GVU-Trojaner
 

Gestern habe ich bereits versucht über Kaspersky Windows Unlocker die Dateien unschädlich zu machen, leider vergeblich. Mittlerweile weiß ich, wie der Trojaner auf meinen Rechner gekommen ist. Ich bekam vor ca. 2 Wochen eine E-Mail von "McAfee", mit der Bitte ein Update runterzuladen. Das habe ich natürlich NICHT gemacht. Aber das Öffnen der Mail hat wohl schon ausgereicht...

Folgende Log-Datei habe ich soeben gespeichert. Ich weiß nicht, wie ich diese Dateien in die Quarantäne bekomme und wie ich nun weitermachen soll. Ich fühle mich mit dieser ganzen Situation etwas überfordert.

Malwarebytes Anti-Malware (Test) 1.65.0.1400
www.malwarebytes.org

Datenbank Version: v2012.09.27.05

Windows 7 Service Pack 1 x64 NTFS (Abgesichertenmodus/Netzwerkfähig)
Internet Explorer 9.0.8112.16421
fam.hotz :: FAMHOTZ-TOSH [Administrator]

Schutz: Deaktiviert

27.09.2012 13:17:24
mbam-log-2012-09-27 (13-33-20).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 223255
Laufzeit: 6 Minute(n), 2 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 4
C:\Users\fam.hotz\AppData\Local\Temp\wgsdgsdgdsgsd.exe (Spyware.Passwords) -> Keine Aktion durchgeführt.
C:\ProgramData\lsass.exe (Trojan.Delf) -> Keine Aktion durchgeführt.
C:\Users\fam.hotz\AppData\Local\Temp\0.5278125287568313.exe (Exploit.Drop.2) -> Keine Aktion durchgeführt.
C:\Users\fam.hotz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk (Trojan.Ransom.Gen) -> Keine Aktion durchgeführt.

(Ende)

OTL.txt:OTL Logfile:
--- --- ---

:hallo:

Die Bereinigung besteht aus mehreren Schritten, die ausgefuehrt werden muessen.
Diese Nacheinander abarbeiten und die 4 Logs, die dabei erstellt werden bitte in deine naechste Antwort einfuegen.

Sollte der OTL-FIX nicht richig durchgelaufen sein. Fahre nicht fort, sondern mede dies bitte.

1. Schritt

Fixen mit OTL

Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).

• Deaktiviere etwaige Virenscanner wie Avira, Kaspersky etc.
• Starte die OTL.exe.
  Vista- und Windows 7-User starten mit Rechtsklick auf das Programm-Icon und wählen "Als Administrator ausführen".
• Kopiere folgendes Skript in das Textfeld unterhalb von Benuterdefinierte Scans/Fixes:
• Der Fix fängt mit :OTL an. Vergewissere dich, dass du ihn richtig kopiert hast.

• Schließe alle Programme.
• Klicke auf den Fix Button.
• Wenn OTL einen Neustart verlangt, bitte zulassen.
• Kopiere den Inhalt des Logfiles hier in Code-Tags in Deinen Thread.
  Nachträglich kannst Du das Logfile hier einsehen => C:\_OTL\MovedFiles\<datum_nummer.log>

Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!



2. Schritt

Bitte einen Vollscan mit Malwarebytes Anti-Malware machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Malwarebytes Anti-Malware
- Anwendbar auf Windows 2000, XP, Vista und 7.
- Installiere das Programm in den vorgegebenen Pfad.
- Aktualisiere die Datenbank!
- Aktiviere "Komplett Scan durchführen" => Scan.
- Wähle alle verfügbaren Laufwerke (ausser CD/DVD) aus und starte den Scan.
- Funde bitte löschen lassen oder in Quarantäne.
- Wenn der Scan beendet ist, klicke auf "Zeige Resultate".

danach:

3. Schritt

Downloade Dir bitte AdwCleaner auf deinen Desktop.

• Starte die adwcleaner.exe mit einem Doppelklick.
• Klicke auf Search.
• Nach Ende des Suchlaufs öffnet sich eine Textdatei.
• Poste mir den Inhalt mit deiner nächsten Antwort.
• Die Logdatei findest du auch unter C:\AdwCleaner[R1].txt.

4. Schritt

• Schließe alle offenen Programme und Browser.
• Starte die adwcleaner.exe mit einem Doppelklick.
• Klicke auf Delete.
• Bestätige jeweils mit Ok.
• Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
• Poste mir den Inhalt mit deiner nächsten Antwort.
• Die Logdatei findest du auch unter C:\AdwCleaner[S1].txt.

Schritt 1:
All processes killed
========== OTL ==========
Service Application Updater stopped successfully!
Service Application Updater deleted successfully!
C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe moved successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064}\ deleted successfully.
File move failed. c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll scheduled to be moved on reboot.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{B922D405-6D13-4A2B-AE89-08A030DA4402} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B922D405-6D13-4A2B-AE89-08A030DA4402}\ deleted successfully.
C:\Program Files (x86)\pdfforge Toolbar\IE\6.3\pdfforgeToolbarIE.dll moved successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{ebd898f8-fcf6-4694-bc3b-eabc7271eeb1} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ebd898f8-fcf6-4694-bc3b-eabc7271eeb1}\ not found.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{1AC28B20-DD3B-4A03-B44F-B584B7E67FFC}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1AC28B20-DD3B-4A03-B44F-B584B7E67FFC}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{3B814CBA-94E0-493A-A038-5CF47AB2BB02}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3B814CBA-94E0-493A-A038-5CF47AB2BB02}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{41E4B982-D06A-42B2-9AB2-B2D2C6CEED9C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{41E4B982-D06A-42B2-9AB2-B2D2C6CEED9C}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{4D4E3716-44C4-45DF-A426-8486821ACF66}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4D4E3716-44C4-45DF-A426-8486821ACF66}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{57DC605D-72D2-4B9B-A6B9-72591D256296}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{57DC605D-72D2-4B9B-A6B9-72591D256296}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{89537AE7-A8E6-42B1-838D-AFC59299DB05}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{89537AE7-A8E6-42B1-838D-AFC59299DB05}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{C756805E-8A03-4BAB-83D6-A588AFEC85A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C756805E-8A03-4BAB-83D6-A588AFEC85A7}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D292DBF8-231A-4BE5-9C1F-923D05EE14C9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D292DBF8-231A-4BE5-9C1F-923D05EE14C9}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D52DA9F3-DFFF-410C-808C-1B7FB7D2F2F1}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D52DA9F3-DFFF-410C-808C-1B7FB7D2F2F1}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{F3FDFC3E-81F9-4E7F-8833-D47E6C3246CD}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F3FDFC3E-81F9-4E7F-8833-D47E6C3246CD}\ not found.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
Prefs.js: "Search the web (Babylon)" removed from browser.search.defaultenginename
Prefs.js: "MyVideo-Websuche " removed from browser.search.defaultthis.engineName
Prefs.js: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2508583&SearchSource=3&q={searchTerms}" removed from browser.search.defaulturl
Prefs.js: "Search the web (Babylon)" removed from browser.search.order.1
Prefs.js: "chr-greentree_ff&type=302398&ilc=12" removed from browser.search.param.yahoo-fr
Prefs.js: "Sichere Suche" removed from browser.search.selectedEngine
Prefs.js: false removed from browser.search.suggest.enabled
Prefs.js: true removed from browser.search.useDBForOrder
Prefs.js: "www.web.de" removed from browser.startup.homepage
Prefs.js: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.4.8.20120412011105 removed from extensions.enabledAddons
Prefs.js: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:6.2.0.10687 removed from extensions.enabledAddons
Prefs.js: toolbar@web.de:2.2.2 removed from extensions.enabledAddons
Prefs.js: pdfforge@mybrowserbar.com:6.3 removed from extensions.enabledAddons
Prefs.js: wtxpcom@mybrowserbar.com:6.3 removed from extensions.enabledAddons
Prefs.js: {4ED1F68A-5463-4931-9384-8FFF5ED91D92}:3.5.0 removed from extensions.enabledAddons
Prefs.js: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 removed from extensions.enabledItems
Prefs.js: pdfforge@mybrowserbar.com:4.3 removed from extensions.enabledItems
Prefs.js: wtxpcom@mybrowserbar.com:4.3 removed from extensions.enabledItems
Prefs.js: toolbar@web.de:1.5.1 removed from extensions.enabledItems
Prefs.js: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.3 removed from extensions.enabledItems
Prefs.js: "hxxp://de.search.yahoo.com/search?fr=mcafee&p=" removed from keyword.URL
Prefs.js: 0 removed from network.proxy.type
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@adobe.com/FlashPlayer\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{27B4851A-3207-45A2-B947-BE8AFE6163AB}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{27B4851A-3207-45A2-B947-BE8AFE6163AB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B922D405-6D13-4A2B-AE89-08A030DA4402}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B922D405-6D13-4A2B-AE89-08A030DA4402}\ not found.
File C:\Program Files (x86)\pdfforge Toolbar\IE\6.3\pdfforgeToolbarIE.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{B922D405-6D13-4A2B-AE89-08A030DA4402} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B922D405-6D13-4A2B-AE89-08A030DA4402}\ not found.
File C:\Program Files (x86)\pdfforge Toolbar\IE\6.3\pdfforgeToolbarIE.dll not found.
64bit-Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{C424171E-592A-415A-9EB1-DFD6D95D3530} deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C424171E-592A-415A-9EB1-DFD6D95D3530}\ deleted successfully.
C:\Programme\WEB.DE Toolbar\IE\uitb.dll moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{C424171E-592A-415A-9EB1-DFD6D95D3530} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C424171E-592A-415A-9EB1-DFD6D95D3530}\ deleted successfully.
C:\Program Files (x86)\WEB.DE Toolbar\IE\uitb.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SearchSettings deleted successfully.
C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\RESTART_STICKY_NOTES not found.
File move failed. C:\Users\fam.hotz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk scheduled to be moved on reboot.
File C:\ProgramData\lsass.exe not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableLUA deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\PromptOnSecureDesktop deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Nach Microsoft E&xel exportieren\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Nach Microsoft E&xel exportieren\ not found.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5bc1a5d2-bd9c-11e0-a917-705ab6ba7be1}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5bc1a5d2-bd9c-11e0-a917-705ab6ba7be1}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5bc1a5d2-bd9c-11e0-a917-705ab6ba7be1}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5bc1a5d2-bd9c-11e0-a917-705ab6ba7be1}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{63dbbe7a-8ca8-11df-889f-705ab6ba7be1}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{63dbbe7a-8ca8-11df-889f-705ab6ba7be1}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{63dbbe7a-8ca8-11df-889f-705ab6ba7be1}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{63dbbe7a-8ca8-11df-889f-705ab6ba7be1}\ not found.
File F:\iStudio.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7781b660-e298-11df-b463-705ab6ba7be1}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7781b660-e298-11df-b463-705ab6ba7be1}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7781b660-e298-11df-b463-705ab6ba7be1}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7781b660-e298-11df-b463-705ab6ba7be1}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7781b662-e298-11df-b463-705ab6ba7be1}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7781b662-e298-11df-b463-705ab6ba7be1}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7781b662-e298-11df-b463-705ab6ba7be1}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7781b662-e298-11df-b463-705ab6ba7be1}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{be83448f-d91e-11df-8c75-705ab6ba7be1}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{be83448f-d91e-11df-8c75-705ab6ba7be1}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{be83448f-d91e-11df-8c75-705ab6ba7be1}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{be83448f-d91e-11df-8c75-705ab6ba7be1}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{be834494-d91e-11df-8c75-705ab6ba7be1}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{be834494-d91e-11df-8c75-705ab6ba7be1}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{be834494-d91e-11df-8c75-705ab6ba7be1}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{be834494-d91e-11df-8c75-705ab6ba7be1}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{be8344a9-d91e-11df-8c75-705ab6ba7be1}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{be8344a9-d91e-11df-8c75-705ab6ba7be1}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{be8344a9-d91e-11df-8c75-705ab6ba7be1}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{be8344a9-d91e-11df-8c75-705ab6ba7be1}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{be8344ad-d91e-11df-8c75-705ab6ba7be1}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{be8344ad-d91e-11df-8c75-705ab6ba7be1}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{be8344ad-d91e-11df-8c75-705ab6ba7be1}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{be8344ad-d91e-11df-8c75-705ab6ba7be1}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dc06b9a5-c0e9-11e0-9a89-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{dc06b9a5-c0e9-11e0-9a89-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dc06b9a5-c0e9-11e0-9a89-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{dc06b9a5-c0e9-11e0-9a89-806e6f6e6963}\ not found.
File F:\AutoRun.exe not found.
C:\ProgramData\dsgsdgdsgdsgw.pad moved successfully.
File C:\Users\fam.hotz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk not found.
C:\Users\fam.hotz\AppData\Roaming\mozilla\firefox\profiles\vxmgl5z7.default\searchplugins\11-suche.xml moved successfully.
C:\Users\fam.hotz\AppData\Roaming\mozilla\firefox\profiles\vxmgl5z7.default\searchplugins\englische-ergebnisse.xml moved successfully.
C:\Users\fam.hotz\AppData\Roaming\mozilla\firefox\profiles\vxmgl5z7.default\searchplugins\gmx-suche.xml moved successfully.
C:\Users\fam.hotz\AppData\Roaming\mozilla\firefox\profiles\vxmgl5z7.default\searchplugins\lastminute.xml moved successfully.
C:\Users\fam.hotz\AppData\Roaming\mozilla\firefox\profiles\vxmgl5z7.default\searchplugins\conduit.xml moved successfully.
C:\Users\fam.hotz\AppData\Roaming\mozilla\firefox\profiles\vxmgl5z7.default\searchplugins\webde-suche.xml moved successfully.
C:\Users\fam.hotz\AppData\Roaming\mozilla\Firefox\Profiles\vxmgl5z7.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\META-INF folder moved successfully.
C:\Users\fam.hotz\AppData\Roaming\mozilla\Firefox\Profiles\vxmgl5z7.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\defaults\preferences folder moved successfully.
C:\Users\fam.hotz\AppData\Roaming\mozilla\Firefox\Profiles\vxmgl5z7.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\defaults folder moved successfully.
C:\Users\fam.hotz\AppData\Roaming\mozilla\Firefox\Profiles\vxmgl5z7.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\components folder moved successfully.
C:\Users\fam.hotz\AppData\Roaming\mozilla\Firefox\Profiles\vxmgl5z7.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\chrome folder moved successfully.
C:\Users\fam.hotz\AppData\Roaming\mozilla\Firefox\Profiles\vxmgl5z7.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} folder moved successfully.
C:\Users\fam.hotz\AppData\Roaming\mozilla\Firefox\Profiles\vxmgl5z7.default\extensions folder moved successfully.
C:\PROGRAM FILES (X86)\COMMON FILES\SPIGOT\WTXPCOM\components folder moved successfully.
C:\PROGRAM FILES (X86)\COMMON FILES\SPIGOT\WTXPCOM\chrome\content folder moved successfully.
C:\PROGRAM FILES (X86)\COMMON FILES\SPIGOT\WTXPCOM\chrome folder moved successfully.
C:\PROGRAM FILES (X86)\COMMON FILES\SPIGOT\WTXPCOM folder moved successfully.
C:\PROGRAM FILES (X86)\PDFFORGE TOOLBAR\FF\chrome folder moved successfully.
C:\PROGRAM FILES (X86)\PDFFORGE TOOLBAR\FF folder moved successfully.
C:\Program Files (x86)\Common Files\Spigot\Search Settings\Res folder moved successfully.
C:\Program Files (x86)\Common Files\Spigot\Search Settings\Lang folder moved successfully.
C:\Program Files (x86)\Common Files\Spigot\Search Settings folder moved successfully.
C:\Program Files (x86)\Common Files\Spigot folder moved successfully.
C:\Program Files (x86)\pdfforge Toolbar\Res\Lang folder moved successfully.
C:\Program Files (x86)\pdfforge Toolbar\Res folder moved successfully.
C:\Program Files (x86)\pdfforge Toolbar\IE\6.3 folder moved successfully.
C:\Program Files (x86)\pdfforge Toolbar\IE folder moved successfully.
C:\Program Files (x86)\pdfforge Toolbar folder moved successfully.
C:\Program Files (x86)\Application Updater folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\searchplugins\amazondotcom-de.xml moved successfully.
C:\Program Files (x86)\Mozilla Firefox\searchplugins\bing.xml moved successfully.
C:\Program Files (x86)\Mozilla Firefox\searchplugins\eBay-de.xml moved successfully.
C:\Program Files (x86)\Mozilla Firefox\searchplugins\leo_ende_de.xml moved successfully.
C:\Program Files (x86)\Mozilla Firefox\searchplugins\wikipedia-de.xml moved successfully.
C:\Program Files (x86)\Mozilla Firefox\searchplugins\yahoo-de.xml moved successfully.
C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml moved successfully.
C:\Users\fam.hotz\AppData\Roaming\Babylon folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\searchplugins\McSiteAdvisor.xml moved successfully.
C:\found.001\dir0000.chk folder moved successfully.
C:\found.001 folder moved successfully.
Folder move failed. C:\found.000\dir0000.chk\Windows\winsxs\x86_microsoft-windows-m..ac-ado-ddl-security_31bf3856ad364e35_6.1.7601.17857_none_b40dc7a79ec25084 scheduled to be moved on reboot.
Folder move failed. C:\found.000\dir0000.chk\Windows\winsxs\x86_microsoft-windows-ie-vgx_31bf3856ad364e35_9.4.8112.16421_none_05b6b429030148f7 scheduled to be moved on reboot.
Folder move failed. C:\found.000\dir0000.chk\Windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_9.4.8112.16448_none_6014af45a6d46afb scheduled to be moved on reboot.
Folder move failed. C:\found.000\dir0000.chk\Windows\winsxs\x86_microsoft-windows-ie-jscriptdebugui_31bf3856ad364e35_9.4.8112.16448_none_d2dd53c9e7f57787 scheduled to be moved on reboot.
Folder move failed. C:\found.000\dir0000.chk\Windows\winsxs\x86_microsoft-windows-ie-ieshims_31bf3856ad364e35_9.4.8112.16448_none_5ffe34e1b4893d8b scheduled to be moved on reboot.
Folder move failed. C:\found.000\dir0000.chk\Windows\winsxs\x86_microsoft-windows-ie-ieproxy_31bf3856ad364e35_9.4.8112.16448_none_a89fe94b64e0d71d scheduled to be moved on reboot.
Folder move failed. C:\found.000\dir0000.chk\Windows\winsxs\x86_microsoft-windows-ie-devtools_31bf3856ad364e35_9.4.8112.16448_none_541611bc5a2698df scheduled to be moved on reboot.
Folder move failed. C:\found.000\dir0000.chk\Windows\winsxs\wow64_microsoft-windows-t..tservices.resources_31bf3856ad364e35_6.1.7600.16385_de-de_cebab8bda770d150 scheduled to be moved on reboot.
Folder move failed. C:\found.000\dir0000.chk\Windows\winsxs\wow64_microsoft-windows-mulanttsvoicecommon_31bf3856ad364e35_6.1.7600.16385_none_48330de9affd2c5d scheduled to be moved on reboot.
Folder move failed. C:\found.000\dir0000.chk\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16448_none_179aa71bb4d435bd scheduled to be moved on reboot.
Folder move failed. C:\found.000\dir0000.chk\Windows\winsxs\wow64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_9.4.8112.16421_de-de_6865046bfd99819c scheduled to be moved on reboot.
Folder move failed. C:\found.000\dir0000.chk\Windows\winsxs scheduled to be moved on reboot.
Folder move failed. C:\found.000\dir0000.chk\Windows scheduled to be moved on reboot.
C:\found.000\dir0000.chk\Program Files (x86)\Intel folder moved successfully.
C:\found.000\dir0000.chk\Program Files (x86) folder moved successfully.
Folder move failed. C:\found.000\dir0000.chk scheduled to be moved on reboot.
C:\found.000 folder moved successfully.
C:\Program Files (x86)\Conduit\Community Alerts folder moved successfully.
C:\Program Files (x86)\Conduit folder moved successfully.
C:\Users\fam.hotz\AppData\Local\Conduit folder moved successfully.
========== FILES ==========
File\Folder C:\ProgramData\*.exe not found.
File\Folder C:\ProgramData\TEMP not found.
File\Folder C:\Users\fam.hotz\*.tmp not found.
C:\Users\fam.hotz\AppData\Local\{07D2FBAF-5444-43EC-94E8-8772A063EA81} moved successfully.
C:\Users\fam.hotz\AppData\Local\{0F27CF04-A82D-4EF2-A1F7-13DD953F196C} moved successfully.
C:\Users\fam.hotz\AppData\Local\{0FF97598-4DE1-4672-B294-EFC9521C2DA5} moved successfully.
C:\Users\fam.hotz\AppData\Local\{1A51895A-3E2E-41B2-AA3C-953C19B3F1E5} moved successfully.
C:\Users\fam.hotz\AppData\Local\{2A5FBD17-720C-44DF-A595-93BA8EC7C776} moved successfully.
C:\Users\fam.hotz\AppData\Local\{2AAE9CF3-EA78-49F8-8D1A-9EE33C34DE79} moved successfully.
C:\Users\fam.hotz\AppData\Local\{2B12EAD3-4AB3-4672-A4AF-EEC354F38436} moved successfully.
C:\Users\fam.hotz\AppData\Local\{2FAB2DB4-7FEF-4000-BD2D-07C0F40BD690} moved successfully.
C:\Users\fam.hotz\AppData\Local\{3825E774-222A-446B-B2C8-70A61C5F5BF3} moved successfully.
C:\Users\fam.hotz\AppData\Local\{38947352-25D3-4376-A5A2-ED57328108B1} moved successfully.
C:\Users\fam.hotz\AppData\Local\{40FA243E-74DA-43FE-B1C1-B4A112852F54} moved successfully.
C:\Users\fam.hotz\AppData\Local\{4E249649-9FCD-4C36-BEE0-EC45182ECB67} moved successfully.
C:\Users\fam.hotz\AppData\Local\{664886EF-498D-4889-8889-1C91C7C38055} moved successfully.
C:\Users\fam.hotz\AppData\Local\{6693EF48-3245-459E-957A-25D64D6AE4CE} moved successfully.
C:\Users\fam.hotz\AppData\Local\{67BA7A90-D1F4-49DC-A6AE-D1EE36FAC7AA} moved successfully.
C:\Users\fam.hotz\AppData\Local\{7FADD4E8-EBA4-49A5-90C8-A908C8B6CA41} moved successfully.
C:\Users\fam.hotz\AppData\Local\{916DC63B-A9A8-447A-B0B8-CA1572A17472} moved successfully.
C:\Users\fam.hotz\AppData\Local\{9F08D340-2023-43FA-AD8A-7E0BC32CEBF8} moved successfully.
C:\Users\fam.hotz\AppData\Local\{ABF68612-47EB-4F14-9C2E-4EA7E201AC9D} moved successfully.
C:\Users\fam.hotz\AppData\Local\{B16B0C58-E3C3-4BEF-89A6-F9AD380635B2} moved successfully.
C:\Users\fam.hotz\AppData\Local\{B4FBFD58-F11E-4557-BEE0-A7BEFB46E778} moved successfully.
C:\Users\fam.hotz\AppData\Local\{BB94F024-764B-4E67-B466-86F2A4A56303} moved successfully.
C:\Users\fam.hotz\AppData\Local\{C4E4FA6D-6270-4D01-8D6C-0F5E3F8BA157} moved successfully.
C:\Users\fam.hotz\AppData\Local\{C629A7E3-3739-42E2-9582-030580276BA4} moved successfully.
C:\Users\fam.hotz\AppData\Local\{CA272593-DD18-4DE1-A538-9506827AABB6} moved successfully.
C:\Users\fam.hotz\AppData\Local\{CF3DD904-FAF4-4462-A388-AAFB21A9F08E} moved successfully.
C:\Users\fam.hotz\AppData\Local\{D730738C-90D5-4202-96C6-3B48E79C3E31} moved successfully.
C:\Users\fam.hotz\AppData\Local\{DDF20D14-7BAC-4C55-900F-D61E1E41D0E5} moved successfully.
C:\Users\fam.hotz\AppData\Local\{DE36EAD8-D607-4E34-8982-84D9030F181E} moved successfully.
C:\Users\fam.hotz\AppData\Local\{E0B853AF-7759-474F-9F77-2FBDC6254810} moved successfully.
C:\Users\fam.hotz\AppData\Local\{EEEC3750-5AC9-4F94-99F1-C45FF97197F3} moved successfully.
C:\Users\fam.hotz\AppData\Local\{F08FF2B6-4798-4F1B-9AB8-608A93DFF2EA} moved successfully.
C:\Users\fam.hotz\AppData\Local\Temp\COMAP.EXE moved successfully.
C:\Users\fam.hotz\AppData\Local\Temp\DataCard_Setup64.exe moved successfully.
C:\Users\fam.hotz\AppData\Local\Temp\firefoxjre_exe-1.exe moved successfully.
C:\Users\fam.hotz\AppData\Local\Temp\firefoxjre_exe-2.exe moved successfully.
C:\Users\fam.hotz\AppData\Local\Temp\firefoxjre_exe-3.exe moved successfully.
C:\Users\fam.hotz\AppData\Local\Temp\firefoxjre_exe-4.exe moved successfully.
C:\Users\fam.hotz\AppData\Local\Temp\firefoxjre_exe.exe moved successfully.
C:\Users\fam.hotz\AppData\Local\Temp\IPx64_1031.exe moved successfully.
C:\Users\fam.hotz\AppData\Local\Temp\ResetDevice.exe moved successfully.
C:\Users\fam.hotz\AppData\Local\Temp\SkypeSetup.exe moved successfully.
C:\Users\fam.hotz\AppData\Local\Temp\wusetup.exE moved successfully.
C:\Users\fam.hotz\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\tmp folder moved successfully.
C:\Users\fam.hotz\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\muffin folder moved successfully.
C:\Users\fam.hotz\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\host folder moved successfully.
C:\Users\fam.hotz\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9 folder moved successfully.
C:\Users\fam.hotz\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\8 folder moved successfully.
C:\Users\fam.hotz\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\7 folder moved successfully.
C:\Users\fam.hotz\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63 folder moved successfully.
C:\Users\fam.hotz\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62 folder moved successfully.
C:\Users\fam.hotz\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61 folder moved successfully.
C:\Users\fam.hotz\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\60 folder moved successfully.
C:\Users\fam.hotz\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6 folder moved successfully.
C:\Users\fam.hotz\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59 folder moved successfully.
C:\Users\fam.hotz\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58 folder moved successfully.
C:\Users\fam.hotz\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57 folder moved successfully.
C:\Users\fam.hotz\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\56 folder moved successfully.
C:\Users\fam.hotz\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55 folder moved successfully.
C:\Users\fam.hotz\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54 folder moved successfully.
C:\Users\fam.hotz\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53 folder moved successfully.
C:\Users\fam.hotz\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52 folder moved successfully.
C:\Users\fam.hotz\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\51 folder moved successfully.
C:\Users\fam.hotz\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50 folder moved successfully.
C:\Users\fam.hotz\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5 folder moved successfully.
C:\Users\fam.hotz\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49 folder moved successfully.
C:\Users\fam.hotz\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48 folder moved successfully.
C:\Users\fam.hotz\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47 folder moved successfully.
C:\Users\fam.hotz\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46 folder moved successfully.
C:\Users\fam.hotz\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\45 folder moved successfully.
C:\Users\fam.hotz\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44 folder moved successfully.
C:\Users\fam.hotz\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43 folder moved successfully.
C:\Users\fam.hotz\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\42 folder moved successfully.
C:\Users\fam.hotz\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41 folder moved successfully.
C:\Users\fam.hotz\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\40 folder moved successfully.
C:\Users\fam.hotz\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\4 folder moved successfully.
C:\Users\fam.hotz\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\39 folder moved successfully.
C:\Users\fam.hotz\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38 folder moved successfully.
C:\Users\fam.hotz\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\37 folder moved successfully.
C:\Users\fam.hotz\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36 folder moved successfully.
C:\Users\fam.hotz\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35 folder moved successfully.
C:\Users\fam.hotz\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34 folder moved successfully.
C:\Users\fam.hotz\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33 folder moved successfully.
C:\Users\fam.hotz\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32 folder moved successfully.
C:\Users\fam.hotz\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31 folder moved successfully.
C:\Users\fam.hotz\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\30 folder moved successfully.
C:\Users\fam.hotz\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\3 folder moved successfully.
C:\Users\fam.hotz\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29 folder moved successfully.
C:\Users\fam.hotz\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28 folder moved successfully.
C:\Users\fam.hotz\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27 folder moved successfully.
C:\Users\fam.hotz\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26 folder moved successfully.
C:\Users\fam.hotz\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25 folder moved successfully.
C:\Users\fam.hotz\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\24 folder moved successfully.
C:\Users\fam.hotz\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\23 folder moved successfully.
C:\Users\fam.hotz\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22 folder moved successfully.
C:\Users\fam.hotz\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21 folder moved successfully.
C:\Users\fam.hotz\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20 folder moved successfully.
C:\Users\fam.hotz\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2 folder moved successfully.
C:\Users\fam.hotz\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\19 folder moved successfully.
C:\Users\fam.hotz\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18 folder moved successfully.
C:\Users\fam.hotz\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17 folder moved successfully.
C:\Users\fam.hotz\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16 folder moved successfully.
C:\Users\fam.hotz\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15 folder moved successfully.
C:\Users\fam.hotz\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\14 folder moved successfully.
C:\Users\fam.hotz\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\13 folder moved successfully.
C:\Users\fam.hotz\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12 folder moved successfully.
C:\Users\fam.hotz\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\11 folder moved successfully.
C:\Users\fam.hotz\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10 folder moved successfully.
C:\Users\fam.hotz\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1 folder moved successfully.
C:\Users\fam.hotz\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0 folder moved successfully.
C:\Users\fam.hotz\AppData\LocalLow\Sun\Java\Deployment\cache\6.0 folder moved successfully.
C:\Users\fam.hotz\AppData\LocalLow\Sun\Java\Deployment\cache folder moved successfully.
File/Folder C:\Users\fam.hotz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk not found.
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\fam.hotz\Desktop\cmd.bat deleted successfully.
C:\Users\fam.hotz\Desktop\cmd.txt deleted successfully.
File\Folder :Commands not found.
File\Folder [emptytemp] not found.

OTL by OldTimer - Version 3.2.69.0 log created on 09272012_151556

Files\Folders moved on Reboot...
File move failed. c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll scheduled to be moved on reboot.
File\Folder C:\Users\fam.hotz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk not found!
File\Folder C:\found.000\dir0000.chk\Windows\winsxs\x86_microsoft-windows-m..ac-ado-ddl-security_31bf3856ad364e35_6.1.7601.17857_none_b40dc7a79ec25084 not found!
File\Folder C:\found.000\dir0000.chk\Windows\winsxs\x86_microsoft-windows-ie-vgx_31bf3856ad364e35_9.4.8112.16421_none_05b6b429030148f7 not found!
File\Folder C:\found.000\dir0000.chk\Windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_9.4.8112.16448_none_6014af45a6d46afb not found!
File\Folder C:\found.000\dir0000.chk\Windows\winsxs\x86_microsoft-windows-ie-jscriptdebugui_31bf3856ad364e35_9.4.8112.16448_none_d2dd53c9e7f57787 not found!
File\Folder C:\found.000\dir0000.chk\Windows\winsxs\x86_microsoft-windows-ie-ieshims_31bf3856ad364e35_9.4.8112.16448_none_5ffe34e1b4893d8b not found!
File\Folder C:\found.000\dir0000.chk\Windows\winsxs\x86_microsoft-windows-ie-ieproxy_31bf3856ad364e35_9.4.8112.16448_none_a89fe94b64e0d71d not found!
File\Folder C:\found.000\dir0000.chk\Windows\winsxs\x86_microsoft-windows-ie-devtools_31bf3856ad364e35_9.4.8112.16448_none_541611bc5a2698df not found!
File\Folder C:\found.000\dir0000.chk\Windows\winsxs\wow64_microsoft-windows-t..tservices.resources_31bf3856ad364e35_6.1.7600.16385_de-de_cebab8bda770d150 not found!
File\Folder C:\found.000\dir0000.chk\Windows\winsxs\wow64_microsoft-windows-mulanttsvoicecommon_31bf3856ad364e35_6.1.7600.16385_none_48330de9affd2c5d not found!
File\Folder C:\found.000\dir0000.chk\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16448_none_179aa71bb4d435bd not found!
File\Folder C:\found.000\dir0000.chk\Windows\winsxs\wow64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_9.4.8112.16421_de-de_6865046bfd99819c not found!
File\Folder C:\found.000\dir0000.chk\Windows\winsxs not found!
File\Folder C:\found.000\dir0000.chk\Windows not found!
File\Folder C:\found.000\dir0000.chk not found!

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

# AdwCleaner v2.003 - Datei am 09/27/2012 um 17:22:16 erstellt
# Aktualisiert am 23/09/2012 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : fam.hotz - FAMHOTZ-TOSH
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\fam.hotz\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gelöscht : C:\user.js
Ordner Gelöscht : C:\ProgramData\Babylon
Ordner Gelöscht : C:\ProgramData\Partner
Ordner Gelöscht : C:\ProgramData\Trymedia
Ordner Gelöscht : C:\Users\fam.hotz\AppData\LocalLow\BabylonToolbar
Ordner Gelöscht : C:\Users\fam.hotz\AppData\LocalLow\Conduit
Ordner Gelöscht : C:\Users\fam.hotz\AppData\LocalLow\pdfforge
Ordner Gelöscht : C:\Users\fam.hotz\AppData\LocalLow\PriceGong
Ordner Gelöscht : C:\Users\fam.hotz\AppData\LocalLow\Search Settings
Ordner Gelöscht : C:\Users\fam.hotz\AppData\Roaming\Mozilla\Firefox\Profiles\vxmgl5z7.default\Conduit
Ordner Gelöscht : C:\Users\FAM~1.HOT\AppData\Local\Temp\BabylonToolbar

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\pdfforge
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\PriceGong
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Search Settings
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\SmartBar
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{B922D405-6D13-4A2B-AE89-08A030DA4402}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B922D405-6D13-4A2B-AE89-08A030DA4402}
Schlüssel Gelöscht : HKCU\Software\pdfforge
Schlüssel Gelöscht : HKCU\Software\Search Settings
Schlüssel Gelöscht : HKLM\Software\Babylon
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT3196716
Schlüssel Gelöscht : HKLM\Software\Conduit
Schlüssel Gelöscht : HKLM\Software\pdfforge
Schlüssel Gelöscht : HKLM\Software\Search Settings
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{BFE569F7-646C-4512-969B-9BE3E580D393}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}
Schlüssel Gelöscht : HKLM\SOFTWARE\Software

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16421

Wiederhergestellt : [HKCU\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKCU\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]

-\\ Mozilla Firefox v13.0.1 (de)

Profilname : default
Datei : C:\Users\fam.hotz\AppData\Roaming\Mozilla\Firefox\Profiles\vxmgl5z7.default\prefs.js

C:\Users\fam.hotz\AppData\Roaming\Mozilla\Firefox\Profiles\vxmgl5z7.default\user.js ... Gelöscht !

Gelöscht : user_pref("CT2508583.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Gelöscht : user_pref("CT2508583.CTID", "CT2508583");
Gelöscht : user_pref("CT2508583.CurrentServerDate", "1-11-2010");
Gelöscht : user_pref("CT2508583.DialogsAlignMode", "LTR");
Gelöscht : user_pref("CT2508583.DownloadReferralCookieData", "{\"BannerName\":\"\",\"BannerTypeId\":\"\",\"Bann[...]
Gelöscht : user_pref("CT2508583.FeedLastCount129086521209375069", 40);
Gelöscht : user_pref("CT2508583.FeedLastCount129158248553443272", 0);
Gelöscht : user_pref("CT2508583.FeedPollDate129086521210625102", "Sun Oct 31 2010 22:40:43 GMT+0100");
Gelöscht : user_pref("CT2508583.FeedPollDate129158248553443272", "Sun Oct 31 2010 22:40:42 GMT+0100");
Gelöscht : user_pref("CT2508583.FeedTTL129086521210625102", 40);
Gelöscht : user_pref("CT2508583.FirstServerDate", "11-7-2010");
Gelöscht : user_pref("CT2508583.FirstTime", true);
Gelöscht : user_pref("CT2508583.FirstTimeFF3", true);
Gelöscht : user_pref("CT2508583.FirstTimeSettingsDone", true);
Gelöscht : user_pref("CT2508583.FixPageNotFoundErrors", true);
Gelöscht : user_pref("CT2508583.GroupingServerCheckInterval", 1440);
Gelöscht : user_pref("CT2508583.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Gelöscht : user_pref("CT2508583.Initialize", true);
Gelöscht : user_pref("CT2508583.InitializeCommonPrefs", true);
Gelöscht : user_pref("CT2508583.InstallationAndCookieDataSentCount", 2);
Gelöscht : user_pref("CT2508583.InstalledDate", "Sun Jul 11 2010 12:13:56 GMT+0200");
Gelöscht : user_pref("CT2508583.IsGrouping", false);
Gelöscht : user_pref("CT2508583.IsMulticommunity", false);
Gelöscht : user_pref("CT2508583.IsOpenThankYouPage", true);
Gelöscht : user_pref("CT2508583.IsOpenUninstallPage", true);
Gelöscht : user_pref("CT2508583.LanguagePackLastCheckTime", "Sun Oct 31 2010 22:40:43 GMT+0100");
Gelöscht : user_pref("CT2508583.LanguagePackReloadIntervalMM", 1440);
Gelöscht : user_pref("CT2508583.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Gelöscht : user_pref("CT2508583.LastLogin_2.7.1.3", "Sun Oct 31 2010 22:40:43 GMT+0100");
Gelöscht : user_pref("CT2508583.LatestVersion", "2.7.2.0");
Gelöscht : user_pref("CT2508583.Locale", "de");
Gelöscht : user_pref("CT2508583.LoginCache", 4);
Gelöscht : user_pref("CT2508583.MCDetectTooltipHeight", "83");
Gelöscht : user_pref("CT2508583.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Gelöscht : user_pref("CT2508583.MCDetectTooltipWidth", "295");
Gelöscht : user_pref("CT2508583.SearchEngine", "Suchen||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TER[...]
Gelöscht : user_pref("CT2508583.SearchFromAddressBarIsInit", true);
Gelöscht : user_pref("CT2508583.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT250[...]
Gelöscht : user_pref("CT2508583.SearchInNewTabEnabled", true);
Gelöscht : user_pref("CT2508583.SearchInNewTabIntervalMM", 1440);
Gelöscht : user_pref("CT2508583.SearchInNewTabLastCheckTime", "Sun Oct 31 2010 22:40:42 GMT+0100");
Gelöscht : user_pref("CT2508583.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Gelöscht : user_pref("CT2508583.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageServic[...]
Gelöscht : user_pref("CT2508583.SettingsCheckIntervalMin", 120);
Gelöscht : user_pref("CT2508583.SettingsLastCheckTime", "Sun Oct 31 2010 22:40:42 GMT+0100");
Gelöscht : user_pref("CT2508583.SettingsLastUpdate", "1278064743");
Gelöscht : user_pref("CT2508583.ThirdPartyComponentsInterval", 504);
Gelöscht : user_pref("CT2508583.ThirdPartyComponentsLastCheck", "Sun Oct 31 2010 22:40:42 GMT+0100");
Gelöscht : user_pref("CT2508583.ThirdPartyComponentsLastUpdate", "1278064743");
Gelöscht : user_pref("CT2508583.TrusteLinkUrl", "hxxp://www.truste.org/pvr.php?page=validate&softwareProgramId=[...]
Gelöscht : user_pref("CT2508583.Uninstall", true);
Gelöscht : user_pref("CT2508583.UserID", "UN06247330271247364");
Gelöscht : user_pref("CT2508583.ValidationData_Toolbar", 2);
Gelöscht : user_pref("CT2508583.alertChannelId", "901598");
Gelöscht : user_pref("CT2508583.clientLogIsEnabled", true);
Gelöscht : user_pref("CT2508583.clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asm[...]
Gelöscht : user_pref("CT2508583.components.1000034", false);
Gelöscht : user_pref("CT2508583.myStuffEnabled", true);
Gelöscht : user_pref("CT2508583.myStuffPublihserMinWidth", 400);
Gelöscht : user_pref("CT2508583.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Gelöscht : user_pref("CT2508583.myStuffServiceIntervalMM", 1440);
Gelöscht : user_pref("CT2508583.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Gelöscht : user_pref("CT2508583.uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Reg[...]
Gelöscht : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "chrome://browser-region/locale/region.pr[...]
Gelöscht : user_pref("CommunityToolbar.ToolbarsList", "CT2508583");
Gelöscht : user_pref("CommunityToolbar.ToolbarsList2", "CT2508583");
Gelöscht : user_pref("CommunityToolbar.alert.alertInfoInterval", 60);
Gelöscht : user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Sun Jul 11 2010 13:13:55 GMT+0200");
Gelöscht : user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com");
Gelöscht : user_pref("CommunityToolbar.alert.locale", "en");
Gelöscht : user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);
Gelöscht : user_pref("CommunityToolbar.alert.loginLastCheckTime", "Sun Jul 11 2010 12:13:55 GMT+0200");
Gelöscht : user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1276093853");
Gelöscht : user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);
Gelöscht : user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");
Gelöscht : user_pref("CommunityToolbar.alert.showTrayIcon", false);
Gelöscht : user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);
Gelöscht : user_pref("CommunityToolbar.alert.userId", "{063d6464-ee23-42e6-ada8-244af49898d2}");
Gelöscht : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT2508583");
Gelöscht : user_pref("CommunityToolbar.twitter.user_47593578.LastCheckTime", "Mon Nov 01 2010 12:09:34 GMT+0100[...]
Gelöscht : user_pref("browser.babylon.HPOnNewTab", "search.babylon.com");
Gelöscht : user_pref("browser.newtab.url", "hxxp://search.babylon.com/?affID=107738&tt=2912_3&babsrc=NT_ss&mntr[...]
Gelöscht : user_pref("extensions.BabylonToolbar_i.aflt", "babsst");
Gelöscht : user_pref("extensions.BabylonToolbar_i.babExt", "");
Gelöscht : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=107738&tt=2912_3");
Gelöscht : user_pref("extensions.BabylonToolbar_i.hardId", "844424a3000000000000701a04df3150");
Gelöscht : user_pref("extensions.BabylonToolbar_i.id", "844424a3000000000000701a04df3150");
Gelöscht : user_pref("extensions.BabylonToolbar_i.instlDay", "15540");
Gelöscht : user_pref("extensions.BabylonToolbar_i.instlRef", "sst");
Gelöscht : user_pref("extensions.BabylonToolbar_i.newTab", true);
Gelöscht : user_pref("extensions.BabylonToolbar_i.newTabUrl", "hxxp://search.babylon.com/?affID=107738&tt=2912_[...]
Gelöscht : user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar");
Gelöscht : user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon");
Gelöscht : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
Gelöscht : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
Gelöscht : user_pref("extensions.BabylonToolbar_i.tlbrId", "base");
Gelöscht : user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17");
Gelöscht : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.1710:47:43");
Gelöscht : user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17");

*************************

AdwCleaner[S1].txt - [13038 octets] - [27/09/2012 17:22:16]

########## EOF - C:\AdwCleaner[S1].txt - [13099 octets] ##########

Hallo, Danke nochmal für die Hilfe. Jetzt dachte ich, es ist alles ok, gerade habe ich bemerkt, dass alle meine Ordner "schreibgeschützt" sind. Wie krieg ich das wieder weg?

Bitte das Malwarebytes Logfile posten!
(Reiter Logberichte)

Ist das das Richtige?

Malwarebytes Anti-Malware (Test) 1.65.0.1400
Malwarebytes : Free anti-malware download

Datenbank Version: v2012.09.30.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
fam.hotz :: FAMHOTZ-TOSH [Administrator]

Schutz: Aktiviert

30.09.2012 20:04:09
mbam-log-2012-09-30 (20-04-09).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 245765
Laufzeit: 14 Minute(n), 39 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

Sehr gut! :daumenhoc

Welche Ordner sind geschuetzt?


Malware-Scan mit Emsisoft Anti-Malware

Lade die Gratisversion von => Emsisoft Anti-Malware herunter und installiere das Programm.
Lade über Jetzt Updaten die aktuellen Signaturen herunter.
Wähle den Freeware-Modus aus.

Wähle Detail Scan und starte über den Button Scan die Überprüfung des Computers.
Am Ende des Scans nichts loeschen lassen!. Mit Klick auf Bericht speichern das Logfile auf dem Desktop speichern und hier in den Thread posten.

Anleitung: http://www.trojaner-board.de/103809-...i-malware.html

\\FAMHOTZ-TOSH\Users\Dokumente

Das ist eine Netzadresse und kein Pfad.
Von wo aus sind sie schreibgeschuetzt?

Bitte mit Emsisoft weitermachen

Emsisoft Anti-Malware - Version 7.0
Letztes Update: 01.10.2012 20:59:08

Scan Einstellungen:

Scan Methode: Detail Scan
Objekte: Rootkits, Speicher, Traces, C:\, D:\

Riskware-Erkennung: Aus
Archiv Scan: An
ADS Scan: An
Dateitypen-Filter: Aus
Erweitertes Caching: An
Direkter Festplattenzugriff: Aus

Scan Beginn: 01.10.2012 21:01:18

C:\Program Files (x86)\Corel\DVD MovieFactory for TOSHIBA\Corel DVD MovieFactory\SQPlus.dll gefunden: Packer.Win32.Themida (A)
C:\Users\fam.hotz\AppData\Local\Temp\jar_cache4490746036129779656.tmp gefunden: Gen:Variant.Kazy.53625 (B)

Gescannt 516053
Gefunden 2

Scan Ende: 01.10.2012 23:02:45
Scan Zeit: 2:01:27

C:\Users\fam.hotz\AppData\Local\Temp\jar_cache4490746036129779656.tmp Quarantäne Gen:Variant.Kazy.53625 (B)
C:\Program Files (x86)\Corel\DVD MovieFactory for TOSHIBA\Corel DVD MovieFactory\SQPlus.dll Quarantäne Packer.Win32.Themida (A)

Quarantäne 2

Sehr gut! :daumenhoc



Deinstalliere:
Emsisoft Anti-Malware


ESET Online Scanner

Vorbereitung

• Schließe evtl. vorhandene externe Festplatten und/oder sonstigen Wechselmedien (z. B. evtl. vorhandene USB-Sticks) an den Rechner an.
• Bitte während des Online-Scans Anti-Virus-Programm und Firewall deaktivieren.
• Vista/Win7-User: Bitte den Browser unbedingt als Administrator starten.

Los geht's

• Lade und starte Eset Smartinstaller
• Haken setzen bei YES, I accept the Terms of Use.
• Klick auf Start.
• Haken setzen bei Remove found threads und Scan archives.
• Klick auf Start.
• Signaturen werden heruntergeladen, der Scan beginnt automatisch.
• Finish drücken.
• Browser schließen.
• Explorer öffnen.
• C:\Programme\Eset\EsetOnlineScanner\log.txt (manchmal auch C:\Programme\Eset\log.txt) suchen und mit Deinem Editor öffnen.
• Logfile hier posten.
• Deinstallation: Systemsteuerung => Software => Eset Online Scanner V3 entfernen.
• Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Die Benutzerkontensteuerung fragt mich immer, ob ich zulassen möchte, dass durch das folgende Programm Änderungen voregenommen werden:

programmname: jucheck.exe
Herausgeber: Oracle America, inc.
Dateiursprung: Festplatte auf diesem computer

Drücke ich "ja" oder "nein"?

Nein, noch nicht.

Der Scan läuft seit über 4 Stunden und hat schon 4 Threats gefunden..... und er ist immer noch nicht fertig! :pfeiff:

Zu langsamme, zu grosse oder zu volle Platte? ;)