Attraps.Gen2 kann ich nicht entfernen

Grossknecht · 09.08.2012, 07:29

Hallo zusammen,

stehe vor einem Problem mit Attraps.Gen2. Dieser lässt sich nicht von AntiVir entfernen und taucht immer wieder auf. Hab schon versucht im Forum Hilfe zu finden und bin auch auf einige Themen gestossen. Es wurde aber davon abgeraten die dort geschilderten Maßnahmen am eigenen PC durchzufürhen. Ich hoffe das war so richtig. Vorweg damit ich nicht überfordert werde: ich hab nicht ziemlich viel Ahnung vom PC (bin froh wenn er läuft und ich damit arbeiten kann

) und hoffe auf verständliche Hilfe, damit ich den Plagegeist loswerde. Dafür schon mal Danke.

Nun zum Problem. Seit einiger Zeit findet AntiVir Dateien die sich nicht löschen lassen: Diese sind Atraps.Gen2, attraps.Gen

Wie werd ich diese Dinger los?

t'john · 09.08.2012, 09:45

1. Schritt

Bitte einen Vollscan mit Malwarebytes Anti-Malware machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Malwarebytes Anti-Malware
- Anwendbar auf Windows 2000, XP, Vista und 7.
- Installiere das Programm in den vorgegebenen Pfad.
- Aktualisiere die Datenbank!
- Aktiviere "Komplett Scan durchführen" => Scan.
- Wähle alle verfügbaren Laufwerke (ausser CD/DVD) aus und starte den Scan.
- Funde bitte löschen lassen oder in Quarantäne.
- Wenn der Scan beendet ist, klicke auf "Zeige Resultate".

2. Schritt

Systemscan mit OTL (bebilderte Anleitung)

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop ( falls noch nicht vorhanden)- Doppelklick auf die OTL.exe

Vista und Win7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen

Wähle Scanne Alle Benuzer

Oben findest Du ein Kästchen mit Ausgabe. Wähle bitte Minimale Ausgabe

Unter Extra Registrierung, wähle bitte Benutze SafeList

Klicke nun auf Scan links oben

Wenn der Scan beendet wurde werden 2 Logfiles erstellt

Poste die Logfiles hier in den Thread.

Grossknecht · 09.08.2012, 09:53

Danke für die schnelle Antwort.

Hier der logdatei von maleware:

Malwarebytes Anti-Malware 1.62.0.1300
Malwarebytes : Free Anti-Malware download

Datenbank Version: v2012.08.09.02

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Stephan :: STEPHAN-THINK [Administrator]

09.08.2012 09:13:23
mbam-log-2012-08-09 (10-46-15).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|Q:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 373060
Laufzeit: 54 Minute(n), 14 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 3
C:\Windows\Installer\{0fad7129-7c25-c438-408e-33d7642b857e}\U\00000008.@ (Trojan.Dropper.BCMiner) -> Keine Aktion durchgeführt.
C:\Windows\Installer\{0fad7129-7c25-c438-408e-33d7642b857e}\U\000000cb.@ (Rootkit.0Access) -> Keine Aktion durchgeführt.
C:\Windows\Installer\{0fad7129-7c25-c438-408e-33d7642b857e}\U\80000032.@ (Rootkit.0Access) -> Keine Aktion durchgeführt.

(Ende)

t'john · 09.08.2012, 10:02

OTL Logfile?

Grossknecht · 09.08.2012, 11:45

Kommt. dauert noch etwas....

Hier der OTL logfile:OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 09.08.2012 12:47:00 - Run 1
OTL by OldTimer - Version 3.2.56.0     Folder = C:\Users\Stephan\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,87 Gb Total Physical Memory | 0,51 Gb Available Physical Memory | 27,56% Memory free
3,74 Gb Paging File | 1,71 Gb Available in Paging File | 45,76% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 221,95 Gb Total Space | 159,42 Gb Free Space | 71,83% Space Free | Partition Type: NTFS
Drive E: | 3,73 Gb Total Space | 3,72 Gb Free Space | 99,72% Space Free | Partition Type: FAT32
Drive Q: | 9,77 Gb Total Space | 0,01 Gb Free Space | 0,09% Space Free | Partition Type: NTFS
 
Computer Name: STEPHAN-THINK | User Name: Stephan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 360 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Stephan\Desktop\OTL.exe (OldTimer Tools)
PRC - c:\Program Files (x86)\Avira\AntiVir Desktop\avscan.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Tobit Radio.fx\Server\rfx-server.exe ()
PRC - C:\Program Files (x86)\Tobit Radio.fx\Client\rfx-tray.exe (Tobit.Software)
PRC - C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.)
PRC - C:\Program Files (x86)\phonostar-Player\phonostarTimer.exe ()
PRC - C:\Program Files (x86)\Ask.com\Updater\Updater.exe ({StringFileInfo_CompanyName})
PRC - C:\Program Files (x86)\McAfee Security Scan\3.0.207\SSScheduler.exe (McAfee, Inc.)
PRC - C:\Program Files (x86)\Join Air\UIExec.exe ()
PRC - C:\Program Files (x86)\Join Air\AssistantServices.exe ()
PRC - C:\jurisprog\juris\juris DVD E-VSF\jportal\jre1.6.0_16\bin\java.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe (Lenovo)
PRC - C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe (Lenovo)
PRC - C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe (Lenovo)
PRC - C:\Programme\Lenovo\ZOOM\TpScrex.exe (Lenovo Group Limited)
PRC - c:\Program Files (x86)\Lenovo\System Update\SUService.exe (Lenovo Group Limited)
PRC - C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe (Lenovo Group Limited)
PRC - C:\Programme\Lenovo\HOTKEY\tpfnf6r.exe (Lenovo Group Limited)
PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Programme\Lenovo\HOTKEY\TPHKSVC.exe (Lenovo Group Limited)
PRC - C:\Programme\Lenovo\HOTKEY\micmute.exe (Lenovo Group Limited)
PRC - C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exe ()
PRC - C:\Programme\Lenovo\HOTKEY\TPOSDSVC.exe (Lenovo Group Limited)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\Programme\Lenovo\HOTKEY\tpnumlkd.exe (Lenovo Group Limited)
PRC - C:\Programme\Lenovo\HOTKEY\tpnumlk.exe (Lenovo Group Limited)
PRC - C:\Programme\Lenovo\HOTKEY\TPONSCR.exe (Lenovo Group Limited)
PRC - C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
PRC - C:\jurisprog\juris\juris DVD E-VSF\jportal\apache-tomcat-6.0.20\bin\wrapper.exe ()
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Program Files (x86)\Tobit Radio.fx\Client\tobitclt.dll ()
MOD - C:\Program Files (x86)\Tobit Radio.fx\Client\rfx-client$.ger ()
MOD - C:\Program Files (x86)\phonostar-Player\phonostarTimer.exe ()
MOD - C:\Program Files (x86)\phonostar-Player\QtCore4.dll ()
MOD - C:\Program Files (x86)\phonostar-Player\plugins\sqldrivers\qsqlite4.dll ()
MOD - C:\Program Files (x86)\phonostar-Player\QtGui4.dll ()
MOD - C:\Program Files (x86)\phonostar-Player\QtSql4.dll ()
MOD - \\.\globalroot\systemroot\syswow64\mswsock.dll ()
MOD - C:\Program Files (x86)\Join Air\UIExec.exe ()
MOD - C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exe ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (IBMPMSVC) -- C:\Windows\SysNative\ibmpmsvc.exe (Lenovo)
SRV:64bit: - (TPHDEXLGSVC) -- C:\Windows\SysNative\TPHDEXLG64.exe (Lenovo.)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirWebService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (Radio.fx) -- C:\Program Files (x86)\Tobit Radio.fx\Server\rfx-server.exe ()
SRV - (McComponentHostService) -- C:\Program Files (x86)\McAfee Security Scan\3.0.207\McCHSvc.exe (McAfee, Inc.)
SRV - (UI Assistant Service) -- C:\Program Files (x86)\Join Air\AssistantServices.exe ()
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (Power Manager DBC Service) -- C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe (Lenovo)
SRV - (AcSvc) -- C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe (Lenovo)
SRV - (AcPrfMgrSvc) -- C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe (Lenovo)
SRV - (SUService) -- c:\Program Files (x86)\Lenovo\System Update\SUService.exe (Lenovo Group Limited)
SRV - (EvtEng) -- C:\Programme\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
SRV - (RegSrvc) -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
SRV - (ThinkVantage Registry Monitor Service) -- C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe (Lenovo Group Limited)
SRV - (IAANTMON) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (Roxio Upnp Server 10) -- C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe (Sonic Solutions)
SRV - (Roxio UPnP Renderer 10) -- C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe (Sonic Solutions)
SRV - (RoxLiveShare10) -- C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe (Sonic Solutions)
SRV - (RoxWatch10) -- C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe (Sonic Solutions)
SRV - (RoxMediaDB10) -- C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe (Sonic Solutions)
SRV - (TPHKSVC) -- C:\Programme\Lenovo\HOTKEY\TPHKSVC.exe (Lenovo Group Limited)
SRV - (LENOVO.MICMUTE) -- C:\Programme\Lenovo\HOTKEY\micmute.exe (Lenovo Group Limited)
SRV - (btwdins) -- C:\Programme\ThinkPad\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (SQLWriter) -- c:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)
SRV - (BcmSqlStartupSvc) -- C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation)
SRV - (IviRegMgr) -- C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
SRV - (DVD22) -- C:\jurisprog\juris\juris DVD E-VSF\jportal\apache-tomcat-6.0.20\bin\wrapper.exe ()
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (psadd) -- C:\Windows\SysNative\drivers\psadd.sys (Lenovo (United States) Inc.)
DRV:64bit: - (ZTEusbser6k) -- C:\Windows\SysNative\drivers\ZTEusbser6k.sys (ZTE Incorporated)
DRV:64bit: - (ZTEusbnmea) -- C:\Windows\SysNative\drivers\ZTEusbnmea.sys (ZTE Incorporated)
DRV:64bit: - (ZTEusbmdm6k) -- C:\Windows\SysNative\drivers\ZTEusbmdm6k.sys (ZTE Incorporated)
DRV:64bit: - (massfilter) -- C:\Windows\SysNative\drivers\massfilter.sys (ZTE Incorporated)
DRV:64bit: - (TPPWRIF) -- C:\Windows\SysNative\drivers\TPPWR64V.SYS ()
DRV:64bit: - (NETw5s64) -- C:\Windows\SysNative\drivers\NETw5s64.sys (Intel Corporation)
DRV:64bit: - (IBMPMDRV) -- C:\Windows\SysNative\drivers\ibmpmdrv.sys (Lenovo.)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (TPM) -- C:\Windows\SysNative\drivers\tpm.sys (Microsoft Corporation)
DRV:64bit: - (IntcHdmiAddService) -- C:\Windows\SysNative\drivers\IntcHdmi.sys (Intel(R) Corporation)
DRV:64bit: - (btwaudio) -- C:\Windows\SysNative\drivers\btwaudio.sys (Broadcom Corporation.)
DRV:64bit: - (btwavdt) -- C:\Windows\SysNative\drivers\btwavdt.sys (Broadcom Corporation.)
DRV:64bit: - (btwrchid) -- C:\Windows\SysNative\drivers\btwrchid.sys (Broadcom Corporation.)
DRV:64bit: - (Shockprf) -- C:\Windows\SysNative\drivers\ApsX64.sys (Lenovo.)
DRV:64bit: - (TPDIGIMN) -- C:\Windows\SysNative\drivers\ApsHM64.sys (Lenovo.)
DRV:64bit: - (SrvHsfV92) -- C:\Windows\SysNative\drivers\VSTDPV6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfWinac) -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfHDA) -- C:\Windows\SysNative\drivers\VSTAZL6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (netw5v64) -- C:\Windows\SysNative\drivers\netw5v64.sys (Intel Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (JMCR) -- C:\Windows\SysNative\drivers\jmcr.sys (JMicron Technology Corporation)
DRV:64bit: - (btwl2cap) -- C:\Windows\SysNative\drivers\btwl2cap.sys (Broadcom Corporation.)
DRV:64bit: - (lenovo.smi) -- C:\Windows\SysNative\drivers\smiifx64.sys (Lenovo Group Limited)
DRV - (PCDSRVC{184E4FA0-DE8C26D4-06000000}_0) -- c:\Programme\PC-Doctor\pcdsrvc_x64.pkms (PC-Doctor, Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {8DA28173-83DA-474F-B30E-7CBE2B0410DA}
IE:64bit: - HKLM\..\SearchScopes\{8DA28173-83DA-474F-B30E-7CBE2B0410DA}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=LEMDF8&pc=MALC&src=IE-SearchBox;
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files (x86)\softonic-de3\prxtbsof0.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKLM\..\SearchScopes\{28E8BEE8-9D76-44C4-80B9-78FDADF595D0}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=LEMDF8&pc=MALC&src=IE-SearchBox;
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2431245
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-2566526540-745546165-4001725246-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = Lenovo | MSN
IE - HKU\S-1-5-21-2566526540-745546165-4001725246-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = Lenovo - Welcome - Country selection [binary data]
IE - HKU\S-1-5-21-2566526540-745546165-4001725246-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = Lenovo - Welcome - Country selection [binary data]
IE - HKU\S-1-5-21-2566526540-745546165-4001725246-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Suche
IE - HKU\S-1-5-21-2566526540-745546165-4001725246-1003\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files (x86)\softonic-de3\prxtbsof0.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-2566526540-745546165-4001725246-1003\..\SearchScopes,DefaultScope = {28E8BEE8-9D76-44C4-80B9-78FDADF595D0}
IE - HKU\S-1-5-21-2566526540-745546165-4001725246-1003\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2431245
IE - HKU\S-1-5-21-2566526540-745546165-4001725246-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.google.de"
FF - prefs.js..extensions.enabledItems: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065}:2.7.2.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..network.proxy.type: 0
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_270.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_270.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.08.03 09:28:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.12.17 14:55:43 | 000,000,000 | ---D | M]
 
[2010.08.30 22:27:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Stephan\AppData\Roaming\mozilla\Extensions
[2012.05.15 10:47:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Stephan\AppData\Roaming\mozilla\Firefox\Profiles\9ein93uj.default\extensions
[2011.06.13 17:36:20 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Stephan\AppData\Roaming\mozilla\Firefox\Profiles\9ein93uj.default\extensions\engine@conduit.com
[2011.12.17 13:49:38 | 000,002,355 | ---- | M] () -- C:\Users\Stephan\AppData\Roaming\Mozilla\Firefox\Profiles\9ein93uj.default\searchplugins\aol-web-search.xml
[2011.12.18 11:03:01 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012.08.03 09:28:42 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011.11.10 06:54:13 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2012.03.26 19:51:06 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.03.26 19:51:06 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.03.26 19:51:06 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.03.26 19:51:06 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.03.26 19:51:06 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.03.26 19:51:06 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files (x86)\softonic-de3\prxtbsof0.dll (Conduit Ltd.)
O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files (x86)\softonic-de3\prxtbsof0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-2566526540-745546165-4001725246-1003\..\Toolbar\WebBrowser: (softonic-de3 Toolbar) - {CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - C:\Program Files (x86)\softonic-de3\prxtbsof0.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-2566526540-745546165-4001725246-1003\..\Toolbar\WebBrowser: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O4:64bit: - HKLM..\Run: [AcWin7Hlpr] C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe ()
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [LENOVO.TPFNF6R] C:\Programme\Lenovo\HOTKEY\tpfnf6r.exe (Lenovo Group Limited)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Programme\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [TPHOTKEY] C:\Programme\Lenovo\HOTKEY\TPOSDSVC.exe (Lenovo Group Limited)
O4:64bit: - HKLM..\Run: [TpShocks] C:\Windows\SysNative\TpShocks.exe (Lenovo.)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe ({StringFileInfo_CompanyName})
O4 - HKLM..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui File not found
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Message Center Plus] C:\Program Files (x86)\LENOVO\Message Center Plus\MCPLaunch.exe ()
O4 - HKLM..\Run: [PWMTRV] C:\Program Files (x86)\ThinkPad\Utilities\PWMTR64V.DLL (Lenovo Group Limited)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe (Sonic Solutions)
O4 - HKLM..\Run: [UIExec] C:\Program Files (x86)\Join Air\UIExec.exe ()
O4 - HKLM..\Run: [WinampAgent] C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2566526540-745546165-4001725246-1003..\Run: [JurisPortalDVD22] C:\jurisprog\juris\juris DVD E-VSF\wget_verk File not found
O4 - HKU\S-1-5-21-2566526540-745546165-4001725246-1003..\Run: [phonostarTimer] C:\Program Files (x86)\phonostar-Player\phonostarTimer.exe ()
O4 - HKU\S-1-5-21-2566526540-745546165-4001725246-1003..\Run: [rfxsrvtray] C:\Program Files (x86)\Tobit Radio.fx\Client\rfx-tray.exe (Tobit.Software)
O4 - HKU\S-1-5-21-2566526540-745546165-4001725246-1003..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9:64bit: - Extra Button: @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Senden an Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Senden an &Bluetooth-Gerät... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000011 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000012 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000013 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000014 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000015 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000016 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-2566526540-745546165-4001725246-1003\..Trusted Domains: fritz.repeater ([]* in Lokales Intranet)
O15 - HKU\S-1-5-21-2566526540-745546165-4001725246-1003\..Trusted Ranges: Range1 ([*] in Lokales Intranet)
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A17215C6-8A43-4307-A8EA-55812C98054A}: DhcpNameServer = 192.168.178.1 192.168.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - Unable to obtain root file information for disk E:\
O32 - Unable to obtain root file information for disk Q:\
O33 - MountPoints2\{c03e4351-382a-11df-8390-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{c03e4351-382a-11df-8390-806e6f6e6963}\Shell\AutoRun\command - "" = Q:\LenovoQDrive.exe -- [2009.08.10 23:01:24 | 000,267,576 | -HS- | M] (Lenovo Group Limited)
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 360 Days ==========
 
[2012.08.09 10:57:32 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Stephan\Desktop\OTL.exe
[2012.07.13 14:22:46 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3r.dll
[2012.07.13 14:22:46 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msxml3r.dll
[2012.07.13 14:22:03 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2012.07.13 14:21:57 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cdosys.dll
[2012.07.13 14:21:56 | 001,133,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdosys.dll
[2012.06.27 15:04:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2012.06.27 15:04:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2012.06.27 15:04:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2012.06.27 14:48:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012.06.24 16:57:53 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\%APPDATA%
[2012.06.23 15:56:27 | 000,000,000 | ---D | C] -- C:\Users\Stephan\AppData\Local\Macromedia
[2012.06.23 14:56:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.06.23 14:56:40 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.06.23 14:12:42 | 002,622,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll
[2012.06.23 14:12:42 | 000,057,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe
[2012.06.23 14:12:42 | 000,044,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups2.dll
[2012.06.23 14:12:21 | 000,701,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll
[2012.06.23 14:12:21 | 000,099,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll
[2012.06.23 14:12:21 | 000,038,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups.dll
[2012.06.23 14:12:02 | 000,186,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll
[2012.06.23 14:12:02 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe
[2012.06.23 13:43:00 | 000,000,000 | ---D | C] -- C:\Users\Stephan\AppData\Roaming\Malwarebytes
[2012.06.23 13:42:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.06.23 13:42:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.06.14 16:52:57 | 000,735,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012.06.14 16:52:55 | 000,097,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012.06.14 16:52:54 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012.06.14 16:52:52 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012.06.14 16:52:52 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012.06.14 16:52:51 | 000,134,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012.06.14 16:52:51 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012.06.14 16:49:15 | 000,918,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012.06.14 16:49:15 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012.06.14 16:44:16 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorekmts.dll
[2012.06.14 16:44:15 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpwsx.dll
[2012.06.14 16:44:15 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdrmemptylst.exe
[2012.06.14 16:43:59 | 005,559,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012.06.14 16:43:58 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2012.06.14 16:43:57 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2012.06.14 16:40:05 | 003,216,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msi.dll
[2012.06.14 16:39:38 | 001,462,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2012.06.14 16:39:37 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll
[2012.05.11 15:25:25 | 001,544,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2012.05.03 15:44:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012.05.03 15:44:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2012.05.02 15:32:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
[2012.04.25 16:30:12 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee Security Scan
[2012.04.25 16:30:09 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2012.04.25 16:30:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\McAfee Security Scan
[2012.04.25 16:30:05 | 000,426,184 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012.04.25 16:30:05 | 000,070,344 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012.04.25 16:29:59 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2012.04.11 20:12:09 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imagehlp.dll
[2012.04.11 20:12:09 | 000,023,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fs_rec.sys
[2012.04.11 20:12:07 | 000,220,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll
[2012.03.14 15:48:01 | 001,031,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcore.dll
[2012.03.14 15:48:01 | 000,826,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rdpcore.dll
[2012.03.05 14:25:53 | 000,509,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntshrui.dll
[2012.03.05 14:25:50 | 000,515,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\timedate.cpl
[2012.03.05 14:25:49 | 000,478,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\timedate.cpl
[2012.03.05 14:25:40 | 000,634,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msvcrt.dll
[2012.03.05 14:25:05 | 001,447,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2012.03.05 14:25:05 | 000,395,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\webio.dll
[2012.03.05 14:25:05 | 000,314,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\webio.dll
[2012.03.05 14:25:05 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspicli.dll
[2012.03.05 14:25:05 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secur32.dll
[2012.03.05 14:25:04 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspisrv.dll
[2012.01.16 17:56:52 | 001,572,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\quartz.dll
[2012.01.16 17:56:52 | 001,328,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\quartz.dll
[2012.01.16 17:56:51 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qdvd.dll
[2012.01.16 17:56:51 | 000,366,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qdvd.dll
[2012.01.16 17:55:21 | 001,731,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll
[2012.01.16 17:55:21 | 000,000,000 | -HSD | C] -- C:\Users\Stephan\AppData\Local\{0fad7129-7c25-c438-408e-33d7642b857e}
[2012.01.16 17:55:18 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\packager.dll
[2012.01.16 17:55:18 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\packager.dll
[2012.01.04 13:11:44 | 000,000,000 | ---D | C] -- C:\Users\Stephan\Desktop\Sammler
[2011.12.18 19:45:46 | 000,000,000 | ---D | C] -- C:\Users\Stephan\TapinRadio
[2011.12.18 19:45:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TapinRadio
[2011.12.18 19:45:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TapinRadio
[2011.12.18 11:03:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2011.12.18 11:02:58 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2011.12.18 11:02:58 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2011.12.18 11:02:58 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2011.12.17 14:37:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tobit.Software
[2011.12.17 14:37:01 | 003,537,752 | ---- | C] (Tobit.Software) -- C:\Windows\RXSUnins.exe
[2011.12.17 14:37:01 | 003,537,752 | ---- | C] (Tobit.Software) -- C:\Windows\RXCUnins.exe
[2011.12.17 14:35:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Tobit Radio.fx
[2011.12.17 13:37:48 | 000,000,000 | ---D | C] -- C:\Users\Stephan\AppData\Roaming\streamripper
[2011.12.17 13:35:37 | 001,892,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_42.dll
[2011.12.17 13:34:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Software Update Utility
[2011.12.17 13:33:41 | 000,000,000 | ---D | C] -- C:\Users\Stephan\AppData\Roaming\Winamp
[2011.12.17 13:33:41 | 000,000,000 | ---D | C] -- C:\Users\Stephan\AppData\Roaming\OpenCandy
[2011.12.17 13:24:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Winamp
[2011.12.17 13:24:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Streamripper
[2011.12.17 13:19:10 | 000,000,000 | ---D | C] -- C:\Users\Stephan\AppData\Roaming\phonostar GmbH
[2011.12.17 13:19:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\phonostar-Player
[2011.12.15 17:54:04 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll
[2011.12.15 17:47:36 | 000,723,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\EncDec.dll
[2011.12.15 17:47:36 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\EncDec.dll
[2011.12.06 18:30:41 | 000,000,000 | ---D | C] -- C:\Users\Stephan\Desktop\Documents\Zündapp
[2011.10.12 17:24:02 | 000,613,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\psisdecd.dll
[2011.10.12 17:24:02 | 000,465,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\psisdecd.dll
[2011.10.12 17:24:02 | 000,108,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\psisrndr.ax
[2011.10.12 17:24:02 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\psisrndr.ax
[2011.10.12 17:21:45 | 000,331,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleacc.dll
[2011.10.12 17:21:44 | 000,861,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleaut32.dll
[2011.10.04 14:44:00 | 000,000,000 | ---D | C] -- C:\Users\Stephan\AppData\Roaming\Avira
[2011.10.04 14:43:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2011.10.04 14:43:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ask.com
[2011.10.04 14:42:45 | 000,132,832 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys
[2011.10.04 14:42:45 | 000,027,760 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avkmgr.sys
[2011.10.04 14:42:44 | 000,098,848 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2011.10.04 14:42:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2011.10.04 14:42:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
[2011.08.23 15:45:47 | 000,000,000 | ---D | C] -- C:\.fop
[2011.08.23 15:36:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\juris
[2011.08.23 15:36:28 | 000,000,000 | ---D | C] -- C:\Users\Stephan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\juris
[2010.09.17 15:06:30 | 002,736,736 | ---- | C] (Conduit Ltd.) -- C:\Program Files (x86)\tbsoft.dll
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
 
========== Files - Modified Within 360 Days ==========
 
[2012.08.09 12:47:04 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.08.09 12:46:02 | 000,001,112 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.08.09 11:10:10 | 001,646,008 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.08.09 11:10:10 | 000,711,370 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.08.09 11:10:10 | 000,662,950 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.08.09 11:10:10 | 000,153,766 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.08.09 11:10:10 | 000,124,144 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.08.09 10:58:01 | 000,015,568 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.08.09 10:58:01 | 000,015,568 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.08.09 10:57:56 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Stephan\Desktop\OTL.exe
[2012.08.09 10:54:38 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.08.09 10:50:10 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.08.09 10:49:53 | 1504,333,824 | -HS- | M] () -- C:\hiberfil.sys
[2012.08.09 08:57:21 | 000,001,080 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.08.04 11:52:11 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012.08.04 11:52:11 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012.08.02 16:06:50 | 000,013,538 | ---- | M] () -- C:\Users\Stephan\Desktop\bp.htm
[2012.07.13 14:56:00 | 000,456,664 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.07.03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.06.29 23:00:00 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job
[2012.06.27 15:04:26 | 000,001,229 | ---- | M] () -- C:\Users\Stephan\Desktop\Spybot - Search & Destroy.lnk
[2012.06.06 08:02:54 | 001,133,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\cdosys.dll
[2012.06.06 07:03:06 | 000,805,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\cdosys.dll
[2012.06.03 00:19:46 | 000,038,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wups.dll
[2012.06.03 00:19:42 | 000,057,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe
[2012.06.03 00:19:42 | 000,044,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wups2.dll
[2012.06.03 00:19:23 | 000,701,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll
[2012.06.03 00:15:31 | 002,622,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll
[2012.06.03 00:15:08 | 000,099,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll
[2012.06.02 15:19:42 | 000,186,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll
[2012.06.02 15:15:12 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe
[2012.06.02 07:44:21 | 000,307,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2012.05.09 16:49:39 | 000,132,832 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys
[2012.05.09 16:49:39 | 000,098,848 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2012.05.04 13:06:22 | 005,559,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012.05.04 12:03:53 | 003,968,368 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2012.05.04 12:03:50 | 003,913,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2012.05.02 15:32:54 | 000,002,065 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2012.05.02 15:32:54 | 000,002,065 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2012.04.26 07:41:56 | 000,077,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\rdpwsx.dll
[2012.04.26 07:41:55 | 000,149,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorekmts.dll
[2012.04.26 07:34:27 | 000,009,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\rdrmemptylst.exe
[2012.04.24 07:37:37 | 000,140,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll
[2012.04.24 07:37:36 | 001,462,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2012.04.20 07:42:11 | 000,134,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012.04.20 07:42:06 | 000,735,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012.04.20 07:42:06 | 000,097,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012.04.20 07:42:04 | 000,247,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012.04.20 07:00:27 | 000,132,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012.04.20 06:57:41 | 000,067,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012.04.20 06:56:51 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012.04.17 07:31:18 | 000,918,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012.04.17 06:34:10 | 000,716,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012.04.07 14:31:40 | 003,216,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msi.dll
[2012.03.03 08:35:38 | 001,544,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fs_rec.sys
[2012.03.01 08:38:27 | 000,220,672 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll
[2012.03.01 08:33:50 | 000,081,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\imagehlp.dll
[2012.02.17 08:38:26 | 001,031,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcore.dll
[2012.02.17 07:34:22 | 000,826,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\rdpcore.dll
[2012.01.19 13:15:52 | 003,537,752 | ---- | M] (Tobit.Software) -- C:\Windows\RXSUnins.exe
[2012.01.19 13:15:52 | 003,537,752 | ---- | M] (Tobit.Software) -- C:\Windows\RXCUnins.exe
[2012.01.04 12:44:20 | 000,509,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ntshrui.dll
[2011.12.30 08:26:08 | 000,515,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\timedate.cpl
[2011.12.30 07:27:56 | 000,478,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\timedate.cpl
[2011.12.18 19:45:42 | 000,001,002 | ---- | M] () -- C:\Users\Stephan\Desktop\TapinRadio.lnk
[2011.12.17 13:35:38 | 000,000,990 | ---- | M] () -- C:\Users\Public\Desktop\Winamp.lnk
[2011.12.16 10:46:06 | 000,634,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msvcrt.dll
[2011.11.19 16:58:00 | 000,077,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\packager.dll
[2011.11.19 16:01:00 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\packager.dll
[2011.11.17 08:41:18 | 001,731,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll
[2011.11.17 08:35:28 | 000,395,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\webio.dll
[2011.11.17 08:35:26 | 000,136,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\sspicli.dll
[2011.11.17 08:35:26 | 000,029,184 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\sspisrv.dll
[2011.11.17 08:35:25 | 000,028,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\secur32.dll
[2011.11.17 08:35:19 | 001,447,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2011.11.17 07:35:02 | 000,314,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\webio.dll
[2011.11.10 06:54:28 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2011.11.10 06:54:28 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2011.11.10 06:54:26 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2011.11.10 06:54:13 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll
[2011.10.26 07:25:16 | 001,572,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\quartz.dll
[2011.10.26 07:25:15 | 000,366,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\qdvd.dll
[2011.10.26 07:21:20 | 000,043,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll
[2011.10.26 06:32:11 | 001,328,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\quartz.dll
[2011.10.26 06:32:11 | 000,514,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\qdvd.dll
[2011.10.15 08:31:56 | 000,723,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\EncDec.dll
[2011.10.15 07:38:59 | 000,534,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\EncDec.dll
[2011.10.04 14:43:37 | 000,002,077 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2011.09.15 23:55:03 | 000,027,760 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avkmgr.sys
[2011.09.13 17:55:12 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2011.09.06 22:45:17 | 000,254,400 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2011.08.27 07:37:49 | 000,861,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\oleaut32.dll
[2011.08.27 07:37:48 | 000,331,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\oleacc.dll
[2011.08.23 15:36:46 | 000,001,844 | ---- | M] () -- C:\Users\Stephan\Desktop\juris DVD E-VSF.lnk
[2011.08.17 07:26:46 | 000,613,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\psisdecd.dll
[2011.08.17 07:25:08 | 000,108,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\psisrndr.ax
[2011.08.17 06:24:12 | 000,465,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\psisdecd.dll
[2011.08.17 06:19:27 | 000,075,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\psisrndr.ax
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.08.09 12:50:51 | 000,080,896 | ---- | C] () -- C:\Windows\Installer\{0fad7129-7c25-c438-408e-33d7642b857e}\U\80000064.@
[2012.08.09 12:50:49 | 000,092,160 | ---- | C] () -- C:\Windows\Installer\{0fad7129-7c25-c438-408e-33d7642b857e}\U\80000032.@
[2012.08.09 12:49:12 | 000,232,960 | ---- | C] () -- C:\Windows\Installer\{0fad7129-7c25-c438-408e-33d7642b857e}\U\00000008.@
[2012.08.09 12:45:59 | 000,001,632 | ---- | C] () -- C:\Windows\Installer\{0fad7129-7c25-c438-408e-33d7642b857e}\U\000000cb.@
[2012.08.09 09:16:58 | 000,016,896 | ---- | C] () -- C:\Windows\Installer\{0fad7129-7c25-c438-408e-33d7642b857e}\U\80000000.@
[2012.08.02 16:06:49 | 000,013,538 | ---- | C] () -- C:\Users\Stephan\Desktop\bp.htm
[2012.06.27 15:04:26 | 000,001,229 | ---- | C] () -- C:\Users\Stephan\Desktop\Spybot - Search & Destroy.lnk
[2012.06.24 16:44:42 | 000,000,804 | ---- | C] () -- C:\Windows\Installer\{0fad7129-7c25-c438-408e-33d7642b857e}\L\00000004.@
[2012.06.24 11:54:48 | 000,002,048 | ---- | C] () -- C:\Windows\Installer\{0fad7129-7c25-c438-408e-33d7642b857e}\U\00000004.@
[2012.06.23 14:56:42 | 000,001,080 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.04.25 16:30:09 | 000,002,065 | ---- | C] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2012.04.25 16:30:09 | 000,002,065 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2012.04.25 16:30:06 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.01.16 17:55:21 | 000,002,048 | -HS- | C] () -- C:\Windows\Installer\{0fad7129-7c25-c438-408e-33d7642b857e}\@
[2012.01.16 17:55:21 | 000,002,048 | -HS- | C] () -- C:\Users\Stephan\AppData\Local\{0fad7129-7c25-c438-408e-33d7642b857e}\@
[2011.12.18 19:45:42 | 000,001,002 | ---- | C] () -- C:\Users\Stephan\Desktop\TapinRadio.lnk
[2011.12.17 13:35:38 | 000,000,990 | ---- | C] () -- C:\Users\Public\Desktop\Winamp.lnk
[2011.10.04 14:43:37 | 000,002,077 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2011.08.23 15:36:46 | 000,001,844 | ---- | C] () -- C:\Users\Stephan\Desktop\juris DVD E-VSF.lnk
[2010.09.17 15:12:17 | 002,648,064 | ---- | C] () -- C:\Windows\SysWow64\dvmsg.dll
[2010.09.17 15:06:30 | 000,153,088 | ---- | C] () -- C:\Program Files (x86)\UNWISE.EXE
[2010.09.17 15:06:30 | 000,006,836 | ---- | C] () -- C:\Program Files (x86)\UNWISE.INI
[2010.08.21 03:18:30 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI

< End of report >

--- --- ---

t'john · 09.08.2012, 13:25

Fixen mit OTL

Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).

Deaktiviere etwaige Virenscanner wie Avira, Kaspersky etc.
Starte die OTL.exe.
Vista- und Windows 7-User starten mit Rechtsklick auf das Programm-Icon und wählen "Als Administrator ausführen".
Kopiere folgendes Skript in das Textfeld unterhalb von Benuterdefinierte Scans/Fixes:

Code:

ATTFilter

:OTL
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {8DA28173-83DA-474F-B30E-7CBE2B0410DA} 
IE:64bit: - HKLM\..\SearchScopes\{8DA28173-83DA-474F-B30E-7CBE2B0410DA}: "URL" = http://www.bing.com/search?q={searchTerms}&form=LEMDF8&pc=MALC&src=IE-SearchBox; 
IE - HKLM\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files (x86)\softonic-de3\prxtbsof0.dll (Conduit Ltd.) 
IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b} 
IE - HKLM\..\SearchScopes\{28E8BEE8-9D76-44C4-80B9-78FDADF595D0}: "URL" = http://www.bing.com/search?q={searchTerms}&form=LEMDF8&pc=MALC&src=IE-SearchBox; 
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2431245 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 
IE - HKU\S-1-5-21-2566526540-745546165-4001725246-1003\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files (x86)\softonic-de3\prxtbsof0.dll (Conduit Ltd.) 
IE - HKU\S-1-5-21-2566526540-745546165-4001725246-1003\..\SearchScopes,DefaultScope = {28E8BEE8-9D76-44C4-80B9-78FDADF595D0} 
IE - HKU\S-1-5-21-2566526540-745546165-4001725246-1003\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2431245 
IE - HKU\S-1-5-21-2566526540-745546165-4001725246-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 
FF - prefs.js..browser.search.useDBForOrder: true 
FF - prefs.js..browser.startup.homepage: "www.google.de" 
FF - prefs.js..extensions.enabledItems: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065}:2.7.2.0 
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 
FF - prefs.js..network.proxy.type: 0 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_270.dll File not found 
O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.) 
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. 
O2 - BHO: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files (x86)\softonic-de3\prxtbsof0.dll (Conduit Ltd.) 
O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) 
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. 
O3 - HKLM\..\Toolbar: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files (x86)\softonic-de3\prxtbsof0.dll (Conduit Ltd.) 
O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) 
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. 
O3 - HKU\S-1-5-21-2566526540-745546165-4001725246-1003\..\Toolbar\WebBrowser: (softonic-de3 Toolbar) - {CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - C:\Program Files (x86)\softonic-de3\prxtbsof0.dll (Conduit Ltd.) 
O3 - HKU\S-1-5-21-2566526540-745546165-4001725246-1003\..\Toolbar\WebBrowser: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) 
O4:64bit: - HKLM..\Run: [AcWin7Hlpr] C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe () 
O4 - HKLM..\Run: [] File not found 
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe ({StringFileInfo_CompanyName}) 
O4 - HKLM..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui File not found 
O4 - HKU\S-1-5-21-2566526540-745546165-4001725246-1003..\Run: [JurisPortalDVD22] C:\jurisprog\juris\juris DVD E-VSF\wget_verk File not found 
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found 
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 

O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16) 
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16) 
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16) 
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) 
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) 
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) 
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found 
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found 
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. 
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. 
O32 - HKLM CDRom: AutoRun - 1 
O33 - MountPoints2\{c03e4351-382a-11df-8390-806e6f6e6963}\Shell - "" = AutoRun 
O33 - MountPoints2\{c03e4351-382a-11df-8390-806e6f6e6963}\Shell\AutoRun\command - "" = Q:\LenovoQDrive.exe -- [2009.08.10 23:01:24 | 000,267,576 | -HS- | M] (Lenovo Group Limited) 
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] 


[2012.08.09 12:47:04 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job 
[2012.08.09 12:46:02 | 000,001,112 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job 
[2012.08.09 10:54:38 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job 
[2012.06.29 23:00:00 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job 

[2012.08.09 12:50:51 | 000,080,896 | ---- | C] () -- C:\Windows\Installer\{0fad7129-7c25-c438-408e-33d7642b857e}\U\80000064.@ 
[2012.08.09 12:50:49 | 000,092,160 | ---- | C] () -- C:\Windows\Installer\{0fad7129-7c25-c438-408e-33d7642b857e}\U\80000032.@ 
[2012.08.09 12:49:12 | 000,232,960 | ---- | C] () -- C:\Windows\Installer\{0fad7129-7c25-c438-408e-33d7642b857e}\U\00000008.@ 
[2012.08.09 12:45:59 | 000,001,632 | ---- | C] () -- C:\Windows\Installer\{0fad7129-7c25-c438-408e-33d7642b857e}\U\000000cb.@ 
[2012.08.09 09:16:58 | 000,016,896 | ---- | C] () -- C:\Windows\Installer\{0fad7129-7c25-c438-408e-33d7642b857e}\U\80000000.@ 
[2012.06.24 16:44:42 | 000,000,804 | ---- | C] () -- C:\Windows\Installer\{0fad7129-7c25-c438-408e-33d7642b857e}\L\00000004.@ 
[2012.06.24 11:54:48 | 000,002,048 | ---- | C] () -- C:\Windows\Installer\{0fad7129-7c25-c438-408e-33d7642b857e}\U\00000004.@ 
 
[2012.01.16 17:55:21 | 000,002,048 | -HS- | C] () -- C:\Windows\Installer\{0fad7129-7c25-c438-408e-33d7642b857e}\@ 
[2012.01.16 17:55:21 | 000,002,048 | -HS- | C] () -- C:\Users\Stephan\AppData\Local\{0fad7129-7c25-c438-408e-33d7642b857e}\@ 
 
:Files


ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[emptyflash]

Schließe alle Programme.
Klicke auf den Fix Button.
Wenn OTL einen Neustart verlangt, bitte zulassen.
Kopiere den Inhalt des Logfiles hier in Code-Tags in Deinen Thread.
Nachträglich kannst Du das Logfile hier einsehen => C:\_OTL\MovedFiles\<datum_nummer.log>

Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!

Grossknecht · 09.08.2012, 14:15

OTL verlangte Neustart. AV fand noch den Attrap beim Hochfahren.

Beim Start erschien folgendes Protokoll:

All processes killed
========== OTL ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{8DA28173-83DA-474F-B30E-7CBE2B0410DA}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8DA28173-83DA-474F-B30E-7CBE2B0410DA}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\ deleted successfully.
C:\Program Files (x86)\softonic-de3\prxtbsof0.dll moved successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{28E8BEE8-9D76-44C4-80B9-78FDADF595D0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{28E8BEE8-9D76-44C4-80B9-78FDADF595D0}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
Registry value HKEY_USERS\S-1-5-21-2566526540-745546165-4001725246-1003\Software\Microsoft\Internet Explorer\URLSearchHooks\\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\ not found.
File C:\Program Files (x86)\softonic-de3\prxtbsof0.dll not found.
HKEY_USERS\S-1-5-21-2566526540-745546165-4001725246-1003\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-2566526540-745546165-4001725246-1003\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
HKU\S-1-5-21-2566526540-745546165-4001725246-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
Prefs.js: true removed from browser.search.useDBForOrder
Prefs.js: "www.google.de" removed from browser.startup.homepage
Prefs.js: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065}:2.7.2.0 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 removed from extensions.enabledItems
Prefs.js: 0 removed from network.proxy.type
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@adobe.com/FlashPlayer\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ deleted successfully.
C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\ not found.
File C:\Program Files (x86)\softonic-de3\prxtbsof0.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll moved successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\ not found.
File de3\prxtbsof0.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_USERS\S-1-5-21-2566526540-745546165-4001725246-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065}\ not found.
File de3\prxtbsof0.dll not found.
Registry value HKEY_USERS\S-1-5-21-2566526540-745546165-4001725246-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll not found.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\AcWin7Hlpr deleted successfully.
C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ApnUpdater deleted successfully.
C:\Program Files (x86)\Ask.com\Updater\Updater.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\avast5 deleted successfully.
Registry value HKEY_USERS\S-1-5-21-2566526540-745546165-4001725246-1003\Software\Microsoft\Windows\CurrentVersion\Run\\JurisPortalDVD22 deleted successfully.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c03e4351-382a-11df-8390-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c03e4351-382a-11df-8390-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c03e4351-382a-11df-8390-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c03e4351-382a-11df-8390-806e6f6e6963}\ not found.
Q:\LenovoQDrive.exe moved successfully.
C:\Windows\SysWow64\ConduitEngine.tmp deleted successfully.
C:\Windows\Tasks\Adobe Flash Player Updater.job moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job moved successfully.
C:\Windows\Tasks\SystemToolsDailyTest.job moved successfully.
File C:\Windows\Installer\{0fad7129-7c25-c438-408e-33d7642b857e}\U\80000064.@ not found.
File C:\Windows\Installer\{0fad7129-7c25-c438-408e-33d7642b857e}\U\80000032.@ not found.
C:\Windows\Installer\{0fad7129-7c25-c438-408e-33d7642b857e}\U\00000008.@ moved successfully.
C:\Windows\Installer\{0fad7129-7c25-c438-408e-33d7642b857e}\U\000000cb.@ moved successfully.
C:\Windows\Installer\{0fad7129-7c25-c438-408e-33d7642b857e}\U\80000000.@ moved successfully.
C:\Windows\Installer\{0fad7129-7c25-c438-408e-33d7642b857e}\L\00000004.@ moved successfully.
C:\Windows\Installer\{0fad7129-7c25-c438-408e-33d7642b857e}\U\00000004.@ moved successfully.
C:\Windows\Installer\{0fad7129-7c25-c438-408e-33d7642b857e}\@ moved successfully.
C:\Users\Stephan\AppData\Local\{0fad7129-7c25-c438-408e-33d7642b857e}\@ moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\Stephan\Desktop\cmd.bat deleted successfully.
C:\Users\Stephan\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Martina

User: Public

User: Stephan
->Temp folder emptied: 1093491 bytes
->Temporary Internet Files folder emptied: 69704643 bytes
->Java cache emptied: 357739 bytes
->FireFox cache emptied: 222227455 bytes
->Flash cache emptied: 1204 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 3257170 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67765 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 283,00 mb

[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: Martina

User: Public

User: Stephan
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0,00 mb

OTL by OldTimer - Version 3.2.56.0 log created on 08092012_150415

Files\Folders moved on Reboot...
C:\Users\Stephan\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...
File C:\Users\Stephan\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!

Registry entries deleted on Reboot...

t'john · 10.08.2012, 13:37

Die Frage is WO fand er ihn, wo is das Log?

Sehr gut!

1. Schritt

Bitte einen Vollscan mit Malwarebytes Anti-Malware machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Malwarebytes Anti-Malware
- Anwendbar auf Windows 2000, XP, Vista und 7.
- Installiere das Programm in den vorgegebenen Pfad.
- Aktualisiere die Datenbank!
- Aktiviere "Komplett Scan durchführen" => Scan.
- Wähle alle verfügbaren Laufwerke (ausser CD/DVD) aus und starte den Scan.
- Funde bitte löschen lassen oder in Quarantäne.
- Wenn der Scan beendet ist, klicke auf "Zeige Resultate".

danach:

2. Schritt

Downloade Dir bitte AdwCleaner auf deinen Desktop.

Starte die adwcleaner.exe mit einem Doppelklick.
Klicke auf Search.
Nach Ende des Suchlaufs öffnet sich eine Textdatei.
Poste mir den Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner[R1].txt.

Grossknecht · 10.08.2012, 16:36

Hier die log datei des erneuten scans mit maleware. Habe die beiden gefundenen Dateien gelöscht. Im laufenden Betrieb fand Antivir die Attraps.gen, konnte ich diesmal mit AV Antivir entfernen und tauchte bisher nicht wieder auf. Die Antivir logdatei habe ich unter der Maleware- datei angefügt. Adware scan folgt.

Malwarebytes Anti-Malware 1.62.0.1300
Malwarebytes : Free Anti-Malware download

Datenbank Version: v2012.08.10.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Stephan :: STEPHAN-THINK [Administrator]

10.08.2012 16:03:03
mbam-log-2012-08-10 (17-28-29).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|Q:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 368090
Laufzeit: 1 Stunde(n), 24 Minute(n), 11 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 2
C:\_OTL\MovedFiles\08092012_150415\C_Windows\Installer\{0fad7129-7c25-c438-408e-33d7642b857e}\U\00000008.@ (Trojan.Dropper.BCMiner) -> Keine Aktion durchgeführt.
C:\_OTL\MovedFiles\08092012_150415\C_Windows\Installer\{0fad7129-7c25-c438-408e-33d7642b857e}\U\000000cb.@ (Rootkit.0Access) -> Keine Aktion durchgeführt.

(Ende)

Avira Free Antivirus
Erstellungsdatum der Reportdatei: Freitag, 10. August 2012 15:55

Es wird nach 4077586 Virenstämmen gesucht.

Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.

Lizenznehmer : Avira AntiVir Personal - Free Antivirus
Seriennummer : 0000149996-ADJIE-0000001
Plattform : Windows 7 Home Premium
Windowsversion : (Service Pack 1) [6.1.7601]
Boot Modus : Normal gebootet
Benutzername : SYSTEM
Computername : STEPHAN-THINK

Versionsinformationen:
BUILD.DAT : 12.0.0.1167 40870 Bytes 18.07.2012 19:07:00
AVSCAN.EXE : 12.3.0.33 468472 Bytes 08.08.2012 14:37:18
AVSCAN.DLL : 12.3.0.15 66256 Bytes 09.05.2012 14:49:38
LUKE.DLL : 12.3.0.15 68304 Bytes 09.05.2012 14:49:39
AVSCPLR.DLL : 12.3.0.14 97032 Bytes 09.05.2012 14:49:39
AVREG.DLL : 12.3.0.17 232200 Bytes 11.05.2012 14:35:30
VBASE000.VDF : 7.10.0.0 19875328 Bytes 06.11.2009 18:18:34
VBASE001.VDF : 7.11.0.0 13342208 Bytes 14.12.2010 09:07:39
VBASE002.VDF : 7.11.19.170 14374912 Bytes 20.12.2011 13:54:59
VBASE003.VDF : 7.11.21.238 4472832 Bytes 01.02.2012 12:11:58
VBASE004.VDF : 7.11.26.44 4329472 Bytes 28.03.2012 15:10:09
VBASE005.VDF : 7.11.34.116 4034048 Bytes 29.06.2012 13:09:26
VBASE006.VDF : 7.11.34.117 2048 Bytes 29.06.2012 13:09:26
VBASE007.VDF : 7.11.34.118 2048 Bytes 29.06.2012 13:09:27
VBASE008.VDF : 7.11.34.119 2048 Bytes 29.06.2012 13:09:27
VBASE009.VDF : 7.11.34.120 2048 Bytes 29.06.2012 13:09:27
VBASE010.VDF : 7.11.34.121 2048 Bytes 29.06.2012 13:09:27
VBASE011.VDF : 7.11.34.122 2048 Bytes 29.06.2012 13:09:28
VBASE012.VDF : 7.11.34.123 2048 Bytes 29.06.2012 13:09:29
VBASE013.VDF : 7.11.34.124 2048 Bytes 29.06.2012 13:09:29
VBASE014.VDF : 7.11.38.18 2554880 Bytes 30.07.2012 10:11:49
VBASE015.VDF : 7.11.38.70 556032 Bytes 31.07.2012 10:12:19
VBASE016.VDF : 7.11.38.143 171008 Bytes 02.08.2012 13:17:03
VBASE017.VDF : 7.11.38.221 178176 Bytes 06.08.2012 14:18:16
VBASE018.VDF : 7.11.39.37 168448 Bytes 08.08.2012 14:33:17
VBASE019.VDF : 7.11.39.38 2048 Bytes 08.08.2012 14:33:18
VBASE020.VDF : 7.11.39.39 2048 Bytes 08.08.2012 14:33:18
VBASE021.VDF : 7.11.39.40 2048 Bytes 08.08.2012 14:33:18
VBASE022.VDF : 7.11.39.41 2048 Bytes 08.08.2012 14:33:18
VBASE023.VDF : 7.11.39.42 2048 Bytes 08.08.2012 14:33:19
VBASE024.VDF : 7.11.39.43 2048 Bytes 08.08.2012 14:33:19
VBASE025.VDF : 7.11.39.44 2048 Bytes 08.08.2012 14:33:19
VBASE026.VDF : 7.11.39.45 2048 Bytes 08.08.2012 14:33:19
VBASE027.VDF : 7.11.39.46 2048 Bytes 08.08.2012 14:33:20
VBASE028.VDF : 7.11.39.47 2048 Bytes 08.08.2012 14:33:20
VBASE029.VDF : 7.11.39.48 2048 Bytes 08.08.2012 14:33:20
VBASE030.VDF : 7.11.39.49 2048 Bytes 08.08.2012 14:33:20
VBASE031.VDF : 7.11.39.60 36352 Bytes 08.08.2012 14:33:37
Engineversion : 8.2.10.130
AEVDF.DLL : 8.1.2.10 102772 Bytes 13.07.2012 13:16:02
AESCRIPT.DLL : 8.1.4.38 455033 Bytes 03.08.2012 13:19:51
AESCN.DLL : 8.1.8.2 131444 Bytes 05.03.2012 12:13:37
AESBX.DLL : 8.2.5.12 606578 Bytes 14.06.2012 15:12:21
AERDL.DLL : 8.1.9.15 639348 Bytes 08.09.2011 21:16:06
AEPACK.DLL : 8.3.0.24 811381 Bytes 07.08.2012 14:19:19
AEOFFICE.DLL : 8.1.2.42 201083 Bytes 26.07.2012 10:57:43
AEHEUR.DLL : 8.1.4.84 5112182 Bytes 03.08.2012 13:19:45
AEHELP.DLL : 8.1.23.2 258422 Bytes 13.07.2012 13:12:32
AEGEN.DLL : 8.1.5.34 434548 Bytes 26.07.2012 10:56:10
AEEXP.DLL : 8.1.0.74 86387 Bytes 03.08.2012 13:19:52
AEEMU.DLL : 8.1.3.2 393587 Bytes 13.07.2012 13:12:14
AECORE.DLL : 8.1.27.4 201078 Bytes 07.08.2012 14:18:24
AEBB.DLL : 8.1.1.0 53618 Bytes 01.09.2011 21:46:01
AVWINLL.DLL : 12.3.0.15 27344 Bytes 09.05.2012 14:49:37
AVPREF.DLL : 12.3.0.15 51920 Bytes 09.05.2012 14:49:38
AVREP.DLL : 12.3.0.15 179208 Bytes 09.05.2012 14:49:39
AVARKT.DLL : 12.3.0.15 211408 Bytes 09.05.2012 14:49:38
AVEVTLOG.DLL : 12.3.0.15 169168 Bytes 09.05.2012 14:49:38
SQLITE3.DLL : 3.7.0.1 398288 Bytes 09.05.2012 14:49:39
AVSMTP.DLL : 12.3.0.32 63480 Bytes 08.08.2012 14:37:20
NETNT.DLL : 12.3.0.15 17104 Bytes 09.05.2012 14:49:39
RCIMAGE.DLL : 12.3.0.31 4444408 Bytes 08.08.2012 14:33:08
RCTEXT.DLL : 12.3.0.31 100088 Bytes 08.08.2012 14:33:08

Konfiguration für den aktuellen Suchlauf:
Job Name..............................: AVGuardAsyncScan
Konfigurationsdatei...................: C:\ProgramData\Avira\AntiVir Desktop\TEMP\AVGUARD_50250be1\guard_slideup.avp
Protokollierung.......................: standard
Primäre Aktion........................: reparieren
Sekundäre Aktion......................: quarantäne
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: aus
Durchsuche aktive Programme...........: ein
Durchsuche Registrierung..............: aus
Suche nach Rootkits...................: aus
Integritätsprüfung von Systemdateien..: aus
Datei Suchmodus.......................: Alle Dateien
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: vollständig

Beginn des Suchlaufs: Freitag, 10. August 2012 15:55

Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'avscan.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'mbam.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'FlashPlayerPlugin_11_3_300_270.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'FlashPlayerPlugin_11_3_300_270.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'plugin-container.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'firefox.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'SvcGuiHlpr.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'jusched.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'winampa.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'avgnt.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'UIExec.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'MCPLaunch.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'rundll32.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'SSScheduler.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'TeaTimer.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'TpScrex.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'rfx-tray.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'phonostarTimer.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'TPONSCR.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'Skype.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'IAAnotif.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'tpfnf6r.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'TPOSDSVC.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'tpnumlkd.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'tvt_reg_monitor_svc.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'SUService.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'SeaPort.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'mbamservice.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'iviRegMgr.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'GoogleUpdate.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'BcmSqlStartupSvc.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'AVWEBGRD.EXE' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'AcSvc.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'IAANTMon.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'AssistantServices.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'rfx-server.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'MICMUTE.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'java.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'wrapper.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'avguard.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'AcPrfMgrSvc.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'tpnumlk.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'TPHKSVC.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'sched.exe' - '1' Modul(e) wurden durchsucht

Der Suchlauf über die ausgewählten Dateien wird begonnen:

Beginne mit der Suche in 'C:\Windows\Installer\{0fad7129-7c25-c438-408e-33d7642b857e}\U\80000000.@'
C:\Windows\Installer\{0fad7129-7c25-c438-408e-33d7642b857e}\U\80000000.@
[FUND] Ist das Trojanische Pferd TR/ATRAPS.Gen
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '55b4bb9c.qua' verschoben!

Ende des Suchlaufs: Freitag, 10. August 2012 15:55
Benötigte Zeit: 00:23 Minute(n)

Der Suchlauf wurde vollständig durchgeführt.

0 Verzeichnisse wurden überprüft
45 Dateien wurden geprüft
1 Viren bzw. unerwünschte Programme wurden gefunden
0 Dateien wurden als verdächtig eingestuft
0 Dateien wurden gelöscht
0 Viren bzw. unerwünschte Programme wurden repariert
1 Dateien wurden in die Quarantäne verschoben
0 Dateien wurden umbenannt
0 Dateien konnten nicht durchsucht werden
44 Dateien ohne Befall
0 Archive wurden durchsucht
0 Warnungen
1 Hinweise

Das ging aber schnell mit dem Adware. Hier die Datei

# AdwCleaner v1.800 - Logfile created 08/10/2012 at 17:38:19
# Updated 01/08/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Stephan - STEPHAN-THINK
# Running from : C:\Users\Stephan\Downloads\adwcleaner.exe
# Option [Search]

***** [Services] *****

***** [Files / Folders] *****

Folder Found : C:\Users\Stephan\AppData\Local\Conduit
Folder Found : C:\Users\Stephan\AppData\LocalLow\AskToolbar
Folder Found : C:\Users\Stephan\AppData\LocalLow\Conduit
Folder Found : C:\Users\Stephan\AppData\LocalLow\ConduitEngine
Folder Found : C:\Users\Stephan\AppData\LocalLow\softonic-de3
Folder Found : C:\Users\Stephan\AppData\Roaming\OpenCandy
Folder Found : C:\Users\Stephan\AppData\Roaming\Mozilla\Firefox\Profiles\9ein93uj.default\Conduit
Folder Found : C:\Users\Stephan\AppData\Roaming\Mozilla\Firefox\Profiles\9ein93uj.default\ConduitEngine
Folder Found : C:\Users\Stephan\AppData\Roaming\Mozilla\Firefox\Profiles\9ein93uj.default\extensions\engine@conduit.com
Folder Found : C:\Program Files (x86)\Ask.com
Folder Found : C:\Program Files (x86)\Conduit
Folder Found : C:\Program Files (x86)\ConduitEngine
Folder Found : C:\Program Files (x86)\softonic-de3
Folder Found : C:\Program Files (x86)\Common Files\Software Update Utility
Folder Found : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
File Found : C:\Users\Stephan\AppData\Roaming\Mozilla\Firefox\Profiles\9ein93uj.default\searchplugins\aol-web-search.xml
File Found : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll
File Found : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.xpt
File Found : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll
File Found : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.xpt

***** [Registry] *****
[*] Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2431245
Key Found : HKCU\Software\APN
Key Found : HKCU\Software\AppDataLow\Software\AskToolbar
Key Found : HKCU\Software\AppDataLow\Software\Conduit
Key Found : HKCU\Software\AppDataLow\Software\conduitEngine
Key Found : HKCU\Software\AppDataLow\Toolbar
Key Found : HKCU\Software\Ask.com
Key Found : HKCU\Software\Ask.com.tmp
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\Softonic
Key Found : HKLM\SOFTWARE\APN
Key Found : HKLM\SOFTWARE\AskToolbar
Key Found : HKLM\SOFTWARE\Classes\AppID\dnu.EXE
Key Found : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Found : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Found : HKLM\SOFTWARE\Classes\dnUpdate
Key Found : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser
Key Found : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser.1
Key Found : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController
Key Found : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController.1
Key Found : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Key Found : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Key Found : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Key Found : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Found : HKLM\SOFTWARE\Conduit
Key Found : HKLM\SOFTWARE\conduitEngine
Key Found : HKLM\SOFTWARE\conduitEngine
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Conduit Engine
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\softonic-de3 Toolbar
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdUtility
Key Found : HKLM\SOFTWARE\softonic-de3
[x64] Key Found : HKCU\Software\APN
[x64] Key Found : HKCU\Software\AppDataLow\Software\AskToolbar
[x64] Key Found : HKCU\Software\AppDataLow\Software\Conduit
[x64] Key Found : HKCU\Software\AppDataLow\Software\conduitEngine

Das ging aber schnell mit dem Adware. Hier die Datei

# AdwCleaner v1.800 - Logfile created 08/10/2012 at 17:38:19
# Updated 01/08/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Stephan - STEPHAN-THINK
# Running from : C:\Users\Stephan\Downloads\adwcleaner.exe
# Option [Search]

***** [Services] *****

***** [Files / Folders] *****

Folder Found : C:\Users\Stephan\AppData\Local\Conduit
Folder Found : C:\Users\Stephan\AppData\LocalLow\AskToolbar
Folder Found : C:\Users\Stephan\AppData\LocalLow\Conduit
Folder Found : C:\Users\Stephan\AppData\LocalLow\ConduitEngine
Folder Found : C:\Users\Stephan\AppData\LocalLow\softonic-de3
Folder Found : C:\Users\Stephan\AppData\Roaming\OpenCandy
Folder Found : C:\Users\Stephan\AppData\Roaming\Mozilla\Firefox\Profiles\9ein93uj.default\Conduit
Folder Found : C:\Users\Stephan\AppData\Roaming\Mozilla\Firefox\Profiles\9ein93uj.default\ConduitEngine
Folder Found : C:\Users\Stephan\AppData\Roaming\Mozilla\Firefox\Profiles\9ein93uj.default\extensions\engine@conduit.com
Folder Found : C:\Program Files (x86)\Ask.com
Folder Found : C:\Program Files (x86)\Conduit
Folder Found : C:\Program Files (x86)\ConduitEngine
Folder Found : C:\Program Files (x86)\softonic-de3
Folder Found : C:\Program Files (x86)\Common Files\Software Update Utility
Folder Found : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
File Found : C:\Users\Stephan\AppData\Roaming\Mozilla\Firefox\Profiles\9ein93uj.default\searchplugins\aol-web-search.xml
File Found : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll
File Found : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.xpt
File Found : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll
File Found : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.xpt

***** [Registry] *****
[*] Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2431245
Key Found : HKCU\Software\APN
Key Found : HKCU\Software\AppDataLow\Software\AskToolbar
Key Found : HKCU\Software\AppDataLow\Software\Conduit
Key Found : HKCU\Software\AppDataLow\Software\conduitEngine
Key Found : HKCU\Software\AppDataLow\Toolbar
Key Found : HKCU\Software\Ask.com
Key Found : HKCU\Software\Ask.com.tmp
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\Softonic
Key Found : HKLM\SOFTWARE\APN
Key Found : HKLM\SOFTWARE\AskToolbar
Key Found : HKLM\SOFTWARE\Classes\AppID\dnu.EXE
Key Found : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Found : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Found : HKLM\SOFTWARE\Classes\dnUpdate
Key Found : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser
Key Found : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser.1
Key Found : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController
Key Found : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController.1
Key Found : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Key Found : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Key Found : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Key Found : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Found : HKLM\SOFTWARE\Conduit
Key Found : HKLM\SOFTWARE\conduitEngine
Key Found : HKLM\SOFTWARE\conduitEngine
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Conduit Engine
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\softonic-de3 Toolbar
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdUtility
Key Found : HKLM\SOFTWARE\softonic-de3
[x64] Key Found : HKCU\Software\APN
[x64] Key Found : HKCU\Software\AppDataLow\Software\AskToolbar
[x64] Key Found : HKCU\Software\AppDataLow\Software\Conduit
[x64] Key Found : HKCU\Software\AppDataLow\Software\conduitEngine

sry war nicht vollständig. Hier das gesamte logfile

# AdwCleaner v1.800 - Logfile created 08/10/2012 at 17:38:19
# Updated 01/08/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Stephan - STEPHAN-THINK
# Running from : C:\Users\Stephan\Downloads\adwcleaner.exe
# Option [Search]

***** [Services] *****

***** [Files / Folders] *****

Folder Found : C:\Users\Stephan\AppData\Local\Conduit
Folder Found : C:\Users\Stephan\AppData\LocalLow\AskToolbar
Folder Found : C:\Users\Stephan\AppData\LocalLow\Conduit
Folder Found : C:\Users\Stephan\AppData\LocalLow\ConduitEngine
Folder Found : C:\Users\Stephan\AppData\LocalLow\softonic-de3
Folder Found : C:\Users\Stephan\AppData\Roaming\OpenCandy
Folder Found : C:\Users\Stephan\AppData\Roaming\Mozilla\Firefox\Profiles\9ein93uj.default\Conduit
Folder Found : C:\Users\Stephan\AppData\Roaming\Mozilla\Firefox\Profiles\9ein93uj.default\ConduitEngine
Folder Found : C:\Users\Stephan\AppData\Roaming\Mozilla\Firefox\Profiles\9ein93uj.default\extensions\engine@conduit.com
Folder Found : C:\Program Files (x86)\Ask.com
Folder Found : C:\Program Files (x86)\Conduit
Folder Found : C:\Program Files (x86)\ConduitEngine
Folder Found : C:\Program Files (x86)\softonic-de3
Folder Found : C:\Program Files (x86)\Common Files\Software Update Utility
Folder Found : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
File Found : C:\Users\Stephan\AppData\Roaming\Mozilla\Firefox\Profiles\9ein93uj.default\searchplugins\aol-web-search.xml
File Found : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll
File Found : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.xpt
File Found : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll
File Found : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.xpt

***** [Registry] *****
[*] Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2431245
Key Found : HKCU\Software\APN
Key Found : HKCU\Software\AppDataLow\Software\AskToolbar
Key Found : HKCU\Software\AppDataLow\Software\Conduit
Key Found : HKCU\Software\AppDataLow\Software\conduitEngine
Key Found : HKCU\Software\AppDataLow\Toolbar
Key Found : HKCU\Software\Ask.com
Key Found : HKCU\Software\Ask.com.tmp
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\Softonic
Key Found : HKLM\SOFTWARE\APN
Key Found : HKLM\SOFTWARE\AskToolbar
Key Found : HKLM\SOFTWARE\Classes\AppID\dnu.EXE
Key Found : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Found : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Found : HKLM\SOFTWARE\Classes\dnUpdate
Key Found : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser
Key Found : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser.1
Key Found : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController
Key Found : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController.1
Key Found : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Key Found : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Key Found : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Key Found : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Found : HKLM\SOFTWARE\Conduit
Key Found : HKLM\SOFTWARE\conduitEngine
Key Found : HKLM\SOFTWARE\conduitEngine
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Conduit Engine
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\softonic-de3 Toolbar
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdUtility
Key Found : HKLM\SOFTWARE\softonic-de3
[x64] Key Found : HKCU\Software\APN
[x64] Key Found : HKCU\Software\AppDataLow\Software\AskToolbar
[x64] Key Found : HKCU\Software\AppDataLow\Software\Conduit
[x64] Key Found : HKCU\Software\AppDataLow\Software\conduitEngine
[x64] Key Found : HKCU\Software\AppDataLow\Toolbar
[x64] Key Found : HKCU\Software\Ask.com
[x64] Key Found : HKCU\Software\Ask.com.tmp
[x64] Key Found : HKCU\Software\Conduit
[x64] Key Found : HKCU\Software\Softonic
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\dnu.EXE
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
[x64] Key Found : HKLM\SOFTWARE\Classes\Conduit.Engine
[x64] Key Found : HKLM\SOFTWARE\Classes\dnUpdate
[x64] Key Found : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser
[x64] Key Found : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser.1
[x64] Key Found : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController
[x64] Key Found : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController.1
[x64] Key Found : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
[x64] Key Found : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
[x64] Key Found : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
[x64] Key Found : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
[x64] Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Scheduled Update for Ask Toolbar
[x64] Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF

***** [Registre - GUID] *****

Key Found : HKLM\SOFTWARE\Classes\AppID\{6C259840-5BA8-46E6-8ED1-EF3BA47D8BA1}
Key Found : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E1164984-B567-47BD-A7FF-240C2594404A}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E15A9BFD-D16D-496D-8222-44CADF316E70}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{D2AD6F1A-2464-484B-A323-0ABAED1187FB}
Key Found : HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
Key Found : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Found : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Found : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{92380354-381A-471F-BE2E-DD9ACD9777EA}
Key Found : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6BAE444C-01D5-49BD-ABBA-DE92372FA515}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{60E7F651-E84C-4B1E-A55E-073BCAEC475F}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CC21B6B5-E56B-4987-B36D-1B29886FFC23}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D2AD6F1A-2464-484B-A323-0ABAED1187FB}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065}
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\{6C259840-5BA8-46E6-8ED1-EF3BA47D8BA1}
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
[x64] Key Found : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
[x64] Key Found : HKLM\SOFTWARE\Classes\TypeLib\{92380354-381A-471F-BE2E-DD9ACD9777EA}
[x64] Key Found : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{30F9B915-B755-4826-820B-08FBA6BD249D}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30F9B915-B755-4826-820B-08FBA6BD249D}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065}

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.7601.17514

[HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.conduit.com?SearchSource=10&ctid=CT2431245

-\\ Mozilla Firefox v14.0.1 (de)

Profile name : default
File : C:\Users\Stephan\AppData\Roaming\Mozilla\Firefox\Profiles\9ein93uj.default\prefs.js

Found : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2431245/CT2431245[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/825452/821260/DE", "\"0\"")[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/909619/905414/DE", "\"0\"")[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2431245", [...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.engine.conduit-services.com/DLG.pkg?ver=3.3.3[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.11[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2431245",[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=0", "63[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=3/13/20[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=de-de", "\"[...]
Found : user_pref("CommunityToolbar.EngineOwner", "ConduitEngine");
Found : user_pref("CommunityToolbar.EngineOwnerGuid", "engine@conduit.com");
Found : user_pref("CommunityToolbar.EngineOwnerToolbarId", "conduitengine");
Found : user_pref("CommunityToolbar.IsEngineShown", true);
Found : user_pref("CommunityToolbar.IsMyStuffImportedToEngine", true);
Found : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\Stephan\\AppData\\Roaming\\Mozilla\[...]
Found : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.12.2.3");
Found : user_pref("CommunityToolbar.MiniIPageGadgetSize.hxxp://pgcff.pricegong.com/agreement/agree.html#pg_e[...]
Found : user_pref("CommunityToolbar.OriginalEngineOwner", "ConduitEngine");
Found : user_pref("CommunityToolbar.OriginalEngineOwnerGuid", "engine@conduit.com");
Found : user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", "conduitengine");
Found : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "chrome://browser-region/locale/region.pr[...]
Found : user_pref("CommunityToolbar.ToolbarsList", "ConduitEngine");
Found : user_pref("CommunityToolbar.ToolbarsList2", "");
Found : user_pref("CommunityToolbar.alert.alertDialogsGetterLastCheckTime", "Mon Jun 13 2011 17:36:41 GMT+02[...]
Found : user_pref("CommunityToolbar.alert.alertInfoInterval", 1440);
Found : user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Mon Aug 01 2011 17:34:06 GMT+0200");
Found : user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com");
Found : user_pref("CommunityToolbar.alert.locale", "en");
Found : user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);
Found : user_pref("CommunityToolbar.alert.loginLastCheckTime", "Wed Aug 03 2011 13:01:07 GMT+0200");
Found : user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1305622559");
Found : user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);
Found : user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");
Found : user_pref("CommunityToolbar.alert.showTrayIcon", false);
Found : user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);
Found : user_pref("CommunityToolbar.alert.userId", "b5cdeb45-31ec-4808-ba64-9f1be422cf61");
Found : user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Thu Sep 16 2010 13:44:12 GMT+0200");
Found : user_pref("CommunityToolbar.globalUserId", "333e4a9e-cd7c-4f92-86e7-60d7a904a2e5");
Found : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Found : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Found : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Thu May 10 2012 15:47:4[...]
Found : user_pref("CommunityToolbar.notifications.alertInfoInterval", 1440);
Found : user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Mon May 14 2012 16:03:26 GMT+020[...]
Found : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");
Found : user_pref("CommunityToolbar.notifications.firstTimeAlertShown", true);
Found : user_pref("CommunityToolbar.notifications.locale", "en");
Found : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);
Found : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Mon May 14 2012 16:03:18 GMT+0200");
Found : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");
Found : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
Found : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");
Found : user_pref("CommunityToolbar.notifications.showTrayIcon", false);
Found : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
Found : user_pref("CommunityToolbar.notifications.userId", "da6e3e3c-7caf-43db-b437-52090a20325e");
Found : user_pref("ConduitEngine.AppTrackingLastCheckTime", "Mon Jul 11 2011 19:12:17 GMT+0200");
Found : user_pref("ConduitEngine.CTID", "ConduitEngine");
Found : user_pref("ConduitEngine.DialogsGetterLastCheckTime", "Wed Aug 03 2011 13:01:14 GMT+0200");
Found : user_pref("ConduitEngine.FirstServerDate", "06/13/2011 18");
Found : user_pref("ConduitEngine.FirstTime", true);
Found : user_pref("ConduitEngine.FirstTimeFF3", true);
Found : user_pref("ConduitEngine.HasUserGlobalKeys", true);
Found : user_pref("ConduitEngine.Initialize", true);
Found : user_pref("ConduitEngine.InitializeCommonPrefs", true);
Found : user_pref("ConduitEngine.InstalledDate", "Mon Jun 13 2011 17:36:45 GMT+0200");
Found : user_pref("ConduitEngine.IsMulticommunity", false);
Found : user_pref("ConduitEngine.IsOpenThankYouPage", false);
Found : user_pref("ConduitEngine.IsOpenUninstallPage", true);
Found : user_pref("ConduitEngine.LanguagePackLastCheckTime", "Wed Aug 03 2011 13:01:15 GMT+0200");
Found : user_pref("ConduitEngine.LastLogin_3.3.3.2", "Wed Aug 03 2011 13:01:18 GMT+0200");
Found : user_pref("ConduitEngine.SearchFromAddressBarIsInit", true);
Found : user_pref("ConduitEngine.SettingsLastCheckTime", "Wed Aug 03 2011 13:01:14 GMT+0200");
Found : user_pref("ConduitEngine.UserID", "UN38053047963541310");
Found : user_pref("ConduitEngine.componentAlertEnabled", false);
Found : user_pref("ConduitEngine.engineLocale", "de");
Found : user_pref("ConduitEngine.enngineContextMenuLastCheckTime", "Wed Aug 03 2011 13:01:16 GMT+0200");
Found : user_pref("ConduitEngine.globalFirstTimeInfoLastCheckTime", "Wed Aug 03 2011 13:01:16 GMT+0200");
Found : user_pref("ConduitEngine.initDone", true);
Found : user_pref("ConduitEngine.isAppTrackingManagerOn", true);
Found : user_pref("ConduitEngine.usagesFlag", 2);
Found : user_pref("aol_toolbar.surf.date", "5");
Found : user_pref("aol_toolbar.surf.lastDate", "15");
Found : user_pref("aol_toolbar.surf.lastMonth", "4");
Found : user_pref("aol_toolbar.surf.lastYear", "2012");
Found : user_pref("aol_toolbar.surf.month", "5");
Found : user_pref("aol_toolbar.surf.prevMonth", "2254");
Found : user_pref("aol_toolbar.surf.total", "4667");
Found : user_pref("aol_toolbar.surf.week", "5");
Found : user_pref("aol_toolbar.surf.year", "3504");
Found : user_pref("extensions.asktb.AviraIDW-TS", "1320246902691");
Found : user_pref("extensions.asktb.AviraIDW-XML", "<?xml version=\"1.0\" encoding=\"UTF-8\"?>\r\n<button xm[...]
Found : user_pref("extensions.asktb.InstallDir", "C:\\Program Files (x86)\\Ask.com\\");
Found : user_pref("extensions.asktb.cbid", "LL");
Found : user_pref("extensions.asktb.config-updated", true);
Found : user_pref("extensions.asktb.crumb", "2011.10.04+05.42.30-toolbar003iad-DE-RHVzc2VsZG9yZixHZXJtYW55")[...]
Found : user_pref("extensions.asktb.default-channel-url-mask", "hxxp://de.ask.com/web?q={query}&qsrc={qsrc}&[...]
Found : user_pref("extensions.asktb.dtid", "YYYYYYYYDE");
Found : user_pref("extensions.asktb.dyn-weather-do-locid-lookup-weatherWidget", false);
Found : user_pref("extensions.asktb.dyn-weather-locid-weatherWidget", "GMXX0028");
Found : user_pref("extensions.asktb.dyn-weather-tempunit-weatherWidget", "C");
Found : user_pref("extensions.asktb.first-restart-after-config-update", true);
Found : user_pref("extensions.asktb.fresh-install", false);
Found : user_pref("extensions.asktb.guid", "041004d6-4271-4793-a81c-6970428170f3");
Found : user_pref("extensions.asktb.hxxp-header-whitelist-hosts", "[\"static-dev.en.dev.ask.com\", \"ask.com[...]
Found : user_pref("extensions.asktb.if", "first");
Found : user_pref("extensions.asktb.l", "dis");
Found : user_pref("extensions.asktb.last-config-req", "1337071579667");
Found : user_pref("extensions.asktb.last-search-timestamp", "1331462031684");
Found : user_pref("extensions.asktb.last-v", "3.14.0.100010");
Found : user_pref("extensions.asktb.locale", "de_DE");
Found : user_pref("extensions.asktb.location", "Dusseldorf,Germany");
Found : user_pref("extensions.asktb.notification-shown", true);
Found : user_pref("extensions.asktb.o", "APN10023");
Found : user_pref("extensions.asktb.overlay-reloaded-using-restart", true);
Found : user_pref("extensions.asktb.qsrc", "2871");
Found : user_pref("extensions.asktb.r", "3");
Found : user_pref("extensions.asktb.sa", "NO");
Found : user_pref("extensions.asktb.search-history-queries", "leistungserschleichung bahn||br-online||konto"[...]
Found : user_pref("extensions.asktb.search-suggestions-enabled", true);
Found : user_pref("extensions.asktb.silent-upgrade", true);
Found : user_pref("extensions.asktb.silent-upgrade-from-pre-newtabs-build", false);
Found : user_pref("extensions.asktb.themeid", "");
Found : user_pref("extensions.asktb.to", "");
Found : user_pref("extensions.asktb.v", "3.14.0.100012");

*************************

AdwCleaner[R1].txt - [20622 octets] - [10/08/2012 17:38:01]
AdwCleaner[R2].txt - [20630 octets] - [10/08/2012 17:38:19]

########## EOF - C:\AdwCleaner[R2].txt - [20759 octets] ##########

t'john · 10.08.2012, 18:27

Sehr gut!

Schließe alle offenen Programme und Browser.
Starte die adwcleaner.exe mit einem Doppelklick.
Klicke auf Delete.
Bestätige jeweils mit Ok.
Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
Poste mir den Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner[S1].txt.

danach:

Malware-Scan mit Emsisoft Anti-Malware

Lade die Gratisversion von => Emsisoft Anti-Malware herunter und installiere das Programm.
Lade über Jetzt Updaten die aktuellen Signaturen herunter.
Wähle den Freeware-Modus aus.

Wähle Detail Scan und starte über den Button Scan die Überprüfung des Computers.
Am Ende des Scans nichts loeschen lassen!. Mit Klick auf Bericht speichern das Logfile auf dem Desktop speichern und hier in den Thread posten.

Anleitung: http://www.trojaner-board.de/103809-...i-malware.html

Grossknecht · 11.08.2012, 10:49

# AdwCleaner v1.800 - Logfile created 08/11/2012 at 10:45:22
# Updated 01/08/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Stephan - STEPHAN-THINK
# Running from : C:\Users\Stephan\Downloads\adwcleaner.exe
# Option [Delete]

***** [Services] *****

***** [Files / Folders] *****

Folder Deleted : C:\Users\Stephan\AppData\Local\Conduit
Folder Deleted : C:\Users\Stephan\AppData\LocalLow\AskToolbar
Folder Deleted : C:\Users\Stephan\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Stephan\AppData\LocalLow\ConduitEngine
Folder Deleted : C:\Users\Stephan\AppData\LocalLow\softonic-de3
Folder Deleted : C:\Users\Stephan\AppData\Roaming\OpenCandy
Folder Deleted : C:\Users\Stephan\AppData\Roaming\Mozilla\Firefox\Profiles\9ein93uj.default\Conduit
Folder Deleted : C:\Users\Stephan\AppData\Roaming\Mozilla\Firefox\Profiles\9ein93uj.default\ConduitEngine
Folder Deleted : C:\Users\Stephan\AppData\Roaming\Mozilla\Firefox\Profiles\9ein93uj.default\extensions\engine@conduit.com
Folder Deleted : C:\Program Files (x86)\Ask.com
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\ConduitEngine
Folder Deleted : C:\Program Files (x86)\softonic-de3
Folder Deleted : C:\Program Files (x86)\Common Files\Software Update Utility
Folder Deleted : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
File Deleted : C:\Users\Stephan\AppData\Roaming\Mozilla\Firefox\Profiles\9ein93uj.default\searchplugins\aol-web-search.xml
File Deleted : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll
File Deleted : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.xpt
File Deleted : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll
File Deleted : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.xpt

***** [Registry] *****
[*] Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2431245
Key Deleted : HKCU\Software\APN
Key Deleted : HKCU\Software\AppDataLow\Software\AskToolbar
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\conduitEngine
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\Ask.com
Key Deleted : HKCU\Software\Ask.com.tmp
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKLM\SOFTWARE\APN
Key Deleted : HKLM\SOFTWARE\AskToolbar
Key Deleted : HKLM\SOFTWARE\Classes\AppID\dnu.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Deleted : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdate
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser.1
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController.1
Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Conduit
Key Deleted : HKLM\SOFTWARE\conduitEngine
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Conduit Engine
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\softonic-de3 Toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdUtility
Key Deleted : HKLM\SOFTWARE\softonic-de3
[x64] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF

***** [Registre - GUID] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{6C259840-5BA8-46E6-8ED1-EF3BA47D8BA1}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E1164984-B567-47BD-A7FF-240C2594404A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E15A9BFD-D16D-496D-8222-44CADF316E70}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D2AD6F1A-2464-484B-A323-0ABAED1187FB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{92380354-381A-471F-BE2E-DD9ACD9777EA}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6BAE444C-01D5-49BD-ABBA-DE92372FA515}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{60E7F651-E84C-4B1E-A55E-073BCAEC475F}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CC21B6B5-E56B-4987-B36D-1B29886FFC23}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D2AD6F1A-2464-484B-A323-0ABAED1187FB}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.7601.17514

Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.conduit.com?SearchSource=10&ctid=CT2431245 --> hxxp://www.google.com

-\\ Mozilla Firefox v14.0.1 (de)

Profile name : default
File : C:\Users\Stephan\AppData\Roaming\Mozilla\Firefox\Profiles\9ein93uj.default\prefs.js

C:\Users\Stephan\AppData\Roaming\Mozilla\Firefox\Profiles\9ein93uj.default\user.js ... Deleted !

Deleted : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2431245/CT2431245[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/825452/821260/DE", "\"0\"")[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/909619/905414/DE", "\"0\"")[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2431245", [...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.engine.conduit-services.com/DLG.pkg?ver=3.3.3[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.11[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2431245",[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=0", "63[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=3/13/20[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=de-de", "\"[...]
Deleted : user_pref("CommunityToolbar.EngineOwner", "ConduitEngine");
Deleted : user_pref("CommunityToolbar.EngineOwnerGuid", "engine@conduit.com");
Deleted : user_pref("CommunityToolbar.EngineOwnerToolbarId", "conduitengine");
Deleted : user_pref("CommunityToolbar.IsEngineShown", true);
Deleted : user_pref("CommunityToolbar.IsMyStuffImportedToEngine", true);
Deleted : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\Stephan\\AppData\\Roaming\\Mozilla\[...]
Deleted : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.12.2.3");
Deleted : user_pref("CommunityToolbar.MiniIPageGadgetSize.hxxp://pgcff.pricegong.com/agreement/agree.html#pg_e[...]
Deleted : user_pref("CommunityToolbar.OriginalEngineOwner", "ConduitEngine");
Deleted : user_pref("CommunityToolbar.OriginalEngineOwnerGuid", "engine@conduit.com");
Deleted : user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", "conduitengine");
Deleted : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "chrome://browser-region/locale/region.pr[...]
Deleted : user_pref("CommunityToolbar.ToolbarsList", "ConduitEngine");
Deleted : user_pref("CommunityToolbar.ToolbarsList2", "");
Deleted : user_pref("CommunityToolbar.alert.alertDialogsGetterLastCheckTime", "Mon Jun 13 2011 17:36:41 GMT+02[...]
Deleted : user_pref("CommunityToolbar.alert.alertInfoInterval", 1440);
Deleted : user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Mon Aug 01 2011 17:34:06 GMT+0200");
Deleted : user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com");
Deleted : user_pref("CommunityToolbar.alert.locale", "en");
Deleted : user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);
Deleted : user_pref("CommunityToolbar.alert.loginLastCheckTime", "Wed Aug 03 2011 13:01:07 GMT+0200");
Deleted : user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1305622559");
Deleted : user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);
Deleted : user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");
Deleted : user_pref("CommunityToolbar.alert.showTrayIcon", false);
Deleted : user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);
Deleted : user_pref("CommunityToolbar.alert.userId", "b5cdeb45-31ec-4808-ba64-9f1be422cf61");
Deleted : user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Thu Sep 16 2010 13:44:12 GMT+0200");
Deleted : user_pref("CommunityToolbar.globalUserId", "333e4a9e-cd7c-4f92-86e7-60d7a904a2e5");
Deleted : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Deleted : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Deleted : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Thu May 10 2012 15:47:4[...]
Deleted : user_pref("CommunityToolbar.notifications.alertInfoInterval", 1440);
Deleted : user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Mon May 14 2012 16:03:26 GMT+020[...]
Deleted : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");
Deleted : user_pref("CommunityToolbar.notifications.firstTimeAlertShown", true);
Deleted : user_pref("CommunityToolbar.notifications.locale", "en");
Deleted : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);
Deleted : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Mon May 14 2012 16:03:18 GMT+0200");
Deleted : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");
Deleted : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
Deleted : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");
Deleted : user_pref("CommunityToolbar.notifications.showTrayIcon", false);
Deleted : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
Deleted : user_pref("CommunityToolbar.notifications.userId", "da6e3e3c-7caf-43db-b437-52090a20325e");
Deleted : user_pref("ConduitEngine.AppTrackingLastCheckTime", "Mon Jul 11 2011 19:12:17 GMT+0200");
Deleted : user_pref("ConduitEngine.CTID", "ConduitEngine");
Deleted : user_pref("ConduitEngine.DialogsGetterLastCheckTime", "Wed Aug 03 2011 13:01:14 GMT+0200");
Deleted : user_pref("ConduitEngine.FirstServerDate", "06/13/2011 18");
Deleted : user_pref("ConduitEngine.FirstTime", true);
Deleted : user_pref("ConduitEngine.FirstTimeFF3", true);
Deleted : user_pref("ConduitEngine.HasUserGlobalKeys", true);
Deleted : user_pref("ConduitEngine.Initialize", true);
Deleted : user_pref("ConduitEngine.InitializeCommonPrefs", true);
Deleted : user_pref("ConduitEngine.InstalledDate", "Mon Jun 13 2011 17:36:45 GMT+0200");
Deleted : user_pref("ConduitEngine.IsMulticommunity", false);
Deleted : user_pref("ConduitEngine.IsOpenThankYouPage", false);
Deleted : user_pref("ConduitEngine.IsOpenUninstallPage", true);
Deleted : user_pref("ConduitEngine.LanguagePackLastCheckTime", "Wed Aug 03 2011 13:01:15 GMT+0200");
Deleted : user_pref("ConduitEngine.LastLogin_3.3.3.2", "Wed Aug 03 2011 13:01:18 GMT+0200");
Deleted : user_pref("ConduitEngine.SearchFromAddressBarIsInit", true);
Deleted : user_pref("ConduitEngine.SettingsLastCheckTime", "Wed Aug 03 2011 13:01:14 GMT+0200");
Deleted : user_pref("ConduitEngine.UserID", "UN38053047963541310");
Deleted : user_pref("ConduitEngine.componentAlertEnabled", false);
Deleted : user_pref("ConduitEngine.engineLocale", "de");
Deleted : user_pref("ConduitEngine.enngineContextMenuLastCheckTime", "Wed Aug 03 2011 13:01:16 GMT+0200");
Deleted : user_pref("ConduitEngine.globalFirstTimeInfoLastCheckTime", "Wed Aug 03 2011 13:01:16 GMT+0200");
Deleted : user_pref("ConduitEngine.initDone", true);
Deleted : user_pref("ConduitEngine.isAppTrackingManagerOn", true);
Deleted : user_pref("ConduitEngine.usagesFlag", 2);
Deleted : user_pref("aol_toolbar.surf.date", "5");
Deleted : user_pref("aol_toolbar.surf.lastDate", "15");
Deleted : user_pref("aol_toolbar.surf.lastMonth", "4");
Deleted : user_pref("aol_toolbar.surf.lastYear", "2012");
Deleted : user_pref("aol_toolbar.surf.month", "5");
Deleted : user_pref("aol_toolbar.surf.prevMonth", "2254");
Deleted : user_pref("aol_toolbar.surf.total", "4667");
Deleted : user_pref("aol_toolbar.surf.week", "5");
Deleted : user_pref("aol_toolbar.surf.year", "3504");
Deleted : user_pref("extensions.asktb.AviraIDW-TS", "1320246902691");
Deleted : user_pref("extensions.asktb.AviraIDW-XML", "<?xml version=\"1.0\" encoding=\"UTF-8\"?>\r\n<button xm[...]
Deleted : user_pref("extensions.asktb.InstallDir", "C:\\Program Files (x86)\\Ask.com\\");
Deleted : user_pref("extensions.asktb.cbid", "LL");
Deleted : user_pref("extensions.asktb.config-updated", true);
Deleted : user_pref("extensions.asktb.crumb", "2011.10.04+05.42.30-toolbar003iad-DE-RHVzc2VsZG9yZixHZXJtYW55")[...]
Deleted : user_pref("extensions.asktb.default-channel-url-mask", "hxxp://de.ask.com/web?q={query}&qsrc={qsrc}&[...]
Deleted : user_pref("extensions.asktb.dtid", "YYYYYYYYDE");
Deleted : user_pref("extensions.asktb.dyn-weather-do-locid-lookup-weatherWidget", false);
Deleted : user_pref("extensions.asktb.dyn-weather-locid-weatherWidget", "GMXX0028");
Deleted : user_pref("extensions.asktb.dyn-weather-tempunit-weatherWidget", "C");
Deleted : user_pref("extensions.asktb.first-restart-after-config-update", true);
Deleted : user_pref("extensions.asktb.fresh-install", false);
Deleted : user_pref("extensions.asktb.guid", "041004d6-4271-4793-a81c-6970428170f3");
Deleted : user_pref("extensions.asktb.hxxp-header-whitelist-hosts", "[\"static-dev.en.dev.ask.com\", \"ask.com[...]
Deleted : user_pref("extensions.asktb.if", "first");
Deleted : user_pref("extensions.asktb.l", "dis");
Deleted : user_pref("extensions.asktb.last-config-req", "1337071579667");
Deleted : user_pref("extensions.asktb.last-search-timestamp", "1331462031684");
Deleted : user_pref("extensions.asktb.last-v", "3.14.0.100010");
Deleted : user_pref("extensions.asktb.locale", "de_DE");
Deleted : user_pref("extensions.asktb.location", "Dusseldorf,Germany");
Deleted : user_pref("extensions.asktb.notification-shown", true);
Deleted : user_pref("extensions.asktb.o", "APN10023");
Deleted : user_pref("extensions.asktb.overlay-reloaded-using-restart", true);
Deleted : user_pref("extensions.asktb.qsrc", "2871");
Deleted : user_pref("extensions.asktb.r", "3");
Deleted : user_pref("extensions.asktb.sa", "NO");
Deleted : user_pref("extensions.asktb.search-history-queries", "leistungserschleichung bahn||br-online||konto"[...]
Deleted : user_pref("extensions.asktb.search-suggestions-enabled", true);
Deleted : user_pref("extensions.asktb.silent-upgrade", true);
Deleted : user_pref("extensions.asktb.silent-upgrade-from-pre-newtabs-build", false);
Deleted : user_pref("extensions.asktb.themeid", "");
Deleted : user_pref("extensions.asktb.to", "");
Deleted : user_pref("extensions.asktb.v", "3.14.0.100012");

*************************

AdwCleaner[R1].txt - [20622 octets] - [10/08/2012 17:38:01]
AdwCleaner[R2].txt - [20683 octets] - [10/08/2012 17:38:19]
AdwCleaner[R3].txt - [20744 octets] - [11/08/2012 10:45:05]
AdwCleaner[S1].txt - [18614 octets] - [11/08/2012 10:45:22]

########## EOF - C:\AdwCleaner[S1].txt - [18743 octets] ##########

Emsisoft Anti-Malware - Version 6.6
Letztes Update: 11.08.2012 11:54:53

Scan Einstellungen:

Scan Methode: Detail Scan
Objekte: Rootkits, Speicher, Traces, C:\, Q:\
Archiv Scan: An
ADS Scan: An

Scan Beginn: 11.08.2012 11:55:15

Key: hkey_current_user\software\toolbar gefunden: Trace.Registry.websearchtoolbar!E1
Key: hkey_local_machine\software\toolbar gefunden: Trace.Registry.websearchtoolbar!E1
C:\_OTL\MovedFiles\08092012_150415\C_Windows\Installer\{0fad7129-7c25-c438-408e-33d7642b857e}\U\80000000.@ gefunden: Backdoor.Win64.AMN!E1
C:\_OTL\MovedFiles\08092012_150415\C_Windows\Installer\{0fad7129-7c25-c438-408e-33d7642b857e}\U\00000004.@ gefunden: Trojan.Win64!E2
C:\Windows\Installer\{0fad7129-7c25-c438-408e-33d7642b857e}\U\00000004.@ gefunden: Trojan.Win64!E2
C:\Windows\assembly\GAC_64\Desktop.ini gefunden: Trojan.Win64!E2
C:\Windows\assembly\GAC_32\Desktop.ini gefunden: Trojan.Win32.Sirefef!E2
Q:\STEPHAN-THINK\Backup Set 2012-04-10 154448\Backup Files 2012-04-10 154448\Backup files 10.zip -> C\Users\Stephan\AppData\Local\Mozilla\Firefox\Profiles\9ein93uj.default\Cache\7\66\551C4d01 gefunden: AdWare.JS.Pornpop!E2
Q:\STEPHAN-THINK\Backup Set 2012-04-10 154448\Backup Files 2012-04-10 154448\Backup files 10.zip -> C\Users\Stephan\AppData\Local\Mozilla\Firefox\Profiles\9ein93uj.default\Cache\7\66\551C4d01 -> unnamed gefunden: AdWare.JS.Pornpop!E2
Q:\STEPHAN-THINK\Backup Set 2012-04-10 154448\Backup Files 2012-04-10 154448\Backup files 10.zip -> C\Users\Stephan\AppData\Local\Mozilla\Firefox\Profiles\9ein93uj.default\Cache\7\F6\FB6BAd01 -> unnamed gefunden: AdWare.JS.Pornpop!E2
Q:\STEPHAN-THINK\Backup Set 2012-04-10 154448\Backup Files 2012-04-10 154448\Backup files 10.zip -> C\Users\Stephan\AppData\Local\Mozilla\Firefox\Profiles\9ein93uj.default\Cache\7\F6\FB6BAd01 gefunden: AdWare.JS.Pornpop!E2
Q:\STEPHAN-THINK\Backup Set 2012-04-10 154448\Backup Files 2012-04-10 154448\Backup files 2.zip -> C\Users\Stephan\AppData\Local\Mozilla\Firefox\Profiles\9ein93uj.default\Cache\0\CB\1232Cd01 -> unnamed gefunden: AdWare.JS.Pornpop!E2
Q:\STEPHAN-THINK\Backup Set 2012-04-10 154448\Backup Files 2012-04-10 154448\Backup files 2.zip -> C\Users\Stephan\AppData\Local\Mozilla\Firefox\Profiles\9ein93uj.default\Cache\0\CB\1232Cd01 gefunden: AdWare.JS.Pornpop!E2
Q:\STEPHAN-THINK\Backup Set 2012-04-10 154448\Backup Files 2012-04-10 154448\Backup files 9.zip -> C\Users\Stephan\AppData\Local\Mozilla\Firefox\Profiles\9ein93uj.default\Cache\6\7A\A9926d01 gefunden: AdWare.JS.Pornpop!E2
Q:\STEPHAN-THINK\Backup Set 2012-04-10 154448\Backup Files 2012-04-10 154448\Backup files 8.zip -> C\Users\Stephan\AppData\Local\Mozilla\Firefox\Profiles\9ein93uj.default\Cache\6\1E\3705Ad01 -> unnamed gefunden: AdWare.JS.Pornpop!E2
Q:\STEPHAN-THINK\Backup Set 2012-04-10 154448\Backup Files 2012-04-10 154448\Backup files 8.zip -> C\Users\Stephan\AppData\Local\Mozilla\Firefox\Profiles\9ein93uj.default\Cache\6\1E\3705Ad01 gefunden: AdWare.JS.Pornpop!E2

Gescannt 618615
Gefunden 16

Scan Ende: 11.08.2012 13:27:31
Scan Zeit: 1:32:16

t'john · 11.08.2012, 14:50

Bite ein Scan mit: http://www.trojaner-board.de/114276-...s-remover.html

Grossknecht · 12.08.2012, 08:42

C:\Windows\system32\ntoskrnl.exe OK
C:\Windows\system32\hal.dll OK
C:\Windows\system32\kdcom.dll OK
C:\Windows\system32\mcupdate_GenuineIntel.dll OK
C:\Windows\system32\PSHED.dll OK
C:\Windows\system32\CLFS.SYS OK
C:\Windows\system32\CI.dll OK
C:\Windows\system32\drivers\Wdf01000.sys OK
C:\Windows\system32\drivers\WDFLDR.SYS OK
C:\Windows\system32\drivers\ACPI.sys OK
C:\Windows\system32\drivers\WMILIB.SYS OK
C:\Windows\system32\drivers\msisadrv.sys OK
C:\Windows\system32\drivers\pci.sys OK
C:\Windows\system32\drivers\vdrvroot.sys OK
C:\Windows\System32\drivers\partmgr.sys OK
C:\Windows\system32\DRIVERS\compbatt.sys OK
C:\Windows\system32\DRIVERS\BATTC.SYS OK
C:\Windows\system32\drivers\volmgr.sys OK
C:\Windows\System32\drivers\volmgrx.sys OK
C:\Windows\System32\drivers\mountmgr.sys OK
C:\Windows\system32\DRIVERS\iaStor.sys OK
C:\Windows\system32\drivers\atapi.sys OK
C:\Windows\system32\drivers\ataport.SYS OK
C:\Windows\system32\drivers\msahci.sys OK
C:\Windows\system32\drivers\PCIIDEX.SYS OK
C:\Windows\system32\drivers\amdxata.sys OK
C:\Windows\system32\drivers\fltmgr.sys OK
C:\Windows\system32\drivers\fileinfo.sys OK
C:\Windows\System32\Drivers\PxHlpa64.sys OK
C:\Windows\System32\Drivers\Ntfs.sys OK
C:\Windows\System32\Drivers\msrpc.sys OK
C:\Windows\System32\Drivers\ksecdd.sys OK
C:\Windows\System32\Drivers\cng.sys OK
C:\Windows\System32\drivers\pcw.sys OK
C:\Windows\System32\Drivers\Fs_Rec.sys OK
C:\Windows\system32\drivers\ndis.sys OK
C:\Windows\system32\drivers\NETIO.SYS OK
C:\Windows\System32\Drivers\ksecpkg.sys OK
C:\Windows\System32\drivers\tcpip.sys OK
C:\Windows\System32\drivers\fwpkclnt.sys OK
C:\Windows\system32\drivers\volsnap.sys OK
C:\Windows\System32\DRIVERS\ApsHM64.sys OK
C:\Windows\System32\Drivers\spldr.sys OK
C:\Windows\System32\drivers\rdyboost.sys OK
C:\Windows\System32\DRIVERS\Apsx64.sys OK
C:\Windows\System32\Drivers\mup.sys OK
C:\Windows\System32\drivers\hwpolicy.sys OK
C:\Windows\System32\DRIVERS\fvevol.sys OK
C:\Windows\system32\DRIVERS\disk.sys OK
C:\Windows\system32\DRIVERS\CLASSPNP.SYS OK
C:\Windows\system32\drivers\cdrom.sys OK
C:\Windows\System32\Drivers\Null.SYS OK
C:\Windows\System32\Drivers\Beep.SYS OK
C:\Windows\System32\drivers\vga.sys OK
C:\Windows\System32\drivers\VIDEOPRT.SYS OK
C:\Windows\System32\drivers\watchdog.sys OK
C:\Windows\System32\DRIVERS\RDPCDD.sys OK
C:\Windows\system32\drivers\rdpencdd.sys OK
C:\Windows\system32\drivers\rdprefmp.sys OK
C:\Windows\System32\Drivers\Msfs.SYS OK
C:\Windows\System32\Drivers\Npfs.SYS OK
C:\Windows\system32\DRIVERS\tdx.sys OK
C:\Windows\system32\DRIVERS\TDI.SYS OK
C:\Windows\system32\drivers\afd.sys OK
C:\Windows\System32\DRIVERS\netbt.sys OK
C:\Windows\system32\drivers\ws2ifsl.sys OK
C:\Windows\system32\DRIVERS\wfplwf.sys OK
C:\Windows\system32\DRIVERS\pacer.sys OK
C:\Windows\system32\DRIVERS\vwififlt.sys OK
C:\Windows\system32\DRIVERS\netbios.sys OK
C:\Windows\system32\DRIVERS\wanarp.sys OK
C:\Windows\System32\drivers\Tppwr64v.sys OK
C:\Windows\system32\drivers\termdd.sys OK
C:\Windows\system32\DRIVERS\rdbss.sys OK
C:\Windows\system32\drivers\nsiproxy.sys OK
C:\Windows\system32\drivers\mssmbios.sys OK
C:\Windows\system32\DRIVERS\smiifx64.sys OK
C:\Windows\System32\drivers\discache.sys OK
C:\Windows\System32\Drivers\dfsc.sys OK
C:\Windows\system32\DRIVERS\blbdrive.sys OK
C:\Windows\system32\DRIVERS\avkmgr.sys OK
C:\Windows\system32\DRIVERS\avipbb.sys OK
C:\Program Files (x86)\Emsisoft Anti-Malware\a2ddax64.sys OK
C:\Windows\system32\DRIVERS\tunnel.sys OK
C:\Windows\system32\DRIVERS\igdkmd64.sys OK
C:\Windows\System32\drivers\dxgkrnl.sys OK
C:\Windows\System32\drivers\dxgmms1.sys OK
C:\Windows\system32\DRIVERS\usbuhci.sys OK
C:\Windows\system32\DRIVERS\USBPORT.SYS OK
C:\Windows\system32\DRIVERS\usbehci.sys OK
C:\Windows\system32\drivers\HDAudBus.sys OK
C:\Windows\system32\DRIVERS\jmcr.sys OK
C:\Windows\system32\DRIVERS\SCSIPORT.SYS OK
C:\Windows\system32\DRIVERS\NETw5s64.sys OK
C:\Windows\system32\DRIVERS\vwifibus.sys OK
C:\Windows\system32\DRIVERS\Rt64win7.sys OK
C:\Windows\system32\drivers\i8042prt.sys OK
C:\Windows\system32\drivers\kbdclass.sys OK
C:\Windows\system32\DRIVERS\SynTP.sys OK
C:\Windows\system32\DRIVERS\USBD.SYS OK
C:\Windows\system32\DRIVERS\mouclass.sys OK
C:\Windows\system32\DRIVERS\ibmpmdrv.sys OK
C:\Windows\system32\DRIVERS\intelppm.sys OK
C:\Windows\system32\DRIVERS\CmBatt.sys OK
C:\Windows\system32\drivers\wmiacpi.sys OK
C:\Windows\system32\drivers\CompositeBus.sys OK
C:\Windows\system32\DRIVERS\AgileVpn.sys OK
C:\Windows\system32\DRIVERS\rasl2tp.sys OK
C:\Windows\system32\DRIVERS\ndistapi.sys OK
C:\Windows\system32\DRIVERS\ndiswan.sys OK
C:\Windows\system32\DRIVERS\raspppoe.sys OK
C:\Windows\system32\DRIVERS\raspptp.sys OK
C:\Windows\system32\DRIVERS\rassstp.sys OK
C:\Windows\system32\DRIVERS\psadd.sys OK
C:\Windows\system32\drivers\swenum.sys OK
C:\Windows\system32\drivers\ks.sys OK
C:\Windows\system32\drivers\umbus.sys OK
C:\Windows\system32\DRIVERS\usbhub.sys OK
C:\Windows\System32\Drivers\NDProxy.SYS OK
C:\Windows\system32\drivers\RTKVHD64.sys OK
C:\Windows\system32\drivers\portcls.sys OK
C:\Windows\system32\drivers\drmk.sys OK
C:\Windows\system32\drivers\ksthunk.sys OK
C:\Windows\system32\drivers\IntcHdmi.sys OK
C:\Windows\System32\win32k.sys OK
C:\Windows\System32\drivers\Dxapi.sys OK
C:\Windows\system32\DRIVERS\hidusb.sys OK
C:\Windows\system32\DRIVERS\HIDCLASS.SYS OK
C:\Windows\system32\DRIVERS\HIDPARSE.SYS OK
C:\Windows\system32\DRIVERS\mouhid.sys OK
C:\Windows\system32\DRIVERS\usbccgp.sys OK
C:\Windows\System32\Drivers\usbvideo.sys OK
C:\Windows\system32\DRIVERS\monitor.sys OK
C:\Windows\System32\TSDDD.dll OK
C:\Windows\System32\cdd.dll OK
C:\Windows\system32\DRIVERS\cdfs.sys OK
C:\Windows\System32\Drivers\crashdmp.sys OK
C:\Windows\System32\Drivers\dump_iaStor.sys Not Found
C:\Windows\System32\Drivers\dump_dumpfve.sys Not Found
C:\Windows\system32\drivers\luafv.sys OK
C:\Windows\system32\DRIVERS\avgntflt.sys OK
C:\Windows\system32\drivers\WudfPf.sys OK
C:\Windows\system32\DRIVERS\lltdio.sys OK
C:\Windows\system32\DRIVERS\nwifi.sys OK
C:\Windows\system32\DRIVERS\ndisuio.sys OK
C:\Windows\system32\DRIVERS\rspndr.sys OK
C:\Windows\system32\drivers\HTTP.sys OK
C:\Windows\System32\DRIVERS\srvnet.sys OK
C:\Windows\system32\DRIVERS\bowser.sys OK
C:\Windows\system32\DRIVERS\mrxsmb.sys OK
C:\Windows\system32\DRIVERS\mrxsmb10.sys OK
C:\Windows\system32\DRIVERS\mrxsmb20.sys OK
C:\Windows\System32\DRIVERS\srv2.sys OK
C:\Windows\System32\DRIVERS\srv.sys OK
C:\Windows\system32\DRIVERS\vwifimp.sys OK
C:\Windows\system32\drivers\peauth.sys OK
C:\Windows\System32\Drivers\secdrv.SYS OK
C:\Windows\System32\drivers\tcpipreg.sys OK
C:\Windows\system32\drivers\mbam.sys OK
C:\Windows\system32\DRIVERS\USBSTOR.SYS OK
C:\Windows\System32\Drivers\fastfat.SYS OK
C:\Windows\system32\DRIVERS\WUDFRd.sys OK
C:\Windows\system32\drivers\rm.sys Not Found
C:\Windows\System32\ntdll.dll OK
C:\Windows\System32\smss.exe OK
C:\Windows\System32\apisetschema.dll OK
C:\Windows\System32\autochk.exe OK
C:\Windows\System32\msvcrt.dll OK
C:\Windows\System32\comdlg32.dll OK
C:\Windows\System32\setupapi.dll OK
C:\Windows\System32\ws2_32.dll OK
C:\Windows\System32\psapi.dll OK
C:\Windows\System32\user32.dll OK
C:\Windows\System32\wininet.dll OK
C:\Windows\System32\urlmon.dll OK
C:\Windows\System32\shlwapi.dll OK
C:\Windows\System32\oleaut32.dll OK
C:\Windows\System32\gdi32.dll OK
C:\Windows\System32\clbcatq.dll OK
C:\Windows\System32\msctf.dll OK
C:\Windows\System32\normaliz.dll OK
C:\Windows\System32\sechost.dll OK
C:\Windows\System32\nsi.dll OK
C:\Windows\System32\advapi32.dll OK
C:\Windows\System32\lpk.dll OK
C:\Windows\System32\imm32.dll OK
C:\Windows\System32\iertutil.dll OK
C:\Windows\System32\difxapi.dll OK
C:\Windows\System32\rpcrt4.dll OK
C:\Windows\System32\shell32.dll OK
C:\Windows\System32\Wldap32.dll OK
C:\Windows\System32\usp10.dll OK
C:\Windows\System32\kernel32.dll OK
C:\Windows\System32\ole32.dll OK
C:\Windows\System32\imagehlp.dll OK
C:\Windows\System32\wintrust.dll OK
C:\Windows\System32\comctl32.dll OK
C:\Windows\System32\crypt32.dll OK
C:\Windows\System32\devobj.dll OK
C:\Windows\System32\KernelBase.dll OK
C:\Windows\System32\cfgmgr32.dll OK
C:\Windows\System32\msasn1.dll OK
C:\Windows\system32\basesrv.dll OK
C:\Windows\system32\winsrv.dll OK
C:\Windows\system32\winsrv.dll OK
C:\Windows\system32\sxssrv.dll OK
C:\Windows\system32\basesrv.dll OK
C:\Windows\system32\winsrv.dll OK
C:\Windows\system32\winsrv.dll OK
C:\Windows\system32\sxssrv.dll OK
{9E385F0A-0BA2-430C-96AA-4399C5E40F6C}\InprocServer32 OK
{CAFEEFAC-0013-0000-0003-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0013-0000-0004-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0013-0000-0005-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0014-0000-0000-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0014-0000-0000-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0014-0000-0001-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0014-0000-0001-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0014-0000-0002-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0014-0000-0002-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0014-0000-0003-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0014-0000-0003-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0014-0000-0004-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0014-0000-0004-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0014-0001-0000-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0014-0001-0000-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0014-0001-0001-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0014-0001-0001-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0014-0001-0002-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0014-0001-0003-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0014-0001-0003-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0014-0001-0004-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0014-0001-0004-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0014-0001-0005-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0014-0001-0005-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0014-0001-0006-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0014-0001-0006-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0014-0001-0007-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0014-0001-0007-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0014-0002-0001-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0014-0002-0001-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0014-0002-0002-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0014-0002-0002-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0014-0002-0004-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0014-0002-0004-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0014-0002-0006-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0014-0002-0006-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0014-0002-0007-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0014-0002-0007-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0014-0002-0008-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0014-0002-0008-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0014-0002-0009-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0014-0002-0009-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0014-0002-0010-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0014-0002-0010-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0014-0002-0011-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0014-0002-0011-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0014-0002-0012-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0014-0002-0012-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0014-0002-0013-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0014-0002-0013-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0014-0002-0014-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0014-0002-0014-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0014-0002-0015-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0014-0002-0015-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0014-0002-0016-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0014-0002-0016-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0014-0002-0017-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0014-0002-0017-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0014-0002-0018-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0014-0002-0018-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0014-0002-0019-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0014-0002-0019-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0014-0002-0020-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0014-0002-0020-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0014-0002-0021-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0014-0002-0021-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0014-0002-0022-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0014-0002-0022-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0014-0002-0023-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0014-0002-0023-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0014-0002-0024-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0014-0002-0024-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0014-0002-0025-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0014-0002-0025-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0014-0002-0026-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0014-0002-0026-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0014-0002-0027-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0014-0002-0027-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0014-0002-0028-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0014-0002-0028-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0014-0002-0029-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0014-0002-0029-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0014-0002-0030-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0014-0002-0030-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0014-0002-FFFF-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBC}\InprocServer32 OK
{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBC}\InprocServer32 OK
{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBC}\InprocServer32 OK
{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBC}\InprocServer32 OK
{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBC}\InprocServer32 OK
{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBC}\InprocServer32 OK
{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC}\InprocServer32 OK
{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBC}\InprocServer32 OK
{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBC}\InprocServer32 OK
{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBC}\InprocServer32 OK
{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBC}\InprocServer32 OK
{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBC}\InprocServer32 OK
{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBC}\InprocServer32 OK
{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBC}\InprocServer32 OK
{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBC}\InprocServer32 OK
{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBC}\InprocServer32 OK
{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBC}\InprocServer32 OK
{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBC}\InprocServer32 OK
{CAFEEFAC-0015-0000-0018-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0015-0000-0018-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0015-0000-0018-ABCDEFFEDCBC}\InprocServer32 OK
{CAFEEFAC-0015-0000-0019-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0015-0000-0019-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0015-0000-0019-ABCDEFFEDCBC}\InprocServer32 OK
{CAFEEFAC-0015-0000-0020-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0015-0000-0020-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0015-0000-0020-ABCDEFFEDCBC}\InprocServer32 OK
{CAFEEFAC-0015-0000-0021-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0015-0000-0021-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0015-0000-0021-ABCDEFFEDCBC}\InprocServer32 OK
{CAFEEFAC-0015-0000-0022-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0015-0000-0022-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0015-0000-0022-ABCDEFFEDCBC}\InprocServer32 OK
{CAFEEFAC-0015-0000-0023-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0015-0000-0023-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0015-0000-0023-ABCDEFFEDCBC}\InprocServer32 OK
{CAFEEFAC-0015-0000-0024-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0015-0000-0024-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0015-0000-0024-ABCDEFFEDCBC}\InprocServer32 OK
{CAFEEFAC-0015-0000-0025-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0015-0000-0025-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0015-0000-0025-ABCDEFFEDCBC}\InprocServer32 OK
{CAFEEFAC-0015-0000-0026-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0015-0000-0026-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0015-0000-0026-ABCDEFFEDCBC}\InprocServer32 OK
{CAFEEFAC-0015-0000-0027-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0015-0000-0027-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0015-0000-0027-ABCDEFFEDCBC}\InprocServer32 OK
{CAFEEFAC-0015-0000-0028-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0015-0000-0028-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0015-0000-0028-ABCDEFFEDCBC}\InprocServer32 OK
{CAFEEFAC-0015-0000-0029-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0015-0000-0029-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0015-0000-0029-ABCDEFFEDCBC}\InprocServer32 OK
{CAFEEFAC-0015-0000-0030-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0015-0000-0030-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0015-0000-0030-ABCDEFFEDCBC}\InprocServer32 OK
{CAFEEFAC-0015-0000-FFFF-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC}\InprocServer32 OK
{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC}\InprocServer32 OK
{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBC}\InprocServer32 OK
{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC}\InprocServer32 OK
{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBC}\InprocServer32 OK
{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC}\InprocServer32 OK
{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBC}\InprocServer32 OK
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC}\InprocServer32 OK
{CAFEEFAC-0016-0000-0008-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0016-0000-0008-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0016-0000-0008-ABCDEFFEDCBC}\InprocServer32 OK
{CAFEEFAC-0016-0000-0009-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0016-0000-0009-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0016-0000-0009-ABCDEFFEDCBC}\InprocServer32 OK
{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBC}\InprocServer32 OK
{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBC}\InprocServer32 OK
{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBC}\InprocServer32 OK
{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBC}\InprocServer32 OK
{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBC}\InprocServer32 OK
{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBC}\InprocServer32 OK
{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBC}\InprocServer32 OK
{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBC}\InprocServer32 OK
{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBC}\InprocServer32 OK
{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBC}\InprocServer32 OK
{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBC}\InprocServer32 OK
{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBC}\InprocServer32 OK
{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBC}\InprocServer32 OK
{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBC}\InprocServer32 OK
{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBC}\InprocServer32 OK
{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBC}\InprocServer32 OK
{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBC}\InprocServer32 OK
{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBC}\InprocServer32 OK
{CAFEEFAC-0016-0000-0028-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0016-0000-0028-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0016-0000-0028-ABCDEFFEDCBC}\InprocServer32 OK
{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBC}\InprocServer32 OK
{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBC}\InprocServer32 OK
{CAFEEFAC-0016-0000-FFFF-ABCDEFFEDCBA}\InprocServer32 OK
{E19F9331-3110-11D4-991C-005004D3B3DB}\InprocServer32 OK
C:\Windows\system32\services.exe OK
Removing C:\Windows\assembly\temp ...
Work complete.

-- EOF --

t'john · 12.08.2012, 14:49

Sehr gut!

Deinstalliere:
Emsisoft Anti-Malware

ESET Online Scanner

Vorbereitung

Schließe evtl. vorhandene externe Festplatten und/oder sonstigen Wechselmedien (z. B. evtl. vorhandene USB-Sticks) an den Rechner an.
Bitte während des Online-Scans Anti-Virus-Programm und Firewall deaktivieren.
Vista/Win7-User: Bitte den Browser unbedingt als Administrator starten.

Los geht's

Lade und starte Eset Smartinstaller
Haken setzen bei YES, I accept the Terms of Use.
Klick auf Start.
Haken setzen bei Remove found threads und Scan archives.
Klick auf Start.
Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Finish drücken.
Browser schließen.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (manchmal auch C:\Programme\Eset\log.txt) suchen und mit Deinem Editor öffnen.
Logfile hier posten.
Deinstallation: Systemsteuerung => Software => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Grossknecht · 13.08.2012, 17:24

ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=12901d53317840498975222079be58fb
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-08-13 04:18:17
# local_time=2012-08-13 06:18:17 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=768 16777215 100 0 61001700 61001700 0 0
# compatibility_mode=1792 16777215 100 0 27134348 27134348 0 0
# compatibility_mode=5893 16776574 66 94 4049340 96496360 0 0
# compatibility_mode=8192 67108863 100 0 4065181 4065181 0 0
# scanned=181559
# found=3
# cleaned=2
# scan_time=8187
C:\Users\Stephan\Downloads\SoftonicDownloader35819.exe a variant of Win32/SoftonicDownloader.A application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
Q:\STEPHAN-THINK\Backup Set 2012-04-10 154448\Backup Files 2012-04-10 154448\Backup files 20.zip multiple threats (deleted - quarantined) 00000000000000000000000000000000 C
${Memory} a variant of Win32/Sirefef.EZ trojan 00000000000000000000000000000000 I

09.08.2012, 10:02	#4
t'john /// Helfer-Team	Attraps.Gen2 kann ich nicht entfernen OTL Logfile? __________________ Mfg, t'john Das TB unterstützen

11.08.2012, 14:50	#12
t'john /// Helfer-Team	Attraps.Gen2 kann ich nicht entfernen Bite ein Scan mit: http://www.trojaner-board.de/114276-...s-remover.html __________________ Mfg, t'john Das TB unterstützen

Attraps.Gen2 kann ich nicht entfernen

Log-Analyse und Auswertung: Attraps.Gen2 kann ich nicht entfernen