Ocster Backup
[2012.07.24 14:23:19 | 000,000,000 | ---D | C] -- C:\Kaspersky Rescue Disk 10.0
[2012.07.18 12:04:50 | 000,000,000 | ---D | C] -- C:\Users\Felix\AppData\Roaming\13001.027
[2012.07.18 09:46:47 | 000,000,000 | ---D | C] -- C:\Users\Felix\AppData\Roaming\UAs
[2012.07.17 18:46:43 | 000,000,000 | ---D | C] -- C:\Users\Felix\AppData\Roaming\13001.026
[2012.07.17 15:12:33 | 000,000,000 | ---D | C] -- C:\Users\Felix\AppData\Roaming\xmldm
[2012.07.17 15:12:32 | 000,000,000 | ---D | C] -- C:\Users\Felix\AppData\Roaming\kock
[2012.07.15 13:10:43 | 000,000,000 | R--D | C] -- C:\Users\Felix\Dropbox
[2012.07.15 13:09:16 | 000,000,000 | ---D | C] -- C:\Program Files\Dropbox
[2012.07.15 13:08:57 | 000,000,000 | ---D | C] -- C:\Users\Felix\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
[2012.07.15 13:08:25 | 000,000,000 | ---D | C] -- C:\Users\Felix\AppData\Roaming\Dropbox
[2012.07.11 13:27:01 | 002,047,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012.07.11 13:24:33 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012.07.11 13:24:31 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012.07.11 13:24:30 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012.07.11 13:24:29 | 001,800,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012.07.11 13:24:29 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012.07.11 13:24:28 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012.07.11 13:24:27 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012.07.11 08:57:11 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll
[2012.07.07 22:47:05 | 000,000,000 | ---D | C] -- C:\Users\Felix\Desktop\Bilder ausdrucken
[2012.07.07 22:42:54 | 000,000,000 | ---D | C] -- C:\Temp
[2012.07.05 15:04:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2012
[2012.07.05 15:03:47 | 000,000,000 | ---D | C] -- C:\Users\Felix\AppData\Roaming\TuneUp Software
[2012.07.05 15:03:26 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit
[2012.07.05 15:03:25 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUp Software
[2012.07.05 15:03:20 | 000,000,000 | ---D | C] -- C:\Program Files\DVDVideoSoftTB_DE
[2012.07.05 15:03:17 | 000,000,000 | -HSD | C] -- C:\ProgramData\{32364CEA-7855-4A3C-B674-53D8E9B97936}
[2012.07.05 15:03:17 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2012.07.05 15:02:26 | 000,000,000 | ---D | C] -- C:\Users\Felix\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.07.05 15:02:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
[2012.07.05 15:02:14 | 000,405,144 | ---- | C] (Newtonsoft) -- C:\Windows\System32\Newtonsoft.Json.Net20.dll
[2012.07.05 15:02:05 | 000,000,000 | ---D | C] -- C:\Program Files\DVDVideoSoft
[2012.07.05 15:02:05 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DVDVideoSoft
[2012.07.05 15:00:58 | 000,000,000 | ---D | C] -- C:\Users\Felix\AppData\Roaming\DVDVideoSoft
[2009.07.27 09:30:09 | 010,718,608 | ---- | C] (Nullsoft, Inc.) -- C:\Users\Felix\winamp556_full_emusic-7plus_de-de.exe
[2009.04.22 08:50:59 | 010,354,144 | ---- | C] (Nullsoft, Inc.) -- C:\Users\Felix\winamp5552_full_emusic-7plus_de-de.exe
[2009.03.16 11:57:14 | 010,355,328 | ---- | C] (Nullsoft, Inc.) -- C:\Users\Felix\winamp5551_full_emusic-7plus_de-de.exe
[2008.12.17 13:12:42 | 001,593,856 | ---- | C] (Microsoft Corporation) -- C:\Users\Felix\FreePDFXP3.26.EXE
[1 C:\Users\Felix\AppData\Roaming\*.tmp files -> C:\Users\Felix\AppData\Roaming\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.07.31 12:10:00 | 000,000,426 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{7BEF6E46-B76E-42DF-A45C-A639D7AB3593}.job
[2012.07.31 12:02:55 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\Felix\Desktop\OTL.exe
[2012.07.31 11:58:42 | 000,002,579 | ---- | M] () -- C:\Users\Felix\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Xacti Screen Capture 1.1.lnk
[2012.07.31 11:58:33 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.07.31 11:52:34 | 000,000,374 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.ics
[2012.07.31 11:51:03 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.07.31 11:51:03 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.07.31 11:51:01 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.07.31 11:20:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.07.31 11:15:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.07.31 08:53:06 | 000,000,911 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.07.31 08:38:49 | 000,328,992 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.07.30 07:12:44 | 132,864,392 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012.07.28 09:58:45 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012.07.28 09:58:45 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012.07.24 19:43:06 | 000,000,957 | ---- | M] () -- C:\Users\Public\Desktop\Ocster Backup Freeware Windows Edition.lnk
[2012.07.24 09:18:03 | 004,503,728 | ---- | M] () -- C:\ProgramData\piz_0ef.pad
[2012.07.20 16:18:33 | 000,000,034 | ---- | M] () -- C:\Users\Felix\AppData\Roaming\blckdom.res
[2012.07.18 21:39:51 | 000,692,734 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.07.18 21:39:51 | 000,648,730 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.07.18 21:39:51 | 000,148,514 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.07.18 21:39:51 | 000,122,166 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.07.15 13:10:43 | 000,000,946 | ---- | M] () -- C:\Users\Felix\Desktop\Dropbox.lnk
[2012.07.15 13:09:27 | 000,000,956 | ---- | M] () -- C:\Users\Felix\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2012.07.08 19:37:23 | 000,027,648 | ---- | M] () -- C:\Users\Felix\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.07.05 15:02:16 | 000,001,196 | ---- | M] () -- C:\Users\Felix\Desktop\Free YouTube to MP3 Converter.lnk
[2012.07.05 15:02:16 | 000,001,037 | ---- | M] () -- C:\Users\Felix\Desktop\DVDVideoSoft Free Studio.lnk
[2012.07.03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[1 C:\Users\Felix\AppData\Roaming\*.tmp files -> C:\Users\Felix\AppData\Roaming\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.07.31 08:53:06 | 000,000,911 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.07.24 19:43:06 | 000,000,957 | ---- | C] () -- C:\Users\Public\Desktop\Ocster Backup Freeware Windows Edition.lnk
[2012.07.23 22:00:43 | 004,503,728 | ---- | C] () -- C:\ProgramData\piz_0ef.pad
[2012.07.21 11:19:40 | 132,864,392 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2012.07.17 18:46:33 | 000,000,034 | ---- | C] () -- C:\Users\Felix\AppData\Roaming\blckdom.res
[2012.07.15 13:10:43 | 000,000,946 | ---- | C] () -- C:\Users\Felix\Desktop\Dropbox.lnk
[2012.07.15 13:09:27 | 000,000,956 | ---- | C] () -- C:\Users\Felix\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2012.07.05 15:02:16 | 000,001,196 | ---- | C] () -- C:\Users\Felix\Desktop\Free YouTube to MP3 Converter.lnk
[2012.07.05 15:02:16 | 000,001,037 | ---- | C] () -- C:\Users\Felix\Desktop\DVDVideoSoft Free Studio.lnk
[2012.03.02 10:46:35 | 000,157,380 | ---- | C] () -- C:\Windows\hpoins27.dat
[2012.03.02 10:46:35 | 000,000,932 | ---- | C] () -- C:\Windows\hpomdl27.dat
[2011.12.14 17:58:00 | 000,049,792 | ---- | C] () -- C:\Windows\System32\drivers\fwlanusb4.bin
[2011.09.15 15:44:31 | 000,001,356 | ---- | C] () -- C:\Users\Felix\AppData\Local\d3d9caps.dat
[2011.09.08 19:51:58 | 000,001,534 | ---- | C] () -- C:\ProgramData\ss.ini
[2011.08.08 15:10:58 | 000,047,052 | ---- | C] () -- C:\Users\Felix\part.mcf
[2011.08.08 15:10:40 | 000,047,432 | ---- | C] () -- C:\Users\Felix\posterjackleni.mcf
[2011.08.03 03:31:54 | 000,311,912 | ---- | C] () -- C:\Windows\System32\nvStreaming.exe
[2011.04.01 05:07:02 | 010,877,272 | ---- | C] () -- C:\Windows\System32\LogiDPP.dll
[2011.04.01 05:07:02 | 000,102,744 | ---- | C] () -- C:\Windows\System32\LogiDPPApp.exe
[2011.04.01 05:06:56 | 000,331,608 | ---- | C] () -- C:\Windows\System32\DevManagerCore.dll
[2011.04.01 04:56:00 | 000,027,872 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2011.03.22 23:58:22 | 000,014,168 | ---- | C] () -- C:\Windows\System32\drivers\iKeyLFT2.dll
[2011.03.21 23:48:10 | 000,073,305 | ---- | C] () -- C:\Users\Felix\posterjack.mcf
[2011.02.15 11:20:25 | 000,027,648 | ---- | C] () -- C:\Users\Felix\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.04.25 20:57:27 | 000,168,486 | ---- | C] () -- C:\Users\Felix\HochzeitsreiseFINAL.mcf~
[2010.04.25 20:57:27 | 000,168,486 | ---- | C] () -- C:\Users\Felix\HochzeitsreiseFINAL.mcf
[2010.04.24 16:08:16 | 000,154,294 | ---- | C] () -- C:\Users\Felix\USA2010.mcf
[2010.04.24 16:08:16 | 000,000,000 | ---- | C] () -- C:\Users\Felix\USA2010.mcf~
[2009.07.14 02:34:41 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009.07.13 14:36:51 | 005,164,528 | ---- | C] () -- C:\Users\Felix\SkypeSetupFull.exe
[2008.12.17 13:23:47 | 012,972,544 | ---- | C] () -- C:\Users\Felix\gs854w32.exe
[2008.12.17 13:14:44 | 014,672,896 | ---- | C] () -- C:\Users\Felix\gs862w64.exe
[2008.11.17 10:25:49 | 000,000,680 | RHS- | C] () -- C:\Users\Felix\ntuser.pol
[2008.10.07 16:39:54 | 000,001,074 | R--- | C] () -- C:\Users\Felix\XrxWm.ini
[2008.10.07 16:39:54 | 000,000,522 | R--- | C] () -- C:\Users\Felix\xw45cpdy.dyc
[2007.11.05 21:02:24 | 000,000,305 | ---- | C] () -- C:\ProgramData\addr_file.html
[2007.11.05 20:22:33 | 002,883,584 | -HS- | C] () -- C:\Users\Felix\NTUSER.bak

< End of report >

--- --- ---
OTL Logfile:

Code:

ATTFilter

OTL Extras logfile created on: 31.07.2012 12:04:11 - Run 1
OTL by OldTimer - Version 3.2.55.0     Folder = C:\Users\Felix\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 0,72 Gb Available Physical Memory | 36,14% Memory free
4,23 Gb Paging File | 2,66 Gb Available in Paging File | 62,75% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 455,93 Gb Total Space | 322,20 Gb Free Space | 70,67% Space Free | Partition Type: NTFS
Drive H: | 1863,01 Gb Total Space | 1418,89 Gb Free Space | 76,16% Space Free | Partition Type: NTFS
 
Computer Name: FELIX-PC | User Name: Felix | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [CEWE FOTOSCHAU] -- "C:\Users\Felix\Desktop\posterjack CEWE Fotobuch und Kalender\CEWE FOTOSCHAU.exe" -d "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [posterjack CEWE Fotobuch und Kalender] -- "C:\Users\Felix\Desktop\posterjack CEWE Fotobuch und Kalender\posterjack CEWE Fotobuch und Kalender.exe" "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0505E0A3-FB06-4973-802C-FF70271233C0}" = rport=137 | protocol=17 | dir=out | app=system | 
"{0DC2895B-AE51-499E-8453-65C64172232F}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{130F701B-BF0B-41B7-BD81-8DACC413658F}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{15D60022-EEF5-45E7-A454-9C6A165B469B}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{18D4A7F8-3C11-4CA2-930D-70637F9906E8}" = lport=138 | protocol=17 | dir=in | app=system | 
"{19E497C0-EEE0-47D0-BC0B-4EFC04E9CCBF}" = lport=139 | protocol=6 | dir=in | app=system | 
"{229D4A72-5E7F-454C-A127-B3D399ED5B57}" = rport=2869 | protocol=6 | dir=out | app=system | 
"{26DEC07F-AB2E-4325-8C3C-0DEE2F1CD83E}" = rport=139 | protocol=6 | dir=out | app=system | 
"{29BD9E73-489E-41A6-8F6D-EA2EBF4DA73A}" = lport=137 | protocol=17 | dir=in | app=system | 
"{29E4B85B-F26D-4BDA-8383-D6A7160EF2D7}" = rport=445 | protocol=6 | dir=out | app=system | 
"{2B913BBF-5923-41C5-84E2-83FBDA8A48A4}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{2C0EA95A-4A16-408A-A16E-56F3B700D9A9}" = lport=445 | protocol=6 | dir=in | app=system | 
"{2E4A0070-6CB9-46F3-A7E3-FAB3FD95F579}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{2F9D8249-2D51-4D9A-8795-F9FD0B5E6B23}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{396814B2-A067-4DF5-8873-8016806066B4}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{3CA15237-8C5E-403B-9436-E67653937636}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{418D0221-08D7-4282-9486-86704038C05B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{46DB9A96-F2CF-4D7A-A436-A3332CB0F593}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{46FBE3B9-C561-47F9-9C3F-A5B9E3D29641}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{473467BA-99B4-40A2-B0DE-9CB6ABBD6CC5}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{493FD88F-9496-47FA-A080-488F02A2BBE0}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{587DE28F-4622-491E-AFD7-48DA45287757}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{63715818-1F54-433D-8BF0-2D14DAE24A2D}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{7289B1DD-061B-4BD4-A1D3-BAAAE14137B7}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{78C8CC91-AED1-4518-9428-817582AF77F2}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{7DB68DF9-2E90-4092-B89E-505FD06AF75E}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{82AC3B94-6026-47E1-8C1C-125CE95ED345}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{8958F5D0-0C9F-492A-86C5-94D86080C11A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{92EE8009-2975-471C-834D-99DE99711101}" = rport=138 | protocol=17 | dir=out | app=system | 
"{941692A4-43EF-405F-860E-EF7CE596D2FB}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{ABFB4D20-ABFB-4E16-A199-DE6F900C60CE}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{B468B193-E215-4D39-AC42-8BAA36BFA143}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{CA8FF65C-DDEA-4055-A306-37BA6C17F0C4}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{DB6A667C-8400-4522-9F29-936DAD45C604}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{EB9751A8-83AA-41B3-8626-D71A1B76F9D2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{053E00D0-5471-406F-AECC-6BAF7981EE3F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{0C70A117-1727-45C7-994A-55F5190D85CC}" = protocol=17 | dir=in | app=c:\users\felix\appdata\roaming\dropbox\bin\dropbox.exe | 
"{1F2426BC-8592-45DC-B88A-E45D04FD34B4}" = protocol=17 | dir=in | app=c:\program files\winamp remote\bin\orbir.exe | 
"{20A19B74-307E-4913-A44B-CD43A2E6817D}" = protocol=6 | dir=in | app=c:\program files\winamp remote\bin\orbir.exe | 
"{22DDDCA4-E257-45C5-8240-4647682EC033}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{2DAAE41D-E0D2-44D1-BDB2-50EBD754DA96}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{32FA70AA-D716-482B-8B66-3C14788E038F}" = protocol=17 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe | 
"{3B2DFC86-0599-4EAB-9AD1-1163B1C2CB8D}" = protocol=6 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe | 
"{44267228-2658-48AB-8E5F-74EB916B7F00}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{4E9722C0-A2BB-4D66-BBBA-5FD6324A5926}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{4ED40AFE-164F-41A3-8FEC-51BB31E5F6AC}" = protocol=17 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe | 
"{4FC3624E-1543-4644-A56C-DCABC756B22C}" = protocol=6 | dir=in | app=c:\program files\winamp remote\bin\orb.exe | 
"{55673109-4F44-44E5-ACF3-C63CBB3997D6}" = protocol=17 | dir=in | app=c:\program files\winamp remote\bin\orbstreamerclient.exe | 
"{55DA523A-C237-43D2-AF69-A9CD89099AEE}" = protocol=6 | dir=in | app=c:\program files\winamp remote\bin\orbstreamerclient.exe | 
"{61B4FA7F-9D25-4FFB-A597-FDBE3DEC602D}" = protocol=6 | dir=in | app=c:\users\felix\appdata\roaming\dropbox\bin\dropbox.exe | 
"{6F56922E-3EDA-4699-B8E0-A8582936AF88}" = protocol=6 | dir=in | app=c:\program files\winamp remote\bin\orbtray.exe | 
"{73147348-4EAC-471A-9A5C-0DD881F03CD7}" = protocol=17 | dir=in | app=c:\program files\winamp remote\bin\orbtray.exe | 
"{7B8AEA7C-AC3C-4FAE-B226-ACF52C247C0E}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{8199B47E-DD16-452A-837D-41DC0F976C0C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{8228B1AC-0221-46EC-8594-A13FFBD78F52}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version5\teamviewer.exe | 
"{8A17A772-AE9A-42D6-99B0-73EF4DBD0FA7}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{8BF610BF-1A0B-4129-9DEB-185CB8D6E3BD}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{8ECB5200-AD9B-4246-836B-791F8233D4D0}" = protocol=17 | dir=in | app=c:\program files\winamp remote\bin\orb.exe | 
"{9978B0F1-FEDE-4B44-A85C-2CA2681E253F}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{9A3B8AAB-6104-4258-8A29-321C4CF1D05B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{A32EBF2D-2EE6-45AC-8DCD-33FE7FC5886B}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 | 
"{AAB1D46F-D483-4E2F-A61C-CC4B566C460C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{B4B5D6FD-C526-458A-95A2-F075029A77D9}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{BB280136-8128-4398-8077-BC04E3E95776}" = protocol=6 | dir=out | app=system | 
"{C10A95CE-1AEB-4E5D-A121-7E64860A3AA0}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{C67C6F8F-269E-479B-8804-9BB47A73E5A4}" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe | 
"{E5E1F360-20DD-4F9F-969F-C1BEA64B5B15}" = protocol=6 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe | 
"{E7402DC2-8510-4815-A663-9E0A439263E3}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version5\teamviewer.exe | 
"{E74A7568-D832-4C3A-80F1-424090115E7A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{E7646F6D-AEA6-448A-9CAB-F9B382829295}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{ECE5BD73-0651-4FD3-B4C5-7217BA6A3E82}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{F193FA95-95D4-4456-8BE2-D804EA2BA747}" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe | 
"{F5F7BE1E-B298-43EA-A952-49E81ED3A42B}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{F7DC2CAB-866A-494E-A423-EA1BB1DD7B6D}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"TCP Query User{1443A9FE-F133-4B6D-B573-B785D7E4AA4D}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | 
"TCP Query User{1A7929BF-977C-43BF-AF00-3B19F3C30222}C:\program files\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\eadm\core.exe | 
"TCP Query User{2C3C78BE-E319-44F9-B7CC-79491908E084}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"TCP Query User{2C7C0147-A0BA-4BA6-8D56-A9699D778FD5}C:\program files\icq6\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6\icq.exe | 
"TCP Query User{5C7FB2AC-6C58-45E7-8391-F365EE18ADBC}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"TCP Query User{6EC312E2-C98D-4DE3-AE11-F1D9B7EA3375}C:\program files\windows sidebar\sidebar.exe" = protocol=6 | dir=in | app=c:\program files\windows sidebar\sidebar.exe | 
"TCP Query User{776F95B6-83F0-4DCE-8EC8-E7930AF0DD90}C:\program files\emule\emule.exe" = protocol=6 | dir=in | app=c:\program files\emule\emule.exe | 
"TCP Query User{C0590F31-D3CE-41E7-BC5E-9A9DB37E5CEF}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"TCP Query User{DA2A5882-07F5-4D0C-82F6-C487F85229B9}C:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe" = protocol=6 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe | 
"TCP Query User{DBBA3BDD-67A7-46F5-974D-F4C1E6B580EF}C:\program files\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files\winamp\winamp.exe | 
"TCP Query User{E7867A71-72E4-4721-9FEA-3AE8836D63DE}C:\program files\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe | 
"TCP Query User{F863D3BF-66CE-4B65-BB34-E2A8795AE4F4}C:\program files\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files\winamp\winamp.exe | 
"UDP Query User{182443C6-207B-445C-BB73-44BC20F0F1D1}C:\program files\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe | 
"UDP Query User{20A7C9A2-3E53-4FB2-971B-CB0C4230E92A}C:\program files\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files\winamp\winamp.exe | 
"UDP Query User{21F2DA54-FDDB-4400-968E-1D7B03B10CE6}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"UDP Query User{27401504-893F-488C-BD6B-59A80F3B16B2}C:\program files\emule\emule.exe" = protocol=17 | dir=in | app=c:\program files\emule\emule.exe | 
"UDP Query User{29F88654-0D46-4EA0-8974-34E1F79A8F61}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"UDP Query User{55773670-BA9A-4B7F-B563-0F1A7FDC8718}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"UDP Query User{8C071D4D-8676-4752-AFD3-4B638CBC40F6}C:\program files\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files\winamp\winamp.exe | 
"UDP Query User{A54ED324-9FA8-4D23-87D4-4A8310915F3F}C:\program files\windows sidebar\sidebar.exe" = protocol=17 | dir=in | app=c:\program files\windows sidebar\sidebar.exe | 
"UDP Query User{ABFC1D86-D53F-4509-B577-242E488DF5B0}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | 
"UDP Query User{BF088909-CC22-4F48-8E72-7CFABB5DF574}C:\program files\icq6\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6\icq.exe | 
"UDP Query User{DC23B5B8-01CB-45E2-BD08-4580AEE0A816}C:\program files\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\eadm\core.exe | 
"UDP Query User{E50327DC-28AE-47FF-A599-8BF0BD46A459}C:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe" = protocol=17 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video
"{0F7C2E47-089E-4d23-B9F7-39BE00100776}" = Toolbox
"{138A4072-9E64-46BD-B5F9-DB2BB395391F}" = LWS VideoEffects
"{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi
"{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main
"{174A3B31-4C43-43DD-866F-73C9DB887B48}" = LWS Twitter
"{18669FF9-C8FE-407a-9F70-E674896B1DB4}" = GPBaseService
"{193FE23B-F8F1-4AD6-86FC-44D245D70D28}" = ArcSoft TotalMedia Extreme
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}" = LWS YouTube Plugin
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE
"{36FDBE6E-6684-462b-AE98-9A39A1B200CC}" = HPProductAssistant
"{37327654-EBF7-410C-9161-C24D68E02753}" = Xacti Screen Capture 1.1
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{501451DE-5808-4599-B544-8BD0915B6B24}_is1" = FreeRIP v3.61
"{5109C064-813E-4e87-B0DE-C8AF7B5BC02B}" = SmartWebPrintingOC
"{52A69E11-7CEB-4a7d-9607-68BA4F39A89B}" = DeviceDiscovery
"{53735ECE-E461-4FD0-B742-23A352436D3A}" = Logitech Updater
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5ACE69F0-A3E8-44eb-88C1-0A841E700180}" = TrayApp
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{687FEF8A-8597-40b4-832C-297EA3F35817}" = BufferChm
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery
"{71E66D3F-A009-44AB-8784-75E2819BA4BA}" = LWS Motion Detection
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{7988ba74-4a27-4685-991a-53f072f22808}" = F2200_Help
"{7B3F0113-E63C-4D6D-AF19-111A3165CCA2}" = Text-To-Speech-Runtime
"{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher
"{847CAE64-4CD2-4B2D-AF00-978FF5431031}" = Nero 7 Essentials
"{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software
"{8A85DEAD-7C1F-4368-881C-72AC74CB2E91}" = UnloadSupport
"{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}" = Logitech Desktop Messenger
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin
"{A0B9F8DF-C949-45ed-9808-7DC5C0C19C81}" = Status
"{A11409F1-CD33-4076-85CB-4EE4A8439BFE}" = Scan
"{A5AB9D5E-52E2-440e-A3ED-9512E253C81A}" = SolutionCenter
"{A80FA752-C491-4ED9-ABF0-4278563160B2}" = 32 Bit HP CIO Components Installer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 280.26
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 280.26
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 280.19
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.10.0514
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.4.28
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars
"{B8DBED1E-8BC3-4d08-B94A-F9D7D88E9BBF}" = HPSSupply
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = Die Sims™ 3
"{c6922d7f-c698-4d9e-9671-8b3de04d1511}" = DJ_AIO_03_F2200_Software_Min
"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
"{CCB9B81A-167F-4832-B305-D2A0430840B3}" = WebReg
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D2E0F0CC-6BE0-490b-B08B-9267083E34C9}" = MarketResearch
"{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam Software
"{D6F879CC-59D6-4D4B-AE9B-D761E48D25ED}" = Skype™ 5.3
"{D77D43B5-ED55-426b-B67B-E21F804F6102}" = HP Deskjet F2200 All-In-One Driver Software 10.0 Rel .3
"{D99A8E3A-AE5A-4692-8B19-6F16D454E240}" = Destination Component
"{db18dc72-cd20-4801-be82-f5d2caeec4d7}" = DJ_AIO_03_F2200_Software
"{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01
"{E1640DA5-89B4-4F52-B15D-5DA3D14F29D4}" = LG USB Modem Drivers
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{e97a9fd7-2fa1-4474-820d-3f8893a5b78a}" = F2200
"{eca3039b-e429-420f-bd5e-7dec0683fc32}" = DJ_AIO_03_F2200_ProductContext
"{EED027B7-0DB6-404B-8F45-6DFEE34A0441}" = LWS Video Mask Maker
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F42CD69D-E393-47c8-B2CD-B139C4ADA9A8}" = Copy
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.15
"Avira AntiVir Desktop" = Avira Free Antivirus
"AVMWLANCLI" = AVM FRITZ!WLAN
"conduitEngine" = Conduit Engine
"DVDVideoSoftTB_DE Toolbar" = DVDVideoSoftTB DE Toolbar
"EADM" = EA Download Manager
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.25.627
"Freeware.de Toolbar" = Freeware.de Toolbar
"HP Imaging Device Functions" = HP Imaging Device Functions 10.0
"HP Photosmart Essential" = HP Photosmart Essential 2.5
"HP Smart Web Printing" = HP Smart Web Printing
"HP Solution Center & Imaging Support Tools" = HP Solution Center 10.0
"HPExtendedCapabilities" = HP Customer Participation Program 10.0
"ICQToolbar" = ICQ Toolbar
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Plattform-Geräte-Manager
"IrfanView" = IrfanView (remove only)
"LG Internet Kit" = LG Internet Kit
"lvdrivers_12.10" = Logitech Webcam Software-Treiberpaket
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 13.0.1 (x86 de)" = Mozilla Firefox 13.0.1 (x86 de)
"Mozilla Thunderbird 14.0 (x86 de)" = Mozilla Thunderbird 14.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver
"Ocster Backup" = Ocster Backup: Freeware Windows Edition
"posterjack CEWE Fotobuch und Kalender" = posterjack CEWE Fotobuch und Kalender
"Shop for HP Supplies" = Shop for HP Supplies
"SqrSoftACF" = SqrSoft® Advanced Crossfading (remove only)
"Streamripper.Plugin" = Streamripper Plugin 1.62.2 (Remove only)
"TeamViewer 5" = TeamViewer 5
"VLC media player" = VideoLAN VLC media player 0.8.6d
"Winamp" = Winamp
"WinRAR archiver" = WinRAR
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Facebook Plug-In" = Facebook Plug-In
"UnityWebPlayer" = Unity Web Player
"Winamp Detect" = Winamp Erkennungs-Plug-in
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 26.07.2012 17:07:34 | Computer Name = Felix-PC | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 26.07.2012 17:07:34 | Computer Name = Felix-PC | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 26.07.2012 17:07:34 | Computer Name = Felix-PC | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 26.07.2012 17:07:34 | Computer Name = Felix-PC | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 27.07.2012 02:31:01 | Computer Name = Felix-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung WlanNetService.exe, Version 1.1.0.26, Zeitstempel
 0x4cbea834, fehlerhaftes Modul ntdll.dll, Version 6.0.6002.18541, Zeitstempel 0x4ec3e3d5,
 Ausnahmecode 0xc0000005, Fehleroffset 0x00067484,  Prozess-ID 0x2a0, Anwendungsstartzeit
 01cd6bb5190d6c25.
 
Error - 28.07.2012 04:14:23 | Computer Name = Felix-PC | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 28.07.2012 19:46:04 | Computer Name = Felix-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\QuickTime\QuickTimePlayer.exe".
Die
 abhängige Assemblierung "Microsoft.VC80.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.4053""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 30.07.2012 01:20:28 | Computer Name = Felix-PC | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 31.07.2012 02:27:07 | Computer Name = Felix-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\QuickTime\QuickTimePlayer.exe".
Die
 abhängige Assemblierung "Microsoft.VC80.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.4053""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 31.07.2012 03:46:51 | Computer Name = Felix-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\QuickTime\QuickTimePlayer.exe".
Die
 abhängige Assemblierung "Microsoft.VC80.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.4053""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 31.07.2012 06:02:47 | Computer Name = Felix-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\QuickTime\QuickTimePlayer.exe".
Die
 abhängige Assemblierung "Microsoft.VC80.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.4053""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
[ Media Center Events ]
Error - 18.04.2008 12:48:17 | Computer Name = Felix-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: Download von Paket MCESpotlight
 gescheitert.
 
[ System Events ]
Error - 31.07.2012 02:20:38 | Computer Name = Felix-PC | Source = Service Control Manager | ID = 7022
Description = 
 
Error - 31.07.2012 02:20:38 | Computer Name = Felix-PC | Source = Service Control Manager | ID = 7026
Description = 
 
Error - 31.07.2012 02:20:50 | Computer Name = Felix-PC | Source = ipnathlp | ID = 31004
Description = 0 Bytes Speicher konnten durch den DNS-Proxy-Agenten nicht zugeordnet
 werden. Möglicherweise ist nicht genügend Speicher vorhanden oder ein interner 
Fehler ist im Speicher-Manager aufgetreten.
 
Error - 31.07.2012 02:23:08 | Computer Name = Felix-PC | Source = Service Control Manager | ID = 7024
Description = 
 
Error - 31.07.2012 02:40:16 | Computer Name = Felix-PC | Source = Service Control Manager | ID = 7022
Description = 
 
Error - 31.07.2012 02:40:17 | Computer Name = Felix-PC | Source = Service Control Manager | ID = 7026
Description = 
 
Error - 31.07.2012 02:42:21 | Computer Name = Felix-PC | Source = Service Control Manager | ID = 7024
Description = 
 
Error - 31.07.2012 05:52:33 | Computer Name = Felix-PC | Source = Service Control Manager | ID = 7022
Description = 
 
Error - 31.07.2012 05:52:34 | Computer Name = Felix-PC | Source = Service Control Manager | ID = 7026
Description = 
 
Error - 31.07.2012 05:54:40 | Computer Name = Felix-PC | Source = Service Control Manager | ID = 7024
Description = 
 
 
< End of report >

--- --- ---

t'john · 31.07.2012, 17:54

Fixen mit OTL

Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).

Deaktiviere etwaige Virenscanner wie Avira, Kaspersky etc.
Starte die OTL.exe.
Vista- und Windows 7-User starten mit Rechtsklick auf das Programm-Icon und wählen "Als Administrator ausführen".
Kopiere folgendes Skript in das Textfeld unterhalb von Benuterdefinierte Scans/Fixes:

Code:

ATTFilter

:OTL
DRV - (USBAAPL) -- System32\Drivers\usbaapl.sys File not found 
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found 
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found 
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found 
DRV - (blbdrive) -- C:\Windows\system32\drivers\blbdrive.sys File not found 
IE - HKLM\..\URLSearchHook: {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - C:\Programme\DVDVideoSoftTB_DE\prxtbDVDV.dll (Conduit Ltd.) 
IE - HKLM\..\URLSearchHook: {7e111a5c-3d11-4f56-9463-5310c3c69025} - C:\Programme\Freeware.de\prxtbFree.dll (Conduit Ltd.) 
IE - HKLM\..\SearchScopes,DefaultScope = {AFDBDDAA-5D3F-42EE-B79C-185A7020515B} 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC 
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 
IE - HKLM\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2736476 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT2625848 
IE - HKCU\..\URLSearchHook: - No CLSID value found 
IE - HKCU\..\URLSearchHook: {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - C:\Programme\DVDVideoSoftTB_DE\prxtbDVDV.dll (Conduit Ltd.) 
IE - HKCU\..\URLSearchHook: {7e111a5c-3d11-4f56-9463-5310c3c69025} - C:\Programme\Freeware.de\prxtbFree.dll (Conduit Ltd.) 
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ) 
IE - HKCU\..\URLSearchHook: {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - No CLSID value found 
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} 
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC 
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/web/{searchTerms}?babsrc=SP_ss&ss=1&affID=100365&mntrId=b81f935c000000000000001bfc45943d 
IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = http://www.icq.com/search/results.php?q={searchTerms}&ch_id=osd 
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7SUNC_de 
IE - HKCU\..\SearchScopes\{9B8898B7-5F19-4D41-8A5F-84007F7F4E0B}: "URL" = http://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=386496&p={searchTerms} 
IE - HKCU\..\SearchScopes\{BE90BB3A-E2C8-45C6-A723-95DAB2691096}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2625848 
IE - HKCU\..\SearchScopes\{BE9654C9-9D79-42ec-B55A-3CAEB12DBF58}: "URL" = http://www.icq.com/search/results.php?q={searchTerms}&ch_id=osd 
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 108.166.95.58:8080 
FF - prefs.js..browser.search.defaultenginename: "Yahoo" 
FF - prefs.js..browser.search.defaultthis.engineName: "Freeware.de Customized Web Search" 
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2736476&SearchSource=3&q={searchTerms}" 
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)" 
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=386496" 
FF - prefs.js..browser.search.selectedEngine: "Google" 
FF - prefs.js..browser.search.suggest.enabled: false 
FF - prefs.js..browser.search.update: false 
FF - prefs.js..browser.startup.homepage: "http://www.google.de/" 
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3 
FF - prefs.js..extensions.enabledItems: de-DE@dictionaries.addons.mozilla.org:2.0.2 
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.5 
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 
FF - prefs.js..extensions.enabledItems: {7b13ec3e-999a-4b70-b9cb-2617b8323822}:2.7.1.3 
FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT1351351&q=" 
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) 
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) 
O2 - BHO: (DVDVideoSoftTB DE Toolbar) - {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - C:\Programme\DVDVideoSoftTB_DE\prxtbDVDV.dll (Conduit Ltd.) 
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.) 
O2 - BHO: (Freeware.de Toolbar) - {7e111a5c-3d11-4f56-9463-5310c3c69025} - C:\Programme\Freeware.de\prxtbFree.dll (Conduit Ltd.) 
O3 - HKLM\..\Toolbar: (DVDVideoSoftTB DE Toolbar) - {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - C:\Program Files\DVDVideoSoftTB_DE\prxtbDVDV.dll` File not found 
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.) 
O3 - HKLM\..\Toolbar: (Freeware.de Toolbar) - {7e111a5c-3d11-4f56-9463-5310c3c69025} - C:\Programme\Freeware.de\prxtbFree.dll (Conduit Ltd.) 
O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoftTB DE Toolbar) - {0027DA2D-C9F2-4B0B-AE05-E2CD1BDB6CFF} - C:\Programme\DVDVideoSoftTB_DE\prxtbDVDV.dll (Conduit Ltd.) 
O3 - HKCU\..\Toolbar\WebBrowser: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ) 
O4 - HKLM..\Run: [Ocster Backup] C:\Program Files\Ocster Backup\bin\backupClient-ox.exe () 
O4 - Startup: C:\Users\Felix\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Felix\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) 
O4 - Startup: C:\Users\Felix\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Xacti Screen Capture 1.1.lnk = C:\Users\Felix\AppData\Roaming\Microsoft\Installer\{37327654-EBF7-410C-9161-C24D68E02753}\_E47B9B72500055712D025F.exe () 
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html File not found 
O15 - HKCU\..Trusted Domains: microsoft.com ([*.windowsupdate] http in Trusted sites) 
O15 - HKCU\..Trusted Domains: microsoft.com ([*.windowsupdate] https in Trusted sites) 
O15 - HKCU\..Trusted Domains: microsoft.com ([update] http in Trusted sites) 
O15 - HKCU\..Trusted Domains: windowsupdate.com ([download] http in Trusted sites) 
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.) 
O32 - HKLM CDRom: AutoRun - 1 
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] 
O33 - MountPoints2\{15a47284-266b-11e1-9848-001bfc45943d}\Shell - "" = AutoRun 
O33 - MountPoints2\{15a47284-266b-11e1-9848-001bfc45943d}\Shell\AutoRun\command - "" = D:\pushinst.exe 
O33 - MountPoints2\{3d20d5a9-5f43-11e0-a731-001bfc45943d}\Shell - "" = AutoRun 
O33 - MountPoints2\{3d20d5a9-5f43-11e0-a731-001bfc45943d}\Shell\AutoRun\command - "" = D:\LGAutoRun.exe 
O33 - MountPoints2\{44787f46-8090-11dd-a3c8-001bfc45943d}\Shell\AutoRun\command - "" = J:\StartPortableApps.exe 
O33 - MountPoints2\{cba05e3a-c807-11e1-856c-bc054306331c}\Shell - "" = AutoRun 
O33 - MountPoints2\{cba05e3a-c807-11e1-856c-bc054306331c}\Shell\AutoRun\command - "" = K:\HTC_Sync_Manager_PC.exe 


[2012.07.24 09:18:03 | 004,503,728 | ---- | M] () -- C:\ProgramData\piz_0ef.pad 

[2008.01.16 01:55:51 | 000,001,878 | ---- | M] () -- C:\Users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\e3ojcy8n.default\searchplugins\aolsearch.xml 
[2011.08.29 17:19:24 | 000,000,925 | ---- | M] () -- C:\Users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\e3ojcy8n.default\searchplugins\conduit.xml 
[2012.07.02 13:50:31 | 000,000,950 | ---- | M] () -- C:\Users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\e3ojcy8n.default\searchplugins\icqplugin-1.xml 
[2008.07.17 14:55:40 | 000,000,950 | ---- | M] () -- C:\Users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\e3ojcy8n.default\searchplugins\icqplugin-10.xml 
[2009.07.25 12:54:39 | 000,000,950 | ---- | M] () -- C:\Users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\e3ojcy8n.default\searchplugins\icqplugin-11.xml 
[2009.08.23 16:32:45 | 000,000,950 | ---- | M] () -- C:\Users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\e3ojcy8n.default\searchplugins\icqplugin-12.xml 
[2009.09.30 08:18:54 | 000,000,950 | ---- | M] () -- C:\Users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\e3ojcy8n.default\searchplugins\icqplugin-13.xml 
[2009.11.05 09:22:23 | 000,000,950 | ---- | M] () -- C:\Users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\e3ojcy8n.default\searchplugins\icqplugin-14.xml 
[2010.01.06 16:53:02 | 000,000,950 | ---- | M] () -- C:\Users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\e3ojcy8n.default\searchplugins\icqplugin-15.xml 
[2010.02.19 10:41:19 | 000,000,961 | ---- | M] () -- C:\Users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\e3ojcy8n.default\searchplugins\icqplugin-16.xml 
[2010.04.22 07:52:26 | 000,000,961 | ---- | M] () -- C:\Users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\e3ojcy8n.default\searchplugins\icqplugin-17.xml 
[2010.06.27 10:14:05 | 000,000,961 | ---- | M] () -- C:\Users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\e3ojcy8n.default\searchplugins\icqplugin-18.xml 
[2010.07.24 08:34:31 | 000,000,961 | ---- | M] () -- C:\Users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\e3ojcy8n.default\searchplugins\icqplugin-19.xml 
[2007.12.01 12:53:40 | 000,000,949 | ---- | M] () -- C:\Users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\e3ojcy8n.default\searchplugins\icqplugin-2.xml 
[2010.09.17 22:16:52 | 000,000,961 | ---- | M] () -- C:\Users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\e3ojcy8n.default\searchplugins\icqplugin-20.xml 
[2010.10.22 08:50:53 | 000,000,961 | ---- | M] () -- C:\Users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\e3ojcy8n.default\searchplugins\icqplugin-21.xml 
[2010.11.17 15:18:57 | 000,000,961 | ---- | M] () -- C:\Users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\e3ojcy8n.default\searchplugins\icqplugin-22.xml 
[2010.12.11 23:55:39 | 000,000,961 | ---- | M] () -- C:\Users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\e3ojcy8n.default\searchplugins\icqplugin-23.xml 
[2011.03.05 16:07:37 | 000,000,961 | ---- | M] () -- C:\Users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\e3ojcy8n.default\searchplugins\icqplugin-24.xml 
[2011.03.27 18:24:56 | 000,000,961 | ---- | M] () -- C:\Users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\e3ojcy8n.default\searchplugins\icqplugin-25.xml 
[2011.03.27 18:26:40 | 000,000,950 | ---- | M] () -- C:\Users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\e3ojcy8n.default\searchplugins\icqplugin-26.xml 
[2008.02.08 10:18:03 | 000,000,949 | ---- | M] () -- C:\Users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\e3ojcy8n.default\searchplugins\icqplugin-3.xml 
[2008.02.08 11:50:56 | 000,000,949 | ---- | M] () -- C:\Users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\e3ojcy8n.default\searchplugins\icqplugin-4.xml 
[2008.03.28 11:54:04 | 000,000,949 | ---- | M] () -- C:\Users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\e3ojcy8n.default\searchplugins\icqplugin-5.xml 
[2008.04.18 08:06:25 | 000,000,949 | ---- | M] () -- C:\Users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\e3ojcy8n.default\searchplugins\icqplugin-6.xml 
[2008.06.18 11:49:22 | 000,000,950 | ---- | M] () -- C:\Users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\e3ojcy8n.default\searchplugins\icqplugin-7.xml 
[2008.07.02 07:02:43 | 000,000,950 | ---- | M] () -- C:\Users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\e3ojcy8n.default\searchplugins\icqplugin-8.xml 
[2008.07.05 10:13:00 | 000,000,950 | ---- | M] () -- C:\Users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\e3ojcy8n.default\searchplugins\icqplugin-9.xml 
[2009.07.13 17:12:02 | 000,000,944 | ---- | M] () -- C:\Users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\e3ojcy8n.default\searchplugins\icqplugin.xml 
 
[2012.07.18 09:46:47 | 000,000,000 | ---D | C] -- C:\Users\Felix\AppData\Roaming\UAs 
[2012.07.17 15:12:33 | 000,000,000 | ---D | C] -- C:\Users\Felix\AppData\Roaming\xmldm 
[2012.07.17 15:12:32 | 000,000,000 | ---D | C] -- C:\Users\Felix\AppData\Roaming\kock 
[2012.07.05 15:03:26 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit 
[2012.07.05 15:03:20 | 000,000,000 | ---D | C] -- C:\Program Files\DVDVideoSoftTB_DE 
[2012.07.05 15:02:27 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Felix\AppData\Roaming\mozilla\Firefox\Profiles\e3ojcy8n.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} 
[2012.07.05 15:02:26 | 000,000,000 | ---D | C] -- C:\Users\Felix\AppData\Roaming\DVDVideoSoftIEHelpers 
 
[2012.07.05 15:02:05 | 000,000,000 | ---D | C] -- C:\Program Files\DVDVideoSoft 
[2012.07.05 15:02:05 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DVDVideoSoft 
[2012.07.31 12:10:00 | 000,000,426 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{7BEF6E46-B76E-42DF-A45C-A639D7AB3593}.job 
[2012.07.31 11:58:33 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job 
[2012.07.31 11:20:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job 
[2012.07.31 11:15:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job 
[2012.07.20 16:18:33 | 000,000,034 | ---- | M] () -- C:\Users\Felix\AppData\Roaming\blckdom.res 

[2012.07.17 18:46:43 | 000,000,000 | ---D | C] -- C:\Users\Felix\AppData\Roaming\13001.026 
:Files

ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[emptyflash]

Schließe alle Programme.
Klicke auf den Fix Button.
Wenn OTL einen Neustart verlangt, bitte zulassen.
Kopiere den Inhalt des Logfiles hier in Code-Tags in Deinen Thread.
Nachträglich kannst Du das Logfile hier einsehen => C:\_OTL\MovedFiles\<datum_nummer.log>

Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!

Feli2209 · 01.08.2012, 07:57

anbei die log Datei...

ging wahnsinnig schnell...bin ich nicht gewohnt

All processes killed
========== OTL ==========
Service USBAAPL stopped successfully!
Service USBAAPL deleted successfully!
File System32\Drivers\usbaapl.sys File not found not found.
Service NwlnkFwd stopped successfully!
Service NwlnkFwd deleted successfully!
File system32\DRIVERS\nwlnkfwd.sys File not found not found.
Service NwlnkFlt stopped successfully!
Service NwlnkFlt deleted successfully!
File system32\DRIVERS\nwlnkflt.sys File not found not found.
Service IpInIp stopped successfully!
Service IpInIp deleted successfully!
File system32\DRIVERS\ipinip.sys File not found not found.
Service blbdrive stopped successfully!
Service blbdrive deleted successfully!
File C:\Windows\system32\drivers\blbdrive.sys File not found not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff}\ deleted successfully.
C:\Programme\DVDVideoSoftTB_DE\prxtbDVDV.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{7e111a5c-3d11-4f56-9463-5310c3c69025} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7e111a5c-3d11-4f56-9463-5310c3c69025}\ deleted successfully.
C:\Programme\Freeware.de\prxtbFree.dll moved successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}\ not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff}\ not found.
File C:\Programme\DVDVideoSoftTB_DE\prxtbDVDV.dll not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{7e111a5c-3d11-4f56-9463-5310c3c69025} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7e111a5c-3d11-4f56-9463-5310c3c69025}\ not found.
File C:\Programme\Freeware.de\prxtbFree.dll not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{855F3B16-6D32-4fe6-8A56-BBB695989046} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4fe6-8A56-BBB695989046}\ deleted successfully.
C:\Programme\ICQ6Toolbar\ICQToolBar.dll moved successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{8dbb6d8e-e4a6-4e3b-9753-af78b226441c} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8dbb6d8e-e4a6-4e3b-9753-af78b226441c}\ not found.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6552C7DD-90A4-4387-B795-F8F96747DE19}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9B8898B7-5F19-4D41-8A5F-84007F7F4E0B}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9B8898B7-5F19-4D41-8A5F-84007F7F4E0B}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BE90BB3A-E2C8-45C6-A723-95DAB2691096}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BE90BB3A-E2C8-45C6-A723-95DAB2691096}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BE9654C9-9D79-42ec-B55A-3CAEB12DBF58}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BE9654C9-9D79-42ec-B55A-3CAEB12DBF58}\ not found.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
Prefs.js: "Yahoo" removed from browser.search.defaultenginename
Prefs.js: "Freeware.de Customized Web Search" removed from browser.search.defaultthis.engineName
Prefs.js: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2736476&SearchSource=3&q={searchTerms}" removed from browser.search.defaulturl
Prefs.js: "Search the web (Babylon)" removed from browser.search.order.1
Prefs.js: "chr-greentree_ff&type=386496" removed from browser.search.param.yahoo-fr
Prefs.js: "Google" removed from browser.search.selectedEngine
Prefs.js: false removed from browser.search.suggest.enabled
Prefs.js: false removed from browser.search.update
Prefs.js: "hxxp://www.google.de/" removed from browser.startup.homepage
Prefs.js: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3 removed from extensions.enabledItems
Prefs.js: de-DE@dictionaries.addons.mozilla.org:2.0.2 removed from extensions.enabledItems
Prefs.js: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.5 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 removed from extensions.enabledItems
Prefs.js: {7b13ec3e-999a-4b70-b9cb-2617b8323822}:2.7.1.3 removed from extensions.enabledItems
Prefs.js: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1351351&q=" removed from keyword.URL
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@tools.google.com/Google Update;version=3\ deleted successfully.
C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@tools.google.com/Google Update;version=9\ deleted successfully.
File C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff}\ not found.
File C:\Programme\DVDVideoSoftTB_DE\prxtbDVDV.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ deleted successfully.
C:\Programme\ConduitEngine\prxConduitEngine.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7e111a5c-3d11-4f56-9463-5310c3c69025}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7e111a5c-3d11-4f56-9463-5310c3c69025}\ not found.
File C:\Programme\Freeware.de\prxtbFree.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{30F9B915-B755-4826-820B-08FBA6BD249D} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ not found.
File C:\Program Files\ConduitEngine\prxConduitEngine.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{7e111a5c-3d11-4f56-9463-5310c3c69025} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7e111a5c-3d11-4f56-9463-5310c3c69025}\ not found.
File C:\Programme\Freeware.de\prxtbFree.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{0027DA2D-C9F2-4B0B-AE05-E2CD1BDB6CFF} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0027DA2D-C9F2-4B0B-AE05-E2CD1BDB6CFF}\ not found.
File C:\Programme\DVDVideoSoftTB_DE\prxtbDVDV.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{855F3B16-6D32-4FE6-8A56-BBB695989046} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4FE6-8A56-BBB695989046}\ not found.
File C:\Programme\ICQ6Toolbar\ICQToolBar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Ocster Backup deleted successfully.
C:\Programme\Ocster Backup\bin\backupClient-ox.exe moved successfully.
C:\Users\Felix\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk moved successfully.
C:\Users\Felix\AppData\Roaming\Dropbox\bin\Dropbox.exe moved successfully.
C:\Users\Felix\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Xacti Screen Capture 1.1.lnk moved successfully.
C:\Users\Felix\AppData\Roaming\Microsoft\Installer\{37327654-EBF7-410C-9161-C24D68E02753}\_E47B9B72500055712D025F.exe moved successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Google Sidewiki...\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\microsoft.com\*.windowsupdate\ deleted successfully.
Invalid CLSID key: *.windowsupdate
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\microsoft.com\*.windowsupdate\ not found.
Invalid CLSID key: *.windowsupdate
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\microsoft.com\update\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\windowsupdate.com\download\ deleted successfully.
Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
C:\Windows\Downloaded Program Files\erma.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{15a47284-266b-11e1-9848-001bfc45943d}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{15a47284-266b-11e1-9848-001bfc45943d}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{15a47284-266b-11e1-9848-001bfc45943d}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{15a47284-266b-11e1-9848-001bfc45943d}\ not found.
File D:\pushinst.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3d20d5a9-5f43-11e0-a731-001bfc45943d}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3d20d5a9-5f43-11e0-a731-001bfc45943d}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3d20d5a9-5f43-11e0-a731-001bfc45943d}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3d20d5a9-5f43-11e0-a731-001bfc45943d}\ not found.
File D:\LGAutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{44787f46-8090-11dd-a3c8-001bfc45943d}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{44787f46-8090-11dd-a3c8-001bfc45943d}\ not found.
File J:\StartPortableApps.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cba05e3a-c807-11e1-856c-bc054306331c}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cba05e3a-c807-11e1-856c-bc054306331c}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cba05e3a-c807-11e1-856c-bc054306331c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cba05e3a-c807-11e1-856c-bc054306331c}\ not found.
File K:\HTC_Sync_Manager_PC.exe not found.
C:\ProgramData\piz_0ef.pad moved successfully.
C:\Users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\e3ojcy8n.default\searchplugins\aolsearch.xml moved successfully.
C:\Users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\e3ojcy8n.default\searchplugins\conduit.xml moved successfully.
C:\Users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\e3ojcy8n.default\searchplugins\icqplugin-1.xml moved successfully.
C:\Users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\e3ojcy8n.default\searchplugins\icqplugin-10.xml moved successfully.
C:\Users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\e3ojcy8n.default\searchplugins\icqplugin-11.xml moved successfully.
C:\Users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\e3ojcy8n.default\searchplugins\icqplugin-12.xml moved successfully.
C:\Users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\e3ojcy8n.default\searchplugins\icqplugin-13.xml moved successfully.
C:\Users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\e3ojcy8n.default\searchplugins\icqplugin-14.xml moved successfully.
C:\Users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\e3ojcy8n.default\searchplugins\icqplugin-15.xml moved successfully.
C:\Users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\e3ojcy8n.default\searchplugins\icqplugin-16.xml moved successfully.
C:\Users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\e3ojcy8n.default\searchplugins\icqplugin-17.xml moved successfully.
C:\Users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\e3ojcy8n.default\searchplugins\icqplugin-18.xml moved successfully.
C:\Users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\e3ojcy8n.default\searchplugins\icqplugin-19.xml moved successfully.
C:\Users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\e3ojcy8n.default\searchplugins\icqplugin-2.xml moved successfully.
C:\Users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\e3ojcy8n.default\searchplugins\icqplugin-20.xml moved successfully.
C:\Users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\e3ojcy8n.default\searchplugins\icqplugin-21.xml moved successfully.
C:\Users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\e3ojcy8n.default\searchplugins\icqplugin-22.xml moved successfully.
C:\Users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\e3ojcy8n.default\searchplugins\icqplugin-23.xml moved successfully.
C:\Users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\e3ojcy8n.default\searchplugins\icqplugin-24.xml moved successfully.
C:\Users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\e3ojcy8n.default\searchplugins\icqplugin-25.xml moved successfully.
C:\Users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\e3ojcy8n.default\searchplugins\icqplugin-26.xml moved successfully.
C:\Users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\e3ojcy8n.default\searchplugins\icqplugin-3.xml moved successfully.
C:\Users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\e3ojcy8n.default\searchplugins\icqplugin-4.xml moved successfully.
C:\Users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\e3ojcy8n.default\searchplugins\icqplugin-5.xml moved successfully.
C:\Users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\e3ojcy8n.default\searchplugins\icqplugin-6.xml moved successfully.
C:\Users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\e3ojcy8n.default\searchplugins\icqplugin-7.xml moved successfully.
C:\Users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\e3ojcy8n.default\searchplugins\icqplugin-8.xml moved successfully.
C:\Users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\e3ojcy8n.default\searchplugins\icqplugin-9.xml moved successfully.
C:\Users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\e3ojcy8n.default\searchplugins\icqplugin.xml moved successfully.
C:\Users\Felix\AppData\Roaming\UAs folder moved successfully.
C:\Users\Felix\AppData\Roaming\xmldm folder moved successfully.
C:\Users\Felix\AppData\Roaming\kock folder moved successfully.
C:\Program Files\Conduit\Community Alerts folder moved successfully.
C:\Program Files\Conduit folder moved successfully.
C:\Program Files\DVDVideoSoftTB_DE folder moved successfully.
C:\Users\Felix\AppData\Roaming\mozilla\Firefox\Profiles\e3ojcy8n.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}\chrome folder moved successfully.
C:\Users\Felix\AppData\Roaming\mozilla\Firefox\Profiles\e3ojcy8n.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} folder moved successfully.
C:\Users\Felix\AppData\Roaming\DVDVideoSoftIEHelpers folder moved successfully.
C:\Program Files\DVDVideoSoft\Free YouTube to MP3 Converter\zh-CHT folder moved successfully.
C:\Program Files\DVDVideoSoft\Free YouTube to MP3 Converter\zh-CHS folder moved successfully.
C:\Program Files\DVDVideoSoft\Free YouTube to MP3 Converter\ru-RU folder moved successfully.
C:\Program Files\DVDVideoSoft\Free YouTube to MP3 Converter\pt-PT folder moved successfully.
C:\Program Files\DVDVideoSoft\Free YouTube to MP3 Converter\pl-PL folder moved successfully.
C:\Program Files\DVDVideoSoft\Free YouTube to MP3 Converter\nl-NL folder moved successfully.
C:\Program Files\DVDVideoSoft\Free YouTube to MP3 Converter\ja-JP folder moved successfully.
C:\Program Files\DVDVideoSoft\Free YouTube to MP3 Converter\it-IT folder moved successfully.
C:\Program Files\DVDVideoSoft\Free YouTube to MP3 Converter\fr-FR folder moved successfully.
C:\Program Files\DVDVideoSoft\Free YouTube to MP3 Converter\es-ES folder moved successfully.
C:\Program Files\DVDVideoSoft\Free YouTube to MP3 Converter\de-DE folder moved successfully.
C:\Program Files\DVDVideoSoft\Free YouTube to MP3 Converter folder moved successfully.
C:\Program Files\DVDVideoSoft folder moved successfully.
C:\Program Files\Common Files\DVDVideoSoft\TB folder moved successfully.
C:\Program Files\Common Files\DVDVideoSoft\Dll folder moved successfully.
C:\Program Files\Common Files\DVDVideoSoft\bin\zh-CHT folder moved successfully.
C:\Program Files\Common Files\DVDVideoSoft\bin\zh-CHS folder moved successfully.
C:\Program Files\Common Files\DVDVideoSoft\bin\ru-RU folder moved successfully.
C:\Program Files\Common Files\DVDVideoSoft\bin\pt-PT folder moved successfully.
C:\Program Files\Common Files\DVDVideoSoft\bin\pl-PL folder moved successfully.
C:\Program Files\Common Files\DVDVideoSoft\bin\nl-NL folder moved successfully.
C:\Program Files\Common Files\DVDVideoSoft\bin\ja-JP folder moved successfully.
C:\Program Files\Common Files\DVDVideoSoft\bin\it-IT folder moved successfully.
C:\Program Files\Common Files\DVDVideoSoft\bin\fr-FR folder moved successfully.
C:\Program Files\Common Files\DVDVideoSoft\bin\es-ES folder moved successfully.
C:\Program Files\Common Files\DVDVideoSoft\bin\de-DE folder moved successfully.
C:\Program Files\Common Files\DVDVideoSoft\bin folder moved successfully.
C:\Program Files\Common Files\DVDVideoSoft\AskTB folder moved successfully.
C:\Program Files\Common Files\DVDVideoSoft folder moved successfully.
C:\Windows\Tasks\User_Feed_Synchronization-{7BEF6E46-B76E-42DF-A45C-A639D7AB3593}.job moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job moved successfully.
C:\Windows\Tasks\Adobe Flash Player Updater.job moved successfully.
C:\Users\Felix\AppData\Roaming\blckdom.res moved successfully.
C:\Users\Felix\AppData\Roaming\13001.026\components folder moved successfully.
C:\Users\Felix\AppData\Roaming\13001.026 folder moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\Felix\Desktop\cmd.bat deleted successfully.
C:\Users\Felix\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Felix
->Temp folder emptied: 7996736 bytes
->Temporary Internet Files folder emptied: 140003306 bytes
->Java cache emptied: 9752844 bytes
->FireFox cache emptied: 275299698 bytes
->Apple Safari cache emptied: 29780992 bytes
->Opera cache emptied: 18868647 bytes
->Flash cache emptied: 314778 bytes

User: Justina
->Temp folder emptied: 6859314 bytes
->Temporary Internet Files folder emptied: 4754421 bytes
->Java cache emptied: 25493450 bytes
->Flash cache emptied: 405 bytes

User: Lisa Fee
->Temp folder emptied: 799483 bytes
->Temporary Internet Files folder emptied: 640837 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 533435820 bytes
->Flash cache emptied: 1400 bytes

User: Public

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: _ocster_backup_
->Temp folder emptied: 5140 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 240649966 bytes
RecycleBin emptied: 136830427 bytes

Total Files Cleaned = 1.365,00 mb

[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: Felix
->Flash cache emptied: 0 bytes

User: Justina
->Flash cache emptied: 0 bytes

User: Lisa Fee
->Flash cache emptied: 0 bytes

User: Public

User: UpdatusUser

User: _ocster_backup_

Total Flash Files Cleaned = 0,00 mb

OTL by OldTimer - Version 3.2.55.0 log created on 08012012_090126

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

t'john · 01.08.2012, 12:39

Sehr gut!

Wie laeuft der Rechner?

1. Schritt

Bitte einen Vollscan mit Malwarebytes Anti-Malware machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Malwarebytes Anti-Malware
- Anwendbar auf Windows 2000, XP, Vista und 7.
- Installiere das Programm in den vorgegebenen Pfad.
- Aktualisiere die Datenbank!
- Aktiviere "Komplett Scan durchführen" => Scan.
- Wähle alle verfügbaren Laufwerke (ausser CD/DVD) aus und starte den Scan.
- Funde bitte löschen lassen oder in Quarantäne.
- Wenn der Scan beendet ist, klicke auf "Zeige Resultate".

danach:

2. Schritt

Downloade Dir bitte AdwCleaner auf deinen Desktop.

Starte die adwcleaner.exe mit einem Doppelklick.
Klicke auf Search.
Nach Ende des Suchlaufs öffnet sich eine Textdatei.
Poste mir den Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner[R1].txt.

Feli2209 · 02.08.2012, 08:30

also der Rechner läuft seither stabil!!

hier die malware logdatei:

Malwarebytes Anti-Malware (Test) 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.08.02.02

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Felix :: FELIX-PC [Administrator]

Schutz: Deaktiviert

02.08.2012 07:53:39
mbam-log-2012-08-02 (07-53-39).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|H:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 559726
Laufzeit: 1 Stunde(n), 28 Minute(n),

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

und hier noch die log vom adwcleaner:

# AdwCleaner v1.800 - Logfile created 08/02/2012 at 09:28:01
# Updated 01/08/2012 by Xplode
# Operating system : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# User : Felix - FELIX-PC
# Running from : C:\Users\Felix\Desktop\adwcleaner.exe
# Option [Search]

***** [Services] *****

***** [Files / Folders] *****

Folder Found : C:\Users\Felix\AppData\Local\Babylon
Folder Found : C:\Users\Felix\AppData\Local\Conduit
Folder Found : C:\Users\Felix\AppData\Local\OpenCandy
Folder Found : C:\Users\Felix\AppData\LocalLow\Conduit
Folder Found : C:\Users\Felix\AppData\LocalLow\ConduitEngine
Folder Found : C:\Users\Felix\AppData\LocalLow\PriceGong
Folder Found : C:\Users\Felix\AppData\Roaming\Babylon
Folder Found : C:\Users\Felix\AppData\Roaming\OpenCandy
Folder Found : C:\Users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\e3ojcy8n.default\Conduit
Folder Found : C:\Users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\e3ojcy8n.default\ConduitCommon
Folder Found : C:\Users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\e3ojcy8n.default\CT1351351
Folder Found : C:\Users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\e3ojcy8n.default\CT2736476
Folder Found : C:\Users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\e3ojcy8n.default\extensions\{7e111a5c-3d11-4f56-9463-5310c3c69025}
Folder Found : C:\Users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\e3ojcy8n.default\extensions\{8dbb6d8e-e4a6-4e3b-9753-af78b226441c}
Folder Found : C:\ProgramData\Babylon
Folder Found : C:\Program Files\ConduitEngine
Folder Found : C:\Program Files\Common Files\spigot
File Found : C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml

***** [Registry] *****
[*] Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT1351351[*] Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2625848[*] Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2736476
Key Found : HKCU\Software\AppDataLow\Software\Conduit
Key Found : HKCU\Software\AppDataLow\Software\conduitEngine
Key Found : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Found : HKCU\Software\AppDataLow\Software\PriceGong
Key Found : HKCU\Software\AppDataLow\Software\SmartBar
Key Found : HKCU\Software\AppDataLow\Toolbar
Key Found : HKCU\Software\Ask.com.tmp
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\conduitEngine
Key Found : HKCU\Software\Softonic
Key Found : HKLM\SOFTWARE\Babylon
Key Found : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Found : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Found : HKLM\SOFTWARE\Conduit
Key Found : HKLM\SOFTWARE\conduitEngine
Key Found : HKLM\SOFTWARE\conduitEngine
Key Found : HKLM\SOFTWARE\DVDVideoSoftTB_DE
Key Found : HKLM\SOFTWARE\Freeware.de
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DVDVideoSoftTB_DE Toolbar
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Freeware.de Toolbar

***** [Registre - GUID] *****

Key Found : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Found : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{457EF9F0-0A7C-4302-B47B-C207A8DE8598}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{291BA3F8-BF81-433E-90F4-EFEC95F491F6}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{95CED0E1-80CC-4781-895B-7E2416F02706}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F4D3A948-3147-485B-A4AC-0AD8F7495585}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1BFF68F0-477E-420C-9E1E-89DBC114A04E}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{51F12873-DBD8-4627-A2FD-6527BDE933E4}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{34EF74C5-8CC9-450D-95B2-10998AF2FDB3}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{457EF9F0-0A7C-4302-B47B-C207A8DE8598}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{291BA3F8-BF81-433E-90F4-EFEC95F491F6}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0027DA2D-C9F2-4B0B-AE05-E2CD1BDB6CFF}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7E111A5C-3D11-4F56-9463-5310C3C69025}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0027DA2D-C9F2-4B0B-AE05-E2CD1BDB6CFF}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7E111A5C-3D11-4F56-9463-5310C3C69025}

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v13.0.1 (de)

Profile name : default
File : C:\Users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\e3ojcy8n.default\prefs.js

Found : user_pref("CT1351351..clientLogIsEnabled", false);
Found : user_pref("CT1351351..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Found : user_pref("CT1351351..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Found : user_pref("CT1351351.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
Found : user_pref("CT1351351.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Found : user_pref("CT1351351.BrowserCompStateIsOpen_129453389581694279", true);
Found : user_pref("CT1351351.BrowserCompStateIsOpen_129453389582163031", true);
Found : user_pref("CT1351351.BrowserCompStateIsOpen_129453389582631783", true);
Found : user_pref("CT1351351.BrowserCompStateIsOpen_129453389583100535", true);
Found : user_pref("CT1351351.BrowserCompStateIsOpen_129453389692163103", true);
Found : user_pref("CT1351351.BrowserCompStateIsOpen_129692681900652823", true);
Found : user_pref("CT1351351.BrowserCompStateIsOpen_129780206550191883", true);
Found : user_pref("CT1351351.BrowserCompStateIsOpen_129790614301634931", true);
Found : user_pref("CT1351351.BrowserCompStateIsOpen_1334738591000", true);
Found : user_pref("CT1351351.CT1351351", "CT1351351");
Found : user_pref("CT1351351.CurrentServerDate", "2-8-2012");
Found : user_pref("CT1351351.DialogsAlignMode", "LTR");
Found : user_pref("CT1351351.DialogsGetterLastCheckTime", "Tue Jul 31 2012 10:10:33 GMT+0200");
Found : user_pref("CT1351351.DownloadReferralCookieData", "");
Found : user_pref("CT1351351.EMailNotifierPollDate", "Fri Jun 01 2012 09:06:14 GMT+0200");
Found : user_pref("CT1351351.FeedLastCount4950394486774855536", 535);
Found : user_pref("CT1351351.FeedPollDate8460841777916979755", "Wed Apr 13 2011 11:21:34 GMT+0200");
Found : user_pref("CT1351351.FeedPollDate8460841778168472486", "Wed Apr 13 2011 11:21:24 GMT+0200");
Found : user_pref("CT1351351.FeedPollDate8460841778643554710", "Wed Apr 13 2011 11:21:34 GMT+0200");
Found : user_pref("CT1351351.FeedPollDate8460841778876838866", "Wed Apr 13 2011 11:21:24 GMT+0200");
Found : user_pref("CT1351351.FeedPollDate8460841778890169525", "Wed Apr 13 2011 11:21:24 GMT+0200");
Found : user_pref("CT1351351.FeedPollDate8460841779178137355", "Wed Apr 13 2011 11:21:34 GMT+0200");
Found : user_pref("CT1351351.FeedPollDate8460841779398821813", "Wed Apr 13 2011 11:21:34 GMT+0200");
Found : user_pref("CT1351351.FeedPollDate8460841779877633898", "Wed Apr 13 2011 11:21:24 GMT+0200");
Found : user_pref("CT1351351.FeedPollDate8460841780034027701", "Wed Apr 13 2011 11:21:34 GMT+0200");
Found : user_pref("CT1351351.FeedPollDate8460841780158106566", "Wed Apr 13 2011 11:21:34 GMT+0200");
Found : user_pref("CT1351351.FeedPollDate8460841780370849389", "Wed Apr 13 2011 11:21:34 GMT+0200");
Found : user_pref("CT1351351.FeedPollDate8460841780396954847", "Wed Apr 13 2011 11:21:24 GMT+0200");
Found : user_pref("CT1351351.FeedPollDate8460841780472503838", "Wed Apr 13 2011 11:21:34 GMT+0200");
Found : user_pref("CT1351351.FeedPollDate8460841780496740990", "Wed Apr 13 2011 11:21:24 GMT+0200");
Found : user_pref("CT1351351.FeedPollDate8460841780586298584", "Wed Apr 13 2011 11:21:24 GMT+0200");
Found : user_pref("CT1351351.FeedPollDate8460841781123156425", "Wed Apr 13 2011 11:21:34 GMT+0200");
Found : user_pref("CT1351351.FeedPollDate8460841781340557443", "Wed Apr 13 2011 11:21:34 GMT+0200");
Found : user_pref("CT1351351.FeedPollDate8460841781466489004", "Wed Apr 13 2011 11:21:34 GMT+0200");
Found : user_pref("CT1351351.FeedPollDate8460841781492272645", "Wed Apr 13 2011 11:21:34 GMT+0200");
Found : user_pref("CT1351351.FeedPollDate8460841781614876293", "Wed Apr 13 2011 11:21:24 GMT+0200");
Found : user_pref("CT1351351.FeedPollDate8460841781799867075", "Wed Apr 13 2011 11:21:34 GMT+0200");
Found : user_pref("CT1351351.FeedPollDate8460841781952182700", "Wed Apr 13 2011 11:21:34 GMT+0200");
Found : user_pref("CT1351351.FeedPollDate8460841781952444844", "Wed Apr 13 2011 11:21:34 GMT+0200");
Found : user_pref("CT1351351.FeedPollDate8460841781952510380", "Wed Apr 13 2011 11:21:34 GMT+0200");
Found : user_pref("CT1351351.FeedPollDate8460841781952575916", "Wed Apr 13 2011 11:21:34 GMT+0200");
Found : user_pref("CT1351351.FeedPollDate8460841781952641452", "Wed Apr 13 2011 11:21:34 GMT+0200");
Found : user_pref("CT1351351.FeedTTL8460841778168472486", 5);
Found : user_pref("CT1351351.FeedTTL8460841779398821813", 2);
Found : user_pref("CT1351351.FeedTTL8460841780158106566", 5);
Found : user_pref("CT1351351.FeedTTL8460841780496740990", 5);
Found : user_pref("CT1351351.FeedTTL8460841781340557443", 2);
Found : user_pref("CT1351351.FeedTTL8460841781492272645", 30);
Found : user_pref("CT1351351.FirstServerDate", "13-4-2011");
Found : user_pref("CT1351351.FirstTime", true);
Found : user_pref("CT1351351.FirstTimeFF3", true);
Found : user_pref("CT1351351.FixPageNotFoundErrors", true);
Found : user_pref("CT1351351.GroupingServerCheckInterval", 1440);
Found : user_pref("CT1351351.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Found : user_pref("CT1351351.HasUserGlobalKeys", true);
Found : user_pref("CT1351351.HomePageProtectorEnabled", false);
Found : user_pref("CT1351351.HomepageBeforeUnload", "hxxp://www.google.de/");
Found : user_pref("CT1351351.Initialize", true);
Found : user_pref("CT1351351.InitializeCommonPrefs", true);
Found : user_pref("CT1351351.InstallationAndCookieDataSentCount", 3);
Found : user_pref("CT1351351.InstallationType", "Unknown");
Found : user_pref("CT1351351.InstalledDate", "Wed Apr 13 2011 11:21:25 GMT+0200");
Found : user_pref("CT1351351.InvalidateCache", false);
Found : user_pref("CT1351351.IsAlertDBUpdated", true);
Found : user_pref("CT1351351.IsGrouping", false);
Found : user_pref("CT1351351.IsMulticommunity", false);
Found : user_pref("CT1351351.IsOpenThankYouPage", true);
Found : user_pref("CT1351351.IsOpenUninstallPage", true);
Found : user_pref("CT1351351.LanguagePackLastCheckTime", "Thu Aug 02 2012 09:24:44 GMT+0200");
Found : user_pref("CT1351351.LanguagePackReloadIntervalMM", 1440);
Found : user_pref("CT1351351.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Found : user_pref("CT1351351.LastLogin_3.12.0.7", "Wed Apr 25 2012 08:41:48 GMT+0200");
Found : user_pref("CT1351351.LastLogin_3.12.2.3", "Thu May 31 2012 11:21:47 GMT+0200");
Found : user_pref("CT1351351.LastLogin_3.13.0.6", "Sun Jul 15 2012 14:18:09 GMT+0200");
Found : user_pref("CT1351351.LastLogin_3.14.1.0", "Thu Aug 02 2012 07:46:48 GMT+0200");
Found : user_pref("CT1351351.LastLogin_3.3.3.2", "Wed Apr 13 2011 11:21:24 GMT+0200");
Found : user_pref("CT1351351.LatestVersion", "3.14.1.0");
Found : user_pref("CT1351351.Locale", "de-de");
Found : user_pref("CT1351351.MCDetectTooltipHeight", "83");
Found : user_pref("CT1351351.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Found : user_pref("CT1351351.MCDetectTooltipWidth", "295");
Found : user_pref("CT1351351.MyStuffEnabledAtInstallation", true);
Found : user_pref("CT1351351.RadioIsPodcast", false);
Found : user_pref("CT1351351.RadioLastCheckTime", "Thu May 31 2012 15:16:17 GMT+0200");
Found : user_pref("CT1351351.RadioLastUpdateIPServer", "3");
Found : user_pref("CT1351351.RadioLastUpdateServer", "128929877726170000");
Found : user_pref("CT1351351.RadioMediaID", "10531746");
Found : user_pref("CT1351351.RadioMediaType", "Media Player");
Found : user_pref("CT1351351.RadioMenuSelectedID", "EBRadioMenu_CT135135110531746");
Found : user_pref("CT1351351.RadioShrinkedFromSetup", false);
Found : user_pref("CT1351351.RadioStationName", "Antenne%20Bayern%20Top%2040");
Found : user_pref("CT1351351.RadioStationURL", "hxxp://channels.webradio.antenne.de/top-40");
Found : user_pref("CT1351351.SavedHomepage", "hxxp://www.google.de/");
Found : user_pref("CT1351351.SearchEngineBeforeUnload", "Google");
Found : user_pref("CT1351351.SearchFromAddressBarIsInit", true);
Found : user_pref("CT1351351.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT135[...]
Found : user_pref("CT1351351.SearchInNewTabEnabled", true);
Found : user_pref("CT1351351.SearchInNewTabIntervalMM", 1440);
Found : user_pref("CT1351351.SearchInNewTabLastCheckTime", "Thu Aug 02 2012 09:24:43 GMT+0200");
Found : user_pref("CT1351351.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Found : user_pref("CT1351351.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageServic[...]
Found : user_pref("CT1351351.SearchInNewTabUserEnabled", false);
Found : user_pref("CT1351351.SearchProtectorEnabled", false);
Found : user_pref("CT1351351.SearchProtectorToolbarDisabled", false);
Found : user_pref("CT1351351.ServiceMapLastCheckTime", "Thu Aug 02 2012 09:24:44 GMT+0200");
Found : user_pref("CT1351351.SettingsLastCheckTime", "Thu Aug 02 2012 07:46:46 GMT+0200");
Found : user_pref("CT1351351.SettingsLastUpdate", "1340631014");
Found : user_pref("CT1351351.ThirdPartyComponentsInterval", 504);
Found : user_pref("CT1351351.ThirdPartyComponentsLastCheck", "Thu May 31 2012 15:16:15 GMT+0200");
Found : user_pref("CT1351351.ThirdPartyComponentsLastUpdate", "1331806000");
Found : user_pref("CT1351351.ToolbarShrinkedFromSetup", false);
Found : user_pref("CT1351351.TrusteLinkUrl", "hxxp://trust.conduit.com/CT1351351");
Found : user_pref("CT1351351.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]
Found : user_pref("CT1351351.UserID", "UN16511903545124684");
Found : user_pref("CT1351351.ValidationData_Toolbar", 2);
Found : user_pref("CT1351351.WeatherNetwork", "");
Found : user_pref("CT1351351.WeatherPollDate", "Wed Apr 13 2011 11:21:25 GMT+0200");
Found : user_pref("CT1351351.WeatherUnit", "C");
Found : user_pref("CT1351351.alertChannelId", "669");
Found : user_pref("CT1351351.approveUntrustedApps", true);
Found : user_pref("CT1351351.backendstorage./9b+7e+x305", "247E27413334363379453A3D2A722C797A7E7A3128333B4D4[...]
Found : user_pref("CT1351351.backendstorage./9b+7e,x305", "247E28412F3F3E3779453A3D2A722C797B787D3128333C474[...]
Found : user_pref("CT1351351.backendstorage./9b+7e-x305", "247E2936303C363679453A3D2A722C797A207B3128333D462[...]
Found : user_pref("CT1351351.backendstorage./9b+7e.:2z527", "247E707571777278333228702A7B797B7B7E30273224262[...]
Found : user_pref("CT1351351.backendstorage./9b+7e.x305", "247E2A4137374434337A463B3E2B732D7A7D7C213229343F5[...]
Found : user_pref("CT1351351.backendstorage./9b+7e/x305", "247E2B413536327844393C29712B787C7B773027323E4C434[...]
Found : user_pref("CT1351351.backendstorage./9b+7e06cg5el8:", "6E6D6D6F717370746E74");
Found : user_pref("CT1351351.backendstorage./9b+7e06cg5el;8i:k", "247E2D2F226A747373757779767A747A242F4B4947[...]
Found : user_pref("CT1351351.backendstorage./9b+7e0x305", "247E2C403A407743383B28702A777C757D2F26313E4129554[...]
Found : user_pref("CT1351351.backendstorage./9b+7e1x305", "247E2D41313D403279453A3D2A722C7A77797E31283341473[...]
Found : user_pref("CT1351351.backendstorage./9b+7e2x305", "247E2E3542313D3D393A7B473C3F2C742E79207D322934435[...]
Found : user_pref("CT1351351.backendstorage./9b+7e31;cjc<=fbj#mm", "247E61393F236B257576737A2A212C6E414F444D[...]
Found : user_pref("CT1351351.backendstorage./9b+7e31;cjdjihl@af%peh", "247E61393F236B25767172727A2B222D6F425[...]
Found : user_pref("CT1351351.backendstorage./9b+7e3x305", "247E2F413F3B36333F47463F7D493E412E76307E222421352[...]
Found : user_pref("CT1351351.backendstorage./9b+7e4x305", "247E302C407642373A276F29777B74762E2530413E4F494A5[...]
Found : user_pref("CT1351351.backendstorage./9b+7e5x305", "247E3136422B7743383B28702A79757A772F2631434B3D495[...]
Found : user_pref("CT1351351.backendstorage./9b+7e6x305", "247E322C3E32323238453E7C483D402D752F7E7B2424342B3[...]
Found : user_pref("CT1351351.backendstorage./9b+7e7x305", "247E333D2C3F3E3F79453A3D2A722C7B7A797A31283347474[...]
Found : user_pref("CT1351351.backendstorage./9b+7e8x305", "247E343D3F3B35373B3F367C47472C742E7E7823322934495[...]
Found : user_pref("CT1351351.backendstorage./9b+7e9x305", "247E35332C3F327844393C29712B7B757979302732484C4F4[...]
Found : user_pref("CT1351351.backendstorage./9b+7e:x305", "247E36333B38327844393C29712B7B76797A3027324948554[...]
Found : user_pref("CT1351351.backendstorage./9b+7e;x305", "247E373F333F3738422F7B473C3F2C742E7E7A7A22332A354[...]
Found : user_pref("CT1351351.backendstorage./9b+7e<x305", "247E38343030442F463644377D493E412E7630217D2426352[...]
Found : user_pref("CT1351351.backendstorage./9b+7e=x305", "247E3933363F41413739357C483D402D752F207E2022342B3[...]
Found : user_pref("CT1351351.backendstorage./9b+7e>x305", "247E3A41363F323238387B473C3F2C742E7E20217C332A355[...]
Found : user_pref("CT1351351.backendstorage./9b+7e?x305", "247E3B2D2F2F334134403A3A7D494C2D752F2023207E342B3[...]
Found : user_pref("CT1351351.backendstorage./9b+7e@x305", "247E3C40422B7743383B28702A7B767E782F26314E52543D2[...]
Found : user_pref("CT1351351.backendstorage./9b+7eax305", "247E3D3D37387743383B28702A7B7A757E2F26314F4F544A5[...]
Found : user_pref("CT1351351.backendstorage./9b+7ebe3g=;d9n9=d", "372C2D326975762E3A3C7B3A39434A494841434B26[...]
Found : user_pref("CT1351351.backendstorage./9b+7ebx305", "247E3E393141303D33454036327E4A3F422F77317B7D23352[...]
Found : user_pref("CT1351351.backendstorage./9b+7ecx305", "247E3F3D303043312E7A463B3E2B732D7B207E31283353515[...]
Found : user_pref("CT1351351.backendstorage./9b+7edx305", "247E4035422A363879453A3D2A722C7D202F26315247543C4[...]
Found : user_pref("CT1351351.backendstorage./9b+7etx305", "247E6E2F2E3B323342357B44392B732D7A7B7B7C322934215[...]
Found : user_pref("CT1351351.backendstorage./9b-0?3g>d", "3A673D70703E74407A77487874207D787D7E257B7E22502A53[...]
Found : user_pref("CT1351351.backendstorage./9b-0?3g@6:5;", "");
Found : user_pref("CT1351351.backendstorage./9b-0?3gfa7ef", "2B2E2C3D");
Found : user_pref("CT1351351.backendstorage./9b-3=3eccja=f>", "247E333D2C452F4135276F292A212C393D44307832332[...]
Found : user_pref("CT1351351.backendstorage./9b/>01=9a6k6<im;krie@pdawm", "6A696B7273747576");
Found : user_pref("CT1351351.backendstorage./9b3=>@44i48?", "372C2D326975763342363341484776213F3E484F4E4D464[...]
Found : user_pref("CT1351351.backendstorage./9b5ba==9cjag", "696B3F71716D71727A7472774A4B4C48764D7C507E");
Found : user_pref("CT1351351.backendstorage./9b6b11g4c56b>f;p;anr@p", "6E6D6D6F717370737776707976");
Found : user_pref("CT1351351.backendstorage./9b9643g3/9e", "6A");
Found : user_pref("CT1351351.backendstorage./9b<:222h64<", "393F352F3E");
Found : user_pref("CT1351351.backendstorage./9b=+03eh8h8j?:", "4443");
Found : user_pref("CT1351351.backendstorage./9b?+e2a52d8", "372C2D326975762E3A3C7B3A39434A494841434B26514649[...]
Found : user_pref("CT1351351.backendstorage./9b?b0d:8aj62<h", "6D");
Found : user_pref("CT1351351.backendstorage./9ba@0<0bi6a7gn:6@l?", "6E6B");
Found : user_pref("CT1351351.backendstorage.autocompletepro_enable", "31");
Found : user_pref("CT1351351.backendstorage.autocompletepro_enable_auto", "31");
Found : user_pref("CT1351351.backendstorage.ct1351351isadsdisabled", "66616C7365");
Found : user_pref("CT1351351.backendstorage.facebook_ctid_connect_send_new", "73656E646564");
Found : user_pref("CT1351351.backendstorage.facebook_mode", "32");
Found : user_pref("CT1351351.backendstorage.facebook_user_locale", "6465");
Found : user_pref("CT1351351.backendstorage.hxxp://cmg1_conduit-widgets_com/pitsi.state", "4F50454E");
Found : user_pref("CT1351351.backendstorage.printitgreenstatus", "74727565");
Found : user_pref("CT1351351.backendstorage.shoppingapp.gk.exipres", "546875204A756C20323620323031322031343A[...]
Found : user_pref("CT1351351.backendstorage.shoppingapp.gk.geolocation", "6765726D616E79");
Found : user_pref("CT1351351.backendstorage.ytapp_dailyactivity", "31333032363836343838303438");
Found : user_pref("CT1351351.backendstorage.ytapp_lifetimesent", "54525545");
Found : user_pref("CT1351351.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]
Found : user_pref("CT1351351.globalFirstTimeInfoLastCheckTime", "Thu May 31 2012 15:16:16 GMT+0200");
Found : user_pref("CT1351351.homepageProtectorEnableByLogin", true);
Found : user_pref("CT1351351.initDone", true);
Found : user_pref("CT1351351.isAppTrackingManagerOn", true);
Found : user_pref("CT1351351.isFirstRadioInstallation", false);
Found : user_pref("CT1351351.myStuffEnabled", true);
Found : user_pref("CT1351351.myStuffPublihserMinWidth", 400);
Found : user_pref("CT1351351.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Found : user_pref("CT1351351.myStuffServiceIntervalMM", 1440);
Found : user_pref("CT1351351.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Found : user_pref("CT1351351.oldAppsList", "128325851945531999,128541998593412748,111,129790614301634931,129[...]
Found : user_pref("CT1351351.revertSettingsEnabled", true);
Found : user_pref("CT1351351.searchProtectorDialogDelayInSec", 10);
Found : user_pref("CT1351351.searchProtectorEnableByLogin", true);
Found : user_pref("CT1351351.testingCtid", "");
Found : user_pref("CT1351351.toolbarAppMetaDataLastCheckTime", "Thu Aug 02 2012 09:24:44 GMT+0200");
Found : user_pref("CT1351351.toolbarContextMenuLastCheckTime", "Thu May 31 2012 15:16:16 GMT+0200");
Found : user_pref("CT1351351.usagesFlag", 2);
Found : user_pref("CT2736476..clientLogIsEnabled", false);
Found : user_pref("CT2736476..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Found : user_pref("CT2736476..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Found : user_pref("CT2736476.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
Found : user_pref("CT2736476.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Found : user_pref("CT2736476.CTID", "ct2736476");
Found : user_pref("CT2736476.CurrentServerDate", "2-8-2012");
Found : user_pref("CT2736476.DialogsAlignMode", "LTR");
Found : user_pref("CT2736476.DialogsGetterLastCheckTime", "Tue Jul 31 2012 10:10:35 GMT+0200");
Found : user_pref("CT2736476.DownloadReferralCookieData", "");
Found : user_pref("CT2736476.FeedPollDate129257621460541612", "Thu Sep 15 2011 17:18:22 GMT+0200");
Found : user_pref("CT2736476.FeedPollDate129257621968979554", "Thu Sep 15 2011 17:18:22 GMT+0200");
Found : user_pref("CT2736476.FeedPollDate129258323135539557", "Thu Sep 15 2011 17:18:22 GMT+0200");
Found : user_pref("CT2736476.FirstServerDate", "15-9-2011");
Found : user_pref("CT2736476.FirstTime", true);
Found : user_pref("CT2736476.FirstTimeFF3", true);
Found : user_pref("CT2736476.FixPageNotFoundErrors", true);
Found : user_pref("CT2736476.GroupingServerCheckInterval", 1440);
Found : user_pref("CT2736476.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Found : user_pref("CT2736476.HasUserGlobalKeys", true);
Found : user_pref("CT2736476.Initialize", true);
Found : user_pref("CT2736476.InitializeCommonPrefs", true);
Found : user_pref("CT2736476.InstallationAndCookieDataSentCount", 3);
Found : user_pref("CT2736476.InstallationId", "ConduitStubGeneric");
Found : user_pref("CT2736476.InstallationType", "ConduitStubIntegration");
Found : user_pref("CT2736476.InstalledDate", "Thu Sep 15 2011 17:18:21 GMT+0200");
Found : user_pref("CT2736476.IsGrouping", false);
Found : user_pref("CT2736476.IsInitSetupIni", true);
Found : user_pref("CT2736476.IsMulticommunity", false);
Found : user_pref("CT2736476.IsOpenThankYouPage", false);
Found : user_pref("CT2736476.IsOpenUninstallPage", true);
Found : user_pref("CT2736476.LanguagePackLastCheckTime", "Thu Sep 15 2011 17:18:22 GMT+0200");
Found : user_pref("CT2736476.LanguagePackReloadIntervalMM", 1440);
Found : user_pref("CT2736476.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Found : user_pref("CT2736476.LastLogin_3.12.2.3", "Tue Jun 05 2012 14:36:37 GMT+0200");
Found : user_pref("CT2736476.LastLogin_3.13.0.6", "Sun Jul 15 2012 14:18:10 GMT+0200");
Found : user_pref("CT2736476.LastLogin_3.14.1.0", "Thu Aug 02 2012 07:46:54 GMT+0200");
Found : user_pref("CT2736476.LastLogin_3.6.0.10", "Thu Sep 15 2011 17:18:22 GMT+0200");
Found : user_pref("CT2736476.LatestVersion", "3.14.1.0");
Found : user_pref("CT2736476.Locale", "de");
Found : user_pref("CT2736476.MCDetectTooltipHeight", "83");
Found : user_pref("CT2736476.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Found : user_pref("CT2736476.MCDetectTooltipWidth", "295");
Found : user_pref("CT2736476.MyStuffEnabledAtInstallation", true);
Found : user_pref("CT2736476.OriginalFirstVersion", "3.6.0.10");
Found : user_pref("CT2736476.RadioIsPodcast", false);
Found : user_pref("CT2736476.RadioMediaID", "21930450");
Found : user_pref("CT2736476.RadioMediaType", "Media Player");
Found : user_pref("CT2736476.RadioMenuSelectedID", "EBRadioMenu_CT273647621930450");
Found : user_pref("CT2736476.RadioShrinkedFromSetup", false);
Found : user_pref("CT2736476.RadioStationName", "California%20Rock%20-%20Rock");
Found : user_pref("CT2736476.RadioStationURL", "hxxp://www.feedlive.net/california.asx");
Found : user_pref("CT2736476.SavedHomepage", "hxxp://www.google.de/");
Found : user_pref("CT2736476.SearchFromAddressBarIsInit", true);
Found : user_pref("CT2736476.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT273[...]
Found : user_pref("CT2736476.SearchInNewTabEnabled", true);
Found : user_pref("CT2736476.SearchInNewTabIntervalMM", 1440);
Found : user_pref("CT2736476.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Found : user_pref("CT2736476.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageServic[...]
Found : user_pref("CT2736476.ServiceMapLastCheckTime", "Thu Aug 02 2012 09:25:09 GMT+0200");
Found : user_pref("CT2736476.SettingsLastCheckTime", "Thu Sep 15 2011 17:18:21 GMT+0200");
Found : user_pref("CT2736476.SettingsLastUpdate", "1314704766");
Found : user_pref("CT2736476.ThirdPartyComponentsInterval", 504);
Found : user_pref("CT2736476.ThirdPartyComponentsLastCheck", "Thu Sep 15 2011 17:18:21 GMT+0200");
Found : user_pref("CT2736476.ThirdPartyComponentsLastUpdate", "1255344657");
Found : user_pref("CT2736476.ToolbarShrinkedFromSetup", false);
Found : user_pref("CT2736476.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2736476");
Found : user_pref("CT2736476.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]
Found : user_pref("CT2736476.UserID", "UN71483670291142434");
Found : user_pref("CT2736476.alertChannelId", "1128724");
Found : user_pref("CT2736476.ct2736476.DialogsAlignMode", "LTR");
Found : user_pref("CT2736476.ct2736476.FeedLastCount129257621460541612", 0);
Found : user_pref("CT2736476.ct2736476.FeedLastCount129257621968979554", 0);
Found : user_pref("CT2736476.ct2736476.FeedLastCount129258323135539557", 0);
Found : user_pref("CT2736476.ct2736476.InvalidateCache", false);
Found : user_pref("CT2736476.ct2736476.LanguagePackLastCheckTime", "Wed Aug 01 2012 08:49:17 GMT+0200");
Found : user_pref("CT2736476.ct2736476.Locale", "de");
Found : user_pref("CT2736476.ct2736476.RadioLastCheckTime", "Thu Sep 15 2011 17:18:23 GMT+0200");
Found : user_pref("CT2736476.ct2736476.RadioLastUpdateIPServer", "3");
Found : user_pref("CT2736476.ct2736476.RadioLastUpdateServer", "129570411865130000");
Found : user_pref("CT2736476.ct2736476.SearchInNewTabLastCheckTime", "Thu Aug 02 2012 09:25:10 GMT+0200");
Found : user_pref("CT2736476.ct2736476.SettingsLastCheckTime", "Thu Aug 02 2012 07:46:53 GMT+0200");
Found : user_pref("CT2736476.ct2736476.SettingsLastUpdate", "1343736296");
Found : user_pref("CT2736476.ct2736476.ThirdPartyComponentsLastCheck", "Thu Sep 15 2011 17:18:21 GMT+0200");
Found : user_pref("CT2736476.ct2736476.ThirdPartyComponentsLastUpdate", "1255344657");
Found : user_pref("CT2736476.ct2736476.globalFirstTimeInfoLastCheckTime", "Thu Sep 15 2011 17:18:23 GMT+0200[...]
Found : user_pref("CT2736476.ct2736476.toolbarAppMetaDataLastCheckTime", "Wed Aug 01 2012 08:49:17 GMT+0200"[...]
Found : user_pref("CT2736476.ct2736476.toolbarContextMenuLastCheckTime", "Thu Sep 15 2011 17:18:23 GMT+0200"[...]
Found : user_pref("CT2736476.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]
Found : user_pref("CT2736476.globalFirstTimeInfoLastCheckTime", "Thu Sep 15 2011 17:18:22 GMT+0200");
Found : user_pref("CT2736476.homepageProtectorEnableByLogin", true);
Found : user_pref("CT2736476.initDone", true);
Found : user_pref("CT2736476.isAppTrackingManagerOn", true);
Found : user_pref("CT2736476.isFirstRadioInstallation", false);
Found : user_pref("CT2736476.myStuffEnabled", true);
Found : user_pref("CT2736476.myStuffPublihserMinWidth", 400);
Found : user_pref("CT2736476.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Found : user_pref("CT2736476.myStuffServiceIntervalMM", 1440);
Found : user_pref("CT2736476.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Found : user_pref("CT2736476.revertSettingsEnabled", true);
Found : user_pref("CT2736476.searchProtectorDialogDelayInSec", 10);
Found : user_pref("CT2736476.searchProtectorEnableByLogin", true);
Found : user_pref("CT2736476.testingCtid", "");
Found : user_pref("CT2736476.toolbarAppMetaDataLastCheckTime", "Thu Sep 15 2011 17:18:21 GMT+0200");
Found : user_pref("CT2736476.toolbarContextMenuLastCheckTime", "Thu Sep 15 2011 17:18:22 GMT+0200");
Found : user_pref("CT2736476.undefined", "Thu Sep 15 2011 17:18:22 GMT+0200");
Found : user_pref("CT2736476.usagesFlag", 2);
Found : user_pref("CommunityToolbar.CantToolbarBeEngineOwner", "CT2438727");
Found : user_pref("CommunityToolbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT2736476&Search[...]
Found : user_pref("CommunityToolbar.ConduitSearchList", "Freeware.de Customized Web Search");
Found : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT1351351/CT1351351[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2438727/CT2438727[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/ct2736476/CT2736476[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/669/669/DE", "\"0\"");
Found : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/832836/828639/DE", "\"0\"")[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/909619/905414/DE", "\"0\"")[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT1351351", [...]
Found : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2438727", [...]
Found : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2736476", [...]
Found : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=ct2736476", [...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.engine.conduit-services.com/DLG.pkg?ver=3.3.3[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.13[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.14[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.3.[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.6.[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT1351351",[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2438727",[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2736476",[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=0", "63[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=3/13/20[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.conduit-services.com/?ctid=CT2736476&octid=[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.conduit-services.com/?ctid=ct2736476&octid=[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/CT1351351/CT1351351[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/CT2438727/CT2438727[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/27/243/CT2438727/Images/Blank.png", "\"2[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/7/176/CT1764407/Images/63421989998628125[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Chrome/Idle.GIF", [...]
Found : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Chrome/mini.gif", [...]
Found : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Chrome/play.gif", [...]
Found : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Chrome/stop.gif", [...]
Found : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Chrome/volume.gif"[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Midnight/equalizer[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Midnight/minimize.[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Midnight/play.gif"[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Midnight/stop.gif"[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Midnight/vol.gif",[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/images/skins/zynga/seperator.gif", "\"46[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=EB_LOCALE",[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=de", "\"d12[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=de-de", "\"[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"21b[...]
Found : user_pref("CommunityToolbar.EngineOwner", "");
Found : user_pref("CommunityToolbar.EngineOwnerGuid", "{8dbb6d8e-e4a6-4e3b-9753-af78b226441c}");
Found : user_pref("CommunityToolbar.EngineOwnerToolbarId", "softonic_deutsch");
Found : user_pref("CommunityToolbar.IsEngineShown", true);
Found : user_pref("CommunityToolbar.IsMyStuffImportedToEngine", true);
Found : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\Felix\\AppData\\Roaming\\Mozilla\\F[...]
Found : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.13.0.6");
Found : user_pref("CommunityToolbar.MiniIPageGadgetSize.hxxp://pgcff.pricegong.com/agreement/agree.html#pg_e[...]
Found : user_pref("CommunityToolbar.OriginalEngineOwner", "CT1351351");
Found : user_pref("CommunityToolbar.OriginalEngineOwnerGuid", "{8dbb6d8e-e4a6-4e3b-9753-af78b226441c}");
Found : user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", "softonic_deutsch");
Found : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "hxxp://search.icq.com/search/afe_results[...]
Found : user_pref("CommunityToolbar.ToolbarsList", "CT1351351,CT2736476");
Found : user_pref("CommunityToolbar.ToolbarsList2", "CT1351351,CT2736476");
Found : user_pref("CommunityToolbar.ToolbarsList4", "CT2736476");
Found : user_pref("CommunityToolbar.alert.alertDialogsGetterLastCheckTime", "Wed Jun 08 2011 19:48:42 GMT+02[...]
Found : user_pref("CommunityToolbar.alert.alertEnabled", true);
Found : user_pref("CommunityToolbar.alert.alertInfoInterval", 1440);
Found : user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Wed Jun 22 2011 19:01:45 GMT+0200");
Found : user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com");
Found : user_pref("CommunityToolbar.alert.locale", "en");
Found : user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);
Found : user_pref("CommunityToolbar.alert.loginLastCheckTime", "Thu Jun 23 2011 16:47:30 GMT+0200");
Found : user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1305622559");
Found : user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);
Found : user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");
Found : user_pref("CommunityToolbar.alert.showTrayIcon", false);
Found : user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);
Found : user_pref("CommunityToolbar.alert.userId", "{2ef4833f-b878-4ec9-bb22-490c8ec401a8}");
Found : user_pref("CommunityToolbar.globalUserId", "95869a3f-6302-4f81-b297-487d8cda8899");
Found : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Found : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Found : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT1351351");
Found : user_pref("CommunityToolbar.killedEngine", true);
Found : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Thu May 31 2012 15:16:2[...]
Found : user_pref("CommunityToolbar.notifications.alertEnabled", true);
Found : user_pref("CommunityToolbar.notifications.alertInfoInterval", 1440);
Found : user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Fri Jun 01 2012 09:01:23 GMT+020[...]
Found : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");
Found : user_pref("CommunityToolbar.notifications.locale", "en");
Found : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);
Found : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Thu May 31 2012 15:16:19 GMT+0200");
Found : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");
Found : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
Found : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");
Found : user_pref("CommunityToolbar.notifications.showTrayIcon", false);
Found : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
Found : user_pref("CommunityToolbar.notifications.userId", "13e5d53c-49b8-4715-82e7-e6ab16ef2ce1");
Found : user_pref("CommunityToolbar.undefined", "");
Found : user_pref("browser.babylon.HPOnNewTab", "search.babylon.com");
Found : user_pref("extensions.BabylonToolbar.bbDpng", 21);
Found : user_pref("extensions.BabylonToolbar.cntry", "DE");
Found : user_pref("extensions.BabylonToolbar.firstRun", false);
Found : user_pref("extensions.BabylonToolbar.hdrMd5", "A8953EC9A12F0DE5C5336BF91F22561E");
Found : user_pref("extensions.BabylonToolbar.id", "26ae7d46ef774b91897baeb588226d63");
Found : user_pref("extensions.BabylonToolbar.instlDay", "15174");
Found : user_pref("extensions.BabylonToolbar.lastActv", "21");
Found : user_pref("extensions.BabylonToolbar.lastDP", 21);
Found : user_pref("extensions.BabylonToolbar.lastVrsnTs", "1.4.31.20:19:49");
Found : user_pref("extensions.BabylonToolbar.newTab", true);
Found : user_pref("extensions.BabylonToolbar.newTabUrl", "hxxp://search.babylon.com/?babsrc=NT_bb");
Found : user_pref("extensions.BabylonToolbar.ptch_0717", true);
Found : user_pref("extensions.BabylonToolbar.sid", "26ae7d46ef774b91897baeb588226d63");
Found : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1351351&q=");

Profile name : default
File : C:\Users\Lisa Fee\AppData\Roaming\Mozilla\Firefox\Profiles\kqitfnk2.default\prefs.js

[OK] File is clean.

-\\ Opera v [Unable to get version]

File : C:\Users\Felix\AppData\Roaming\Opera\Opera\operaprefs.ini

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [43505 octets] - [02/08/2012 09:28:01]

########## EOF - C:\AdwCleaner[R1].txt - [43634 octets] ##########

t'john · 02.08.2012, 12:34

Sehr gut!

Schließe alle offenen Programme und Browser.
Starte die adwcleaner.exe mit einem Doppelklick.
Klicke auf Delete.
Bestätige jeweils mit Ok.
Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
Poste mir den Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner[S1].txt.

danach:

Malware-Scan mit Emsisoft Anti-Malware

Lade die Gratisversion von => Emsisoft Anti-Malware herunter und installiere das Programm.
Lade über Jetzt Updaten die aktuellen Signaturen herunter.
Wähle den Freeware-Modus aus.

Wähle Detail Scan und starte über den Button Scan die Überprüfung des Computers.
Am Ende des Scans nichts loeschen lassen!. Mit Klick auf Bericht speichern das Logfile auf dem Desktop speichern und hier in den Thread posten.

Anleitung: http://www.trojaner-board.de/103809-...i-malware.html

Feli2209 · 02.08.2012, 13:35

So, jetzt mal Log vom AWDcleaner:

# AdwCleaner v1.800 - Logfile created 08/02/2012 at 14:21:32
# Updated 01/08/2012 by Xplode
# Operating system : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# User : Felix - FELIX-PC
# Running from : C:\Users\Felix\Desktop\adwcleaner.exe
# Option [Delete]

***** [Services] *****

***** [Files / Folders] *****

Folder Deleted : C:\Users\Felix\AppData\Local\Babylon
Folder Deleted : C:\Users\Felix\AppData\Local\Conduit
Folder Deleted : C:\Users\Felix\AppData\Local\OpenCandy
Folder Deleted : C:\Users\Felix\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Felix\AppData\LocalLow\ConduitEngine
Folder Deleted : C:\Users\Felix\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\Felix\AppData\Roaming\Babylon
Folder Deleted : C:\Users\Felix\AppData\Roaming\OpenCandy
Folder Deleted : C:\Users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\e3ojcy8n.default\Conduit
Folder Deleted : C:\Users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\e3ojcy8n.default\ConduitCommon
Folder Deleted : C:\Users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\e3ojcy8n.default\CT1351351
Folder Deleted : C:\Users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\e3ojcy8n.default\CT2736476
Folder Deleted : C:\Users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\e3ojcy8n.default\extensions\{7e111a5c-3d11-4f56-9463-5310c3c69025}
Folder Deleted : C:\Users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\e3ojcy8n.default\extensions\{8dbb6d8e-e4a6-4e3b-9753-af78b226441c}
Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\Program Files\ConduitEngine
Folder Deleted : C:\Program Files\Common Files\spigot
File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml

***** [Registry] *****
[*] Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT1351351[*] Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2625848[*] Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2736476
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\conduitEngine
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\Ask.com.tmp
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\conduitEngine
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKLM\SOFTWARE\Babylon
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Deleted : HKLM\SOFTWARE\Conduit
Key Deleted : HKLM\SOFTWARE\conduitEngine
Key Deleted : HKLM\SOFTWARE\DVDVideoSoftTB_DE
Key Deleted : HKLM\SOFTWARE\Freeware.de
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DVDVideoSoftTB_DE Toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Freeware.de Toolbar

***** [Registre - GUID] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{457EF9F0-0A7C-4302-B47B-C207A8DE8598}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{291BA3F8-BF81-433E-90F4-EFEC95F491F6}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{95CED0E1-80CC-4781-895B-7E2416F02706}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F4D3A948-3147-485B-A4AC-0AD8F7495585}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1BFF68F0-477E-420C-9E1E-89DBC114A04E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{51F12873-DBD8-4627-A2FD-6527BDE933E4}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{34EF74C5-8CC9-450D-95B2-10998AF2FDB3}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{457EF9F0-0A7C-4302-B47B-C207A8DE8598}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{291BA3F8-BF81-433E-90F4-EFEC95F491F6}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0027DA2D-C9F2-4B0B-AE05-E2CD1BDB6CFF}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7E111A5C-3D11-4F56-9463-5310C3C69025}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0027DA2D-C9F2-4B0B-AE05-E2CD1BDB6CFF}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7E111A5C-3D11-4F56-9463-5310C3C69025}

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v13.0.1 (de)

Profile name : default
File : C:\Users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\e3ojcy8n.default\prefs.js

C:\Users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\e3ojcy8n.default\user.js ... Deleted !

Deleted : user_pref("CT1351351..clientLogIsEnabled", false);
Deleted : user_pref("CT1351351..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Deleted : user_pref("CT1351351..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Deleted : user_pref("CT1351351.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
Deleted : user_pref("CT1351351.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Deleted : user_pref("CT1351351.BrowserCompStateIsOpen_129453389581694279", true);
Deleted : user_pref("CT1351351.BrowserCompStateIsOpen_129453389582163031", true);
Deleted : user_pref("CT1351351.BrowserCompStateIsOpen_129453389582631783", true);
Deleted : user_pref("CT1351351.BrowserCompStateIsOpen_129453389583100535", true);
Deleted : user_pref("CT1351351.BrowserCompStateIsOpen_129453389692163103", true);
Deleted : user_pref("CT1351351.BrowserCompStateIsOpen_129692681900652823", true);
Deleted : user_pref("CT1351351.BrowserCompStateIsOpen_129780206550191883", true);
Deleted : user_pref("CT1351351.BrowserCompStateIsOpen_129790614301634931", true);
Deleted : user_pref("CT1351351.BrowserCompStateIsOpen_1334738591000", true);
Deleted : user_pref("CT1351351.CT1351351", "CT1351351");
Deleted : user_pref("CT1351351.CurrentServerDate", "2-8-2012");
Deleted : user_pref("CT1351351.DialogsAlignMode", "LTR");
Deleted : user_pref("CT1351351.DialogsGetterLastCheckTime", "Tue Jul 31 2012 10:10:33 GMT+0200");
Deleted : user_pref("CT1351351.DownloadReferralCookieData", "");
Deleted : user_pref("CT1351351.EMailNotifierPollDate", "Fri Jun 01 2012 09:06:14 GMT+0200");
Deleted : user_pref("CT1351351.FeedLastCount4950394486774855536", 535);
Deleted : user_pref("CT1351351.FeedPollDate8460841777916979755", "Wed Apr 13 2011 11:21:34 GMT+0200");
Deleted : user_pref("CT1351351.FeedPollDate8460841778168472486", "Wed Apr 13 2011 11:21:24 GMT+0200");
Deleted : user_pref("CT1351351.FeedPollDate8460841778643554710", "Wed Apr 13 2011 11:21:34 GMT+0200");
Deleted : user_pref("CT1351351.FeedPollDate8460841778876838866", "Wed Apr 13 2011 11:21:24 GMT+0200");
Deleted : user_pref("CT1351351.FeedPollDate8460841778890169525", "Wed Apr 13 2011 11:21:24 GMT+0200");
Deleted : user_pref("CT1351351.FeedPollDate8460841779178137355", "Wed Apr 13 2011 11:21:34 GMT+0200");
Deleted : user_pref("CT1351351.FeedPollDate8460841779398821813", "Wed Apr 13 2011 11:21:34 GMT+0200");
Deleted : user_pref("CT1351351.FeedPollDate8460841779877633898", "Wed Apr 13 2011 11:21:24 GMT+0200");
Deleted : user_pref("CT1351351.FeedPollDate8460841780034027701", "Wed Apr 13 2011 11:21:34 GMT+0200");
Deleted : user_pref("CT1351351.FeedPollDate8460841780158106566", "Wed Apr 13 2011 11:21:34 GMT+0200");
Deleted : user_pref("CT1351351.FeedPollDate8460841780370849389", "Wed Apr 13 2011 11:21:34 GMT+0200");
Deleted : user_pref("CT1351351.FeedPollDate8460841780396954847", "Wed Apr 13 2011 11:21:24 GMT+0200");
Deleted : user_pref("CT1351351.FeedPollDate8460841780472503838", "Wed Apr 13 2011 11:21:34 GMT+0200");
Deleted : user_pref("CT1351351.FeedPollDate8460841780496740990", "Wed Apr 13 2011 11:21:24 GMT+0200");
Deleted : user_pref("CT1351351.FeedPollDate8460841780586298584", "Wed Apr 13 2011 11:21:24 GMT+0200");
Deleted : user_pref("CT1351351.FeedPollDate8460841781123156425", "Wed Apr 13 2011 11:21:34 GMT+0200");
Deleted : user_pref("CT1351351.FeedPollDate8460841781340557443", "Wed Apr 13 2011 11:21:34 GMT+0200");
Deleted : user_pref("CT1351351.FeedPollDate8460841781466489004", "Wed Apr 13 2011 11:21:34 GMT+0200");
Deleted : user_pref("CT1351351.FeedPollDate8460841781492272645", "Wed Apr 13 2011 11:21:34 GMT+0200");
Deleted : user_pref("CT1351351.FeedPollDate8460841781614876293", "Wed Apr 13 2011 11:21:24 GMT+0200");
Deleted : user_pref("CT1351351.FeedPollDate8460841781799867075", "Wed Apr 13 2011 11:21:34 GMT+0200");
Deleted : user_pref("CT1351351.FeedPollDate8460841781952182700", "Wed Apr 13 2011 11:21:34 GMT+0200");
Deleted : user_pref("CT1351351.FeedPollDate8460841781952444844", "Wed Apr 13 2011 11:21:34 GMT+0200");
Deleted : user_pref("CT1351351.FeedPollDate8460841781952510380", "Wed Apr 13 2011 11:21:34 GMT+0200");
Deleted : user_pref("CT1351351.FeedPollDate8460841781952575916", "Wed Apr 13 2011 11:21:34 GMT+0200");
Deleted : user_pref("CT1351351.FeedPollDate8460841781952641452", "Wed Apr 13 2011 11:21:34 GMT+0200");
Deleted : user_pref("CT1351351.FeedTTL8460841778168472486", 5);
Deleted : user_pref("CT1351351.FeedTTL8460841779398821813", 2);
Deleted : user_pref("CT1351351.FeedTTL8460841780158106566", 5);
Deleted : user_pref("CT1351351.FeedTTL8460841780496740990", 5);
Deleted : user_pref("CT1351351.FeedTTL8460841781340557443", 2);
Deleted : user_pref("CT1351351.FeedTTL8460841781492272645", 30);
Deleted : user_pref("CT1351351.FirstServerDate", "13-4-2011");
Deleted : user_pref("CT1351351.FirstTime", true);
Deleted : user_pref("CT1351351.FirstTimeFF3", true);
Deleted : user_pref("CT1351351.FixPageNotFoundErrors", true);
Deleted : user_pref("CT1351351.GroupingServerCheckInterval", 1440);
Deleted : user_pref("CT1351351.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Deleted : user_pref("CT1351351.HasUserGlobalKeys", true);
Deleted : user_pref("CT1351351.HomePageProtectorEnabled", false);
Deleted : user_pref("CT1351351.HomepageBeforeUnload", "hxxp://www.google.de/");
Deleted : user_pref("CT1351351.Initialize", true);
Deleted : user_pref("CT1351351.InitializeCommonPrefs", true);
Deleted : user_pref("CT1351351.InstallationAndCookieDataSentCount", 3);
Deleted : user_pref("CT1351351.InstallationType", "Unknown");
Deleted : user_pref("CT1351351.InstalledDate", "Wed Apr 13 2011 11:21:25 GMT+0200");
Deleted : user_pref("CT1351351.InvalidateCache", false);
Deleted : user_pref("CT1351351.IsAlertDBUpdated", true);
Deleted : user_pref("CT1351351.IsGrouping", false);
Deleted : user_pref("CT1351351.IsMulticommunity", false);
Deleted : user_pref("CT1351351.IsOpenThankYouPage", true);
Deleted : user_pref("CT1351351.IsOpenUninstallPage", true);
Deleted : user_pref("CT1351351.LanguagePackLastCheckTime", "Thu Aug 02 2012 09:24:44 GMT+0200");
Deleted : user_pref("CT1351351.LanguagePackReloadIntervalMM", 1440);
Deleted : user_pref("CT1351351.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Deleted : user_pref("CT1351351.LastLogin_3.12.0.7", "Wed Apr 25 2012 08:41:48 GMT+0200");
Deleted : user_pref("CT1351351.LastLogin_3.12.2.3", "Thu May 31 2012 11:21:47 GMT+0200");
Deleted : user_pref("CT1351351.LastLogin_3.13.0.6", "Sun Jul 15 2012 14:18:09 GMT+0200");
Deleted : user_pref("CT1351351.LastLogin_3.14.1.0", "Thu Aug 02 2012 11:46:48 GMT+0200");
Deleted : user_pref("CT1351351.LastLogin_3.3.3.2", "Wed Apr 13 2011 11:21:24 GMT+0200");
Deleted : user_pref("CT1351351.LatestVersion", "3.14.1.0");
Deleted : user_pref("CT1351351.Locale", "de-de");
Deleted : user_pref("CT1351351.MCDetectTooltipHeight", "83");
Deleted : user_pref("CT1351351.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Deleted : user_pref("CT1351351.MCDetectTooltipWidth", "295");
Deleted : user_pref("CT1351351.MyStuffEnabledAtInstallation", true);
Deleted : user_pref("CT1351351.RadioIsPodcast", false);
Deleted : user_pref("CT1351351.RadioLastCheckTime", "Thu May 31 2012 15:16:17 GMT+0200");
Deleted : user_pref("CT1351351.RadioLastUpdateIPServer", "3");
Deleted : user_pref("CT1351351.RadioLastUpdateServer", "128929877726170000");
Deleted : user_pref("CT1351351.RadioMediaID", "10531746");
Deleted : user_pref("CT1351351.RadioMediaType", "Media Player");
Deleted : user_pref("CT1351351.RadioMenuSelectedID", "EBRadioMenu_CT135135110531746");
Deleted : user_pref("CT1351351.RadioShrinkedFromSetup", false);
Deleted : user_pref("CT1351351.RadioStationName", "Antenne%20Bayern%20Top%2040");
Deleted : user_pref("CT1351351.RadioStationURL", "hxxp://channels.webradio.antenne.de/top-40");
Deleted : user_pref("CT1351351.SavedHomepage", "hxxp://www.google.de/");
Deleted : user_pref("CT1351351.SearchEngineBeforeUnload", "Google");
Deleted : user_pref("CT1351351.SearchFromAddressBarIsInit", true);
Deleted : user_pref("CT1351351.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT135[...]
Deleted : user_pref("CT1351351.SearchInNewTabEnabled", true);
Deleted : user_pref("CT1351351.SearchInNewTabIntervalMM", 1440);
Deleted : user_pref("CT1351351.SearchInNewTabLastCheckTime", "Thu Aug 02 2012 09:24:43 GMT+0200");
Deleted : user_pref("CT1351351.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Deleted : user_pref("CT1351351.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageServic[...]
Deleted : user_pref("CT1351351.SearchInNewTabUserEnabled", false);
Deleted : user_pref("CT1351351.SearchProtectorEnabled", false);
Deleted : user_pref("CT1351351.SearchProtectorToolbarDisabled", false);
Deleted : user_pref("CT1351351.ServiceMapLastCheckTime", "Thu Aug 02 2012 09:24:44 GMT+0200");
Deleted : user_pref("CT1351351.SettingsLastCheckTime", "Thu Aug 02 2012 14:20:21 GMT+0200");
Deleted : user_pref("CT1351351.SettingsLastUpdate", "1340631014");
Deleted : user_pref("CT1351351.ThirdPartyComponentsInterval", 504);
Deleted : user_pref("CT1351351.ThirdPartyComponentsLastCheck", "Thu May 31 2012 15:16:15 GMT+0200");
Deleted : user_pref("CT1351351.ThirdPartyComponentsLastUpdate", "1331806000");
Deleted : user_pref("CT1351351.ToolbarShrinkedFromSetup", false);
Deleted : user_pref("CT1351351.TrusteLinkUrl", "hxxp://trust.conduit.com/CT1351351");
Deleted : user_pref("CT1351351.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]
Deleted : user_pref("CT1351351.UserID", "UN16511903545124684");
Deleted : user_pref("CT1351351.ValidationData_Toolbar", 2);
Deleted : user_pref("CT1351351.WeatherNetwork", "");
Deleted : user_pref("CT1351351.WeatherPollDate", "Wed Apr 13 2011 11:21:25 GMT+0200");
Deleted : user_pref("CT1351351.WeatherUnit", "C");
Deleted : user_pref("CT1351351.alertChannelId", "669");
Deleted : user_pref("CT1351351.approveUntrustedApps", true);
Deleted : user_pref("CT1351351.backendstorage./9b+7e+x305", "247E27413334363379453A3D2A722C797A7E7A3128333B4D4[...]
Deleted : user_pref("CT1351351.backendstorage./9b+7e,x305", "247E28412F3F3E3779453A3D2A722C797B787D3128333C474[...]
Deleted : user_pref("CT1351351.backendstorage./9b+7e-x305", "247E2936303C363679453A3D2A722C797A207B3128333D462[...]
Deleted : user_pref("CT1351351.backendstorage./9b+7e.:2z527", "247E707571777278333228702A7B797B7B7E30273224262[...]
Deleted : user_pref("CT1351351.backendstorage./9b+7e.x305", "247E2A4137374434337A463B3E2B732D7A7D7C213229343F5[...]
Deleted : user_pref("CT1351351.backendstorage./9b+7e/x305", "247E2B413536327844393C29712B787C7B773027323E4C434[...]
Deleted : user_pref("CT1351351.backendstorage./9b+7e06cg5el8:", "6E6D6D6F717370746E74");
Deleted : user_pref("CT1351351.backendstorage./9b+7e06cg5el;8i:k", "247E2D2F226A747373757779767A747A242F4B4947[...]
Deleted : user_pref("CT1351351.backendstorage./9b+7e0x305", "247E2C403A407743383B28702A777C757D2F26313E4129554[...]
Deleted : user_pref("CT1351351.backendstorage./9b+7e1x305", "247E2D41313D403279453A3D2A722C7A77797E31283341473[...]
Deleted : user_pref("CT1351351.backendstorage./9b+7e2x305", "247E2E3542313D3D393A7B473C3F2C742E79207D322934435[...]
Deleted : user_pref("CT1351351.backendstorage./9b+7e31;cjc<=fbj#mm", "247E61393F236B257576737A2A212C6E414F444D[...]
Deleted : user_pref("CT1351351.backendstorage./9b+7e31;cjdjihl@af%peh", "247E61393F236B25767172727A2B222D6F425[...]
Deleted : user_pref("CT1351351.backendstorage./9b+7e3x305", "247E2F413F3B36333F47463F7D493E412E76307E222421352[...]
Deleted : user_pref("CT1351351.backendstorage./9b+7e4x305", "247E302C407642373A276F29777B74762E2530413E4F494A5[...]
Deleted : user_pref("CT1351351.backendstorage./9b+7e5x305", "247E3136422B7743383B28702A79757A772F2631434B3D495[...]
Deleted : user_pref("CT1351351.backendstorage./9b+7e6x305", "247E322C3E32323238453E7C483D402D752F7E7B2424342B3[...]
Deleted : user_pref("CT1351351.backendstorage./9b+7e7x305", "247E333D2C3F3E3F79453A3D2A722C7B7A797A31283347474[...]
Deleted : user_pref("CT1351351.backendstorage./9b+7e8x305", "247E343D3F3B35373B3F367C47472C742E7E7823322934495[...]
Deleted : user_pref("CT1351351.backendstorage./9b+7e9x305", "247E35332C3F327844393C29712B7B757979302732484C4F4[...]
Deleted : user_pref("CT1351351.backendstorage./9b+7e:x305", "247E36333B38327844393C29712B7B76797A3027324948554[...]
Deleted : user_pref("CT1351351.backendstorage./9b+7e;x305", "247E373F333F3738422F7B473C3F2C742E7E7A7A22332A354[...]
Deleted : user_pref("CT1351351.backendstorage./9b+7e<x305", "247E38343030442F463644377D493E412E7630217D2426352[...]
Deleted : user_pref("CT1351351.backendstorage./9b+7e=x305", "247E3933363F41413739357C483D402D752F207E2022342B3[...]
Deleted : user_pref("CT1351351.backendstorage./9b+7e>x305", "247E3A41363F323238387B473C3F2C742E7E20217C332A355[...]
Deleted : user_pref("CT1351351.backendstorage./9b+7e?x305", "247E3B2D2F2F334134403A3A7D494C2D752F2023207E342B3[...]
Deleted : user_pref("CT1351351.backendstorage./9b+7e@x305", "247E3C40422B7743383B28702A7B767E782F26314E52543D2[...]
Deleted : user_pref("CT1351351.backendstorage./9b+7eax305", "247E3D3D37387743383B28702A7B7A757E2F26314F4F544A5[...]
Deleted : user_pref("CT1351351.backendstorage./9b+7ebe3g=;d9n9=d", "372C2D326975762E3A3C7B3A39434A494841434B26[...]
Deleted : user_pref("CT1351351.backendstorage./9b+7ebx305", "247E3E393141303D33454036327E4A3F422F77317B7D23352[...]
Deleted : user_pref("CT1351351.backendstorage./9b+7ecx305", "247E3F3D303043312E7A463B3E2B732D7B207E31283353515[...]
Deleted : user_pref("CT1351351.backendstorage./9b+7edx305", "247E4035422A363879453A3D2A722C7D202F26315247543C4[...]
Deleted : user_pref("CT1351351.backendstorage./9b+7etx305", "247E6E2F2E3B323342357B44392B732D7A7B7B7C322934215[...]
Deleted : user_pref("CT1351351.backendstorage./9b-0?3g>d", "3A673D70703E74407A77487874207D787D7E257B7E22502A53[...]
Deleted : user_pref("CT1351351.backendstorage./9b-0?3g@6:5;", "");
Deleted : user_pref("CT1351351.backendstorage./9b-0?3gfa7ef", "2B2E2C3D");
Deleted : user_pref("CT1351351.backendstorage./9b-3=3eccja=f>", "247E333D2C452F4135276F292A212C393D44307832332[...]
Deleted : user_pref("CT1351351.backendstorage./9b/>01=9a6k6<im;krie@pdawm", "6A696B7273747576");
Deleted : user_pref("CT1351351.backendstorage./9b3=>@44i48?", "372C2D326975763342363341484776213F3E484F4E4D464[...]
Deleted : user_pref("CT1351351.backendstorage./9b5ba==9cjag", "696B3F71716D71727A7472774A4B4C48764D7C507E");
Deleted : user_pref("CT1351351.backendstorage./9b6b11g4c56b>f;p;anr@p", "6E6D6D6F717370737776707976");
Deleted : user_pref("CT1351351.backendstorage./9b9643g3/9e", "6A");
Deleted : user_pref("CT1351351.backendstorage./9b<:222h64<", "393F352F3E");
Deleted : user_pref("CT1351351.backendstorage./9b=+03eh8h8j?:", "4443");
Deleted : user_pref("CT1351351.backendstorage./9b?+e2a52d8", "372C2D326975762E3A3C7B3A39434A494841434B26514649[...]
Deleted : user_pref("CT1351351.backendstorage./9b?b0d:8aj62<h", "6D");
Deleted : user_pref("CT1351351.backendstorage./9ba@0<0bi6a7gn:6@l?", "6E6B");
Deleted : user_pref("CT1351351.backendstorage.autocompletepro_enable", "31");
Deleted : user_pref("CT1351351.backendstorage.autocompletepro_enable_auto", "31");
Deleted : user_pref("CT1351351.backendstorage.ct1351351isadsdisabled", "66616C7365");
Deleted : user_pref("CT1351351.backendstorage.facebook_ctid_connect_send_new", "73656E646564");
Deleted : user_pref("CT1351351.backendstorage.facebook_mode", "32");
Deleted : user_pref("CT1351351.backendstorage.facebook_user_locale", "6465");
Deleted : user_pref("CT1351351.backendstorage.hxxp://cmg1_conduit-widgets_com/pitsi.state", "4F50454E");
Deleted : user_pref("CT1351351.backendstorage.printitgreenstatus", "74727565");
Deleted : user_pref("CT1351351.backendstorage.shoppingapp.gk.exipres", "546875204A756C20323620323031322031343A[...]
Deleted : user_pref("CT1351351.backendstorage.shoppingapp.gk.geolocation", "6765726D616E79");
Deleted : user_pref("CT1351351.backendstorage.ytapp_dailyactivity", "31333032363836343838303438");
Deleted : user_pref("CT1351351.backendstorage.ytapp_lifetimesent", "54525545");
Deleted : user_pref("CT1351351.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]
Deleted : user_pref("CT1351351.globalFirstTimeInfoLastCheckTime", "Thu May 31 2012 15:16:16 GMT+0200");
Deleted : user_pref("CT1351351.homepageProtectorEnableByLogin", true);
Deleted : user_pref("CT1351351.initDone", true);
Deleted : user_pref("CT1351351.isAppTrackingManagerOn", true);
Deleted : user_pref("CT1351351.isFirstRadioInstallation", false);
Deleted : user_pref("CT1351351.myStuffEnabled", true);
Deleted : user_pref("CT1351351.myStuffPublihserMinWidth", 400);
Deleted : user_pref("CT1351351.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Deleted : user_pref("CT1351351.myStuffServiceIntervalMM", 1440);
Deleted : user_pref("CT1351351.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Deleted : user_pref("CT1351351.oldAppsList", "128325851945531999,128541998593412748,111,129790614301634931,129[...]
Deleted : user_pref("CT1351351.revertSettingsEnabled", true);
Deleted : user_pref("CT1351351.searchProtectorDialogDelayInSec", 10);
Deleted : user_pref("CT1351351.searchProtectorEnableByLogin", true);
Deleted : user_pref("CT1351351.testingCtid", "");
Deleted : user_pref("CT1351351.toolbarAppMetaDataLastCheckTime", "Thu Aug 02 2012 09:24:44 GMT+0200");
Deleted : user_pref("CT1351351.toolbarContextMenuLastCheckTime", "Thu May 31 2012 15:16:16 GMT+0200");
Deleted : user_pref("CT1351351.usagesFlag", 2);
Deleted : user_pref("CT2736476..clientLogIsEnabled", false);
Deleted : user_pref("CT2736476..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Deleted : user_pref("CT2736476..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Deleted : user_pref("CT2736476.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
Deleted : user_pref("CT2736476.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Deleted : user_pref("CT2736476.CTID", "ct2736476");
Deleted : user_pref("CT2736476.CurrentServerDate", "2-8-2012");
Deleted : user_pref("CT2736476.DialogsAlignMode", "LTR");
Deleted : user_pref("CT2736476.DialogsGetterLastCheckTime", "Tue Jul 31 2012 10:10:35 GMT+0200");
Deleted : user_pref("CT2736476.DownloadReferralCookieData", "");
Deleted : user_pref("CT2736476.FeedPollDate129257621460541612", "Thu Sep 15 2011 17:18:22 GMT+0200");
Deleted : user_pref("CT2736476.FeedPollDate129257621968979554", "Thu Sep 15 2011 17:18:22 GMT+0200");
Deleted : user_pref("CT2736476.FeedPollDate129258323135539557", "Thu Sep 15 2011 17:18:22 GMT+0200");
Deleted : user_pref("CT2736476.FirstServerDate", "15-9-2011");
Deleted : user_pref("CT2736476.FirstTime", true);
Deleted : user_pref("CT2736476.FirstTimeFF3", true);
Deleted : user_pref("CT2736476.FixPageNotFoundErrors", true);
Deleted : user_pref("CT2736476.GroupingServerCheckInterval", 1440);
Deleted : user_pref("CT2736476.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Deleted : user_pref("CT2736476.HasUserGlobalKeys", true);
Deleted : user_pref("CT2736476.Initialize", true);
Deleted : user_pref("CT2736476.InitializeCommonPrefs", true);
Deleted : user_pref("CT2736476.InstallationAndCookieDataSentCount", 3);
Deleted : user_pref("CT2736476.InstallationId", "ConduitStubGeneric");
Deleted : user_pref("CT2736476.InstallationType", "ConduitStubIntegration");
Deleted : user_pref("CT2736476.InstalledDate", "Thu Sep 15 2011 17:18:21 GMT+0200");
Deleted : user_pref("CT2736476.IsGrouping", false);
Deleted : user_pref("CT2736476.IsInitSetupIni", true);
Deleted : user_pref("CT2736476.IsMulticommunity", false);
Deleted : user_pref("CT2736476.IsOpenThankYouPage", false);
Deleted : user_pref("CT2736476.IsOpenUninstallPage", true);
Deleted : user_pref("CT2736476.LanguagePackLastCheckTime", "Thu Sep 15 2011 17:18:22 GMT+0200");
Deleted : user_pref("CT2736476.LanguagePackReloadIntervalMM", 1440);
Deleted : user_pref("CT2736476.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Deleted : user_pref("CT2736476.LastLogin_3.12.2.3", "Tue Jun 05 2012 14:36:37 GMT+0200");
Deleted : user_pref("CT2736476.LastLogin_3.13.0.6", "Sun Jul 15 2012 14:18:10 GMT+0200");
Deleted : user_pref("CT2736476.LastLogin_3.14.1.0", "Thu Aug 02 2012 11:46:53 GMT+0200");
Deleted : user_pref("CT2736476.LastLogin_3.6.0.10", "Thu Sep 15 2011 17:18:22 GMT+0200");
Deleted : user_pref("CT2736476.LatestVersion", "3.14.1.0");
Deleted : user_pref("CT2736476.Locale", "de");
Deleted : user_pref("CT2736476.MCDetectTooltipHeight", "83");
Deleted : user_pref("CT2736476.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Deleted : user_pref("CT2736476.MCDetectTooltipWidth", "295");
Deleted : user_pref("CT2736476.MyStuffEnabledAtInstallation", true);
Deleted : user_pref("CT2736476.OriginalFirstVersion", "3.6.0.10");
Deleted : user_pref("CT2736476.RadioIsPodcast", false);
Deleted : user_pref("CT2736476.RadioMediaID", "21930450");
Deleted : user_pref("CT2736476.RadioMediaType", "Media Player");
Deleted : user_pref("CT2736476.RadioMenuSelectedID", "EBRadioMenu_CT273647621930450");
Deleted : user_pref("CT2736476.RadioShrinkedFromSetup", false);
Deleted : user_pref("CT2736476.RadioStationName", "California%20Rock%20-%20Rock");
Deleted : user_pref("CT2736476.RadioStationURL", "hxxp://www.feedlive.net/california.asx");
Deleted : user_pref("CT2736476.SavedHomepage", "hxxp://www.google.de/");
Deleted : user_pref("CT2736476.SearchFromAddressBarIsInit", true);
Deleted : user_pref("CT2736476.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT273[...]
Deleted : user_pref("CT2736476.SearchInNewTabEnabled", true);
Deleted : user_pref("CT2736476.SearchInNewTabIntervalMM", 1440);
Deleted : user_pref("CT2736476.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Deleted : user_pref("CT2736476.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageServic[...]
Deleted : user_pref("CT2736476.ServiceMapLastCheckTime", "Thu Aug 02 2012 14:20:24 GMT+0200");
Deleted : user_pref("CT2736476.SettingsLastCheckTime", "Thu Sep 15 2011 17:18:21 GMT+0200");
Deleted : user_pref("CT2736476.SettingsLastUpdate", "1314704766");
Deleted : user_pref("CT2736476.ThirdPartyComponentsInterval", 504);
Deleted : user_pref("CT2736476.ThirdPartyComponentsLastCheck", "Thu Sep 15 2011 17:18:21 GMT+0200");
Deleted : user_pref("CT2736476.ThirdPartyComponentsLastUpdate", "1255344657");
Deleted : user_pref("CT2736476.ToolbarShrinkedFromSetup", false);
Deleted : user_pref("CT2736476.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2736476");
Deleted : user_pref("CT2736476.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]
Deleted : user_pref("CT2736476.UserID", "UN71483670291142434");
Deleted : user_pref("CT2736476.alertChannelId", "1128724");
Deleted : user_pref("CT2736476.ct2736476.DialogsAlignMode", "LTR");
Deleted : user_pref("CT2736476.ct2736476.FeedLastCount129257621460541612", 0);
Deleted : user_pref("CT2736476.ct2736476.FeedLastCount129257621968979554", 0);
Deleted : user_pref("CT2736476.ct2736476.FeedLastCount129258323135539557", 0);
Deleted : user_pref("CT2736476.ct2736476.InvalidateCache", false);
Deleted : user_pref("CT2736476.ct2736476.LanguagePackLastCheckTime", "Thu Aug 02 2012 09:25:31 GMT+0200");
Deleted : user_pref("CT2736476.ct2736476.Locale", "de");
Deleted : user_pref("CT2736476.ct2736476.RadioLastCheckTime", "Thu Sep 15 2011 17:18:23 GMT+0200");
Deleted : user_pref("CT2736476.ct2736476.RadioLastUpdateIPServer", "3");
Deleted : user_pref("CT2736476.ct2736476.RadioLastUpdateServer", "129570411865130000");
Deleted : user_pref("CT2736476.ct2736476.SearchInNewTabLastCheckTime", "Thu Aug 02 2012 09:25:10 GMT+0200");
Deleted : user_pref("CT2736476.ct2736476.SettingsLastCheckTime", "Thu Aug 02 2012 14:20:25 GMT+0200");
Deleted : user_pref("CT2736476.ct2736476.SettingsLastUpdate", "1343736296");
Deleted : user_pref("CT2736476.ct2736476.ThirdPartyComponentsLastCheck", "Thu Sep 15 2011 17:18:21 GMT+0200");
Deleted : user_pref("CT2736476.ct2736476.ThirdPartyComponentsLastUpdate", "1255344657");
Deleted : user_pref("CT2736476.ct2736476.globalFirstTimeInfoLastCheckTime", "Thu Sep 15 2011 17:18:23 GMT+0200[...]
Deleted : user_pref("CT2736476.ct2736476.toolbarAppMetaDataLastCheckTime", "Thu Aug 02 2012 09:25:31 GMT+0200"[...]
Deleted : user_pref("CT2736476.ct2736476.toolbarContextMenuLastCheckTime", "Thu Sep 15 2011 17:18:23 GMT+0200"[...]
Deleted : user_pref("CT2736476.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]
Deleted : user_pref("CT2736476.globalFirstTimeInfoLastCheckTime", "Thu Sep 15 2011 17:18:22 GMT+0200");
Deleted : user_pref("CT2736476.homepageProtectorEnableByLogin", true);
Deleted : user_pref("CT2736476.initDone", true);
Deleted : user_pref("CT2736476.isAppTrackingManagerOn", true);
Deleted : user_pref("CT2736476.isFirstRadioInstallation", false);
Deleted : user_pref("CT2736476.myStuffEnabled", true);
Deleted : user_pref("CT2736476.myStuffPublihserMinWidth", 400);
Deleted : user_pref("CT2736476.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Deleted : user_pref("CT2736476.myStuffServiceIntervalMM", 1440);
Deleted : user_pref("CT2736476.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Deleted : user_pref("CT2736476.revertSettingsEnabled", true);
Deleted : user_pref("CT2736476.searchProtectorDialogDelayInSec", 10);
Deleted : user_pref("CT2736476.searchProtectorEnableByLogin", true);
Deleted : user_pref("CT2736476.testingCtid", "");
Deleted : user_pref("CT2736476.toolbarAppMetaDataLastCheckTime", "Thu Sep 15 2011 17:18:21 GMT+0200");
Deleted : user_pref("CT2736476.toolbarContextMenuLastCheckTime", "Thu Sep 15 2011 17:18:22 GMT+0200");
Deleted : user_pref("CT2736476.undefined", "Thu Sep 15 2011 17:18:22 GMT+0200");
Deleted : user_pref("CT2736476.usagesFlag", 2);
Deleted : user_pref("CommunityToolbar.CantToolbarBeEngineOwner", "CT2438727");
Deleted : user_pref("CommunityToolbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT2736476&Search[...]
Deleted : user_pref("CommunityToolbar.ConduitSearchList", "Freeware.de Customized Web Search");
Deleted : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT1351351/CT1351351[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2438727/CT2438727[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/ct2736476/CT2736476[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/669/669/DE", "\"0\"");
Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/832836/828639/DE", "\"0\"")[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/909619/905414/DE", "\"0\"")[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT1351351", [...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2438727", [...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2736476", [...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=ct2736476", [...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.engine.conduit-services.com/DLG.pkg?ver=3.3.3[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.13[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.14[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.3.[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.6.[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT1351351",[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2438727",[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2736476",[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=0", "63[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=3/13/20[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.conduit-services.com/?ctid=CT2736476&octid=[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.conduit-services.com/?ctid=ct2736476&octid=[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/CT1351351/CT1351351[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/CT2438727/CT2438727[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/27/243/CT2438727/Images/Blank.png", "\"2[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/7/176/CT1764407/Images/63421989998628125[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Chrome/Idle.GIF", [...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Chrome/mini.gif", [...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Chrome/play.gif", [...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Chrome/stop.gif", [...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Chrome/volume.gif"[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Midnight/equalizer[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Midnight/minimize.[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Midnight/play.gif"[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Midnight/stop.gif"[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Midnight/vol.gif",[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/images/skins/zynga/seperator.gif", "\"46[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=EB_LOCALE",[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=de", "\"d12[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=de-de", "\"[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"21b[...]
Deleted : user_pref("CommunityToolbar.EngineOwner", "");
Deleted : user_pref("CommunityToolbar.EngineOwnerGuid", "{8dbb6d8e-e4a6-4e3b-9753-af78b226441c}");
Deleted : user_pref("CommunityToolbar.EngineOwnerToolbarId", "softonic_deutsch");
Deleted : user_pref("CommunityToolbar.IsEngineShown", true);
Deleted : user_pref("CommunityToolbar.IsMyStuffImportedToEngine", true);
Deleted : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\Felix\\AppData\\Roaming\\Mozilla\\F[...]
Deleted : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.13.0.6");
Deleted : user_pref("CommunityToolbar.MiniIPageGadgetSize.hxxp://pgcff.pricegong.com/agreement/agree.html#pg_e[...]
Deleted : user_pref("CommunityToolbar.OriginalEngineOwner", "CT1351351");
Deleted : user_pref("CommunityToolbar.OriginalEngineOwnerGuid", "{8dbb6d8e-e4a6-4e3b-9753-af78b226441c}");
Deleted : user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", "softonic_deutsch");
Deleted : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "hxxp://search.icq.com/search/afe_results[...]
Deleted : user_pref("CommunityToolbar.ToolbarsList", "CT1351351,CT2736476");
Deleted : user_pref("CommunityToolbar.ToolbarsList2", "CT1351351,CT2736476");
Deleted : user_pref("CommunityToolbar.ToolbarsList4", "CT2736476");
Deleted : user_pref("CommunityToolbar.alert.alertDialogsGetterLastCheckTime", "Wed Jun 08 2011 19:48:42 GMT+02[...]
Deleted : user_pref("CommunityToolbar.alert.alertEnabled", true);
Deleted : user_pref("CommunityToolbar.alert.alertInfoInterval", 1440);
Deleted : user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Wed Jun 22 2011 19:01:45 GMT+0200");
Deleted : user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com");
Deleted : user_pref("CommunityToolbar.alert.locale", "en");
Deleted : user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);
Deleted : user_pref("CommunityToolbar.alert.loginLastCheckTime", "Thu Jun 23 2011 16:47:30 GMT+0200");
Deleted : user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1305622559");
Deleted : user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);
Deleted : user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");
Deleted : user_pref("CommunityToolbar.alert.showTrayIcon", false);
Deleted : user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);
Deleted : user_pref("CommunityToolbar.alert.userId", "{2ef4833f-b878-4ec9-bb22-490c8ec401a8}");
Deleted : user_pref("CommunityToolbar.globalUserId", "95869a3f-6302-4f81-b297-487d8cda8899");
Deleted : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Deleted : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Deleted : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT1351351");
Deleted : user_pref("CommunityToolbar.killedEngine", true);
Deleted : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Thu May 31 2012 15:16:2[...]
Deleted : user_pref("CommunityToolbar.notifications.alertEnabled", true);
Deleted : user_pref("CommunityToolbar.notifications.alertInfoInterval", 1440);
Deleted : user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Fri Jun 01 2012 09:01:23 GMT+020[...]
Deleted : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");
Deleted : user_pref("CommunityToolbar.notifications.locale", "en");
Deleted : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);
Deleted : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Thu May 31 2012 15:16:19 GMT+0200");
Deleted : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");
Deleted : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
Deleted : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");
Deleted : user_pref("CommunityToolbar.notifications.showTrayIcon", false);
Deleted : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
Deleted : user_pref("CommunityToolbar.notifications.userId", "13e5d53c-49b8-4715-82e7-e6ab16ef2ce1");
Deleted : user_pref("CommunityToolbar.undefined", "");
Deleted : user_pref("browser.babylon.HPOnNewTab", "search.babylon.com");
Deleted : user_pref("extensions.BabylonToolbar.bbDpng", 21);
Deleted : user_pref("extensions.BabylonToolbar.cntry", "DE");
Deleted : user_pref("extensions.BabylonToolbar.firstRun", false);
Deleted : user_pref("extensions.BabylonToolbar.hdrMd5", "A8953EC9A12F0DE5C5336BF91F22561E");
Deleted : user_pref("extensions.BabylonToolbar.id", "26ae7d46ef774b91897baeb588226d63");
Deleted : user_pref("extensions.BabylonToolbar.instlDay", "15174");
Deleted : user_pref("extensions.BabylonToolbar.lastActv", "21");
Deleted : user_pref("extensions.BabylonToolbar.lastDP", 21);
Deleted : user_pref("extensions.BabylonToolbar.lastVrsnTs", "1.4.31.20:19:49");
Deleted : user_pref("extensions.BabylonToolbar.newTab", true);
Deleted : user_pref("extensions.BabylonToolbar.newTabUrl", "hxxp://search.babylon.com/?babsrc=NT_bb");
Deleted : user_pref("extensions.BabylonToolbar.ptch_0717", true);
Deleted : user_pref("extensions.BabylonToolbar.sid", "26ae7d46ef774b91897baeb588226d63");
Deleted : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1351351&q=");

Profile name : default
File : C:\Users\Lisa Fee\AppData\Roaming\Mozilla\Firefox\Profiles\kqitfnk2.default\prefs.js

[OK] File is clean.

-\\ Opera v [Unable to get version]

File : C:\Users\Felix\AppData\Roaming\Opera\Opera\operaprefs.ini

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [43636 octets] - [02/08/2012 09:28:01]
AdwCleaner[R2].txt - [43697 octets] - [02/08/2012 14:21:20]
AdwCleaner[S1].txt - [44668 octets] - [02/08/2012 14:21:32]

########## EOF - C:\AdwCleaner[S1].txt - [44797 octets] ##########

t'john · 02.08.2012, 13:40

Emsisoft noch.

Feli2209 · 02.08.2012, 22:12

da is ess...

Emsisoft Anti-Malware - Version 6.6
Letztes Update: 02.08.2012 14:44:18

Scan Einstellungen:

Scan Methode: Detail Scan
Objekte: Rootkits, Speicher, Traces, C:\, H:\
Archiv Scan: An
ADS Scan: An

Scan Beginn: 02.08.2012 14:45:05

c:\program files\freerip3 gefunden: Trace.File.freerip v3.0!E1
c:\users\felix\appdata\roaming\microsoft\internet explorer\quick launch\freerip.lnk gefunden: Trace.File.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> allowmultipleinstances gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> autochecknewversion gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> converterusesfilenames gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> beepafterrip gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> ejectafterrip gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> autosearchfreedb gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> filenameformat gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> flacenc_channels gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> encodedbypreset gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> defaulttargetformat gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> cddevice gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> flacenc_level gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> forceaspi gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> freedbautochoose1 gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> freedbemail gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> freedbserver gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> freedbtimeout gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> freeripdbautosearch gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> language gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> lastregreminderdate gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> lyricswindow_dx gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> lyricswindow_dy gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> mp3enc_channels gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> mainwndcy gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> mp3enc_bitrate gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> mainwndcx gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> mp3enc_writeid3 gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> optionswindow_dx gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> mp3enc_writecrcs gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> mp3enc_mode gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> mp3enc_vbrquality gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> optionswindow_dy gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> outputpath gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> proxyport gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> proxypwd gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> proxyserver gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> proxyuser gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> readcdtext gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> regcode gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> regname gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> regreminderdays gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> ripvolume gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> showsplash gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> runscounter gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> uselocaldb gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> runathigherpriority gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> slowspeedmode gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> showfullfilename gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> useproxy gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> vorbisenc_channels gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> vorbisenc_quality gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> wavenc_bitspersample gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> wavenc_channels gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> wavenc_writeinfotags gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> wmaenc_mode gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> wndcloseafterrip gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> writecdplayerini gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> writelrcfile gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> writeplaylist gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3\barsstate --> barsize_32772 gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3\barsstate --> version gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3\barsstate-bar0 --> barid gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3\barsstate-bar1 --> barid gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3\barsstate-bar2 --> bar#0 gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3\barsstate-bar2 --> bar#1 gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3\barsstate-bar3 --> barid gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3\barsstate-bar2 --> barid gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3\barsstate-bar2 --> bars gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3\barsstate-bar2 --> bar#2 gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3\barsstate-bar3 --> docking gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3\barsstate-bar3 --> mrudockbottompos gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3\barsstate-bar3 --> mrudockid gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3\barsstate-bar3 --> mrudockleftpos gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3\barsstate-bar3 --> mrudockrightpos gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3\barsstate-bar3 --> mrudocktoppos gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3\barsstate-bar3 --> mrufloatstyle gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3\barsstate-bar3 --> mrufloatxpos gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3\barsstate-bar3 --> mrufloatypos gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3\barsstate-bar3 --> xpos gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3\barsstate-bar3 --> ypos gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3\barsstate-summary --> bars gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3\barsstate-summary --> screencx gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3\barsstate-summary --> screency gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3\cdgridcolumnwidthconv --> n gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3\cdgridcolumnwidthrip --> 0 gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3\cdgridcolumnwidthrip --> 1 gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3\cdgridcolumnwidthrip --> 2 gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3\cdgridcolumnwidthrip --> 3 gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3\filenamedefs --> 1 gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3\filenamedefs --> 2 gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3\filenamedefs --> 3 gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3\cdgridcolumnwidthrip --> 4 gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3\cdgridcolumnwidthrip --> n gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3\filenamedefs --> 0 gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3\filenamedefs --> 4 gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_local_machine\software\microsoft\windows\currentversion\uninstall\{501451de-5808-4599-b544-8bd0915b6b24}_is1 --> displayname gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3\freedbserverlist --> n gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_local_machine\software\microsoft\windows\currentversion\uninstall\{501451de-5808-4599-b544-8bd0915b6b24}_is1 --> displayicon gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3\filenamedefs --> n gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_local_machine\software\microsoft\windows\currentversion\uninstall\{501451de-5808-4599-b544-8bd0915b6b24}_is1 --> displayversion gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_local_machine\software\microsoft\windows\currentversion\uninstall\{501451de-5808-4599-b544-8bd0915b6b24}_is1 --> inno setup: app path gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_local_machine\software\microsoft\windows\currentversion\uninstall\{501451de-5808-4599-b544-8bd0915b6b24}_is1 --> inno setup: icon group gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_local_machine\software\microsoft\windows\currentversion\uninstall\{501451de-5808-4599-b544-8bd0915b6b24}_is1 --> inno setup: setup version gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_local_machine\software\microsoft\windows\currentversion\uninstall\{501451de-5808-4599-b544-8bd0915b6b24}_is1 --> inno setup: user gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_local_machine\software\microsoft\windows\currentversion\uninstall\{501451de-5808-4599-b544-8bd0915b6b24}_is1 --> installdate gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_local_machine\software\microsoft\windows\currentversion\uninstall\{501451de-5808-4599-b544-8bd0915b6b24}_is1 --> installlocation gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_local_machine\software\microsoft\windows\currentversion\uninstall\{501451de-5808-4599-b544-8bd0915b6b24}_is1 --> nomodify gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_local_machine\software\microsoft\windows\currentversion\uninstall\{501451de-5808-4599-b544-8bd0915b6b24}_is1 --> norepair gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_local_machine\software\microsoft\windows\currentversion\uninstall\{501451de-5808-4599-b544-8bd0915b6b24}_is1 --> publisher gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_local_machine\software\microsoft\windows\currentversion\uninstall\{501451de-5808-4599-b544-8bd0915b6b24}_is1 --> quietuninstallstring gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_local_machine\software\microsoft\windows\currentversion\uninstall\{501451de-5808-4599-b544-8bd0915b6b24}_is1 --> uninstallstring gefunden: Trace.Registry.freerip v3.0!E1
Value: hkey_local_machine\software\microsoft\windows\currentversion\uninstall\{501451de-5808-4599-b544-8bd0915b6b24}_is1 --> urlinfoabout gefunden: Trace.Registry.freerip v3.0!E1
C:\Users\Felix\Downloads\Programmdateien\out_xf.exe gefunden: Trojan-Downloader.Win32.Agent!E2

Gescannt 840383
Gefunden 115

Scan Ende: 02.08.2012 22:42:01
Scan Zeit: 7:56:56

C:\Users\Felix\Downloads\Programmdateien\out_xf.exe Quarantäne Trojan-Downloader.Win32.Agent!E2
Value: hkey_current_user\software\mgshareware\freerip3 --> allowmultipleinstances Quarantäne Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> autochecknewversion Quarantäne Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> converterusesfilenames Quarantäne Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> beepafterrip Quarantäne Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> ejectafterrip Quarantäne Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> autosearchfreedb Quarantäne Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> filenameformat Quarantäne Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> flacenc_channels Quarantäne Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> encodedbypreset Quarantäne Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> defaulttargetformat Quarantäne Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> cddevice Quarantäne Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> flacenc_level Quarantäne Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> forceaspi Quarantäne Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> freedbautochoose1 Quarantäne Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> freedbemail Quarantäne Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> freedbserver Quarantäne Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> freedbtimeout Quarantäne Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> freeripdbautosearch Quarantäne Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> language Quarantäne Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> lastregreminderdate Quarantäne Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> lyricswindow_dx Quarantäne Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> lyricswindow_dy Quarantäne Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> mp3enc_channels Quarantäne Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> mainwndcy Quarantäne Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> mp3enc_bitrate Quarantäne Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> mainwndcx Quarantäne Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> mp3enc_writeid3 Quarantäne Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> optionswindow_dx Quarantäne Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> mp3enc_writecrcs Quarantäne Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> mp3enc_mode Quarantäne Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> mp3enc_vbrquality Quarantäne Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> optionswindow_dy Quarantäne Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> outputpath Quarantäne Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> proxyport Quarantäne Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> proxypwd Quarantäne Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> proxyserver Quarantäne Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> proxyuser Quarantäne Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> readcdtext Quarantäne Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> regcode Quarantäne Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> regname Quarantäne Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> regreminderdays Quarantäne Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> ripvolume Quarantäne Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> showsplash Quarantäne Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> runscounter Quarantäne Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> uselocaldb Quarantäne Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> runathigherpriority Quarantäne Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> slowspeedmode Quarantäne Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> showfullfilename Quarantäne Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> useproxy Quarantäne Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> vorbisenc_channels Quarantäne Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> vorbisenc_quality Quarantäne Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> wavenc_bitspersample Quarantäne Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> wavenc_channels Quarantäne Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> wavenc_writeinfotags Quarantäne Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> wmaenc_mode Quarantäne Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> wndcloseafterrip Quarantäne Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> writecdplayerini Quarantäne Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> writelrcfile Quarantäne Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3 --> writeplaylist Quarantäne Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3\barsstate --> barsize_32772 Quarantäne Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3\barsstate --> version Quarantäne Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3\barsstate-bar0 --> barid Quarantäne Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3\barsstate-bar1 --> barid Quarantäne Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3\barsstate-bar2 --> bar#0 Quarantäne Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3\barsstate-bar2 --> bar#1 Quarantäne Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3\barsstate-bar3 --> barid Quarantäne Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3\barsstate-bar2 --> barid Quarantäne Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3\barsstate-bar2 --> bars Quarantäne Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3\barsstate-bar2 --> bar#2 Quarantäne Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3\barsstate-bar3 --> docking Quarantäne Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3\barsstate-bar3 --> mrudockbottompos Quarantäne Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3\barsstate-bar3 --> mrudockid Quarantäne Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3\barsstate-bar3 --> mrudockleftpos Quarantäne Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3\barsstate-bar3 --> mrudockrightpos Quarantäne Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3\barsstate-bar3 --> mrudocktoppos Quarantäne Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3\barsstate-bar3 --> mrufloatstyle Quarantäne Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3\barsstate-bar3 --> mrufloatxpos Quarantäne Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3\barsstate-bar3 --> mrufloatypos Quarantäne Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3\barsstate-bar3 --> xpos Quarantäne Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3\barsstate-bar3 --> ypos Quarantäne Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3\barsstate-summary --> bars Quarantäne Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3\barsstate-summary --> screencx Quarantäne Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3\barsstate-summary --> screency Quarantäne Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3\cdgridcolumnwidthconv --> n Quarantäne Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3\cdgridcolumnwidthrip --> 0 Quarantäne Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3\cdgridcolumnwidthrip --> 1 Quarantäne Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3\cdgridcolumnwidthrip --> 2 Quarantäne Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3\cdgridcolumnwidthrip --> 3 Quarantäne Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3\filenamedefs --> 1 Quarantäne Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3\filenamedefs --> 2 Quarantäne Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3\filenamedefs --> 3 Quarantäne Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3\cdgridcolumnwidthrip --> 4 Quarantäne Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3\cdgridcolumnwidthrip --> n Quarantäne Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3\filenamedefs --> 0 Quarantäne Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3\filenamedefs --> 4 Quarantäne Trace.Registry.freerip v3.0!E1
Value: hkey_local_machine\software\microsoft\windows\currentversion\uninstall\{501451de-5808-4599-b544-8bd0915b6b24}_is1 --> displayname Quarantäne Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3\freedbserverlist --> n Quarantäne Trace.Registry.freerip v3.0!E1
Value: hkey_local_machine\software\microsoft\windows\currentversion\uninstall\{501451de-5808-4599-b544-8bd0915b6b24}_is1 --> displayicon Quarantäne Trace.Registry.freerip v3.0!E1
Value: hkey_current_user\software\mgshareware\freerip3\filenamedefs --> n Quarantäne Trace.Registry.freerip v3.0!E1
Value: hkey_local_machine\software\microsoft\windows\currentversion\uninstall\{501451de-5808-4599-b544-8bd0915b6b24}_is1 --> displayversion Quarantäne Trace.Registry.freerip v3.0!E1
Value: hkey_local_machine\software\microsoft\windows\currentversion\uninstall\{501451de-5808-4599-b544-8bd0915b6b24}_is1 --> inno setup: app path Quarantäne Trace.Registry.freerip v3.0!E1
Value: hkey_local_machine\software\microsoft\windows\currentversion\uninstall\{501451de-5808-4599-b544-8bd0915b6b24}_is1 --> inno setup: icon group Quarantäne Trace.Registry.freerip v3.0!E1
Value: hkey_local_machine\software\microsoft\windows\currentversion\uninstall\{501451de-5808-4599-b544-8bd0915b6b24}_is1 --> inno setup: setup version Quarantäne Trace.Registry.freerip v3.0!E1
Value: hkey_local_machine\software\microsoft\windows\currentversion\uninstall\{501451de-5808-4599-b544-8bd0915b6b24}_is1 --> inno setup: user Quarantäne Trace.Registry.freerip v3.0!E1
Value: hkey_local_machine\software\microsoft\windows\currentversion\uninstall\{501451de-5808-4599-b544-8bd0915b6b24}_is1 --> installdate Quarantäne Trace.Registry.freerip v3.0!E1
Value: hkey_local_machine\software\microsoft\windows\currentversion\uninstall\{501451de-5808-4599-b544-8bd0915b6b24}_is1 --> installlocation Quarantäne Trace.Registry.freerip v3.0!E1
Value: hkey_local_machine\software\microsoft\windows\currentversion\uninstall\{501451de-5808-4599-b544-8bd0915b6b24}_is1 --> nomodify Quarantäne Trace.Registry.freerip v3.0!E1
Value: hkey_local_machine\software\microsoft\windows\currentversion\uninstall\{501451de-5808-4599-b544-8bd0915b6b24}_is1 --> norepair Quarantäne Trace.Registry.freerip v3.0!E1
Value: hkey_local_machine\software\microsoft\windows\currentversion\uninstall\{501451de-5808-4599-b544-8bd0915b6b24}_is1 --> publisher Quarantäne Trace.Registry.freerip v3.0!E1
Value: hkey_local_machine\software\microsoft\windows\currentversion\uninstall\{501451de-5808-4599-b544-8bd0915b6b24}_is1 --> quietuninstallstring Quarantäne Trace.Registry.freerip v3.0!E1
Value: hkey_local_machine\software\microsoft\windows\currentversion\uninstall\{501451de-5808-4599-b544-8bd0915b6b24}_is1 --> uninstallstring Quarantäne Trace.Registry.freerip v3.0!E1
Value: hkey_local_machine\software\microsoft\windows\currentversion\uninstall\{501451de-5808-4599-b544-8bd0915b6b24}_is1 --> urlinfoabout Quarantäne Trace.Registry.freerip v3.0!E1
c:\program files\freerip3 Quarantäne Trace.File.freerip v3.0!E1
c:\users\felix\appdata\roaming\microsoft\internet explorer\quick launch\freerip.lnk Quarantäne Trace.File.freerip v3.0!E1

Quarantäne 115

t'john · 03.08.2012, 13:09

Sehr gut!

Deinstalliere:
Emsisoft Anti-Malware

ESET Online Scanner

Vorbereitung

Schließe evtl. vorhandene externe Festplatten und/oder sonstigen Wechselmedien (z. B. evtl. vorhandene USB-Sticks) an den Rechner an.
Bitte während des Online-Scans Anti-Virus-Programm und Firewall deaktivieren.
Vista/Win7-User: Bitte den Browser unbedingt als Administrator starten.

Los geht's

Lade und starte Eset Smartinstaller
Haken setzen bei YES, I accept the Terms of Use.
Klick auf Start.
Haken setzen bei Remove found threads und Scan archives.
Klick auf Start.
Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Finish drücken.
Browser schließen.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (manchmal auch C:\Programme\Eset\log.txt) suchen und mit Deinem Editor öffnen.
Logfile hier posten.
Deinstallation: Systemsteuerung => Software => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Feli2209 · 03.08.2012, 20:18

hier die log datei von Eset...

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=2d5f907d533cbe44a3513d323da99c49
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-08-03 07:14:14
# local_time=2012-08-03 09:14:14 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=1792 16777215 100 0 25096370 25096370 0 0
# compatibility_mode=5892 16776573 100 100 41015 181546722 0 0
# compatibility_mode=8192 67108863 100 0 129 129 0 0
# scanned=323645
# found=2
# cleaned=2
# scan_time=7260
C:\Users\Felix\Downloads\Programmdateien\freeripmp3.61-setup.exe Mehrere Bedrohungen (Gesäubert durch Löschen - in Quarantäne kopiert) 00000000000000000000000000000000 C
C:\Users\Felix\Downloads\Programmdateien\registrybooster.exe Variante von Win32/RegistryBooster Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert) 00000000000000000000000000000000 C

t'john · 04.08.2012, 15:29

Malware mit Combofix beseitigen

Lade Combofix von einem der folgenden Download-Spiegel herunter:

BleepingComputer.com - ForoSpyware.com

und speichere das Programm auf den Desktop, nicht woanders hin, das ist wichtig!
Beachte die ausführliche Original-Anleitung.

Zurzeit ist Combofix auf folgenden Windows-Versionen lauffähig:

Windows XP (nur 32-bit)
Windows Vista (32-bit/64-bit)
Windows 7 (32-bit/64-bit)

Vorbereitung und wichtige Hinweise

Bitte während des Scans mit Combofix Antiviren- sowie Antispy-Programme, die Firewall und evtl. vorhandenes Skript-Blocking (Norton) deaktivieren.
Liste der zu deaktivierenden Programme.
Bei Unklarheiten bitte fragen.

ComboFix wird Deine Einstellungen in Bezug auf den Bildschirmschoner zurücksetzen.
Diese Einstellungen kannst Du nach Beendigung unserer Bereinigung wieder ändern.
Mache nichts anderes, wenn es Dir nicht gelungen ist, Combofix laufen zu lassen.
Teile uns das mit und warte auf unsere Anweisungen.

Starte die Combofix.exe mit Rechtsklick => Als Administrator ausführen und folge den Anweisungen.
Während des Laufs von Combofix nichts anderes am Computer machen!
Akzeptiere die Bedingungen (Disclaimer) mit "Ja".

Sollte Combofix eine aktuellere Version anbieten, Downlaod erlauben.
Klicke "Ja", um mit dem Suchlauf nach Malware fortzufahren.
Es erscheint eine blaue Eingabeaufforderung, Combofix wird für den Suchlauf vorbereitet.
Bitte nicht in dieses Combofix-Fenster klicken.
Das könnte Dein System einfrieren oder hängen bleiben lassen.
Es wird ein Backup Deiner Registry erstellt.
Nun werden die einzelnen Stufen des Programms abgearbeitet, das kann eine Weile dauern.

Wenn ComboFix fertig ist, wird es ein Log erstellen (bitte warten, das dauert einen Moment).
Unbedingt warten, bis sich das Combofix-Fenster geschlossen hat und das Logfile im Editor erscheint.
Bitte poste die Log-Dateien C:\ComboFix.txt und C:\Qoobox\Add-Remove Programs.txt in Code-Tags hier in den Thread.

Hinweis: Combofix macht aus verschiedenen Gründen den Internet Explorer zum Standard-Browser und erstellt ein IE-Icon auf dem Desktop.
Das IE-Desktop-Icon kannst Du nach der Bereinigung wieder löschen und Deinen bevorzugten Browser wieder als Standard-Browser einstellen.

Combofix nicht auf eigene Faust einsetzen. Wenn keine entsprechende Infektion vorliegt, kann das den Rechner lahmlegen und/oder nachhaltig schädigen!

Feli2209 · 05.08.2012, 08:34

Moin Moin,

anbei die Log Datei von ComboFix

Combofix Logfile:

Code:

ATTFilter

ComboFix 12-08-05.02 - Felix 05.08.2012   9:18.1.4 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.49.1031.18.2046.837 [GMT 2:00]
ausgeführt von:: c:\users\Felix\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Felix\AppData\Roaming\AcroIEHelpe.txt
c:\users\Felix\AppData\Roaming\srvblck5.tmp
c:\users\Felix\gs854w32.exe
c:\users\Felix\gs862w64.exe
c:\users\Felix\SkypeSetupFull.exe
c:\windows\IsUn0407.exe
c:\windows\unin0407.exe
H:\autorun.inf
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-07-05 bis 2012-08-05  ))))))))))))))))))))))))))))))
.
.
2012-08-05 07:25 . 2012-08-05 07:25	--------	d-----w-	c:\users\Felix\AppData\Local\temp
2012-08-03 05:49 . 2012-06-29 08:44	6891424	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{66AC7FAE-34C9-4011-AF26-16A7A2FFF2BB}\mpengine.dll
2012-08-02 12:41 . 2012-08-03 16:56	--------	d-----w-	c:\program files\Emsisoft Anti-Malware
2012-07-31 06:53 . 2012-07-31 06:53	--------	d-----w-	c:\users\Felix\AppData\Roaming\Malwarebytes
2012-07-31 06:53 . 2012-07-31 06:53	--------	d-----w-	c:\programdata\Malwarebytes
2012-07-24 17:42 . 2012-08-04 08:02	--------	d-----w-	c:\users\Felix\AppData\Local\Ocster Backup
2012-07-24 17:42 . 2012-07-24 17:42	--------	d-----w-	c:\programdata\Ocster Backup
2012-07-24 17:42 . 2012-08-04 08:02	--------	d-----w-	c:\program files\Ocster Backup
2012-07-24 12:23 . 2012-07-24 13:37	--------	d---a-w-	C:\Kaspersky Rescue Disk 10.0
2012-07-24 06:57 . 2012-07-24 06:57	--------	d-----w-	c:\users\Lisa Fee\AppData\Local\Macromedia
2012-07-24 06:05 . 2009-06-15 14:52	23552	-c--a-w-	c:\programdata\Microsoft\Windows\WER\ReportQueue\Report0f725a3f\lpk.dll
2012-07-18 10:04 . 2012-07-18 10:04	--------	d-----w-	c:\users\Felix\AppData\Roaming\13001.027
2012-07-15 11:10 . 2012-07-31 16:07	--------	d-----r-	c:\users\Felix\Dropbox
2012-07-15 11:09 . 2012-07-15 11:09	--------	d-----w-	c:\program files\Dropbox
2012-07-15 11:08 . 2012-08-01 06:50	--------	d-----w-	c:\users\Felix\AppData\Roaming\Dropbox
2012-07-11 11:27 . 2012-06-13 13:40	2047488	----a-w-	c:\windows\system32\win32k.sys
2012-07-11 06:57 . 2012-06-05 16:47	708608	----a-w-	c:\program files\Common Files\System\ado\msado15.dll
2012-07-11 06:57 . 2012-06-05 16:47	1401856	----a-w-	c:\windows\system32\msxml6.dll
2012-07-11 06:57 . 2012-06-05 16:47	1248768	----a-w-	c:\windows\system32\msxml3.dll
2012-07-11 06:57 . 2012-06-04 15:26	440704	----a-w-	c:\windows\system32\drivers\ksecdd.sys
2012-07-11 06:57 . 2012-06-02 00:04	278528	----a-w-	c:\windows\system32\schannel.dll
2012-07-11 06:57 . 2012-06-02 00:03	204288	----a-w-	c:\windows\system32\ncrypt.dll
2012-07-07 20:42 . 2012-07-07 20:42	--------	d-----w-	C:\Temp
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-03 09:15 . 2012-04-10 05:56	426184	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2012-08-03 09:15 . 2011-05-17 04:58	70344	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-22 14:32 . 2012-07-05 13:02	405144	----a-w-	c:\windows\system32\Newtonsoft.Json.Net20.dll
2012-06-02 22:19 . 2012-06-22 06:30	53784	----a-w-	c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-22 06:30	45080	----a-w-	c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-22 06:29	35864	----a-w-	c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-22 06:29	577048	----a-w-	c:\windows\system32\wuapi.dll
2012-06-02 22:19 . 2012-06-22 06:30	1933848	----a-w-	c:\windows\system32\wuaueng.dll
2012-06-02 22:12 . 2012-06-22 06:30	2422272	----a-w-	c:\windows\system32\wucltux.dll
2012-06-02 22:12 . 2012-06-22 06:29	88576	----a-w-	c:\windows\system32\wudriver.dll
2012-06-02 13:19 . 2012-06-22 06:29	171904	----a-w-	c:\windows\system32\wuwebv.dll
2012-06-02 13:12 . 2012-06-22 06:29	33792	----a-w-	c:\windows\system32\wuapp.exe
2012-05-31 10:25 . 2009-10-03 06:03	237072	------w-	c:\windows\system32\MpSigStub.exe
2012-05-09 06:43 . 2011-10-18 06:00	83392	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2012-05-09 06:43 . 2011-10-18 06:00	137928	----a-w-	c:\windows\system32\drivers\avipbb.sys
2012-06-19 18:03 . 2011-08-19 14:57	85472	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19	94208	----a-w-	c:\users\Felix\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19	94208	----a-w-	c:\users\Felix\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19	94208	----a-w-	c:\users\Felix\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 152872]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2011-07-11 74752]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2006-02-01 868352]
"LWS"="c:\program files\Logitech\LWS\Webcam Software\LWS.exe" [2011-03-01 190808]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-08-01 348664]
"AVMWlanClient"="c:\program files\avmwlanstick\wlangui.exe" [2010-10-22 2105344]
"WPCUMI"="c:\windows\system32\WpcUmi.exe" [2006-11-02 176128]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]
Wiederherstellung.lnk - c:\sources\OEM\Recovery\user\delayrun.vbs [2007-9-7 268]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Logitech Vid HD"="c:\program files\Logitech\Vid\vid.exe" -bootmode
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"ArcSoft Connection Service"=c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"HP Software Update"=c:\program files\HP\HP Software Update\HPWuSchd2.exe
"hpqSRMon"=
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	FontCache
HPZ12	REG_MULTI_SZ   	Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt	REG_MULTI_SZ   	hpqcxs08 hpqddsvc
.
Inhalt des "geplante Tasks" Ordners
.
2012-08-05 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-10 09:15]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = 
IE: Free YouTube to MP3 Converter - c:\users\Felix\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
LSP: c:\windows\system32\wpclsp.dll
TCP: DhcpNameServer = 192.168.2.1
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
FF - ProfilePath - c:\users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\e3ojcy8n.default\
FF - prefs.js: browser.search.defaulturl - 
FF - prefs.js: browser.search.selectedEngine - 
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
WebBrowser-{8DBB6D8E-E4A6-4E3B-9753-AF78B226441C} - (no file)
AddRemove-Free YouTube to MP3 Converter_is1 - c:\program files\Common Files\DVDVideoSoft\Uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-08-05 09:25
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse... 
.
Scanne versteckte Autostarteinträge... 
.
Scanne versteckte Dateien... 
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Zeit der Fertigstellung: 2012-08-05  09:27:55
ComboFix-quarantined-files.txt  2012-08-05 07:27
.
Vor Suchlauf: 13 Verzeichnis(se), 334.782.476.288 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 334.706.229.248 Bytes frei
.
- - End Of File - - 2BDB7E57753F04409E1A7F21A721C019

--- --- ---

32 Bit HP CIO Components Installer
Acrobat.com
Adobe Flash Player 10 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.3) - Deutsch
Adobe Shockwave Player 11.5
Amazon MP3-Downloader 1.0.15
ArcSoft TotalMedia Extreme
Avira Free Antivirus
AVM FRITZ!WLAN
BufferChm
CameraHelperMsi
Copy
CustomerResearchQFolder
Destination Component
DeviceDiscovery
DeviceManagementQFolder
Die Sims™ 3
DJ_AIO_03_F2200_ProductContext
DJ_AIO_03_F2200_Software
DJ_AIO_03_F2200_Software_Min
Dropbox
EA Download Manager
erLT
eSupportQFolder
F2200
F2200_Help
Facebook Plug-In
Free YouTube to MP3 Converter version 3.11.25.627
Google Earth Plug-in
Google Update Helper
GPBaseService
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Customer Participation Program 10.0
HP Deskjet F2200 All-In-One Driver Software 10.0 Rel .3
HP Imaging Device Functions 10.0
HP Photosmart Essential 2.5
HP Smart Web Printing
HP Solution Center 10.0
HP Update
HPProductAssistant
HPSSupply
ICQ Toolbar
ICQ6.5
IrfanView (remove only)
Java Auto Updater
Java(TM) 6 Update 31
Java(TM) 6 Update 5
Java(TM) 6 Update 7
LG Internet Kit
LG USB Modem Drivers
Logitech Desktop Messenger
Logitech Updater
Logitech Webcam Software
Logitech Webcam Software-Treiberpaket
LWS Facebook
LWS Gallery
LWS Help_main
LWS Launcher
LWS Motion Detection
LWS Pictures And Video
LWS Twitter
LWS Video Mask Maker
LWS VideoEffects
LWS Webcam Software
LWS WLM Plugin
LWS YouTube Plugin
MarketResearch
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Client Profile DEU Language Pack
Microsoft Office Professional Edition 2003
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft WSE 3.0 Runtime
Mozilla Firefox 13.0.1 (x86 de)
Mozilla Maintenance Service
Mozilla Thunderbird 14.0 (x86 de)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nero 7 Essentials
neroxml
NVIDIA 3D Vision Controller-Treiber 280.19
NVIDIA 3D Vision Controller Driver
NVIDIA Display Control Panel
NVIDIA Grafiktreiber 280.26
NVIDIA Install Application
NVIDIA PhysX
NVIDIA PhysX-Systemsoftware 9.10.0514
NVIDIA Systemsteuerung 280.26
NVIDIA Update 1.4.28
NVIDIA Update Components
Platform
posterjack CEWE Fotobuch und Kalender
PSSWCORE
PVSonyDll
QuickTime
Scan
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile DEU Language Pack (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile DEU Language Pack (KB2518870)
Shop for HP Supplies
Skype Toolbars
Skype™ 5.3
SmartWebPrintingOC
SolutionCenter
SoundMAX
Spelling Dictionaries Support For Adobe Reader 8
SqrSoft® Advanced Crossfading (remove only)
Status
Streamripper Plugin 1.62.2 (Remove only)
TeamViewer 5
Text-To-Speech-Runtime
Toolbox
TrayApp
Unity Web Player
UnloadSupport
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
VIA Plattform-Geräte-Manager
VideoLAN VLC media player 0.8.6d
VideoToolkit01
WebReg
Winamp
Winamp Erkennungs-Plug-in
Windows Media Player Firefox Plugin
WinRAR
Xacti Screen Capture 1.1

02.08.2012, 13:40	#10
t'john /// Helfer-Team	fe0_zip.exe Fehlermeldung nach Hochfahren Emsisoft noch. __________________ Mfg, t'john Das TB unterstützen

fe0_zip.exe Fehlermeldung nach Hochfahren

Plagegeister aller Art und deren Bekämpfung: fe0_zip.exe Fehlermeldung nach Hochfahren