| |
| |||||||
Log-Analyse und Auswertung: GVU Trojaner 2.07 komplett entfernenWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
27.08.2012, 12:24
| #1 |
| |  GVU Trojaner 2.07 komplett entfernen Hallo Forum, eine Freundin hat einen Win 7 Home Premium PC und sich eine Version des BKA-Trojaners eingefangen. Ihrer Aussage nach handelt es sich dabei um die Version 2.07 des GVU Trojaners. Nach Anleitung von der Seite bka-trojaner.de habe Kaspersky durchlaufen lassen und die gefundenen Dateien entfernt. Wenn ich den Rechner jetzt neustarte kommt noch eine Meldung, dass die Datei "C:\Users\Franzi\AppData\Local\Temp\Soap0_wsdl.exe" nicht gefunden wird - was auch gut so ist. Irgendwo muss noch ein Eintrag für den Start des Programmes vorhanden sein, den ich übersehen habe. Anbei die Logs von OTL. Könnt ihr mir und ihr helfen? Gruß, H2FO Code:
ATTFilter OTL logfile created on: 27.08.2012 12:14:57 - Run 2 OTL by OldTimer - Version 3.2.57.0 Folder = C:\Users\Franzi\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,86 Gb Total Physical Memory | 2,37 Gb Available Physical Memory | 61,54% Memory free 7,71 Gb Paging File | 5,77 Gb Available in Paging File | 74,80% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 116,44 Gb Total Space | 15,91 Gb Free Space | 13,66% Space Free | Partition Type: NTFS Drive D: | 329,79 Gb Total Space | 89,32 Gb Free Space | 27,08% Space Free | Partition Type: NTFS Drive E: | 267,04 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Computer Name: FRANZI-PC | User Name: Franzi | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Franzi\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.) PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Windows\AsScrPro.exe (ASUS) PRC - C:\Windows\SysWOW64\ZoneLabs\vsmon.exe (Check Point Software Technologies LTD) PRC - C:\Program Files (x86)\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD) PRC - C:\Program Files (x86)\syncables\syncables desktop\jre\bin\javaw.exe (Sun Microsystems, Inc.) PRC - C:\Program Files (x86)\syncables\syncables desktop\syncables.exe (syncables, LLC) PRC - C:\Program Files (x86)\ASUS\ControlDeck\ControlDeck.exe (asus) PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe (ASUS) PRC - C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUS) PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUS) PRC - C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe () PRC - C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe (ASUS) PRC - C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION) PRC - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) PRC - C:\Program Files (x86)\ASUS\Net4Switch\Net4Switch.exe (ASUS) PRC - C:\Program Files (x86)\Boingo\Boingo Wi-Fi\Boingo Wi-Fi.exe (Boingo Wireless, Inc.) PRC - C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe (ASUS) PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (ASUS) PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe (ASUS) PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe (ASUS) PRC - C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe (ABBYY) PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe (ASUS) PRC - C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe (Adobe Systems Inc.) PRC - C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe (ASUSTek Computer Inc.) PRC - C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe () PRC - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe () ========== Modules (No Company Name) ========== MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\e717a230496832656b05b515eb9f3bc5\PresentationFramework.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\14a87218ea49639f38097e278b98a3da\PresentationCore.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\9b2f17fb61b7197f2a04108f5d1a1cc6\System.Management.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\8e56489276063ededde74e597a121df3\PresentationFramework.Aero.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll () MOD - C:\Program Files (x86)\ASUS\ControlDeck\Volume.dll () MOD - C:\Program Files (x86)\ASUS\ControlDeck\Resolution.dll () MOD - C:\Program Files (x86)\ASUS\ControlDeck\P4GControl.dll () MOD - C:\Program Files (x86)\ASUS\ControlDeck\HelpFunc.dll () MOD - C:\Program Files (x86)\ASUS\ControlDeck\Brightness.dll () MOD - C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe () MOD - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll () MOD - C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll () MOD - C:\Program Files (x86)\ASUS\Net4Switch\ipswcore.dll () MOD - C:\Program Files (x86)\ASUS\Net4Switch\ipswsysmon.dll () MOD - C:\Program Files (x86)\ASUS\Net4Switch\ResItf.dll () MOD - C:\Program Files (x86)\ASUS\Net4Switch\cxcmrt.dll () MOD - C:\Windows\assembly\GAC_MSIL\PresentationCore.resources\3.0.0.0_de_31bf3856ad364e35\PresentationCore.resources.dll () MOD - C:\Program Files (x86)\ASUS\Net4Switch\ipsw_cfgmgr.dll () MOD - C:\Program Files (x86)\ASUS\Net4Switch\LogonStartup.dll () MOD - C:\Program Files (x86)\ASUS\Net4Switch\iphelper.dll () MOD - C:\Program Files (x86)\ASUS\Net4Switch\ipswui.dll () MOD - C:\Program Files (x86)\ASUS\Net4Switch\ipswobj.dll () MOD - C:\Program Files (x86)\ASUS\Net4Switch\ipswhlp.dll () MOD - C:\Program Files (x86)\ASUS\Net4Switch\ipswgblset.dll () MOD - C:\Program Files (x86)\ASUS\Net4Switch\ipswds.dll () MOD - C:\Program Files (x86)\ASUS\Net4Switch\ipswresmgr.dll () MOD - C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe () MOD - C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt.dll () MOD - C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt1.dll () ========== Win32 Services (SafeList) ========== SRV:64bit: - (FLEXnet Licensing Service 64) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe (Acresso Software Inc.) SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD) SRV:64bit: - (AFBAgent) -- C:\Windows\SysNative\FBAgent.exe (ASUSTeK Computer Inc.) SRV:64bit: - (EPSON_EB_RPCV4_04) -- C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE (SEIKO EPSON CORPORATION) SRV:64bit: - (EPSON_PM_RPCV4_04) -- C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE (SEIKO EPSON CORPORATION) SRV:64bit: - (TurboBoost) -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe (Intel(R) Corporation) SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) SRV:64bit: - (spmgr) -- C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe () SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.) SRV - (nosGetPlusHelper) -- C:\Program Files (x86)\NOS\bin\getPlus_Helper_3004.dll (NOS Microsystems Ltd.) SRV - (vsmon) -- C:\Windows\SysWOW64\ZoneLabs\vsmon.exe (Check Point Software Technologies LTD) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (ATKGFNEXSrv) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe (ASUS) SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) SRV - (ASLDRService) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe (ASUS) SRV - (BandLuxe_Service) -- C:\Program Files (x86)\o2 Verbindungsmanager\BRService.exe (BandRich Inc.) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (ABBYY.Licensing.FineReader.Sprint.9.0) -- C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe (ABBYY) SRV - (Adobe Version Cue CS4) -- C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe (Adobe Systems Incorporated) SRV - (ADSMService) -- C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe (ASUSTek Computer Inc.) SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation) SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation) DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH) DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH) DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation) DRV:64bit: - (AsDsm) -- C:\Windows\SysNative\drivers\AsDsm.sys (ASUSTek Computer Inc) DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions) DRV:64bit: - (Vsdatant) -- C:\Windows\SysNative\drivers\vsdatant.sys (Check Point Software Technologies LTD) DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation) DRV:64bit: - (JME) -- C:\Windows\SysNative\drivers\JME.sys (JMicron Technology Corp.) DRV:64bit: - (CVirtA) -- C:\Windows\SysNative\drivers\CVirtA64.sys (Cisco Systems, Inc.) DRV:64bit: - (SPUVCbv) -- C:\Windows\SysNative\drivers\SPUVCBv_x64.sys (Digital Camera) DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atipmdag.sys (ATI Technologies Inc.) DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (ETD) -- C:\Windows\SysNative\drivers\ETD.sys (ELAN Microelectronic Corp.) DRV:64bit: - (CnxtHdAudService) -- C:\Windows\SysNative\drivers\CHDRT64.sys (Conexant Systems Inc.) DRV:64bit: - (Impcd) -- C:\Windows\SysNative\drivers\Impcd.sys (Intel Corporation) DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.) DRV:64bit: - (HECIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation) DRV:64bit: - (JMCR) -- C:\Windows\SysNative\drivers\jmcr.sys (JMicron Technology Corporation) DRV:64bit: - (TurboB) -- C:\Windows\SysNative\drivers\TurboB.sys () DRV:64bit: - (kbfiltr) -- C:\Windows\SysNative\drivers\kbfiltr.sys ( ) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (lullaby) -- C:\Windows\SysNative\drivers\lullaby.sys (Windows (R) Win 7 DDK provider) DRV:64bit: - (SiSGbeLH) -- C:\Windows\SysNative\drivers\SiSG664.sys (Silicon Integrated Systems Corp.) DRV:64bit: - (netr7364) -- C:\Windows\SysNative\drivers\netr7364.sys (Ralink Technology, Corp.) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\drivers\ATK64AMD.sys (ASUS) DRV:64bit: - (br3gmdm) -- C:\Windows\SysNative\drivers\br3gmdm.sys (BandRich Inc.) DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation) DRV:64bit: - (DNE) -- C:\Windows\SysNative\drivers\dne64x.sys (Deterministic Networks, Inc.) DRV:64bit: - (adfs) -- C:\Windows\SysNative\drivers\adfs.sys (Adobe Systems, Inc.) DRV:64bit: - (WimFltr) -- C:\Windows\SysNative\drivers\WimFltr.sys (Microsoft Corporation) DRV:64bit: - (ghaio) -- C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys () DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) DRV - (ASMMAP64) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys (ASUS) DRV - (adfs) -- C:\Windows\SysWow64\drivers\adfs.sys (Adobe Systems, Inc.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://start.facemoods.com/?a=kno&s={searchTerms}&f=4 IE - HKLM\..\URLSearchHook: {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - SOFTWARE\Classes\CLSID\{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}\InprocServer32 File not found IE - HKLM\..\SearchScopes,DefaultScope = {AFDBDDAA-5D3F-42EE-B79C-185A7020515B} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUT IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3813763852-776618936-3657280800-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com IE - HKU\S-1-5-21-3813763852-776618936-3657280800-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://google.icq.com/search/search_frame.php IE - HKU\S-1-5-21-3813763852-776618936-3657280800-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://mystart.incredimail.com/mb68?u=92541563673099595 IE - HKU\S-1-5-21-3813763852-776618936-3657280800-1001\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKU\S-1-5-21-3813763852-776618936-3657280800-1001\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - No CLSID value found IE - HKU\S-1-5-21-3813763852-776618936-3657280800-1001\..\URLSearchHook: {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - SOFTWARE\Classes\CLSID\{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}\InprocServer32 File not found IE - HKU\S-1-5-21-3813763852-776618936-3657280800-1001\..\SearchScopes,DefaultScope = {CFF4DB9B-135F-47c0-9269-B4C6572FD61A} IE - HKU\S-1-5-21-3813763852-776618936-3657280800-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-3813763852-776618936-3657280800-1001\..\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}: "URL" = hxxp://start.facemoods.com/?a=kno&s={searchTerms}&f=4 IE - HKU\S-1-5-21-3813763852-776618936-3657280800-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKU\S-1-5-21-3813763852-776618936-3657280800-1001\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050 IE - HKU\S-1-5-21-3813763852-776618936-3657280800-1001\..\SearchScopes\{BE9654C9-9D79-42ec-B55A-3CAEB12DBF58}: "URL" = hxxp://www.icq.com/search/results.php?q={searchTerms}&ch_id=osd IE - HKU\S-1-5-21-3813763852-776618936-3657280800-1001\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = hxxp://mystart.incredimail.com/mb68/?search={searchTerms}&loc=search_box&u=92541563673099595 IE - HKU\S-1-5-21-3813763852-776618936-3657280800-1001\..\SearchScopes\{EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&query={searchTerms}&invocationType=tb50winampie7 IE - HKU\S-1-5-21-3813763852-776618936-3657280800-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3813763852-776618936-3657280800-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "MyStart Search" FF - prefs.js..browser.search.defaultthis.engineName: "DVDVideoSoftTB Customized Web Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.search.update: false FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/firefox" FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.8 FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.6 FF - prefs.js..extensions.enabledItems: {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:1.0.10 FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.5 FF - prefs.js..extensions.enabledItems: {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b}:3.3.3.2 FF - prefs.js..extensions.enabledItems: {FFB96CC1-7EB3-449D-B827-DB661701C6BB}:1.5.232.0 FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.91 FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2613550&q=" FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll File not found FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nosltd.com/getPlus+(R),version=1.6.2.91: C:\Program Files (x86)\NOS\bin\np_gp.dll (NOS Microsystems Ltd.) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.669: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.669: c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.669: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.669: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.669: c:\program files (x86)\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011.11.04 12:47:36 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.07.18 18:32:26 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.11.04 12:47:51 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.07.18 18:32:26 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.11.04 12:47:51 | 000,000,000 | ---D | M] [2010.10.01 19:29:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Franzi\AppData\Roaming\mozilla\Extensions [2012.07.24 21:28:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Franzi\AppData\Roaming\mozilla\Firefox\Profiles\flnb1r7m.default\extensions [2010.10.01 18:28:46 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Franzi\AppData\Roaming\mozilla\Firefox\Profiles\flnb1r7m.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011.06.01 10:41:42 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\Franzi\AppData\Roaming\mozilla\Firefox\Profiles\flnb1r7m.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2012.07.24 21:28:33 | 000,000,000 | ---D | M] (FLV Runner) -- C:\Users\Franzi\AppData\Roaming\mozilla\Firefox\Profiles\flnb1r7m.default\extensions\{3bbd3c14-4c16-4989-8366-95bc9179779d} [2011.05.16 19:51:27 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Franzi\AppData\Roaming\mozilla\Firefox\Profiles\flnb1r7m.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2012.03.30 17:23:20 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Franzi\AppData\Roaming\mozilla\Firefox\Profiles\flnb1r7m.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2011.04.11 19:48:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Franzi\AppData\Roaming\mozilla\Firefox\Profiles\flnb1r7m.default\extensions\nostmp [2012.08.02 19:29:47 | 000,000,950 | ---- | M] () -- C:\Users\Franzi\AppData\Roaming\Mozilla\Firefox\Profiles\flnb1r7m.default\searchplugins\icqplugin-4.xml [2008.07.10 19:03:45 | 000,000,950 | ---- | M] () -- C:\Users\Franzi\AppData\Roaming\Mozilla\Firefox\Profiles\flnb1r7m.default\searchplugins\icqplugin-5.xml [2008.07.16 20:53:47 | 000,000,950 | ---- | M] () -- C:\Users\Franzi\AppData\Roaming\Mozilla\Firefox\Profiles\flnb1r7m.default\searchplugins\icqplugin-6.xml [2008.10.25 18:10:21 | 000,000,950 | ---- | M] () -- C:\Users\Franzi\AppData\Roaming\Mozilla\Firefox\Profiles\flnb1r7m.default\searchplugins\icqplugin-7.xml [2008.11.13 12:10:29 | 000,000,950 | ---- | M] () -- C:\Users\Franzi\AppData\Roaming\Mozilla\Firefox\Profiles\flnb1r7m.default\searchplugins\icqplugin-8.xml [2008.02.19 19:16:46 | 000,000,951 | ---- | M] () -- C:\Users\Franzi\AppData\Roaming\Mozilla\Firefox\Profiles\flnb1r7m.default\searchplugins\icqplugin.xml [2012.04.06 10:45:19 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.07.04 16:49:39 | 000,340,684 | ---- | M] () (No name found) -- C:\USERS\FRANZI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FLNB1R7M.DEFAULT\EXTENSIONS\{A7C6CF7F-112C-4500-A7EA-39801A327E5F}.XPI [2011.10.30 16:41:32 | 000,434,392 | ---- | M] () (No name found) -- C:\USERS\FRANZI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FLNB1R7M.DEFAULT\EXTENSIONS\{D4DD63FA-01E4-46A7-B6B1-EDAB7D6AD389}.XPI [2012.07.18 18:32:26 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.02.28 13:14:48 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2012.02.11 14:39:49 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.02.11 14:39:49 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.02.11 14:39:49 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2011.08.31 16:29:55 | 000,002,046 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrch.xml [2012.02.11 14:39:49 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.02.11 14:39:49 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.02.11 14:39:49 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Windows Live Family Safety Browser Helper Class) - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation) O2:64bit: - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.) O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dll () O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O2 - BHO: (IncrediMail MediaBar 2 Toolbar) - {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - C:\Program Files (x86)\IncrediMail_MediaBar_2\tbIncr.dll File not found O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3:64bit: - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dll () O3 - HKLM\..\Toolbar: (IncrediMail MediaBar 2 Toolbar) - {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - C:\Program Files (x86)\IncrediMail_MediaBar_2\tbIncr.dll File not found O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKU\S-1-5-21-3813763852-776618936-3657280800-1001\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found. O3 - HKU\S-1-5-21-3813763852-776618936-3657280800-1001\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O4:64bit: - HKLM..\Run: [ASUS WebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe () O4:64bit: - HKLM..\Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronic Corp.) O4:64bit: - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe () O4:64bit: - HKLM..\Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.) O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [Adobe_ID0ENQBO] C:\PROGRA~2\COMMON~1\Adobe\ADOBEV~2\Server\bin\VERSIO~2.EXE (Adobe Systems Incorporated) O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUS) O4 - HKLM..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUS) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [Boingo Wi-Fi] C:\Program Files (x86)\Boingo\Boingo Wi-Fi\Boingo.lnk () O4 - HKLM..\Run: [EEventManager] C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION) O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (ASUS) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [TkBellExe] c:\program files (x86)\real\realplayer\Update\realsched.exe (RealNetworks, Inc.) O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files (x86)\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-3813763852-776618936-3657280800-1001..\Run: [AdobeBridge] File not found O4 - HKU\S-1-5-21-3813763852-776618936-3657280800-1001..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe File not found O4 - HKU\S-1-5-21-3813763852-776618936-3657280800-1001..\Run: [Syncables] C:\Program Files (x86)\syncables\syncables desktop\Syncables.exe (syncables, LLC) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O7 - HKU\S-1-5-21-3813763852-776618936-3657280800-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0 O8:64bit: - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Franzi\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8:64bit: - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Franzi\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{b96f1459-dd58-11e0-a8b8-20cf3025d25b}\Shell - "" = AutoRun O33 - MountPoints2\{b96f1459-dd58-11e0-a8b8-20cf3025d25b}\Shell\AutoRun\command - "" = F:\AUTORUN_o2Surfstick.exe /EjectCDROM O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.08.27 12:12:42 | 000,596,992 | ---- | C] (OldTimer Tools) -- C:\Users\Franzi\Desktop\OTL.exe [2012.08.17 14:21:02 | 000,000,000 | ---D | C] -- C:\Users\Franzi\AppData\Roaming\Malwarebytes [2012.08.17 14:20:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.08.17 14:20:15 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.08.17 14:20:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012.08.17 14:20:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.08.09 22:17:01 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch [2012.08.05 15:35:21 | 000,000,000 | ---D | C] -- C:\Users\Franzi\AppData\Roaming\UAs [2012.08.02 20:13:27 | 000,000,000 | ---D | C] -- C:\Users\Franzi\AppData\Roaming\xmldm [2012.08.02 20:13:25 | 000,000,000 | ---D | C] -- C:\Users\Franzi\AppData\Roaming\kock [2008.08.12 06:45:20 | 000,155,648 | ---- | C] (ASUS) -- C:\Program Files (x86)\Common Files\MSIactionall.dll [1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.08.27 12:14:16 | 000,010,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.08.27 12:14:16 | 000,010,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.08.27 12:13:07 | 001,498,742 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.08.27 12:13:07 | 000,654,400 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.08.27 12:13:07 | 000,616,242 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.08.27 12:13:07 | 000,130,240 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.08.27 12:13:07 | 000,106,622 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.08.27 12:11:14 | 000,000,000 | ---- | M] () -- C:\Users\Franzi\defogger_reenable [2012.08.27 12:07:26 | 000,050,477 | ---- | M] () -- C:\Users\Franzi\Desktop\Defogger.exe [2012.08.27 12:02:30 | 3105,259,520 | -HS- | M] () -- C:\hiberfil.sys [2012.08.17 14:27:56 | 000,001,111 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.08.17 14:22:02 | 000,002,304 | ---- | M] () -- C:\Windows\SysNative\AutoRunFilter.ini [2012.08.17 14:21:57 | 000,001,493 | ---- | M] () -- C:\Windows\SysNative\ServiceFilter.ini [2012.08.17 12:19:10 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Franzi\Desktop\OTL.exe [2012.08.15 16:39:57 | 000,045,056 | ---- | M] () -- C:\Windows\SysNative\acovcnt.exe [2012.08.09 22:47:07 | 004,503,728 | ---- | M] () -- C:\ProgramData\ldsw_0paos.pad [2012.08.09 21:13:03 | 000,699,164 | ---- | M] () -- C:\Users\Franzi\Desktop\Unbenannt.png [2012.08.09 20:11:03 | 000,001,889 | ---- | M] () -- C:\Users\Franzi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk [1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.08.27 12:11:14 | 000,000,000 | ---- | C] () -- C:\Users\Franzi\defogger_reenable [2012.08.27 12:10:41 | 000,050,477 | ---- | C] () -- C:\Users\Franzi\Desktop\Defogger.exe [2012.08.17 14:20:16 | 000,001,111 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.08.09 21:13:02 | 000,699,164 | ---- | C] () -- C:\Users\Franzi\Desktop\Unbenannt.png [2012.08.09 20:11:03 | 004,503,728 | ---- | C] () -- C:\ProgramData\ldsw_0paos.pad [2012.08.09 20:11:03 | 000,001,889 | ---- | C] () -- C:\Users\Franzi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk [2012.05.02 17:56:51 | 001,456,640 | ---- | C] () -- C:\Program Files (x86)\Common Files\Falk Navi-Manager.msi [2011.09.24 12:44:21 | 000,098,304 | ---- | C] () -- C:\Windows\SysWow64\redmonnt.dll [2011.02.13 21:22:56 | 000,000,859 | ---- | C] () -- C:\Users\Franzi\.recently-used.xbel [2011.02.01 00:22:16 | 000,000,473 | ---- | C] () -- C:\Users\Franzi\AppData\Roaming\Poladroid prefs.plist [2010.11.24 15:43:02 | 000,000,000 | ---- | C] () -- C:\Windows\Net4Switch.INI [2010.10.09 18:53:10 | 002,463,976 | ---- | C] () -- C:\Windows\SysWow64\NPSWF32.dll [2010.10.01 22:12:38 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2010.10.01 21:49:02 | 000,000,000 | ---- | C] () -- C:\Windows\OpPrintServer.INI [2010.10.01 15:31:56 | 000,000,024 | ---- | C] () -- C:\Windows\ATKPF.ini [2010.08.03 06:28:02 | 000,131,368 | ---- | C] () -- C:\ProgramData\FullRemove.exe [2009.04.08 19:31:56 | 000,106,496 | ---- | C] () -- C:\Program Files (x86)\Common Files\CPInstallAction.dll [2008.05.22 17:35:54 | 000,051,962 | ---- | C] () -- C:\Program Files (x86)\Common Files\banner.jpg [2007.09.26 19:51:27 | 000,000,000 | -H-- | C] () -- C:\Users\Franzi\hpothb07.tif [2007.09.26 19:51:27 | 000,000,000 | -H-- | C] () -- C:\Users\Franzi\hpothb07.dat < End of report > Code:
ATTFilter OTL Extras logfile created on: 27.08.2012 12:14:57 - Run 2
OTL by OldTimer - Version 3.2.57.0 Folder = C:\Users\Franzi\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,86 Gb Total Physical Memory | 2,37 Gb Available Physical Memory | 61,54% Memory free
7,71 Gb Paging File | 5,77 Gb Available in Paging File | 74,80% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 116,44 Gb Total Space | 15,91 Gb Free Space | 13,66% Space Free | Partition Type: NTFS
Drive D: | 329,79 Gb Total Space | 89,32 Gb Free Space | 27,08% Space Free | Partition Type: NTFS
Drive E: | 267,04 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Computer Name: FRANZI-PC | User Name: Franzi | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-3813763852-776618936-3657280800-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Fotoschau] -- "C:\Program Files (x86)\Pixum\Pixum EasyBook\Fotoschau.exe" -d "%1" ()
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Directory [Pixum EasyBook] -- "C:\Program Files (x86)\Pixum\Pixum EasyBook\Pixum EasyBook.exe" "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Fotoschau] -- "C:\Program Files (x86)\Pixum\Pixum EasyBook\Fotoschau.exe" -d "%1" ()
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Directory [Pixum EasyBook] -- "C:\Program Files (x86)\Pixum\Pixum EasyBook\Pixum EasyBook.exe" "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"AutoUpdateDisableNotify" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0DF94C4F-2FEF-43D5-84B1-F0F4A195DD44}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{272A3348-E434-4555-9415-FEE3058E907C}" = lport=2869 | protocol=6 | dir=in | app=system |
"{2F59C994-BD3F-4F85-B9BE-EB7BB2330C1F}" = rport=445 | protocol=6 | dir=out | app=system |
"{34D7E33B-5F0C-4221-BA4A-0907F62FB22B}" = lport=138 | protocol=17 | dir=in | app=system |
"{40E81E7D-B561-4BB9-8795-2BB44540948B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{5C8BC9F7-BB29-4DD8-8D27-6E5D0A58E64D}" = lport=2869 | protocol=6 | dir=in | app=system |
"{5EA60375-E390-4568-82BF-6DE831D30D85}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{5EEA5673-B3E4-45BF-BFC8-E01802A9435B}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{66364D39-BE83-41BF-9CF3-70481F7347E9}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{6AFC0A03-D2D2-4423-B00A-E26278F9028D}" = lport=3704 | protocol=6 | dir=in | name=adobe version cue cs4 server |
"{722EF586-D872-457E-9B01-5173B86BA183}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{7E3E4BB7-A713-414A-BA67-7953733EC8C5}" = lport=8182 | protocol=6 | dir=in | name=java(tm) platform se binary |
"{8056DF38-8B67-4B0F-92C2-F75EF5F1ABB6}" = lport=5353 | protocol=17 | dir=in | name=java(tm) platform se binary |
"{82BF8E13-9D94-4CCD-91A5-7E9F8E40F18B}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{8A72B179-6BB2-416E-A8CF-4223FB9184CC}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
"{92EB09E1-C849-42A4-9F46-1E4FB59C3CE0}" = lport=3703 | protocol=6 | dir=in | name=adobe version cue cs4 server |
"{96E489A2-8B55-4842-845D-B0953435F681}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{998A408E-9FBF-4845-AACA-234B0AF900E1}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{9DC3FB2C-AF60-4CD5-819B-9D3FCCD76882}" = lport=139 | protocol=6 | dir=in | app=system |
"{A01A3D81-D555-4710-BEE1-C5FAF19E3881}" = lport=10243 | protocol=6 | dir=in | app=system |
"{A4C5F347-848F-4E8A-B025-A50A51AAA75E}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{AADD031F-D234-4B91-BCB3-A9AE5E6CC915}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C8B48B8B-FAE2-4EB1-8FC8-2714C82D34AC}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{CB15AB3E-70C0-441D-82FA-0D31D54E01C9}" = lport=51001 | protocol=6 | dir=in | name=adobe version cue cs4 server |
"{D66E331F-55BC-40D1-912A-9FBC54C87985}" = rport=137 | protocol=17 | dir=out | app=system |
"{D8A08BEB-2C58-46F6-8C35-8059C03950B0}" = lport=445 | protocol=6 | dir=in | app=system |
"{E2457732-FD26-40D7-8E24-79D505F06BE6}" = rport=139 | protocol=6 | dir=out | app=system |
"{E8D0E83F-E54D-4E4A-AC69-96DA1AEC5652}" = rport=138 | protocol=17 | dir=out | app=system |
"{EA0C9871-DB5F-4E73-BBD5-65B6933CB55F}" = lport=51000 | protocol=6 | dir=in | name=adobe version cue cs4 server |
"{EF77C32F-FAE5-410B-BB21-B60B342265CE}" = rport=10243 | protocol=6 | dir=out | app=system |
"{F0354843-1CE9-471B-8B8F-30040B263373}" = lport=137 | protocol=17 | dir=in | app=system |
"{F494D336-0DB0-4140-A9B4-556F20367C0E}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{FBD790F1-F58A-492E-A6D5-222FCD23BFFF}" = lport=5353 | protocol=6 | dir=in | name=adobe csi cs4 |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00CB8E6D-D1A1-40D2-9432-788EC9C26A39}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{089C2ED8-15A6-4A00-A76E-28B5BB8D7B47}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{09112BD3-BB5A-419D-A09A-CC4F59577A3D}" = protocol=6 | dir=out | app=system |
"{09D2B0E1-9A3B-4694-A46B-2882C0458B9B}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{0C7EA374-ABD1-4A3E-A2AF-898103265641}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{0CABFD3E-856A-4556-B329-E6014C2A86C4}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{154170D3-E337-4B4D-AE54-381B6EE2539F}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1B9EC4DF-D3DD-4993-BAA9-33DF77C3F021}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{244D7670-DEA0-45DF-8C68-3BC6B1037AE8}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{295A2360-64A9-4560-892E-A26197754AEE}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\adobe\adobe version cue cs4\server\bin\versioncuecs4.exe |
"{2BE87CE7-B9FC-45E4-B6B3-91AA4ACD5176}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{2EEBA0C3-B3CF-4EE9-B3F9-A99F0F0EC716}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{3052C228-86E1-445E-A083-270C37D8772E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{347582A2-A1BB-4333-9C4A-48DB7CC6D5B8}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{37518A76-BC03-42DF-BCAA-413B6C9B27A3}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{38544D2A-4C93-461C-8E3E-4BFD7F399FE3}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{42A08E7E-FD92-4A52-AA7A-5E303B505DA4}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{435B9CCC-5737-4214-93E7-8849AAA2444B}" = protocol=17 | dir=in | app=c:\windows\syswow64\zonelabs\vsmon.exe |
"{451E64FB-C811-47D7-B7B0-C42F5922280C}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{4F2DF5B3-DA45-4F10-9888-1708D5AA84CE}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{553DB690-6C2A-4D37-9AC1-C5F9BD8F8024}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{599D9A58-6A1E-43AF-9B3D-CFD5F1F6C3C5}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{5A415F7C-DEFB-4E84-8850-858D19B3790F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{5DEF7C29-E954-4306-B6B1-7C74EE748362}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{5F7E3723-C38A-4CAF-8661-64005137DF3A}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{605D44A7-F9EB-4E79-BA1F-755E4D759095}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{6824C8B2-ED19-4A47-869B-BFB34F797962}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{72E098AD-09A9-4BCA-8616-96FFB74A4A4E}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{74F0EDC3-23C1-4408-BF14-6C244CF643D7}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{7C1ECC32-F6AC-4DFB-ABC6-C8621E21DACB}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{7D8CA4F1-5168-456E-8F21-4A4292A2CBB4}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{7E4D92AA-C500-4198-A1D6-9251356BD08D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{8A9EEDE4-E79A-469C-9876-4D466147D2F1}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{8DB4154E-F9EE-49B7-93A4-C846E750330C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{93C41A60-355A-4297-999F-B83F8332FC34}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{9BF7A627-64D6-4DEC-A53E-80B0F0DA14E3}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{9EE8C230-AB11-4A0E-BCFA-4833261CA300}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{9EF6C67B-799A-427B-94A5-140054509A85}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe |
"{AA8631D8-A821-4820-98A3-CE15F52D01D9}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{B0F1B59C-41EB-4358-BAD0-BC7DE9E3B718}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\adobe\adobe version cue cs4\server\bin\versioncuecs4.exe |
"{B166711D-4AC3-4832-9CCA-BAA1281E8AEC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B6ED28D8-115A-47C6-83CB-7CB58ADF51AE}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{CA917937-50B7-4DE0-98D9-905818AE0722}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{DA07AFB7-7696-4296-B00C-E4AEF95AAA4F}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{DFCAE91C-5335-428C-863A-FF232E6FD766}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{E04BEF2C-BFC7-450E-AD91-F24885DBB203}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{E26A3C71-3CDC-4717-8C71-55887C582E95}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{E5AB3AD2-12BD-4749-B2E4-5AC8F019173B}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{EA957324-8003-42A7-8799-A1417B77E9B9}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{FA38C3FC-3654-4E9D-91A8-147022580BD6}" = protocol=6 | dir=in | app=c:\windows\syswow64\zonelabs\vsmon.exe |
"TCP Query User{BA44F04A-DBF6-4730-8724-49689E557F4B}C:\program files (x86)\syncables\syncables desktop\jre\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\syncables\syncables desktop\jre\bin\javaw.exe |
"UDP Query User{58E4F0DF-585A-4C0F-A445-7427AA6546F5}C:\program files (x86)\syncables\syncables desktop\jre\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\syncables\syncables desktop\jre\bin\javaw.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{13F4A7F3-EABC-4261-AF6B-1317777F0755}" = Fast Boot
"{295CFB7C-A57E-4313-93E7-68E7CE1D0332}" = Adobe WinSoft Linguistics Plugin x64
"{2D74E972-5A85-44DC-9193-8A302BA8C181}" = Photoshop Camera Raw_x64
"{3768263E-8BE8-4CEF-9463-6D36F731824B}" = Windows Live Family Safety
"{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}" = Intel(R) Turbo Boost Technology Monitor
"{489F2C5A-83B9-79D5-714C-1DEF32A898E5}" = ATI AVIVO64 Codecs
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}" = Windows Mobile-Gerätecenter
"{6631325A-9B1B-4EE7-8E64-8CC4A6F10643}" = Adobe Fonts All x64
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{8875A1C0-6308-4790-8CF6-D34E89880052}" = Adobe Linguistics CS4 x64
"{887797BF-37A5-4199-B0C9-0D38D6196E9A}" = Adobe Anchor Service x64 CS4
"{8C8D673B-20FB-43E6-BCB7-9B3F78F2E762}" = Adobe Type Support x64 CS4
"{8DAA31EB-6830-4006-A99F-4DF8AB24714F}" = Adobe CSI CS4 x64
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{90BA8112-80B3-4617-A3C1-BD2771B60F74}" = Adobe CMaps x64 CS4
"{91EFE3A1-585E-4F66-B5F6-F118F56C4C47}" = ASUS Power4Gear Hybrid
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A3454894-144A-4D80-B605-C128FE0D7329}" = Adobe Drive CS4 x64
"{AA5A2780-10FC-913C-B8AA-FE42DFDBAA42}" = ccc-utility64
"{B37A99DD-88E2-4ED0-80B4-1E054AB354BF}" = Adobe InDesign CS4 Icon Handler x64
"{D0528577-31BF-2ABC-D7FC-E443EBF8B40A}" = ATI Catalyst Install Manager
"{D40172D6-CE2D-4B72-BF5F-26A04A900B7B}" = Adobe Photoshop CS4 (64 Bit)
"{DFFABE78-8173-4E97-9C5C-22FB26192FC5}" = Adobe PDF Library Files x64 CS4
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CNXT_AUDIO_HDA" = Conexant HD Audio
"Elantech" = ETDWare PS/2-x64 7.0.5.10_WHQL
"EPSON SX420W Series" = EPSON SX420W Series Printer Uninstall
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Sunplus SPUVCb" = USB Video Device
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03B8AA32-F23C-4178-B8E6-09ECD07EAA47}" = Epson Event Manager
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{06585B02-F20D-4AB2-9A64-86EF2AE0F8F0}" = ASUS AI Recovery
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{09298F26-A95C-31E2-9D95-2C60F586F075}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{0969AF05-4FF6-4C00-9406-43599238DE0D}" = ASUS Splendid Video Enhancement Technology
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{098A2A49-7CF3-4F08-A38D-FB879117152A}" = Adobe Color NA Extra Settings CS4
"{0A146245-DB79-4197-BF5D-FE1A699A2CC7}" = Camera Window DS
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0DC0E85F-36E4-463B-B3EA-4CD8ED2222A1}" = Adobe Color EU Recommended Settings CS4
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{14F70205-1940-4000-88C7-BE799A6B2CAD}" = Adobe Soundbooth CS4
"{15BF7AAF-846C-4A6D-80E1-5D1FC7FB461B}" = Adobe SGM CS4
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{182A1405-9660-F35E-4910-2F4804EF9CD1}" = Catalyst Control Center Core Implementation
"{1B7C06E1-4888-47A6-992A-0990B9683486}" = Adobe Version Cue CS4 Server
"{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}" = ASUS LifeFrame3
"{1DCA3EAA-6EB5-4563-A970-EA14D75037BA}" = Adobe InDesign CS4
"{1E04CB54-AF4E-4AC3-B4B7-C0A160BE57F1}" = Adobe InDesign CS4 Icon Handler
"{1E9165D4-D1BB-A8FF-4D81-4769904075BE}" = CCC Help Spanish
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{20FDF948-C8ED-4543-A539-F7F4AEF5AFA2}" = Wireless Console 3
"{2271DC83-BDCA-B742-0F66-51C548D83878}" = CCC Help Hungarian
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2458E345-90BF-A135-A9F6-7B79E5A1B034}" = Catalyst Control Center Graphics Full New
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron Flash Media Controller Driver
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{2801377C-AED0-9DF8-8C13-DE5B8A255E01}" = CCC Help Italian
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2944D228-BD9D-293C-9207-36F3F83200C7}" = Catalyst Control Center Graphics Full Existing
"{297190A1-4B0D-4CD6-8B9F-3907F15C3FD8}" = Adobe CS4 American English Speech Analysis Models
"{2B81872B-A054-48DA-BE3B-FA5C164C303A}" = ASUS FancyStart
"{2BAF2B96-7560-48B4-87D4-10178DDBE217}" = Adobe InDesign CS4 Application Feature Set Files (Roman)
"{2BE54333-0A35-B568-B9B6-BBAC93363F07}" = CCC Help Polish
"{30C8AA56-4088-426F-91D1-0EDFD3A25678}" = Adobe Dreamweaver CS4
"{321CA409-D308-D275-FD2E-07745286F7B1}" = CCC Help Portuguese
"{3222B0CE-59C5-4CA0-B545-2B88F200756B}" = Falk Navi-Manager
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{36C65B50-37BA-4467-AAD5-0523EFDF6F62}" = Camera Window MC
"{394B8A28-0984-B687-DC3D-600A83E3D8AB}" = ccc-core-static
"{39F58DDB-B2B8-4B86-AF20-4706A80EB30D}" = Epson Easy Photo Print 2
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3C168069-602E-D4DE-AAEA-C83395FD7CBB}" = CCC Help German
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{3E31400D-274E-4647-916C-2CACC3741799}" = EpsonNet Print
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{428FDF9F-E010-4C4C-A8BB-156960AFCA1C}" = Adobe Fireworks CS4
"{43509E18-076E-40FE-AF38-CA5ED400A5A9}" = Pixel Bender Toolkit
"{44E240EC-2224-4078-A88B-2CEE0D3016EF}" = Adobe After Effects CS4 Presets
"{45EC816C-0771-4C14-AE6D-72D1B578F4C8}" = Adobe After Effects CS4
"{47C6F987-685A-41AE-B092-E75B277AEE39}" = Adobe Flash CS4 Extension - Flash Lite STI others
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A52555C-032A-4083-BDD9-6A85ABFB39A8}" = Adobe SING CS4
"{4AB8B41B-3AF1-46BE-99B0-0ACD3B300C0A}" = Junk Mail filter update
"{507BF84D-922E-367A-1B91-2C92A8626627}" = CCC Help Finnish
"{52232EF4-CC12-4C21-ABCF-ADB79618302D}" = Adobe Soundbooth CS4 Codecs
"{561968FD-56A1-49FD-9ED0-F55482C7C5BC}" = Adobe Media Encoder CS4 Exporter
"{56670C91-F1BA-86BC-0AAE-8605B726EF2F}" = CCC Help Russian
"{57CB36B6-4884-535F-9379-34560046C912}" = CCC Help Dutch
"{5A166C0B-9557-4364-A057-F946D674E6AC}" = Windows Live Mail
"{5B65EF64-1DFA-414A-8C94-7BB726158E21}" = ControlDeck
"{5EAD5443-7194-46CC-A055-428E6ABB1BAF}" = Adobe Encore CS4
"{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support
"{61D6891E-E822-4448-9F9A-0AAAAEB6AF6C}" = Adobe Creative Suite 4 Master Collection
"{6324A1EF-CEF4-43E3-8BCD-9EF3F67317FD}" = NB Probe
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{64452561-169F-4A36-A2FF-B5E118EC65F5}" = ASUS SmartLogon
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{67A9747A-E1F5-4E9A-81CC-12B5D5B81B6E}" = Adobe After Effects CS4 Third Party Content
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{698E45C8-5054-554F-51CB-68847E4B0BA5}" = CCC Help Greek
"{6A5CC193-FA73-4D82-8F33-A33AAD7471E0}" = o2 Verbindungsmanager
"{6B77A7F6-DD63-4F13-A6FF-83137A5AC354}" = ASUS CopyProtect
"{6B96DADA-1A27-4A04-8CB2-CC45168D05FA}" = Windows Live Fotogalerie
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{719C5E05-B9B2-EBBB-766D-2A1245147DF9}" = Catalyst Control Center Graphics Previews Common
"{7406DF60-016D-476B-A2C7-55D997592047}" = Adobe OnLocation CS4
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77498F29-4EFE-159E-DB0E-8E36C3E2B473}" = CCC Help Danish
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{788A7564-40B9-4993-78AF-1852D423781E}" = CCC Help Chinese Traditional
"{7CC7BDD5-6F10-4724-96A1-EAC7D9F2831C}" = Adobe InDesign CS4 Common Base Files
"{81821BF8-DA20-4F8C-AA87-F70A274828D4}" = Windows Live Writer
"{8186FF34-D389-4B7E-9A2F-C197585BCFBD}" = Adobe Media Encoder CS4 Importer
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{835686C5-8650-49EB-8CA0-4528B4035495}" = Windows Live Call
"{837B6259-6FF5-4E66-87C1-A5A15ED36FF4}" = Windows Live Messenger
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{83E2CFA9-E0EB-4E08-9F85-43E577FF3D60}" = Windows Live Anmelde-Assistent
"{83E58D0D-7FF8-448D-9151-C3EE1BDE8380}" = Falk Navi-Manager
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{87532CAB-7932-4F84-8937-823337622807}" = Adobe Illustrator CS4
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8A8C4EAC-9AB7-45FA-9480-5716FD261031}" = Nero 7 Essentials
"{8C1E2925-14F8-45AA-B999-1E2A74BF5607}" = Windows Live Sync
"{8F21291E-0444-4B1D-B9F9-4370A73E346D}" = WinFlash
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{91D02903-7EDB-2A1F-C19F-8EBB335BA708}" = CCC Help Chinese Standard
"{924A365C-6727-42B9-91AC-C8C2CAC0B835}" = Falk Navi-Manager
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95F1EE6A-2C0E-5CE9-8042-287E11DFA089}" = Catalyst Control Center InstallProxy
"{96DCEE2F-98EE-4F80-8C0F-7C04D1FB9D7F}" = JMicron Ethernet Adapter NDIS Driver
"{9933221A-32B7-75A8-A496-713191B260CC}" = CCC Help Norwegian
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C28D1FA-B33F-AA17-9A87-FA556C5B6C2D}" = CCC Help English
"{9C976EB6-3C08-3B82-0162-26513153E347}" = CCC Help French
"{9D48531D-2135-49FC-BC29-ACCDA5396A76}" = ASUS MultiFrame
"{9D6D7811-43B3-463C-BC79-5D1755269989}" = Net4Switch
"{9EC8C2B7-74F5-EEDC-E3F2-3E13564ABF8D}" = Catalyst Control Center Graphics Light
"{A0306AD8-1D8C-A5BB-6311-81A42370EEB9}" = Catalyst Control Center Graphics Previews Vista
"{A2EB8F2E-6D9B-4F8B-96EB-F976D33F416F}" = Camera Window DVC
"{A6EC82A0-1414-475D-8AFD-469089F3080D}" = Adobe Contribute CS4
"{AB3C268A-E54B-4F6D-BF97-2DFCEEFA94F5}" = Catalyst Control Center - Branding
"{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}" = ATK Package
"{AB77649D-25F2-EC99-67CD-A1B2F9862199}" = CCC Help Turkish
"{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Français, Deutsch
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.0) - Deutsch
"{B0474B6D-9508-9D4F-694A-9C78F06BB037}" = CCC Help Swedish
"{B05DE7B7-0B40-4411-BD4B-222CAE2D8F15}" = Adobe MotionPicture Color Files CS4
"{B15381DD-FF97-4FCD-A881-ED4DB0975500}" = Adobe Color Video Profiles AE CS4
"{B169BC97-B8AA-4ACA-9CF2-9D0FF5BABDF7}" = Adobe Premiere Pro CS4 Functional Content
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B2D55EB8-32C5-4B43-9006-9E97DECBA178}" = Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser)
"{B5529701-E380-06B7-14A8-D24EC95B5CD2}" = CCC Help Japanese
"{B653A2EC-D816-4498-A4FD-651047AB9DC9}" = Boingo Wi-Fi
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{B9F4561A-924D-4510-A85A-BB0960C338CB}" = Adobe Asset Services CS4
"{BA32FA50-7D3C-F111-9E79-619774EDB517}" = Catalyst Control Center Localization All
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BBED4F90-7AE5-40BF-AFB7-1B495692F4AB}" = syncables desktop SE
"{BD3374D3-C2E6-42B7-A80B-E850B6886246}" = Adobe Flash CS4 STI-other
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BD9CA010-1B74-B806-F4B7-C2175EE3AC2C}" = CCC Help Korean
"{BE9CEAAA-F069-4331-BF2F-8D350F6504F4}" = Adobe Media Encoder CS4 Additional Exporter
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{C8DDAAF4-7690-4A44-8AF4-0ECC55C49654}" = Skat 8.4
"{C938BE91-3BB5-4B84-9EF6-88F0505D0038}" = Adobe Premiere Pro CS4 Third Party Content
"{C9D8A041-2963-4B31-8FFC-1500F3DB9293}" = EpsonNet Setup 3.2
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D499F8DE-3F31-4900-9157-61061613704B}" = Adobe Premiere Pro CS4
"{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}" = Intel(R) Turbo Boost Technology Driver
"{DEB90B8E-0DCB-48CE-B90E-8842A2BD643E}" = Adobe Media Encoder CS4
"{DF5F687F-8018-4542-9F98-7084E9022917}" = Windows Live Essentials
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}" = ASUS Live Update
"{E7C97E98-4C2D-BEAF-5D2F-CC45A2F95D90}" = Acrobat.com
"{E8EE9410-8AC4-4F43-A626-DDECA75C79F3}" = Adobe Setup
"{E8FF78D0-4D1C-4B2D-AC80-670F135F5461}" = Poladroid
"{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}" = ASUS Virtual Camera
"{EE353798-E875-42E0-B58D-7E6696182EA8}" = Adobe Media Encoder CS4 Dolby
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F5E5DFE5-37AC-61A7-1A57-6741C243C96F}" = CCC Help Czech
"{F69E83CF-B440-43F8-89E6-6EA80712109B}" = Windows Live Communications Platform
"{F6E99614-F042-4459-82B7-8B38B2601356}" = Adobe Flash CS4
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F9000000-0018-0000-0000-074957833700}" = ABBYY FineReader 9.0 Sprint
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FA2092C5-7979-412D-A962-6485274AE1EE}" = ASUS Data Security Manager
"{FB2A5FCC-B81B-48C2-A009-7804694D83E9}" = Adobe Encore CS4 Codecs
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FF250E8C-2925-C0C8-71EF-C456BE470759}" = CCC Help Thai
"ABBYY FineReader 9.0 Sprint" = ABBYY FineReader 9.0 Sprint
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_b2d6abde968e6f277ddbfd501383e02" = Adobe Creative Suite 4 Master Collection
"ASUS AP Bank_is1" = ASUS AP Bank
"ASUS WebStorage" = ASUS WebStorage
"Avira AntiVir Desktop" = Avira Free Antivirus
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EPSON Scanner" = EPSON Scan
"EPSON SX420W Series Manual" = EPSON SX420W Series Handbuch
"EPSON SX420W Series Network Guide" = EPSON SX420W Series Netzwerk-Handbuch
"FeedReader_is1" = FeedReader
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.8
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.8.815
"InstallShield_{0A146245-DB79-4197-BF5D-FE1A699A2CC7}" = Canon Camera Window DSLR 5 for ZoomBrowser EX
"InstallShield_{36C65B50-37BA-4467-AAD5-0523EFDF6F62}" = Canon Camera Window MC 5 for ZoomBrowser EX
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{A2EB8F2E-6D9B-4F8B-96EB-F976D33F416F}" = Canon Camera Window DC_DV 5 for ZoomBrowser EX
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"K_Series_ScreenSaver_EN" = K_Series_ScreenSaver_EN
"LastFM_is1" = Last.fm 1.5.4.27091
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300
"Mozilla Firefox 14.0.1 (x86 de)" = Mozilla Firefox 14.0.1 (x86 de)
"Pixum EasyBook" = Pixum EasyBook
"RealPlayer 12.0" = RealPlayer
"Uninstall_is1" = Uninstall 1.0.0.1
"WinLiveSuite_Wave3" = Windows Live Essentials
"ZoneAlarm" = ZoneAlarm
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-3813763852-776618936-3657280800-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 07.08.2011 16:55:18 | Computer Name = Franzi-PC | Source = SideBySide | ID = 16842811
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
(x86)\microsoft\search enhancement pack\search helper\searchhelper.dll". Fehler
in Manifest- oder Richtliniendatei "c:\program files (x86)\microsoft\search enhancement
pack\search helper\searchhelper.dll" in Zeile 2. Ungültige XML-Syntax.
Error - 08.08.2011 08:34:51 | Computer Name = Franzi-PC | Source = SideBySide | ID = 16842811
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
(x86)\microsoft\search enhancement pack\search helper\searchhelper.dll". Fehler
in Manifest- oder Richtliniendatei "c:\program files (x86)\microsoft\search enhancement
pack\search helper\searchhelper.dll" in Zeile 2. Ungültige XML-Syntax.
Error - 09.08.2011 04:24:18 | Computer Name = Franzi-PC | Source = SideBySide | ID = 16842811
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
(x86)\microsoft\search enhancement pack\search helper\searchhelper.dll". Fehler
in Manifest- oder Richtliniendatei "c:\program files (x86)\microsoft\search enhancement
pack\search helper\searchhelper.dll" in Zeile 2. Ungültige XML-Syntax.
Error - 09.08.2011 10:01:19 | Computer Name = Franzi-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: feedreader.exe, Version: 3.14.0.1,
Zeitstempel: 0x2a425e19 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17514,
Zeitstempel: 0x4ce7ba58 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0002f4ef ID des fehlerhaften
Prozesses: 0xaec Startzeit der fehlerhaften Anwendung: 0x01cc5669804263b9 Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\FeedReader30\feedreader.exe Pfad
des fehlerhaften Moduls: C:\Windows\SysWOW64\ntdll.dll Berichtskennung: 0d9912f2-c290-11e0-9019-20cf3025d25b
Error - 11.08.2011 08:47:55 | Computer Name = Franzi-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: ALU.exe, Version: 1.0.0.1, Zeitstempel:
0x474f8081 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel:
0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00000000 ID des fehlerhaften Prozesses:
0xc70 Startzeit der fehlerhaften Anwendung: 0x01cc5824daa5ff97 Pfad der fehlerhaften
Anwendung: C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe Pfad des fehlerhaften
Moduls: unknown Berichtskennung: 21f6fd74-c418-11e0-8e13-20cf3025d25b
Error - 11.08.2011 09:31:06 | Computer Name = Franzi-PC | Source = SideBySide | ID = 16842811
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
(x86)\microsoft\search enhancement pack\search helper\searchhelper.dll". Fehler
in Manifest- oder Richtliniendatei "c:\program files (x86)\microsoft\search enhancement
pack\search helper\searchhelper.dll" in Zeile 2. Ungültige XML-Syntax.
Error - 12.08.2011 06:06:20 | Computer Name = Franzi-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: feedreader.exe, Version: 3.14.0.1,
Zeitstempel: 0x2a425e19 Name des fehlerhaften Moduls: feedreader.exe, Version: 3.14.0.1,
Zeitstempel: 0x2a425e19 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00007568 ID des fehlerhaften
Prozesses: 0x1530 Startzeit der fehlerhaften Anwendung: 0x01cc58c93d14e559 Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\FeedReader30\feedreader.exe Pfad
des fehlerhaften Moduls: C:\Program Files (x86)\FeedReader30\feedreader.exe Berichtskennung:
b9733432-c4ca-11e0-bff1-20cf3025d25b
Error - 14.08.2011 16:09:10 | Computer Name = Franzi-PC | Source = Windows Backup | ID = 4103
Description =
Error - 15.08.2011 07:40:44 | Computer Name = Franzi-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: feedreader.exe, Version: 3.14.0.1,
Zeitstempel: 0x2a425e19 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17514,
Zeitstempel: 0x4ce7ba58 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0004195f ID des fehlerhaften
Prozesses: 0x16a8 Startzeit der fehlerhaften Anwendung: 0x01cc5b2ebb05709b Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\FeedReader30\feedreader.exe Pfad
des fehlerhaften Moduls: C:\Windows\SysWOW64\ntdll.dll Berichtskennung: 68b636ea-c733-11e0-b5ea-20cf3025d25b
Error - 18.08.2011 06:36:12 | Computer Name = Franzi-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: AcroRd32.exe, Version: 10.1.0.534,
Zeitstempel: 0x4ded15a3 Name des fehlerhaften Moduls: USER32.dll, Version: 6.1.7601.17514,
Zeitstempel: 0x4ce7ba59 Ausnahmecode: 0xc0000005 Fehleroffset: 0x000491c6 ID des fehlerhaften
Prozesses: 0x1624 Startzeit der fehlerhaften Anwendung: 0x01cc5d90b409384c Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe
Pfad
des fehlerhaften Moduls: C:\Windows\syswow64\USER32.dll Berichtskennung: e3cc2b23-c985-11e0-8f75-20cf3025d25b
[ Media Center Events ]
Error - 16.11.2010 16:40:34 | Computer Name = Franzi-PC | Source = MCUpdate | ID = 0
Description = 21:40:34 - Fehler beim Herstellen der Internetverbindung. 21:40:34
- Serververbindung konnte nicht hergestellt werden..
Error - 16.11.2010 16:40:45 | Computer Name = Franzi-PC | Source = MCUpdate | ID = 0
Description = 21:40:42 - Fehler beim Herstellen der Internetverbindung. 21:40:42
- Serververbindung konnte nicht hergestellt werden..
Error - 03.12.2010 08:15:58 | Computer Name = Franzi-PC | Source = MCUpdate | ID = 0
Description = 13:15:58 - Fehler beim Herstellen der Internetverbindung. 13:15:58
- Serververbindung konnte nicht hergestellt werden..
Error - 03.12.2010 08:16:10 | Computer Name = Franzi-PC | Source = MCUpdate | ID = 0
Description = 13:16:03 - Fehler beim Herstellen der Internetverbindung. 13:16:03
- Serververbindung konnte nicht hergestellt werden..
Error - 25.12.2010 16:40:36 | Computer Name = Franzi-PC | Source = MCUpdate | ID = 0
Description = 21:40:36 - Fehler beim Herstellen der Internetverbindung. 21:40:36
- Serververbindung konnte nicht hergestellt werden..
Error - 25.12.2010 16:40:45 | Computer Name = Franzi-PC | Source = MCUpdate | ID = 0
Description = 21:40:41 - Fehler beim Herstellen der Internetverbindung. 21:40:41
- Serververbindung konnte nicht hergestellt werden..
Error - 19.02.2011 14:05:47 | Computer Name = Franzi-PC | Source = MCUpdate | ID = 0
Description = 19:05:47 - Fehler beim Herstellen der Internetverbindung. 19:05:47
- Serververbindung konnte nicht hergestellt werden..
Error - 22.02.2011 04:19:13 | Computer Name = Franzi-PC | Source = MCUpdate | ID = 0
Description = 09:19:13 - Fehler beim Herstellen der Internetverbindung. 09:19:13
- Serververbindung konnte nicht hergestellt werden..
Error - 22.02.2011 04:19:50 | Computer Name = Franzi-PC | Source = MCUpdate | ID = 0
Description = 09:19:43 - Fehler beim Herstellen der Internetverbindung. 09:19:43
- Serververbindung konnte nicht hergestellt werden..
Error - 24.02.2011 12:58:51 | Computer Name = Franzi-PC | Source = MCUpdate | ID = 0
Description = 17:58:51 - Fehler beim Herstellen der Internetverbindung. 17:58:51
- Serververbindung konnte nicht hergestellt werden..
[ System Events ]
Error - 15.08.2012 10:40:56 | Computer Name = Franzi-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "IPsec-Richtlinien-Agent" wurde mit folgendem Fehler beendet:
%%1747
Error - 15.08.2012 10:40:57 | Computer Name = Franzi-PC | Source = Microsoft-Windows-LanguagePackSetup | ID = 1000
Description = Fehler bei der CBS-Clientinitialisierung. Letzter Fehler: 0x8007045b
Error - 15.08.2012 10:40:57 | Computer Name = Franzi-PC | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description = Fehler beim Starten des Assistenten für das Sprachpaket-Setup. Führen
Sie einen Neustart des Systems aus, und führen Sie den Assistenten erneut aus.
Error - 15.08.2012 10:40:59 | Computer Name = Franzi-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "spmgr" wurde aufgrund folgenden Fehlers nicht gestartet:
%%109
Error - 15.08.2012 10:40:59 | Computer Name = Franzi-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Diagnosesystemhost" wurde aufgrund folgenden Fehlers nicht
gestartet: %%1115
Error - 17.08.2012 06:27:34 | Computer Name = Franzi-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
Error - 17.08.2012 06:27:35 | Computer Name = Franzi-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
Error - 17.08.2012 06:27:36 | Computer Name = Franzi-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
Error - 17.08.2012 06:27:37 | Computer Name = Franzi-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
Error - 27.08.2012 06:09:12 | Computer Name = Franzi-PC | Source = Service Control Manager | ID = 7022
Description = Der Dienst "Windows Update" wurde nicht richtig gestartet.
< End of report >
|
|
27.08.2012, 19:03
| #2 |
| /// Helfer-Team  | GVU Trojaner 2.07 komplett entfernen Fixen mit OTL Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).
Code:
ATTFilter :OTL
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.facemoods.com/?a=kno&s={searchTerms}&f=4
IE - HKLM\..\URLSearchHook: {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - SOFTWARE\Classes\CLSID\{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}\InprocServer32 File not found
IE - HKLM\..\SearchScopes,DefaultScope = {AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUT
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3813763852-776618936-3657280800-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://mystart.incredimail.com/mb68?u=92541563673099595
IE - HKU\S-1-5-21-3813763852-776618936-3657280800-1001\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - No CLSID value found
IE - HKU\S-1-5-21-3813763852-776618936-3657280800-1001\..\URLSearchHook: {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - SOFTWARE\Classes\CLSID\{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}\InprocServer32 File not found
IE - HKU\S-1-5-21-3813763852-776618936-3657280800-1001\..\SearchScopes,DefaultScope = {CFF4DB9B-135F-47c0-9269-B4C6572FD61A}
IE - HKU\S-1-5-21-3813763852-776618936-3657280800-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-3813763852-776618936-3657280800-1001\..\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}: "URL" = http://start.facemoods.com/?a=kno&s={searchTerms}&f=4
IE - HKU\S-1-5-21-3813763852-776618936-3657280800-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\S-1-5-21-3813763852-776618936-3657280800-1001\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050
IE - HKU\S-1-5-21-3813763852-776618936-3657280800-1001\..\SearchScopes\{BE9654C9-9D79-42ec-B55A-3CAEB12DBF58}: "URL" = http://www.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKU\S-1-5-21-3813763852-776618936-3657280800-1001\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = http://mystart.incredimail.com/mb68/?search={searchTerms}&loc=search_box&u=92541563673099595
IE - HKU\S-1-5-21-3813763852-776618936-3657280800-1001\..\SearchScopes\{EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C}: "URL" = http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&query={searchTerms}&invocationType=tb50winampie7
IE - HKU\S-1-5-21-3813763852-776618936-3657280800-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3813763852-776618936-3657280800-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
FF - prefs.js..browser.search.defaultenginename: "MyStart Search"
FF - prefs.js..browser.search.defaultthis.engineName: "DVDVideoSoftTB Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.de/firefox"
FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2613550&q="
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
[2012.07.24 21:28:33 | 000,000,000 | ---D | M] (FLV Runner) -- C:\Users\Franzi\AppData\Roaming\mozilla\Firefox\Profiles\flnb1r7m.default\extensions\{3bbd3c14-4c16-4989-8366-95bc9179779d}
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (IncrediMail MediaBar 2 Toolbar) - {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - C:\Program Files (x86)\IncrediMail_MediaBar_2\tbIncr.dll File not found
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (IncrediMail MediaBar 2 Toolbar) - {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - C:\Program Files (x86)\IncrediMail_MediaBar_2\tbIncr.dll File not found
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-3813763852-776618936-3657280800-1001\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files (x86)\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
O4 - HKU\S-1-5-21-3813763852-776618936-3657280800-1001..\Run: [AdobeBridge] File not found
O4 - HKU\S-1-5-21-3813763852-776618936-3657280800-1001..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O7 - HKU\S-1-5-21-3813763852-776618936-3657280800-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{b96f1459-dd58-11e0-a8b8-20cf3025d25b}\Shell - "" = AutoRun
O33 - MountPoints2\{b96f1459-dd58-11e0-a8b8-20cf3025d25b}\Shell\AutoRun\command - "" = F:\AUTORUN_o2Surfstick.exe /EjectCDROM
[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]
[2012.08.09 22:47:07 | 004,503,728 | ---- | M] () -- C:\ProgramData\ldsw_0paos.pad
[2012.08.09 20:11:03 | 000,001,889 | ---- | M] () -- C:\Users\Franzi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
[2012.08.05 15:35:21 | 000,000,000 | ---D | C] -- C:\Users\Franzi\AppData\Roaming\UAs
[2012.08.02 20:13:27 | 000,000,000 | ---D | C] -- C:\Users\Franzi\AppData\Roaming\xmldm
[2012.08.02 20:13:25 | 000,000,000 | ---D | C] -- C:\Users\Franzi\AppData\Roaming\kock
[2010.10.01 22:12:38 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
:Files
C:\Users\Franzi\AppData\Local\{*}
C:\ProgramData\*.exe
C:\ProgramData\TEMP
C:\Users\Franzi\AppData\Local\Temp\*.exe
C:\Users\Franzi\AppData\LocalLow\Sun\Java\Deployment\cache
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden. Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!
__________________ |
|
28.08.2012, 10:56
| #3 |
| | GVU Trojaner 2.07 komplett entfernen Hi t'john,
__________________hat alles soweit geklappt. Hier das Logfile: Code:
ATTFilter All processes killed
========== OTL ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search\\SearchAssistant| /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}\ deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKU\S-1-5-21-3813763852-776618936-3657280800-1001\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry value HKEY_USERS\S-1-5-21-3813763852-776618936-3657280800-1001\Software\Microsoft\Internet Explorer\URLSearchHooks\\{872b5b88-9db5-4310-bdd0-ac189557e5f5} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\ not found.
Registry value HKEY_USERS\S-1-5-21-3813763852-776618936-3657280800-1001\Software\Microsoft\Internet Explorer\URLSearchHooks\\{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}\ not found.
HKEY_USERS\S-1-5-21-3813763852-776618936-3657280800-1001\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-3813763852-776618936-3657280800-1001\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_USERS\S-1-5-21-3813763852-776618936-3657280800-1001\Software\Microsoft\Internet Explorer\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0D7562AE-8EF6-416d-A838-AB665251703A}\ not found.
Registry key HKEY_USERS\S-1-5-21-3813763852-776618936-3657280800-1001\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
Registry key HKEY_USERS\S-1-5-21-3813763852-776618936-3657280800-1001\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
Registry key HKEY_USERS\S-1-5-21-3813763852-776618936-3657280800-1001\Software\Microsoft\Internet Explorer\SearchScopes\{BE9654C9-9D79-42ec-B55A-3CAEB12DBF58}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BE9654C9-9D79-42ec-B55A-3CAEB12DBF58}\ not found.
Registry key HKEY_USERS\S-1-5-21-3813763852-776618936-3657280800-1001\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}\ not found.
Registry key HKEY_USERS\S-1-5-21-3813763852-776618936-3657280800-1001\Software\Microsoft\Internet Explorer\SearchScopes\{EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C}\ not found.
HKU\S-1-5-21-3813763852-776618936-3657280800-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKU\S-1-5-21-3813763852-776618936-3657280800-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
Prefs.js: "MyStart Search" removed from browser.search.defaultenginename
Prefs.js: "DVDVideoSoftTB Customized Web Search" removed from browser.search.defaultthis.engineName
Prefs.js: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}" removed from browser.search.defaulturl
Prefs.js: false removed from browser.search.update
Prefs.js: true removed from browser.search.useDBForOrder
Prefs.js: "hxxp://www.google.de/firefox" removed from browser.startup.homepage
Prefs.js: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2613550&q=" removed from keyword.URL
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@checkpoint.com/FFApi\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=\ deleted successfully.
C:\Users\Franzi\AppData\Roaming\mozilla\Firefox\Profiles\flnb1r7m.default\extensions\{3bbd3c14-4c16-4989-8366-95bc9179779d}\Plugins folder moved successfully.
C:\Users\Franzi\AppData\Roaming\mozilla\Firefox\Profiles\flnb1r7m.default\extensions\{3bbd3c14-4c16-4989-8366-95bc9179779d}\modules folder moved successfully.
C:\Users\Franzi\AppData\Roaming\mozilla\Firefox\Profiles\flnb1r7m.default\extensions\{3bbd3c14-4c16-4989-8366-95bc9179779d}\META-INF folder moved successfully.
C:\Users\Franzi\AppData\Roaming\mozilla\Firefox\Profiles\flnb1r7m.default\extensions\{3bbd3c14-4c16-4989-8366-95bc9179779d}\lib folder moved successfully.
C:\Users\Franzi\AppData\Roaming\mozilla\Firefox\Profiles\flnb1r7m.default\extensions\{3bbd3c14-4c16-4989-8366-95bc9179779d}\defaults\preferences folder moved successfully.
C:\Users\Franzi\AppData\Roaming\mozilla\Firefox\Profiles\flnb1r7m.default\extensions\{3bbd3c14-4c16-4989-8366-95bc9179779d}\defaults folder moved successfully.
C:\Users\Franzi\AppData\Roaming\mozilla\Firefox\Profiles\flnb1r7m.default\extensions\{3bbd3c14-4c16-4989-8366-95bc9179779d}\chrome\CT3201318\skin folder moved successfully.
C:\Users\Franzi\AppData\Roaming\mozilla\Firefox\Profiles\flnb1r7m.default\extensions\{3bbd3c14-4c16-4989-8366-95bc9179779d}\chrome\CT3201318\content\tb\sl folder moved successfully.
C:\Users\Franzi\AppData\Roaming\mozilla\Firefox\Profiles\flnb1r7m.default\extensions\{3bbd3c14-4c16-4989-8366-95bc9179779d}\chrome\CT3201318\content\tb\lib folder moved successfully.
C:\Users\Franzi\AppData\Roaming\mozilla\Firefox\Profiles\flnb1r7m.default\extensions\{3bbd3c14-4c16-4989-8366-95bc9179779d}\chrome\CT3201318\content\tb\core folder moved successfully.
C:\Users\Franzi\AppData\Roaming\mozilla\Firefox\Profiles\flnb1r7m.default\extensions\{3bbd3c14-4c16-4989-8366-95bc9179779d}\chrome\CT3201318\content\tb\al\wa\WEATHER\js folder moved successfully.
C:\Users\Franzi\AppData\Roaming\mozilla\Firefox\Profiles\flnb1r7m.default\extensions\{3bbd3c14-4c16-4989-8366-95bc9179779d}\chrome\CT3201318\content\tb\al\wa\WEATHER\css folder moved successfully.
C:\Users\Franzi\AppData\Roaming\mozilla\Firefox\Profiles\flnb1r7m.default\extensions\{3bbd3c14-4c16-4989-8366-95bc9179779d}\chrome\CT3201318\content\tb\al\wa\WEATHER folder moved successfully.
C:\Users\Franzi\AppData\Roaming\mozilla\Firefox\Profiles\flnb1r7m.default\extensions\{3bbd3c14-4c16-4989-8366-95bc9179779d}\chrome\CT3201318\content\tb\al\wa\TWITTER\resources folder moved successfully.
C:\Users\Franzi\AppData\Roaming\mozilla\Firefox\Profiles\flnb1r7m.default\extensions\{3bbd3c14-4c16-4989-8366-95bc9179779d}\chrome\CT3201318\content\tb\al\wa\TWITTER\js folder moved successfully.
C:\Users\Franzi\AppData\Roaming\mozilla\Firefox\Profiles\flnb1r7m.default\extensions\{3bbd3c14-4c16-4989-8366-95bc9179779d}\chrome\CT3201318\content\tb\al\wa\TWITTER\img folder moved successfully.
C:\Users\Franzi\AppData\Roaming\mozilla\Firefox\Profiles\flnb1r7m.default\extensions\{3bbd3c14-4c16-4989-8366-95bc9179779d}\chrome\CT3201318\content\tb\al\wa\TWITTER folder moved successfully.
C:\Users\Franzi\AppData\Roaming\mozilla\Firefox\Profiles\flnb1r7m.default\extensions\{3bbd3c14-4c16-4989-8366-95bc9179779d}\chrome\CT3201318\content\tb\al\wa\TESTER_POPUP\js folder moved successfully.
C:\Users\Franzi\AppData\Roaming\mozilla\Firefox\Profiles\flnb1r7m.default\extensions\{3bbd3c14-4c16-4989-8366-95bc9179779d}\chrome\CT3201318\content\tb\al\wa\TESTER_POPUP folder moved successfully.
C:\Users\Franzi\AppData\Roaming\mozilla\Firefox\Profiles\flnb1r7m.default\extensions\{3bbd3c14-4c16-4989-8366-95bc9179779d}\chrome\CT3201318\content\tb\al\wa\TESTER_EMBEDDED\js folder moved successfully.
C:\Users\Franzi\AppData\Roaming\mozilla\Firefox\Profiles\flnb1r7m.default\extensions\{3bbd3c14-4c16-4989-8366-95bc9179779d}\chrome\CT3201318\content\tb\al\wa\TESTER_EMBEDDED folder moved successfully.
C:\Users\Franzi\AppData\Roaming\mozilla\Firefox\Profiles\flnb1r7m.default\extensions\{3bbd3c14-4c16-4989-8366-95bc9179779d}\chrome\CT3201318\content\tb\al\wa\TESTER_BCAPI\js folder moved successfully.
C:\Users\Franzi\AppData\Roaming\mozilla\Firefox\Profiles\flnb1r7m.default\extensions\{3bbd3c14-4c16-4989-8366-95bc9179779d}\chrome\CT3201318\content\tb\al\wa\TESTER_BCAPI\autoTest\spec folder moved successfully.
C:\Users\Franzi\AppData\Roaming\mozilla\Firefox\Profiles\flnb1r7m.default\extensions\{3bbd3c14-4c16-4989-8366-95bc9179779d}\chrome\CT3201318\content\tb\al\wa\TESTER_BCAPI\autoTest\lib\jasmine-1.1.0 folder moved successfully.
C:\Users\Franzi\AppData\Roaming\mozilla\Firefox\Profiles\flnb1r7m.default\extensions\{3bbd3c14-4c16-4989-8366-95bc9179779d}\chrome\CT3201318\content\tb\al\wa\TESTER_BCAPI\autoTest\lib folder moved successfully.
C:\Users\Franzi\AppData\Roaming\mozilla\Firefox\Profiles\flnb1r7m.default\extensions\{3bbd3c14-4c16-4989-8366-95bc9179779d}\chrome\CT3201318\content\tb\al\wa\TESTER_BCAPI\autoTest folder moved successfully.
C:\Users\Franzi\AppData\Roaming\mozilla\Firefox\Profiles\flnb1r7m.default\extensions\{3bbd3c14-4c16-4989-8366-95bc9179779d}\chrome\CT3201318\content\tb\al\wa\TESTER_BCAPI folder moved successfully.
C:\Users\Franzi\AppData\Roaming\mozilla\Firefox\Profiles\flnb1r7m.default\extensions\{3bbd3c14-4c16-4989-8366-95bc9179779d}\chrome\CT3201318\content\tb\al\wa\SEARCH_IN_NEW_TAB folder moved successfully.
C:\Users\Franzi\AppData\Roaming\mozilla\Firefox\Profiles\flnb1r7m.default\extensions\{3bbd3c14-4c16-4989-8366-95bc9179779d}\chrome\CT3201318\content\tb\al\wa\SEARCH\view\style\rsx folder moved successfully.
C:\Users\Franzi\AppData\Roaming\mozilla\Firefox\Profiles\flnb1r7m.default\extensions\{3bbd3c14-4c16-4989-8366-95bc9179779d}\chrome\CT3201318\content\tb\al\wa\SEARCH\view\style folder moved successfully.
C:\Users\Franzi\AppData\Roaming\mozilla\Firefox\Profiles\flnb1r7m.default\extensions\{3bbd3c14-4c16-4989-8366-95bc9179779d}\chrome\CT3201318\content\tb\al\wa\SEARCH\view\script folder moved successfully.
C:\Users\Franzi\AppData\Roaming\mozilla\Firefox\Profiles\flnb1r7m.default\extensions\{3bbd3c14-4c16-4989-8366-95bc9179779d}\chrome\CT3201318\content\tb\al\wa\SEARCH\view folder moved successfully.
C:\Users\Franzi\AppData\Roaming\mozilla\Firefox\Profiles\flnb1r7m.default\extensions\{3bbd3c14-4c16-4989-8366-95bc9179779d}\chrome\CT3201318\content\tb\al\wa\SEARCH\resources folder moved successfully.
C:\Users\Franzi\AppData\Roaming\mozilla\Firefox\Profiles\flnb1r7m.default\extensions\{3bbd3c14-4c16-4989-8366-95bc9179779d}\chrome\CT3201318\content\tb\al\wa\SEARCH\js folder moved successfully.
C:\Users\Franzi\AppData\Roaming\mozilla\Firefox\Profiles\flnb1r7m.default\extensions\{3bbd3c14-4c16-4989-8366-95bc9179779d}\chrome\CT3201318\content\tb\al\wa\SEARCH\Css folder moved successfully.
C:\Users\Franzi\AppData\Roaming\mozilla\Firefox\Profiles\flnb1r7m.default\extensions\{3bbd3c14-4c16-4989-8366-95bc9179779d}\chrome\CT3201318\content\tb\al\wa\SEARCH\buildSettings folder moved successfully.
C:\Users\Franzi\AppData\Roaming\mozilla\Firefox\Profiles\flnb1r7m.default\extensions\{3bbd3c14-4c16-4989-8366-95bc9179779d}\chrome\CT3201318\content\tb\al\wa\SEARCH folder moved successfully.
C:\Users\Franzi\AppData\Roaming\mozilla\Firefox\Profiles\flnb1r7m.default\extensions\{3bbd3c14-4c16-4989-8366-95bc9179779d}\chrome\CT3201318\content\tb\al\wa\RADIO_PLAYER\js\resources folder moved successfully.
C:\Users\Franzi\AppData\Roaming\mozilla\Firefox\Profiles\flnb1r7m.default\extensions\{3bbd3c14-4c16-4989-8366-95bc9179779d}\chrome\CT3201318\content\tb\al\wa\RADIO_PLAYER\js folder moved successfully.
C:\Users\Franzi\AppData\Roaming\mozilla\Firefox\Profiles\flnb1r7m.default\extensions\{3bbd3c14-4c16-4989-8366-95bc9179779d}\chrome\CT3201318\content\tb\al\wa\RADIO_PLAYER\css\custom-theme folder moved successfully.
C:\Users\Franzi\AppData\Roaming\mozilla\Firefox\Profiles\flnb1r7m.default\extensions\{3bbd3c14-4c16-4989-8366-95bc9179779d}\chrome\CT3201318\content\tb\al\wa\RADIO_PLAYER\css folder moved successfully.
C:\Users\Franzi\AppData\Roaming\mozilla\Firefox\Profiles\flnb1r7m.default\extensions\{3bbd3c14-4c16-4989-8366-95bc9179779d}\chrome\CT3201318\content\tb\al\wa\RADIO_PLAYER folder moved successfully.
C:\Users\Franzi\AppData\Roaming\mozilla\Firefox\Profiles\flnb1r7m.default\extensions\{3bbd3c14-4c16-4989-8366-95bc9179779d}\chrome\CT3201318\content\tb\al\wa\PRICE_GONG\menu_dlg folder moved successfully.
C:\Users\Franzi\AppData\Roaming\mozilla\Firefox\Profiles\flnb1r7m.default\extensions\{3bbd3c14-4c16-4989-8366-95bc9179779d}\chrome\CT3201318\content\tb\al\wa\PRICE_GONG\images folder moved successfully.
C:\Users\Franzi\AppData\Roaming\mozilla\Firefox\Profiles\flnb1r7m.default\extensions\{3bbd3c14-4c16-4989-8366-95bc9179779d}\chrome\CT3201318\content\tb\al\wa\PRICE_GONG\css\custom-theme folder moved successfully.
C:\Users\Franzi\AppData\Roaming\mozilla\Firefox\Profiles\flnb1r7m.default\extensions\{3bbd3c14-4c16-4989-8366-95bc9179779d}\chrome\CT3201318\content\tb\al\wa\PRICE_GONG\css folder moved successfully.
C:\Users\Franzi\AppData\Roaming\mozilla\Firefox\Profiles\flnb1r7m.default\extensions\{3bbd3c14-4c16-4989-8366-95bc9179779d}\chrome\CT3201318\content\tb\al\wa\PRICE_GONG\agreement folder moved successfully.
C:\Users\Franzi\AppData\Roaming\mozilla\Firefox\Profiles\flnb1r7m.default\extensions\{3bbd3c14-4c16-4989-8366-95bc9179779d}\chrome\CT3201318\content\tb\al\wa\PRICE_GONG folder moved successfully.
C:\Users\Franzi\AppData\Roaming\mozilla\Firefox\Profiles\flnb1r7m.default\extensions\{3bbd3c14-4c16-4989-8366-95bc9179779d}\chrome\CT3201318\content\tb\al\wa\Optimizer\js folder moved successfully.
C:\Users\Franzi\AppData\Roaming\mozilla\Firefox\Profiles\flnb1r7m.default\extensions\{3bbd3c14-4c16-4989-8366-95bc9179779d}\chrome\CT3201318\content\tb\al\wa\Optimizer folder moved successfully.
C:\Users\Franzi\AppData\Roaming\mozilla\Firefox\Profiles\flnb1r7m.default\extensions\{3bbd3c14-4c16-4989-8366-95bc9179779d}\chrome\CT3201318\content\tb\al\wa\NOTIFICATION\js folder moved successfully.
C:\Users\Franzi\AppData\Roaming\mozilla\Firefox\Profiles\flnb1r7m.default\extensions\{3bbd3c14-4c16-4989-8366-95bc9179779d}\chrome\CT3201318\content\tb\al\wa\NOTIFICATION\images\light folder moved successfully.
C:\Users\Franzi\AppData\Roaming\mozilla\Firefox\Profiles\flnb1r7m.default\extensions\{3bbd3c14-4c16-4989-8366-95bc9179779d}\chrome\CT3201318\content\tb\al\wa\NOTIFICATION\images\dark folder moved successfully.
C:\Users\Franzi\AppData\Roaming\mozilla\Firefox\Profiles\flnb1r7m.default\extensions\{3bbd3c14-4c16-4989-8366-95bc9179779d}\chrome\CT3201318\content\tb\al\wa\NOTIFICATION\images folder moved successfully.
C:\Users\Franzi\AppData\Roaming\mozilla\Firefox\Profiles\flnb1r7m.default\extensions\{3bbd3c14-4c16-4989-8366-95bc9179779d}\chrome\CT3201318\content\tb\al\wa\NOTIFICATION\css folder moved successfully.
C:\Users\Franzi\AppData\Roaming\mozilla\Firefox\Profiles\flnb1r7m.default\extensions\{3bbd3c14-4c16-4989-8366-95bc9179779d}\chrome\CT3201318\content\tb\al\wa\NOTIFICATION folder moved successfully.
C:\Users\Franzi\AppData\Roaming\mozilla\Firefox\Profiles\flnb1r7m.default\extensions\{3bbd3c14-4c16-4989-8366-95bc9179779d}\chrome\CT3201318\content\tb\al\wa\MULTI_RSS\js\resources folder moved successfully.
C:\Users\Franzi\AppData\Roaming\mozilla\Firefox\Profiles\flnb1r7m.default\extensions\{3bbd3c14-4c16-4989-8366-95bc9179779d}\chrome\CT3201318\content\tb\al\wa\MULTI_RSS\js folder moved successfully.
C:\Users\Franzi\AppData\Roaming\mozilla\Firefox\Profiles\flnb1r7m.default\extensions\{3bbd3c14-4c16-4989-8366-95bc9179779d}\chrome\CT3201318\content\tb\al\wa\MULTI_RSS\img folder moved successfully.
C:\Users\Franzi\AppData\Roaming\mozilla\Firefox\Profiles\flnb1r7m.default\extensions\{3bbd3c14-4c16-4989-8366-95bc9179779d}\chrome\CT3201318\content\tb\al\wa\MULTI_RSS\css folder moved successfully.
C:\Users\Franzi\AppData\Roaming\mozilla\Firefox\Profiles\flnb1r7m.default\extensions\{3bbd3c14-4c16-4989-8366-95bc9179779d}\chrome\CT3201318\content\tb\al\wa\MULTI_RSS folder moved successfully.
C:\Users\Franzi\AppData\Roaming\mozilla\Firefox\Profiles\flnb1r7m.default\extensions\{3bbd3c14-4c16-4989-8366-95bc9179779d}\chrome\CT3201318\content\tb\al\wa\HIGHLIGHTER\js folder moved successfully.
C:\Users\Franzi\AppData\Roaming\mozilla\Firefox\Profiles\flnb1r7m.default\extensions\{3bbd3c14-4c16-4989-8366-95bc9179779d}\chrome\CT3201318\content\tb\al\wa\HIGHLIGHTER\css folder moved successfully.
C:\Users\Franzi\AppData\Roaming\mozilla\Firefox\Profiles\flnb1r7m.default\extensions\{3bbd3c14-4c16-4989-8366-95bc9179779d}\chrome\CT3201318\content\tb\al\wa\HIGHLIGHTER folder moved successfully.
C:\Users\Franzi\AppData\Roaming\mozilla\Firefox\Profiles\flnb1r7m.default\extensions\{3bbd3c14-4c16-4989-8366-95bc9179779d}\chrome\CT3201318\content\tb\al\wa\EMAIL_NOTIFIER\js\plugins folder moved successfully.
C:\Users\Franzi\AppData\Roaming\mozilla\Firefox\Profiles\flnb1r7m.default\extensions\{3bbd3c14-4c16-4989-8366-95bc9179779d}\chrome\CT3201318\content\tb\al\wa\EMAIL_NOTIFIER\js folder moved successfully.
C:\Users\Franzi\AppData\Roaming\mozilla\Firefox\Profiles\flnb1r7m.default\extensions\{3bbd3c14-4c16-4989-8366-95bc9179779d}\chrome\CT3201318\content\tb\al\wa\EMAIL_NOTIFIER\css folder moved successfully.
C:\Users\Franzi\AppData\Roaming\mozilla\Firefox\Profiles\flnb1r7m.default\extensions\{3bbd3c14-4c16-4989-8366-95bc9179779d}\chrome\CT3201318\content\tb\al\wa\EMAIL_NOTIFIER folder moved successfully.
C:\Users\Franzi\AppData\Roaming\mozilla\Firefox\Profiles\flnb1r7m.default\extensions\{3bbd3c14-4c16-4989-8366-95bc9179779d}\chrome\CT3201318\content\tb\al\wa\APPLICATION_BUTTON\resources folder moved successfully.
C:\Users\Franzi\AppData\Roaming\mozilla\Firefox\Profiles\flnb1r7m.default\extensions\{3bbd3c14-4c16-4989-8366-95bc9179779d}\chrome\CT3201318\content\tb\al\wa\APPLICATION_BUTTON\Js folder moved successfully.
C:\Users\Franzi\AppData\Roaming\mozilla\Firefox\Profiles\flnb1r7m.default\extensions\{3bbd3c14-4c16-4989-8366-95bc9179779d}\chrome\CT3201318\content\tb\al\wa\APPLICATION_BUTTON folder moved successfully.
C:\Users\Franzi\AppData\Roaming\mozilla\Firefox\Profiles\flnb1r7m.default\extensions\{3bbd3c14-4c16-4989-8366-95bc9179779d}\chrome\CT3201318\content\tb\al\wa\404 folder moved successfully.
C:\Users\Franzi\AppData\Roaming\mozilla\Firefox\Profiles\flnb1r7m.default\extensions\{3bbd3c14-4c16-4989-8366-95bc9179779d}\chrome\CT3201318\content\tb\al\wa folder moved successfully.
C:\Users\Franzi\AppData\Roaming\mozilla\Firefox\Profiles\flnb1r7m.default\extensions\{3bbd3c14-4c16-4989-8366-95bc9179779d}\chrome\CT3201318\content\tb\al\ui\menu\js folder moved successfully.
C:\Users\Franzi\AppData\Roaming\mozilla\Firefox\Profiles\flnb1r7m.default\extensions\{3bbd3c14-4c16-4989-8366-95bc9179779d}\chrome\CT3201318\content\tb\al\ui\menu\img folder moved successfully.
C:\Users\Franzi\AppData\Roaming\mozilla\Firefox\Profiles\flnb1r7m.default\extensions\{3bbd3c14-4c16-4989-8366-95bc9179779d}\chrome\CT3201318\content\tb\al\ui\menu\css folder moved successfully.
C:\Users\Franzi\AppData\Roaming\mozilla\Firefox\Profiles\flnb1r7m.default\extensions\{3bbd3c14-4c16-4989-8366-95bc9179779d}\chrome\CT3201318\content\tb\al\ui\menu folder moved successfully.
C:\Users\Franzi\AppData\Roaming\mozilla\Firefox\Profiles\flnb1r7m.default\extensions\{3bbd3c14-4c16-4989-8366-95bc9179779d}\chrome\CT3201318\content\tb\al\ui\gf\img folder moved successfully.
C:\Users\Franzi\AppData\Roaming\mozilla\Firefox\Profiles\flnb1r7m.default\extensions\{3bbd3c14-4c16-4989-8366-95bc9179779d}\chrome\CT3201318\content\tb\al\ui\gf\css folder moved successfully.
C:\Users\Franzi\AppData\Roaming\mozilla\Firefox\Profiles\flnb1r7m.default\extensions\{3bbd3c14-4c16-4989-8366-95bc9179779d}\chrome\CT3201318\content\tb\al\ui\gf folder moved successfully.
C:\Users\Franzi\AppData\Roaming\mozilla\Firefox\Profiles\flnb1r7m.default\extensions\{3bbd3c14-4c16-4989-8366-95bc9179779d}\chrome\CT3201318\content\tb\al\ui\gadgetFrame folder moved successfully.
C:\Users\Franzi\AppData\Roaming\mozilla\Firefox\Profiles\flnb1r7m.default\extensions\{3bbd3c14-4c16-4989-8366-95bc9179779d}\chrome\CT3201318\content\tb\al\ui\dlg\ftd\images folder moved successfully.
C:\Users\Franzi\AppData\Roaming\mozilla\Firefox\Profiles\flnb1r7m.default\extensions\{3bbd3c14-4c16-4989-8366-95bc9179779d}\chrome\CT3201318\content\tb\al\ui\dlg\ftd folder moved successfully.
C:\Users\Franzi\AppData\Roaming\mozilla\Firefox\Profiles\flnb1r7m.default\extensions\{3bbd3c14-4c16-4989-8366-95bc9179779d}\chrome\CT3201318\content\tb\al\ui\dlg folder moved successfully.
C:\Users\Franzi\AppData\Roaming\mozilla\Firefox\Profiles\flnb1r7m.default\extensions\{3bbd3c14-4c16-4989-8366-95bc9179779d}\chrome\CT3201318\content\tb\al\ui folder moved successfully.
C:\Users\Franzi\AppData\Roaming\mozilla\Firefox\Profiles\flnb1r7m.default\extensions\{3bbd3c14-4c16-4989-8366-95bc9179779d}\chrome\CT3201318\content\tb\al\searchProtector\searchProtectorSettingsDialog\images folder moved successfully.
C:\Users\Franzi\AppData\Roaming\mozilla\Firefox\Profiles\flnb1r7m.default\extensions\{3bbd3c14-4c16-4989-8366-95bc9179779d}\chrome\CT3201318\content\tb\al\searchProtector\searchProtectorSettingsDialog folder moved successfully.
C:\Users\Franzi\AppData\Roaming\mozilla\Firefox\Profiles\flnb1r7m.default\extensions\{3bbd3c14-4c16-4989-8366-95bc9179779d}\chrome\CT3201318\content\tb\al\searchProtector\SearchProtectorBubbleDialog\images folder moved successfully.
C:\Users\Franzi\AppData\Roaming\mozilla\Firefox\Profiles\flnb1r7m.default\extensions\{3bbd3c14-4c16-4989-8366-95bc9179779d}\chrome\CT3201318\content\tb\al\searchProtector\SearchProtectorBubbleDialog folder moved successfully.
C:\Users\Franzi\AppData\Roaming\mozilla\Firefox\Profiles\flnb1r7m.default\extensions\{3bbd3c14-4c16-4989-8366-95bc9179779d}\chrome\CT3201318\content\tb\al\searchProtector\js folder moved successfully.
C:\Users\Franzi\AppData\Roaming\mozilla\Firefox\Profiles\flnb1r7m.default\extensions\{3bbd3c14-4c16-4989-8366-95bc9179779d}\chrome\CT3201318\content\tb\al\searchProtector folder moved successfully.
C:\Users\Franzi\AppData\Roaming\mozilla\Firefox\Profiles\flnb1r7m.default\extensions\{3bbd3c14-4c16-4989-8366-95bc9179779d}\chrome\CT3201318\content\tb\al\options\js\resources folder moved successfully.
C:\Users\Franzi\AppData\Roaming\mozilla\Firefox\Profiles\flnb1r7m.default\extensions\{3bbd3c14-4c16-4989-8366-95bc9179779d}\chrome\CT3201318\content\tb\al\options\js folder moved successfully.
C:\Users\Franzi\AppData\Roaming\mozilla\Firefox\Profiles\flnb1r7m.default\extensions\{3bbd3c14-4c16-4989-8366-95bc9179779d}\chrome\CT3201318\content\tb\al\options\images folder moved successfully.
C:\Users\Franzi\AppData\Roaming\mozilla\Firefox\Profiles\flnb1r7m.default\extensions\{3bbd3c14-4c16-4989-8366-95bc9179779d}\chrome\CT3201318\content\tb\al\options\css folder moved successfully.
C:\Users\Franzi\AppData\Roaming\mozilla\Firefox\Profiles\flnb1r7m.default\extensions\{3bbd3c14-4c16-4989-8366-95bc9179779d}\chrome\CT3201318\content\tb\al\options folder moved successfully.
C:\Users\Franzi\AppData\Roaming\mozilla\Firefox\Profiles\flnb1r7m.default\extensions\{3bbd3c14-4c16-4989-8366-95bc9179779d}\chrome\CT3201318\content\tb\al\myStuffDialogs folder moved successfully.
C:\Users\Franzi\AppData\Roaming\mozilla\Firefox\Profiles\flnb1r7m.default\extensions\{3bbd3c14-4c16-4989-8366-95bc9179779d}\chrome\CT3201318\content\tb\al\features\js\resources folder moved successfully.
C:\Users\Franzi\AppData\Roaming\mozilla\Firefox\Profiles\flnb1r7m.default\extensions\{3bbd3c14-4c16-4989-8366-95bc9179779d}\chrome\CT3201318\content\tb\al\features\js folder moved successfully.
C:\Users\Franzi\AppData\Roaming\mozilla\Firefox\Profiles\flnb1r7m.default\extensions\{3bbd3c14-4c16-4989-8366-95bc9179779d}\chrome\CT3201318\content\tb\al\features folder moved successfully.
C:\Users\Franzi\AppData\Roaming\mozilla\Firefox\Profiles\flnb1r7m.default\extensions\{3bbd3c14-4c16-4989-8366-95bc9179779d}\chrome\CT3201318\content\tb\al\api folder moved successfully.
C:\Users\Franzi\AppData\Roaming\mozilla\Firefox\Profiles\flnb1r7m.default\extensions\{3bbd3c14-4c16-4989-8366-95bc9179779d}\chrome\CT3201318\content\tb\al\ac\res folder moved successfully.
C:\Users\Franzi\AppData\Roaming\mozilla\Firefox\Profiles\flnb1r7m.default\extensions\{3bbd3c14-4c16-4989-8366-95bc9179779d}\chrome\CT3201318\content\tb\al\ac\img folder moved successfully.
C:\Users\Franzi\AppData\Roaming\mozilla\Firefox\Profiles\flnb1r7m.default\extensions\{3bbd3c14-4c16-4989-8366-95bc9179779d}\chrome\CT3201318\content\tb\al\ac\css folder moved successfully.
C:\Users\Franzi\AppData\Roaming\mozilla\Firefox\Profiles\flnb1r7m.default\extensions\{3bbd3c14-4c16-4989-8366-95bc9179779d}\chrome\CT3201318\content\tb\al\ac folder moved successfully.
C:\Users\Franzi\AppData\Roaming\mozilla\Firefox\Profiles\flnb1r7m.default\extensions\{3bbd3c14-4c16-4989-8366-95bc9179779d}\chrome\CT3201318\content\tb\al\aboutBox\js folder moved successfully.
C:\Users\Franzi\AppData\Roaming\mozilla\Firefox\Profiles\flnb1r7m.default\extensions\{3bbd3c14-4c16-4989-8366-95bc9179779d}\chrome\CT3201318\content\tb\al\aboutBox\images folder moved successfully.
C:\Users\Franzi\AppData\Roaming\mozilla\Firefox\Profiles\flnb1r7m.default\extensions\{3bbd3c14-4c16-4989-8366-95bc9179779d}\chrome\CT3201318\content\tb\al\aboutBox folder moved successfully.
C:\Users\Franzi\AppData\Roaming\mozilla\Firefox\Profiles\flnb1r7m.default\extensions\{3bbd3c14-4c16-4989-8366-95bc9179779d}\chrome\CT3201318\content\tb\al folder moved successfully.
C:\Users\Franzi\AppData\Roaming\mozilla\Firefox\Profiles\flnb1r7m.default\extensions\{3bbd3c14-4c16-4989-8366-95bc9179779d}\chrome\CT3201318\content\tb folder moved successfully.
C:\Users\Franzi\AppData\Roaming\mozilla\Firefox\Profiles\flnb1r7m.default\extensions\{3bbd3c14-4c16-4989-8366-95bc9179779d}\chrome\CT3201318\content folder moved successfully.
C:\Users\Franzi\AppData\Roaming\mozilla\Firefox\Profiles\flnb1r7m.default\extensions\{3bbd3c14-4c16-4989-8366-95bc9179779d}\chrome\CT3201318 folder moved successfully.
C:\Users\Franzi\AppData\Roaming\mozilla\Firefox\Profiles\flnb1r7m.default\extensions\{3bbd3c14-4c16-4989-8366-95bc9179779d}\chrome folder moved successfully.
C:\Users\Franzi\AppData\Roaming\mozilla\Firefox\Profiles\flnb1r7m.default\extensions\{3bbd3c14-4c16-4989-8366-95bc9179779d} folder moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}\ not found.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_USERS\S-1-5-21-3813763852-776618936-3657280800-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry delete failed. HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ZoneAlarm Client scheduled to be deleted on reboot.
File move failed. C:\Program Files (x86)\Zone Labs\ZoneAlarm\zlclient.exe scheduled to be moved on reboot.
Registry value HKEY_USERS\S-1-5-21-3813763852-776618936-3657280800-1001\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge deleted successfully.
Registry value HKEY_USERS\S-1-5-21-3813763852-776618936-3657280800-1001\Software\Microsoft\Windows\CurrentVersion\Run\\RESTART_STICKY_NOTES deleted successfully.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.
Registry value HKEY_USERS\S-1-5-21-3813763852-776618936-3657280800-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutoRun deleted successfully.
64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Nach Microsoft E&xel exportieren\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Nach Microsoft E&xel exportieren\ not found.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b96f1459-dd58-11e0-a8b8-20cf3025d25b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b96f1459-dd58-11e0-a8b8-20cf3025d25b}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b96f1459-dd58-11e0-a8b8-20cf3025d25b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b96f1459-dd58-11e0-a8b8-20cf3025d25b}\ not found.
File F:\AUTORUN_o2Surfstick.exe /EjectCDROM not found.
C:\Windows\SysNative\drivers\~GLH0023.TMP deleted successfully.
C:\ProgramData\ldsw_0paos.pad moved successfully.
C:\Users\Franzi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk moved successfully.
C:\Users\Franzi\AppData\Roaming\UAs folder moved successfully.
C:\Users\Franzi\AppData\Roaming\xmldm folder moved successfully.
C:\Users\Franzi\AppData\Roaming\kock folder moved successfully.
C:\ProgramData\ezsidmv.dat moved successfully.
========== FILES ==========
File\Folder C:\Users\Franzi\AppData\Local\{*} not found.
C:\ProgramData\FullRemove.exe moved successfully.
C:\ProgramData\Temp\{C59C179C-668D-49A9-B6EA-0121CCFC1243} folder moved successfully.
C:\ProgramData\Temp\{5DB1DF0C-AABC-4362-8A6D-CEFDFB036E41} folder moved successfully.
C:\ProgramData\Temp\{40BF1E83-20EB-11D8-97C5-0009C5020658} folder moved successfully.
C:\ProgramData\Temp folder moved successfully.
C:\Users\Franzi\AppData\Local\Temp\DivXSetup.exe moved successfully.
C:\Users\Franzi\AppData\Local\Temp\ffunzip.exe moved successfully.
C:\Users\Franzi\AppData\Local\Temp\FP_AX_MSI_INSTALLER.exe moved successfully.
C:\Users\Franzi\AppData\Local\Temp\FP_PL_MSI_INSTALLER.exe moved successfully.
C:\Users\Franzi\AppData\Local\Temp\GLF10AF.tmp.ConduitEngineSetup.exe moved successfully.
C:\Users\Franzi\AppData\Local\Temp\i4j2612822673132567853.exe moved successfully.
C:\Users\Franzi\AppData\Local\Temp\IncrediMail_MediaBar_2.exe moved successfully.
C:\Users\Franzi\AppData\Local\Temp\jre-6u29-windows-i586-iftw-rv.exe moved successfully.
C:\Users\Franzi\AppData\Local\Temp\jre-6u31-windows-i586-iftw-rv.exe moved successfully.
C:\Users\Franzi\AppData\Local\Temp\NaviMgrInstaller.exe moved successfully.
C:\Users\Franzi\AppData\Local\Temp\SkypeSetup.exe moved successfully.
C:\Users\Franzi\AppData\Local\Temp\Uninstall.exe moved successfully.
C:\Users\Franzi\AppData\Local\Temp\vpnclient_setup.exe moved successfully.
C:\Users\Franzi\AppData\Local\Temp\WmpPluginSetup_2.1.0.6.exe moved successfully.
C:\Users\Franzi\AppData\Local\Temp\_is3977.exe moved successfully.
C:\Users\Franzi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\tmp folder moved successfully.
C:\Users\Franzi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\muffin folder moved successfully.
C:\Users\Franzi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\host folder moved successfully.
C:\Users\Franzi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9 folder moved successfully.
C:\Users\Franzi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\8 folder moved successfully.
C:\Users\Franzi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\7 folder moved successfully.
C:\Users\Franzi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63 folder moved successfully.
C:\Users\Franzi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62 folder moved successfully.
C:\Users\Franzi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61 folder moved successfully.
C:\Users\Franzi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\60 folder moved successfully.
C:\Users\Franzi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6 folder moved successfully.
C:\Users\Franzi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59 folder moved successfully.
C:\Users\Franzi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58 folder moved successfully.
C:\Users\Franzi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57 folder moved successfully.
C:\Users\Franzi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\56 folder moved successfully.
C:\Users\Franzi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55 folder moved successfully.
C:\Users\Franzi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54 folder moved successfully.
C:\Users\Franzi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53 folder moved successfully.
C:\Users\Franzi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52 folder moved successfully.
C:\Users\Franzi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\51 folder moved successfully.
C:\Users\Franzi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50 folder moved successfully.
C:\Users\Franzi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5 folder moved successfully.
C:\Users\Franzi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49 folder moved successfully.
C:\Users\Franzi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48 folder moved successfully.
C:\Users\Franzi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47 folder moved successfully.
C:\Users\Franzi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46 folder moved successfully.
C:\Users\Franzi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\45 folder moved successfully.
C:\Users\Franzi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44 folder moved successfully.
C:\Users\Franzi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43 folder moved successfully.
C:\Users\Franzi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\42 folder moved successfully.
C:\Users\Franzi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41 folder moved successfully.
C:\Users\Franzi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\40 folder moved successfully.
C:\Users\Franzi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\4 folder moved successfully.
C:\Users\Franzi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\39 folder moved successfully.
C:\Users\Franzi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38 folder moved successfully.
C:\Users\Franzi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\37 folder moved successfully.
C:\Users\Franzi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36 folder moved successfully.
C:\Users\Franzi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35 folder moved successfully.
C:\Users\Franzi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34 folder moved successfully.
C:\Users\Franzi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33 folder moved successfully.
C:\Users\Franzi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32 folder moved successfully.
C:\Users\Franzi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31 folder moved successfully.
C:\Users\Franzi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\30 folder moved successfully.
C:\Users\Franzi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\3 folder moved successfully.
C:\Users\Franzi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29 folder moved successfully.
C:\Users\Franzi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28 folder moved successfully.
C:\Users\Franzi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27 folder moved successfully.
C:\Users\Franzi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26 folder moved successfully.
C:\Users\Franzi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25 folder moved successfully.
C:\Users\Franzi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\24 folder moved successfully.
C:\Users\Franzi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\23 folder moved successfully.
C:\Users\Franzi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22 folder moved successfully.
C:\Users\Franzi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21 folder moved successfully.
C:\Users\Franzi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20 folder moved successfully.
C:\Users\Franzi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2 folder moved successfully.
C:\Users\Franzi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\19 folder moved successfully.
C:\Users\Franzi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18 folder moved successfully.
C:\Users\Franzi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17 folder moved successfully.
C:\Users\Franzi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16 folder moved successfully.
C:\Users\Franzi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15 folder moved successfully.
C:\Users\Franzi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\14 folder moved successfully.
C:\Users\Franzi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\13 folder moved successfully.
C:\Users\Franzi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12 folder moved successfully.
C:\Users\Franzi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\11 folder moved successfully.
C:\Users\Franzi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10 folder moved successfully.
C:\Users\Franzi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1 folder moved successfully.
C:\Users\Franzi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0 folder moved successfully.
C:\Users\Franzi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0 folder moved successfully.
C:\Users\Franzi\AppData\LocalLow\Sun\Java\Deployment\cache folder moved successfully.
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\Franzi\Desktop\cmd.bat deleted successfully.
C:\Users\Franzi\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: AppData
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 196770 bytes
->Flash cache emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Franzi
->Temp folder emptied: 2514912757 bytes
->Temporary Internet Files folder emptied: 427916451 bytes
->FireFox cache emptied: 681325174 bytes
->Flash cache emptied: 142363 bytes
User: Gast
->Temp folder emptied: 1248532 bytes
->Temporary Internet Files folder emptied: 330320 bytes
->FireFox cache emptied: 5264684 bytes
->Flash cache emptied: 0 bytes
User: Internet
->Temp folder emptied: 1428092227 bytes
->Temporary Internet Files folder emptied: 37580778 bytes
->Java cache emptied: 15426996 bytes
->FireFox cache emptied: 400370520 bytes
->Flash cache emptied: 5387 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 400113252 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 36045936 bytes
RecycleBin emptied: 84854247 bytes
Total Files Cleaned = 5.754,00 mb
OTL by OldTimer - Version 3.2.57.0 log created on 08282012_113540
Files\Folders moved on Reboot...
File move failed. C:\Program Files (x86)\Zone Labs\ZoneAlarm\zlclient.exe scheduled to be moved on reboot.
C:\Users\Franzi\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
PendingFileRenameOperations files...
[2010.06.28 12:59:52 | 001,043,968 | ---- | M] (Check Point Software Technologies LTD) C:\Program Files (x86)\Zone Labs\ZoneAlarm\zlclient.exe : MD5=B6FDEE420AA8A55858CD57121F555D1D
File C:\Users\Franzi\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!
Registry entries deleted on Reboot...
Registry delete failed. HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ZoneAlarm Client scheduled to be deleted on reboot.
|
|
28.08.2012, 19:42
| #4 |
| /// Helfer-Team | GVU Trojaner 2.07 komplett entfernen Sehr gut!  Wie laeuft der Rechner? 1. Schritt Bitte einen Vollscan mit Malwarebytes Anti-Malware machen und Log posten.danach: 2. Schritt Downloade Dir bitte AdwCleaner auf deinen Desktop.
|
|
29.08.2012, 10:14
| #5 |
| | GVU Trojaner 2.07 komplett entfernen Der erste Scan liefert keine Funde  Beim AdwCleaner gibts folgendes Logfile: Code:
ATTFilter # AdwCleaner v1.801 - Logfile created 08/29/2012 at 11:10:43
# Updated 14/08/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Franzi - FRANZI-PC
# Boot Mode : Normal
# Running from : C:\Users\Franzi\Desktop\adwcleaner.exe
# Option [Search]
***** [Services] *****
***** [Files / Folders] *****
Folder Found : C:\Users\Franzi\AppData\Local\Conduit
Folder Found : C:\Users\Franzi\AppData\LocalLow\Conduit
Folder Found : C:\Users\Franzi\AppData\LocalLow\facemoods.com
Folder Found : C:\Users\Franzi\AppData\LocalLow\IncrediMail_MediaBar_2
Folder Found : C:\Users\Franzi\AppData\LocalLow\IncrediMail_MediaBar_2
Folder Found : C:\Users\Franzi\AppData\LocalLow\PriceGong
Folder Found : C:\Users\Internet\AppData\LocalLow\Conduit
Folder Found : C:\Users\Internet\AppData\LocalLow\ConduitEngine
Folder Found : C:\Users\Internet\AppData\LocalLow\PriceGong
Folder Found : C:\Users\Gast\AppData\LocalLow\Conduit
Folder Found : C:\Users\Gast\AppData\LocalLow\ConduitEngine
Folder Found : C:\Users\Franzi\AppData\Roaming\Mozilla\Firefox\Profiles\flnb1r7m.default\Conduit
Folder Found : C:\Users\Franzi\AppData\Roaming\Mozilla\Firefox\Profiles\flnb1r7m.default\Smartbar
Folder Found : C:\Users\Franzi\AppData\Roaming\Mozilla\Firefox\Profiles\flnb1r7m.default\WinampToolbarData
Folder Found : C:\ProgramData\Partner
File Found : C:\Program Files (x86)\Mozilla Firefox\searchplugins\fcmdSrch.xml
***** [Registry] *****
[*] Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2269050[*] Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2613550[*] Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2724386
Key Found : HKCU\Software\AppDataLow\Software\Conduit
Key Found : HKCU\Software\AppDataLow\Software\PriceGong
Key Found : HKCU\Software\AppDataLow\Software\SmartBar
Key Found : HKCU\Software\IM
Key Found : HKCU\Software\ImInstaller
Key Found : HKCU\Software\Softonic
Key Found : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Found : HKLM\SOFTWARE\Conduit
Key Found : HKLM\SOFTWARE\IncrediMail_MediaBar_2
Key Found : HKLM\SOFTWARE\IncrediMail_MediaBar_2
[x64] Key Found : HKCU\Software\AppDataLow\Software\Conduit
[x64] Key Found : HKCU\Software\AppDataLow\Software\PriceGong
[x64] Key Found : HKCU\Software\AppDataLow\Software\SmartBar
[x64] Key Found : HKCU\Software\IM
[x64] Key Found : HKCU\Software\ImInstaller
[x64] Key Found : HKCU\Software\Softonic
[x64] Key Found : HKLM\SOFTWARE\Classes\Conduit.Engine
***** [Registre - GUID] *****
Key Found : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
Key Found : HKLM\SOFTWARE\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0}
Key Found : HKLM\SOFTWARE\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A95EDA98-81FB-4A6E-A2A0-01882BFB5928}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D40B90B4-D3B1-4D6B-A5D7-DC041C1B76C0}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D40B90B4-D3B1-4D6B-A5D7-DC041C1B76C0}
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D40B90B4-D3B1-4D6B-A5D7-DC041C1B76C0}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D40B90B4-D3B1-4D6B-A5D7-DC041C1B76C0}
***** [Internet Browsers] *****
-\\ Internet Explorer v9.0.8112.16421
[OK] Registry is clean.
-\\ Mozilla Firefox v14.0.1 (de)
Profile name : default
File : C:\Users\Franzi\AppData\Roaming\Mozilla\Firefox\Profiles\flnb1r7m.default\prefs.js
Found : user_pref("CT2613550..clientLogIsEnabled", false);
Found : user_pref("CT2613550..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Found : user_pref("CT2613550..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Found : user_pref("CT2613550.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
Found : user_pref("CT2613550.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Found : user_pref("CT2613550.CTID", "ct2613550");
Found : user_pref("CT2613550.CurrentServerDate", "21-5-2012");
Found : user_pref("CT2613550.DialogsAlignMode", "LTR");
Found : user_pref("CT2613550.DialogsGetterLastCheckTime", "Sat May 19 2012 22:26:01 GMT+0200");
Found : user_pref("CT2613550.DownloadReferralCookieData", "");
Found : user_pref("CT2613550.EMailNotifierPollDate", "Sun Oct 10 2010 22:10:48 GMT+0200");
Found : user_pref("CT2613550.FeedLastCount3082739963941193807", 11);
Found : user_pref("CT2613550.FeedPollDate129254982599602533", "Sun Oct 10 2010 22:11:04 GMT+0200");
Found : user_pref("CT2613550.FeedPollDate129254982599602539", "Sun Oct 10 2010 22:11:04 GMT+0200");
Found : user_pref("CT2613550.FeedPollDate129254982599602545", "Sun Oct 10 2010 22:11:04 GMT+0200");
Found : user_pref("CT2613550.FeedPollDate129254982599602551", "Sun Oct 10 2010 22:11:04 GMT+0200");
Found : user_pref("CT2613550.FeedPollDate129254982599602557", "Sun Oct 10 2010 22:11:04 GMT+0200");
Found : user_pref("CT2613550.FeedPollDate129254982599602563", "Sun Oct 10 2010 22:11:04 GMT+0200");
Found : user_pref("CT2613550.FeedPollDate129254982599602569", "Sun Oct 10 2010 22:11:04 GMT+0200");
Found : user_pref("CT2613550.FeedPollDate129254982599602575", "Sun Oct 10 2010 22:11:04 GMT+0200");
Found : user_pref("CT2613550.FeedPollDate129254982599602581", "Sun Oct 10 2010 22:11:04 GMT+0200");
Found : user_pref("CT2613550.FeedPollDate129254982599602587", "Sun Oct 10 2010 22:11:04 GMT+0200");
Found : user_pref("CT2613550.FeedPollDate129254982599602593", "Sun Oct 10 2010 22:11:04 GMT+0200");
Found : user_pref("CT2613550.FeedPollDate129254982599602599", "Sun Oct 10 2010 22:11:04 GMT+0200");
Found : user_pref("CT2613550.FeedPollDate129254982599602605", "Sun Oct 10 2010 22:11:04 GMT+0200");
Found : user_pref("CT2613550.FeedPollDate129254982599602611", "Sun Oct 10 2010 22:11:04 GMT+0200");
Found : user_pref("CT2613550.FeedPollDate129254982599602617", "Sun Oct 10 2010 22:11:04 GMT+0200");
Found : user_pref("CT2613550.FeedPollDate129254982599602623", "Sun Oct 10 2010 22:11:04 GMT+0200");
Found : user_pref("CT2613550.FeedPollDate129254982599602629", "Sun Oct 10 2010 22:11:04 GMT+0200");
Found : user_pref("CT2613550.FeedTTL129254982599602545", 5);
Found : user_pref("CT2613550.FeedTTL129254982599602551", 5);
Found : user_pref("CT2613550.FeedTTL129254982599602575", 2);
Found : user_pref("CT2613550.FeedTTL129254982599602605", 5);
Found : user_pref("CT2613550.FeedTTL129254982599602617", 30);
Found : user_pref("CT2613550.FirstServerDate", "10-10-2010");
Found : user_pref("CT2613550.FirstTime", true);
Found : user_pref("CT2613550.FirstTimeFF3", true);
Found : user_pref("CT2613550.FirstTimeSettingsDone", true);
Found : user_pref("CT2613550.FixPageNotFoundErrors", true);
Found : user_pref("CT2613550.GroupingServerCheckInterval", 1440);
Found : user_pref("CT2613550.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Found : user_pref("CT2613550.HasUserGlobalKeys", true);
Found : user_pref("CT2613550.Initialize", true);
Found : user_pref("CT2613550.InitializeCommonPrefs", true);
Found : user_pref("CT2613550.InstallationAndCookieDataSentCount", 3);
Found : user_pref("CT2613550.InstallationType", "UnknownIntegration");
Found : user_pref("CT2613550.InstalledDate", "Sun Oct 10 2010 22:10:48 GMT+0200");
Found : user_pref("CT2613550.IsGrouping", false);
Found : user_pref("CT2613550.IsMulticommunity", false);
Found : user_pref("CT2613550.IsOpenThankYouPage", false);
Found : user_pref("CT2613550.IsOpenUninstallPage", true);
Found : user_pref("CT2613550.LanguagePackLastCheckTime", "Sun Oct 10 2010 22:11:07 GMT+0200");
Found : user_pref("CT2613550.LanguagePackReloadIntervalMM", 1440);
Found : user_pref("CT2613550.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Found : user_pref("CT2613550.LastLogin_2.7.1.3", "Sun Oct 10 2010 22:11:05 GMT+0200");
Found : user_pref("CT2613550.LastLogin_3.12.0.7", "Sat Apr 28 2012 09:12:31 GMT+0200");
Found : user_pref("CT2613550.LastLogin_3.12.2.3", "Mon May 21 2012 17:48:10 GMT+0200");
Found : user_pref("CT2613550.LatestVersion", "3.12.2.3");
Found : user_pref("CT2613550.Locale", "de-de");
Found : user_pref("CT2613550.LoginCache", 4);
Found : user_pref("CT2613550.MCDetectTooltipHeight", "83");
Found : user_pref("CT2613550.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Found : user_pref("CT2613550.MCDetectTooltipWidth", "295");
Found : user_pref("CT2613550.MyStuffEnabledAtInstallation", true);
Found : user_pref("CT2613550.SearchEngine", "Suchen||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TER[...]
Found : user_pref("CT2613550.SearchFromAddressBarIsInit", true);
Found : user_pref("CT2613550.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT261[...]
Found : user_pref("CT2613550.SearchInNewTabEnabled", true);
Found : user_pref("CT2613550.SearchInNewTabIntervalMM", 1440);
Found : user_pref("CT2613550.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Found : user_pref("CT2613550.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageServic[...]
Found : user_pref("CT2613550.ServiceMapLastCheckTime", "Mon May 21 2012 17:48:09 GMT+0200");
Found : user_pref("CT2613550.SettingsCheckIntervalMin", 120);
Found : user_pref("CT2613550.SettingsLastCheckTime", "Sun Oct 10 2010 22:10:43 GMT+0200");
Found : user_pref("CT2613550.SettingsLastUpdate", "1285580322");
Found : user_pref("CT2613550.ThirdPartyComponentsInterval", 504);
Found : user_pref("CT2613550.ThirdPartyComponentsLastCheck", "Sun Oct 10 2010 22:10:42 GMT+0200");
Found : user_pref("CT2613550.ThirdPartyComponentsLastUpdate", "1255348257");
Found : user_pref("CT2613550.ToolbarShrinkedFromSetup", false);
Found : user_pref("CT2613550.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2613550");
Found : user_pref("CT2613550.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]
Found : user_pref("CT2613550.UserID", "UN12638466438889084");
Found : user_pref("CT2613550.alertChannelId", "1006347");
Found : user_pref("CT2613550.clientLogIsEnabled", true);
Found : user_pref("CT2613550.clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asm[...]
Found : user_pref("CT2613550.components.1000082", false);
Found : user_pref("CT2613550.components.1000234", false);
Found : user_pref("CT2613550.ct2613550.DialogsAlignMode", "LTR");
Found : user_pref("CT2613550.ct2613550.FeedLastCount3082739963941193807", 369);
Found : user_pref("CT2613550.ct2613550.FirstTimeSettingsDone", true);
Found : user_pref("CT2613550.ct2613550.LanguagePackLastCheckTime", "Sun May 20 2012 22:53:23 GMT+0200");
Found : user_pref("CT2613550.ct2613550.Locale", "de-de");
Found : user_pref("CT2613550.ct2613550.SearchEngine", "Suchen||hxxp://search.conduit.com/Results.aspx?q=UCM_[...]
Found : user_pref("CT2613550.ct2613550.SearchInNewTabLastCheckTime", "Sun May 20 2012 22:53:23 GMT+0200");
Found : user_pref("CT2613550.ct2613550.SettingsCheckIntervalMin", 120);
Found : user_pref("CT2613550.ct2613550.SettingsLastCheckTime", "Mon May 21 2012 17:48:10 GMT+0200");
Found : user_pref("CT2613550.ct2613550.SettingsLastUpdate", "1337169810");
Found : user_pref("CT2613550.ct2613550.ThirdPartyComponentsLastCheck", "Sun Oct 10 2010 22:11:04 GMT+0200");
Found : user_pref("CT2613550.ct2613550.ThirdPartyComponentsLastUpdate", "1255348257");
Found : user_pref("CT2613550.ct2613550.toolbarAppMetaDataLastCheckTime", "Sun May 20 2012 22:53:23 GMT+0200"[...]
Found : user_pref("CT2613550.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]
Found : user_pref("CT2613550.homepageProtectorEnableByLogin", true);
Found : user_pref("CT2613550.initDone", true);
Found : user_pref("CT2613550.myStuffEnabled", true);
Found : user_pref("CT2613550.myStuffPublihserMinWidth", 400);
Found : user_pref("CT2613550.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Found : user_pref("CT2613550.myStuffServiceIntervalMM", 1440);
Found : user_pref("CT2613550.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Found : user_pref("CT2613550.revertSettingsEnabled", true);
Found : user_pref("CT2613550.searchProtectorDialogDelayInSec", 10);
Found : user_pref("CT2613550.searchProtectorEnableByLogin", true);
Found : user_pref("CT2613550.testingCtid", "");
Found : user_pref("CT2613550.uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Reg[...]
Found : user_pref("CT2613550.usagesFlag", 2);
Found : user_pref("CT3201318.1000082.isPlayDisplay", "true");
Found : user_pref("CT3201318.1000082.state", "{\"state\":\"stopped\",\"text\":\"Californi...\",\"description[...]
Found : user_pref("CT3201318.1000234.TWC_TMP_city", "");
Found : user_pref("CT3201318.1000234.TWC_TMP_country", "DE");
Found : user_pref("CT3201318.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Found : user_pref("CT3201318.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"tru[...]
Found : user_pref("CT3201318.FirstTime", "true");
Found : user_pref("CT3201318.FirstTimeFF3", "true");
Found : user_pref("CT3201318.UserID", "UN75071296896053218");
Found : user_pref("CT3201318.addressBarTakeOverEnabledInHidden", "true");
Found : user_pref("CT3201318.embeddedsData", "[{\"appId\":\"129768733323172459\",\"apiPermissions\":{\"cross[...]
Found : user_pref("CT3201318.enableAlerts", "never");
Found : user_pref("CT3201318.event_data", "%5B%5D");
Found : user_pref("CT3201318.fired_events", "");
Found : user_pref("CT3201318.firstTimeDialogOpened", "true");
Found : user_pref("CT3201318.fixPageNotFoundErrorInHidden", "true");
Found : user_pref("CT3201318.fixUrls", true);
Found : user_pref("CT3201318.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Found : user_pref("CT3201318.isNewTabEnabled", true);
Found : user_pref("CT3201318.isPerformedSmartBarTransition", "true");
Found : user_pref("CT3201318.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Found : user_pref("CT3201318.isWelcomPage", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Found : user_pref("CT3201318.key_date", "24");
Found : user_pref("CT3201318.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"\",\"EB_MAIN_FRAME_URL\":\"hxxp%[...]
Found : user_pref("CT3201318.search.searchAppId", "129768733323172459");
Found : user_pref("CT3201318.search.searchCount", "0");
Found : user_pref("CT3201318.searchInNewTabEnabledInHidden", "true");
Found : user_pref("CT3201318.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Found : user_pref("CT3201318.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"d[...]
Found : user_pref("CT3201318.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\[...]
Found : user_pref("CT3201318.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"d[...]
Found : user_pref("CT3201318.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"strin[...]
Found : user_pref("CT3201318.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"strin[...]
Found : user_pref("CT3201318.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data[...]
Found : user_pref("CT3201318.serviceLayer_service_usage_toolbarUsageCount", "{\"dataType\":\"number\",\"data[...]
Found : user_pref("CT3201318.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1343158116429");
Found : user_pref("CT3201318.serviceLayer_services_appTracking_lastUpdate", "1343158117646");
Found : user_pref("CT3201318.serviceLayer_services_appsMetadata_lastUpdate", "1343158115930");
Found : user_pref("CT3201318.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1343158116526");
Found : user_pref("CT3201318.serviceLayer_services_login_10.10.20.14_lastUpdate", "1343748504079");
Found : user_pref("CT3201318.serviceLayer_services_menu_769c590835a76d075fe33b9a87a87786_lastUpdate", "13431[...]
Found : user_pref("CT3201318.serviceLayer_services_menu_d32f45618f5a02bd965c56155a643855_lastUpdate", "13431[...]
Found : user_pref("CT3201318.serviceLayer_services_optimizer_lastUpdate", "1343158116877");
Found : user_pref("CT3201318.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1343158116757");
Found : user_pref("CT3201318.serviceLayer_services_searchAPI_lastUpdate", "1343158115677");
Found : user_pref("CT3201318.serviceLayer_services_serviceMap_lastUpdate", "1343665045593");
Found : user_pref("CT3201318.serviceLayer_services_toolbarContextMenu_lastUpdate", "1343158116724");
Found : user_pref("CT3201318.serviceLayer_services_toolbarSettings_lastUpdate", "1343748503956");
Found : user_pref("CT3201318.serviceLayer_services_translation_lastUpdate", "1343665045825");
Found : user_pref("CT3201318.settingsINI", true);
Found : user_pref("CT3201318.smartbar.CTID", "CT3201318");
Found : user_pref("CT3201318.smartbar.Uninstall", "0");
Found : user_pref("CT3201318.smartbar.toolbarName", "FLV Runner ");
Found : user_pref("CT3201318.toolbarBornServerTime", "24-7-2012");
Found : user_pref("CT3201318.toolbarCurrentServerTime", "31-7-2012");
Found : user_pref("CT3201318.toolbarDisabled", "true");
Found : user_pref("CommunityToolbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT2269050&Search[...]
Found : user_pref("CommunityToolbar.ConduitSearchList", "DVDVideoSoftTB Customized Web Search");
Found : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2269050/CT2269050[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/ct2613550/CT2613550[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1116652/1112356/DE", "\"0\"[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/666138/661999/DE", "\"0\"")[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2269050", [...]
Found : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2724386", [...]
Found : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=ct2613550", [...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.6.[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2269050",[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2613550",[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2724386",[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.conduit-services.com/?ctid=CT2269050&octid=[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.conduit-services.com/?ctid=CT2724386&octid=[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/50/261/CT2613550/Images/6340849712463612[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/equalizer[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/minimize.[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/play.gif"[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/stop.gif"[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/vol.gif",[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=EB_LOCALE",[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=de-de", "\"[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"67e[...]
Found : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\Franzi\\AppData\\Roaming\\Mozilla\\[...]
Found : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.6.0.10");
Found : user_pref("CommunityToolbar.MiniIPageGadgetSize.hxxp://pgcff.pricegong.com/agreement/agree.html#pg_e[...]
Found : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "hxxp://search.icq.com/search/afe_results[...]
Found : user_pref("CommunityToolbar.ToolbarsList", "CT2613550");
Found : user_pref("CommunityToolbar.ToolbarsList2", "CT2613550");
Found : user_pref("CommunityToolbar.ToolbarsList4", "");
Found : user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Sun Sep 25 2011 16:20:02 GMT+0200");
Found : user_pref("CommunityToolbar.globalUserId", "4ed6c2d5-aa62-4010-baef-74df1d432c27");
Found : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Found : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Found : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT2269050");
Found : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Sun Sep 25 2011 16:20:0[...]
Found : user_pref("CommunityToolbar.notifications.alertInfoInterval", 1440);
Found : user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Sun Sep 25 2011 17:20:09 GMT+020[...]
Found : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");
Found : user_pref("CommunityToolbar.notifications.locale", "en");
Found : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);
Found : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Sun Sep 25 2011 16:20:01 GMT+0200");
Found : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");
Found : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
Found : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");
Found : user_pref("CommunityToolbar.notifications.showTrayIcon", false);
Found : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
Found : user_pref("CommunityToolbar.notifications.userId", "c9c88f8d-4e96-4dab-b842-19feee3ba2bb");
Found : user_pref("extensions.facemoods.aflt", "_#kno");
Found : user_pref("extensions.facemoods.firstRun", false);
Found : user_pref("extensions.facemoods.lastActv", "31");
Found : user_pref("winamp_toolbar.buttons.layout", "skins_btn_wa;plugins_btn_wa;media_btn_wa;shout_btn_wa;ai[...]
Found : user_pref("winamp_toolbar.firsttime.showwindow", false);
Found : user_pref("winamp_toolbar.install.lastTbVersion", "5.5.1.1");
Found : user_pref("winamp_toolbar.metrics.activestampdate", "14");
Found : user_pref("winamp_toolbar.metrics.activestampmonth", "10");
Found : user_pref("winamp_toolbar.metrics.activestampyear", "2008");
Found : user_pref("winamp_toolbar.metrics.originalDate", "7");
Found : user_pref("winamp_toolbar.metrics.originalHours", "7");
Found : user_pref("winamp_toolbar.metrics.originalMinutes", "1");
Found : user_pref("winamp_toolbar.metrics.originalMonth", "11");
Found : user_pref("winamp_toolbar.metrics.originalSeconds", "55");
Found : user_pref("winamp_toolbar.metrics.originalYear", "2008");
Found : user_pref("winamp_toolbar.search.populateoncomplete", false);
Found : user_pref("winamp_toolbar.search.searchtype", "web");
Found : user_pref("winamp_toolbar.strbundle.msg", "Winamp Toolbar");
Found : user_pref("winamp_toolbar.upgrade.showwindow", false);
Found : user_pref("winamp_toolbar.winamp.artist", "");
Found : user_pref("winamp_toolbar.winamp.title", "-999999");
Found : user_pref("winamp_toolbar.winamp.tracklength", "-999999");
Found : user_pref("winamp_toolbar.winamp.tracktime", "-999999");
Profile name : default
File : C:\Users\Internet\AppData\Roaming\Mozilla\Firefox\Profiles\bc3i8bqb.default\prefs.js
[OK] File is clean.
Profile name : default
File : C:\Users\Gast\AppData\Roaming\Mozilla\Firefox\Profiles\siyd7sex.default\prefs.js
[OK] File is clean.
*************************
AdwCleaner[R1].txt - [25446 octets] - [29/08/2012 11:10:43]
########## EOF - C:\AdwCleaner[R1].txt - [25575 octets] ##########
|
|
29.08.2012, 19:42
| #6 |
| /// Helfer-Team | GVU Trojaner 2.07 komplett entfernen Sehr gut!
danach: Malware-Scan mit Emsisoft Anti-Malware Lade die Gratisversion von => Emsisoft Anti-Malware herunter und installiere das Programm. Lade über Jetzt Updaten die aktuellen Signaturen herunter. Wähle den Freeware-Modus aus. Wähle Detail Scan und starte über den Button Scan die Überprüfung des Computers. Am Ende des Scans nichts loeschen lassen!. Mit Klick auf Bericht speichern das Logfile auf dem Desktop speichern und hier in den Thread posten. Anleitung: http://www.trojaner-board.de/103809-...i-malware.html
__________________ --> GVU Trojaner 2.07 komplett entfernen |
|
30.08.2012, 21:43
| #7 |
| | GVU Trojaner 2.07 komplett entfernen Alles erledigt. Log vom AwdCleaner: Code:
ATTFilter # AdwCleaner v1.801 - Logfile created 08/30/2012 at 18:12:13
# Updated 14/08/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Franzi - FRANZI-PC
# Boot Mode : Normal
# Running from : C:\Users\Franzi\Desktop\adwcleaner.exe
# Option [Delete]
***** [Services] *****
***** [Files / Folders] *****
Folder Deleted : C:\Users\Franzi\AppData\Local\Conduit
Folder Deleted : C:\Users\Franzi\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Franzi\AppData\LocalLow\facemoods.com
Folder Deleted : C:\Users\Franzi\AppData\LocalLow\IncrediMail_MediaBar_2
Folder Deleted : C:\Users\Franzi\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\Internet\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Internet\AppData\LocalLow\ConduitEngine
Folder Deleted : C:\Users\Internet\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\Gast\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Gast\AppData\LocalLow\ConduitEngine
Folder Deleted : C:\Users\Franzi\AppData\Roaming\Mozilla\Firefox\Profiles\flnb1r7m.default\Conduit
Folder Deleted : C:\Users\Franzi\AppData\Roaming\Mozilla\Firefox\Profiles\flnb1r7m.default\Smartbar
Folder Deleted : C:\Users\Franzi\AppData\Roaming\Mozilla\Firefox\Profiles\flnb1r7m.default\WinampToolbarData
Folder Deleted : C:\ProgramData\Partner
File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\fcmdSrch.xml
***** [Registry] *****
[*] Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2269050[*] Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2613550[*] Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2724386
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\IM
Key Deleted : HKCU\Software\ImInstaller
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Deleted : HKLM\SOFTWARE\Conduit
Key Deleted : HKLM\SOFTWARE\IncrediMail_MediaBar_2
***** [Registre - GUID] *****
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A95EDA98-81FB-4A6E-A2A0-01882BFB5928}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D40B90B4-D3B1-4D6B-A5D7-DC041C1B76C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D40B90B4-D3B1-4D6B-A5D7-DC041C1B76C0}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2}
***** [Internet Browsers] *****
-\\ Internet Explorer v9.0.8112.16421
[OK] Registry is clean.
-\\ Mozilla Firefox v14.0.1 (de)
Profile name : default
File : C:\Users\Franzi\AppData\Roaming\Mozilla\Firefox\Profiles\flnb1r7m.default\prefs.js
C:\Users\Franzi\AppData\Roaming\Mozilla\Firefox\Profiles\flnb1r7m.default\user.js ... Deleted !
Deleted : user_pref("CT2613550..clientLogIsEnabled", false);
Deleted : user_pref("CT2613550..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Deleted : user_pref("CT2613550..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Deleted : user_pref("CT2613550.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
Deleted : user_pref("CT2613550.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Deleted : user_pref("CT2613550.CTID", "ct2613550");
Deleted : user_pref("CT2613550.CurrentServerDate", "21-5-2012");
Deleted : user_pref("CT2613550.DialogsAlignMode", "LTR");
Deleted : user_pref("CT2613550.DialogsGetterLastCheckTime", "Sat May 19 2012 22:26:01 GMT+0200");
Deleted : user_pref("CT2613550.DownloadReferralCookieData", "");
Deleted : user_pref("CT2613550.EMailNotifierPollDate", "Sun Oct 10 2010 22:10:48 GMT+0200");
Deleted : user_pref("CT2613550.FeedLastCount3082739963941193807", 11);
Deleted : user_pref("CT2613550.FeedPollDate129254982599602533", "Sun Oct 10 2010 22:11:04 GMT+0200");
Deleted : user_pref("CT2613550.FeedPollDate129254982599602539", "Sun Oct 10 2010 22:11:04 GMT+0200");
Deleted : user_pref("CT2613550.FeedPollDate129254982599602545", "Sun Oct 10 2010 22:11:04 GMT+0200");
Deleted : user_pref("CT2613550.FeedPollDate129254982599602551", "Sun Oct 10 2010 22:11:04 GMT+0200");
Deleted : user_pref("CT2613550.FeedPollDate129254982599602557", "Sun Oct 10 2010 22:11:04 GMT+0200");
Deleted : user_pref("CT2613550.FeedPollDate129254982599602563", "Sun Oct 10 2010 22:11:04 GMT+0200");
Deleted : user_pref("CT2613550.FeedPollDate129254982599602569", "Sun Oct 10 2010 22:11:04 GMT+0200");
Deleted : user_pref("CT2613550.FeedPollDate129254982599602575", "Sun Oct 10 2010 22:11:04 GMT+0200");
Deleted : user_pref("CT2613550.FeedPollDate129254982599602581", "Sun Oct 10 2010 22:11:04 GMT+0200");
Deleted : user_pref("CT2613550.FeedPollDate129254982599602587", "Sun Oct 10 2010 22:11:04 GMT+0200");
Deleted : user_pref("CT2613550.FeedPollDate129254982599602593", "Sun Oct 10 2010 22:11:04 GMT+0200");
Deleted : user_pref("CT2613550.FeedPollDate129254982599602599", "Sun Oct 10 2010 22:11:04 GMT+0200");
Deleted : user_pref("CT2613550.FeedPollDate129254982599602605", "Sun Oct 10 2010 22:11:04 GMT+0200");
Deleted : user_pref("CT2613550.FeedPollDate129254982599602611", "Sun Oct 10 2010 22:11:04 GMT+0200");
Deleted : user_pref("CT2613550.FeedPollDate129254982599602617", "Sun Oct 10 2010 22:11:04 GMT+0200");
Deleted : user_pref("CT2613550.FeedPollDate129254982599602623", "Sun Oct 10 2010 22:11:04 GMT+0200");
Deleted : user_pref("CT2613550.FeedPollDate129254982599602629", "Sun Oct 10 2010 22:11:04 GMT+0200");
Deleted : user_pref("CT2613550.FeedTTL129254982599602545", 5);
Deleted : user_pref("CT2613550.FeedTTL129254982599602551", 5);
Deleted : user_pref("CT2613550.FeedTTL129254982599602575", 2);
Deleted : user_pref("CT2613550.FeedTTL129254982599602605", 5);
Deleted : user_pref("CT2613550.FeedTTL129254982599602617", 30);
Deleted : user_pref("CT2613550.FirstServerDate", "10-10-2010");
Deleted : user_pref("CT2613550.FirstTime", true);
Deleted : user_pref("CT2613550.FirstTimeFF3", true);
Deleted : user_pref("CT2613550.FirstTimeSettingsDone", true);
Deleted : user_pref("CT2613550.FixPageNotFoundErrors", true);
Deleted : user_pref("CT2613550.GroupingServerCheckInterval", 1440);
Deleted : user_pref("CT2613550.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Deleted : user_pref("CT2613550.HasUserGlobalKeys", true);
Deleted : user_pref("CT2613550.Initialize", true);
Deleted : user_pref("CT2613550.InitializeCommonPrefs", true);
Deleted : user_pref("CT2613550.InstallationAndCookieDataSentCount", 3);
Deleted : user_pref("CT2613550.InstallationType", "UnknownIntegration");
Deleted : user_pref("CT2613550.InstalledDate", "Sun Oct 10 2010 22:10:48 GMT+0200");
Deleted : user_pref("CT2613550.IsGrouping", false);
Deleted : user_pref("CT2613550.IsMulticommunity", false);
Deleted : user_pref("CT2613550.IsOpenThankYouPage", false);
Deleted : user_pref("CT2613550.IsOpenUninstallPage", true);
Deleted : user_pref("CT2613550.LanguagePackLastCheckTime", "Sun Oct 10 2010 22:11:07 GMT+0200");
Deleted : user_pref("CT2613550.LanguagePackReloadIntervalMM", 1440);
Deleted : user_pref("CT2613550.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Deleted : user_pref("CT2613550.LastLogin_2.7.1.3", "Sun Oct 10 2010 22:11:05 GMT+0200");
Deleted : user_pref("CT2613550.LastLogin_3.12.0.7", "Sat Apr 28 2012 09:12:31 GMT+0200");
Deleted : user_pref("CT2613550.LastLogin_3.12.2.3", "Mon May 21 2012 17:48:10 GMT+0200");
Deleted : user_pref("CT2613550.LatestVersion", "3.12.2.3");
Deleted : user_pref("CT2613550.Locale", "de-de");
Deleted : user_pref("CT2613550.LoginCache", 4);
Deleted : user_pref("CT2613550.MCDetectTooltipHeight", "83");
Deleted : user_pref("CT2613550.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Deleted : user_pref("CT2613550.MCDetectTooltipWidth", "295");
Deleted : user_pref("CT2613550.MyStuffEnabledAtInstallation", true);
Deleted : user_pref("CT2613550.SearchEngine", "Suchen||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TER[...]
Deleted : user_pref("CT2613550.SearchFromAddressBarIsInit", true);
Deleted : user_pref("CT2613550.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT261[...]
Deleted : user_pref("CT2613550.SearchInNewTabEnabled", true);
Deleted : user_pref("CT2613550.SearchInNewTabIntervalMM", 1440);
Deleted : user_pref("CT2613550.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Deleted : user_pref("CT2613550.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageServic[...]
Deleted : user_pref("CT2613550.ServiceMapLastCheckTime", "Mon May 21 2012 17:48:09 GMT+0200");
Deleted : user_pref("CT2613550.SettingsCheckIntervalMin", 120);
Deleted : user_pref("CT2613550.SettingsLastCheckTime", "Sun Oct 10 2010 22:10:43 GMT+0200");
Deleted : user_pref("CT2613550.SettingsLastUpdate", "1285580322");
Deleted : user_pref("CT2613550.ThirdPartyComponentsInterval", 504);
Deleted : user_pref("CT2613550.ThirdPartyComponentsLastCheck", "Sun Oct 10 2010 22:10:42 GMT+0200");
Deleted : user_pref("CT2613550.ThirdPartyComponentsLastUpdate", "1255348257");
Deleted : user_pref("CT2613550.ToolbarShrinkedFromSetup", false);
Deleted : user_pref("CT2613550.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2613550");
Deleted : user_pref("CT2613550.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]
Deleted : user_pref("CT2613550.UserID", "UN12638466438889084");
Deleted : user_pref("CT2613550.alertChannelId", "1006347");
Deleted : user_pref("CT2613550.clientLogIsEnabled", true);
Deleted : user_pref("CT2613550.clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asm[...]
Deleted : user_pref("CT2613550.components.1000082", false);
Deleted : user_pref("CT2613550.components.1000234", false);
Deleted : user_pref("CT2613550.ct2613550.DialogsAlignMode", "LTR");
Deleted : user_pref("CT2613550.ct2613550.FeedLastCount3082739963941193807", 369);
Deleted : user_pref("CT2613550.ct2613550.FirstTimeSettingsDone", true);
Deleted : user_pref("CT2613550.ct2613550.LanguagePackLastCheckTime", "Sun May 20 2012 22:53:23 GMT+0200");
Deleted : user_pref("CT2613550.ct2613550.Locale", "de-de");
Deleted : user_pref("CT2613550.ct2613550.SearchEngine", "Suchen||hxxp://search.conduit.com/Results.aspx?q=UCM_[...]
Deleted : user_pref("CT2613550.ct2613550.SearchInNewTabLastCheckTime", "Sun May 20 2012 22:53:23 GMT+0200");
Deleted : user_pref("CT2613550.ct2613550.SettingsCheckIntervalMin", 120);
Deleted : user_pref("CT2613550.ct2613550.SettingsLastCheckTime", "Mon May 21 2012 17:48:10 GMT+0200");
Deleted : user_pref("CT2613550.ct2613550.SettingsLastUpdate", "1337169810");
Deleted : user_pref("CT2613550.ct2613550.ThirdPartyComponentsLastCheck", "Sun Oct 10 2010 22:11:04 GMT+0200");
Deleted : user_pref("CT2613550.ct2613550.ThirdPartyComponentsLastUpdate", "1255348257");
Deleted : user_pref("CT2613550.ct2613550.toolbarAppMetaDataLastCheckTime", "Sun May 20 2012 22:53:23 GMT+0200"[...]
Deleted : user_pref("CT2613550.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]
Deleted : user_pref("CT2613550.homepageProtectorEnableByLogin", true);
Deleted : user_pref("CT2613550.initDone", true);
Deleted : user_pref("CT2613550.myStuffEnabled", true);
Deleted : user_pref("CT2613550.myStuffPublihserMinWidth", 400);
Deleted : user_pref("CT2613550.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Deleted : user_pref("CT2613550.myStuffServiceIntervalMM", 1440);
Deleted : user_pref("CT2613550.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Deleted : user_pref("CT2613550.revertSettingsEnabled", true);
Deleted : user_pref("CT2613550.searchProtectorDialogDelayInSec", 10);
Deleted : user_pref("CT2613550.searchProtectorEnableByLogin", true);
Deleted : user_pref("CT2613550.testingCtid", "");
Deleted : user_pref("CT2613550.uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Reg[...]
Deleted : user_pref("CT2613550.usagesFlag", 2);
Deleted : user_pref("CT3201318.1000082.isPlayDisplay", "true");
Deleted : user_pref("CT3201318.1000082.state", "{\"state\":\"stopped\",\"text\":\"Californi...\",\"description[...]
Deleted : user_pref("CT3201318.1000234.TWC_TMP_city", "");
Deleted : user_pref("CT3201318.1000234.TWC_TMP_country", "DE");
Deleted : user_pref("CT3201318.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Deleted : user_pref("CT3201318.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"tru[...]
Deleted : user_pref("CT3201318.FirstTime", "true");
Deleted : user_pref("CT3201318.FirstTimeFF3", "true");
Deleted : user_pref("CT3201318.UserID", "UN75071296896053218");
Deleted : user_pref("CT3201318.addressBarTakeOverEnabledInHidden", "true");
Deleted : user_pref("CT3201318.embeddedsData", "[{\"appId\":\"129768733323172459\",\"apiPermissions\":{\"cross[...]
Deleted : user_pref("CT3201318.enableAlerts", "never");
Deleted : user_pref("CT3201318.event_data", "%5B%5D");
Deleted : user_pref("CT3201318.fired_events", "");
Deleted : user_pref("CT3201318.firstTimeDialogOpened", "true");
Deleted : user_pref("CT3201318.fixPageNotFoundErrorInHidden", "true");
Deleted : user_pref("CT3201318.fixUrls", true);
Deleted : user_pref("CT3201318.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Deleted : user_pref("CT3201318.isNewTabEnabled", true);
Deleted : user_pref("CT3201318.isPerformedSmartBarTransition", "true");
Deleted : user_pref("CT3201318.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Deleted : user_pref("CT3201318.isWelcomPage", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Deleted : user_pref("CT3201318.key_date", "24");
Deleted : user_pref("CT3201318.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"\",\"EB_MAIN_FRAME_URL\":\"hxxp%[...]
Deleted : user_pref("CT3201318.search.searchAppId", "129768733323172459");
Deleted : user_pref("CT3201318.search.searchCount", "0");
Deleted : user_pref("CT3201318.searchInNewTabEnabledInHidden", "true");
Deleted : user_pref("CT3201318.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Deleted : user_pref("CT3201318.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"d[...]
Deleted : user_pref("CT3201318.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\[...]
Deleted : user_pref("CT3201318.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"d[...]
Deleted : user_pref("CT3201318.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"strin[...]
Deleted : user_pref("CT3201318.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"strin[...]
Deleted : user_pref("CT3201318.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data[...]
Deleted : user_pref("CT3201318.serviceLayer_service_usage_toolbarUsageCount", "{\"dataType\":\"number\",\"data[...]
Deleted : user_pref("CT3201318.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1343158116429");
Deleted : user_pref("CT3201318.serviceLayer_services_appTracking_lastUpdate", "1343158117646");
Deleted : user_pref("CT3201318.serviceLayer_services_appsMetadata_lastUpdate", "1343158115930");
Deleted : user_pref("CT3201318.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1343158116526");
Deleted : user_pref("CT3201318.serviceLayer_services_login_10.10.20.14_lastUpdate", "1343748504079");
Deleted : user_pref("CT3201318.serviceLayer_services_menu_769c590835a76d075fe33b9a87a87786_lastUpdate", "13431[...]
Deleted : user_pref("CT3201318.serviceLayer_services_menu_d32f45618f5a02bd965c56155a643855_lastUpdate", "13431[...]
Deleted : user_pref("CT3201318.serviceLayer_services_optimizer_lastUpdate", "1343158116877");
Deleted : user_pref("CT3201318.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1343158116757");
Deleted : user_pref("CT3201318.serviceLayer_services_searchAPI_lastUpdate", "1343158115677");
Deleted : user_pref("CT3201318.serviceLayer_services_serviceMap_lastUpdate", "1343665045593");
Deleted : user_pref("CT3201318.serviceLayer_services_toolbarContextMenu_lastUpdate", "1343158116724");
Deleted : user_pref("CT3201318.serviceLayer_services_toolbarSettings_lastUpdate", "1343748503956");
Deleted : user_pref("CT3201318.serviceLayer_services_translation_lastUpdate", "1343665045825");
Deleted : user_pref("CT3201318.settingsINI", true);
Deleted : user_pref("CT3201318.smartbar.CTID", "CT3201318");
Deleted : user_pref("CT3201318.smartbar.Uninstall", "0");
Deleted : user_pref("CT3201318.smartbar.toolbarName", "FLV Runner ");
Deleted : user_pref("CT3201318.toolbarBornServerTime", "24-7-2012");
Deleted : user_pref("CT3201318.toolbarCurrentServerTime", "31-7-2012");
Deleted : user_pref("CT3201318.toolbarDisabled", "true");
Deleted : user_pref("CommunityToolbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT2269050&Search[...]
Deleted : user_pref("CommunityToolbar.ConduitSearchList", "DVDVideoSoftTB Customized Web Search");
Deleted : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2269050/CT2269050[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/ct2613550/CT2613550[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1116652/1112356/DE", "\"0\"[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/666138/661999/DE", "\"0\"")[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2269050", [...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2724386", [...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=ct2613550", [...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.6.[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2269050",[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2613550",[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2724386",[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.conduit-services.com/?ctid=CT2269050&octid=[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.conduit-services.com/?ctid=CT2724386&octid=[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/50/261/CT2613550/Images/6340849712463612[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/equalizer[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/minimize.[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/play.gif"[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/stop.gif"[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/vol.gif",[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=EB_LOCALE",[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=de-de", "\"[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"67e[...]
Deleted : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\Franzi\\AppData\\Roaming\\Mozilla\\[...]
Deleted : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.6.0.10");
Deleted : user_pref("CommunityToolbar.MiniIPageGadgetSize.hxxp://pgcff.pricegong.com/agreement/agree.html#pg_e[...]
Deleted : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "hxxp://search.icq.com/search/afe_results[...]
Deleted : user_pref("CommunityToolbar.ToolbarsList", "CT2613550");
Deleted : user_pref("CommunityToolbar.ToolbarsList2", "CT2613550");
Deleted : user_pref("CommunityToolbar.ToolbarsList4", "");
Deleted : user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Sun Sep 25 2011 16:20:02 GMT+0200");
Deleted : user_pref("CommunityToolbar.globalUserId", "4ed6c2d5-aa62-4010-baef-74df1d432c27");
Deleted : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Deleted : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Deleted : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT2269050");
Deleted : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Sun Sep 25 2011 16:20:0[...]
Deleted : user_pref("CommunityToolbar.notifications.alertInfoInterval", 1440);
Deleted : user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Sun Sep 25 2011 17:20:09 GMT+020[...]
Deleted : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");
Deleted : user_pref("CommunityToolbar.notifications.locale", "en");
Deleted : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);
Deleted : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Sun Sep 25 2011 16:20:01 GMT+0200");
Deleted : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");
Deleted : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
Deleted : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");
Deleted : user_pref("CommunityToolbar.notifications.showTrayIcon", false);
Deleted : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
Deleted : user_pref("CommunityToolbar.notifications.userId", "c9c88f8d-4e96-4dab-b842-19feee3ba2bb");
Deleted : user_pref("extensions.facemoods.aflt", "_#kno");
Deleted : user_pref("extensions.facemoods.firstRun", false);
Deleted : user_pref("extensions.facemoods.lastActv", "31");
Deleted : user_pref("winamp_toolbar.buttons.layout", "skins_btn_wa;plugins_btn_wa;media_btn_wa;shout_btn_wa;ai[...]
Deleted : user_pref("winamp_toolbar.firsttime.showwindow", false);
Deleted : user_pref("winamp_toolbar.install.lastTbVersion", "5.5.1.1");
Deleted : user_pref("winamp_toolbar.metrics.activestampdate", "14");
Deleted : user_pref("winamp_toolbar.metrics.activestampmonth", "10");
Deleted : user_pref("winamp_toolbar.metrics.activestampyear", "2008");
Deleted : user_pref("winamp_toolbar.metrics.originalDate", "7");
Deleted : user_pref("winamp_toolbar.metrics.originalHours", "7");
Deleted : user_pref("winamp_toolbar.metrics.originalMinutes", "1");
Deleted : user_pref("winamp_toolbar.metrics.originalMonth", "11");
Deleted : user_pref("winamp_toolbar.metrics.originalSeconds", "55");
Deleted : user_pref("winamp_toolbar.metrics.originalYear", "2008");
Deleted : user_pref("winamp_toolbar.search.populateoncomplete", false);
Deleted : user_pref("winamp_toolbar.search.searchtype", "web");
Deleted : user_pref("winamp_toolbar.strbundle.msg", "Winamp Toolbar");
Deleted : user_pref("winamp_toolbar.upgrade.showwindow", false);
Deleted : user_pref("winamp_toolbar.winamp.artist", "");
Deleted : user_pref("winamp_toolbar.winamp.title", "-999999");
Deleted : user_pref("winamp_toolbar.winamp.tracklength", "-999999");
Deleted : user_pref("winamp_toolbar.winamp.tracktime", "-999999");
Profile name : default
File : C:\Users\Internet\AppData\Roaming\Mozilla\Firefox\Profiles\bc3i8bqb.default\prefs.js
[OK] File is clean.
Profile name : default
File : C:\Users\Gast\AppData\Roaming\Mozilla\Firefox\Profiles\siyd7sex.default\prefs.js
[OK] File is clean.
*************************
AdwCleaner[R1].txt - [25553 octets] - [29/08/2012 11:10:43]
AdwCleaner[S1].txt - [25348 octets] - [30/08/2012 18:12:13]
########## EOF - C:\AdwCleaner[S1].txt - [25477 octets] ##########
Code:
ATTFilter Emsisoft Anti-Malware - Version 6.6
Letztes Update: 30.08.2012 18:41:56
Scan Einstellungen:
Scan Methode: Detail Scan
Objekte: Rootkits, Speicher, Traces, C:\, D:\
Archiv Scan: An
ADS Scan: An
Scan Beginn: 30.08.2012 18:42:12
C:\_OTL\MovedFiles\08282012_113540\C_Users\Franzi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36\1d9a6724-63d8209f -> r0a\r0d.class gefunden: Exploit.Java.CVE-2012!E2
C:\_OTL\MovedFiles\08282012_113540\C_Users\Franzi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36\1d9a6724-63d8209f -> r0a\r0b.class gefunden: Exploit.Java.CVE!E2
C:\_OTL\MovedFiles\08282012_113540\C_Users\Franzi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36\1d9a6724-63d8209f -> r0a\r0a.class gefunden: Exploit.Java.CVE!E2
C:\_OTL\MovedFiles\08282012_113540\C_Users\Franzi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28\2e002d9c-20e4ba73 -> com\bitcoinplus\applet\MiningApplet.class gefunden: Java.Bitcoin!E2
Gescannt 719898
Gefunden 4
Scan Ende: 30.08.2012 20:32:21
Scan Zeit: 1:50:09
|
|
31.08.2012, 09:24
| #8 |
| /// Helfer-Team | GVU Trojaner 2.07 komplett entfernen Sehr gut! Deinstalliere: Emsisoft Anti-Malware ESET Online Scanner Vorbereitung
|
|
05.09.2012, 13:09
| #9 |
| | GVU Trojaner 2.07 komplett entfernen Hi, hat etwas länger gedauert, aber hier das Logfile: Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=555c1441e900714fb321c522679347ea
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-09-04 07:03:21
# local_time=2012-09-04 09:03:21 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1792 16777215 100 0 27924554 27924554 0 0
# compatibility_mode=5893 16776574 66 85 40709547 98402134 0 0
# compatibility_mode=8192 67108863 100 0 105 105 0 0
# compatibility_mode=9217 16777214 75 66 47336188 69049514 0 0
# scanned=441830
# found=3
# cleaned=3
# scan_time=13117
C:\_OTL\MovedFiles\08282012_113540\C_Users\Franzi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36\1d9a6724-63d8209f a variant of Java/Exploit.CVE-2012-1723.AL trojan (deleted - quarantined) 00000000000000000000000000000000 C
F:\Programme\Adobe\Acrobat3D\3D\adobeacrobat3dv7.0.7tryoutpatchcim.zip probably a variant of Win32/Spy.Agent.JTXTUPQ trojan (deleted - quarantined) 00000000000000000000000000000000 C
F:\Programme\Adobe\Acrobat3D\3D\Patch.exe probably a variant of Win32/Spy.Agent.JTXTUPQ trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
|
|
05.09.2012, 14:31
| #10 |
| /// Helfer-Team | GVU Trojaner 2.07 komplett entfernen Java aktualisieren Dein Java ist nicht mehr aktuell. Älter Versionen enthalten Sicherheitslücken, die von Malware missbraucht werden können.
Dann so einstellen: http://www.trojaner-board.de/105213-...tellungen.html Danach poste (kopieren und einfuegen) mir, was du hier angezeigt bekommst: PluginCheck Java deaktivieren Aufgrund derezeitigen Sicherheitsluecke: http://www.trojaner-board.de/122961-...ktivieren.html Danach poste mir (kopieren und einfuegen), was du hier angezeigt bekommst: PluginCheck |
|
06.09.2012, 08:06
| #11 |
| | GVU Trojaner 2.07 komplett entfernenCode:
ATTFilter PluginCheck
Der PluginCheck hilft die größten Sicherheitslücken beim Surfen im Internet zu schliessen.
Überprüft wird: Browser, Flash, Java und Adobe Reader Version.
Firefox 14.0.1 ist aktuell
Flash (11,4,402,265) ist aktuell.
Java ist Installiert aber nicht aktiviert.
Adobe Reader 10,1,4,38 ist aktuell.
|
|
06.09.2012, 18:18
| #12 |
| /// Helfer-Team | GVU Trojaner 2.07 komplett entfernen Sehr gut! damit bist Du sauber und entlassen! adwCleaner entfernen
Tool-Bereinigung mit OTL Wir werden nun die CleanUp!-Funktion von OTL nutzen, um die meisten Programme, die wir zur Bereinigung installiert haben, wieder von Deinem System zu löschen.
Zurücksetzen der Sicherheitszonen Lasse die Sicherheitszonen wieder zurücksetzen, da diese manipuliert wurden um den Browser für weitere Angriffe zu öffnen. Gehe dabei so vor: http://www.trojaner-board.de/111805-...ecksetzen.html Systemwiederherstellungen leeren Damit der Rechner nicht mit einer infizierten Systemwiederherstellung erneut infiziert werden kann, muessen wir diese leeren. Dazu schalten wir sie einmal aus und dann wieder ein: Systemwiederherstellung deaktivieren Tutorial fuer Windows XP, Windows Vista, Windows 7 Danach wieder aktivieren. Aufräumen mit CCleaner Lasse mit CCleaner (Download) (Anleitung) Fehler in der
Lektuere zum abarbeiten: http://www.trojaner-board.de/90880-d...tallation.html http://www.trojaner-board.de/105213-...tellungen.html PluginCheck http://www.trojaner-board.de/96344-a...-rechners.html Secunia Online Software Inspector http://www.trojaner-board.de/71715-k...iendungen.html http://www.trojaner-board.de/83238-a...sschalten.html PC wird immer langsamer - was tun? |
|
| Themen zu GVU Trojaner 2.07 komplett entfernen |
| adobe after effects, antivir, avira, bho, bonjour, canon, converter, cs4/contributeieplugin.dll, entfernen, error, fehler, firefox, flash player, gfnexsrv.exe, home, hängen, install.exe, kaspersky, komplett entfernen, logfile, mp3, ntdll.dll, office 2007, pixel, plug-in, registry, richtlinie, scan, security, senden, software, starten, svchost.exe, third party, trojaner, windows |
Linear-Darstellung
