GVU-Trojaner

small.ville · 27.09.2012, 12:39

Gestern habe ich bereits versucht über Kaspersky Windows Unlocker die Dateien unschädlich zu machen, leider vergeblich. Mittlerweile weiß ich, wie der Trojaner auf meinen Rechner gekommen ist. Ich bekam vor ca. 2 Wochen eine E-Mail von "McAfee", mit der Bitte ein Update runterzuladen. Das habe ich natürlich NICHT gemacht. Aber das Öffnen der Mail hat wohl schon ausgereicht...

Folgende Log-Datei habe ich soeben gespeichert. Ich weiß nicht, wie ich diese Dateien in die Quarantäne bekomme und wie ich nun weitermachen soll. Ich fühle mich mit dieser ganzen Situation etwas überfordert.

Malwarebytes Anti-Malware (Test) 1.65.0.1400
www.malwarebytes.org

Datenbank Version: v2012.09.27.05

Windows 7 Service Pack 1 x64 NTFS (Abgesichertenmodus/Netzwerkfähig)
Internet Explorer 9.0.8112.16421
fam.hotz :: FAMHOTZ-TOSH [Administrator]

Schutz: Deaktiviert

27.09.2012 13:17:24
mbam-log-2012-09-27 (13-33-20).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 223255
Laufzeit: 6 Minute(n), 2 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 4
C:\Users\fam.hotz\AppData\Local\Temp\wgsdgsdgdsgsd.exe (Spyware.Passwords) -> Keine Aktion durchgeführt.
C:\ProgramData\lsass.exe (Trojan.Delf) -> Keine Aktion durchgeführt.
C:\Users\fam.hotz\AppData\Local\Temp\0.5278125287568313.exe (Exploit.Drop.2) -> Keine Aktion durchgeführt.
C:\Users\fam.hotz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk (Trojan.Ransom.Gen) -> Keine Aktion durchgeführt.

(Ende)

OTL.txt:OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 27.09.2012 14:08:07 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\fam.hotz\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,86 Gb Total Physical Memory | 2,69 Gb Available Physical Memory | 69,62% Memory free
7,73 Gb Paging File | 6,66 Gb Available in Paging File | 86,17% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 232,88 Gb Total Space | 140,52 Gb Free Space | 60,34% Space Free | Partition Type: NTFS
Drive D: | 232,49 Gb Total Space | 224,57 Gb Free Space | 96,59% Space Free | Partition Type: NTFS
Drive E: | 200,55 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: FAMHOTZ-TOSH | User Name: fam.hotz | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.09.27 13:59:08 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\fam.hotz\Desktop\OTL.exe
PRC - [2012.09.07 17:04:44 | 000,981,656 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2003.07.11 02:09:28 | 000,048,192 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\Web Folders\1031\NSEXTINT.DLL
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2012.06.22 07:38:04 | 000,177,144 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Windows\SysNative\mfevtps.exe -- (mfevtp)
SRV:64bit: - [2012.06.22 07:34:52 | 000,218,320 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire)
SRV:64bit: - [2012.06.22 07:33:12 | 000,237,920 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV:64bit: - [2012.05.11 06:31:46 | 000,200,728 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (MSK80Service)
SRV:64bit: - [2012.05.11 06:31:46 | 000,200,728 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McProxy)
SRV:64bit: - [2012.05.11 06:31:46 | 000,200,728 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV:64bit: - [2012.05.11 06:31:46 | 000,200,728 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV:64bit: - [2012.05.11 06:31:46 | 000,200,728 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV:64bit: - [2012.05.11 06:31:46 | 000,200,728 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV:64bit: - [2012.05.11 06:31:46 | 000,200,728 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McAfee SiteAdvisor Service)
SRV:64bit: - [2009.10.21 09:30:36 | 000,531,520 | ---- | M] (TOSHIBA Corporation) [Auto | Stopped] -- C:\Windows\SysNative\ThpSrv.exe -- (Thpsrv)
SRV:64bit: - [2009.07.28 14:48:06 | 000,140,632 | ---- | M] (TOSHIBA Corporation) [Auto | Stopped] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)
SRV - [2012.09.19 16:21:14 | 000,795,072 | ---- | M] (Spigot, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe -- (Application Updater)
SRV - [2012.09.07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.09.07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012.08.24 23:46:28 | 000,383,608 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Programme\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2012.08.13 13:33:30 | 003,064,000 | ---- | M] (Skype Technologies S.A.) [Auto | Stopped] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2012.07.13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.06.29 08:18:16 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2011.04.20 14:38:36 | 000,262,144 | ---- | M] (Verlag Heinrich Vogel in der Springer Transport Media GmbH) [Auto | Stopped] -- C:\Program Files (x86)\Vogel Verlag\Gemeinsame Komponenten\FahrenLernenSync\Vogel.USBSpider.exe -- (Vogel.USBSpider)
SRV - [2011.02.10 10:25:36 | 000,112,080 | ---- | M] (Toshiba Europe GmbH) [Auto | Stopped] -- C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe -- (TemproMonitoringService)
SRV - [2010.04.13 21:11:18 | 000,231,224 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe -- (MOBKbackup)
SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.01.14 04:10:00 | 001,738,048 | ---- | M] (WIBU-SYSTEMS AG) [Auto | Stopped] -- C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe -- (CodeMeter.exe)
SRV - [2009.11.05 22:05:28 | 000,489,312 | ---- | M] (TOSHIBA Corporation) [Auto | Stopped] -- C:\Programme\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV - [2009.11.05 09:19:12 | 000,137,560 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Programme\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
SRV - [2009.10.30 12:53:36 | 000,824,176 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Programme\TOSHIBA\TPHM\TPCHSrv.exe -- (TPCHSrv)
SRV - [2009.10.27 20:12:14 | 000,252,784 | ---- | M] (TOSHIBA CORPORATION) [Auto | Stopped] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe -- (cfWiMAXService)
SRV - [2009.10.21 10:40:44 | 000,193,904 | ---- | M] (TOSHIBA CORPORATION) [On_Demand | Stopped] -- C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)
SRV - [2009.10.06 09:21:50 | 000,051,512 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2009.10.02 13:26:12 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2009.09.30 19:34:22 | 002,314,240 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2009.09.30 19:33:08 | 000,262,144 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2009.09.28 14:46:02 | 000,251,760 | ---- | M] (TOSHIBA Corporation) [Auto | Stopped] -- C:\Programme\TOSHIBA\TECO\TecoService.exe -- (TOSHIBA eco Utility Service)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.03.10 18:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) [Auto | Stopped] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)
SRV - [2007.05.31 18:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007.05.31 18:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2007.01.04 19:48:50 | 000,112,152 | ---- | M] (InterVideo) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.09.07 17:04:46 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012.06.22 07:40:58 | 000,069,672 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\cfwids.sys -- (cfwids)
DRV:64bit: - [2012.06.22 07:38:16 | 000,335,784 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfewfpk.sys -- (mfewfpk)
DRV:64bit: - [2012.06.22 07:36:54 | 000,106,112 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mferkdet.sys -- (mferkdet)
DRV:64bit: - [2012.06.22 07:36:12 | 000,752,672 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk)
DRV:64bit: - [2012.06.22 07:35:02 | 000,513,456 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfefirek.sys -- (mfefirek)
DRV:64bit: - [2012.06.22 07:34:22 | 000,300,392 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk)
DRV:64bit: - [2012.06.22 07:34:00 | 000,169,320 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mfeapfk.sys -- (mfeapfk)
DRV:64bit: - [2012.04.20 16:40:58 | 000,196,440 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HipShieldK.sys -- (HipShieldK)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.02.15 12:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.20 11:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010.04.26 17:23:08 | 001,103,904 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192se.sys -- (rtl8192se)
DRV:64bit: - [2010.04.13 21:10:24 | 000,066,040 | ---- | M] (Mozy, Inc.) [File_System | System | Stopped] -- C:\Windows\SysNative\drivers\MOBK.sys -- (MOBKFilter)
DRV:64bit: - [2009.11.05 22:15:40 | 000,291,328 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009.10.15 20:11:26 | 000,307,760 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009.10.02 12:58:58 | 000,537,112 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009.09.24 17:55:00 | 000,212,072 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tosrfbd.sys -- (tosrfbd)
DRV:64bit: - [2009.09.23 10:25:22 | 000,144,496 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\jmcr.sys -- (JMCR)
DRV:64bit: - [2009.09.17 12:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
DRV:64bit: - [2009.09.14 14:30:26 | 000,058,744 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tosrfusb.sys -- (Tosrfusb)
DRV:64bit: - [2009.08.21 13:24:04 | 000,084,512 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2009.08.05 12:56:04 | 000,063,856 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TosRfSnd.sys -- (TosRfSnd)
DRV:64bit: - [2009.07.30 21:02:36 | 000,044,912 | ---- | M] (COMPAL ELECTRONIC INC.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\LPCFilter.sys -- (LPCFilter)
DRV:64bit: - [2009.07.30 19:22:04 | 000,027,784 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV:64bit: - [2009.07.28 20:02:10 | 000,081,768 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\tosrfcom.sys -- (Tosrfcom)
DRV:64bit: - [2009.07.24 15:57:08 | 000,482,384 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tos_sps64.sys -- (tos_sps64)
DRV:64bit: - [2009.07.24 11:33:14 | 000,026,472 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tosrfnds.sys -- (tosrfnds)
DRV:64bit: - [2009.07.14 16:31:18 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 02:10:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rootmdm.sys -- (ROOTMODEM)
DRV:64bit: - [2009.07.14 02:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2009.07.13 22:12:36 | 000,019,824 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tosrfec.sys -- (tosrfec)
DRV:64bit: - [2009.06.29 16:16:20 | 000,014,784 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\Thpevm.sys -- (Thpevm)
DRV:64bit: - [2009.06.29 10:25:22 | 000,034,880 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\thpdrv.sys -- (Thpdrv)
DRV:64bit: - [2009.06.22 17:06:38 | 000,035,008 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PGEffect.sys -- (PGEffect)
DRV:64bit: - [2009.06.20 04:09:57 | 001,394,688 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009.06.19 19:15:22 | 000,014,472 | ---- | M] (TOSHIBA Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TVALZFL.sys -- (TVALZFL)
DRV:64bit: - [2009.06.19 10:00:26 | 000,094,336 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Tosrfhid.sys -- (Tosrfhid)
DRV:64bit: - [2009.06.19 09:59:32 | 000,050,664 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tosrfbnp.sys -- (tosrfbnp)
DRV:64bit: - [2009.06.17 12:01:04 | 000,054,664 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tosporte.sys -- (tosporte)
DRV:64bit: - [2009.06.10 23:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009.06.10 23:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009.06.10 23:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.05.18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2008.11.08 10:55:22 | 000,115,328 | R--- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (hwdatacard)
DRV:64bit: - [2008.10.05 16:39:40 | 000,011,712 | ---- | M] (UVNC BVBA) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mv2.sys -- (mv2)
DRV:64bit: - [2007.04.16 20:51:50 | 000,014,112 | R--- | M] (InterVideo) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\regi.sys -- (regi)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSEH&bmod=TSEH
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.facebook.de/hxxp://www [Binary data over 200 bytes]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKCU\..\URLSearchHook: {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files (x86)\pdfforge Toolbar\IE\6.3\pdfforgeToolbarIE.dll (Spigot, Inc.)
IE - HKCU\..\URLSearchHook: {ebd898f8-fcf6-4694-bc3b-eabc7271eeb1} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&affID=107738&tt=2912_3&babsrc=SP_ss&mntrId=844424a3000000000000701a04df3150
IE - HKCU\..\SearchScopes\{1AC28B20-DD3B-4A03-B44F-B584B7E67FFC}: "URL" = hxxp://search.gmx.com/web?q={searchTerms}&origin=tb_splugin_ie
IE - HKCU\..\SearchScopes\{3B814CBA-94E0-493A-A038-5CF47AB2BB02}: "URL" = hxxp://go.web.de/tb/ie_searchplugin/?su={searchTerms}
IE - HKCU\..\SearchScopes\{41E4B982-D06A-42B2-9AB2-B2D2C6CEED9C}: "URL" = hxxp://rover.ebay.com/rover/1/707-44556-9400-9/4?satitle={searchTerms}
IE - HKCU\..\SearchScopes\{4D4E3716-44C4-45DF-A426-8486821ACF66}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=302398&p={searchTerms}
IE - HKCU\..\SearchScopes\{57DC605D-72D2-4B9B-A6B9-72591D256296}: "URL" = hxxp://www.amazon.de/gp/search?ie=UTF8&keywords={searchTerms}&tag=tochibade-win7-ie-search-21&index=blended&linkCode=ur2
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7TSEH_deDE387
IE - HKCU\..\SearchScopes\{89537AE7-A8E6-42B1-838D-AFC59299DB05}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3196716
IE - HKCU\..\SearchScopes\{C756805E-8A03-4BAB-83D6-A588AFEC85A7}: "URL" = hxxp://go.gmx.net/tb/ie_searchplugin/?su={searchTerms}
IE - HKCU\..\SearchScopes\{D292DBF8-231A-4BE5-9C1F-923D05EE14C9}: "URL" = hxxp://de.search.yahoo.com/search?fr=mcafee&p={SearchTerms}
IE - HKCU\..\SearchScopes\{D52DA9F3-DFFF-410C-808C-1B7FB7D2F2F1}: "URL" = hxxp://go.1und1.de/tb/ie_searchplugin/?su={searchTerms}
IE - HKCU\..\SearchScopes\{F3FDFC3E-81F9-4E7F-8833-D47E6C3246CD}: "URL" = hxxp://de.search.yahoo.com/search?fr=mcafee&p={SearchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
FF - prefs.js..browser.search.defaultthis.engineName: "MyVideo-Websuche "
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2508583&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=302398&ilc=12"
FF - prefs.js..browser.search.selectedEngine: "Sichere Suche"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.web.de"
FF - prefs.js..extensions.enabledAddons: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.4.8.20120412011105
FF - prefs.js..extensions.enabledAddons: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:6.2.0.10687
FF - prefs.js..extensions.enabledAddons: toolbar@web.de:2.2.2
FF - prefs.js..extensions.enabledAddons: pdfforge@mybrowserbar.com:6.3
FF - prefs.js..extensions.enabledAddons: wtxpcom@mybrowserbar.com:6.3
FF - prefs.js..extensions.enabledAddons: {4ED1F68A-5463-4931-9384-8FFF5ED91D92}:3.5.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: pdfforge@mybrowserbar.com:4.3
FF - prefs.js..extensions.enabledItems: wtxpcom@mybrowserbar.com:4.3
FF - prefs.js..extensions.enabledItems: toolbar@web.de:1.5.1
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.3
FF - prefs.js..keyword.URL: "hxxp://de.search.yahoo.com/search?fr=mcafee&p="
FF - prefs.js..network.proxy.type: 0
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\progra~2\mcafee\msc\npmcsn~1.dll ()
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\fam.hotz\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\facebook.com/fbDesktopPlugin: C:\Users\fam.hotz\AppData\Local\Facebook\Messenger\2.1.4631.0\npFbDesktopPlugin.dll (Facebook, Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files (x86)\McAfee\SiteAdvisor [2012.08.24 03:35:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.09.07 03:32:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.09.03 00:08:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.09.07 03:32:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.09.03 00:08:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\msktbird@mcafee.com: C:\Program Files\McAfee\MSK [2012.09.09 14:43:15 | 000,000,000 | ---D | M]
 
[2010.07.06 14:29:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\fam.hotz\AppData\Roaming\mozilla\Extensions
[2012.09.26 09:27:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\fam.hotz\AppData\Roaming\mozilla\Firefox\Profiles\vxmgl5z7.default\extensions
[2012.05.20 00:08:41 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\fam.hotz\AppData\Roaming\mozilla\Firefox\Profiles\vxmgl5z7.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2012.09.21 16:46:16 | 000,616,675 | ---- | M] () (No name found) -- C:\Users\fam.hotz\AppData\Roaming\mozilla\firefox\profiles\vxmgl5z7.default\extensions\toolbar@web.de.xpi
[2011.11.03 21:58:19 | 000,000,933 | ---- | M] () -- C:\Users\fam.hotz\AppData\Roaming\mozilla\firefox\profiles\vxmgl5z7.default\searchplugins\11-suche.xml
[2010.06.21 11:07:08 | 000,000,893 | ---- | M] () -- C:\Users\fam.hotz\AppData\Roaming\mozilla\firefox\profiles\vxmgl5z7.default\searchplugins\conduit.xml
[2011.11.03 21:58:19 | 000,002,419 | ---- | M] () -- C:\Users\fam.hotz\AppData\Roaming\mozilla\firefox\profiles\vxmgl5z7.default\searchplugins\englische-ergebnisse.xml
[2011.11.03 21:58:19 | 000,010,525 | ---- | M] () -- C:\Users\fam.hotz\AppData\Roaming\mozilla\firefox\profiles\vxmgl5z7.default\searchplugins\gmx-suche.xml
[2011.11.03 21:58:19 | 000,002,457 | ---- | M] () -- C:\Users\fam.hotz\AppData\Roaming\mozilla\firefox\profiles\vxmgl5z7.default\searchplugins\lastminute.xml
[2011.08.12 15:10:19 | 000,005,508 | ---- | M] () -- C:\Users\fam.hotz\AppData\Roaming\mozilla\firefox\profiles\vxmgl5z7.default\searchplugins\webde-suche.xml
[2012.08.14 16:57:12 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012.09.02 14:14:53 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012.06.08 15:16:23 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\distribution\extensions
[2012.06.08 15:16:23 | 000,000,000 | ---D | M] (WEB.DE MailCheck) -- C:\Program Files (x86)\Mozilla Firefox\distribution\extensions\toolbar@web.de
[2012.09.26 09:27:50 | 000,000,000 | ---D | M] (Widgi Toolbar Platform) -- C:\PROGRAM FILES (X86)\COMMON FILES\SPIGOT\WTXPCOM
[2012.08.24 03:35:55 | 000,000,000 | ---D | M] (McAfee SiteAdvisor) -- C:\PROGRAM FILES (X86)\MCAFEE\SITEADVISOR
[2012.09.26 09:27:50 | 000,000,000 | ---D | M] (pdfforge Toolbar) -- C:\PROGRAM FILES (X86)\PDFFORGE TOOLBAR\FF
[2012.06.29 08:18:19 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2010.06.22 04:36:30 | 000,423,656 | ---- | M] (Oracle) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2012.06.01 18:33:00 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.07.19 10:47:39 | 000,002,349 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
[2012.06.01 18:33:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.06.01 18:33:00 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.01 18:33:00 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.07.20 23:52:50 | 000,002,027 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\McSiteAdvisor.xml
[2012.06.01 18:33:00 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.01 18:33:00 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\MSKAPB~1.DLL File not found
O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O2:64bit: - BHO: (WEB.DE Toolbar BHO) - {BF42D4A8-016E-4fcd-B1EB-837659FD77C6} - C:\Programme\WEB.DE Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH)
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Programme\McAfee\MSK\mskapbho.dll ()
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files (x86)\pdfforge Toolbar\IE\6.3\pdfforgeToolbarIE.dll (Spigot, Inc.)
O2 - BHO: (WEB.DE Toolbar BHO) - {BF42D4A8-016E-4fcd-B1EB-837659FD77C6} - C:\Program Files (x86)\WEB.DE Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O3:64bit: - HKLM\..\Toolbar: (WEB.DE Toolbar) - {C424171E-592A-415a-9EB1-DFD6D95D3530} - C:\Programme\WEB.DE Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files (x86)\pdfforge Toolbar\IE\6.3\pdfforgeToolbarIE.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (WEB.DE Toolbar) - {C424171E-592A-415a-9EB1-DFD6D95D3530} - C:\Program Files (x86)\WEB.DE Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (WEB.DE Toolbar) - {C424171E-592A-415A-9EB1-DFD6D95D3530} - C:\Programme\WEB.DE Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH)
O3 - HKCU\..\Toolbar\WebBrowser: (WEB.DE Toolbar) - {C424171E-592A-415A-9EB1-DFD6D95D3530} - C:\Program Files (x86)\WEB.DE Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH)
O4:64bit: - HKLM..\Run: [00TCrdMain] C:\Programme\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [HDMICtrlMan] C:\Programme\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe (TOSHIBA Corporation.)
O4:64bit: - HKLM..\Run: [HSON] C:\Programme\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [SmartFaceVWatcher] C:\Programme\TOSHIBA\SmartFaceV\SmartFaceVWatcher.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [SmoothView] C:\Programme\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [Teco] C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [ThpSrv] C:\Windows\SysNative\thpsrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [Toshiba Registration] C:\Programme\TOSHIBA\Registration\ToshibaReminder.exe (Toshiba Europe GmbH)
O4:64bit: - HKLM..\Run: [Toshiba TEMPRO] C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe (Toshiba Europe GmbH)
O4:64bit: - HKLM..\Run: [TosNC] C:\Programme\TOSHIBA\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosReelTimeMonitor] C:\Programme\TOSHIBA\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosSENotify] C:\Programme\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosWaitSrv] C:\Programme\TOSHIBA\TPHM\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TPwrMain] C:\Programme\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [FSM-Connector] c:\DRISC\Programme\fsm-Connector.exe (Springer Fachmedien München GmbH)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [SearchSettings] C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)
O4 - HKLM..\Run: [SpiderService] C:\Program Files (x86)\Vogel Verlag\Gemeinsame Komponenten\FahrenLernenSync\Vogel.USBSpider.exe (Verlag Heinrich Vogel in der Springer Transport Media GmbH)
O4 - HKCU..\Run: [Facebook Update] C:\Users\fam.hotz\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKCU..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe File not found
O4 - HKCU..\Run: [TOSHIBA Online Product Information] C:\Program Files (x86)\TOSHIBA\Toshiba Online Product Information\TOPI.exe (TOSHIBA)
O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Users\fam.hotz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk = C:\ProgramData\lsass.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MIF5BA~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MIF5BA~1\Office12\EXCEL.EXE/3000 File not found
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 10.5.1)
O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx (WRC Class)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 10.5.1)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{20CB5B6B-BC97-405F-B402-302D2689BC97}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Handler\webde {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - C:\Programme\WEB.DE Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\webde {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - C:\Program Files (x86)\WEB.DE Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH)
O18:64bit: - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Programme\McAfee\MSC\McSnIePl64.dll (McAfee, Inc.)
O18:64bit: - Protocol\Filter\text/xml - No CLSID value found
O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{5bc1a5d2-bd9c-11e0-a917-705ab6ba7be1}\Shell - "" = AutoRun
O33 - MountPoints2\{5bc1a5d2-bd9c-11e0-a917-705ab6ba7be1}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{63dbbe7a-8ca8-11df-889f-705ab6ba7be1}\Shell - "" = AutoRun
O33 - MountPoints2\{63dbbe7a-8ca8-11df-889f-705ab6ba7be1}\Shell\AutoRun\command - "" = F:\iStudio.exe
O33 - MountPoints2\{7781b660-e298-11df-b463-705ab6ba7be1}\Shell - "" = AutoRun
O33 - MountPoints2\{7781b660-e298-11df-b463-705ab6ba7be1}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{7781b662-e298-11df-b463-705ab6ba7be1}\Shell - "" = AutoRun
O33 - MountPoints2\{7781b662-e298-11df-b463-705ab6ba7be1}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{be83448f-d91e-11df-8c75-705ab6ba7be1}\Shell - "" = AutoRun
O33 - MountPoints2\{be83448f-d91e-11df-8c75-705ab6ba7be1}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{be834494-d91e-11df-8c75-705ab6ba7be1}\Shell - "" = AutoRun
O33 - MountPoints2\{be834494-d91e-11df-8c75-705ab6ba7be1}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{be8344a9-d91e-11df-8c75-705ab6ba7be1}\Shell - "" = AutoRun
O33 - MountPoints2\{be8344a9-d91e-11df-8c75-705ab6ba7be1}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{be8344ad-d91e-11df-8c75-705ab6ba7be1}\Shell - "" = AutoRun
O33 - MountPoints2\{be8344ad-d91e-11df-8c75-705ab6ba7be1}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{dc06b9a5-c0e9-11e0-9a89-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{dc06b9a5-c0e9-11e0-9a89-806e6f6e6963}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.09.27 13:58:53 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\fam.hotz\Desktop\OTL.exe
[2012.09.27 13:16:41 | 000,000,000 | ---D | C] -- C:\Users\fam.hotz\AppData\Roaming\Malwarebytes
[2012.09.27 13:16:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.09.27 13:16:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.09.27 13:16:37 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.09.27 13:16:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.09.27 13:06:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
[2012.09.27 06:06:50 | 000,000,000 | -HSD | C] -- C:\found.001
[2012.09.26 21:54:44 | 000,000,000 | -HSD | C] -- C:\found.000
[2012.09.26 19:17:34 | 000,000,000 | ---D | C] -- C:\Kaspersky Rescue Disk 10.0
[2012.09.26 13:13:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2012.09.26 09:42:04 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\ProgramData\lsass.exe
[2012.09.26 09:27:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Spigot
[2012.09.26 09:27:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\pdfforge Toolbar
[2012.09.26 09:27:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Application Updater
[2012.09.08 05:47:34 | 000,000,000 | ---D | C] -- C:\Users\fam.hotz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Facebook
[2012.09.07 03:33:24 | 000,196,440 | ---- | C] (McAfee, Inc.) -- C:\Windows\SysNative\drivers\HipShieldK.sys
[2012.09.02 14:44:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Conduit
[2012.09.02 14:44:45 | 000,000,000 | ---D | C] -- C:\Users\fam.hotz\AppData\Local\Conduit
[2 C:\Users\fam.hotz\AppData\Local\*.tmp files -> C:\Users\fam.hotz\AppData\Local\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.09.27 13:59:08 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\fam.hotz\Desktop\OTL.exe
[2012.09.27 13:57:19 | 000,000,000 | ---- | M] () -- C:\Users\fam.hotz\defogger_reenable
[2012.09.27 13:55:02 | 000,050,477 | ---- | M] () -- C:\Users\fam.hotz\Desktop\Defogger.exe
[2012.09.27 13:16:38 | 000,001,076 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.09.27 12:59:25 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.09.27 12:59:19 | 3112,378,368 | -HS- | M] () -- C:\hiberfil.sys
[2012.09.27 06:45:02 | 000,016,304 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.09.27 06:45:02 | 000,016,304 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.09.27 05:30:38 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.09.26 21:56:47 | 000,006,704 | ---- | M] () -- C:\bootsqm.dat
[2012.09.26 21:46:06 | 083,023,306 | ---- | M] () -- C:\ProgramData\dsgsdgdsgdsgw.pad
[2012.09.26 20:46:04 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.09.26 20:36:02 | 000,001,150 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3142655598-3952497801-419806587-1001UA.job
[2012.09.26 20:24:44 | 001,622,170 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.09.26 16:54:56 | 000,700,636 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.09.26 16:54:56 | 000,655,318 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.09.26 16:54:56 | 000,149,418 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.09.26 16:54:56 | 000,122,190 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.09.26 13:14:35 | 000,000,000 | ---- | M] () -- C:\Windows\ToDisc.INI
[2012.09.26 09:42:07 | 000,000,835 | ---- | M] () -- C:\Users\fam.hotz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
[2012.09.26 09:39:46 | 000,001,128 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3142655598-3952497801-419806587-1001Core.job
[2012.09.22 19:10:35 | 1276,346,705 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012.09.15 08:09:37 | 001,600,064 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.09.07 17:04:46 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2 C:\Users\fam.hotz\AppData\Local\*.tmp files -> C:\Users\fam.hotz\AppData\Local\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.09.27 13:57:19 | 000,000,000 | ---- | C] () -- C:\Users\fam.hotz\defogger_reenable
[2012.09.27 13:55:02 | 000,050,477 | ---- | C] () -- C:\Users\fam.hotz\Desktop\Defogger.exe
[2012.09.27 13:16:38 | 000,001,076 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.09.26 21:56:47 | 000,006,704 | ---- | C] () -- C:\bootsqm.dat
[2012.09.26 13:14:35 | 000,000,000 | ---- | C] () -- C:\Windows\ToDisc.INI
[2012.09.26 09:42:07 | 000,000,835 | ---- | C] () -- C:\Users\fam.hotz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
[2012.09.26 09:42:05 | 083,023,306 | ---- | C] () -- C:\ProgramData\dsgsdgdsgdsgw.pad
[2012.05.07 14:34:04 | 000,017,920 | ---- | C] () -- C:\Windows\SysWow64\rpcnetp.dll
[2012.05.07 14:33:46 | 000,017,920 | ---- | C] () -- C:\Windows\SysWow64\rpcnetp.exe
[2012.01.25 07:24:32 | 000,000,000 | ---- | C] () -- C:\Users\fam.hotz\AppData\Local\{40FA243E-74DA-43FE-B1C1-B4A112852F54}
[2012.01.23 15:54:37 | 000,000,000 | ---- | C] () -- C:\Users\fam.hotz\AppData\Local\{C4E4FA6D-6270-4D01-8D6C-0F5E3F8BA157}
[2012.01.08 13:47:52 | 000,000,000 | ---- | C] () -- C:\Users\fam.hotz\AppData\Local\{2A5FBD17-720C-44DF-A595-93BA8EC7C776}
[2012.01.08 13:46:29 | 000,000,000 | ---- | C] () -- C:\Users\fam.hotz\AppData\Local\{67BA7A90-D1F4-49DC-A6AE-D1EE36FAC7AA}
[2012.01.08 13:38:09 | 000,000,000 | ---- | C] () -- C:\Users\fam.hotz\AppData\Local\{4E249649-9FCD-4C36-BEE0-EC45182ECB67}
[2012.01.08 13:38:09 | 000,000,000 | ---- | C] () -- C:\Users\fam.hotz\AppData\Local\{2AAE9CF3-EA78-49F8-8D1A-9EE33C34DE79}
[2012.01.08 13:17:17 | 000,000,000 | ---- | C] () -- C:\Users\fam.hotz\AppData\Local\{CA272593-DD18-4DE1-A538-9506827AABB6}
[2012.01.08 13:16:52 | 000,000,000 | ---- | C] () -- C:\Users\fam.hotz\AppData\Local\{2B12EAD3-4AB3-4672-A4AF-EEC354F38436}
[2012.01.08 12:18:19 | 000,000,000 | ---- | C] () -- C:\Users\fam.hotz\AppData\Local\{664886EF-498D-4889-8889-1C91C7C38055}
[2012.01.08 12:18:18 | 000,000,000 | ---- | C] () -- C:\Users\fam.hotz\AppData\Local\{0FF97598-4DE1-4672-B294-EFC9521C2DA5}
[2012.01.08 12:08:35 | 000,000,000 | ---- | C] () -- C:\Users\fam.hotz\AppData\Local\{CF3DD904-FAF4-4462-A388-AAFB21A9F08E}
[2012.01.04 22:00:23 | 000,000,000 | ---- | C] () -- C:\Users\fam.hotz\AppData\Local\{3825E774-222A-446B-B2C8-70A61C5F5BF3}
[2012.01.02 22:41:44 | 000,000,000 | ---- | C] () -- C:\Users\fam.hotz\AppData\Local\{7FADD4E8-EBA4-49A5-90C8-A908C8B6CA41}
[2012.01.02 22:36:33 | 000,000,000 | ---- | C] () -- C:\Users\fam.hotz\AppData\Local\{EEEC3750-5AC9-4F94-99F1-C45FF97197F3}
[2012.01.01 21:30:13 | 000,000,000 | ---- | C] () -- C:\Users\fam.hotz\AppData\Local\{C629A7E3-3739-42E2-9582-030580276BA4}
[2012.01.01 21:28:22 | 000,000,000 | ---- | C] () -- C:\Users\fam.hotz\AppData\Local\{07D2FBAF-5444-43EC-94E8-8772A063EA81}
[2011.12.24 21:03:29 | 000,000,000 | ---- | C] () -- C:\Users\fam.hotz\AppData\Local\{F08FF2B6-4798-4F1B-9AB8-608A93DFF2EA}
[2011.12.24 21:02:07 | 000,000,000 | ---- | C] () -- C:\Users\fam.hotz\AppData\Local\{ABF68612-47EB-4F14-9C2E-4EA7E201AC9D}
[2011.12.24 20:56:01 | 000,000,000 | ---- | C] () -- C:\Users\fam.hotz\AppData\Local\{B16B0C58-E3C3-4BEF-89A6-F9AD380635B2}
[2011.12.24 20:54:59 | 000,000,000 | ---- | C] () -- C:\Users\fam.hotz\AppData\Local\{1A51895A-3E2E-41B2-AA3C-953C19B3F1E5}
[2011.12.24 19:58:19 | 000,000,000 | ---- | C] () -- C:\Users\fam.hotz\AppData\Local\{6693EF48-3245-459E-957A-25D64D6AE4CE}
[2011.12.07 22:07:05 | 000,000,000 | ---- | C] () -- C:\Users\fam.hotz\AppData\Local\{E0B853AF-7759-474F-9F77-2FBDC6254810}
[2011.12.07 22:06:19 | 000,000,000 | ---- | C] () -- C:\Users\fam.hotz\AppData\Local\{DDF20D14-7BAC-4C55-900F-D61E1E41D0E5}
[2011.11.01 21:13:35 | 000,000,000 | ---- | C] () -- C:\Users\fam.hotz\AppData\Local\{2FAB2DB4-7FEF-4000-BD2D-07C0F40BD690}
[2011.10.29 09:23:01 | 000,000,084 | ---- | C] () -- C:\Windows\wininit.ini
[2011.10.14 07:10:56 | 000,000,000 | ---- | C] () -- C:\Users\fam.hotz\AppData\Local\{DE36EAD8-D607-4E34-8982-84D9030F181E}
[2011.10.12 12:45:51 | 000,000,000 | ---- | C] () -- C:\Users\fam.hotz\AppData\Local\{D730738C-90D5-4202-96C6-3B48E79C3E31}
[2011.10.03 19:58:13 | 000,000,000 | ---- | C] () -- C:\Users\fam.hotz\AppData\Local\{0F27CF04-A82D-4EF2-A1F7-13DD953F196C}
[2011.10.03 14:37:49 | 000,000,000 | ---- | C] () -- C:\Users\fam.hotz\AppData\Local\{9F08D340-2023-43FA-AD8A-7E0BC32CEBF8}
[2011.10.03 14:36:21 | 000,000,000 | ---- | C] () -- C:\Users\fam.hotz\AppData\Local\{38947352-25D3-4376-A5A2-ED57328108B1}
[2011.09.11 20:38:22 | 000,000,000 | ---- | C] () -- C:\Users\fam.hotz\AppData\Local\{B4FBFD58-F11E-4557-BEE0-A7BEFB46E778}
[2011.08.02 20:01:50 | 000,000,000 | ---- | C] () -- C:\Users\fam.hotz\AppData\Local\{916DC63B-A9A8-447A-B0B8-CA1572A17472}
[2011.07.19 08:02:13 | 000,000,000 | ---- | C] () -- C:\Users\fam.hotz\AppData\Local\{BB94F024-764B-4E67-B466-86F2A4A56303}
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2011.12.26 00:29:53 | 000,000,000 | ---D | M] -- C:\Users\fam.hotz\AppData\Roaming\1&1 Mail & Media GmbH
[2011.12.24 21:02:59 | 000,000,000 | ---D | M] -- C:\Users\fam.hotz\AppData\Roaming\Amazon
[2012.07.19 10:47:32 | 000,000,000 | ---D | M] -- C:\Users\fam.hotz\AppData\Roaming\Babylon
[2012.06.29 21:28:44 | 000,000,000 | ---D | M] -- C:\Users\fam.hotz\AppData\Roaming\Buhl Data Service
[2011.03.10 19:58:56 | 000,000,000 | ---D | M] -- C:\Users\fam.hotz\AppData\Roaming\Digiarty
[2011.03.06 15:03:18 | 000,000,000 | ---D | M] -- C:\Users\fam.hotz\AppData\Roaming\HandBrake
[2011.02.27 11:33:29 | 000,000,000 | ---D | M] -- C:\Users\fam.hotz\AppData\Roaming\InterVideo
[2010.07.06 20:12:29 | 000,000,000 | ---D | M] -- C:\Users\fam.hotz\AppData\Roaming\OpenOffice.org
[2011.12.24 20:13:52 | 000,000,000 | ---D | M] -- C:\Users\fam.hotz\AppData\Roaming\RavensburgerTipToi
[2011.11.02 15:44:12 | 000,000,000 | ---D | M] -- C:\Users\fam.hotz\AppData\Roaming\TeamViewer
[2010.10.24 19:39:51 | 000,000,000 | ---D | M] -- C:\Users\fam.hotz\AppData\Roaming\Toshiba
[2011.03.10 20:39:52 | 000,000,000 | ---D | M] -- C:\Users\fam.hotz\AppData\Roaming\Ulead Systems
[2010.10.09 11:26:01 | 000,000,000 | ---D | M] -- C:\Users\fam.hotz\AppData\Roaming\UNOUndercover
 
========== Purity Check ==========
 
 
 
========== Files - Unicode (All) ==========
[2012.08.17 14:47:41 | 000,000,000 | ---D | M](C:\Windows\SysWow64\?H?Hsers) -- C:\Windows\SysWow64\HꑐHsers
[2012.08.17 14:47:41 | 000,000,000 | ---D | C](C:\Windows\SysWow64\?H?Hsers) -- C:\Windows\SysWow64\HꑐHsers

< End of report >

--- --- ---

t'john · 27.09.2012, 13:47

Die Bereinigung besteht aus mehreren Schritten, die ausgefuehrt werden muessen.
Diese Nacheinander abarbeiten und die 4 Logs, die dabei erstellt werden bitte in deine naechste Antwort einfuegen.

Sollte der OTL-FIX nicht richig durchgelaufen sein. Fahre nicht fort, sondern mede dies bitte.

1. Schritt

Fixen mit OTL

Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).

Deaktiviere etwaige Virenscanner wie Avira, Kaspersky etc.
Starte die OTL.exe.
Vista- und Windows 7-User starten mit Rechtsklick auf das Programm-Icon und wählen "Als Administrator ausführen".
Kopiere folgendes Skript in das Textfeld unterhalb von Benuterdefinierte Scans/Fixes:
Der Fix fängt mit :OTL an. Vergewissere dich, dass du ihn richtig kopiert hast.

Code:

ATTFilter

:OTL
SRV - [2012.09.19 16:21:14 | 000,795,072 | ---- | M] (Spigot, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe -- (Application Updater) 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} 
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC 
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC 
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) 
IE - HKCU\..\URLSearchHook: {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files (x86)\pdfforge Toolbar\IE\6.3\pdfforgeToolbarIE.dll (Spigot, Inc.) 
IE - HKCU\..\URLSearchHook: {ebd898f8-fcf6-4694-bc3b-eabc7271eeb1} - No CLSID value found 
IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} 
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC 
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&affID=107738&tt=2912_3&babsrc=SP_ss&mntrId=844424a3000000000000701a04df3150 
IE - HKCU\..\SearchScopes\{1AC28B20-DD3B-4A03-B44F-B584B7E67FFC}: "URL" = http://search.gmx.com/web?q={searchTerms}&origin=tb_splugin_ie 
IE - HKCU\..\SearchScopes\{3B814CBA-94E0-493A-A038-5CF47AB2BB02}: "URL" = http://go.web.de/tb/ie_searchplugin/?su={searchTerms} 
IE - HKCU\..\SearchScopes\{41E4B982-D06A-42B2-9AB2-B2D2C6CEED9C}: "URL" = http://rover.ebay.com/rover/1/707-44556-9400-9/4?satitle={searchTerms} 
IE - HKCU\..\SearchScopes\{4D4E3716-44C4-45DF-A426-8486821ACF66}: "URL" = http://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=302398&p={searchTerms} 
IE - HKCU\..\SearchScopes\{57DC605D-72D2-4B9B-A6B9-72591D256296}: "URL" = http://www.amazon.de/gp/search?ie=UTF8&keywords={searchTerms}&tag=tochibade-win7-ie-search-21&index=blended&linkCode=ur2 
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7TSEH_deDE387 
IE - HKCU\..\SearchScopes\{89537AE7-A8E6-42B1-838D-AFC59299DB05}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3196716 
IE - HKCU\..\SearchScopes\{C756805E-8A03-4BAB-83D6-A588AFEC85A7}: "URL" = http://go.gmx.net/tb/ie_searchplugin/?su={searchTerms} 
IE - HKCU\..\SearchScopes\{D292DBF8-231A-4BE5-9C1F-923D05EE14C9}: "URL" = http://de.search.yahoo.com/search?fr=mcafee&p={SearchTerms} 
IE - HKCU\..\SearchScopes\{D52DA9F3-DFFF-410C-808C-1B7FB7D2F2F1}: "URL" = http://go.1und1.de/tb/ie_searchplugin/?su={searchTerms} 
IE - HKCU\..\SearchScopes\{F3FDFC3E-81F9-4E7F-8833-D47E6C3246CD}: "URL" = http://de.search.yahoo.com/search?fr=mcafee&p={SearchTerms} 
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local 
FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)" 
FF - prefs.js..browser.search.defaultthis.engineName: "MyVideo-Websuche " 
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2508583&SearchSource=3&q={searchTerms}" 
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)" 
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=302398&ilc=12" 
FF - prefs.js..browser.search.selectedEngine: "Sichere Suche" 
FF - prefs.js..browser.search.suggest.enabled: false 
FF - prefs.js..browser.search.useDBForOrder: true 
FF - prefs.js..browser.startup.homepage: "www.web.de" 
FF - prefs.js..extensions.enabledAddons: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.4.8.20120412011105 
FF - prefs.js..extensions.enabledAddons: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:6.2.0.10687 
FF - prefs.js..extensions.enabledAddons: toolbar@web.de:2.2.2 
FF - prefs.js..extensions.enabledAddons: pdfforge@mybrowserbar.com:6.3 
FF - prefs.js..extensions.enabledAddons: wtxpcom@mybrowserbar.com:6.3 
FF - prefs.js..extensions.enabledAddons: {4ED1F68A-5463-4931-9384-8FFF5ED91D92}:3.5.0 
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 
FF - prefs.js..extensions.enabledItems: pdfforge@mybrowserbar.com:4.3 
FF - prefs.js..extensions.enabledItems: wtxpcom@mybrowserbar.com:4.3 
FF - prefs.js..extensions.enabledItems: toolbar@web.de:1.5.1 
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.3 
FF - prefs.js..keyword.URL: "http://de.search.yahoo.com/search?fr=mcafee&p=" 
FF - prefs.js..network.proxy.type: 0 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found 
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found 
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found 
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found 
O2:64bit: - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\MSKAPB~1.DLL File not found 
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. 
O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files (x86)\pdfforge Toolbar\IE\6.3\pdfforgeToolbarIE.dll (Spigot, Inc.) 
O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files (x86)\pdfforge Toolbar\IE\6.3\pdfforgeToolbarIE.dll (Spigot, Inc.) 
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (WEB.DE Toolbar) - {C424171E-592A-415A-9EB1-DFD6D95D3530} - C:\Programme\WEB.DE Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH) 
O3 - HKCU\..\Toolbar\WebBrowser: (WEB.DE Toolbar) - {C424171E-592A-415A-9EB1-DFD6D95D3530} - C:\Program Files (x86)\WEB.DE Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH) 
O4 - HKLM..\Run: [] File not found 
O4 - HKLM..\Run: [SearchSettings] C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.) 
O4 - HKCU..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe File not found 
O4 - Startup: C:\Users\fam.hotz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk = C:\ProgramData\lsass.exe (Microsoft Corporation) 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MIF5BA~1\Office12\EXCEL.EXE/3000 File not found 
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MIF5BA~1\Office12\EXCEL.EXE/3000 File not found 
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 10.5.1) 
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) 
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 10.5.1) 
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. 
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. 
O32 - HKLM CDRom: AutoRun - 1 
O33 - MountPoints2\{5bc1a5d2-bd9c-11e0-a917-705ab6ba7be1}\Shell - "" = AutoRun 
O33 - MountPoints2\{5bc1a5d2-bd9c-11e0-a917-705ab6ba7be1}\Shell\AutoRun\command - "" = G:\AutoRun.exe 
O33 - MountPoints2\{63dbbe7a-8ca8-11df-889f-705ab6ba7be1}\Shell - "" = AutoRun 
O33 - MountPoints2\{63dbbe7a-8ca8-11df-889f-705ab6ba7be1}\Shell\AutoRun\command - "" = F:\iStudio.exe 
O33 - MountPoints2\{7781b660-e298-11df-b463-705ab6ba7be1}\Shell - "" = AutoRun 
O33 - MountPoints2\{7781b660-e298-11df-b463-705ab6ba7be1}\Shell\AutoRun\command - "" = F:\AutoRun.exe 
O33 - MountPoints2\{7781b662-e298-11df-b463-705ab6ba7be1}\Shell - "" = AutoRun 
O33 - MountPoints2\{7781b662-e298-11df-b463-705ab6ba7be1}\Shell\AutoRun\command - "" = F:\AutoRun.exe 
O33 - MountPoints2\{be83448f-d91e-11df-8c75-705ab6ba7be1}\Shell - "" = AutoRun 
O33 - MountPoints2\{be83448f-d91e-11df-8c75-705ab6ba7be1}\Shell\AutoRun\command - "" = F:\AutoRun.exe 
O33 - MountPoints2\{be834494-d91e-11df-8c75-705ab6ba7be1}\Shell - "" = AutoRun 
O33 - MountPoints2\{be834494-d91e-11df-8c75-705ab6ba7be1}\Shell\AutoRun\command - "" = F:\AutoRun.exe 
O33 - MountPoints2\{be8344a9-d91e-11df-8c75-705ab6ba7be1}\Shell - "" = AutoRun 
O33 - MountPoints2\{be8344a9-d91e-11df-8c75-705ab6ba7be1}\Shell\AutoRun\command - "" = F:\AutoRun.exe 
O33 - MountPoints2\{be8344ad-d91e-11df-8c75-705ab6ba7be1}\Shell - "" = AutoRun 
O33 - MountPoints2\{be8344ad-d91e-11df-8c75-705ab6ba7be1}\Shell\AutoRun\command - "" = G:\AutoRun.exe 
O33 - MountPoints2\{dc06b9a5-c0e9-11e0-9a89-806e6f6e6963}\Shell - "" = AutoRun 
O33 - MountPoints2\{dc06b9a5-c0e9-11e0-9a89-806e6f6e6963}\Shell\AutoRun\command - "" = F:\AutoRun.exe 
[2012.09.26 21:46:06 | 083,023,306 | ---- | M] () -- C:\ProgramData\dsgsdgdsgdsgw.pad 
[2012.09.26 09:42:07 | 000,000,835 | ---- | M] () -- C:\Users\fam.hotz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk 

[2011.11.03 21:58:19 | 000,000,933 | ---- | M] () -- C:\Users\fam.hotz\AppData\Roaming\mozilla\firefox\profiles\vxmgl5z7.default\searchplugins\11-suche.xml 
[2011.11.03 21:58:19 | 000,002,419 | ---- | M] () -- C:\Users\fam.hotz\AppData\Roaming\mozilla\firefox\profiles\vxmgl5z7.default\searchplugins\englische-ergebnisse.xml 
[2011.11.03 21:58:19 | 000,010,525 | ---- | M] () -- C:\Users\fam.hotz\AppData\Roaming\mozilla\firefox\profiles\vxmgl5z7.default\searchplugins\gmx-suche.xml 
[2011.11.03 21:58:19 | 000,002,457 | ---- | M] () -- C:\Users\fam.hotz\AppData\Roaming\mozilla\firefox\profiles\vxmgl5z7.default\searchplugins\lastminute.xml 
[2010.06.21 11:07:08 | 000,000,893 | ---- | M] () -- C:\Users\fam.hotz\AppData\Roaming\mozilla\firefox\profiles\vxmgl5z7.default\searchplugins\conduit.xml 
[2011.08.12 15:10:19 | 000,005,508 | ---- | M] () -- C:\Users\fam.hotz\AppData\Roaming\mozilla\firefox\profiles\vxmgl5z7.default\searchplugins\webde-suche.xml 
[2012.09.26 09:27:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\fam.hotz\AppData\Roaming\mozilla\Firefox\Profiles\vxmgl5z7.default\extensions 
[2012.09.26 09:27:50 | 000,000,000 | ---D | M] (Widgi Toolbar Platform) -- C:\PROGRAM FILES (X86)\COMMON FILES\SPIGOT\WTXPCOM 
[2012.09.26 09:27:50 | 000,000,000 | ---D | M] (pdfforge Toolbar) -- C:\PROGRAM FILES (X86)\PDFFORGE TOOLBAR\FF 
[2012.09.26 09:27:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Spigot 
[2012.09.26 09:27:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\pdfforge Toolbar 
[2012.09.26 09:27:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Application Updater 
[2012.06.01 18:33:00 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml 
[2012.06.01 18:33:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml 
[2012.06.01 18:33:00 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml 
[2012.06.01 18:33:00 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml 
[2012.06.01 18:33:00 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml 
[2012.06.01 18:33:00 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml 
[2012.07.19 10:47:39 | 000,002,349 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml 
[2012.07.19 10:47:32 | 000,000,000 | ---D | M] -- C:\Users\fam.hotz\AppData\Roaming\Babylon 
[2012.07.20 23:52:50 | 000,002,027 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\McSiteAdvisor.xml 
[2012.09.27 06:06:50 | 000,000,000 | -HSD | C] -- C:\found.001 
[2012.09.26 21:54:44 | 000,000,000 | -HSD | C] -- C:\found.000 
[2012.09.02 14:44:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Conduit 
[2012.09.02 14:44:45 | 000,000,000 | ---D | C] -- C:\Users\fam.hotz\AppData\Local\Conduit 

:Files
C:\ProgramData\*.exe
C:\ProgramData\TEMP
C:\Users\fam.hotz\*.tmp
C:\Users\fam.hotz\AppData\Local\{*}
C:\Users\fam.hotz\AppData\Local\Temp\*.exe
C:\Users\fam.hotz\AppData\LocalLow\Sun\Java\Deployment\cache
%APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
ipconfig /flushdns /c
:Commands
[emptytemp]

Schließe alle Programme.
Klicke auf den Fix Button.
Wenn OTL einen Neustart verlangt, bitte zulassen.
Kopiere den Inhalt des Logfiles hier in Code-Tags in Deinen Thread.
Nachträglich kannst Du das Logfile hier einsehen => C:\_OTL\MovedFiles\<datum_nummer.log>

Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!

2. Schritt

Bitte einen Vollscan mit Malwarebytes Anti-Malware machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Malwarebytes Anti-Malware
- Anwendbar auf Windows 2000, XP, Vista und 7.
- Installiere das Programm in den vorgegebenen Pfad.
- Aktualisiere die Datenbank!
- Aktiviere "Komplett Scan durchführen" => Scan.
- Wähle alle verfügbaren Laufwerke (ausser CD/DVD) aus und starte den Scan.
- Funde bitte löschen lassen oder in Quarantäne.
- Wenn der Scan beendet ist, klicke auf "Zeige Resultate".

danach:

3. Schritt

Downloade Dir bitte AdwCleaner auf deinen Desktop.

Starte die adwcleaner.exe mit einem Doppelklick.
Klicke auf Search.
Nach Ende des Suchlaufs öffnet sich eine Textdatei.
Poste mir den Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner[R1].txt.

4. Schritt

Schließe alle offenen Programme und Browser.
Starte die adwcleaner.exe mit einem Doppelklick.
Klicke auf Delete.
Bestätige jeweils mit Ok.
Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
Poste mir den Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner[S1].txt.

small.ville · 27.09.2012, 14:29

Schritt 1:
All processes killed
========== OTL ==========
Service Application Updater stopped successfully!
Service Application Updater deleted successfully!
C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe moved successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064}\ deleted successfully.
File move failed. c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll scheduled to be moved on reboot.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{B922D405-6D13-4A2B-AE89-08A030DA4402} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B922D405-6D13-4A2B-AE89-08A030DA4402}\ deleted successfully.
C:\Program Files (x86)\pdfforge Toolbar\IE\6.3\pdfforgeToolbarIE.dll moved successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{ebd898f8-fcf6-4694-bc3b-eabc7271eeb1} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ebd898f8-fcf6-4694-bc3b-eabc7271eeb1}\ not found.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{1AC28B20-DD3B-4A03-B44F-B584B7E67FFC}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1AC28B20-DD3B-4A03-B44F-B584B7E67FFC}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{3B814CBA-94E0-493A-A038-5CF47AB2BB02}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3B814CBA-94E0-493A-A038-5CF47AB2BB02}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{41E4B982-D06A-42B2-9AB2-B2D2C6CEED9C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{41E4B982-D06A-42B2-9AB2-B2D2C6CEED9C}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{4D4E3716-44C4-45DF-A426-8486821ACF66}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4D4E3716-44C4-45DF-A426-8486821ACF66}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{57DC605D-72D2-4B9B-A6B9-72591D256296}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{57DC605D-72D2-4B9B-A6B9-72591D256296}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{89537AE7-A8E6-42B1-838D-AFC59299DB05}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{89537AE7-A8E6-42B1-838D-AFC59299DB05}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{C756805E-8A03-4BAB-83D6-A588AFEC85A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C756805E-8A03-4BAB-83D6-A588AFEC85A7}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D292DBF8-231A-4BE5-9C1F-923D05EE14C9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D292DBF8-231A-4BE5-9C1F-923D05EE14C9}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D52DA9F3-DFFF-410C-808C-1B7FB7D2F2F1}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D52DA9F3-DFFF-410C-808C-1B7FB7D2F2F1}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{F3FDFC3E-81F9-4E7F-8833-D47E6C3246CD}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F3FDFC3E-81F9-4E7F-8833-D47E6C3246CD}\ not found.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
Prefs.js: "Search the web (Babylon)" removed from browser.search.defaultenginename
Prefs.js: "MyVideo-Websuche " removed from browser.search.defaultthis.engineName
Prefs.js: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2508583&SearchSource=3&q={searchTerms}" removed from browser.search.defaulturl
Prefs.js: "Search the web (Babylon)" removed from browser.search.order.1
Prefs.js: "chr-greentree_ff&type=302398&ilc=12" removed from browser.search.param.yahoo-fr
Prefs.js: "Sichere Suche" removed from browser.search.selectedEngine
Prefs.js: false removed from browser.search.suggest.enabled
Prefs.js: true removed from browser.search.useDBForOrder
Prefs.js: "www.web.de" removed from browser.startup.homepage
Prefs.js: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.4.8.20120412011105 removed from extensions.enabledAddons
Prefs.js: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:6.2.0.10687 removed from extensions.enabledAddons
Prefs.js: toolbar@web.de:2.2.2 removed from extensions.enabledAddons
Prefs.js: pdfforge@mybrowserbar.com:6.3 removed from extensions.enabledAddons
Prefs.js: wtxpcom@mybrowserbar.com:6.3 removed from extensions.enabledAddons
Prefs.js: {4ED1F68A-5463-4931-9384-8FFF5ED91D92}:3.5.0 removed from extensions.enabledAddons
Prefs.js: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 removed from extensions.enabledItems
Prefs.js: pdfforge@mybrowserbar.com:4.3 removed from extensions.enabledItems
Prefs.js: wtxpcom@mybrowserbar.com:4.3 removed from extensions.enabledItems
Prefs.js: toolbar@web.de:1.5.1 removed from extensions.enabledItems
Prefs.js: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.3 removed from extensions.enabledItems
Prefs.js: "hxxp://de.search.yahoo.com/search?fr=mcafee&p=" removed from keyword.URL
Prefs.js: 0 removed from network.proxy.type
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@adobe.com/FlashPlayer\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{27B4851A-3207-45A2-B947-BE8AFE6163AB}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{27B4851A-3207-45A2-B947-BE8AFE6163AB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B922D405-6D13-4A2B-AE89-08A030DA4402}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B922D405-6D13-4A2B-AE89-08A030DA4402}\ not found.
File C:\Program Files (x86)\pdfforge Toolbar\IE\6.3\pdfforgeToolbarIE.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{B922D405-6D13-4A2B-AE89-08A030DA4402} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B922D405-6D13-4A2B-AE89-08A030DA4402}\ not found.
File C:\Program Files (x86)\pdfforge Toolbar\IE\6.3\pdfforgeToolbarIE.dll not found.
64bit-Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{C424171E-592A-415A-9EB1-DFD6D95D3530} deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C424171E-592A-415A-9EB1-DFD6D95D3530}\ deleted successfully.
C:\Programme\WEB.DE Toolbar\IE\uitb.dll moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{C424171E-592A-415A-9EB1-DFD6D95D3530} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C424171E-592A-415A-9EB1-DFD6D95D3530}\ deleted successfully.
C:\Program Files (x86)\WEB.DE Toolbar\IE\uitb.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SearchSettings deleted successfully.
C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\RESTART_STICKY_NOTES not found.
File move failed. C:\Users\fam.hotz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk scheduled to be moved on reboot.
File C:\ProgramData\lsass.exe not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableLUA deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\PromptOnSecureDesktop deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Nach Microsoft E&xel exportieren\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Nach Microsoft E&xel exportieren\ not found.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5bc1a5d2-bd9c-11e0-a917-705ab6ba7be1}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5bc1a5d2-bd9c-11e0-a917-705ab6ba7be1}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5bc1a5d2-bd9c-11e0-a917-705ab6ba7be1}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5bc1a5d2-bd9c-11e0-a917-705ab6ba7be1}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{63dbbe7a-8ca8-11df-889f-705ab6ba7be1}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{63dbbe7a-8ca8-11df-889f-705ab6ba7be1}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{63dbbe7a-8ca8-11df-889f-705ab6ba7be1}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{63dbbe7a-8ca8-11df-889f-705ab6ba7be1}\ not found.
File F:\iStudio.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7781b660-e298-11df-b463-705ab6ba7be1}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7781b660-e298-11df-b463-705ab6ba7be1}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7781b660-e298-11df-b463-705ab6ba7be1}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7781b660-e298-11df-b463-705ab6ba7be1}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7781b662-e298-11df-b463-705ab6ba7be1}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7781b662-e298-11df-b463-705ab6ba7be1}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7781b662-e298-11df-b463-705ab6ba7be1}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7781b662-e298-11df-b463-705ab6ba7be1}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{be83448f-d91e-11df-8c75-705ab6ba7be1}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{be83448f-d91e-11df-8c75-705ab6ba7be1}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{be83448f-d91e-11df-8c75-705ab6ba7be1}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{be83448f-d91e-11df-8c75-705ab6ba7be1}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{be834494-d91e-11df-8c75-705ab6ba7be1}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{be834494-d91e-11df-8c75-705ab6ba7be1}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{be834494-d91e-11df-8c75-705ab6ba7be1}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{be834494-d91e-11df-8c75-705ab6ba7be1}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{be8344a9-d91e-11df-8c75-705ab6ba7be1}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{be8344a9-d91e-11df-8c75-705ab6ba7be1}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{be8344a9-d91e-11df-8c75-705ab6ba7be1}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{be8344a9-d91e-11df-8c75-705ab6ba7be1}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{be8344ad-d91e-11df-8c75-705ab6ba7be1}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{be8344ad-d91e-11df-8c75-705ab6ba7be1}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{be8344ad-d91e-11df-8c75-705ab6ba7be1}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{be8344ad-d91e-11df-8c75-705ab6ba7be1}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dc06b9a5-c0e9-11e0-9a89-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{dc06b9a5-c0e9-11e0-9a89-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dc06b9a5-c0e9-11e0-9a89-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{dc06b9a5-c0e9-11e0-9a89-806e6f6e6963}\ not found.
File F:\AutoRun.exe not found.
C:\ProgramData\dsgsdgdsgdsgw.pad moved successfully.
File C:\Users\fam.hotz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk not found.
C:\Users\fam.hotz\AppData\Roaming\mozilla\firefox\profiles\vxmgl5z7.default\searchplugins\11-suche.xml moved successfully.
C:\Users\fam.hotz\AppData\Roaming\mozilla\firefox\profiles\vxmgl5z7.default\searchplugins\englische-ergebnisse.xml moved successfully.
C:\Users\fam.hotz\AppData\Roaming\mozilla\firefox\profiles\vxmgl5z7.default\searchplugins\gmx-suche.xml moved successfully.
C:\Users\fam.hotz\AppData\Roaming\mozilla\firefox\profiles\vxmgl5z7.default\searchplugins\lastminute.xml moved successfully.
C:\Users\fam.hotz\AppData\Roaming\mozilla\firefox\profiles\vxmgl5z7.default\searchplugins\conduit.xml moved successfully.
C:\Users\fam.hotz\AppData\Roaming\mozilla\firefox\profiles\vxmgl5z7.default\searchplugins\webde-suche.xml moved successfully.
C:\Users\fam.hotz\AppData\Roaming\mozilla\Firefox\Profiles\vxmgl5z7.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\META-INF folder moved successfully.
C:\Users\fam.hotz\AppData\Roaming\mozilla\Firefox\Profiles\vxmgl5z7.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\defaults\preferences folder moved successfully.
C:\Users\fam.hotz\AppData\Roaming\mozilla\Firefox\Profiles\vxmgl5z7.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\defaults folder moved successfully.
C:\Users\fam.hotz\AppData\Roaming\mozilla\Firefox\Profiles\vxmgl5z7.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\components folder moved successfully.
C:\Users\fam.hotz\AppData\Roaming\mozilla\Firefox\Profiles\vxmgl5z7.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\chrome folder moved successfully.
C:\Users\fam.hotz\AppData\Roaming\mozilla\Firefox\Profiles\vxmgl5z7.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} folder moved successfully.
C:\Users\fam.hotz\AppData\Roaming\mozilla\Firefox\Profiles\vxmgl5z7.default\extensions folder moved successfully.
C:\PROGRAM FILES (X86)\COMMON FILES\SPIGOT\WTXPCOM\components folder moved successfully.
C:\PROGRAM FILES (X86)\COMMON FILES\SPIGOT\WTXPCOM\chrome\content folder moved successfully.
C:\PROGRAM FILES (X86)\COMMON FILES\SPIGOT\WTXPCOM\chrome folder moved successfully.
C:\PROGRAM FILES (X86)\COMMON FILES\SPIGOT\WTXPCOM folder moved successfully.
C:\PROGRAM FILES (X86)\PDFFORGE TOOLBAR\FF\chrome folder moved successfully.
C:\PROGRAM FILES (X86)\PDFFORGE TOOLBAR\FF folder moved successfully.
C:\Program Files (x86)\Common Files\Spigot\Search Settings\Res folder moved successfully.
C:\Program Files (x86)\Common Files\Spigot\Search Settings\Lang folder moved successfully.
C:\Program Files (x86)\Common Files\Spigot\Search Settings folder moved successfully.
C:\Program Files (x86)\Common Files\Spigot folder moved successfully.
C:\Program Files (x86)\pdfforge Toolbar\Res\Lang folder moved successfully.
C:\Program Files (x86)\pdfforge Toolbar\Res folder moved successfully.
C:\Program Files (x86)\pdfforge Toolbar\IE\6.3 folder moved successfully.
C:\Program Files (x86)\pdfforge Toolbar\IE folder moved successfully.
C:\Program Files (x86)\pdfforge Toolbar folder moved successfully.
C:\Program Files (x86)\Application Updater folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\searchplugins\amazondotcom-de.xml moved successfully.
C:\Program Files (x86)\Mozilla Firefox\searchplugins\bing.xml moved successfully.
C:\Program Files (x86)\Mozilla Firefox\searchplugins\eBay-de.xml moved successfully.
C:\Program Files (x86)\Mozilla Firefox\searchplugins\leo_ende_de.xml moved successfully.
C:\Program Files (x86)\Mozilla Firefox\searchplugins\wikipedia-de.xml moved successfully.
C:\Program Files (x86)\Mozilla Firefox\searchplugins\yahoo-de.xml moved successfully.
C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml moved successfully.
C:\Users\fam.hotz\AppData\Roaming\Babylon folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\searchplugins\McSiteAdvisor.xml moved successfully.
C:\found.001\dir0000.chk folder moved successfully.
C:\found.001 folder moved successfully.
Folder move failed. C:\found.000\dir0000.chk\Windows\winsxs\x86_microsoft-windows-m..ac-ado-ddl-security_31bf3856ad364e35_6.1.7601.17857_none_b40dc7a79ec25084 scheduled to be moved on reboot.
Folder move failed. C:\found.000\dir0000.chk\Windows\winsxs\x86_microsoft-windows-ie-vgx_31bf3856ad364e35_9.4.8112.16421_none_05b6b429030148f7 scheduled to be moved on reboot.
Folder move failed. C:\found.000\dir0000.chk\Windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_9.4.8112.16448_none_6014af45a6d46afb scheduled to be moved on reboot.
Folder move failed. C:\found.000\dir0000.chk\Windows\winsxs\x86_microsoft-windows-ie-jscriptdebugui_31bf3856ad364e35_9.4.8112.16448_none_d2dd53c9e7f57787 scheduled to be moved on reboot.
Folder move failed. C:\found.000\dir0000.chk\Windows\winsxs\x86_microsoft-windows-ie-ieshims_31bf3856ad364e35_9.4.8112.16448_none_5ffe34e1b4893d8b scheduled to be moved on reboot.
Folder move failed. C:\found.000\dir0000.chk\Windows\winsxs\x86_microsoft-windows-ie-ieproxy_31bf3856ad364e35_9.4.8112.16448_none_a89fe94b64e0d71d scheduled to be moved on reboot.
Folder move failed. C:\found.000\dir0000.chk\Windows\winsxs\x86_microsoft-windows-ie-devtools_31bf3856ad364e35_9.4.8112.16448_none_541611bc5a2698df scheduled to be moved on reboot.
Folder move failed. C:\found.000\dir0000.chk\Windows\winsxs\wow64_microsoft-windows-t..tservices.resources_31bf3856ad364e35_6.1.7600.16385_de-de_cebab8bda770d150 scheduled to be moved on reboot.
Folder move failed. C:\found.000\dir0000.chk\Windows\winsxs\wow64_microsoft-windows-mulanttsvoicecommon_31bf3856ad364e35_6.1.7600.16385_none_48330de9affd2c5d scheduled to be moved on reboot.
Folder move failed. C:\found.000\dir0000.chk\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16448_none_179aa71bb4d435bd scheduled to be moved on reboot.
Folder move failed. C:\found.000\dir0000.chk\Windows\winsxs\wow64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_9.4.8112.16421_de-de_6865046bfd99819c scheduled to be moved on reboot.
Folder move failed. C:\found.000\dir0000.chk\Windows\winsxs scheduled to be moved on reboot.
Folder move failed. C:\found.000\dir0000.chk\Windows scheduled to be moved on reboot.
C:\found.000\dir0000.chk\Program Files (x86)\Intel folder moved successfully.
C:\found.000\dir0000.chk\Program Files (x86) folder moved successfully.
Folder move failed. C:\found.000\dir0000.chk scheduled to be moved on reboot.
C:\found.000 folder moved successfully.
C:\Program Files (x86)\Conduit\Community Alerts folder moved successfully.
C:\Program Files (x86)\Conduit folder moved successfully.
C:\Users\fam.hotz\AppData\Local\Conduit folder moved successfully.
========== FILES ==========
File\Folder C:\ProgramData\*.exe not found.
File\Folder C:\ProgramData\TEMP not found.
File\Folder C:\Users\fam.hotz\*.tmp not found.
C:\Users\fam.hotz\AppData\Local\{07D2FBAF-5444-43EC-94E8-8772A063EA81} moved successfully.
C:\Users\fam.hotz\AppData\Local\{0F27CF04-A82D-4EF2-A1F7-13DD953F196C} moved successfully.
C:\Users\fam.hotz\AppData\Local\{0FF97598-4DE1-4672-B294-EFC9521C2DA5} moved successfully.
C:\Users\fam.hotz\AppData\Local\{1A51895A-3E2E-41B2-AA3C-953C19B3F1E5} moved successfully.
C:\Users\fam.hotz\AppData\Local\{2A5FBD17-720C-44DF-A595-93BA8EC7C776} moved successfully.
C:\Users\fam.hotz\AppData\Local\{2AAE9CF3-EA78-49F8-8D1A-9EE33C34DE79} moved successfully.
C:\Users\fam.hotz\AppData\Local\{2B12EAD3-4AB3-4672-A4AF-EEC354F38436} moved successfully.
C:\Users\fam.hotz\AppData\Local\{2FAB2DB4-7FEF-4000-BD2D-07C0F40BD690} moved successfully.
C:\Users\fam.hotz\AppData\Local\{3825E774-222A-446B-B2C8-70A61C5F5BF3} moved successfully.
C:\Users\fam.hotz\AppData\Local\{38947352-25D3-4376-A5A2-ED57328108B1} moved successfully.
C:\Users\fam.hotz\AppData\Local\{40FA243E-74DA-43FE-B1C1-B4A112852F54} moved successfully.
C:\Users\fam.hotz\AppData\Local\{4E249649-9FCD-4C36-BEE0-EC45182ECB67} moved successfully.
C:\Users\fam.hotz\AppData\Local\{664886EF-498D-4889-8889-1C91C7C38055} moved successfully.
C:\Users\fam.hotz\AppData\Local\{6693EF48-3245-459E-957A-25D64D6AE4CE} moved successfully.
C:\Users\fam.hotz\AppData\Local\{67BA7A90-D1F4-49DC-A6AE-D1EE36FAC7AA} moved successfully.
C:\Users\fam.hotz\AppData\Local\{7FADD4E8-EBA4-49A5-90C8-A908C8B6CA41} moved successfully.
C:\Users\fam.hotz\AppData\Local\{916DC63B-A9A8-447A-B0B8-CA1572A17472} moved successfully.
C:\Users\fam.hotz\AppData\Local\{9F08D340-2023-43FA-AD8A-7E0BC32CEBF8} moved successfully.
C:\Users\fam.hotz\AppData\Local\{ABF68612-47EB-4F14-9C2E-4EA7E201AC9D} moved successfully.
C:\Users\fam.hotz\AppData\Local\{B16B0C58-E3C3-4BEF-89A6-F9AD380635B2} moved successfully.
C:\Users\fam.hotz\AppData\Local\{B4FBFD58-F11E-4557-BEE0-A7BEFB46E778} moved successfully.
C:\Users\fam.hotz\AppData\Local\{BB94F024-764B-4E67-B466-86F2A4A56303} moved successfully.
C:\Users\fam.hotz\AppData\Local\{C4E4FA6D-6270-4D01-8D6C-0F5E3F8BA157} moved successfully.
C:\Users\fam.hotz\AppData\Local\{C629A7E3-3739-42E2-9582-030580276BA4} moved successfully.
C:\Users\fam.hotz\AppData\Local\{CA272593-DD18-4DE1-A538-9506827AABB6} moved successfully.
C:\Users\fam.hotz\AppData\Local\{CF3DD904-FAF4-4462-A388-AAFB21A9F08E} moved successfully.
C:\Users\fam.hotz\AppData\Local\{D730738C-90D5-4202-96C6-3B48E79C3E31} moved successfully.
C:\Users\fam.hotz\AppData\Local\{DDF20D14-7BAC-4C55-900F-D61E1E41D0E5} moved successfully.
C:\Users\fam.hotz\AppData\Local\{DE36EAD8-D607-4E34-8982-84D9030F181E} moved successfully.
C:\Users\fam.hotz\AppData\Local\{E0B853AF-7759-474F-9F77-2FBDC6254810} moved successfully.
C:\Users\fam.hotz\AppData\Local\{EEEC3750-5AC9-4F94-99F1-C45FF97197F3} moved successfully.
C:\Users\fam.hotz\AppData\Local\{F08FF2B6-4798-4F1B-9AB8-608A93DFF2EA} moved successfully.
C:\Users\fam.hotz\AppData\Local\Temp\COMAP.EXE moved successfully.
C:\Users\fam.hotz\AppData\Local\Temp\DataCard_Setup64.exe moved successfully.
C:\Users\fam.hotz\AppData\Local\Temp\firefoxjre_exe-1.exe moved successfully.
C:\Users\fam.hotz\AppData\Local\Temp\firefoxjre_exe-2.exe moved successfully.
C:\Users\fam.hotz\AppData\Local\Temp\firefoxjre_exe-3.exe moved successfully.
C:\Users\fam.hotz\AppData\Local\Temp\firefoxjre_exe-4.exe moved successfully.
C:\Users\fam.hotz\AppData\Local\Temp\firefoxjre_exe.exe moved successfully.
C:\Users\fam.hotz\AppData\Local\Temp\IPx64_1031.exe moved successfully.
C:\Users\fam.hotz\AppData\Local\Temp\ResetDevice.exe moved successfully.
C:\Users\fam.hotz\AppData\Local\Temp\SkypeSetup.exe moved successfully.
C:\Users\fam.hotz\AppData\Local\Temp\wusetup.exE moved successfully.
C:\Users\fam.hotz\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\tmp folder moved successfully.
C:\Users\fam.hotz\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\muffin folder moved successfully.
C:\Users\fam.hotz\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\host folder moved successfully.
C:\Users\fam.hotz\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9 folder moved successfully.
C:\Users\fam.hotz\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\8 folder moved successfully.
C:\Users\fam.hotz\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\7 folder moved successfully.
C:\Users\fam.hotz\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63 folder moved successfully.
C:\Users\fam.hotz\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62 folder moved successfully.
C:\Users\fam.hotz\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61 folder moved successfully.
C:\Users\fam.hotz\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\60 folder moved successfully.
C:\Users\fam.hotz\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6 folder moved successfully.
C:\Users\fam.hotz\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59 folder moved successfully.
C:\Users\fam.hotz\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58 folder moved successfully.
C:\Users\fam.hotz\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57 folder moved successfully.
C:\Users\fam.hotz\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\56 folder moved successfully.
C:\Users\fam.hotz\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55 folder moved successfully.
C:\Users\fam.hotz\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54 folder moved successfully.
C:\Users\fam.hotz\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53 folder moved successfully.
C:\Users\fam.hotz\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52 folder moved successfully.
C:\Users\fam.hotz\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\51 folder moved successfully.
C:\Users\fam.hotz\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50 folder moved successfully.
C:\Users\fam.hotz\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5 folder moved successfully.
C:\Users\fam.hotz\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49 folder moved successfully.
C:\Users\fam.hotz\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48 folder moved successfully.
C:\Users\fam.hotz\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47 folder moved successfully.
C:\Users\fam.hotz\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46 folder moved successfully.
C:\Users\fam.hotz\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\45 folder moved successfully.
C:\Users\fam.hotz\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44 folder moved successfully.
C:\Users\fam.hotz\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43 folder moved successfully.
C:\Users\fam.hotz\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\42 folder moved successfully.
C:\Users\fam.hotz\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41 folder moved successfully.
C:\Users\fam.hotz\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\40 folder moved successfully.
C:\Users\fam.hotz\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\4 folder moved successfully.
C:\Users\fam.hotz\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\39 folder moved successfully.
C:\Users\fam.hotz\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38 folder moved successfully.
C:\Users\fam.hotz\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\37 folder moved successfully.
C:\Users\fam.hotz\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36 folder moved successfully.
C:\Users\fam.hotz\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35 folder moved successfully.
C:\Users\fam.hotz\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34 folder moved successfully.
C:\Users\fam.hotz\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33 folder moved successfully.
C:\Users\fam.hotz\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32 folder moved successfully.
C:\Users\fam.hotz\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31 folder moved successfully.
C:\Users\fam.hotz\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\30 folder moved successfully.
C:\Users\fam.hotz\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\3 folder moved successfully.
C:\Users\fam.hotz\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29 folder moved successfully.
C:\Users\fam.hotz\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28 folder moved successfully.
C:\Users\fam.hotz\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27 folder moved successfully.
C:\Users\fam.hotz\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26 folder moved successfully.
C:\Users\fam.hotz\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25 folder moved successfully.
C:\Users\fam.hotz\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\24 folder moved successfully.
C:\Users\fam.hotz\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\23 folder moved successfully.
C:\Users\fam.hotz\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22 folder moved successfully.
C:\Users\fam.hotz\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21 folder moved successfully.
C:\Users\fam.hotz\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20 folder moved successfully.
C:\Users\fam.hotz\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2 folder moved successfully.
C:\Users\fam.hotz\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\19 folder moved successfully.
C:\Users\fam.hotz\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18 folder moved successfully.
C:\Users\fam.hotz\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17 folder moved successfully.
C:\Users\fam.hotz\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16 folder moved successfully.
C:\Users\fam.hotz\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15 folder moved successfully.
C:\Users\fam.hotz\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\14 folder moved successfully.
C:\Users\fam.hotz\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\13 folder moved successfully.
C:\Users\fam.hotz\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12 folder moved successfully.
C:\Users\fam.hotz\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\11 folder moved successfully.
C:\Users\fam.hotz\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10 folder moved successfully.
C:\Users\fam.hotz\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1 folder moved successfully.
C:\Users\fam.hotz\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0 folder moved successfully.
C:\Users\fam.hotz\AppData\LocalLow\Sun\Java\Deployment\cache\6.0 folder moved successfully.
C:\Users\fam.hotz\AppData\LocalLow\Sun\Java\Deployment\cache folder moved successfully.
File/Folder C:\Users\fam.hotz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk not found.
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\fam.hotz\Desktop\cmd.bat deleted successfully.
C:\Users\fam.hotz\Desktop\cmd.txt deleted successfully.
File\Folder :Commands not found.
File\Folder [emptytemp] not found.

OTL by OldTimer - Version 3.2.69.0 log created on 09272012_151556

Files\Folders moved on Reboot...
File move failed. c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll scheduled to be moved on reboot.
File\Folder C:\Users\fam.hotz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk not found!
File\Folder C:\found.000\dir0000.chk\Windows\winsxs\x86_microsoft-windows-m..ac-ado-ddl-security_31bf3856ad364e35_6.1.7601.17857_none_b40dc7a79ec25084 not found!
File\Folder C:\found.000\dir0000.chk\Windows\winsxs\x86_microsoft-windows-ie-vgx_31bf3856ad364e35_9.4.8112.16421_none_05b6b429030148f7 not found!
File\Folder C:\found.000\dir0000.chk\Windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_9.4.8112.16448_none_6014af45a6d46afb not found!
File\Folder C:\found.000\dir0000.chk\Windows\winsxs\x86_microsoft-windows-ie-jscriptdebugui_31bf3856ad364e35_9.4.8112.16448_none_d2dd53c9e7f57787 not found!
File\Folder C:\found.000\dir0000.chk\Windows\winsxs\x86_microsoft-windows-ie-ieshims_31bf3856ad364e35_9.4.8112.16448_none_5ffe34e1b4893d8b not found!
File\Folder C:\found.000\dir0000.chk\Windows\winsxs\x86_microsoft-windows-ie-ieproxy_31bf3856ad364e35_9.4.8112.16448_none_a89fe94b64e0d71d not found!
File\Folder C:\found.000\dir0000.chk\Windows\winsxs\x86_microsoft-windows-ie-devtools_31bf3856ad364e35_9.4.8112.16448_none_541611bc5a2698df not found!
File\Folder C:\found.000\dir0000.chk\Windows\winsxs\wow64_microsoft-windows-t..tservices.resources_31bf3856ad364e35_6.1.7600.16385_de-de_cebab8bda770d150 not found!
File\Folder C:\found.000\dir0000.chk\Windows\winsxs\wow64_microsoft-windows-mulanttsvoicecommon_31bf3856ad364e35_6.1.7600.16385_none_48330de9affd2c5d not found!
File\Folder C:\found.000\dir0000.chk\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16448_none_179aa71bb4d435bd not found!
File\Folder C:\found.000\dir0000.chk\Windows\winsxs\wow64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_9.4.8112.16421_de-de_6865046bfd99819c not found!
File\Folder C:\found.000\dir0000.chk\Windows\winsxs not found!
File\Folder C:\found.000\dir0000.chk\Windows not found!
File\Folder C:\found.000\dir0000.chk not found!

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

# AdwCleaner v2.003 - Datei am 09/27/2012 um 17:22:16 erstellt
# Aktualisiert am 23/09/2012 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : fam.hotz - FAMHOTZ-TOSH
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\fam.hotz\Desktop\adwcleaner.exe
# Option [Löschen]

**** [Dienste] ****

***** [Dateien / Ordner] *****

Datei Gelöscht : C:\user.js
Ordner Gelöscht : C:\ProgramData\Babylon
Ordner Gelöscht : C:\ProgramData\Partner
Ordner Gelöscht : C:\ProgramData\Trymedia
Ordner Gelöscht : C:\Users\fam.hotz\AppData\LocalLow\BabylonToolbar
Ordner Gelöscht : C:\Users\fam.hotz\AppData\LocalLow\Conduit
Ordner Gelöscht : C:\Users\fam.hotz\AppData\LocalLow\pdfforge
Ordner Gelöscht : C:\Users\fam.hotz\AppData\LocalLow\PriceGong
Ordner Gelöscht : C:\Users\fam.hotz\AppData\LocalLow\Search Settings
Ordner Gelöscht : C:\Users\fam.hotz\AppData\Roaming\Mozilla\Firefox\Profiles\vxmgl5z7.default\Conduit
Ordner Gelöscht : C:\Users\FAM~1.HOT\AppData\Local\Temp\BabylonToolbar

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\pdfforge
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\PriceGong
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Search Settings
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\SmartBar
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{B922D405-6D13-4A2B-AE89-08A030DA4402}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B922D405-6D13-4A2B-AE89-08A030DA4402}
Schlüssel Gelöscht : HKCU\Software\pdfforge
Schlüssel Gelöscht : HKCU\Software\Search Settings
Schlüssel Gelöscht : HKLM\Software\Babylon
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT3196716
Schlüssel Gelöscht : HKLM\Software\Conduit
Schlüssel Gelöscht : HKLM\Software\pdfforge
Schlüssel Gelöscht : HKLM\Software\Search Settings
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{BFE569F7-646C-4512-969B-9BE3E580D393}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}
Schlüssel Gelöscht : HKLM\SOFTWARE\Software

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16421

Wiederhergestellt : [HKCU\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKCU\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]

-\\ Mozilla Firefox v13.0.1 (de)

Profilname : default
Datei : C:\Users\fam.hotz\AppData\Roaming\Mozilla\Firefox\Profiles\vxmgl5z7.default\prefs.js

C:\Users\fam.hotz\AppData\Roaming\Mozilla\Firefox\Profiles\vxmgl5z7.default\user.js ... Gelöscht !

Gelöscht : user_pref("CT2508583.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Gelöscht : user_pref("CT2508583.CTID", "CT2508583");
Gelöscht : user_pref("CT2508583.CurrentServerDate", "1-11-2010");
Gelöscht : user_pref("CT2508583.DialogsAlignMode", "LTR");
Gelöscht : user_pref("CT2508583.DownloadReferralCookieData", "{\"BannerName\":\"\",\"BannerTypeId\":\"\",\"Bann[...]
Gelöscht : user_pref("CT2508583.FeedLastCount129086521209375069", 40);
Gelöscht : user_pref("CT2508583.FeedLastCount129158248553443272", 0);
Gelöscht : user_pref("CT2508583.FeedPollDate129086521210625102", "Sun Oct 31 2010 22:40:43 GMT+0100");
Gelöscht : user_pref("CT2508583.FeedPollDate129158248553443272", "Sun Oct 31 2010 22:40:42 GMT+0100");
Gelöscht : user_pref("CT2508583.FeedTTL129086521210625102", 40);
Gelöscht : user_pref("CT2508583.FirstServerDate", "11-7-2010");
Gelöscht : user_pref("CT2508583.FirstTime", true);
Gelöscht : user_pref("CT2508583.FirstTimeFF3", true);
Gelöscht : user_pref("CT2508583.FirstTimeSettingsDone", true);
Gelöscht : user_pref("CT2508583.FixPageNotFoundErrors", true);
Gelöscht : user_pref("CT2508583.GroupingServerCheckInterval", 1440);
Gelöscht : user_pref("CT2508583.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Gelöscht : user_pref("CT2508583.Initialize", true);
Gelöscht : user_pref("CT2508583.InitializeCommonPrefs", true);
Gelöscht : user_pref("CT2508583.InstallationAndCookieDataSentCount", 2);
Gelöscht : user_pref("CT2508583.InstalledDate", "Sun Jul 11 2010 12:13:56 GMT+0200");
Gelöscht : user_pref("CT2508583.IsGrouping", false);
Gelöscht : user_pref("CT2508583.IsMulticommunity", false);
Gelöscht : user_pref("CT2508583.IsOpenThankYouPage", true);
Gelöscht : user_pref("CT2508583.IsOpenUninstallPage", true);
Gelöscht : user_pref("CT2508583.LanguagePackLastCheckTime", "Sun Oct 31 2010 22:40:43 GMT+0100");
Gelöscht : user_pref("CT2508583.LanguagePackReloadIntervalMM", 1440);
Gelöscht : user_pref("CT2508583.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Gelöscht : user_pref("CT2508583.LastLogin_2.7.1.3", "Sun Oct 31 2010 22:40:43 GMT+0100");
Gelöscht : user_pref("CT2508583.LatestVersion", "2.7.2.0");
Gelöscht : user_pref("CT2508583.Locale", "de");
Gelöscht : user_pref("CT2508583.LoginCache", 4);
Gelöscht : user_pref("CT2508583.MCDetectTooltipHeight", "83");
Gelöscht : user_pref("CT2508583.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Gelöscht : user_pref("CT2508583.MCDetectTooltipWidth", "295");
Gelöscht : user_pref("CT2508583.SearchEngine", "Suchen||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TER[...]
Gelöscht : user_pref("CT2508583.SearchFromAddressBarIsInit", true);
Gelöscht : user_pref("CT2508583.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT250[...]
Gelöscht : user_pref("CT2508583.SearchInNewTabEnabled", true);
Gelöscht : user_pref("CT2508583.SearchInNewTabIntervalMM", 1440);
Gelöscht : user_pref("CT2508583.SearchInNewTabLastCheckTime", "Sun Oct 31 2010 22:40:42 GMT+0100");
Gelöscht : user_pref("CT2508583.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Gelöscht : user_pref("CT2508583.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageServic[...]
Gelöscht : user_pref("CT2508583.SettingsCheckIntervalMin", 120);
Gelöscht : user_pref("CT2508583.SettingsLastCheckTime", "Sun Oct 31 2010 22:40:42 GMT+0100");
Gelöscht : user_pref("CT2508583.SettingsLastUpdate", "1278064743");
Gelöscht : user_pref("CT2508583.ThirdPartyComponentsInterval", 504);
Gelöscht : user_pref("CT2508583.ThirdPartyComponentsLastCheck", "Sun Oct 31 2010 22:40:42 GMT+0100");
Gelöscht : user_pref("CT2508583.ThirdPartyComponentsLastUpdate", "1278064743");
Gelöscht : user_pref("CT2508583.TrusteLinkUrl", "hxxp://www.truste.org/pvr.php?page=validate&softwareProgramId=[...]
Gelöscht : user_pref("CT2508583.Uninstall", true);
Gelöscht : user_pref("CT2508583.UserID", "UN06247330271247364");
Gelöscht : user_pref("CT2508583.ValidationData_Toolbar", 2);
Gelöscht : user_pref("CT2508583.alertChannelId", "901598");
Gelöscht : user_pref("CT2508583.clientLogIsEnabled", true);
Gelöscht : user_pref("CT2508583.clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asm[...]
Gelöscht : user_pref("CT2508583.components.1000034", false);
Gelöscht : user_pref("CT2508583.myStuffEnabled", true);
Gelöscht : user_pref("CT2508583.myStuffPublihserMinWidth", 400);
Gelöscht : user_pref("CT2508583.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Gelöscht : user_pref("CT2508583.myStuffServiceIntervalMM", 1440);
Gelöscht : user_pref("CT2508583.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Gelöscht : user_pref("CT2508583.uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Reg[...]
Gelöscht : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "chrome://browser-region/locale/region.pr[...]
Gelöscht : user_pref("CommunityToolbar.ToolbarsList", "CT2508583");
Gelöscht : user_pref("CommunityToolbar.ToolbarsList2", "CT2508583");
Gelöscht : user_pref("CommunityToolbar.alert.alertInfoInterval", 60);
Gelöscht : user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Sun Jul 11 2010 13:13:55 GMT+0200");
Gelöscht : user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com");
Gelöscht : user_pref("CommunityToolbar.alert.locale", "en");
Gelöscht : user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);
Gelöscht : user_pref("CommunityToolbar.alert.loginLastCheckTime", "Sun Jul 11 2010 12:13:55 GMT+0200");
Gelöscht : user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1276093853");
Gelöscht : user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);
Gelöscht : user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");
Gelöscht : user_pref("CommunityToolbar.alert.showTrayIcon", false);
Gelöscht : user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);
Gelöscht : user_pref("CommunityToolbar.alert.userId", "{063d6464-ee23-42e6-ada8-244af49898d2}");
Gelöscht : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT2508583");
Gelöscht : user_pref("CommunityToolbar.twitter.user_47593578.LastCheckTime", "Mon Nov 01 2010 12:09:34 GMT+0100[...]
Gelöscht : user_pref("browser.babylon.HPOnNewTab", "search.babylon.com");
Gelöscht : user_pref("browser.newtab.url", "hxxp://search.babylon.com/?affID=107738&tt=2912_3&babsrc=NT_ss&mntr[...]
Gelöscht : user_pref("extensions.BabylonToolbar_i.aflt", "babsst");
Gelöscht : user_pref("extensions.BabylonToolbar_i.babExt", "");
Gelöscht : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=107738&tt=2912_3");
Gelöscht : user_pref("extensions.BabylonToolbar_i.hardId", "844424a3000000000000701a04df3150");
Gelöscht : user_pref("extensions.BabylonToolbar_i.id", "844424a3000000000000701a04df3150");
Gelöscht : user_pref("extensions.BabylonToolbar_i.instlDay", "15540");
Gelöscht : user_pref("extensions.BabylonToolbar_i.instlRef", "sst");
Gelöscht : user_pref("extensions.BabylonToolbar_i.newTab", true);
Gelöscht : user_pref("extensions.BabylonToolbar_i.newTabUrl", "hxxp://search.babylon.com/?affID=107738&tt=2912_[...]
Gelöscht : user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar");
Gelöscht : user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon");
Gelöscht : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
Gelöscht : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
Gelöscht : user_pref("extensions.BabylonToolbar_i.tlbrId", "base");
Gelöscht : user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17");
Gelöscht : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.1710:47:43");
Gelöscht : user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17");

*************************

AdwCleaner[S1].txt - [13038 octets] - [27/09/2012 17:22:16]

########## EOF - C:\AdwCleaner[S1].txt - [13099 octets] ##########

small.ville · 30.09.2012, 18:55

Hallo, Danke nochmal für die Hilfe. Jetzt dachte ich, es ist alles ok, gerade habe ich bemerkt, dass alle meine Ordner "schreibgeschützt" sind. Wie krieg ich das wieder weg?

t'john · 30.09.2012, 19:26

Bitte das Malwarebytes Logfile posten!
(Reiter Logberichte)

small.ville · 30.09.2012, 21:05

Ist das das Richtige?

Malwarebytes Anti-Malware (Test) 1.65.0.1400
Malwarebytes : Free Anti-Malware download

Datenbank Version: v2012.09.30.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
fam.hotz :: FAMHOTZ-TOSH [Administrator]

Schutz: Aktiviert

30.09.2012 20:04:09
mbam-log-2012-09-30 (20-04-09).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 245765
Laufzeit: 14 Minute(n), 39 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

t'john · 01.10.2012, 10:42

Sehr gut!

Welche Ordner sind geschuetzt?

Malware-Scan mit Emsisoft Anti-Malware

Lade die Gratisversion von => Emsisoft Anti-Malware herunter und installiere das Programm.
Lade über Jetzt Updaten die aktuellen Signaturen herunter.
Wähle den Freeware-Modus aus.

Wähle Detail Scan und starte über den Button Scan die Überprüfung des Computers.
Am Ende des Scans nichts loeschen lassen!. Mit Klick auf Bericht speichern das Logfile auf dem Desktop speichern und hier in den Thread posten.

Anleitung: http://www.trojaner-board.de/103809-...i-malware.html

small.ville · 01.10.2012, 12:05

\\FAMHOTZ-TOSH\Users\Dokumente

t'john · 01.10.2012, 17:28

Das ist eine Netzadresse und kein Pfad.
Von wo aus sind sie schreibgeschuetzt?

Bitte mit Emsisoft weitermachen

small.ville · 02.10.2012, 05:23

Emsisoft Anti-Malware - Version 7.0
Letztes Update: 01.10.2012 20:59:08

Scan Einstellungen:

Scan Methode: Detail Scan
Objekte: Rootkits, Speicher, Traces, C:\, D:\

Riskware-Erkennung: Aus
Archiv Scan: An
ADS Scan: An
Dateitypen-Filter: Aus
Erweitertes Caching: An
Direkter Festplattenzugriff: Aus

Scan Beginn: 01.10.2012 21:01:18

C:\Program Files (x86)\Corel\DVD MovieFactory for TOSHIBA\Corel DVD MovieFactory\SQPlus.dll gefunden: Packer.Win32.Themida (A)
C:\Users\fam.hotz\AppData\Local\Temp\jar_cache4490746036129779656.tmp gefunden: Gen:Variant.Kazy.53625 (B)

Gescannt 516053
Gefunden 2

Scan Ende: 01.10.2012 23:02:45
Scan Zeit: 2:01:27

C:\Users\fam.hotz\AppData\Local\Temp\jar_cache4490746036129779656.tmp Quarantäne Gen:Variant.Kazy.53625 (B)
C:\Program Files (x86)\Corel\DVD MovieFactory for TOSHIBA\Corel DVD MovieFactory\SQPlus.dll Quarantäne Packer.Win32.Themida (A)

Quarantäne 2

t'john · 02.10.2012, 05:44

Sehr gut!

Deinstalliere:
Emsisoft Anti-Malware

ESET Online Scanner

Vorbereitung

Schließe evtl. vorhandene externe Festplatten und/oder sonstigen Wechselmedien (z. B. evtl. vorhandene USB-Sticks) an den Rechner an.
Bitte während des Online-Scans Anti-Virus-Programm und Firewall deaktivieren.
Vista/Win7-User: Bitte den Browser unbedingt als Administrator starten.

Los geht's

Lade und starte Eset Smartinstaller
Haken setzen bei YES, I accept the Terms of Use.
Klick auf Start.
Haken setzen bei Remove found threads und Scan archives.
Klick auf Start.
Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Finish drücken.
Browser schließen.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (manchmal auch C:\Programme\Eset\log.txt) suchen und mit Deinem Editor öffnen.
Logfile hier posten.
Deinstallation: Systemsteuerung => Software => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

small.ville · 02.10.2012, 12:34

Die Benutzerkontensteuerung fragt mich immer, ob ich zulassen möchte, dass durch das folgende Programm Änderungen voregenommen werden:

programmname: jucheck.exe
Herausgeber: Oracle America, inc.
Dateiursprung: Festplatte auf diesem computer

Drücke ich "ja" oder "nein"?

t'john · 02.10.2012, 17:30

Nein, noch nicht.

small.ville · 02.10.2012, 17:49

Der Scan läuft seit über 4 Stunden und hat schon 4 Threats gefunden..... und er ist immer noch nicht fertig!

t'john · 02.10.2012, 21:58

Zu langsamme, zu grosse oder zu volle Platte?

30.09.2012, 19:26	#5
t'john /// Helfer-Team	GVU-Trojaner Bitte das Malwarebytes Logfile posten! (Reiter Logberichte) __________________ Mfg, t'john Das TB unterstützen

01.10.2012, 17:28	#9
t'john /// Helfer-Team	GVU-Trojaner Das ist eine Netzadresse und kein Pfad. Von wo aus sind sie schreibgeschuetzt? Bitte mit Emsisoft weitermachen __________________ Mfg, t'john Das TB unterstützen

02.10.2012, 17:30	#13
t'john /// Helfer-Team	GVU-Trojaner Nein, noch nicht. __________________ Mfg, t'john Das TB unterstützen

02.10.2012, 21:58	#15
t'john /// Helfer-Team	GVU-Trojaner Zu langsamme, zu grosse oder zu volle Platte? __________________ Mfg, t'john Das TB unterstützen

30.09.2012, 18:55	#4
small.ville	GVU-Trojaner Hallo, Danke nochmal für die Hilfe. Jetzt dachte ich, es ist alles ok, gerade habe ich bemerkt, dass alle meine Ordner "schreibgeschützt" sind. Wie krieg ich das wieder weg?

01.10.2012, 12:05	#8
small.ville	GVU-Trojaner \\FAMHOTZ-TOSH\Users\Dokumente

02.10.2012, 12:34	#12
small.ville	GVU-Trojaner Die Benutzerkontensteuerung fragt mich immer, ob ich zulassen möchte, dass durch das folgende Programm Änderungen voregenommen werden: programmname: jucheck.exe Herausgeber: Oracle America, inc. Dateiursprung: Festplatte auf diesem computer Drücke ich "ja" oder "nein"?

02.10.2012, 17:49	#14
small.ville	GVU-Trojaner Der Scan läuft seit über 4 Stunden und hat schon 4 Threats gefunden..... und er ist immer noch nicht fertig!

GVU-Trojaner

Log-Analyse und Auswertung: GVU-Trojaner

GVU-Trojaner

GVU-Trojaner

GVU-Trojaner

GVU-Trojaner

GVU-Trojaner

GVU-Trojaner

GVU-Trojaner

GVU-Trojaner

GVU-Trojaner

GVU-Trojaner

GVU-Trojaner

GVU-Trojaner

GVU-Trojaner

GVU-Trojaner

GVU-Trojaner