Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Bundestrojaner aber mit Webcamfenster

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 12.07.2012, 08:21   #1
Evi88
 
Bundestrojaner aber mit Webcamfenster - Standard

Bundestrojaner aber mit Webcamfenster



Auch ich habe mit einen Trojaner (ich glaube es ist der Bundestrojaner-da Aufforderung zur Zahlung,etc) eingefangen und werde Ihn nicht los.
Er sieht aber leicht abgewandelt aus-und zwar mit Webcamfenster oben rechts.
Er taucht aber nur auf und sperrt den Rechner, wenn ich mit dem Internet verbunden bin u schaltet auch sofort die webcam ein. Sonst läuft mein Rechner, bis auf den Taskmanager.

F-Security Komplettclscan hat nichts gebracht...
Jetzt bin ich am verzweifeln unter anderem weil ich mitten in der Prüfungszeit stecke und ich nicht ins Internet kann u meine daten auch nocht verlieren möchte....Hilfe !!!

Was kann/ soll ich tun?

Vielen vielen Lieben Dank im Voraus!!!
Eva

Alt 13.07.2012, 12:39   #2
t'john
/// Helfer-Team
 
Bundestrojaner aber mit Webcamfenster - Standard

Bundestrojaner aber mit Webcamfenster





1. Schritt

Neue Version! Bitte neu runterladen!
Bitte einen Vollscan mit Malwarebytes Anti-Malware machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Malwarebytes Anti-Malware
- Anwendbar auf Windows 2000, XP, Vista und 7.
- Installiere das Programm in den vorgegebenen Pfad.
- Aktiviere "Komplett Scan durchführen" => Scan.
- Wähle alle verfügbaren Laufwerke (ausser CD/DVD) aus und starte den Scan.
- Funde bitte löschen lassen oder in Quarantäne.
- Wenn der Scan beendet ist, klicke auf "Zeige Resultate".
2. Schritt
Systemscan mit OTL (bebilderte Anleitung)

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop ( falls noch nicht vorhanden)- Doppelklick auf die OTL.exe
- Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
- Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
- Unter Extra Registry, wähle bitte Use SafeList
- Klicke nun auf Run Scan links oben
- Wenn der Scan beendet wurde werden 2 Logfiles erstellt
- Poste die Logfiles hier in den Thread.
__________________

__________________

Alt 15.07.2012, 16:16   #3
Evi88
 
Bundestrojaner aber mit Webcamfenster - Standard

Bundestrojaner aber mit Webcamfenster



Vielen Dank - hier nun die LOG-Dateien:

1) Malwarebytes:
Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.07.15.07

Windows 7 x64 NTFS (Abgesichertenmodus/Netzwerkfähig)
Internet Explorer 9.0.8112.16421
eva :: EVA-VAIO [Administrator]

15.07.2012 13:34:17
mbam-log-2012-07-15 (16-26-13).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|F:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 672275
Laufzeit: 2 Stunde(n), 34 Minute(n), 7 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 10
C:\Users\eva\Desktop\keygen.exe (Trojan.Agent.CK) -> Keine Aktion durchgeführt.
C:\Users\eva\Documents\Downloads\Codec-C (1).exe (Affiliate.Downloader) -> Keine Aktion durchgeführt.
C:\Users\eva\Documents\Downloads\Codec-C.exe (Affiliate.Downloader) -> Keine Aktion durchgeführt.
C:\Users\eva\Documents\Downloads\death_cab_for_cutie__codes_and_keys.exe (PUP.Adware.MediaGet) -> Keine Aktion durchgeführt.
C:\Users\eva\Documents\Downloads\DownloadSetup (50).exe (Affiliate.Downloader) -> Keine Aktion durchgeführt.
C:\Users\eva\Documents\Downloads\rodriguez_jr__the_split_part_1.exe (PUP.Adware.MediaGet) -> Keine Aktion durchgeführt.
C:\Users\eva\Documents\Downloads\SoftonicDownloader_fuer_skype-voice-changer.exe (PUP.OfferBundler.ST) -> Keine Aktion durchgeführt.
C:\Users\eva\Downloads\SoftonicDownloader_fuer_free-youtube-to-mp3-converter.exe (PUP.OfferBundler.ST) -> Keine Aktion durchgeführt.
C:\Users\eva\Downloads\SoftonicDownloader_fuer_gpl-mpeg-1-2-directshow-decoder-filter.exe (PUP.OfferBundler.ST) -> Keine Aktion durchgeführt.
C:\Users\eva\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk (Trojan.Ransom.Gen) -> Keine Aktion durchgeführt.

(Ende)


2) OTL.Txt - Datei:

Code:
ATTFilter
OTL logfile created on: 15.07.2012 16:31:54 - Run 1
OTL by OldTimer - Version 3.2.54.0     Folder = C:\Users\eva\Desktop
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,86 Gb Total Physical Memory | 2,81 Gb Available Physical Memory | 72,74% Memory free
7,71 Gb Paging File | 6,70 Gb Available in Paging File | 86,83% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 455,16 Gb Total Space | 41,51 Gb Free Space | 9,12% Space Free | Partition Type: NTFS
 
Computer Name: EVA-VAIO | User Name: eva | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\eva\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\3.0.195.21\rlz.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\3.0.195.21\avutil-50.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\3.0.195.21\avformat-52.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\3.0.195.21\avcodec-52.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (SampleCollector) Intel(R) -- C:\Program Files\Sony\VAIO Care\collsvc.exe (Intel Corporation)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (fshoster) -- C:\Program Files (x86)\F-Secure\fshoster32.exe (F-Secure Corporation)
SRV - (FSORSPClient) -- C:\Program Files (x86)\F-Secure\ORSP Client\fsorsp.exe (F-Secure Corporation)
SRV - (FSDFWD) -- C:\Program Files (x86)\F-Secure\FWES\Program\fsdfwd.exe (F-Secure Corporation)
SRV - (F-Secure Gatekeeper Handler Starter) -- C:\Program Files (x86)\F-Secure\Anti-Virus\fsgk32st.exe (F-Secure Corporation)
SRV - (FSMA) -- C:\Program Files (x86)\F-Secure\Common\FSMA32.EXE (F-Secure Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (ACDaemon) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
SRV - (SwitchBoard) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (BrYNSvc) -- C:\Program Files (x86)\Browny02\BrYNSvc.exe (Brother Industries, Ltd.)
SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
SRV - (UNS) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (VAIO Event Service) -- C:\Program Files (x86)\SONY\VAIO Event Service\VESMgr.exe (Sony Corporation)
SRV - (VAIO Power Management) -- C:\Programme\Sony\VAIO Power Management\SPMService.exe (Sony Corporation)
SRV - (VSNService) -- C:\Programme\Sony\VAIO Smart Network\VSNService.exe (Sony Corporation)
SRV - (IAStorDataMgrSvc) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (OpenVPNService) -- C:\Program Files (x86)\OpenVPN\bin\openvpnserv.exe ()
SRV - (VUAgent) -- C:\Programme\Sony\VAIO Update 5\VUAgent.exe (Sony Corporation)
SRV - (PMBDeviceInfoProvider) -- C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe (Sony Corporation)
SRV - (SOHDms) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe (Sony Corporation)
SRV - (SOHPlMgr) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe (Sony Corporation)
SRV - (SOHDs) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe (Sony Corporation)
SRV - (SOHCImp) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe (Sony Corporation)
SRV - (SOHDBSvr) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe (Sony Corporation)
SRV - (VcmIAlzMgr) -- C:\Programme\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe (Sony Corporation)
SRV - (VzCdbSvc) -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe (Sony Corporation)
SRV - (VAIO Entertainment TV Device Arbitration Service) -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe (Sony Corporation)
SRV - (VCFw) -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe (Sony Corporation)
SRV - (VcmXmlIfHelper) -- C:\Programme\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe (Sony Corporation)
SRV - (btwdins) -- C:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
SRV - (VcmINSMgr) -- C:\Programme\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe (Sony Corporation)
SRV - (Roxio Upnp Server 10) -- C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe (Sonic Solutions)
SRV - (Roxio UPnP Renderer 10) -- C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe (Sonic Solutions)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (uCamMonitor) -- C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe (ArcSoft, Inc.)
SRV - (EPSON_EB_RPCV4_01) EPSON V5 Service4(01) -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE (SEIKO EPSON CORPORATION)
SRV - (EPSON_PM_RPCV4_01) EPSON V3 Service4(01) -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE (SEIKO EPSON CORPORATION)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (fsbts) -- C:\Windows\SysNative\drivers\fsbts.sys ()
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (dtsoftbus01) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys (DT Soft Ltd)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (FSES) -- C:\Windows\SysNative\drivers\fses.sys (F-Secure Corporation)
DRV:64bit: - (FSFW) -- C:\Windows\SysNative\drivers\fsdfw.sys (F-Secure Corporation)
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (IntcDAud) Intel(R) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (RTHDMIAzAudService) -- C:\Windows\SysNative\drivers\RtHDMIVX.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (HECIx64) Intel(R) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (tap0901) -- C:\Windows\SysNative\drivers\tap0901.sys (The OpenVPN Project)
DRV:64bit: - (btwrchid) -- C:\Windows\SysNative\drivers\btwrchid.sys (Broadcom Corporation.)
DRV:64bit: - (btwavdt) -- C:\Windows\SysNative\drivers\btwavdt.sys (Broadcom Corporation.)
DRV:64bit: - (btwaudio) -- C:\Windows\SysNative\drivers\btwaudio.sys (Broadcom Corporation.)
DRV:64bit: - (btusbflt) -- C:\Windows\SysNative\drivers\btusbflt.sys (Broadcom Corporation.)
DRV:64bit: - (btwl2cap) -- C:\Windows\SysNative\drivers\btwl2cap.sys (Broadcom Corporation.)
DRV:64bit: - (Impcd) -- C:\Windows\SysNative\drivers\Impcd.sys (Intel Corporation)
DRV:64bit: - (yukonw7) -- C:\Windows\SysNative\drivers\yk62x64.sys ()
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (rimspci) -- C:\Windows\SysNative\drivers\rimssne64.sys (REDC)
DRV:64bit: - (ApfiltrService) -- C:\Windows\SysNative\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (risdsnpe) -- C:\Windows\SysNative\drivers\risdsne64.sys (REDC)
DRV:64bit: - (SFEP) -- C:\Windows\SysNative\drivers\SFEP.sys (Sony Corporation)
DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (ArcSoftKsUFilter) -- C:\Windows\SysNative\drivers\ArcSoftKsUFilter.sys (ArcSoft, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (adfs) -- C:\Windows\SysNative\drivers\adfs.sys (Adobe Systems, Inc.)
DRV:64bit: - (RimUsb) -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys (Research In Motion Limited)
DRV - (F-Secure Gatekeeper) -- C:\Program Files (x86)\F-Secure\Anti-Virus\minifilter\fsgk.sys ()
DRV - (fsbts) -- C:\Windows\SysWOW64\drivers\fsbts.sys ()
DRV - (F-Secure HIPS) -- C:\Program Files (x86)\F-Secure\HIPS\drivers\fshs.sys (F-Secure Corporation)
DRV - (fsvista) -- C:\Program Files (x86)\F-Secure\Anti-Virus\minifilter\fsvista.sys ()
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=102&systemid=406&sr=0&q={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=102&systemid=406&sr=0&q={searchTerms}
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=SVEC&bmod=EU01
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/
IE - HKCU\..\URLSearchHook:  - No CLSID value found
IE - HKCU\..\URLSearchHook: {a51a36e6-31e7-4838-9ff7-76298b527ec0} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{2ADE1F2D-601B-4CBA-BB18-35D372A1434E}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SVEC_deDE377
IE - HKCU\..\SearchScopes\{3A86E50D-52C6-4A01-B1BF-BBEF32359CAB}: "URL" = hxxp://rover.ebay.com/rover/1/707-37276-16609-0/4?satitle={searchTerms}
IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKCU\..\SearchScopes\{7237F0F4-BF74-426E-BEFC-6D96B84F95A1}: "URL" = hxxp://de.shopping.com/?linkin_id=8056363
IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=102&systemid=406&sr=0&q={searchTerms}
IE - HKCU\..\SearchScopes\{BDD3D21F-DBDA-4475-BA3F-4F31818EE7F1}: "URL" = hxxp://www.zinio.com/search/index.jsp?s={searchTerms}&rf=sonyie8search
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Search Results"
FF - prefs.js..browser.search.defaultthis.engineName: "softonic-Germany Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2449729&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.order.1: "Search Results"
FF - prefs.js..browser.search.selectedEngine: "Search Results"
FF - prefs.js..browser.startup.homepage: "hxxp://www.searchqu.com/406"
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: litmus-ff@f-secure.com:1.10
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.2.5.2
FF - prefs.js..extensions.enabledItems: {a51a36e6-31e7-4838-9ff7-76298b527ec0}:3.2.5.2
FF - prefs.js..extensions.enabledItems: {c45c406e-ab73-11d8-be73-000a95be3b12}:1.1.9
FF - prefs.js..extensions.enabledItems: {AE93811A-5C9A-4d34-8462-F7B864FC4696}:3.81
FF - prefs.js..keyword.URL: "hxxp://dts.search-results.com/sr?src=ffb&appid=102&systemid=406&sr=0&q="
FF - prefs.js..network.proxy.http: "188.94.228.46"
FF - prefs.js..network.proxy.http_port: 8080
FF - prefs.js..network.proxy.type: 1
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\eva\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll File not found
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}: C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} [2010.06.09 11:45:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\litmus-ff@f-secure.com: C:\Program Files (x86)\F-Secure\NRS\litmus-ff@f-secure.com [2012.06.06 09:37:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.04.18 19:19:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.04.19 09:01:33 | 000,000,000 | ---D | M]
 
[2011.12.30 10:02:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\eva\AppData\Roaming\mozilla\Extensions
[2012.06.28 15:43:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\eva\AppData\Roaming\mozilla\Firefox\Profiles\14ntmd2g.default\extensions
[2012.06.28 15:43:27 | 000,000,000 | ---D | M] (Facebook Friend Request, Notifications & Messages Alerts + Facebook Like Button) -- C:\Users\eva\AppData\Roaming\mozilla\Firefox\Profiles\14ntmd2g.default\extensions\{30A7232F-77C9-4bd3-A812-3036704DB7AC}
[2011.05.21 10:06:33 | 000,000,000 | ---D | M] (ColorZilla) -- C:\Users\eva\AppData\Roaming\mozilla\Firefox\Profiles\14ntmd2g.default\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}
[2011.08.28 13:34:15 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\eva\AppData\Roaming\mozilla\Firefox\Profiles\14ntmd2g.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011.03.31 12:59:04 | 000,000,000 | ---D | M] (Web Developer) -- C:\Users\eva\AppData\Roaming\mozilla\Firefox\Profiles\14ntmd2g.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}
[2011.06.20 14:12:22 | 000,000,935 | ---- | M] () -- C:\Users\eva\AppData\Roaming\Mozilla\Firefox\Profiles\14ntmd2g.default\searchplugins\conduit.xml
[2011.08.16 08:21:10 | 000,000,950 | ---- | M] () -- C:\Users\eva\AppData\Roaming\Mozilla\Firefox\Profiles\14ntmd2g.default\searchplugins\icqplugin-1.xml
[2010.07.24 14:47:45 | 000,000,950 | ---- | M] () -- C:\Users\eva\AppData\Roaming\Mozilla\Firefox\Profiles\14ntmd2g.default\searchplugins\icqplugin-2.xml
[2010.08.19 00:22:46 | 000,000,950 | ---- | M] () -- C:\Users\eva\AppData\Roaming\Mozilla\Firefox\Profiles\14ntmd2g.default\searchplugins\icqplugin-3.xml
[2010.11.04 21:08:31 | 000,000,950 | ---- | M] () -- C:\Users\eva\AppData\Roaming\Mozilla\Firefox\Profiles\14ntmd2g.default\searchplugins\icqplugin-4.xml
[2010.11.04 21:27:01 | 000,000,950 | ---- | M] () -- C:\Users\eva\AppData\Roaming\Mozilla\Firefox\Profiles\14ntmd2g.default\searchplugins\icqplugin-5.xml
[2010.12.11 17:14:27 | 000,000,950 | ---- | M] () -- C:\Users\eva\AppData\Roaming\Mozilla\Firefox\Profiles\14ntmd2g.default\searchplugins\icqplugin-6.xml
[2011.01.05 14:36:18 | 000,000,950 | ---- | M] () -- C:\Users\eva\AppData\Roaming\Mozilla\Firefox\Profiles\14ntmd2g.default\searchplugins\icqplugin-7.xml
[2010.06.19 09:47:43 | 000,000,947 | ---- | M] () -- C:\Users\eva\AppData\Roaming\Mozilla\Firefox\Profiles\14ntmd2g.default\searchplugins\icqplugin.xml
[2011.12.08 00:17:07 | 000,002,519 | ---- | M] () -- C:\Users\eva\AppData\Roaming\Mozilla\Firefox\Profiles\14ntmd2g.default\searchplugins\Search_Results.xml
[2012.04.19 09:01:41 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2011.11.13 23:39:51 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012.04.19 09:01:42 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
[2011.08.13 19:47:04 | 000,372,161 | ---- | M] () (No name found) -- C:\USERS\EVA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\14NTMD2G.DEFAULT\EXTENSIONS\{AE93811A-5C9A-4D34-8462-F7B864FC4696}.XPI
[2011.08.13 19:47:04 | 000,127,576 | ---- | M] () (No name found) -- C:\USERS\EVA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\14NTMD2G.DEFAULT\EXTENSIONS\{E4A8A97B-F2ED-450B-B12D-EE082BA24781}.XPI
[2011.08.13 19:47:04 | 000,015,691 | ---- | M] () (No name found) -- C:\USERS\EVA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\14NTMD2G.DEFAULT\EXTENSIONS\ICH@MALTEGOETZ.DE.XPI
[2012.03.13 06:38:06 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2010.03.27 18:06:04 | 000,067,032 | ---- | M] (Adobe Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npContribute.dll
[2012.04.19 09:01:25 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2012.03.13 07:23:34 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.03.13 07:06:36 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.03.13 07:23:34 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.03.13 07:23:34 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.12.08 00:17:07 | 000,002,519 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\Search_Results.xml
[2012.03.13 07:23:34 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.03.13 07:23:34 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google ()
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR - homepage: hxxp://www.google.com/
 
O1 HOSTS File: ([2010.10.14 21:58:54 | 000,000,355 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1	localhost
O1 - Hosts: ::1			localhost
O2:64bit: - BHO: (Windows Live Family Safety Browser Helper Class) - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Programme\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Browsing Protection Class) - {C6867EB7-8350-4856-877F-93CF8AE3DC9C} - C:\Program Files (x86)\F-Secure\NRS\iescript\baselitmus.dll (F-Secure Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (Browsing Protection Toolbar) - {265EEE8E-3228-44D3-AEA5-F7FDF5860049} - C:\Program Files (x86)\F-Secure\NRS\iescript\baselitmus.dll (F-Secure Corporation)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {30F9B915-B755-4826-820B-08FBA6BD249D} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {A51A36E6-31E7-4838-9FF7-76298B527EC0} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [Apoint] C:\Programme\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS6ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [BrStsMon00] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [F-Secure Hoster] C:\Program Files (x86)\F-Secure\fshoster32.exe (F-Secure Corporation)
O4 - HKLM..\Run: [F-Secure Manager] C:\Program Files (x86)\F-Secure\Common\FSM32.EXE (F-Secure Corporation)
O4 - HKLM..\Run: [F-Secure TNB] C:\Program Files (x86)\F-Secure\FSGUI\TNBUtil.exe (F-Secure Corporation)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [MarketingTools] C:\Program Files (x86)\Sony\Marketing Tools\MarketingTools.exe (Sony Corporation)
O4 - HKLM..\Run: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKCU..\Run: [AdobeBridge]  File not found
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [EPSON S21 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIFAE.EXE /FU "C:\Windows\TEMP\E_S7023.tmp" /EF "HKCU" File not found
O4 - HKCU..\Run: [Spotify] C:\Users\eva\AppData\Roaming\Spotify\spotify.exe (Spotify Ltd)
O4 - HKCU..\Run: [Spotify Web Helper] C:\Users\eva\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe ()
O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11e_Plugin.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Users\eva\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\eva\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\eva\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\eva\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html File not found
O8:64bit: - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Free YouTube Download - C:\Users\eva\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\eva\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - C:\Program Files (x86)\Evernote\Evernote3.5\enbar.dll (Evernote Corporation)
O9 - Extra 'Tools' menuitem : Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - C:\Program Files (x86)\Evernote\Evernote3.5\enbar.dll (Evernote Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\F-Secure\FSPS\program\fslsp_x64.dll (F-Secure Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\F-Secure\FSPS\program\fslsp_x64.dll (F-Secure Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\F-Secure\FSPS\program\fslsp_x64.dll (F-Secure Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\F-Secure\FSPS\program\fslsp_x64.dll (F-Secure Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Program Files (x86)\F-Secure\FSPS\program\fslsp_x64.dll (F-Secure Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Program Files (x86)\F-Secure\FSPS\program\fslsp_x64.dll (F-Secure Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Program Files (x86)\F-Secure\FSPS\program\fslsp_x64.dll (F-Secure Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Program Files (x86)\F-Secure\FSPS\program\fslsp_x64.dll (F-Secure Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - C:\Program Files (x86)\F-Secure\FSPS\program\fslsp_x64.dll (F-Secure Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - C:\Program Files (x86)\F-Secure\FSPS\program\fslsp_x64.dll (F-Secure Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000011 - C:\Program Files (x86)\F-Secure\FSPS\program\fslsp_x64.dll (F-Secure Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000023 - C:\Program Files (x86)\F-Secure\FSPS\program\fslsp_x64.dll (F-Secure Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\F-Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\F-Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\F-Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\F-Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\F-Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\F-Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\F-Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\F-Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files (x86)\F-Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files (x86)\F-Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files (x86)\F-Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Program Files (x86)\F-Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3A8880E9-E472-48C3-A214-9ED99D85C5A0}: DhcpNameServer = 192.168.10.2 192.168.110.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5DB63988-98C6-4312-8B36-AA4B2FAA958F}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D61CA8A8-A9C5-4B05-8B5C-1FF6CD0702CA}: DhcpNameServer = 94.125.79.244 94.125.78.66
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\text/xml - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\VESWinlogon: DllName - (VESWinlogon.dll) - C:\Windows\SysWow64\VESWinlogon.dll (Sony Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{017ad081-5432-11df-94f7-506313a3d9b2}\Shell - "" = AutoRun
O33 - MountPoints2\{017ad081-5432-11df-94f7-506313a3d9b2}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\{d15df991-0ecd-11e0-8654-506313a3d9b2}\Shell - "" = AutoRun
O33 - MountPoints2\{d15df991-0ecd-11e0-8654-506313a3d9b2}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -a
O33 - MountPoints2\{e5484eb7-552b-11df-93f8-506313a3d9b2}\Shell - "" = AutoRun
O33 - MountPoints2\{e5484eb7-552b-11df-93f8-506313a3d9b2}\Shell\AutoRun\command - "" = "H:\WD SmartWare.exe" autoplay=true
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.07.15 13:33:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.07.15 13:33:18 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.07.15 12:11:25 | 007,870,824 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\eva\Desktop\mbam-rules.exe
[2012.07.15 12:00:19 | 000,000,000 | ---D | C] -- C:\Users\eva\Desktop\Malwarebytes' Anti-Malware
[2012.07.15 12:00:06 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\eva\Desktop\OTL.exe
[2012.07.15 11:53:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.07.15 11:40:34 | 000,000,000 | ---D | C] -- C:\Users\eva\AppData\Roaming\Malwarebytes
[2012.07.15 11:40:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.07.12 03:51:24 | 000,000,000 | -HSD | C] -- C:\found.000
[2012.07.12 03:08:00 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012.07.12 03:08:00 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012.07.12 03:07:59 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012.07.12 03:07:59 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012.07.12 03:07:57 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012.07.12 03:07:57 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012.07.12 03:07:57 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012.07.12 03:07:56 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012.07.12 03:07:54 | 002,311,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012.07.12 03:07:54 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012.07.12 03:07:54 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012.07.12 03:07:54 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012.07.12 03:07:53 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012.07.11 10:48:59 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2012.07.09 18:52:01 | 000,000,000 | ---D | C] -- C:\Users\eva\Desktop\__MACOSX
[2012.06.28 02:19:39 | 000,000,000 | ---D | C] -- C:\Users\eva\Desktop\biorb
[2012.06.25 13:14:37 | 000,000,000 | ---D | C] -- C:\Adobe Dreamweaver CS6
[2012.06.25 13:13:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe Download Assistant
[2012.06.21 18:34:23 | 002,622,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll
[2012.06.21 18:34:23 | 000,057,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe
[2012.06.21 18:34:23 | 000,044,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups2.dll
[2012.06.21 18:33:49 | 000,701,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll
[2012.06.21 18:33:49 | 000,099,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll
[2012.06.21 18:33:49 | 000,038,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups.dll
[2012.06.21 18:31:47 | 000,186,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll
[2012.06.21 18:31:47 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe
[2 C:\Users\eva\Desktop\*.tmp files -> C:\Users\eva\Desktop\*.tmp -> ]
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.07.15 16:28:24 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.07.15 16:28:17 | 3106,480,128 | -HS- | M] () -- C:\hiberfil.sys
[2012.07.15 13:33:20 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.07.15 13:24:20 | 004,503,728 | ---- | M] () -- C:\ProgramData\go_0molg.pad
[2012.07.15 13:18:51 | 000,013,872 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.07.15 13:18:51 | 000,013,872 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.07.15 13:18:05 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.07.15 13:01:35 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.07.15 11:55:27 | 001,520,490 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.07.15 11:55:27 | 000,661,528 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.07.15 11:55:27 | 000,623,370 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.07.15 11:55:27 | 000,133,484 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.07.15 11:55:27 | 000,109,866 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.07.15 11:42:54 | 007,870,824 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\eva\Desktop\mbam-rules.exe
[2012.07.15 11:34:24 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\eva\Desktop\OTL.exe
[2012.07.12 03:56:04 | 005,102,392 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.07.06 10:41:56 | 000,001,456 | ---- | M] () -- C:\Users\eva\AppData\Local\Adobe Für Web speichern 12.0 Prefs
[2012.07.03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.06.22 12:23:29 | 000,000,132 | ---- | M] () -- C:\Users\eva\AppData\Roaming\Adobe BMP Format CS5 Prefs
[2 C:\Users\eva\Desktop\*.tmp files -> C:\Users\eva\Desktop\*.tmp -> ]
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.07.15 13:33:20 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.07.12 00:08:26 | 004,503,728 | ---- | C] () -- C:\ProgramData\go_0molg.pad
[2012.06.29 12:39:54 | 000,001,456 | ---- | C] () -- C:\Users\eva\AppData\Local\Adobe Für Web speichern 12.0 Prefs
[2012.06.25 14:17:58 | 000,001,231 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Dreamweaver CS6.lnk
[2012.06.25 14:11:51 | 000,001,353 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Extension Manager CS6.lnk
[2012.06.25 14:11:43 | 000,001,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ExtendScript Toolkit CS6.lnk
[2012.06.25 14:11:17 | 000,000,997 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Help.lnk
[2012.06.25 14:09:41 | 000,001,097 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Widget Browser.lnk
[2012.06.22 12:23:29 | 000,000,132 | ---- | C] () -- C:\Users\eva\AppData\Roaming\Adobe BMP Format CS5 Prefs
[2012.05.16 20:33:04 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\BRTCPCON.DLL
[2012.05.16 20:33:00 | 000,000,114 | ---- | C] () -- C:\Windows\SysWow64\BRLMW03A.INI
[2012.04.05 12:06:58 | 000,003,584 | ---- | C] () -- C:\Users\eva\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.12.24 19:25:07 | 000,000,000 | ---- | C] () -- C:\Users\eva\AppData\Local\{E60D1F82-78B7-486D-8702-E9D633483BF5}
[2011.10.31 23:04:53 | 000,000,000 | ---- | C] () -- C:\Users\eva\AppData\Local\{A1B1F6D0-DC75-4122-B05F-09AFE28D6899}
[2011.09.28 22:45:58 | 000,000,000 | ---- | C] () -- C:\Users\eva\AppData\Local\{2292191B-5F2D-4B10-8812-DF1E528C97F6}
[2011.09.19 09:51:17 | 000,000,000 | ---- | C] () -- C:\Users\eva\AppData\Local\{249B1F60-01C0-421C-AEED-32D0F184DDD7}
[2011.07.27 23:48:13 | 000,000,000 | ---- | C] () -- C:\Users\eva\AppData\Local\{EE895F63-69EA-4E13-BF72-06499F7BE953}
[2011.07.05 12:16:30 | 000,000,000 | ---- | C] () -- C:\Users\eva\AppData\Local\{178B0BBF-14C1-40C9-BF18-9C9BF1108783}
[2011.07.05 11:56:52 | 000,000,000 | ---- | C] () -- C:\Users\eva\AppData\Local\{E6118442-0E2C-47AC-9031-DDF8BE7C6914}
[2011.06.11 15:56:48 | 000,000,000 | ---- | C] () -- C:\Users\eva\AppData\Local\{0C6C207E-8325-4E0F-85FB-43781B590A4A}
[2011.05.24 14:38:44 | 000,000,000 | ---- | C] () -- C:\Users\eva\AppData\Local\{3FCB5734-79F6-4372-9364-9B086E682027}
[2011.03.22 13:26:20 | 000,000,176 | ---- | C] () -- C:\Users\eva\.bouml
[2011.03.22 13:25:36 | 000,000,063 | ---- | C] () -- C:\Users\eva\.boumlrc
[2010.09.30 16:29:22 | 000,042,672 | ---- | C] () -- C:\Windows\SysWow64\drivers\fsbts.sys
[2010.09.30 16:28:31 | 001,543,394 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010.04.28 23:17:05 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
 
========== LOP Check ==========
 
[2011.05.06 16:03:09 | 000,000,000 | ---D | M] -- C:\Users\eva\AppData\Roaming\Auslogics
[2010.07.10 13:54:38 | 000,000,000 | ---D | M] -- C:\Users\eva\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2012.05.04 12:24:55 | 000,000,000 | ---D | M] -- C:\Users\eva\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2011.04.03 15:11:34 | 000,000,000 | ---D | M] -- C:\Users\eva\AppData\Roaming\DAEMON Tools Lite
[2012.07.15 13:24:30 | 000,000,000 | ---D | M] -- C:\Users\eva\AppData\Roaming\Dropbox
[2011.12.11 12:49:40 | 000,000,000 | ---D | M] -- C:\Users\eva\AppData\Roaming\DVDVideoSoft
[2011.08.28 13:34:13 | 000,000,000 | ---D | M] -- C:\Users\eva\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.05.05 23:46:37 | 000,000,000 | ---D | M] -- C:\Users\eva\AppData\Roaming\elsterformular
[2010.06.20 13:58:39 | 000,000,000 | ---D | M] -- C:\Users\eva\AppData\Roaming\EPSON
[2010.09.21 13:55:38 | 000,000,000 | ---D | M] -- C:\Users\eva\AppData\Roaming\GHISLER
[2010.11.12 16:40:54 | 000,000,000 | ---D | M] -- C:\Users\eva\AppData\Roaming\MySQL
[2012.06.06 12:32:21 | 000,000,000 | ---D | M] -- C:\Users\eva\AppData\Roaming\PACE Anti-Piracy
[2011.09.28 00:24:37 | 000,000,000 | ---D | M] -- C:\Users\eva\AppData\Roaming\Simfy
[2012.07.15 13:05:22 | 000,000,000 | ---D | M] -- C:\Users\eva\AppData\Roaming\Spotify
[2010.11.14 20:23:59 | 000,000,000 | ---D | M] -- C:\Users\eva\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2011.06.24 15:56:47 | 000,000,000 | ---D | M] -- C:\Users\eva\AppData\Roaming\TeamViewer
[2010.05.12 16:16:36 | 000,000,000 | ---D | M] -- C:\Users\eva\AppData\Roaming\UBitMenu
[2011.12.24 19:23:18 | 000,032,540 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 1055 bytes -> C:\Users\eva\AppData\Local\Temp:kPr1MmTTPju4cyqYVJ
@Alternate Data Stream - 1043 bytes -> C:\Users\eva\AppData\Local\zCHjK9DmX:kudQTrWqhWDCl56wHP0vZ

< End of report >
         
3) Extras.Txt - Datei
Code:
ATTFilter
OTL Extras logfile created on: 15.07.2012 16:31:54 - Run 1
OTL by OldTimer - Version 3.2.54.0     Folder = C:\Users\eva\Desktop
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,86 Gb Total Physical Memory | 2,81 Gb Available Physical Memory | 72,74% Memory free
7,71 Gb Paging File | 6,70 Gb Available in Paging File | 86,83% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 455,16 Gb Total Space | 41,51 Gb Free Space | 9,12% Space Free | Partition Type: NTFS
 
Computer Name: EVA-VAIO | User Name: eva | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02D41179-CEFD-479F-B980-A7B399D3F12C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{03E78000-FBB2-43E7-885D-2D7F043FF928}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{18ACB001-60E5-45C9-9D15-973E8F6ACFF3}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{192F28E1-F8E2-4115-A5D2-8A9620012330}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{19AF5AF3-CEC1-49EA-B514-3EDC5A044E60}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{2AAE1A98-606E-43EF-A6EA-7E5712CBEC28}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{3FB7C261-1FA8-401F-B59C-2A8B737BCF90}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{43326E26-79EE-4709-A1C5-8F62283F46E2}" = rport=445 | protocol=6 | dir=out | app=system | 
"{451559B5-583A-4DE2-8297-1DBEBE9D5032}" = rport=137 | protocol=17 | dir=out | app=system | 
"{4F47D7BB-3A61-4983-97F7-3EC71A0D690C}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{573A088D-C3E2-412D-8B5F-440C442A0C02}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{59237D38-DDAE-493A-AA52-4E4A93094E37}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{5DE3BF84-C5E4-4ACA-B70E-65C51FF22717}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{6BF781F2-2155-4375-BA42-9A574319A0DA}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{6CDADA40-296B-47F6-9CE6-3AA2AC1130A3}" = rport=138 | protocol=17 | dir=out | app=system | 
"{6FE53945-4FD1-4B02-A32F-874F129240C5}" = lport=138 | protocol=17 | dir=in | app=system | 
"{88AFE5D0-DF17-4792-BDF3-40B6BA2B0F24}" = lport=445 | protocol=6 | dir=in | app=system | 
"{9A63398C-7358-48ED-BA5D-E4DB0060052E}" = lport=139 | protocol=6 | dir=in | app=system | 
"{9DEDC8F1-1653-4474-883C-D4E982A8E137}" = rport=139 | protocol=6 | dir=out | app=system | 
"{ADE3267F-6CC6-46A9-B60E-81EBE5A183F0}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{B63F3DCE-A57F-4BBB-BCC4-010673045F41}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{BF35F3A4-1534-4662-AF7D-5851B46D7783}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{D53C1658-5922-4271-9987-769F146A0993}" = lport=137 | protocol=17 | dir=in | app=system | 
"{DDD79864-67E1-497C-93D8-BBFBF518EA44}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{E18FB7C2-C668-4C2E-ACD8-B24976D05278}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe | 
"{F3E6577A-4603-4EC9-B502-4CE0E37CD16E}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00819582-C0AD-4476-AD8D-8812C15901DB}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | 
"{08847A60-3C16-4E1A-B9E0-ABEA0A439AB3}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{0990D90D-2929-41DE-9814-6314D81031A6}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"{166EFC73-4BD4-4A6B-AA9F-E2D04F07F103}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{18F8F084-DEAC-4FFC-B1A0-E2984EF893CB}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{1E9C89DE-CAD5-466E-B88E-3C5BD2805EE2}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{22E3141A-B334-430F-97EA-4EF637D62838}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{230C255A-C995-4A0C-8071-FCBA98CDEE4C}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{265CFB88-164F-48FE-A8DE-6A0F78C00360}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{2DA73D12-ADCD-4197-826B-9D9C967F2219}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"{2F6E0BCF-B28C-4403-BE2D-372759FDD4B6}" = protocol=17 | dir=in | app=c:\users\eva\appdata\roaming\dropbox\bin\dropbox.exe | 
"{52211A61-DFC9-46B1-BE50-71E0D49D757A}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{52DF8F02-11D9-46EA-BFB9-2BA13681E4F2}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{603CBE8A-56E3-415A-8766-C97AC5A183EC}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{6695A057-5DDC-4AD0-922E-8B8A9960D76A}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
"{69ECCE45-16F6-41BD-9267-AA3CFD5E077B}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{6A715DBE-D41C-4769-9D80-794747FE2A4D}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"{6C35F3DA-F7DC-436A-8D7B-008E4A4484E5}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{70241B9A-829A-4C10-8D86-4B21632CDB6C}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{7206A51E-BF5D-45AD-AC68-C3E266C83066}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{76AA6000-0B3E-4554-A837-5EEFD5213E00}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"{7EE81958-852B-421A-94FC-ACBEF0CD5C83}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{865CAE9B-077A-4318-A9A0-CF68E90AF585}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe | 
"{962DF7FF-3B5F-43DD-AF61-8EB131B62CEB}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | 
"{A1F7D60B-69C6-44BF-A8CE-862E80B41F3A}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | 
"{AE04B55B-E263-456D-BC74-0C6DA0E4DF9B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{B0CF2608-1B54-4046-B5DB-EF80FEDE42E7}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{B4448785-4ADF-4CB9-8DB9-769D4AE1AAE7}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{B4B12BBE-82FA-44E6-96B0-E94D2905EAFF}" = protocol=6 | dir=out | app=system | 
"{B51308E8-2710-433F-B0B8-857190DB5469}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{B83559C5-DFFE-4637-89E3-D2B30CCE3885}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe | 
"{BBD25F0B-0FBF-4ACB-8231-E2225FC4C336}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | 
"{BCD7B793-91BA-4372-8306-41433993E224}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{C32F5B0D-6F32-4979-B1D9-AE5FA14284C8}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{C96BD7D2-D838-4C5C-AA43-3B1288F9B027}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{CD3493FB-EC50-4CF6-B4DE-CB4AABF68431}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{DD645E44-96E8-431B-B65A-7DD08CCC72BB}" = protocol=6 | dir=in | app=c:\users\eva\appdata\roaming\dropbox\bin\dropbox.exe | 
"{EA084849-E095-4282-B1E7-8141B7331A8F}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | 
"{F1CE8FAF-D623-4397-A079-CA0BA9C1CE1E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"TCP Query User{018A17EE-4196-4F73-A34A-9CC1A574D9E3}C:\users\eva\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\eva\appdata\roaming\dropbox\bin\dropbox.exe | 
"UDP Query User{CB54CBED-0B41-4685-8D94-59E1D72DAC69}C:\users\eva\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\eva\appdata\roaming\dropbox\bin\dropbox.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{26A24AE4-039D-4CA4-87B4-2F86416016FF}" = Java(TM) 6 Update 16 (64-bit)
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D1163BE-5ECD-0303-87F7-35ED38BBB2E1}" = ATI Catalyst Install Manager
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = WIDCOMM Bluetooth Software
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Alps Pointing-device for VAIO
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}" = Apple Mobile Device Support
"{BF456ADA-407C-BFA2-52DA-08ECE9E18549}" = ccc-utility64
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{CF8FFD12-602B-422D-AF1D-511B411E7632}" = iTunes
"{F0A36649-873E-4832-A5F1-BF5DF8600BDB}" = Windows Live Family Safety
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F83779DF-E1F5-43A2-A7BE-732F856FADB7}" = Microsoft SQL Server Compact 3.5 SP1 x64 English
"3BA80AB4C7E9F8497C115C844953A3D4BEB84D21" = Windows Driver Package - Broadcom HIDClass  (07/28/2009 6.2.0.9800)
"930E4792BDAEAFB62A9514EE7578775658A5D07C" = Windows Driver Package - Broadcom Bluetooth  (09/09/2009 6.2.0.9405)
"CCleaner" = CCleaner
"EPSON S21 Series" = EPSON S21 Series Printer Uninstall
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"WinRAR archiver" = WinRAR
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{024521CF-C07E-4F8E-8481-0D75695E03AF}" = PxMergeModule
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{08096C0A-B9B2-7F42-3760-BD9A1CBA9A6E}" = Catalyst Control Center Graphics Full Existing
"{0899D75A-C2FC-42EA-A702-5B9A5F24EAD5}" = VAIO Smart Network
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Central Data
"{0D3CECCA-A589-ECCA-EC0B-2F98F2789F60}" = simfy
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{10014C6B-F482-991B-8865-32BFEA347CE1}" = CCC Help Hungarian
"{12D0BE8D-538C-4AB1-86DE-C540308F50DA}" = VAIO Content Metadata Manager Settings
"{1404E04F-C98C-5195-251E-9CED867E37D7}" = CCC Help French
"{1873FFC1-FDCB-47E1-B7C7-F418211E3530}" = PMB VAIO Edition plug-in (VAIO Image Optimizer)
"{1AA0193C-398B-D400-A156-C060CFDDF132}" = Catalyst Control Center Core Implementation
"{1BBD8D70-721A-41AD-AC8F-7308A0C8FA92}" = Adobe Creative Suite 5 Master Collection
"{1E450972-E996-4EC1-A4C3-1518A46928D0}" = VAIO Content Metadata Intelligent Network Service Manager
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Central Tools
"{1FD416D0-CC16-41D1-A25C-C9986CD8BBAB}" = VAIO Content Metadata Intelligent Analyzing Manager
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{208345BE-27BB-4367-B245-A5B6E764FDD0}" = VAIO Content Metadata Intelligent Analyzing Manager
"{2110ECBD-BF15-4673-8852-8C68DDEB26AC}" = Media Gallery
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{233C14B1-D05F-96A7-1509-C87417F899F8}" = CCC Help Turkish
"{23825B69-36DF-4DAD-9CFD-118D11D80F16}" = Einstellungen für VAIO-Inhaltsüberwachung
"{2637552C-A1EE-D6C9-3D9E-716BCB76081D}" = ccc-core-static
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{291FB4BF-EEC7-4CF9-8469-F39ED1DBC4D8}" = VAIO Content Metadata XML Interface Library
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{34DC654E-6E43-4BFA-9E00-6C16CFA7B9F0}" = VAIO Data Restore Tool
"{36C5BBF0-E5BF-4DE1-B684-7E90B0C93FB5}" = VAIO Care
"{37531547-B1F4-45E6-98FC-8AF5F2F0EAA4}" = VAIO Content Metadata Manager Settings
"{3A3BB39D-95C9-41FE-BAC2-5D3BAF65F49A}" = MySQL Workbench 5.2 OSS
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{4427F384-B5BE-4769-B7D0-C784FC321EB1}" = VAIO Content Metadata Intelligent Network Service Manager
"{4882EBF5-CA37-4EF4-BCB8-9B0E78B907D0}" = VAIO Content Metadata Intelligent Analyzing Manager
"{49939C5A-7835-120D-1195-7374E1AE1CAB}" = CCC Help Spanish
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4DCEA9C1-4D6E-41BF-A854-28CFA8B56DBF}" = PMB VAIO Edition plug-in (Click to Disc)
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{537BF16E-7412-448C-95D8-846E85A1D817}" = Roxio Easy Media Creator 10 LJ
"{5449FB4F-1802-4D5B-A6D8-087DB1142147}" = Realtek HDMI Audio Driver for ATI
"{57B955CE-B5D3-495D-AF1B-FAEE0540BFEF}" = VAIO Data Restore Tool
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{5810367F-CB89-1257-0283-EC37270741E7}" = CCC Help Russian
"{596BED91-A1D8-4DF1-8CD1-1C777F7588AC}" = VAIO DVD Menu Data
"{5A4C0B1D-2379-AAE0-4907-56E83D6D8A8C}" = CCC Help Italian
"{5BEE8F1F-BD32-4553-8107-500439E43BD7}" = VAIO Update 5
"{5DDAFB4B-C52E-468A-9E23-3B0CEEB671BF}" = VAIO-Support für Übertragungen
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{62F7DA7E-CCCB-439C-A760-00C3926E761F}" = Microsoft Works
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{650CF18F-629C-3CF1-307D-5C93321B41CD}" = Catalyst Control Center Graphics Full New
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{69131367-6458-6271-8277-25E408572433}" = CCC Help German
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6B1F20F2-6321-4669-A58C-33DF8E7517FF}" = VAIO Entertainment Platform
"{6D8ED20E-E792-4DAC-BB66-009836CBD80B}" = VAIO Content Monitoring Settings
"{6FA8BA2C-052B-4072-B8E2-2302C268BE9E}" = VAIO Movie Story Template Data
"{70991E0A-1108-437E-BA7D-085702C670C0}" = 
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{72042FA6-5609-489F-A8EA-3C2DD650F667}" = VAIO Control Center
"{72A6B2E5-3286-4D77-8AAC-A4BE2A8FCB90}" = CCC Help Finnish
"{7392AA60-133D-4761-94DB-8FBC9B6CD5EA}" = VAIO Content Metadata Intelligent Network Service Manager
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Central Audio
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7BB90344-0647-468E-925A-7F69F7983421}" = ArcSoft Magic-i Visual Effects 2
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{803E4FA5-A940-4420-B89D-A8BC2E160247}" = VAIO Energie Verwaltung
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{870815CA-6B60-47B6-88DD-A67F42D2F03E}" = GPL MPEG-1/2 DirectShow Decoder Filter
"{87A29380-9FFF-6D32-BBF1-61569DFD5BEA}" = CCC Help Portuguese
"{87C2248A-C7DD-49ED-9BCD-B312A9D0819E}" = Epson Easy Photo Print 2
"{88C252C8-A7EE-4B60-BF74-8E5919A8048F}" = PMB VAIO Edition Guide
"{8D047BB8-0D97-4163-27CE-351BDF225D00}" = Catalyst Control Center Localization All
"{8DE50158-80AA-4FF2-9E9F-0A7C46F71FCD}" = VAIO Media plus
"{8F862B8C-D3F7-74F5-6C08-F0F70F744FF7}" = CCC Help Japanese
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.PRJPROR_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PRJPROR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PRJPROR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.PRJPROR_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.PRJPROR_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.PRJPROR_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.PRJPROR_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.PRJPROR_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00B4-0407-0000-0000000FF1CE}" = Microsoft Office Project MUI (German) 2010
"{90140000-00B4-0407-0000-0000000FF1CE}_Office14.PRJPROR_{86D01646-1942-4253-B11F-68F5ED259B17}" = Microsoft Project 2010 Service Pack 1 (SP1)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{91140000-003B-0000-0000-0000000FF1CE}" = Microsoft Office Project Professional 2010
"{91140000-003B-0000-0000-0000000FF1CE}_Office14.PRJPROR_{8A8F117F-8EDB-440D-B679-F08909D729F7}" = Microsoft Project 2010 Service Pack 1 (SP1)
"{9238E8A4-BEBA-43A3-B926-769BDBF194C5}" = VAIO Media plus Opening Movie
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{931FE23C-BB40-4C7A-A594-DB35908D8E83}" = VAIO Quick Web Access
"{935B5086-C002-0FBC-0723-5741D2478EE7}" = Catalyst Control Center InstallProxy
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{96D0B6C6-5A72-4B47-8583-A87E55F5FE81}" = 
"{96D8E26D-70CB-44DE-AE50-43095A39E5B2}" = VAIO Entertainment Platform
"{9866E5F0-121F-E018-E2D1-2E1770847ABF}" = Adobe Download Assistant
"{9AA64011-2D75-4CFA-ACEB-3B801280910C}" = F-Secure Launch pad
"{9B163B82-3B46-4CE5-BF01-A53E550A8E58}" = Sony Home Network Library
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9DA53D22-D922-494C-B1D7-51CD9BCB9E4A}" = VAIO Hardware Diagnostics
"{9EAC0E21-510E-4259-A9C6-F5D5B8969036}" = Catalyst Control Center - Branding
"{A0F4F993-C4A7-F093-CF8D-5F03B39252F2}" = CCC Help Thai
"{A3563827-B0DB-44DC-B037-15CC4E5E692F}" = VAIO Content Metadata XML Interface Library
"{A477F82B-F291-5BB0-74FF-6654A27B311A}" = CCC Help Dutch
"{A4ED5E53-7AA0-11E1-BF04-B2D4D4A5360E}" = Adobe Dreamweaver CS6
"{A4EFAC49-5605-E9FA-5C1B-75D8AACF6139}" = Catalyst Control Center Graphics Light
"{A63E7492-A0BC-4BB9-89A7-352965222380}" = VAIO Original Funktion Einstellungen
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A7C30414-2382-4086-B0D6-01A88ABA21C3}" = VAIO Gate
"{A7DA438C-2E43-4C20-BFDA-C1F4A6208558}" = Setting Utility Series
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A95187EF-BCF4-4468-B501-C0BAB976ADD1}" = VAIO Personalization Manager
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AA668097-C081-B41E-DEDA-83BB12B7E85F}" = CCC Help Korean
"{AB259D46-F851-41B0-9AFA-AED8998AD68A}" = MusicStation
"{AC050677-EAFC-4B57-8F83-8205F65134D2}" = VAIO Content Metadata XML Interface Library
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.2) - Deutsch
"{AF37176A-78CA-545B-34EF-8B6A21514DD1}" = Adobe Help Manager
"{B1DADBEB-7F82-4B29-84D6-5F14A020F0A0}" = VAIO Content Metadata Intelligent Analyzing Manager
"{B25563A0-41F4-4A81-A6C1-6DBC0911B1F3}" = PMB VAIO Edition plug-in (VAIO Movie Story)
"{B2F0AAB1-8C1C-1EFE-6594-417BBB023D6B}" = CCC Help Czech
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Central Copy
"{B6A98E5F-D6A7-46FB-9E9D-1F7BF443491C}" = PMB
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B7546697-2A80-4256-A24B-1C33163F535B}" = VAIO Gate Default
"{BCA907B6-5A0F-473E-8C63-0FF0CFAEB7B7}" = VAIO Personalization Manager
"{C0618520-5C63-1583-B78A-CEE1139EF1E6}" = CCC Help Polish
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C7477742-DDB4-43E5-AC8D-0259E1E661B1}" = VAIO Event Service
"{C84E8865-5E2B-5A46-99F2-B8A35917B8BF}" = Catalyst Control Center Graphics Previews Common
"{CBCFD97D-FE82-43F4-A978-996CACF71E6B}_is1" = UBitMenuDE
"{D03D02D8-AB64-4785-A48E-5AA8B0FB8C14}" = Sony Home Network Library
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D36B6249-71E7-9E85-A9D6-E2239783301E}" = CCC Help Norwegian
"{D5DC1775-F67A-6399-BE1D-960FC2254F91}" = CCC Help Chinese Standard
"{D604D3C7-337D-FE67-09DE-A641D3B4D886}" = CCC Help Danish
"{D60F97EC-EF06-4E1E-B0D1-C2CBABA62FA3}" = VAIO Wallpaper Contents
"{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}" = Intel(R) Turbo Boost Technology Driver
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DD23714B-A2C6-A6D2-9309-75AFAFF1F8E6}" = CCC Help English
"{DD88F979-FA58-41AC-980C-A6E1A82B61D9}" = Media Gallery
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{DE8AAC73-6D8D-483E-96EA-CAEDDADB9079}" = ArcSoft WebCam Companion 3
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E2A97415-BD97-4867-B906-05E39E9EE51F}" = HL-2250DN
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E3DC1111-5D32-40F9-BB81-64E31294C1A4}" = VAIO Personalization Manager
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E59113EB-0285-4BFD-A37A-B79EAC6B8F4B}" = Microsoft SQL Server Compact 3.5 SP1 English
"{E7D5D189-E71D-EA01-419F-699F57B1ED65}" = Catalyst Control Center Graphics Previews Vista
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Central Core
"{EFBE6DD5-B224-96E5-72B9-68D328CB12A6}" = Adobe Widget Browser
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1432614-6183-49E6-98E8-674485463CFE}" = VAIO Original Function Settings
"{F2894826-BF35-CE79-5EA6-7BAD1DF6F8BF}" = CCC Help Greek
"{F392063E-8736-7812-47E7-7598F0B56D9D}" = CCC Help Swedish
"{F761359C-9CED-45AE-9A51-9D6605CD55C4}" = Evernote
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{FB77DB0C-6951-47B6-9D80-A0FDBEE0334C}" = 
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"{FE51662F-D8F6-43B5-99D9-D4894AF00F83}" = Roxio Easy Media Creator Home
"{FF4EB4E5-55BB-D9AF-B5A2-3D6F359E7472}" = CCC Help Chinese Traditional
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Bouml_is1" = Bouml 4.21
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Help Manager
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant
"com.adobe.WidgetBrowser" = Adobe Widget Browser
"DAEMON Tools Lite" = DAEMON Tools Lite
"DivX Setup.divx.com" = DivX-Setup
"ElsterFormular für Privatanwender 12.2.0.6412p" = ElsterFormular für Privatanwender
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Free Studio_is1" = Free Studio version 5.1.7
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.14.1206
"F-Secure Product 444" = F-Secure Internet Security 2011
"F-Secure ServiceEnabler" = F-Secure Launch pad
"Google Chrome" = Google Chrome
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{1873FFC1-FDCB-47E1-B7C7-F418211E3530}" = PMB VAIO Edition plug-in (VAIO Image Optimizer)
"InstallShield_{4DCEA9C1-4D6E-41BF-A854-28CFA8B56DBF}" = PMB VAIO Edition plug-in (Click to Disc)
"InstallShield_{6FA8BA2C-052B-4072-B8E2-2302C268BE9E}" = VAIO Movie Story Template Data
"InstallShield_{88C252C8-A7EE-4B60-BF74-8E5919A8048F}" = PMB VAIO Edition Guide
"InstallShield_{B25563A0-41F4-4A81-A6C1-6DBC0911B1F3}" = PMB VAIO Edition plug-in (VAIO Movie Story)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300
"MarketingTools" = VAIO Marketing Tools
"Mozilla Firefox 11.0 (x86 de)" = Mozilla Firefox 11.0 (x86 de)
"Office14.PRJPROR" = Microsoft Project Professional 2010
"OpenVPN" = OpenVPN 2.1_rc22
"Restorer Ultimate_is1" = Restorer Ultimate 6.0
"Simfy" = simfy
"splashtop" = VAIO Quick Web Access
"Totalcmd" = Total Commander (Remove or Repair)
"TUGZip_is1" = TUGZip 3.5
"Uninstall_is1" = Uninstall 1.0.0.1
"VAIO Help and Support" = 
"VAIO Premium Partners" = VAIO Premium Partners
"VAIO screensaver" = VAIO screensaver
"WinLiveSuite_Wave3" = Windows Live Essentials
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"pdfsam" = pdfsam
"Spotify" = Spotify
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 26.10.2011 21:09:18 | Computer Name = eva-VAIO | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 26.10.2011 21:09:21 | Computer Name = eva-VAIO | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 29.10.2011 19:24:21 | Computer Name = eva-VAIO | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: rodriguez_jr__the_split_part_1.exe,
 Version: 1.0.0.0, Zeitstempel: 0x4eaaa705  Name des fehlerhaften Moduls: rodriguez_jr__the_split_part_1.exe,
 Version: 1.0.0.0, Zeitstempel: 0x4eaaa705  Ausnahmecode: 0xc0000005  Fehleroffset: 
0x00062f7b  ID des fehlerhaften Prozesses: 0x4a90  Startzeit der fehlerhaften Anwendung:
 0x01cc9691cbdc7dc7  Pfad der fehlerhaften Anwendung: C:\Users\eva\Documents\Downloads\rodriguez_jr__the_split_part_1.exe
Pfad
 des fehlerhaften Moduls: C:\Users\eva\Documents\Downloads\rodriguez_jr__the_split_part_1.exe
Berichtskennung:
 20eb27b7-0285-11e1-89f2-544249078d41
 
Error - 30.10.2011 14:00:02 | Computer Name = eva-VAIO | Source = Windows Backup | ID = 4103
Description = 
 
Error - 31.10.2011 17:03:49 | Computer Name = eva-VAIO | Source = VzCdbSvc | ID = 7
Description = Das Plug-In-Modul konnte nicht geladen werden. (GUID = {48512A59-C8A5-4805-9048-23C9E4194BFA})
 (Fehlercode = 0x80042000)
 
Error - 31.10.2011 17:03:49 | Computer Name = eva-VAIO | Source = VzCdbSvc | ID = 7
Description = Das Plug-In-Modul konnte nicht geladen werden. (GUID = {56F9312C-C989-4E04-8C23-299DEE3A36F5})
 (Fehlercode = 0x80042019)
 
Error - 04.11.2011 22:49:27 | Computer Name = eva-VAIO | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: DivX Plus Player.exe, Version: 10.2.1.20,
 Zeitstempel: 0x4cdc8b7a  Name des fehlerhaften Moduls: QtCore4.dll, Version: 4.5.0.0,
 Zeitstempel: 0x49a6280b  Ausnahmecode: 0xc0000005  Fehleroffset: 0x000e1b16  ID des fehlerhaften
 Prozesses: 0x2604  Startzeit der fehlerhaften Anwendung: 0x01cc9b655eda9543  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\DivX\DivX Plus Player\DivX Plus 
Player.exe  Pfad des fehlerhaften Moduls: C:\Program Files (x86)\Common Files\DivX
 Shared\Qt4.5\QtCore4.dll  Berichtskennung: c6519543-0758-11e1-999d-506313a3d9b2
 
Error - 04.11.2011 22:51:19 | Computer Name = eva-VAIO | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: DivX Plus Player.exe, Version: 10.2.1.20,
 Zeitstempel: 0x4cdc8b7a  Name des fehlerhaften Moduls: QtCore4.dll, Version: 4.5.0.0,
 Zeitstempel: 0x49a6280b  Ausnahmecode: 0xc0000005  Fehleroffset: 0x000e1b16  ID des fehlerhaften
 Prozesses: 0x271c  Startzeit der fehlerhaften Anwendung: 0x01cc9b659654e728  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\DivX\DivX Plus Player\DivX Plus 
Player.exe  Pfad des fehlerhaften Moduls: C:\Program Files (x86)\Common Files\DivX
 Shared\Qt4.5\QtCore4.dll  Berichtskennung: 091cf323-0759-11e1-999d-506313a3d9b2
 
Error - 06.11.2011 05:39:15 | Computer Name = eva-VAIO | Source = Application Hang | ID = 1002
Description = Programm FreeYouTubeToMP3Converter.exe, Version 3.10.8.815 kann nicht
 mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf
 in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
 zu suchen.    Prozess-ID: 404    Startzeit: 01cc9c168b75d812    Endzeit: 7    Anwendungspfad: C:\Program
 Files (x86)\DVDVideoSoft\Free Studio\Free YouTube to MP3 Converter\FreeYouTubeToMP3Converter.exe

Berichts-ID:
 2be5e4b1-085b-11e1-999d-506313a3d9b2  
 
Error - 06.11.2011 05:39:59 | Computer Name = eva-VAIO | Source = Application Hang | ID = 1002
Description = Programm FreeYouTubeToMP3Converter.exe, Version 3.10.8.815 kann nicht
 mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf
 in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
 zu suchen.    Prozess-ID: 2c94    Startzeit: 01cc9c67fe5620fd    Endzeit: 25    Anwendungspfad:
 C:\Program Files (x86)\DVDVideoSoft\Free Studio\Free YouTube to MP3 Converter\FreeYouTubeToMP3Converter.exe

Berichts-ID:
 429fa3b1-085b-11e1-999d-506313a3d9b2  
 
[ OSession Events ]
Error - 12.05.2010 22:02:48 | Computer Name = eva-VAIO | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 78
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 17.05.2010 08:20:31 | Computer Name = eva-VAIO | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 382641
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 01.06.2011 10:20:53 | Computer Name = eva-VAIO | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6557.5001, Microsoft Office Version: 12.0.6425.1000. This session lasted 1210
 seconds with 660 seconds of active time.  This session ended with a crash.
 
Error - 14.06.2011 04:40:23 | Computer Name = eva-VAIO | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.6550.5004, Microsoft Office Version: 12.0.6425.1000. This session lasted 68817
 seconds with 3120 seconds of active time.  This session ended with a crash.
 
Error - 24.06.2011 21:33:22 | Computer Name = eva-VAIO | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.6557.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 15050
 seconds with 240 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 15.07.2012 10:28:38 | Computer Name = eva-VAIO | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 15.07.2012 10:28:38 | Computer Name = eva-VAIO | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 15.07.2012 10:28:40 | Computer Name = eva-VAIO | Source = DCOM | ID = 10005
Description = 
 
Error - 15.07.2012 10:28:50 | Computer Name = eva-VAIO | Source = DCOM | ID = 10005
Description = 
 
Error - 15.07.2012 10:28:55 | Computer Name = eva-VAIO | Source = DCOM | ID = 10005
Description = 
 
Error - 15.07.2012 10:28:55 | Computer Name = eva-VAIO | Source = DCOM | ID = 10005
Description = 
 
Error - 15.07.2012 10:28:57 | Computer Name = eva-VAIO | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuchanbieter-Host"
 abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 15.07.2012 10:28:57 | Computer Name = eva-VAIO | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 15.07.2012 10:28:57 | Computer Name = eva-VAIO | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 15.07.2012 10:28:57 | Computer Name = eva-VAIO | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
 
< End of report >
         
__________________

Alt 15.07.2012, 16:25   #4
t'john
/// Helfer-Team
 
Bundestrojaner aber mit Webcamfenster - Standard

Bundestrojaner aber mit Webcamfenster



Gibt es einen Grund warum Du die Funde nicht geloescht hast?

Fixen mit OTL

Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).

  • Deaktiviere etwaige Virenscanner wie Avira, Kaspersky etc.
  • Starte die OTL.exe.
    Vista- und Windows 7-User starten mit Rechtsklick auf das Programm-Icon und wählen "Als Administrator ausführen".
  • Kopiere folgendes Skript in das Textfeld unterhalb von Benuterdefinierte Scans/Fixes:


Code:
ATTFilter
:OTL

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} 
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC 
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 
IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=102&systemid=406&sr=0&q={searchTerms} 
IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC 
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=102&systemid=406&sr=0&q={searchTerms} 
IE - HKCU\..\URLSearchHook: - No CLSID value found 
IE - HKCU\..\URLSearchHook: {a51a36e6-31e7-4838-9ff7-76298b527ec0} - No CLSID value found 
IE - HKCU\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} 
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC 
IE - HKCU\..\SearchScopes\{2ADE1F2D-601B-4CBA-BB18-35D372A1434E}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SVEC_deDE377 
IE - HKCU\..\SearchScopes\{3A86E50D-52C6-4A01-B1BF-BBEF32359CAB}: "URL" = http://rover.ebay.com/rover/1/707-37276-16609-0/4?satitle={searchTerms} 
IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = http://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd 
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 
IE - HKCU\..\SearchScopes\{7237F0F4-BF74-426E-BEFC-6D96B84F95A1}: "URL" = http://de.shopping.com/?linkin_id=8056363 
IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=102&systemid=406&sr=0&q={searchTerms} 
IE - HKCU\..\SearchScopes\{BDD3D21F-DBDA-4475-BA3F-4F31818EE7F1}: "URL" = http://www.zinio.com/search/index.jsp?s={searchTerms}&rf=sonyie8search 
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local 
FF - prefs.js..browser.search.defaultenginename: "Search Results" 
FF - prefs.js..browser.search.defaultthis.engineName: "softonic-Germany Customized Web Search" 
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2449729&SearchSource=3&q={searchTerms}" 
FF - prefs.js..browser.search.order.1: "Search Results" 
FF - prefs.js..browser.search.selectedEngine: "Search Results" 
FF - prefs.js..browser.startup.homepage: "http://www.searchqu.com/406" 
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 
FF - prefs.js..extensions.enabledItems: litmus-ff@f-secure.com:1.10 
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.2.5.2 
FF - prefs.js..extensions.enabledItems: {a51a36e6-31e7-4838-9ff7-76298b527ec0}:3.2.5.2 
FF - prefs.js..extensions.enabledItems: {c45c406e-ab73-11d8-be73-000a95be3b12}:1.1.9 
FF - prefs.js..extensions.enabledItems: {AE93811A-5C9A-4d34-8462-F7B864FC4696}:3.81 
FF - prefs.js..keyword.URL: "http://dts.search-results.com/sr?src=ffb&appid=102&systemid=406&sr=0&q=" 
FF - prefs.js..network.proxy.http: "188.94.228.46" 
FF - prefs.js..network.proxy.http_port: 8080 
FF - prefs.js..network.proxy.type: 1 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () 
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) 
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) 
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {30F9B915-B755-4826-820B-08FBA6BD249D} - No CLSID value found. 
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {A51A36E6-31E7-4838-9FF7-76298B527EC0} - No CLSID value found. 
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found. 
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () 
O4 - HKCU..\Run: [AdobeBridge] File not found 
O4 - HKCU..\Run: [EPSON S21 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIFAE.EXE /FU "C:\Windows\TEMP\E_S7023.tmp" /EF "HKCU" File not found 
O4 - HKCU..\Run: [Spotify] C:\Users\eva\AppData\Roaming\Spotify\spotify.exe (Spotify Ltd) 
O4 - HKCU..\Run: [Spotify Web Helper] C:\Users\eva\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe () 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 
O32 - HKLM CDRom: AutoRun - 1 
O33 - MountPoints2\{017ad081-5432-11df-94f7-506313a3d9b2}\Shell - "" = AutoRun 
O33 - MountPoints2\{017ad081-5432-11df-94f7-506313a3d9b2}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a 
O33 - MountPoints2\{d15df991-0ecd-11e0-8654-506313a3d9b2}\Shell - "" = AutoRun 
O33 - MountPoints2\{d15df991-0ecd-11e0-8654-506313a3d9b2}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -a 
O33 - MountPoints2\{e5484eb7-552b-11df-93f8-506313a3d9b2}\Shell - "" = AutoRun 
O33 - MountPoints2\{e5484eb7-552b-11df-93f8-506313a3d9b2}\Shell\AutoRun\command - "" = "H:\WD SmartWare.exe" autoplay=true 
[2012.05.16 20:33:04 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\BRTCPCON.DLL 
[2012.05.16 20:33:00 | 000,000,114 | ---- | C] () -- C:\Windows\SysWow64\BRLMW03A.INI 
[2010.09.30 16:29:22 | 000,042,672 | ---- | C] () -- C:\Windows\SysWow64\drivers\fsbts.sys 
[2010.09.30 16:28:31 | 001,543,394 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI 
@Alternate Data Stream - 1055 bytes -> C:\Users\eva\AppData\Local\Temp:kPr1MmTTPju4cyqYVJ 
@Alternate Data Stream - 1043 bytes -> C:\Users\eva\AppData\Local\zCHjK9DmX:kudQTrWqhWDCl56wHP0vZ 
[2012.07.15 13:24:20 | 004,503,728 | ---- | M] () -- C:\ProgramData\go_0molg.pad 
[2012.07.15 13:24:30 | 000,000,000 | ---D | M] -- C:\Users\eva\AppData\Roaming\Dropbox 
[2012.07.15 13:18:51 | 000,013,872 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 
[2012.07.15 13:18:51 | 000,013,872 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 
[2012.07.15 13:18:05 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job 
[2012.07.15 13:01:35 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job 
[2012.07.12 00:08:26 | 004,503,728 | ---- | C] () -- C:\ProgramData\go_0molg.pad 

:Files

ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[emptyflash]
         
  • Schließe alle Programme.
  • Klicke auf den Fix Button.
  • Wenn OTL einen Neustart verlangt, bitte zulassen.
  • Kopiere den Inhalt des Logfiles hier in Code-Tags in Deinen Thread.
    Nachträglich kannst Du das Logfile hier einsehen => C:\_OTL\MovedFiles\

Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!
__________________
Mfg, t'john
Das TB unterstützen

Alt 16.07.2012, 08:53   #5
Evi88
 
Bundestrojaner aber mit Webcamfenster - Standard

Bundestrojaner aber mit Webcamfenster



Sorry - das hatte ich irgendwie nicht kapiert - war also keine Absicht!
Vielen Danke!

Hier nun die neue LOG-Datei:

Code:
ATTFilter
All processes killed
========== OTL ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{a51a36e6-31e7-4838-9ff7-76298b527ec0} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a51a36e6-31e7-4838-9ff7-76298b527ec0}\ not found.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2ADE1F2D-601B-4CBA-BB18-35D372A1434E}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2ADE1F2D-601B-4CBA-BB18-35D372A1434E}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{3A86E50D-52C6-4A01-B1BF-BBEF32359CAB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3A86E50D-52C6-4A01-B1BF-BBEF32359CAB}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6552C7DD-90A4-4387-B795-F8F96747DE19}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{7237F0F4-BF74-426E-BEFC-6D96B84F95A1}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7237F0F4-BF74-426E-BEFC-6D96B84F95A1}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BDD3D21F-DBDA-4475-BA3F-4F31818EE7F1}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BDD3D21F-DBDA-4475-BA3F-4F31818EE7F1}\ not found.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
Prefs.js: "Search Results" removed from browser.search.defaultenginename
Prefs.js: "softonic-Germany Customized Web Search" removed from browser.search.defaultthis.engineName
Prefs.js: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2449729&SearchSource=3&q={searchTerms}" removed from browser.search.defaulturl
Prefs.js: "Search Results" removed from browser.search.order.1
Prefs.js: "Search Results" removed from browser.search.selectedEngine
Prefs.js: "hxxp://www.searchqu.com/406" removed from browser.startup.homepage
Prefs.js: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 removed from extensions.enabledItems
Prefs.js: litmus-ff@f-secure.com:1.10 removed from extensions.enabledItems
Prefs.js: engine@conduit.com:3.2.5.2 removed from extensions.enabledItems
Prefs.js: {a51a36e6-31e7-4838-9ff7-76298b527ec0}:3.2.5.2 removed from extensions.enabledItems
Prefs.js: {c45c406e-ab73-11d8-be73-000a95be3b12}:1.1.9 removed from extensions.enabledItems
Prefs.js: {AE93811A-5C9A-4d34-8462-F7B864FC4696}:3.81 removed from extensions.enabledItems
Prefs.js: "hxxp://dts.search-results.com/sr?src=ffb&appid=102&systemid=406&sr=0&q=" removed from keyword.URL
Prefs.js: "188.94.228.46" removed from network.proxy.http
Prefs.js: 8080 removed from network.proxy.http_port
Prefs.js: 1 removed from network.proxy.type
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@adobe.com/FlashPlayer\ deleted successfully.
C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@tools.google.com/Google Update;version=3\ deleted successfully.
C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@tools.google.com/Google Update;version=9\ deleted successfully.
File C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{30F9B915-B755-4826-820B-08FBA6BD249D} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{A51A36E6-31E7-4838-9FF7-76298B527EC0} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A51A36E6-31E7-4838-9FF7-76298B527EC0}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\DivXUpdate deleted successfully.
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\EPSON S21 Series deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Spotify deleted successfully.
C:\Users\eva\AppData\Roaming\Spotify\spotify.exe moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Spotify Web Helper deleted successfully.
C:\Users\eva\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{017ad081-5432-11df-94f7-506313a3d9b2}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{017ad081-5432-11df-94f7-506313a3d9b2}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{017ad081-5432-11df-94f7-506313a3d9b2}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{017ad081-5432-11df-94f7-506313a3d9b2}\ not found.
File G:\LaunchU3.exe -a not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d15df991-0ecd-11e0-8654-506313a3d9b2}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d15df991-0ecd-11e0-8654-506313a3d9b2}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d15df991-0ecd-11e0-8654-506313a3d9b2}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d15df991-0ecd-11e0-8654-506313a3d9b2}\ not found.
File I:\LaunchU3.exe -a not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e5484eb7-552b-11df-93f8-506313a3d9b2}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e5484eb7-552b-11df-93f8-506313a3d9b2}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e5484eb7-552b-11df-93f8-506313a3d9b2}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e5484eb7-552b-11df-93f8-506313a3d9b2}\ not found.
File "H:\WD SmartWare.exe" autoplay=true not found.
C:\Windows\SysWOW64\BRTCPCON.DLL moved successfully.
C:\Windows\SysWOW64\BRLMW03A.INI moved successfully.
C:\Windows\SysWOW64\drivers\fsbts.sys moved successfully.
C:\Windows\SysWOW64\PerfStringBackup.INI moved successfully.
ADS C:\Users\eva\AppData\Local\Temp:kPr1MmTTPju4cyqYVJ deleted successfully.
ADS C:\Users\eva\AppData\Local\zCHjK9DmX:kudQTrWqhWDCl56wHP0vZ deleted successfully.
C:\ProgramData\go_0molg.pad moved successfully.
Folder move failed. C:\Users\eva\AppData\Roaming\Dropbox\shellext\l scheduled to be moved on reboot.
C:\Users\eva\AppData\Roaming\Dropbox\shellext\dump folder moved successfully.
Folder move failed. C:\Users\eva\AppData\Roaming\Dropbox\shellext scheduled to be moved on reboot.
C:\Users\eva\AppData\Roaming\Dropbox\l folder moved successfully.
C:\Users\eva\AppData\Roaming\Dropbox\installer\l folder moved successfully.
C:\Users\eva\AppData\Roaming\Dropbox\installer folder moved successfully.
C:\Users\eva\AppData\Roaming\Dropbox\bin folder moved successfully.
Folder move failed. C:\Users\eva\AppData\Roaming\Dropbox scheduled to be moved on reboot.
C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 moved successfully.
C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job moved successfully.
File C:\ProgramData\go_0molg.pad not found.
========== FILES ==========
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\eva\Desktop\cmd.bat deleted successfully.
C:\Users\eva\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56475 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: eva
->Temp folder emptied: 5821265487 bytes
->Temporary Internet Files folder emptied: 3042750 bytes
->Java cache emptied: 17663836 bytes
->FireFox cache emptied: 55143616 bytes
->Google Chrome cache emptied: 18275090 bytes
->Flash cache emptied: 69356 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 310825544 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 36069724 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 5.972,00 mb
 
 
[EMPTYFLASH]
 
User: All Users
 
User: Default
->Flash cache emptied: 0 bytes
 
User: Default User
->Flash cache emptied: 0 bytes
 
User: eva
->Flash cache emptied: 0 bytes
 
User: Public
 
Total Flash Files Cleaned = 0,00 mb
 
 
OTL by OldTimer - Version 3.2.54.0 log created on 07162012_094416

Files\Folders moved on Reboot...
C:\Users\eva\AppData\Roaming\Dropbox\shellext\l folder moved successfully.
C:\Users\eva\AppData\Roaming\Dropbox\shellext folder moved successfully.
C:\Users\eva\AppData\Roaming\Dropbox folder moved successfully.
File move failed. C:\Users\eva\AppData\Local\Temp\FXSAPIDebugLogFile.txt scheduled to be moved on reboot.

PendingFileRenameOperations files...
File C:\Users\eva\AppData\Roaming\Dropbox\shellext\l not found!
File C:\Users\eva\AppData\Roaming\Dropbox\shellext not found!
File C:\Users\eva\AppData\Roaming\Dropbox not found!
[2010.04.28 20:40:59 | 000,000,000 | ---- | M] () C:\Users\eva\AppData\Local\Temp\FXSAPIDebugLogFile.txt : Unable to obtain MD5

Registry entries deleted on Reboot...
         


Alt 16.07.2012, 12:58   #6
t'john
/// Helfer-Team
 
Bundestrojaner aber mit Webcamfenster - Standard

Bundestrojaner aber mit Webcamfenster



Sehr gut!

Wie laeuft der Rechner?


Downloade Dir bitte AdwCleaner auf deinen Desktop.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Search.
  • Nach Ende des Suchlaufs öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[R1].txt.
__________________
--> Bundestrojaner aber mit Webcamfenster

Alt 16.07.2012, 13:20   #7
Evi88
 
Bundestrojaner aber mit Webcamfenster - Standard

Bundestrojaner aber mit Webcamfenster



im abgesicherten Modus läuft soweit alles gut

Hier die Logdatei von adwcleaner:

Code:
ATTFilter
# AdwCleaner v1.702 - Logfile created 07/16/2012 at 14:16:54
# Updated 13/07/2012 by Xplode
# Operating system : Windows 7 Home Premium  (64 bits)
# User : eva - EVA-VAIO
# Running from : C:\Users\eva\Documents\Downloads\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

Folder Found : C:\Users\eva\AppData\Local\Conduit
Folder Found : C:\Users\eva\AppData\Local\Ilivid Player
Folder Found : C:\Users\eva\AppData\LocalLow\Conduit
Folder Found : C:\Users\eva\AppData\LocalLow\searchquband
Folder Found : C:\Users\eva\AppData\Roaming\Mozilla\Firefox\Profiles\14ntmd2g.default\Conduit
Folder Found : C:\Users\eva\AppData\Roaming\Mozilla\Firefox\Profiles\14ntmd2g.default\ConduitCommon
Folder Found : C:\Users\eva\AppData\Roaming\Mozilla\Firefox\Profiles\14ntmd2g.default\ConduitEngine
Folder Found : C:\ProgramData\boost_interprocess
Folder Found : C:\ProgramData\InstallMate
Folder Found : C:\Program Files (x86)\Ilivid
File Found : C:\Users\eva\AppData\Roaming\Mozilla\Firefox\Profiles\14ntmd2g.default\searchplugins\Conduit.xml
File Found : C:\Users\eva\AppData\Roaming\Mozilla\Firefox\Profiles\14ntmd2g.default\searchplugins\Search_Results.xml
File Found : C:\Program Files (x86)\Mozilla FireFox\searchplugins\Search_Results.xml

***** [Registry] *****
[*] Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2449729
Key Found : HKCU\Software\AppDataLow\Software\searchqutoolbar
Key Found : HKCU\Software\DataMngr
Key Found : HKCU\Software\Softonic
Key Found : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Found : HKLM\SOFTWARE\DT Soft
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASMANCS
[x64] Key Found : HKCU\Software\AppDataLow\Software\searchqutoolbar
[x64] Key Found : HKCU\Software\DataMngr
[x64] Key Found : HKCU\Software\Softonic
[x64] Key Found : HKLM\SOFTWARE\Classes\Conduit.Engine
[x64] Key Found : HKLM\SOFTWARE\DataMngr

***** [Registre - GUID] *****

Key Found : HKLM\SOFTWARE\Classes\CLSID\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{99079A25-328F-4BD4-BE04-00955ACAA0A7}

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v11.0 (de)

Profile name : default 
File : C:\Users\eva\AppData\Roaming\Mozilla\Firefox\Profiles\14ntmd2g.default\prefs.js

Found : user_pref("CT2449729..clientLogIsEnabled", false);
Found : user_pref("CT2449729..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Found : user_pref("CT2449729..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Found : user_pref("CT2449729.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Found : user_pref("CT2449729.CT2449729", "CT2449729");
Found : user_pref("CT2449729.CurrentServerDate", "3-7-2011");
Found : user_pref("CT2449729.DialogsAlignMode", "LTR");
Found : user_pref("CT2449729.DialogsGetterLastCheckTime", "Fri Jul 01 2011 19:07:06 GMT+0200");
Found : user_pref("CT2449729.DownloadReferralCookieData", "");
Found : user_pref("CT2449729.EMailNotifierPollDate", "Sun Jul 03 2011 17:56:19 GMT+0200");
Found : user_pref("CT2449729.FeedLastCount129029445737143755", 1120);
Found : user_pref("CT2449729.FeedPollDate7470634014180506963", "Sun Jul 03 2011 17:56:19 GMT+0200");
Found : user_pref("CT2449729.FeedPollDate7470634014269327586", "Sun Jul 03 2011 17:56:19 GMT+0200");
Found : user_pref("CT2449729.FeedPollDate7470634014329599698", "Sun Jul 03 2011 17:56:19 GMT+0200");
Found : user_pref("CT2449729.FeedPollDate7470634014537505092", "Sun Jul 03 2011 17:56:19 GMT+0200");
Found : user_pref("CT2449729.FeedPollDate7470634014970726540", "Sun Jul 03 2011 17:56:19 GMT+0200");
Found : user_pref("CT2449729.FeedPollDate7470634015410831318", "Sun Jul 03 2011 14:54:37 GMT+0200");
Found : user_pref("CT2449729.FeedPollDate7470634015483395460", "Sun Jul 03 2011 17:56:19 GMT+0200");
Found : user_pref("CT2449729.FeedPollDate7470634015636754705", "Sun Jul 03 2011 17:56:19 GMT+0200");
Found : user_pref("CT2449729.FeedPollDate7470634015768347545", "Sun Jul 03 2011 17:56:19 GMT+0200");
Found : user_pref("CT2449729.FeedPollDate7470634015855543602", "Sun Jul 03 2011 17:56:19 GMT+0200");
Found : user_pref("CT2449729.FeedPollDate7470634016030710453", "Sun Jul 03 2011 17:56:19 GMT+0200");
Found : user_pref("CT2449729.FeedPollDate7470634016114705611", "Sun Jul 03 2011 17:56:19 GMT+0200");
Found : user_pref("CT2449729.FeedPollDate7470634016129205152", "Sun Jul 03 2011 14:54:37 GMT+0200");
Found : user_pref("CT2449729.FeedPollDate7470634016143724791", "Sun Jul 03 2011 14:54:37 GMT+0200");
Found : user_pref("CT2449729.FeedPollDate7470634016271239162", "Sun Jul 03 2011 14:54:37 GMT+0200");
Found : user_pref("CT2449729.FeedPollDate7470634016568520719", "Sun Jul 03 2011 17:56:19 GMT+0200");
Found : user_pref("CT2449729.FeedPollDate7470634016726993788", "Sun Jul 03 2011 17:56:19 GMT+0200");
Found : user_pref("CT2449729.FeedPollDate7470634017109031809", "Sun Jul 03 2011 17:56:19 GMT+0200");
Found : user_pref("CT2449729.FeedPollDate7470634017132743740", "Sun Jul 03 2011 17:56:19 GMT+0200");
Found : user_pref("CT2449729.FeedPollDate7470634017299547668", "Sun Jul 03 2011 17:56:19 GMT+0200");
Found : user_pref("CT2449729.FeedPollDate7470634017302327846", "Sun Jul 03 2011 17:56:19 GMT+0200");
Found : user_pref("CT2449729.FeedPollDate7470634017344111490", "Sun Jul 03 2011 17:56:19 GMT+0200");
Found : user_pref("CT2449729.FeedPollDate7470634017478360748", "Sun Jul 03 2011 14:54:38 GMT+0200");
Found : user_pref("CT2449729.FeedPollDate7470634017732797593", "Sun Jul 03 2011 17:56:19 GMT+0200");
Found : user_pref("CT2449729.FeedPollDate7470634017821686064", "Sun Jul 03 2011 14:54:37 GMT+0200");
Found : user_pref("CT2449729.FeedPollDate7470634018090228721", "Sun Jul 03 2011 17:56:19 GMT+0200");
Found : user_pref("CT2449729.FeedTTL7470634014269327586", 5);
Found : user_pref("CT2449729.FeedTTL7470634014537505092", 5);
Found : user_pref("CT2449729.FeedTTL7470634014970726540", 2);
Found : user_pref("CT2449729.FeedTTL7470634015636754705", 5);
Found : user_pref("CT2449729.FeedTTL7470634016568520719", 30);
Found : user_pref("CT2449729.FeedTTL7470634017109031809", 30);
Found : user_pref("CT2449729.FeedTTL7470634017299547668", 2);
Found : user_pref("CT2449729.FirstServerDate", "1-7-2011");
Found : user_pref("CT2449729.FirstTime", true);
Found : user_pref("CT2449729.FirstTimeFF3", true);
Found : user_pref("CT2449729.FixPageNotFoundErrors", true);
Found : user_pref("CT2449729.GroupingServerCheckInterval", 1440);
Found : user_pref("CT2449729.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Found : user_pref("CT2449729.HasUserGlobalKeys", true);
Found : user_pref("CT2449729.Initialize", true);
Found : user_pref("CT2449729.InitializeCommonPrefs", true);
Found : user_pref("CT2449729.InstallationAndCookieDataSentCount", 3);
Found : user_pref("CT2449729.InstalledDate", "Fri Jul 01 2011 19:07:06 GMT+0200");
Found : user_pref("CT2449729.InvalidateCache", false);
Found : user_pref("CT2449729.IsGrouping", false);
Found : user_pref("CT2449729.IsInitSetupIni", true);
Found : user_pref("CT2449729.IsMulticommunity", false);
Found : user_pref("CT2449729.IsOpenThankYouPage", true);
Found : user_pref("CT2449729.IsOpenUninstallPage", true);
Found : user_pref("CT2449729.LanguagePackLastCheckTime", "Fri Jul 01 2011 19:07:06 GMT+0200");
Found : user_pref("CT2449729.LanguagePackReloadIntervalMM", 1440);
Found : user_pref("CT2449729.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Found : user_pref("CT2449729.LastLogin_3.5.0.12", "Sun Jul 03 2011 17:56:20 GMT+0200");
Found : user_pref("CT2449729.LatestVersion", "3.3.3.2");
Found : user_pref("CT2449729.Locale", "de-de");
Found : user_pref("CT2449729.MCDetectTooltipHeight", "83");
Found : user_pref("CT2449729.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Found : user_pref("CT2449729.MCDetectTooltipWidth", "295");
Found : user_pref("CT2449729.MyStuffEnabledAtInstallation", true);
Found : user_pref("CT2449729.OriginalFirstVersion", "3.5.0.12");
Found : user_pref("CT2449729.RadioIsPodcast", false);
Found : user_pref("CT2449729.RadioLastCheckTime", "Sat Jul 02 2011 19:07:24 GMT+0200");
Found : user_pref("CT2449729.RadioLastUpdateIPServer", "3");
Found : user_pref("CT2449729.RadioLastUpdateServer", "3");
Found : user_pref("CT2449729.RadioMediaID", "9962");
Found : user_pref("CT2449729.RadioMediaType", "Media Player");
Found : user_pref("CT2449729.RadioMenuSelectedID", "EBRadioMenu_CT24497299962");
Found : user_pref("CT2449729.RadioShrinkedFromSetup", false);
Found : user_pref("CT2449729.RadioStationName", "California%20Rock");
Found : user_pref("CT2449729.RadioStationURL", "hxxp://feedlive.net/california.asx");
Found : user_pref("CT2449729.SavedHomepage", "hxxp://www.google.de/");
Found : user_pref("CT2449729.SearchFromAddressBarIsInit", true);
Found : user_pref("CT2449729.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT244[...]
Found : user_pref("CT2449729.SearchInNewTabEnabled", true);
Found : user_pref("CT2449729.SearchInNewTabIntervalMM", 1440);
Found : user_pref("CT2449729.SearchInNewTabLastCheckTime", "Fri Jul 01 2011 19:07:06 GMT+0200");
Found : user_pref("CT2449729.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Found : user_pref("CT2449729.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageServic[...]
Found : user_pref("CT2449729.SearchProtectorToolbarDisabled", true);
Found : user_pref("CT2449729.ServiceMapLastCheckTime", "Fri Jul 01 2011 19:07:04 GMT+0200");
Found : user_pref("CT2449729.SettingsLastCheckTime", "Fri Jul 01 2011 19:07:04 GMT+0200");
Found : user_pref("CT2449729.SettingsLastUpdate", "1306952841");
Found : user_pref("CT2449729.ThirdPartyComponentsInterval", 504);
Found : user_pref("CT2449729.ThirdPartyComponentsLastCheck", "Fri Jul 01 2011 19:07:03 GMT+0200");
Found : user_pref("CT2449729.ThirdPartyComponentsLastUpdate", "1255344657");
Found : user_pref("CT2449729.ToolbarShrinkedFromSetup", false);
Found : user_pref("CT2449729.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2449729");
Found : user_pref("CT2449729.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,OurTo[...]
Found : user_pref("CT2449729.Uninstall", true);
Found : user_pref("CT2449729.UserID", "UN01472215024760104");
Found : user_pref("CT2449729.WeatherNetwork", "");
Found : user_pref("CT2449729.WeatherPollDate", "Sun Jul 03 2011 17:56:19 GMT+0200");
Found : user_pref("CT2449729.WeatherUnit", "C");
Found : user_pref("CT2449729.alertChannelId", "843580");
Found : user_pref("CT2449729.backendstorage.firstinstall", "796573");
Found : user_pref("CT2449729.backendstorage.gsdomain", "");
Found : user_pref("CT2449729.backendstorage.lastrun", "31333039353430303237373936");
Found : user_pref("CT2449729.backendstorage.partner_id", "3937346665643236");
Found : user_pref("CT2449729.backendstorage.tbready", "74727565");
Found : user_pref("CT2449729.generalConfigFromLogin", "{\"SocialDomains\":\"social.conduit.com;apps.conduit.[...]
Found : user_pref("CT2449729.globalFirstTimeInfoLastCheckTime", "Sun Jul 03 2011 15:45:17 GMT+0200");
Found : user_pref("CT2449729.homepageProtectorEnableByLogin", true);
Found : user_pref("CT2449729.initDone", true);
Found : user_pref("CT2449729.isAppTrackingManagerOn", true);
Found : user_pref("CT2449729.isFirstRadioInstallation", false);
Found : user_pref("CT2449729.myStuffEnabled", true);
Found : user_pref("CT2449729.myStuffPublihserMinWidth", 400);
Found : user_pref("CT2449729.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Found : user_pref("CT2449729.myStuffServiceIntervalMM", 1440);
Found : user_pref("CT2449729.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Found : user_pref("CT2449729.searchProtectorDialogDelayInSec", 10);
Found : user_pref("CT2449729.searchProtectorEnableByLogin", true);
Found : user_pref("CT2449729.testingCtid", "");
Found : user_pref("CT2449729.toolbarAppMetaDataLastCheckTime", "Fri Jul 01 2011 19:07:06 GMT+0200");
Found : user_pref("CT2449729.toolbarContextMenuLastCheckTime", "Fri Jul 01 2011 19:07:06 GMT+0200");
Found : user_pref("CT2449729.usagesFlag", 2);
Found : user_pref("CommunityToolbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT2449729&Search[...]
Found : user_pref("CommunityToolbar.ConduitSearchList", "softonic-Germany Customized Web Search");
Found : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1249595/1245268/DE", "\"0\"[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/843580/839383/DE", "\"0\"")[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/909619/905414/DE", "\"0\"")[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2449729", [...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.engine.conduit-services.com/DLG.pkg?ver=3.3.3[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.5.[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2449729",[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=2/22/20[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/CT2449729/CT2449729[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=de-de", "\"[...]
Found : user_pref("CommunityToolbar.EngineHiddenByUser", true);
Found : user_pref("CommunityToolbar.EngineOwner", "ConduitEngine");
Found : user_pref("CommunityToolbar.EngineOwnerGuid", "engine@conduit.com");
Found : user_pref("CommunityToolbar.EngineOwnerToolbarId", "conduitengine");
Found : user_pref("CommunityToolbar.IsEngineShown", false);
Found : user_pref("CommunityToolbar.IsMyStuffImportedToEngine", true);
Found : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\eva\\AppData\\Roaming\\Mozilla\\Fir[...]
Found : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.5.0.12");
Found : user_pref("CommunityToolbar.OriginalEngineOwner", "ConduitEngine");
Found : user_pref("CommunityToolbar.OriginalEngineOwnerGuid", "engine@conduit.com");
Found : user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", "conduitengine");
Found : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "hxxp://search.icq.com/search/afe_results[...]
Found : user_pref("CommunityToolbar.ToolbarsList", "ConduitEngine,CT2449729");
Found : user_pref("CommunityToolbar.ToolbarsList2", "CT2449729");
Found : user_pref("CommunityToolbar.ToolbarsList4", "CT2449729");
Found : user_pref("CommunityToolbar.alert.alertDialogsGetterLastCheckTime", "Sat May 21 2011 10:08:16 GMT+02[...]
Found : user_pref("CommunityToolbar.alert.alertInfoInterval", 1440);
Found : user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Wed Jun 29 2011 08:45:11 GMT+0200");
Found : user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com");
Found : user_pref("CommunityToolbar.alert.locale", "en");
Found : user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);
Found : user_pref("CommunityToolbar.alert.loginLastCheckTime", "Wed Jun 29 2011 02:36:06 GMT+0200");
Found : user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1305622559");
Found : user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);
Found : user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");
Found : user_pref("CommunityToolbar.alert.showTrayIcon", false);
Found : user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);
Found : user_pref("CommunityToolbar.alert.userId", "5b2ddf0f-3376-4b1c-8b7d-1fcabe4e82a8");
Found : user_pref("CommunityToolbar.globalUserId", "fc89f353-5bff-4dce-8509-df4fbe641279");
Found : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Found : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Found : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT2449729");
Found : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Fri Jul 01 2011 19:07:0[...]
Found : user_pref("CommunityToolbar.notifications.alertEnabled", true);
Found : user_pref("CommunityToolbar.notifications.alertInfoInterval", 1440);
Found : user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Sat Jul 02 2011 11:09:07 GMT+020[...]
Found : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");
Found : user_pref("CommunityToolbar.notifications.locale", "en");
Found : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);
Found : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Fri Jul 01 2011 19:07:05 GMT+0200");
Found : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1305622559");
Found : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
Found : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");
Found : user_pref("CommunityToolbar.notifications.showTrayIcon", false);
Found : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
Found : user_pref("CommunityToolbar.notifications.userId", "dca52f3e-216a-48d7-bdfe-3b6bd4e462c0");
Found : user_pref("ConduitEngine.AppTrackingLastCheckTime", "Sat May 21 2011 10:08:17 GMT+0200");
Found : user_pref("ConduitEngine.CTID", "ConduitEngine");
Found : user_pref("ConduitEngine.DialogsGetterLastCheckTime", "Sat May 21 2011 10:08:10 GMT+0200");
Found : user_pref("ConduitEngine.FirstServerDate", "05/21/2011 11");
Found : user_pref("ConduitEngine.FirstTime", true);
Found : user_pref("ConduitEngine.FirstTimeFF3", true);
Found : user_pref("ConduitEngine.HasUserGlobalKeys", true);
Found : user_pref("ConduitEngine.Initialize", true);
Found : user_pref("ConduitEngine.InitializeCommonPrefs", true);
Found : user_pref("ConduitEngine.InstalledDate", "Wed Mar 09 2011 18:13:23 GMT+0100");
Found : user_pref("ConduitEngine.IsMulticommunity", false);
Found : user_pref("ConduitEngine.IsOpenThankYouPage", false);
Found : user_pref("ConduitEngine.IsOpenUninstallPage", true);
Found : user_pref("ConduitEngine.LanguagePackLastCheckTime", "Sat May 21 2011 10:08:10 GMT+0200");
Found : user_pref("ConduitEngine.LastLogin_3.3.3.2", "Sat May 21 2011 10:08:09 GMT+0200");
Found : user_pref("ConduitEngine.SearchFromAddressBarIsInit", true);
Found : user_pref("ConduitEngine.SettingsLastCheckTime", "Sat May 21 2011 10:08:16 GMT+0200");
Found : user_pref("ConduitEngine.UserID", "UN65627917077917696");
Found : user_pref("ConduitEngine.componentAlertEnabled", true);
Found : user_pref("ConduitEngine.engineLocale", "de");
Found : user_pref("ConduitEngine.enngineContextMenuLastCheckTime", "Sat May 21 2011 10:08:10 GMT+0200");
Found : user_pref("ConduitEngine.globalFirstTimeInfoLastCheckTime", "Mon May 23 2011 13:26:02 GMT+0200");
Found : user_pref("ConduitEngine.initDone", true);
Found : user_pref("ConduitEngine.isAppTrackingManagerOn", true);
Found : user_pref("ConduitEngine.usagesFlag", 1);

-\\ Google Chrome v3.0.195.21

File : C:\Users\eva\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [21385 octets] - [16/07/2012 14:16:54]

########## EOF - C:\AdwCleaner[R1].txt - [21514 octets] ##########
         
Pop-Up vom adw-cleaner: Ob ich gefundene Dateien auch löschen will?
Ich lasse das erstmal lieber und warte auf deine Antwort... danke schonmal

Alt 16.07.2012, 15:41   #8
t'john
/// Helfer-Team
 
Bundestrojaner aber mit Webcamfenster - Standard

Bundestrojaner aber mit Webcamfenster



Was ist mit dem normalen Modus?


  • Schließe alle offenen Programme und Browser.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Delete.
  • Bestätige jeweils mit Ok.
  • Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[S1].txt.
__________________
Mfg, t'john
Das TB unterstützen

Alt 16.07.2012, 15:58   #9
Evi88
 
Bundestrojaner aber mit Webcamfenster - Standard

Bundestrojaner aber mit Webcamfenster



Ich probier gleich mal aus, wie's im normalen Modus ist...

Aber hier erstmal die adwCleaner-Log-Datei:

Code:
ATTFilter
# AdwCleaner v1.702 - Logfile created 07/16/2012 at 16:53:40
# Updated 13/07/2012 by Xplode
# Operating system : Windows 7 Home Premium  (64 bits)
# User : eva - EVA-VAIO
# Running from : C:\Users\eva\Documents\Downloads\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Users\eva\AppData\Local\Conduit
Folder Deleted : C:\Users\eva\AppData\Local\Ilivid Player
Folder Deleted : C:\Users\eva\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\eva\AppData\LocalLow\searchquband
Folder Deleted : C:\Users\eva\AppData\Roaming\Mozilla\Firefox\Profiles\14ntmd2g.default\Conduit
Folder Deleted : C:\Users\eva\AppData\Roaming\Mozilla\Firefox\Profiles\14ntmd2g.default\ConduitCommon
Folder Deleted : C:\Users\eva\AppData\Roaming\Mozilla\Firefox\Profiles\14ntmd2g.default\ConduitEngine
Folder Deleted : C:\ProgramData\boost_interprocess
Folder Deleted : C:\ProgramData\InstallMate
Folder Deleted : C:\Program Files (x86)\Ilivid
File Deleted : C:\Users\eva\AppData\Roaming\Mozilla\Firefox\Profiles\14ntmd2g.default\searchplugins\Conduit.xml
File Deleted : C:\Users\eva\AppData\Roaming\Mozilla\Firefox\Profiles\14ntmd2g.default\searchplugins\Search_Results.xml
File Deleted : C:\Program Files (x86)\Mozilla FireFox\searchplugins\Search_Results.xml

***** [Registry] *****
[*] Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2449729
Key Deleted : HKCU\Software\AppDataLow\Software\searchqutoolbar
Key Deleted : HKCU\Software\DataMngr
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Deleted : HKLM\SOFTWARE\DT Soft
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASMANCS
[x64] Key Deleted : HKLM\SOFTWARE\DataMngr

***** [Registre - GUID] *****

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{99079A25-328F-4BD4-BE04-00955ACAA0A7}

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v11.0 (de)

Profile name : default 
File : C:\Users\eva\AppData\Roaming\Mozilla\Firefox\Profiles\14ntmd2g.default\prefs.js

Deleted : user_pref("CT2449729..clientLogIsEnabled", false);
Deleted : user_pref("CT2449729..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Deleted : user_pref("CT2449729..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Deleted : user_pref("CT2449729.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Deleted : user_pref("CT2449729.CT2449729", "CT2449729");
Deleted : user_pref("CT2449729.CurrentServerDate", "3-7-2011");
Deleted : user_pref("CT2449729.DialogsAlignMode", "LTR");
Deleted : user_pref("CT2449729.DialogsGetterLastCheckTime", "Fri Jul 01 2011 19:07:06 GMT+0200");
Deleted : user_pref("CT2449729.DownloadReferralCookieData", "");
Deleted : user_pref("CT2449729.EMailNotifierPollDate", "Sun Jul 03 2011 17:56:19 GMT+0200");
Deleted : user_pref("CT2449729.FeedLastCount129029445737143755", 1120);
Deleted : user_pref("CT2449729.FeedPollDate7470634014180506963", "Sun Jul 03 2011 17:56:19 GMT+0200");
Deleted : user_pref("CT2449729.FeedPollDate7470634014269327586", "Sun Jul 03 2011 17:56:19 GMT+0200");
Deleted : user_pref("CT2449729.FeedPollDate7470634014329599698", "Sun Jul 03 2011 17:56:19 GMT+0200");
Deleted : user_pref("CT2449729.FeedPollDate7470634014537505092", "Sun Jul 03 2011 17:56:19 GMT+0200");
Deleted : user_pref("CT2449729.FeedPollDate7470634014970726540", "Sun Jul 03 2011 17:56:19 GMT+0200");
Deleted : user_pref("CT2449729.FeedPollDate7470634015410831318", "Sun Jul 03 2011 14:54:37 GMT+0200");
Deleted : user_pref("CT2449729.FeedPollDate7470634015483395460", "Sun Jul 03 2011 17:56:19 GMT+0200");
Deleted : user_pref("CT2449729.FeedPollDate7470634015636754705", "Sun Jul 03 2011 17:56:19 GMT+0200");
Deleted : user_pref("CT2449729.FeedPollDate7470634015768347545", "Sun Jul 03 2011 17:56:19 GMT+0200");
Deleted : user_pref("CT2449729.FeedPollDate7470634015855543602", "Sun Jul 03 2011 17:56:19 GMT+0200");
Deleted : user_pref("CT2449729.FeedPollDate7470634016030710453", "Sun Jul 03 2011 17:56:19 GMT+0200");
Deleted : user_pref("CT2449729.FeedPollDate7470634016114705611", "Sun Jul 03 2011 17:56:19 GMT+0200");
Deleted : user_pref("CT2449729.FeedPollDate7470634016129205152", "Sun Jul 03 2011 14:54:37 GMT+0200");
Deleted : user_pref("CT2449729.FeedPollDate7470634016143724791", "Sun Jul 03 2011 14:54:37 GMT+0200");
Deleted : user_pref("CT2449729.FeedPollDate7470634016271239162", "Sun Jul 03 2011 14:54:37 GMT+0200");
Deleted : user_pref("CT2449729.FeedPollDate7470634016568520719", "Sun Jul 03 2011 17:56:19 GMT+0200");
Deleted : user_pref("CT2449729.FeedPollDate7470634016726993788", "Sun Jul 03 2011 17:56:19 GMT+0200");
Deleted : user_pref("CT2449729.FeedPollDate7470634017109031809", "Sun Jul 03 2011 17:56:19 GMT+0200");
Deleted : user_pref("CT2449729.FeedPollDate7470634017132743740", "Sun Jul 03 2011 17:56:19 GMT+0200");
Deleted : user_pref("CT2449729.FeedPollDate7470634017299547668", "Sun Jul 03 2011 17:56:19 GMT+0200");
Deleted : user_pref("CT2449729.FeedPollDate7470634017302327846", "Sun Jul 03 2011 17:56:19 GMT+0200");
Deleted : user_pref("CT2449729.FeedPollDate7470634017344111490", "Sun Jul 03 2011 17:56:19 GMT+0200");
Deleted : user_pref("CT2449729.FeedPollDate7470634017478360748", "Sun Jul 03 2011 14:54:38 GMT+0200");
Deleted : user_pref("CT2449729.FeedPollDate7470634017732797593", "Sun Jul 03 2011 17:56:19 GMT+0200");
Deleted : user_pref("CT2449729.FeedPollDate7470634017821686064", "Sun Jul 03 2011 14:54:37 GMT+0200");
Deleted : user_pref("CT2449729.FeedPollDate7470634018090228721", "Sun Jul 03 2011 17:56:19 GMT+0200");
Deleted : user_pref("CT2449729.FeedTTL7470634014269327586", 5);
Deleted : user_pref("CT2449729.FeedTTL7470634014537505092", 5);
Deleted : user_pref("CT2449729.FeedTTL7470634014970726540", 2);
Deleted : user_pref("CT2449729.FeedTTL7470634015636754705", 5);
Deleted : user_pref("CT2449729.FeedTTL7470634016568520719", 30);
Deleted : user_pref("CT2449729.FeedTTL7470634017109031809", 30);
Deleted : user_pref("CT2449729.FeedTTL7470634017299547668", 2);
Deleted : user_pref("CT2449729.FirstServerDate", "1-7-2011");
Deleted : user_pref("CT2449729.FirstTime", true);
Deleted : user_pref("CT2449729.FirstTimeFF3", true);
Deleted : user_pref("CT2449729.FixPageNotFoundErrors", true);
Deleted : user_pref("CT2449729.GroupingServerCheckInterval", 1440);
Deleted : user_pref("CT2449729.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Deleted : user_pref("CT2449729.HasUserGlobalKeys", true);
Deleted : user_pref("CT2449729.Initialize", true);
Deleted : user_pref("CT2449729.InitializeCommonPrefs", true);
Deleted : user_pref("CT2449729.InstallationAndCookieDataSentCount", 3);
Deleted : user_pref("CT2449729.InstalledDate", "Fri Jul 01 2011 19:07:06 GMT+0200");
Deleted : user_pref("CT2449729.InvalidateCache", false);
Deleted : user_pref("CT2449729.IsGrouping", false);
Deleted : user_pref("CT2449729.IsInitSetupIni", true);
Deleted : user_pref("CT2449729.IsMulticommunity", false);
Deleted : user_pref("CT2449729.IsOpenThankYouPage", true);
Deleted : user_pref("CT2449729.IsOpenUninstallPage", true);
Deleted : user_pref("CT2449729.LanguagePackLastCheckTime", "Fri Jul 01 2011 19:07:06 GMT+0200");
Deleted : user_pref("CT2449729.LanguagePackReloadIntervalMM", 1440);
Deleted : user_pref("CT2449729.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Deleted : user_pref("CT2449729.LastLogin_3.5.0.12", "Sun Jul 03 2011 17:56:20 GMT+0200");
Deleted : user_pref("CT2449729.LatestVersion", "3.3.3.2");
Deleted : user_pref("CT2449729.Locale", "de-de");
Deleted : user_pref("CT2449729.MCDetectTooltipHeight", "83");
Deleted : user_pref("CT2449729.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Deleted : user_pref("CT2449729.MCDetectTooltipWidth", "295");
Deleted : user_pref("CT2449729.MyStuffEnabledAtInstallation", true);
Deleted : user_pref("CT2449729.OriginalFirstVersion", "3.5.0.12");
Deleted : user_pref("CT2449729.RadioIsPodcast", false);
Deleted : user_pref("CT2449729.RadioLastCheckTime", "Sat Jul 02 2011 19:07:24 GMT+0200");
Deleted : user_pref("CT2449729.RadioLastUpdateIPServer", "3");
Deleted : user_pref("CT2449729.RadioLastUpdateServer", "3");
Deleted : user_pref("CT2449729.RadioMediaID", "9962");
Deleted : user_pref("CT2449729.RadioMediaType", "Media Player");
Deleted : user_pref("CT2449729.RadioMenuSelectedID", "EBRadioMenu_CT24497299962");
Deleted : user_pref("CT2449729.RadioShrinkedFromSetup", false);
Deleted : user_pref("CT2449729.RadioStationName", "California%20Rock");
Deleted : user_pref("CT2449729.RadioStationURL", "hxxp://feedlive.net/california.asx");
Deleted : user_pref("CT2449729.SavedHomepage", "hxxp://www.google.de/");
Deleted : user_pref("CT2449729.SearchFromAddressBarIsInit", true);
Deleted : user_pref("CT2449729.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT244[...]
Deleted : user_pref("CT2449729.SearchInNewTabEnabled", true);
Deleted : user_pref("CT2449729.SearchInNewTabIntervalMM", 1440);
Deleted : user_pref("CT2449729.SearchInNewTabLastCheckTime", "Fri Jul 01 2011 19:07:06 GMT+0200");
Deleted : user_pref("CT2449729.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Deleted : user_pref("CT2449729.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageServic[...]
Deleted : user_pref("CT2449729.SearchProtectorToolbarDisabled", true);
Deleted : user_pref("CT2449729.ServiceMapLastCheckTime", "Fri Jul 01 2011 19:07:04 GMT+0200");
Deleted : user_pref("CT2449729.SettingsLastCheckTime", "Fri Jul 01 2011 19:07:04 GMT+0200");
Deleted : user_pref("CT2449729.SettingsLastUpdate", "1306952841");
Deleted : user_pref("CT2449729.ThirdPartyComponentsInterval", 504);
Deleted : user_pref("CT2449729.ThirdPartyComponentsLastCheck", "Fri Jul 01 2011 19:07:03 GMT+0200");
Deleted : user_pref("CT2449729.ThirdPartyComponentsLastUpdate", "1255344657");
Deleted : user_pref("CT2449729.ToolbarShrinkedFromSetup", false);
Deleted : user_pref("CT2449729.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2449729");
Deleted : user_pref("CT2449729.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,OurTo[...]
Deleted : user_pref("CT2449729.Uninstall", true);
Deleted : user_pref("CT2449729.UserID", "UN01472215024760104");
Deleted : user_pref("CT2449729.WeatherNetwork", "");
Deleted : user_pref("CT2449729.WeatherPollDate", "Sun Jul 03 2011 17:56:19 GMT+0200");
Deleted : user_pref("CT2449729.WeatherUnit", "C");
Deleted : user_pref("CT2449729.alertChannelId", "843580");
Deleted : user_pref("CT2449729.backendstorage.firstinstall", "796573");
Deleted : user_pref("CT2449729.backendstorage.gsdomain", "");
Deleted : user_pref("CT2449729.backendstorage.lastrun", "31333039353430303237373936");
Deleted : user_pref("CT2449729.backendstorage.partner_id", "3937346665643236");
Deleted : user_pref("CT2449729.backendstorage.tbready", "74727565");
Deleted : user_pref("CT2449729.generalConfigFromLogin", "{\"SocialDomains\":\"social.conduit.com;apps.conduit.[...]
Deleted : user_pref("CT2449729.globalFirstTimeInfoLastCheckTime", "Sun Jul 03 2011 15:45:17 GMT+0200");
Deleted : user_pref("CT2449729.homepageProtectorEnableByLogin", true);
Deleted : user_pref("CT2449729.initDone", true);
Deleted : user_pref("CT2449729.isAppTrackingManagerOn", true);
Deleted : user_pref("CT2449729.isFirstRadioInstallation", false);
Deleted : user_pref("CT2449729.myStuffEnabled", true);
Deleted : user_pref("CT2449729.myStuffPublihserMinWidth", 400);
Deleted : user_pref("CT2449729.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Deleted : user_pref("CT2449729.myStuffServiceIntervalMM", 1440);
Deleted : user_pref("CT2449729.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Deleted : user_pref("CT2449729.searchProtectorDialogDelayInSec", 10);
Deleted : user_pref("CT2449729.searchProtectorEnableByLogin", true);
Deleted : user_pref("CT2449729.testingCtid", "");
Deleted : user_pref("CT2449729.toolbarAppMetaDataLastCheckTime", "Fri Jul 01 2011 19:07:06 GMT+0200");
Deleted : user_pref("CT2449729.toolbarContextMenuLastCheckTime", "Fri Jul 01 2011 19:07:06 GMT+0200");
Deleted : user_pref("CT2449729.usagesFlag", 2);
Deleted : user_pref("CommunityToolbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT2449729&Search[...]
Deleted : user_pref("CommunityToolbar.ConduitSearchList", "softonic-Germany Customized Web Search");
Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1249595/1245268/DE", "\"0\"[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/843580/839383/DE", "\"0\"")[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/909619/905414/DE", "\"0\"")[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2449729", [...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.engine.conduit-services.com/DLG.pkg?ver=3.3.3[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.5.[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2449729",[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=2/22/20[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/CT2449729/CT2449729[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=de-de", "\"[...]
Deleted : user_pref("CommunityToolbar.EngineHiddenByUser", true);
Deleted : user_pref("CommunityToolbar.EngineOwner", "ConduitEngine");
Deleted : user_pref("CommunityToolbar.EngineOwnerGuid", "engine@conduit.com");
Deleted : user_pref("CommunityToolbar.EngineOwnerToolbarId", "conduitengine");
Deleted : user_pref("CommunityToolbar.IsEngineShown", false);
Deleted : user_pref("CommunityToolbar.IsMyStuffImportedToEngine", true);
Deleted : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\eva\\AppData\\Roaming\\Mozilla\\Fir[...]
Deleted : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.5.0.12");
Deleted : user_pref("CommunityToolbar.OriginalEngineOwner", "ConduitEngine");
Deleted : user_pref("CommunityToolbar.OriginalEngineOwnerGuid", "engine@conduit.com");
Deleted : user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", "conduitengine");
Deleted : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "hxxp://search.icq.com/search/afe_results[...]
Deleted : user_pref("CommunityToolbar.ToolbarsList", "ConduitEngine,CT2449729");
Deleted : user_pref("CommunityToolbar.ToolbarsList2", "CT2449729");
Deleted : user_pref("CommunityToolbar.ToolbarsList4", "CT2449729");
Deleted : user_pref("CommunityToolbar.alert.alertDialogsGetterLastCheckTime", "Sat May 21 2011 10:08:16 GMT+02[...]
Deleted : user_pref("CommunityToolbar.alert.alertInfoInterval", 1440);
Deleted : user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Wed Jun 29 2011 08:45:11 GMT+0200");
Deleted : user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com");
Deleted : user_pref("CommunityToolbar.alert.locale", "en");
Deleted : user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);
Deleted : user_pref("CommunityToolbar.alert.loginLastCheckTime", "Wed Jun 29 2011 02:36:06 GMT+0200");
Deleted : user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1305622559");
Deleted : user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);
Deleted : user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");
Deleted : user_pref("CommunityToolbar.alert.showTrayIcon", false);
Deleted : user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);
Deleted : user_pref("CommunityToolbar.alert.userId", "5b2ddf0f-3376-4b1c-8b7d-1fcabe4e82a8");
Deleted : user_pref("CommunityToolbar.globalUserId", "fc89f353-5bff-4dce-8509-df4fbe641279");
Deleted : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Deleted : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Deleted : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT2449729");
Deleted : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Fri Jul 01 2011 19:07:0[...]
Deleted : user_pref("CommunityToolbar.notifications.alertEnabled", true);
Deleted : user_pref("CommunityToolbar.notifications.alertInfoInterval", 1440);
Deleted : user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Sat Jul 02 2011 11:09:07 GMT+020[...]
Deleted : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");
Deleted : user_pref("CommunityToolbar.notifications.locale", "en");
Deleted : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);
Deleted : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Fri Jul 01 2011 19:07:05 GMT+0200");
Deleted : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1305622559");
Deleted : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
Deleted : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");
Deleted : user_pref("CommunityToolbar.notifications.showTrayIcon", false);
Deleted : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
Deleted : user_pref("CommunityToolbar.notifications.userId", "dca52f3e-216a-48d7-bdfe-3b6bd4e462c0");
Deleted : user_pref("ConduitEngine.AppTrackingLastCheckTime", "Sat May 21 2011 10:08:17 GMT+0200");
Deleted : user_pref("ConduitEngine.CTID", "ConduitEngine");
Deleted : user_pref("ConduitEngine.DialogsGetterLastCheckTime", "Sat May 21 2011 10:08:10 GMT+0200");
Deleted : user_pref("ConduitEngine.FirstServerDate", "05/21/2011 11");
Deleted : user_pref("ConduitEngine.FirstTime", true);
Deleted : user_pref("ConduitEngine.FirstTimeFF3", true);
Deleted : user_pref("ConduitEngine.HasUserGlobalKeys", true);
Deleted : user_pref("ConduitEngine.Initialize", true);
Deleted : user_pref("ConduitEngine.InitializeCommonPrefs", true);
Deleted : user_pref("ConduitEngine.InstalledDate", "Wed Mar 09 2011 18:13:23 GMT+0100");
Deleted : user_pref("ConduitEngine.IsMulticommunity", false);
Deleted : user_pref("ConduitEngine.IsOpenThankYouPage", false);
Deleted : user_pref("ConduitEngine.IsOpenUninstallPage", true);
Deleted : user_pref("ConduitEngine.LanguagePackLastCheckTime", "Sat May 21 2011 10:08:10 GMT+0200");
Deleted : user_pref("ConduitEngine.LastLogin_3.3.3.2", "Sat May 21 2011 10:08:09 GMT+0200");
Deleted : user_pref("ConduitEngine.SearchFromAddressBarIsInit", true);
Deleted : user_pref("ConduitEngine.SettingsLastCheckTime", "Sat May 21 2011 10:08:16 GMT+0200");
Deleted : user_pref("ConduitEngine.UserID", "UN65627917077917696");
Deleted : user_pref("ConduitEngine.componentAlertEnabled", true);
Deleted : user_pref("ConduitEngine.engineLocale", "de");
Deleted : user_pref("ConduitEngine.enngineContextMenuLastCheckTime", "Sat May 21 2011 10:08:10 GMT+0200");
Deleted : user_pref("ConduitEngine.globalFirstTimeInfoLastCheckTime", "Mon May 23 2011 13:26:02 GMT+0200");
Deleted : user_pref("ConduitEngine.initDone", true);
Deleted : user_pref("ConduitEngine.isAppTrackingManagerOn", true);
Deleted : user_pref("ConduitEngine.usagesFlag", 1);

-\\ Google Chrome v3.0.195.21

File : C:\Users\eva\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [21502 octets] - [16/07/2012 14:16:54]
AdwCleaner[R2].txt - [21563 octets] - [16/07/2012 16:53:08]
AdwCleaner[R3].txt - [21624 octets] - [16/07/2012 16:53:33]
AdwCleaner[S1].txt - [21608 octets] - [16/07/2012 16:53:40]

########## EOF - C:\AdwCleaner[S1].txt - [21737 octets] ##########
         

Alt 16.07.2012, 16:01   #10
t'john
/// Helfer-Team
 
Bundestrojaner aber mit Webcamfenster - Standard

Bundestrojaner aber mit Webcamfenster



Sehr gut!

Bitte im normalen Modus:

Bitte einen Vollscan mit Malwarebytes Anti-Malware machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Malwarebytes Anti-Malware
- Anwendbar auf Windows 2000, XP, Vista und 7.
- Installiere das Programm in den vorgegebenen Pfad.
- Aktiviere "Komplett Scan durchführen" => Scan.
- Wähle alle verfügbaren Laufwerke (ausser CD/DVD) aus und starte den Scan.
- Funde bitte löschen lassen oder in Quarantäne.
- Wenn der Scan beendet ist, klicke auf "Zeige Resultate".
__________________
Mfg, t'john
Das TB unterstützen

Alt 16.07.2012, 21:12   #11
Evi88
 
Bundestrojaner aber mit Webcamfenster - Standard

Bundestrojaner aber mit Webcamfenster



Es wurden keine infizierten Objekte gefunden - yay!!!

Hier die Log- Datei:

Code:
ATTFilter
Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.07.16.08

Windows 7 x64 NTFS
Internet Explorer 9.0.8112.16421
eva :: EVA-VAIO [Administrator]

Schutz: Aktiviert

16.07.2012 17:07:44
mbam-log-2012-07-16 (17-07-44).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|F:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 665316
Laufzeit: 3 Stunde(n), 18 Minute(n), 1 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
         
-------------------------

Jedoch kommt jetzt eine Warnung von Windows:
"An Windows wurde eine nicht authorisierte Änderung vorgenommen:
Windows hat eine Änderung erkannt, die eine eingeschränkte Windows-Funktionalität verursacht. Verwenden Sie den folgenden Link, um zu erfahren, wie Windows repariert werden kann."

Unten rechts im Desktopfenster steht zudem "Die Echtheit diesere Windows-Kopie wurde noch nicht bestätigt."

Ich starte jetzt mal neu und schau dann ob die Meldung wieder kommt.
Ein großes Dankeschön schonmal an dieser Stelle!

------------------------------------------

Stand nach dem Neustart - wieder kein Desktop Hintergrund- Bild bzw. Meldung unten links (siehe letzter Post) und es kommt folgende Meldung:

"Geben Sie den Windows Product-Key ein.
Eine lizensierte Komponente von Windows wurde geändert. Der Windows-Product-Key muss daher erneut eingegeben, und Windows muss erneut aktiviert werden."

Mhm - was heißt das jetzt für mich?
vielen lieben Dank

Geändert von Evi88 (16.07.2012 um 21:28 Uhr)

Alt 16.07.2012, 21:37   #12
t'john
/// Helfer-Team
 
Bundestrojaner aber mit Webcamfenster - Standard

Bundestrojaner aber mit Webcamfenster



Dein Rechner hat irgendwo einen Aufkleber (Laptop unten / Desktop hinten) mit der Lizenznummer.
Kann sein dass du diese zum aktivieren eingeben musst.

zur Kontrolle:

Malware-Scan mit Emsisoft Anti-Malware

Lade die Gratisversion von => Emsisoft Anti-Malware herunter und installiere das Programm.
Lade über Jetzt Updaten die aktuellen Signaturen herunter.
Wähle den Freeware-Modus aus.

Wähle Detail Scan und starte über den Button Scan die Überprüfung des Computers.
Am Ende des Scans nichts loeschen lassen!. Mit Klick auf Bericht speichern das Logfile auf dem Desktop speichern und hier in den Thread posten.

Anleitung: http://www.trojaner-board.de/103809-...i-malware.html
__________________
Mfg, t'john
Das TB unterstützen

Alt 17.07.2012, 14:51   #13
Evi88
 
Bundestrojaner aber mit Webcamfenster - Standard

Bundestrojaner aber mit Webcamfenster



Das mit der Key-Nr für die Windows-Betriebssystem- Authentifizierung hat geklappt.
Wenn ich die Emsisoft.exe ausführen will kommt folgende Fehlermeldung:"Für den Betrieb auf Windows 7 benötigen ist das Service Pack 1 erforderlich."
Was ist das Pack1?

Vielen Dank - momentan sieht's trojaner-mäßig schon echt sehr gut aus

Alt 17.07.2012, 15:36   #14
t'john
/// Helfer-Team
 
Bundestrojaner aber mit Webcamfenster - Standard

Bundestrojaner aber mit Webcamfenster



Bitte alle Updates von Windows einspielen!

Danach wieder melden!
__________________
Mfg, t'john
Das TB unterstützen

Alt 30.07.2012, 11:07   #15
t'john
/// Helfer-Team
 
Bundestrojaner aber mit Webcamfenster - Standard

Bundestrojaner aber mit Webcamfenster



Fehlende Rückmeldung

Gibt es Probleme beim Abarbeiten obiger Anleitung?

Um Kapazitäten für andere Hilfesuchende freizumachen, lösche ich dieses Thema aus meinen Benachrichtigungen.

Solltest Du weitermachen wollen, schreibe mir eine PN oder eröffne ein neues Thema.
http://www.trojaner-board.de/69886-a...-beachten.html


Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner sauber ist.
__________________
Mfg, t'john
Das TB unterstützen

Antwort

Themen zu Bundestrojaner aber mit Webcamfenster
anderem, aufforderung, bundestrojaner, daten, eingefangen, gefangen, gen, glaube, interne, internet, leicht, liebe, lieben, nichts, rechner, schaltet, sofort, sperrt, taucht, troja, trojaner, verbunden, verliere, verlieren, verzweifeln, webcamfenster, zahlung



Ähnliche Themen: Bundestrojaner aber mit Webcamfenster


  1. BKA-/Bundestrojaner aber kein Sperrschirm dafür Fehler beim booten
    Plagegeister aller Art und deren Bekämpfung - 07.01.2014 (9)
  2. Bundestrojaner - Dateien verschlüsselt - aber nicht die locked Version
    Log-Analyse und Auswertung - 15.10.2012 (1)
  3. Bundestrojaner(Trojan.Agent)explorer.exe in C/HKCU Software wird gefunden von Malware, aber kann nicht beseitigt werden
    Plagegeister aller Art und deren Bekämpfung - 11.10.2012 (13)
  4. Bundestrojaner
    Plagegeister aller Art und deren Bekämpfung - 29.09.2012 (15)
  5. Polizei Trojaner mit Webcamfenster - Aufforderung zur Zahlung von 100€
    Plagegeister aller Art und deren Bekämpfung - 27.09.2012 (6)
  6. GVU Trojaner mit Webcamfenster
    Log-Analyse und Auswertung - 04.09.2012 (5)
  7. Ich habe den Bundestrojaner und nach der Systemwiederherstellung kann ich den Laptop wieder benutzen, aber ist der Trojaner jetzt noch da?
    Log-Analyse und Auswertung - 30.08.2012 (12)
  8. GVU Trojaner (Version mit Webcamfenster) eingefangen
    Plagegeister aller Art und deren Bekämpfung - 21.08.2012 (2)
  9. BKA Trojaner (mit Webcamfenster) hat mich erwischt :(
    Plagegeister aller Art und deren Bekämpfung - 01.08.2012 (5)
  10. BKA Trojaner (mit Webcamfenster)
    Log-Analyse und Auswertung - 31.07.2012 (2)
  11. GVU - Trojaner entfernen - ähnlich wie 2.04 nur mit Webcamfenster !
    Plagegeister aller Art und deren Bekämpfung - 19.07.2012 (9)
  12. GVU - Trojaner mit Webcamfenster
    Plagegeister aller Art und deren Bekämpfung - 18.07.2012 (13)
  13. GVU-Trojaner mit Webcamfenster (C:\Users\***\Appdata\Local\Temp\0_0u-I.exe)
    Plagegeister aller Art und deren Bekämpfung - 13.07.2012 (9)
  14. GVU Trojaner ähnlich 2.04 mit zusätzlichem Webcamfenster
    Log-Analyse und Auswertung - 09.07.2012 (4)
  15. GVU Trojaner mit Webcamfenster beseitgen
    Plagegeister aller Art und deren Bekämpfung - 06.07.2012 (17)
  16. 100€ - Bundestrojaner
    Plagegeister aller Art und deren Bekämpfung - 15.06.2012 (21)
  17. Bundestrojaner
    Plagegeister aller Art und deren Bekämpfung - 15.04.2012 (1)

Zum Thema Bundestrojaner aber mit Webcamfenster - Auch ich habe mit einen Trojaner (ich glaube es ist der Bundestrojaner-da Aufforderung zur Zahlung,etc) eingefangen und werde Ihn nicht los. Er sieht aber leicht abgewandelt aus-und zwar mit Webcamfenster - Bundestrojaner aber mit Webcamfenster...
Archiv
Du betrachtest: Bundestrojaner aber mit Webcamfenster auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.