Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Bundeskriminalamt Trojan.Zbot

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 30.09.2012, 23:13   #1
aero
 
Bundeskriminalamt Trojan.Zbot - Standard

Bundeskriminalamt Trojan.Zbot



Hallo zusammen!

Ich erstelle zum ersten Mal einen Eintrag auf so einer Plattform und bin daher noch ein echter Frischling. Wende mich an euch, da ich nach meinen Internet-Recherchen sicher bin, hier zuverlässige Hilfe zu bekommen.

Habe mir leider auch ein paar Schädlinge eingefangen. Es handelt sich hierbei auch um die Bundeskriminalamt-Trojaner. Beim Surfen im Internet ging plötzlich ein Fenster auf mit Layout des BKA und es wurde verlangt 100 € zu bezahlen, der Bildschirm war eingefroren und es wurde sogar noch ein Stand-bild von mir durch die Kamera am Laptop eingefroren. Habe dann das Heruterfahren durch den Taskmanager erzwungen, dann den PC nochmals hochgefahren und einen Avira-Antivir-Scan und danach einen Scan mit Malewarebytes Anti-Maleware gemacht. Er hat mir dann 3 Trojaner (u.a. Trojan.Zbot) in Quarantäne gestellt. Die hab ich dann gelöscht - ich glaub das war keine so gute Idee, was ich bei euch gelesen habe??!!
Jedenfalls funktioniert der Rechner wieder normal - bin mir aber nicht sicher, ob er wirklich schon "sauber" ist.

Ich habe diese Anleitung mit OTL und Extras.txt befolgt und die Dateien beigefügt. Ebenfalls habe ich die Ergebnisdatei des ersten Quickscans und des letzten Voll-Scans beigefügt.

Bitte um kurzes Feedback, was ich jetzt noch machen muss!!

Vielen Dank im Voraus
aero

Alt 01.10.2012, 12:46   #2
t'john
/// Helfer-Team
 
Bundeskriminalamt Trojan.Zbot - Standard

Bundeskriminalamt Trojan.Zbot





Die Bereinigung besteht aus mehreren Schritten, die ausgefuehrt werden muessen.
Diese Nacheinander abarbeiten und die 4 Logs, die dabei erstellt werden bitte in deine naechste Antwort einfuegen.

Sollte der OTL-FIX nicht richig durchgelaufen sein. Fahre nicht fort, sondern mede dies bitte.

1. Schritt

Fixen mit OTL

Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).

  • Deaktiviere etwaige Virenscanner wie Avira, Kaspersky etc.
  • Starte die OTL.exe.
    Vista- und Windows 7-User starten mit Rechtsklick auf das Programm-Icon und wählen "Als Administrator ausführen".
  • Kopiere folgendes Skript in das Textfeld unterhalb von Benuterdefinierte Scans/Fixes:
  • Der Fix fängt mit :OTL an. Vergewissere dich, dass du ihn richtig kopiert hast.

Ersetze die *** Sternchen wieder in den Benutzernamen zurück!
Code:
ATTFilter
:OTL
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} 
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC 
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 
IE - HKLM\..\URLSearchHook: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files (x86)\Freecorder\prxtbFre0.dll (Conduit Ltd.) 
IE - HKLM\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files (x86)\softonic-de3\tbsoft.dll (Conduit Ltd.) 
IE - HKLM\..\URLSearchHook: {f3f5241a-c2c5-42d2-b6a1-2709209bbbac} - C:\Program Files (x86)\WinZipBar_DE\prxtbWinZ.dll (Conduit Ltd.) 
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC 
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT1060933 
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) 
IE - HKCU\..\URLSearchHook: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files (x86)\Freecorder\prxtbFre0.dll (Conduit Ltd.) 
IE - HKCU\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files (x86)\softonic-de3\tbsoft.dll (Conduit Ltd.) 
IE - HKCU\..\URLSearchHook: {f3f5241a-c2c5-42d2-b6a1-2709209bbbac} - C:\Program Files (x86)\WinZipBar_DE\prxtbWinZ.dll (Conduit Ltd.) 
IE - HKCU\..\SearchScopes,DefaultScope = {9CB2C7E9-64F3-408A-BBCE-B97A275E00A1} 
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC 
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&affID=110819&babsrc=SP_ss&mntrId=38cc6d530000000000002a8158fedbf5 
IE - HKCU\..\SearchScopes\{3545ADCC-40E8-49AD-80F7-25D963976327}: "URL" = http://www.zinio.com/search/index.jsp?s={searchTerms}&rf=sonyie8search 
IE - HKCU\..\SearchScopes\{4EE961B6-15E6-4A55-9807-C4577D4D2968}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SVEC_deAT375 
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 
IE - HKCU\..\SearchScopes\{9CB2C7E9-64F3-408A-BBCE-B97A275E00A1}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=AVR-3&o=APN10397&src=kw&q={searchTerms}&locale=de_AT&apn_ptnrs=^ABV&apn_dtid=^YYYYYY^YY^AT&apn_uid=a3f3ce6c-a261-4ad7-b8c4-6f4d63d9daea&apn_sauid=52B62D51-FFA2-40A9-A3A6-3C7DED09A661 
IE - HKCU\..\SearchScopes\{BBA6521F-BE44-4342-A5B3-5AEEDE491DD0}: "URL" = http://rover.ebay.com/rover/1/707-37276-16609-0/4?satitle={searchTerms} 
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local 
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found 
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found 
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found 
O2 - BHO: (Freecorder Toolbar) - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files (x86)\Freecorder\prxtbFre0.dll (Conduit Ltd.) 
O2 - BHO: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files (x86)\softonic-de3\tbsoft.dll (Conduit Ltd.) 
O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) 
O2 - BHO: (WinZipBar_DE Toolbar) - {f3f5241a-c2c5-42d2-b6a1-2709209bbbac} - C:\Program Files (x86)\WinZipBar_DE\prxtbWinZ.dll (Conduit Ltd.) 
O3 - HKLM\..\Toolbar: (Freecorder Toolbar) - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files (x86)\Freecorder\prxtbFre0.dll (Conduit Ltd.) 
O3 - HKLM\..\Toolbar: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files (x86)\softonic-de3\tbsoft.dll (Conduit Ltd.) 
O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) 
O3 - HKLM\..\Toolbar: (WinZipBar_DE Toolbar) - {f3f5241a-c2c5-42d2-b6a1-2709209bbbac} - C:\Program Files (x86)\WinZipBar_DE\prxtbWinZ.dll (Conduit Ltd.) 
O3 - HKCU\..\Toolbar\WebBrowser: (Freecorder Toolbar) - {1392B8D2-5C05-419F-A8F6-B9F15A596612} - C:\Program Files (x86)\Freecorder\prxtbFre0.dll (Conduit Ltd.) 
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) 
O3 - HKCU\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.) 
O3 - HKCU\..\Toolbar\WebBrowser: (softonic-de3 Toolbar) - {CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - C:\Program Files (x86)\softonic-de3\tbsoft.dll (Conduit Ltd.) 
O3 - HKCU\..\Toolbar\WebBrowser: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) 
O3 - HKCU\..\Toolbar\WebBrowser: (WinZipBar_DE Toolbar) - {F3F5241A-C2C5-42D2-B6A1-2709209BBBAC} - C:\Program Files (x86)\WinZipBar_DE\prxtbWinZ.dll (Conduit Ltd.) 
O4 - HKLM..\Run: [] File not found 
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask) 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 
O8:64bit: - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000 File not found 
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found 
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000 File not found 
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found 
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) 
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) 
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) 
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) 
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. 
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. 
O32 - HKLM CDRom: AutoRun - 1 
O33 - MountPoints2\{28306d52-abfe-11e0-95c5-0024bec406f2}\Shell - "" = AutoRun 
O33 - MountPoints2\{28306d52-abfe-11e0-95c5-0024bec406f2}\Shell\AutoRun\command - "" = G:\AutoRun.exe 
O33 - MountPoints2\{28306d59-abfe-11e0-95c5-0024bec406f2}\Shell - "" = AutoRun 
O33 - MountPoints2\{28306d59-abfe-11e0-95c5-0024bec406f2}\Shell\AutoRun\command - "" = G:\AutoRun.exe 
O33 - MountPoints2\{99e585eb-427f-11df-9477-0024bec406f2}\Shell - "" = AutoRun 
O33 - MountPoints2\{99e585eb-427f-11df-9477-0024bec406f2}\Shell\AutoRun\command - "" = G:\Autorun.exe 
[2010.04.06 09:28:24 | 000,000,000 | -HSD | M] -- C:\Users\******\AppData\Roaming\.# 
[2012.05.04 23:55:35 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\Babylon 
:Files
C:\ProgramData\*.exe
C:\ProgramData\TEMP
C:\Users\******\*.tmp
C:\Users\******\AppData\Local\{*}
C:\Users\******\AppData\Local\Temp\*.exe
C:\Users\******\AppData\LocalLow\Sun\Java\Deployment\cache
%APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
ipconfig /flushdns /c
:Commands
[emptytemp]
         
  • Schließe alle Programme.
  • Klicke auf den Fix Button.
  • Wenn OTL einen Neustart verlangt, bitte zulassen.
  • Kopiere den Inhalt des Logfiles hier in Code-Tags in Deinen Thread.
    Nachträglich kannst Du das Logfile hier einsehen => C:\_OTL\MovedFiles\<datum_nummer.log>

Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!



2. Schritt
Bitte einen Vollscan mit Malwarebytes Anti-Malware machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Malwarebytes Anti-Malware
- Anwendbar auf Windows 2000, XP, Vista und 7.
- Installiere das Programm in den vorgegebenen Pfad.
- Aktualisiere die Datenbank!
- Aktiviere "Komplett Scan durchführen" => Scan.
- Wähle alle verfügbaren Laufwerke (ausser CD/DVD) aus und starte den Scan.
- Funde bitte löschen lassen oder in Quarantäne.
- Wenn der Scan beendet ist, klicke auf "Zeige Resultate".
danach:

3. Schritt

Downloade Dir bitte AdwCleaner auf deinen Desktop.

  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Search.
  • Nach Ende des Suchlaufs öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[R1].txt.



4. Schritt
  • Schließe alle offenen Programme und Browser.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Delete.
  • Bestätige jeweils mit Ok.
  • Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[S1].txt.
__________________

__________________

Alt 02.10.2012, 21:31   #3
aero
 
Bundeskriminalamt Trojan.Zbot - Standard

Bundeskriminalamt Trojan.Zbot



Hallo t'john!

Danke erstmal für deine Hilfe!
Die Logdateien, die ich beim ersten Mal erstellt habe, hab ich eigentlich unter "Anhänge verwalten" hochgeladen. Offensichtlich konntest du sie jedoch nicht einsehen??!! Jetzt liefere ich sie so nach:

Die Extras.txt:

Code:
ATTFilter
OTL Extras logfile created on: 30.09.2012 22:26:45 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\*****\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
3,86 Gb Total Physical Memory | 2,23 Gb Available Physical Memory | 57,84% Memory free
7,71 Gb Paging File | 5,64 Gb Available in Paging File | 73,06% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 455,13 Gb Total Space | 352,31 Gb Free Space | 77,41% Space Free | Partition Type: NTFS
 
Computer Name: *****-VAIO | User Name: ***** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{09F3309F-040F-4616-AB93-389F05D03353}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{0FE9A57B-2477-4BDB-A7C1-A67D091BAD64}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{11A622AD-670C-44F6-999F-0CD9197C3F5C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{130BD9F7-F6A4-41EF-AF64-1F2015DB039E}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{180515F3-0C63-4A3F-BCC4-0587260C7735}" = rport=137 | protocol=17 | dir=out | app=system | 
"{1F7F6D55-FE55-466D-B2AD-57762D59804A}" = lport=137 | protocol=17 | dir=in | app=system | 
"{200E0420-3BE0-4729-8916-801AED5D59AC}" = lport=445 | protocol=6 | dir=in | app=system | 
"{202DED58-289B-4F80-BBF9-B695781682F0}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{24800C6B-836E-4970-8BC9-9D8283CB2CD8}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{2A4E3D15-2699-46EE-8893-0464BE67506D}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{2C765A90-3B8E-4DE7-98F1-EEAFADC326B6}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{2CC55CF0-80BC-448F-9838-A1AB95BD5667}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{398217CC-24FB-4BF0-9E04-B015C22B73D1}" = lport=139 | protocol=6 | dir=in | app=system | 
"{3D53AE59-6BD2-4B22-BBAE-7ED660CA40F3}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{3E7FDAEF-AF0F-400F-9C07-7640C0167C8C}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{449A3791-AAD7-4D3D-AF5B-5F61272A228A}" = rport=138 | protocol=17 | dir=out | app=system | 
"{45079140-4159-4BEE-80EF-4B182BA09BBE}" = rport=445 | protocol=6 | dir=out | app=system | 
"{54301CCF-D7B7-4198-A797-33208B532F91}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{5A0407AF-BF44-4C09-8885-125AF0606545}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{746C13DF-C69A-4BB6-B8B1-16CC117D75AA}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{77D3481E-4EA3-4CE6-A841-38191564F7BF}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{7B08C424-2360-4E0C-BA86-DAD622F1CE13}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{8FAC6420-06FC-43E0-BDD7-FE176FDC3CBE}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{9BFC67FC-A5AC-463A-816D-8B8F5FB9D657}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{9E6ADEA1-E16F-4FDF-94E9-C5D4C061C30C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{A83EE980-41B4-46C1-B713-8CABFEDCB68F}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{B2F7C43B-6D55-4185-B663-9C5F6B1CFADB}" = lport=138 | protocol=17 | dir=in | app=system | 
"{C40EE266-60EF-4A63-8933-D11CFB9BFAE2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{CD7F6C8B-E2D4-41FC-8F59-859A12B3E397}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{D2A19561-070E-498C-8C46-B93F6D51DCB6}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{D3F59C00-BF33-413E-982F-1AE442ECD3B3}" = rport=139 | protocol=6 | dir=out | app=system | 
"{E1946D9E-6479-4B5C-B1EE-6BACF6C5CC1D}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{E2041AA8-BB0F-4258-907D-ED9F4DD501DB}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{E4D6E0F8-8944-40C2-978D-C9646E3EE5C2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{F11DB62B-D7CC-4919-B40E-6292582E6127}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{05691D6D-10AB-4291-8304-ED5C434AF288}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | 
"{0E197811-3530-4B99-8BD5-CB3F681886A0}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"{15503039-0427-4568-94A6-EB400BAC15BA}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{1E1E5845-D128-41E2-994A-1BE1B618735A}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{2024AF7C-1DAB-43E9-B332-36C5CF8112DB}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{234253F8-5031-464B-B564-FEE9E56DC4AB}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{27018615-A4D2-4FD4-8355-D4935B34DD98}" = protocol=17 | dir=in | app=c:\program files (x86)\symantec\norton online backup\nobuclient.exe | 
"{2F81A781-0DA9-4E41-9712-9617095BF9F6}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{36CD659E-C6D3-4B59-9DCC-E412BB921441}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"{3AB5C994-4112-43F6-9C5D-3E171539A54A}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{3F452317-0F87-450E-AE66-94E5C6412357}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{3FEB020A-0F16-4995-BE87-3BD3995676B4}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
"{4B3BFB26-95C8-40AE-8E7A-362CFE9A9072}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{4F3E4840-363B-42A3-AC49-108D40ADCB9E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{504BB1E6-3796-4AB3-98C9-3ACD47DDA759}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{529F7AE5-B712-4553-AF74-1ABF3166B5F0}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{53AA168D-1F09-470B-87B2-BF6A1A762333}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe | 
"{555D5CE9-8072-40A8-88C2-775061D7A662}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{56D2B253-8C0C-451F-A429-8B62ED5A0C38}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{5BDA320C-3911-4029-8E31-79B850BC17C4}" = protocol=6 | dir=in | app=c:\program files (x86)\symantec\norton online backup\nobuclient.exe | 
"{6249A301-0509-4C2A-900F-72DF56CB7082}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{694894EC-B9BE-4ED3-9720-F7C52718EA9A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{71C14749-80E6-4F0C-A4E9-5C2B4FE4B260}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"{799A2134-E1D6-4DBA-BC9C-7EF24B32950D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{7E4FB41A-5A12-4EF6-AD5A-74F6F28D0FF3}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{9B522A84-B379-4D9D-94B7-1200A96EDBAC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{9E6A5B1D-FEE3-4E3B-AACB-C6F576C6374A}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | 
"{9EAEB1C3-54BE-42D7-82E4-092D70A58662}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{9EDEE4AF-0FA0-4310-8B0B-ECA3D5A63900}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{A3BEF20E-02B6-429D-960F-DEB85102AB3F}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"{A611808C-473D-476E-BC8E-F79986ADA3B8}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{B57F8130-6F36-41FC-9CF6-AC610D6E955B}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{CCC665AF-55CE-4110-B981-287E124DC1C2}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{DC10AA45-320A-4221-A580-A99EB8089A72}" = protocol=6 | dir=out | app=system | 
"{DC62209E-CB73-4B58-AE71-B7838E09D418}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{E7BD4204-F471-4934-837E-9D5A4AFD7190}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{EC39C646-70B4-48C2-AB05-3EB138A46F7A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"TCP Query User{5835654F-CFF3-4FD3-8DBC-81DA08778666}C:\program files (x86)\symantec\norton online backup\nobuclient.exe" = protocol=6 | dir=in | app=c:\program files (x86)\symantec\norton online backup\nobuclient.exe | 
"UDP Query User{4A83DCF4-F2B9-4FE1-855B-475F3F8362E5}C:\program files (x86)\symantec\norton online backup\nobuclient.exe" = protocol=17 | dir=in | app=c:\program files (x86)\symantec\norton online backup\nobuclient.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0D87AE67-14EB-4C10-88A5-DA6C3181EB18}" = Windows Live Family Safety
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP250_series" = Canon MP250 series MP Drivers
"{11D25EF7-85FC-4B58-8278-485939C8637F}" = VAIO Update Merge Module x64
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{2128559D-BBCD-4744-87F0-7C0CD5CFB464}" = Windows Live Family Safety
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{26A24AE4-039D-4CA4-87B4-2F86416030FF}" = Java(TM) 6 Update 30 (64-bit)
"{393A9268-A428-4F5A-9B20-BD753309A98E}" = Click to Disc MergeModules x64
"{529125EF-E3AC-4B74-97E6-F688A7C0F1C0}" = Paint.NET v3.5.10
"{6A76BEAF-6D1F-4273-A79B-DA8410A2E56B}" = Apple Mobile Device Support
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{840A3BAA-4C68-4581-9C7A-6F8D6CF531B9}" = iTunes
"{8CD311D9-CE40-2D2C-89CB-EED5027D9ED9}" = ccc-utility64
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = WIDCOMM Bluetooth Software
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Alps Pointing-device for VAIO
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{C37B6246-7D4A-4E5C-BFB4-11C8660BDC99}" = VAIO Movie Story MergeModules x64
"{CC2B71CC-F0FB-7E59-2ACD-614F7FB5D5F2}" = ATI Catalyst Install Manager
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240D3}" = WinZip 16.5
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F83779DF-E1F5-43A2-A7BE-732F856FADB7}" = Microsoft SQL Server Compact 3.5 SP1 x64 English
"3BA80AB4C7E9F8497C115C844953A3D4BEB84D21" = Windows Driver Package - Broadcom HIDClass  (07/28/2009 6.2.0.9800)
"930E4792BDAEAFB62A9514EE7578775658A5D07C" = Windows Driver Package - Broadcom Bluetooth  (09/09/2009 6.2.0.9405)
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01169717-5E26-9395-A544-DC9098896147}" = Catalyst Control Center InstallProxy
"{012005D4-E3EF-1B6C-AF73-5CD654F7C566}" = CCC Help Spanish
"{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}" = Messenger Companion
"{0712E505-7C49-F24B-C526-53D13B070397}" = Catalyst Control Center Graphics Previews Vista
"{077AFFE9-BC8B-7811-0EEF-632D31E49C87}" = Catalyst Control Center Graphics Full New
"{0899D75A-C2FC-42EA-A702-5B9A5F24EAD5}" = VAIO Smart Network
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Central Data
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0B4F37D9-951B-B4C0-31FD-06304092DD70}" = CCC Help Norwegian
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{12D0BE8D-538C-4AB1-86DE-C540308F50DA}" = VAIO Content Metadata Manager Settings
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1873FFC1-FDCB-47E1-B7C7-F418211E3530}" = PMB VAIO Edition plug-in (VAIO Image Optimizer)
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1E450972-E996-4EC1-A4C3-1518A46928D0}" = VAIO Content Metadata Intelligent Network Service Manager
"{1ED31028-6D65-4CFD-AD03-8E484A052FE7}" = aonUpdate
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Central Tools
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FD416D0-CC16-41D1-A25C-C9986CD8BBAB}" = VAIO Content Metadata Intelligent Analyzing Manager
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{208345BE-27BB-4367-B245-A5B6E764FDD0}" = VAIO Content Metadata Intelligent Analyzing Manager
"{2110ECBD-BF15-4673-8852-8C68DDEB26AC}" = Media Gallery
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{23825B69-36DF-4DAD-9CFD-118D11D80F16}" = Einstellungen für VAIO-Inhaltsüberwachung
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 7
"{291FB4BF-EEC7-4CF9-8469-F39ED1DBC4D8}" = VAIO Content Metadata XML Interface Library
"{304FA186-DECC-9CC7-2FAE-0B67DB6FAE61}" = CCC Help Portuguese
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{34DC654E-6E43-4BFA-9E00-6C16CFA7B9F0}" = VAIO Data Restore Tool
"{3619666A-CB7E-0D03-3DFB-3F83BAF0FB6B}" = CCC Help Turkish
"{36C5BBF0-E5BF-4DE1-B684-7E90B0C93FB5}" = VAIO Care
"{37531547-B1F4-45E6-98FC-8AF5F2F0EAA4}" = VAIO Content Metadata Manager Settings
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{37DA1B85-CB86-E048-8DB8-44B893C8AEA1}" = Catalyst Control Center Localization All
"{3DD0F01F-98E4-6682-6272-DC51658035CA}" = Catalyst Control Center Graphics Light
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3EAAC5FD-E209-4856-8C49-D4EA40F85032}" = Mobile Connect
"{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}" = Norton Online Backup
"{4427F384-B5BE-4769-B7D0-C784FC321EB1}" = VAIO Content Metadata Intelligent Network Service Manager
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4882EBF5-CA37-4EF4-BCB8-9B0E78B907D0}" = VAIO Content Metadata Intelligent Analyzing Manager
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4DCEA9C1-4D6E-41BF-A854-28CFA8B56DBF}" = PMB VAIO Edition plug-in (Click to Disc)
"{4F753D00-FC8E-4AB2-E9EC-91251BC44F60}" = CCC Help German
"{4FFBB818-B13C-11E0-931D-B2664824019B}_is1" = Complitly
"{50026CD1-BDF2-29E1-10DF-9A414DFD90A8}" = CCC Help Polish
"{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
"{537BF16E-7412-448C-95D8-846E85A1D817}" = Roxio Easy Media Creator 10 LJ
"{5449FB4F-1802-4D5B-A6D8-087DB1142147}" = Realtek HDMI Audio Driver for ATI
"{57B955CE-B5D3-495D-AF1B-FAEE0540BFEF}" = VAIO Data Restore Tool
"{596BED91-A1D8-4DF1-8CD1-1C777F7588AC}" = VAIO DVD Menu Data
"{5BEE8F1F-BD32-4553-8107-500439E43BD7}" = VAIO Update
"{5DDAFB4B-C52E-468A-9E23-3B0CEEB671BF}" = VAIO-Support für Übertragungen
"{5FC56CFC-FBD8-7D5C-D16F-025F43F313B5}" = CCC Help Japanese
"{62F7DA7E-CCCB-439C-A760-00C3926E761F}" = Microsoft Works
"{644EF892-C792-F4FE-7D3E-DDACDEE15ACA}" = CCC Help Russian
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6B1F20F2-6321-4669-A58C-33DF8E7517FF}" = VAIO Entertainment Platform
"{6D8ED20E-E792-4DAC-BB66-009836CBD80B}" = VAIO Content Monitoring Settings
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{6FA8BA2C-052B-4072-B8E2-2302C268BE9E}" = VAIO Movie Story Template Data
"{70991E0A-1108-437E-BA7D-085702C670C0}" = 
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{72042FA6-5609-489F-A8EA-3C2DD650F667}" = VAIO Control Center
"{7392AA60-133D-4761-94DB-8FBC9B6CD5EA}" = VAIO Content Metadata Intelligent Network Service Manager
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Central Audio
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77F8A71E-3515-4832-B8B2-2F1EDBD2E0F1}" = Bing Bar
"{78665DD8-307F-B6B9-D0AA-BE9D9DCBACED}" = CCC Help French
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7B7A0C2B-89BF-9D93-65D5-CA10361C4A45}" = CCC Help English
"{7BB90344-0647-468E-925A-7F69F7983421}" = ArcSoft Magic-i Visual Effects 2
"{7C5FF476-5B4B-E07F-3AD1-D035F19340A2}" = CCC Help Czech
"{803E4FA5-A940-4420-B89D-A8BC2E160247}" = VAIO Energie Verwaltung
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{842BEE12-CCCB-43F4-ABAF-CBA6DFE2583D}" = Nero BurnLite 10
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{885E16CA-C33E-082A-2A72-DDD9F8C2C20E}" = CCC Help Chinese Traditional
"{888DD888-82BE-4D85-BCB2-2E042CD3E844}" = Tom Clancy's Splinter Cell Chaos Theory
"{88C252C8-A7EE-4B60-BF74-8E5919A8048F}" = PMB VAIO Edition Guide
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8DE50158-80AA-4FF2-9E9F-0A7C46F71FCD}" = VAIO Media plus
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{9118C696-FC94-435B-E4A3-77169E050F77}" = CCC Help Hungarian
"{91AAC9F5-0BF7-BD73-C00E-F907C00A1612}" = CCC Help Thai
"{9238E8A4-BEBA-43A3-B926-769BDBF194C5}" = VAIO Media plus Opening Movie
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{931FE23C-BB40-4C7A-A594-DB35908D8E83}" = VAIO Quick Web Access
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95140000-007A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{96D0B6C6-5A72-4B47-8583-A87E55F5FE81}" = 
"{96D8E26D-70CB-44DE-AE50-43095A39E5B2}" = VAIO Entertainment Platform
"{9B163B82-3B46-4CE5-BF01-A53E550A8E58}" = Sony Home Network Library
"{9B75981A-E44C-8F1F-87FA-90AF19E0B543}" = CCC Help Korean
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9DA53D22-D922-494C-B1D7-51CD9BCB9E4A}" = VAIO Hardware Diagnostics
"{9EAC0E21-510E-4259-A9C6-F5D5B8969036}" = Catalyst Control Center - Branding
"{A02D29FD-6961-5CED-B8AC-906DDDF4FD61}" = CCC Help Dutch
"{A3563827-B0DB-44DC-B037-15CC4E5E692F}" = VAIO Content Metadata XML Interface Library
"{A63E7492-A0BC-4BB9-89A7-352965222380}" = VAIO Original Funktion Einstellungen
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A7C30414-2382-4086-B0D6-01A88ABA21C3}" = VAIO Gate
"{A7DA438C-2E43-4C20-BFDA-C1F4A6208558}" = Setting Utility Series
"{A7E19604-93AF-4611-8C9F-CE509C2B286E}_is1" = VDownloader 3.0.752
"{A8453E55-43B9-086C-8E81-05BDF7D685E8}" = Catalyst Control Center Graphics Previews Common
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A95187EF-BCF4-4468-B501-C0BAB976ADD1}" = VAIO Personalization Manager
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AB259D46-F851-41B0-9AFA-AED8998AD68A}" = MusicStation
"{AB627AF2-9C7E-4DBD-816B-3B2646B81E89}" = Nero BurnLite 10
"{AC050677-EAFC-4B57-8F83-8205F65134D2}" = VAIO Content Metadata XML Interface Library
"{AC7327AD-68B6-26B0-1C77-6178BD13C10B}" = CCC Help Italian
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{AD976243-75CB-4A2B-809F-8C9EC4292377}" = Mobiles Internet für unterwegs
"{AFE83615-88BE-47F6-B3E4-A3FEF8B7B57F}_is1" = xrecode II 1.0.0.146
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B1DADBEB-7F82-4B29-84D6-5F14A020F0A0}" = VAIO Content Metadata Intelligent Analyzing Manager
"{B25563A0-41F4-4A81-A6C1-6DBC0911B1F3}" = PMB VAIO Edition plug-in (VAIO Movie Story)
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Central Copy
"{B6A98E5F-D6A7-46FB-9E9D-1F7BF443491C}" = PMB
"{B7546697-2A80-4256-A24B-1C33163F535B}" = VAIO Gate Default
"{BCA907B6-5A0F-473E-8C63-0FF0CFAEB7B7}" = VAIO Personalization Manager
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C614B5D2-2AE5-5026-350F-C893A2EF690C}" = Catalyst Control Center Graphics Full Existing
"{C7477742-DDB4-43E5-AC8D-0259E1E661B1}" = VAIO Event Service
"{C9E84BA5-FCDD-B150-1EC9-F003F04607EC}" = CCC Help Swedish
"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D03D02D8-AB64-4785-A48E-5AA8B0FB8C14}" = Sony Home Network Library
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D531F5A4-18F6-4130-B9A4-9179D6E349FC}" = VAIO Care
"{D60F97EC-EF06-4E1E-B0D1-C2CBABA62FA3}" = VAIO Wallpaper Contents
"{D6782EBE-7DEB-6DB6-2F36-1CF4F929541C}" = CCC Help Finnish
"{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}" = Intel(R) Turbo Boost Technology Driver
"{DA71EE59-9DF8-E845-942E-1974E620D9AB}" = CCC Help Chinese Standard
"{DD88F979-FA58-41AC-980C-A6E1A82B61D9}" = Media Gallery
"{DE8AAC73-6D8D-483E-96EA-CAEDDADB9079}" = ArcSoft WebCam Companion 3
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3DC1111-5D32-40F9-BB81-64E31294C1A4}" = VAIO Personalization Manager
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E59113EB-0285-4BFD-A37A-B79EAC6B8F4B}" = Microsoft SQL Server Compact 3.5 SP1 English
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Central Core
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1432614-6183-49E6-98E8-674485463CFE}" = VAIO Original Function Settings
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F64227CC-EF4C-1122-1A4B-0D7147D537F8}" = ccc-core-static
"{F761359C-9CED-45AE-9A51-9D6605CD55C4}" = Evernote
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{F8D915D4-0E11-6E92-C51B-88AEA671E9EF}" = Catalyst Control Center Core Implementation
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FA0813C1-1F93-0F76-08C2-DCE9D844928A}" = CCC Help Greek
"{FB77DB0C-6951-47B6-9D80-A0FDBEE0334C}" = 
"{FB8E2BF6-5D1D-831E-1DD7-B2817A201FDF}" = CCC Help Danish
"{FE51662F-D8F6-43B5-99D9-D4894AF00F83}" = Roxio Easy Media Creator Home
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"aonUpdate" = aonUpdate
"Avira AntiVir Desktop" = Avira Free Antivirus
"Canon MP250 series Benutzerregistrierung" = Canon MP250 series Benutzerregistrierung
"CanonMyPrinter" = Canon Utilities My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"Clarity recorder" = Clarity recorder
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"Easy-WebPrint EX" = Canon Easy-WebPrint EX
"Freecorder Toolbar" = Freecorder Toolbar
"Freecorder5.11" = Freecorder 5
"Google Chrome" = Google Chrome
"HappyFoto-Designer_is1" = HappyFoto-Designer 4.4
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{1873FFC1-FDCB-47E1-B7C7-F418211E3530}" = PMB VAIO Edition plug-in (VAIO Image Optimizer)
"InstallShield_{4DCEA9C1-4D6E-41BF-A854-28CFA8B56DBF}" = PMB VAIO Edition plug-in (Click to Disc)
"InstallShield_{6FA8BA2C-052B-4072-B8E2-2302C268BE9E}" = VAIO Movie Story Template Data
"InstallShield_{88C252C8-A7EE-4B60-BF74-8E5919A8048F}" = PMB VAIO Edition Guide
"InstallShield_{B25563A0-41F4-4A81-A6C1-6DBC0911B1F3}" = PMB VAIO Edition plug-in (VAIO Movie Story)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.0.1400
"MarketingTools" = VAIO Marketing Tools
"Mobiles Internet für unterwegs" = Mobiles Internet für unterwegs
"MP Navigator EX 3.0" = Canon MP Navigator EX 3.0
"Prism" = Prism Video File Converter
"Secunia PSI" = Secunia PSI
"softonic-de3 Toolbar" = softonic-de3 Toolbar
"splashtop" = VAIO Quick Web Access
"VAIO Help and Support" = 
"VAIO Premium Partners" = VAIO Premium Partners
"VAIO screensaver" = VAIO screensaver
"WinLiveSuite" = Windows Live Essentials
"WinPcapInst" = WinPcap 4.1.1
"WinZipBar_DE Toolbar" = WinZipBar_DE Toolbar
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Avira SearchFree Toolbar plus Web Protection Updater
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 25.11.2011 08:55:22 | Computer Name = *****-VAIO | Source = VzCdbSvc | ID = 7
Description = Das Plug-In-Modul konnte nicht geladen werden. (GUID = {48512A59-C8A5-4805-9048-23C9E4194BFA})
 (Fehlercode = 0x80042000)
 
Error - 25.11.2011 08:55:23 | Computer Name = *****-VAIO | Source = VzCdbSvc | ID = 7
Description = Das Plug-In-Modul konnte nicht geladen werden. (GUID = {56F9312C-C989-4E04-8C23-299DEE3A36F5})
 (Fehlercode = 0x80042019)
 
Error - 25.11.2011 13:03:11 | Computer Name = *****-VAIO | Source = VzCdbSvc | ID = 7
Description = Das Plug-In-Modul konnte nicht geladen werden. (GUID = {48512A59-C8A5-4805-9048-23C9E4194BFA})
 (Fehlercode = 0x80042000)
 
Error - 25.11.2011 13:03:11 | Computer Name = *****-VAIO | Source = VzCdbSvc | ID = 7
Description = Das Plug-In-Modul konnte nicht geladen werden. (GUID = {56F9312C-C989-4E04-8C23-299DEE3A36F5})
 (Fehlercode = 0x80042019)
 
Error - 27.11.2011 14:20:32 | Computer Name = *****-VAIO | Source = VzCdbSvc | ID = 7
Description = Das Plug-In-Modul konnte nicht geladen werden. (GUID = {48512A59-C8A5-4805-9048-23C9E4194BFA})
 (Fehlercode = 0x80042000)
 
Error - 27.11.2011 14:20:33 | Computer Name = *****-VAIO | Source = VzCdbSvc | ID = 7
Description = Das Plug-In-Modul konnte nicht geladen werden. (GUID = {56F9312C-C989-4E04-8C23-299DEE3A36F5})
 (Fehlercode = 0x80042019)
 
Error - 29.11.2011 16:26:26 | Computer Name = *****-VAIO | Source = VzCdbSvc | ID = 7
Description = Das Plug-In-Modul konnte nicht geladen werden. (GUID = {48512A59-C8A5-4805-9048-23C9E4194BFA})
 (Fehlercode = 0x80042000)
 
Error - 29.11.2011 16:26:27 | Computer Name = *****-VAIO | Source = VzCdbSvc | ID = 7
Description = Das Plug-In-Modul konnte nicht geladen werden. (GUID = {56F9312C-C989-4E04-8C23-299DEE3A36F5})
 (Fehlercode = 0x80042019)
 
Error - 30.11.2011 02:27:10 | Computer Name = *****-VAIO | Source = VzCdbSvc | ID = 7
Description = Das Plug-In-Modul konnte nicht geladen werden. (GUID = {48512A59-C8A5-4805-9048-23C9E4194BFA})
 (Fehlercode = 0x80042000)
 
Error - 30.11.2011 02:27:11 | Computer Name = *****-VAIO | Source = VzCdbSvc | ID = 7
Description = Das Plug-In-Modul konnte nicht geladen werden. (GUID = {56F9312C-C989-4E04-8C23-299DEE3A36F5})
 (Fehlercode = 0x80042019)
 
[ Media Center Events ]
Error - 07.02.2011 16:16:30 | Computer Name = *****-VAIO | Source = MCUpdate | ID = 0
Description = 21:16:30 - Fehler beim Herstellen der Internetverbindung.  21:16:30 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 07.02.2011 16:17:04 | Computer Name = *****-VAIO | Source = MCUpdate | ID = 0
Description = 21:17:00 - Fehler beim Herstellen der Internetverbindung.  21:17:00 
-     Serververbindung konnte nicht hergestellt werden..  
 
[ System Events ]
Error - 30.09.2012 16:08:44 | Computer Name = *****-VAIO | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 30.09.2012 16:13:20 | Computer Name = *****-VAIO | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 30.09.2012 16:13:20 | Computer Name = *****-VAIO | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 30.09.2012 16:13:20 | Computer Name = *****-VAIO | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 30.09.2012 16:13:44 | Computer Name = *****-VAIO | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 30.09.2012 16:13:44 | Computer Name = *****-VAIO | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 30.09.2012 16:13:44 | Computer Name = *****-VAIO | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 30.09.2012 16:14:53 | Computer Name = *****-VAIO | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Roxio Upnp Server 10 erreicht.
 
Error - 30.09.2012 16:15:28 | Computer Name = *****-VAIO | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Intel(R) Rapid Storage Technology erreicht.
 
Error - 30.09.2012 16:15:28 | Computer Name = *****-VAIO | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Intel(R) Rapid Storage Technology" wurde aufgrund folgenden
 Fehlers nicht gestartet:   %%1053
 
 
< End of report >
         
Die OTL-Datei:

Code:
ATTFilter
OTL logfile created on: 30.09.2012 22:26:45 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\******\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
3,86 Gb Total Physical Memory | 2,23 Gb Available Physical Memory | 57,84% Memory free
7,71 Gb Paging File | 5,64 Gb Available in Paging File | 73,06% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 455,13 Gb Total Space | 352,31 Gb Free Space | 77,41% Space Free | Partition Type: NTFS
 
Computer Name: ******-VAIO | User Name: ****** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.09.30 22:26:06 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\******\Desktop\OTL.exe
PRC - [2012.09.20 22:38:28 | 000,690,096 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_4_402_278_ActiveX.exe
PRC - [2012.08.16 12:24:15 | 000,307,856 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
PRC - [2012.08.08 09:26:45 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.07.27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.06.20 13:18:08 | 001,568,976 | ---- | M] (Ask) -- C:\Program Files (x86)\Ask.com\Updater\Updater.exe
PRC - [2012.05.02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2012.05.02 00:55:21 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
PRC - [2012.05.02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.03.24 08:11:25 | 000,167,936 | ---- | M] (Applian Technologies, Inc.) -- C:\Program Files (x86)\Freecorder\FLVSrvc.exe
PRC - [2011.02.25 11:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
PRC - [2011.02.14 13:23:50 | 000,044,736 | ---- | M] (Sony Corporation) -- C:\Programme\Sony\VAIO Care\VCService.exe
PRC - [2011.01.29 05:36:18 | 000,081,016 | ---- | M] (Sony of America Corporation) -- C:\Programme\Sony\VAIO Care\listener.exe
PRC - [2010.11.27 01:55:42 | 000,648,032 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\SONY\PMB\PMBVolumeWatcher.exe
PRC - [2010.11.27 01:55:42 | 000,398,176 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
PRC - [2010.07.21 13:43:54 | 000,965,176 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\psi.exe
PRC - [2010.05.28 11:14:24 | 000,205,168 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\SONY\VAIO Event Service\VESMgr.exe
PRC - [2010.05.04 13:07:22 | 000,503,080 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Nero\Update\NASvc.exe
PRC - [2010.02.19 19:19:24 | 000,529,776 | ---- | M] (Sony Corporation) -- C:\Programme\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
PRC - [2010.01.15 09:50:00 | 000,026,624 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\SONY\Marketing Tools\MarketingTools.exe
PRC - [2009.12.14 22:06:24 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2009.12.14 22:06:08 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2009.12.01 23:03:52 | 000,112,488 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\SONY\VAIO Event Service\VESMgrSub.exe
PRC - [2009.11.21 01:25:22 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2009.09.14 20:24:08 | 000,206,336 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
PRC - [2009.09.14 19:53:48 | 000,642,416 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
PRC - [2009.08.26 20:24:00 | 000,320,880 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\SONY\ISB Utility\ISBMgr.exe
PRC - [2008.09.18 11:59:10 | 000,104,960 | ---- | M] (ArcSoft, Inc.) -- C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.09.30 22:22:23 | 000,591,360 | ---- | M] () -- C:\Program Files (x86)\Secunia\PSI\psires.dll
MOD - [2012.06.14 18:43:24 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\69ca4a43ba14b66689715ad62aed70e6\System.ServiceProcess.ni.dll
MOD - [2012.06.14 18:42:46 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll
MOD - [2012.06.14 18:42:38 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll
MOD - [2012.05.13 11:46:47 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll
MOD - [2012.05.13 11:45:44 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll
MOD - [2012.05.13 11:45:40 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll
MOD - [2012.05.13 11:45:39 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
MOD - [2012.05.13 11:45:31 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
MOD - [2011.09.27 08:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011.09.27 08:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010.11.13 02:08:41 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2010.01.15 18:09:48 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2011.01.29 05:36:18 | 000,259,192 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Care\VCPerfService.exe -- (SampleCollector)
SRV:64bit: - [2009.12.24 22:06:05 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2012.09.20 22:38:29 | 000,250,288 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.07.27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.07.13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.05.02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.05.02 00:55:21 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService)
SRV - [2012.05.02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.05.01 12:05:12 | 004,710,040 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe -- (NOBU)
SRV - [2011.09.23 15:37:08 | 001,429,608 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Programme\Sony\VAIO Update Common\VUAgent.exe -- (VUAgent)
SRV - [2011.03.28 22:11:06 | 002,292,096 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2011.02.28 19:44:14 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011.02.25 11:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2011.02.14 13:23:50 | 000,044,736 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Programme\Sony\VAIO Care\VCService.exe -- (VCService)
SRV - [2010.11.27 01:55:42 | 000,398,176 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider)
SRV - [2010.09.22 19:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2010.05.28 11:14:24 | 000,205,168 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\SONY\VAIO Event Service\VESMgr.exe -- (VAIO Event Service)
SRV - [2010.05.04 13:07:22 | 000,503,080 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.03.18 12:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2010.02.19 19:19:28 | 000,115,568 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe -- (VcmXmlIfHelper)
SRV - [2010.02.19 19:19:24 | 000,529,776 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Programme\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe -- (VcmIAlzMgr)
SRV - [2009.12.14 22:06:24 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2009.12.14 22:06:08 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2009.11.30 20:51:18 | 000,571,248 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Programme\Sony\VAIO Power Management\SPMService.exe -- (VAIO Power Management)
SRV - [2009.11.25 20:06:06 | 000,821,760 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Programme\Sony\VAIO Smart Network\VSNService.exe -- (VSNService)
SRV - [2009.11.21 01:25:24 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2009.10.15 17:34:36 | 000,427,304 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe -- (SOHDms)
SRV - [2009.10.15 17:34:36 | 000,091,432 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe -- (SOHPlMgr)
SRV - [2009.10.15 17:34:36 | 000,075,048 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe -- (SOHDs)
SRV - [2009.10.15 17:34:34 | 000,120,104 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe -- (SOHCImp)
SRV - [2009.10.15 17:34:34 | 000,070,952 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe -- (SOHDBSvr)
SRV - [2009.09.14 20:24:08 | 000,206,336 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe -- (VzCdbSvc)
SRV - [2009.09.14 20:24:08 | 000,069,632 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe -- (VAIO Entertainment TV Device Arbitration Service)
SRV - [2009.09.14 19:53:48 | 000,642,416 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe -- (VCFw)
SRV - [2009.09.04 23:35:12 | 000,873,248 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV - [2009.09.01 22:42:00 | 000,361,840 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe -- (VcmINSMgr)
SRV - [2009.08.31 02:59:30 | 000,362,992 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe -- (Roxio Upnp Server 10)
SRV - [2009.08.31 02:59:18 | 000,313,840 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe -- (Roxio UPnP Renderer 10)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008.09.18 11:59:10 | 000,104,960 | ---- | M] (ArcSoft, Inc.) [Auto | Running] -- C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe -- (uCamMonitor)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.05.02 15:24:12 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2012.04.27 10:20:04 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012.04.25 12:11:36 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012.04.25 00:32:27 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012.03.08 18:40:52 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.20 11:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010.07.07 16:05:32 | 000,017,464 | ---- | M] (Secunia) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\psi_mf.sys -- (PSI)
DRV:64bit: - [2010.02.17 16:52:42 | 000,308,296 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk)
DRV:64bit: - [2010.02.17 16:52:42 | 000,102,472 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk)
DRV:64bit: - [2010.02.17 16:52:42 | 000,049,480 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mfesmfk.sys -- (mfesmfk)
DRV:64bit: - [2010.02.17 16:45:32 | 000,040,904 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mferkdk.sys -- (mferkdk)
DRV:64bit: - [2010.01.27 04:09:02 | 000,047,632 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\npf.sys -- (npf)
DRV:64bit: - [2009.12.24 22:06:08 | 006,106,624 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009.12.16 22:03:59 | 000,244,736 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2009.12.16 22:03:04 | 007,778,176 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009.12.16 04:49:48 | 000,213,280 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService)
DRV:64bit: - [2009.12.14 22:06:07 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
DRV:64bit: - [2009.11.21 01:09:48 | 000,537,112 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009.11.18 06:30:44 | 000,021,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2009.11.18 06:30:32 | 000,132,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2009.11.18 06:30:32 | 000,098,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2009.11.18 06:30:21 | 000,052,264 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btusbflt.sys -- (btusbflt)
DRV:64bit: - [2009.11.18 06:23:46 | 000,035,104 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2009.11.13 22:08:21 | 000,151,936 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2009.11.12 22:16:19 | 000,395,264 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009.11.12 22:06:44 | 001,542,656 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009.11.06 22:27:30 | 000,093,696 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimssne64.sys -- (rimspci)
DRV:64bit: - [2009.11.04 11:59:59 | 000,253,488 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2009.09.15 22:09:08 | 000,075,776 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\risdsne64.sys -- (risdsnpe)
DRV:64bit: - [2009.08.19 22:09:21 | 000,011,392 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SFEP.sys -- (SFEP)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.05.26 15:32:04 | 000,019,968 | ---- | M] (ArcSoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ArcSoftKsUFilter.sys -- (ArcSoftKsUFilter)
DRV:64bit: - [2009.05.20 12:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009.05.18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2007.08.08 12:10:24 | 000,112,512 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files (x86)\Freecorder\prxtbFre0.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files (x86)\softonic-de3\tbsoft.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {f3f5241a-c2c5-42d2-b6a1-2709209bbbac} - C:\Program Files (x86)\WinZipBar_DE\prxtbWinZ.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT1060933
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=SVEC&bmod=EU01
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.at/webhp?sourceid=toolbar-instant&hl=de&ion=1&qscrl=1&nord=1&rlz=1T4SVEC_deAT375AT376
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKCU\..\URLSearchHook: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files (x86)\Freecorder\prxtbFre0.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files (x86)\softonic-de3\tbsoft.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {f3f5241a-c2c5-42d2-b6a1-2709209bbbac} - C:\Program Files (x86)\WinZipBar_DE\prxtbWinZ.dll (Conduit Ltd.)
IE - HKCU\..\SearchScopes,DefaultScope = {9CB2C7E9-64F3-408A-BBCE-B97A275E00A1}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&affID=110819&babsrc=SP_ss&mntrId=38cc6d530000000000002a8158fedbf5
IE - HKCU\..\SearchScopes\{3545ADCC-40E8-49AD-80F7-25D963976327}: "URL" = hxxp://www.zinio.com/search/index.jsp?s={searchTerms}&rf=sonyie8search
IE - HKCU\..\SearchScopes\{4EE961B6-15E6-4A55-9807-C4577D4D2968}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SVEC_deAT375
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKCU\..\SearchScopes\{9CB2C7E9-64F3-408A-BBCE-B97A275E00A1}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-3&o=APN10397&src=kw&q={searchTerms}&locale=de_AT&apn_ptnrs=^ABV&apn_dtid=^YYYYYY^YY^AT&apn_uid=a3f3ce6c-a261-4ad7-b8c4-6f4d63d9daea&apn_sauid=52B62D51-FFA2-40A9-A3A6-3C7DED09A661
IE - HKCU\..\SearchScopes\{BBA6521F-BE44-4342-A5B3-5AEEDE491DD0}: "URL" = hxxp://rover.ebay.com/rover/1/707-37276-16609-0/4?satitle={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
 
[2010.10.31 17:44:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\******\AppData\Roaming\mozilla\Extensions
[2010.10.31 17:44:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\******\AppData\Roaming\mozilla\Extensions\{SbX-990005-9783706839228-tea10}
 
========== Chrome  ==========
 
CHR - homepage: hxxp://www.google.com/
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Complitly) - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Users\******\AppData\Roaming\Complitly\64\Complitly64.dll (SimplyGen)
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (Complitly) - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Users\******\AppData\Roaming\Complitly\Complitly.dll (SimplyGen)
O2 - BHO: (Freecorder Toolbar) - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files (x86)\Freecorder\prxtbFre0.dll (Conduit Ltd.)
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files (x86)\softonic-de3\tbsoft.dll (Conduit Ltd.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (WinZipBar_DE Toolbar) - {f3f5241a-c2c5-42d2-b6a1-2709209bbbac} - C:\Program Files (x86)\WinZipBar_DE\prxtbWinZ.dll (Conduit Ltd.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Freecorder Toolbar) - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files (x86)\Freecorder\prxtbFre0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files (x86)\softonic-de3\tbsoft.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (WinZipBar_DE Toolbar) - {f3f5241a-c2c5-42d2-b6a1-2709209bbbac} - C:\Program Files (x86)\WinZipBar_DE\prxtbWinZ.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Freecorder Toolbar) - {1392B8D2-5C05-419F-A8F6-B9F15A596612} - C:\Program Files (x86)\Freecorder\prxtbFre0.dll (Conduit Ltd.)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKCU\..\Toolbar\WebBrowser: (softonic-de3 Toolbar) - {CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - C:\Program Files (x86)\softonic-de3\tbsoft.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\WebBrowser: (WinZipBar_DE Toolbar) - {F3F5241A-C2C5-42D2-B6A1-2709209BBBAC} - C:\Program Files (x86)\WinZipBar_DE\prxtbWinZ.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [Apoint] C:\Programme\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [CanonSolutionMenu] C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Freecorder FLV Service] C:\Program Files (x86)\Freecorder\FLVSrvc.exe (Applian Technologies, Inc.)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [MarketingTools] C:\Program Files (x86)\Sony\Marketing Tools\MarketingTools.exe (Sony Corporation)
O4 - HKLM..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe (Symantec Corporation)
O4 - HKLM..\Run: [NortonOnlineBackup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe (Symantec Corporation)
O4 - HKLM..\Run: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - C:\Program Files (x86)\Evernote\Evernote3.5\enbar.dll (Evernote Corporation)
O9 - Extra 'Tools' menuitem : Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - C:\Program Files (x86)\Evernote\Evernote3.5\enbar.dll (Evernote Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000020 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EB67E911-867D-4C13-AE00-E3C7ECA0A89B}: DhcpNameServer = 10.0.0.138
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EB67E911-867D-4C13-AE00-E3C7ECA0A89B}: NameServer = 10.0.0.138
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\VESWinlogon: DllName - (VESWinlogon.dll) - C:\Windows\SysWow64\VESWinlogon.dll (Sony Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{28306d52-abfe-11e0-95c5-0024bec406f2}\Shell - "" = AutoRun
O33 - MountPoints2\{28306d52-abfe-11e0-95c5-0024bec406f2}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{28306d59-abfe-11e0-95c5-0024bec406f2}\Shell - "" = AutoRun
O33 - MountPoints2\{28306d59-abfe-11e0-95c5-0024bec406f2}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{99e585eb-427f-11df-9477-0024bec406f2}\Shell - "" = AutoRun
O33 - MountPoints2\{99e585eb-427f-11df-9477-0024bec406f2}\Shell\AutoRun\command - "" = G:\Autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.09.30 22:25:45 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\******\Desktop\OTL.exe
[2012.09.30 12:07:14 | 000,000,000 | ---D | C] -- C:\Users\******\AppData\Local\{22B9B3C6-88FE-4DDA-8F9A-78910B663DE1}
[2012.09.27 20:59:54 | 000,000,000 | ---D | C] -- C:\Users\******\AppData\Local\{217CBC77-318B-4380-969F-80CBDACC7879}
[2012.09.25 21:39:10 | 000,000,000 | ---D | C] -- C:\Users\******\AppData\Local\{6CCECC59-CDAC-4CCF-89D8-8F7E4B6588F4}
[2012.09.24 22:59:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012.09.24 15:48:56 | 000,000,000 | ---D | C] -- C:\Users\******\AppData\Local\{6BB2233D-F8E6-45CF-B357-A4F8B58A4C78}
[2012.09.22 12:00:43 | 000,000,000 | ---D | C] -- C:\Users\******\AppData\Local\{1C146F6D-C8D4-4BB8-938B-D85D8DA8266F}
[2012.09.21 14:36:16 | 000,000,000 | ---D | C] -- C:\Users\******\AppData\Local\{5CB624DD-412E-4A14-AF9B-599BAE3FEC00}
[2012.09.20 18:15:10 | 000,000,000 | ---D | C] -- C:\Users\******\AppData\Local\{07936B03-B20F-4F91-9508-0D3C31AAF350}
[2012.09.19 13:45:42 | 000,000,000 | ---D | C] -- C:\Users\******\AppData\Local\{3F2841E3-27D0-4F9F-8336-ACFD7940ACA9}
[2012.09.18 18:31:42 | 000,000,000 | ---D | C] -- C:\Users\******\AppData\Local\{BD420D61-B371-4AAE-8F51-437027A6A74C}
[2012.09.17 13:00:04 | 000,000,000 | ---D | C] -- C:\Users\******\AppData\Local\{0CE6200C-BF12-49CB-93CF-4A73D2A6FCFE}
[2012.09.15 09:58:52 | 000,000,000 | ---D | C] -- C:\Users\******\AppData\Local\{FC437DFE-9BC7-4EA5-B136-37BF9CDFF353}
[2012.09.13 23:16:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012.09.13 23:16:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2012.09.13 21:03:16 | 000,000,000 | ---D | C] -- C:\Users\******\AppData\Local\{E37300B1-1662-4AC9-A2F8-9AD1B9B7C828}
[2012.09.12 14:53:47 | 000,000,000 | ---D | C] -- C:\Users\******\AppData\Local\{50F87D12-45E4-4011-A2D1-8C6D64912F32}
[2012.09.08 10:29:49 | 000,000,000 | ---D | C] -- C:\Users\******\AppData\Local\{6A601669-4635-4367-A416-E6794817414E}
[2012.09.07 16:25:42 | 000,000,000 | ---D | C] -- C:\Users\******\AppData\Local\{AB4446CF-E0B6-453D-8869-278BBFDACF28}
[2012.09.05 07:34:18 | 000,000,000 | ---D | C] -- C:\Users\******\AppData\Local\{6ED54720-B4EC-4D62-85F6-33A9CD8E1FA5}
[2012.09.04 18:17:06 | 000,000,000 | ---D | C] -- C:\Users\******\AppData\Local\{794CC758-9AAA-48AF-B47D-A7E19D60E4A8}
[2012.09.01 11:38:26 | 000,000,000 | ---D | C] -- C:\Users\******\AppData\Local\{32B5EFC4-9BC7-4B60-A9AD-BD5D5A7C78AC}
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.09.30 22:30:10 | 000,013,872 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.09.30 22:30:10 | 000,013,872 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.09.30 22:26:06 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\******\Desktop\OTL.exe
[2012.09.30 22:20:24 | 000,000,000 | ---- | M] () -- C:\Users\******\defogger_reenable
[2012.09.30 22:19:30 | 000,050,477 | ---- | M] () -- C:\Users\******\Desktop\Defogger.exe
[2012.09.30 22:14:52 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.09.30 22:14:39 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.09.30 22:14:31 | 3106,480,128 | -HS- | M] () -- C:\hiberfil.sys
[2012.09.30 22:05:00 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.09.30 21:40:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.09.24 22:34:38 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.09.24 22:25:01 | 000,000,045 | ---- | M] () -- C:\Users\******\AppData\Roaming\msconfig.ini
[2012.09.16 19:09:16 | 001,498,742 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.09.16 19:09:16 | 000,654,400 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.09.16 19:09:16 | 000,616,242 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.09.16 19:09:16 | 000,130,240 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.09.16 19:09:16 | 000,106,622 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.09.13 23:16:12 | 000,002,517 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2012.09.07 17:04:46 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.09.30 22:20:24 | 000,000,000 | ---- | C] () -- C:\Users\******\defogger_reenable
[2012.09.30 22:19:29 | 000,050,477 | ---- | C] () -- C:\Users\******\Desktop\Defogger.exe
[2012.09.24 17:30:54 | 000,000,045 | ---- | C] () -- C:\Users\******\AppData\Roaming\msconfig.ini
[2011.11.06 18:53:47 | 000,004,096 | -H-- | C] () -- C:\Users\******\AppData\Local\keyfile3.drm
[2011.06.05 16:25:01 | 000,000,000 | ---- | C] () -- C:\Users\******\AppData\Local\{88DF361E-C42E-48DF-9C75-6D2A209912E6}
[2011.05.31 17:15:12 | 000,000,000 | ---- | C] () -- C:\Users\******\AppData\Local\{55D08540-C8C0-40D3-B175-4D7EAEB38330}
[2011.05.28 18:37:22 | 000,000,000 | ---- | C] () -- C:\Users\******\AppData\Local\{100A44E7-D423-4099-97EA-6F75500B91A2}
[2011.05.06 22:29:50 | 000,000,000 | ---- | C] () -- C:\Users\******\AppData\Local\{7E4088BF-69C0-42D7-BD42-DB7CF13F0C18}
[2011.02.04 23:00:39 | 000,444,283 | ---- | C] () -- C:\Program Files (x86)\Common Files\WinPcapNmap.exe
[2010.12.28 15:57:06 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.04.13 11:50:36 | 000,288,606 | ---- | C] () -- C:\Users\******\AppData\Roaming\mdbu.bin
[2010.04.08 11:46:26 | 000,000,118 | ---- | C] () -- C:\Users\******\AppData\Roaming\wklnhst.dat
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2010.04.06 09:28:24 | 000,000,000 | -HSD | M] -- C:\Users\******\AppData\Roaming\.#
[2011.01.24 20:54:33 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\Auslogics
[2012.05.04 23:55:35 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\Babylon
[2011.07.20 11:31:51 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\Canon
[2012.06.26 23:38:22 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\Complitly
[2010.10.30 14:49:45 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\GetRightToGo
[2010.10.31 17:44:33 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\Manz
[2010.04.07 22:11:40 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\mquadr.at
[2011.06.06 22:41:58 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\Template
[2011.02.11 20:43:18 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\VDownloader
[2012.01.30 23:15:07 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\Weaverslave
[2011.02.07 22:38:40 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\Windows Live Writer
 
========== Purity Check ==========
 
 

< End of report >
         
Das ist die Malewarebytes-Quickscan-Suche:

Code:
ATTFilter
Malwarebytes Anti-Malware 1.65.0.1400
www.malwarebytes.org

Datenbank Version: v2012.09.24.09

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
**** :: ****-VAIO [Administrator]

24.09.2012 22:35:13
mbam-log-2012-09-24 (22-35-13).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 213269
Laufzeit: 7 Minute(n), 43 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 1
HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon|shell (Trojan.Agent) -> Daten: explorer.exe,C:\Users\****\AppData\Roaming\msconfig.dat -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 2
C:\Users\****\AppData\Roaming\msconfig.dat (Trojan.Zbot) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\****\AppData\Local\Temp\lslwznby5zkh6yhc.exe (Trojan.Zbot) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
         
Das die Malewarebytes-Vollscan-Suche:

Code:
ATTFilter
Malwarebytes Anti-Malware 1.65.0.1400
www.malwarebytes.org

Datenbank Version: v2012.09.24.09

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
***** :: *****-VAIO [Administrator]

30.09.2012 18:12:09
mbam-log-2012-09-30 (18-12-09).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 414388
Laufzeit: 1 Stunde(n), 43 Minute(n), 14 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
         
__________________

Alt 02.10.2012, 21:34   #4
aero
 
Bundeskriminalamt Trojan.Zbot - Standard

Bundeskriminalamt Trojan.Zbot



Und dann hab ich die Schritte befolgt, die du mir in deinem Eintrag geschrieben hast. Hier die Logdateien:

Zu Schritt 1:

Code:
ATTFilter
-----------  4/05/12 - running v9.0.4.29 on ****-VAIO (user:****)  -----------
  Windows Path: C:\Windows
23:55:35 (Setup)-Command line: "C:\Users\****\AppData\Local\Temp\F547BDD1-BAB0-7891-93F9-247941C221E9\Setup.exe"   /mhp  /mds  /babTrack="affID=110819" /instlref=sst /srcExt=ss /babExt=babExt /rvrt  /aflt=babsst /mnt /S /tbGen="/tlbrid=tb9".
23:55:35 (Client)-LM file is C:\ProgramData\Babylon\BabAll.dat.
23:55:35 (Client)-LM imported to file.
23:55:35 (Client)-LM file access denied.
23:55:36 (Setup)-Setup start, installing version .
23:55:37 (Setup)-SourceDir: C:\Users\****\AppData\Local\Temp\F547BDD1-BAB0-7891-93F9-247941C221E9\.
23:55:37 (Setup)-InstallDir: C:\Program Files (x86)\Babylon\Babylon-Pro\.
23:55:37 (Setup)-ImportInstallDir: 0.
23:55:37 (Setup)-SilentInstall: 1.
23:55:37 (Setup)-ExecuteBabylon: 1.
23:55:37 (Setup)-NeedToImport: 0.
23:55:37 (Setup)-MinRequirements: 0.
23:55:37 (Setup)-IsUpgrade: 0.
23:55:37 (Setup)-TBInstallState: 4.
23:55:37 (Setup)-SetupType: 50.
23:55:37 (Setup)-SetupFlags: 2.
23:55:37 (Setup)-PrevVersion: 0.
23:55:37 (Setup)-TBInstall: 1.
23:55:37 (Setup)-Report: hxxp://info.babylon.com/stat/report.php?no_policy=1&lang=0&source=setup-start&stage=0&ver=9.0.4.29&affilID=110819&guid={B381021C-7BBA-4A1F-8486-BD029F85B937}&mntrId=38cc6d530000000000002a8158fedbf5&iev=9&ffv=0&crv=3&dwb=ie&sutp=50&sufl=2&dnld=0&dcnt=0&dtot=0&tbp=0&prver=0&impdir=0&impt=0&exc=1&minreq=0&wvr=601&avr=QW50aVZpciBEZXNrdG9w&tbtp=def&tbinst=1&w64=1&cntry=AT&osp=hp0:687068878;dsp0:927461885;hp1:0;dsp1:0;hp2:0;dsp2:0;&dnt=2.0,3.0,3.5,4.0.
23:55:41 (Setup)-File 1 (Setup-latest-30b.zpb) out of 2: errCode - 0, complete - 100, opt - 0, latest - 1, required - 0.

-----------  4/05/12 - running v9.0.4.30 on ****-VAIO (user:****)  -----------
  Windows Path: C:\Windows
23:55:42 (Setup)-Command line: C:\Users\****\AppData\Local\Temp\F547BDD1-BAB0-7891-93F9-247941C221E9\Latest\Setup.exe /mhp /mds /babTrack=affID=110819 /instlref=sst /srcExt=ss /babExt=babExt /rvrt /aflt=babsst /mnt /S /tbGen=/tlbrid=tb9 -latest.
23:55:42 (Client)-LM file is C:\ProgramData\Babylon\BabAll.dat.
23:55:42 (Client)-LM imported to file.
23:55:42 (Client)-LM file access denied.
23:55:42 (Setup)-Setup start, installing version .
23:55:42 (Setup)-SourceDir: C:\Users\****\AppData\Local\Temp\F547BDD1-BAB0-7891-93F9-247941C221E9\Latest\.
23:55:42 (Setup)-InstallDir: C:\Program Files (x86)\Babylon\Babylon-Pro\.
23:55:42 (Setup)-ImportInstallDir: 0.
23:55:42 (Setup)-SilentInstall: 1.
23:55:42 (Setup)-ExecuteBabylon: 1.
23:55:42 (Setup)-NeedToImport: 0.
23:55:42 (Setup)-MinRequirements: 0.
23:55:42 (Setup)-IsUpgrade: 0.
23:55:42 (Setup)-TBInstallState: 4.
23:55:42 (Setup)-SetupType: 50.
23:55:42 (Setup)-SetupFlags: a.
23:55:42 (Setup)-PrevVersion: 0.
23:55:42 (Setup)-TBInstall: 1.
23:55:42 (Setup)-Report: hxxp://info.babylon.com/stat/report.php?no_policy=1&lang=0&source=setup-start&stage=0&ver=9.0.4.30&affilID=110819&guid={94578D93-66DA-4A89-BDE7-86188EF9A1C2}&mntrId=38cc6d530000000000002a8158fedbf5&iev=9&ffv=0&crv=3&dwb=ie&sutp=50&sufl=10&dnld=0&dcnt=0&dtot=0&tbp=0&prver=0&impdir=0&impt=0&exc=1&minreq=0&wvr=601&avr=QW50aVZpciBEZXNrdG9w&tbtp=def&tbinst=1&w64=1&cntry=AT&osp=hp0:687068878;dsp0:927461885;hp1:0;dsp1:0;hp2:927461885;dsp2:0;&dnt=2.0,3.0,3.5,4.0.
23:55:43 (Setup)-Setup HP: hxxp://search.babylon.com/?affID=110819&babsrc=HP_ss&mntrId=38cc6d530000000000002a8158fedbf5.
23:55:43 (Setup)-Current HP (0): hxxp://www.google.at/.
23:55:43 (Setup)-Setup DSP: Search the web (Babylon).
23:55:43 (Setup)-Current DSP (0): Google.
23:55:43 (Setup)-Current DSP id (0): {4EE961B6-15E6-4A55-9807-C4577D4D2968}.
23:55:43 (Setup)-Search properties were set - hp: 1, dsp: 1, (0x3).
23:55:43 (Setup)-DomainUrl: hxxp://search.babylon.com.
23:55:43 (Setup)-HomePageUrl: hxxp://search.babylon.com/?affID=110819&babsrc=HP_ss&mntrId=38cc6d530000000000002a8158fedbf5.
23:55:43 (Setup)-DefSearchName: Search the web (Babylon).
23:55:43 (Setup)-SearchProviderUrl: hxxp://search.babylon.com/?q={searchTerms}&affID=110819&babsrc=SP_ss&mntrId=38cc6d530000000000002a8158fedbf5.
23:55:43 (Setup)-ToolbarUrl: hxxp://search.babylon.com/?q={searchTerms}&affID=110819&babsrc=TB_ss&mntrId=38cc6d530000000000002a8158fedbf5.
23:55:43 (Setup)-NewTabUrl: hxxp://search.babylon.com/?affID=110819&babsrc=NT_ss&mntrId=38cc6d530000000000002a8158fedbf5.
23:55:48 (Setup)-File 1 (Setup-tbmntr903.zpb) out of 1: errCode - 0, complete - 100, opt - 0, latest - 0, required - 0.
23:55:48 (Setup)-ExitInstallation 90.
23:55:48 (Setup)-exit message loop.
23:55:48 (Setup)-Toolbar installation command: (C:\Users\****\AppData\Local\Temp\F547BDD1-BAB0-7891-93F9-247941C221E9\Latest\MyBabylonTB.exe /lng=en   /babTrack="affID=110819" /instlRef=sst /aflt=babsst /srcExt=ss /tlbrid=tb9).
23:55:54 (Setup)-ExitOnError: 90.
23:55:55 (Setup)-Report: hxxp://info.babylon.com/stat/report.php?no_policy=1&lang=0&source=setup-end&stage=90&ver=9.0.4.30&affilID=110819&guid={94578D93-66DA-4A89-BDE7-86188EF9A1C2}&mntrId=38cc6d530000000000002a8158fedbf5&iev=9&ffv=0&crv=3&dwb=ie&sutp=50&sufl=10&dnld=100&dcnt=1&dtot=1&tbp=0&prver=0&impdir=0&impt=0&exc=1&minreq=0&wvr=601&avr=QW50aVZpciBEZXNrdG9w&tbtp=none&tbinst=1&w64=1&cntry=AT&osp=hp0:687068878;dsp0:927461885;hp1:0;dsp1:0;hp2:927461885;dsp2:0;&dnt=2.0,3.0,3.5,4.0&spbi=&IE2_sdsps&IE1_shps&hp=1&dsp=1&tb=1&hpx=1&dspx=1&tbx=1&dtct=-1145341807&excd=7.
23:55:55 (Setup)-Setup end.
23:55:55 (Setup)-ExitInstallation 91.
23:55:55 (Setup)-exit message loop.
23:55:55 (Setup)-ExitOnError: 91.
23:55:56 (Setup)-Report: hxxp://info.babylon.com/stat/report.php?no_policy=1&lang=0&source=setup-end&stage=91&ver=9.0.4.29&affilID=110819&guid={B381021C-7BBA-4A1F-8486-BD029F85B937}&mntrId=38cc6d530000000000002a8158fedbf5&iev=9&ffv=0&crv=3&dwb=ie&sutp=50&sufl=2&dnld=100&dcnt=1&dtot=2&tbp=0&prver=0&impdir=0&impt=0&exc=1&minreq=0&wvr=601&avr=QW50aVZpciBEZXNrdG9w&tbtp=def&tbinst=1&w64=1&cntry=AT&osp=hp0:687068878;dsp0:927461885;hp1:0;dsp1:0;hp2:0;dsp2:0;&dnt=2.0,3.0,3.5,4.0&hp=1&dsp=1&tb=1&hpx=0&dspx=0&tbx=0&dtct=-1145341807&excd=7.
23:55:56 (Setup)-Setup end.
         

Zu Schritt 2:

Code:
ATTFilter
Malwarebytes Anti-Malware 1.65.0.1400
www.malwarebytes.org

Datenbank Version: v2012.10.02.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
**** :: ****-VAIO [Administrator]

02.10.2012 18:28:31
mbam-log-2012-10-02 (18-28-31).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 408719
Laufzeit: 1 Stunde(n), 45 Minute(n), 55 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
         
Zu Schritt 3:

Code:
ATTFilter
# AdwCleaner v2.003 - Datei am 10/02/2012 um 20:32:10 erstellt
# Aktualisiert am 23/09/2012 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : **** - ****-VAIO
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\****\Desktop\adwcleaner.exe
# Option [Suche]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gefunden : C:\user.js
Datei Gefunden : C:\Users\Public\Desktop\QuickStores.url
Ordner Gefunden : C:\Program Files (x86)\Ask.com
Ordner Gefunden : C:\Program Files (x86)\Complitly
Ordner Gefunden : C:\Program Files (x86)\Conduit
Ordner Gefunden : C:\Program Files (x86)\Freecorder
Ordner Gefunden : C:\Program Files (x86)\softonic-de3
Ordner Gefunden : C:\Program Files (x86)\WinZipBar_DE
Ordner Gefunden : C:\ProgramData\~0
Ordner Gefunden : C:\ProgramData\Babylon
Ordner Gefunden : C:\ProgramData\boost_interprocess
Ordner Gefunden : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Freecorder
Ordner Gefunden : C:\ProgramData\Partner
Ordner Gefunden : C:\ProgramData\Tarma Installer
Ordner Gefunden : C:\Users\****\AppData\Local\APN
Ordner Gefunden : C:\Users\****\AppData\Local\AskToolbar
Ordner Gefunden : C:\Users\****\AppData\Local\Babylon
Ordner Gefunden : C:\Users\****\AppData\Local\Conduit
Ordner Gefunden : C:\Users\****\AppData\Local\Temp\AskSearch
Ordner Gefunden : C:\Users\****\AppData\Local\Temp\BabylonToolbar
Ordner Gefunden : C:\Users\****\AppData\Local\Temp\boost_interprocess
Ordner Gefunden : C:\Users\****\AppData\LocalLow\AskToolbar
Ordner Gefunden : C:\Users\****\AppData\LocalLow\Conduit
Ordner Gefunden : C:\Users\****\AppData\LocalLow\Freecorder
Ordner Gefunden : C:\Users\****\AppData\LocalLow\PriceGong
Ordner Gefunden : C:\Users\****\AppData\LocalLow\softonic-de3
Ordner Gefunden : C:\Users\****\AppData\LocalLow\WinZipBar_DE
Ordner Gefunden : C:\Users\****\AppData\Roaming\Complitly
Ordner Gefunden : C:\Windows\Freecorder
Ordner Gefunden : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

***** [Registrierungsdatenbank] *****

Schlüssel Gefunden : HKCU\Software\APN
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\AskToolbar
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\Conduit
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\Freecorder
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\PriceGong
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\SmartBar
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\softonic-de3
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\WinZipBar_DE
Schlüssel Gefunden : HKCU\Software\AppDataLow\Toolbar
Schlüssel Gefunden : HKCU\Software\Ask&Record
Schlüssel Gefunden : HKCU\Software\Ask.com
Schlüssel Gefunden : HKCU\Software\Ask.com.tmp
Schlüssel Gefunden : HKCU\Software\AskToolbar
Schlüssel Gefunden : HKCU\Software\Complitly
Schlüssel Gefunden : HKCU\Software\Conduit
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0FB6A909-6086-458F-BD92-1F8EE10042A0}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0FB6A909-6086-458F-BD92-1F8EE10042A0}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{10CF7D17-150E-4B62-B0C3-D4BAC673D872}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F8C3D1A4-3EA1-4426-9EE4-345CBF638159}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Schlüssel Gefunden : HKCU\Software\Softonic
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Schlüssel Gefunden : HKLM\Software\APN
Schlüssel Gefunden : HKLM\Software\AskToolbar
Schlüssel Gefunden : HKLM\Software\Babylon
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{442F13BC-2031-42D5-9520-437F65271153}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Conduit.Engine
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\SuggestMeYes.SuggestMeYesBHO
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\SuggestMeYes.SuggestMeYesBHO.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Toolbar.CT1060933
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Toolbar.CT2431245
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Toolbar.CT3192727
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{01BCB858-2F62-4F06-A8F4-48F927C15333}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Schlüssel Gefunden : HKLM\Software\Conduit
Schlüssel Gefunden : HKLM\Software\Freecorder
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{10CF7D17-150E-4B62-B0C3-D4BAC673D872}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D621C6A0-CE5A-4FA5-9465-732C70649F88}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F8C3D1A4-3EA1-4426-9EE4-345CBF638159}
Schlüssel Gefunden : HKLM\Software\softonic-de3
Schlüssel Gefunden : HKLM\Software\VDownloader\OpenCandy
Schlüssel Gefunden : HKLM\Software\WinZipBar_DE
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{0FB6A909-6086-458F-BD92-1F8EE10042A0}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{10CF7D17-150E-4B62-B0C3-D4BAC673D872}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D621C6A0-CE5A-4FA5-9465-732C70649F88}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F8C3D1A4-3EA1-4426-9EE4-345CBF638159}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C9AE652B-8C99-4AC2-B556-8B501182874E}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dlfienamagdnkekbbbocojppncdambda
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{48FDF963-F9C7-4764-9F39-7F0D616EB349}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8B8336BF-BA18-41A4-A3E3-A02BA93169EF}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9598E23C-B219-4FD4-9733-8BF8687D05E0}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D4E854F1-9507-4E5A-A75F-40E2C3BB16F6}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E95253FA-4B91-4ED9-8DBF-22443FBC6A79}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0FB6A909-6086-458F-BD92-1F8EE10042A0}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{4FFBB818-B13C-11E0-931D-B2664824019B}_is1
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Freecorder Toolbar
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\softonic-de3 Toolbar
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\WinZipBar_DE Toolbar
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{0FB6A909-6086-458F-BD92-1F8EE10042A0}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{C9AE652B-8C99-4AC2-B556-8B501182874E}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0FB6A909-6086-458F-BD92-1F8EE10042A0}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gefunden : HKLM\SOFTWARE\Tarma Installer
Schlüssel Gefunden : HKU\S-1-5-21-1580298607-1066305876-987676870-1000\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Google Chrome v [Version kann nicht ermittelt werden]

Datei : C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R1].txt - [10709 octets] - [02/10/2012 20:32:10]

########## EOF - C:\AdwCleaner[R1].txt - [10770 octets] ##########
         

Und zu Schritt 4:

Code:
ATTFilter
# AdwCleaner v2.003 - Datei am 10/02/2012 um 20:34:07 erstellt
# Aktualisiert am 23/09/2012 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : **** - ****-VAIO
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\****\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gelöscht : C:\user.js
Datei Gelöscht : C:\Users\Public\Desktop\QuickStores.url
Gelöscht mit Neustart : C:\ProgramData\boost_interprocess
Ordner Gelöscht : C:\Program Files (x86)\Ask.com
Ordner Gelöscht : C:\Program Files (x86)\Complitly
Ordner Gelöscht : C:\Program Files (x86)\Conduit
Ordner Gelöscht : C:\Program Files (x86)\Freecorder
Ordner Gelöscht : C:\Program Files (x86)\softonic-de3
Ordner Gelöscht : C:\Program Files (x86)\WinZipBar_DE
Ordner Gelöscht : C:\ProgramData\~0
Ordner Gelöscht : C:\ProgramData\Babylon
Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Freecorder
Ordner Gelöscht : C:\ProgramData\Partner
Ordner Gelöscht : C:\ProgramData\Tarma Installer
Ordner Gelöscht : C:\Users\****\AppData\Local\APN
Ordner Gelöscht : C:\Users\****\AppData\Local\AskToolbar
Ordner Gelöscht : C:\Users\****\AppData\Local\Babylon
Ordner Gelöscht : C:\Users\****\AppData\Local\Conduit
Ordner Gelöscht : C:\Users\****\AppData\Local\Temp\AskSearch
Ordner Gelöscht : C:\Users\****\AppData\Local\Temp\BabylonToolbar
Ordner Gelöscht : C:\Users\****\AppData\Local\Temp\boost_interprocess
Ordner Gelöscht : C:\Users\****\AppData\LocalLow\AskToolbar
Ordner Gelöscht : C:\Users\****\AppData\LocalLow\Conduit
Ordner Gelöscht : C:\Users\****\AppData\LocalLow\Freecorder
Ordner Gelöscht : C:\Users\****\AppData\LocalLow\PriceGong
Ordner Gelöscht : C:\Users\****\AppData\LocalLow\softonic-de3
Ordner Gelöscht : C:\Users\****\AppData\LocalLow\WinZipBar_DE
Ordner Gelöscht : C:\Users\****\AppData\Roaming\Complitly
Ordner Gelöscht : C:\Windows\Freecorder
Ordner Gelöscht : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\APN
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\AskToolbar
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Freecorder
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\PriceGong
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\SmartBar
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\softonic-de3
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\WinZipBar_DE
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Toolbar
Schlüssel Gelöscht : HKCU\Software\Ask&Record
Schlüssel Gelöscht : HKCU\Software\Ask.com
Schlüssel Gelöscht : HKCU\Software\Ask.com.tmp
Schlüssel Gelöscht : HKCU\Software\AskToolbar
Schlüssel Gelöscht : HKCU\Software\Complitly
Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0FB6A909-6086-458F-BD92-1F8EE10042A0}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0FB6A909-6086-458F-BD92-1F8EE10042A0}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{10CF7D17-150E-4B62-B0C3-D4BAC673D872}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F8C3D1A4-3EA1-4426-9EE4-345CBF638159}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Schlüssel Gelöscht : HKLM\Software\APN
Schlüssel Gelöscht : HKLM\Software\AskToolbar
Schlüssel Gelöscht : HKLM\Software\Babylon
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{442F13BC-2031-42D5-9520-437F65271153}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Conduit.Engine
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\SuggestMeYes.SuggestMeYesBHO
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\SuggestMeYes.SuggestMeYesBHO.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT1060933
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2431245
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT3192727
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{01BCB858-2F62-4F06-A8F4-48F927C15333}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Schlüssel Gelöscht : HKLM\Software\Conduit
Schlüssel Gelöscht : HKLM\Software\Freecorder
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{10CF7D17-150E-4B62-B0C3-D4BAC673D872}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D621C6A0-CE5A-4FA5-9465-732C70649F88}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F8C3D1A4-3EA1-4426-9EE4-345CBF638159}
Schlüssel Gelöscht : HKLM\Software\softonic-de3
Schlüssel Gelöscht : HKLM\Software\VDownloader\OpenCandy
Schlüssel Gelöscht : HKLM\Software\WinZipBar_DE
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{0FB6A909-6086-458F-BD92-1F8EE10042A0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{10CF7D17-150E-4B62-B0C3-D4BAC673D872}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D621C6A0-CE5A-4FA5-9465-732C70649F88}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F8C3D1A4-3EA1-4426-9EE4-345CBF638159}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C9AE652B-8C99-4AC2-B556-8B501182874E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dlfienamagdnkekbbbocojppncdambda
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{48FDF963-F9C7-4764-9F39-7F0D616EB349}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8B8336BF-BA18-41A4-A3E3-A02BA93169EF}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9598E23C-B219-4FD4-9733-8BF8687D05E0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D4E854F1-9507-4E5A-A75F-40E2C3BB16F6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E95253FA-4B91-4ED9-8DBF-22443FBC6A79}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0FB6A909-6086-458F-BD92-1F8EE10042A0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{4FFBB818-B13C-11E0-931D-B2664824019B}_is1
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Freecorder Toolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\softonic-de3 Toolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\WinZipBar_DE Toolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{0FB6A909-6086-458F-BD92-1F8EE10042A0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C9AE652B-8C99-4AC2-B556-8B501182874E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0FB6A909-6086-458F-BD92-1F8EE10042A0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gelöscht : HKLM\SOFTWARE\Tarma Installer

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16421

Wiederhergestellt : [HKCU\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKCU\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]

-\\ Google Chrome v [Version kann nicht ermittelt werden]

Datei : C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R1].txt - [10822 octets] - [02/10/2012 20:32:10]
AdwCleaner[S1].txt - [11274 octets] - [02/10/2012 20:34:07]

########## EOF - C:\AdwCleaner[S1].txt - [11335 octets] ##########
         

Ich hoffe, alle Schritte richtig gemacht zu haben!
Danke schon im Voraus für die Rückmeldung!

Alt 02.10.2012, 23:21   #5
t'john
/// Helfer-Team
 
Bundeskriminalamt Trojan.Zbot - Standard

Bundeskriminalamt Trojan.Zbot



Was soll das sein?

Schritt 1 richtig ausfuehren!!

__________________
Mfg, t'john
Das TB unterstützen

Alt 03.10.2012, 20:43   #6
aero
 
Bundeskriminalamt Trojan.Zbot - Standard

Bundeskriminalamt Trojan.Zbot



Ok - ich habs nochmal genau nach Anleitung gemacht:

Code:
ATTFilter
All processes killed
========== OTL ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{1392b8d2-5c05-419f-a8f6-b9f15a596612} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\ not found.
File C:\Program Files (x86)\Freecorder\prxtbFre0.dll not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\ not found.
File C:\Program Files (x86)\softonic-de3\tbsoft.dll not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{f3f5241a-c2c5-42d2-b6a1-2709209bbbac} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f3f5241a-c2c5-42d2-b6a1-2709209bbbac}\ not found.
File C:\Program Files (x86)\WinZipBar_DE\prxtbWinZ.dll not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{00000000-6E41-4FD3-8538-502F5495E5FC} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}\ deleted successfully.
C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll moved successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{1392b8d2-5c05-419f-a8f6-b9f15a596612} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\ not found.
File C:\Program Files (x86)\Freecorder\prxtbFre0.dll not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\ not found.
File C:\Program Files (x86)\softonic-de3\tbsoft.dll not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{f3f5241a-c2c5-42d2-b6a1-2709209bbbac} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f3f5241a-c2c5-42d2-b6a1-2709209bbbac}\ not found.
File C:\Program Files (x86)\WinZipBar_DE\prxtbWinZ.dll not found.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{3545ADCC-40E8-49AD-80F7-25D963976327}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3545ADCC-40E8-49AD-80F7-25D963976327}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{4EE961B6-15E6-4A55-9807-C4577D4D2968}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4EE961B6-15E6-4A55-9807-C4577D4D2968}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9CB2C7E9-64F3-408A-BBCE-B97A275E00A1}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9CB2C7E9-64F3-408A-BBCE-B97A275E00A1}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BBA6521F-BE44-4342-A5B3-5AEEDE491DD0}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BBA6521F-BE44-4342-A5B3-5AEEDE491DD0}\ not found.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\ not found.
File C:\Program Files (x86)\Freecorder\prxtbFre0.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\ not found.
File C:\Program Files (x86)\softonic-de3\tbsoft.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
File C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{f3f5241a-c2c5-42d2-b6a1-2709209bbbac}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f3f5241a-c2c5-42d2-b6a1-2709209bbbac}\ not found.
File C:\Program Files (x86)\WinZipBar_DE\prxtbWinZ.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{1392b8d2-5c05-419f-a8f6-b9f15a596612} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\ not found.
File C:\Program Files (x86)\Freecorder\prxtbFre0.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\ not found.
File de3\tbsoft.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{f3f5241a-c2c5-42d2-b6a1-2709209bbbac} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f3f5241a-c2c5-42d2-b6a1-2709209bbbac}\ not found.
File C:\Program Files (x86)\WinZipBar_DE\prxtbWinZ.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{1392B8D2-5C05-419F-A8F6-B9F15A596612} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1392B8D2-5C05-419F-A8F6-B9F15A596612}\ not found.
File C:\Program Files (x86)\Freecorder\prxtbFre0.dll not found.
64bit-Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
File C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{759D9886-0C6F-4498-BAB6-4A5F47C6C72F} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{759D9886-0C6F-4498-BAB6-4A5F47C6C72F}\ not found.
File WebPrint EX\ewpexhlp.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065}\ not found.
File de3\tbsoft.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{F3F5241A-C2C5-42D2-B6A1-2709209BBBAC} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F3F5241A-C2C5-42D2-B6A1-2709209BBBAC}\ not found.
File C:\Program Files (x86)\WinZipBar_DE\prxtbWinZ.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ApnUpdater deleted successfully.
C:\Program Files (x86)\Ask.com\Updater\Updater.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser not found.
64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Nach Microsoft &Excel exportieren\ not found.
64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Nach Microsoft E&xel exportieren\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Nach Microsoft &Excel exportieren\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Nach Microsoft E&xel exportieren\ not found.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{28306d52-abfe-11e0-95c5-0024bec406f2}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{28306d52-abfe-11e0-95c5-0024bec406f2}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{28306d52-abfe-11e0-95c5-0024bec406f2}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{28306d52-abfe-11e0-95c5-0024bec406f2}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{28306d59-abfe-11e0-95c5-0024bec406f2}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{28306d59-abfe-11e0-95c5-0024bec406f2}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{28306d59-abfe-11e0-95c5-0024bec406f2}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{28306d59-abfe-11e0-95c5-0024bec406f2}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{99e585eb-427f-11df-9477-0024bec406f2}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99e585eb-427f-11df-9477-0024bec406f2}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{99e585eb-427f-11df-9477-0024bec406f2}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99e585eb-427f-11df-9477-0024bec406f2}\ not found.
File G:\Autorun.exe not found.
Folder C:\Users\****\AppData\Roaming\.#\ not found.
Folder C:\Users\****\AppData\Roaming\Babylon\ not found.
========== FILES ==========
File\Folder C:\ProgramData\*.exe not found.
File\Folder C:\ProgramData\TEMP not found.
File\Folder C:\Users\****\*.tmp not found.
C:\Users\****\AppData\Local\{4D494EA9-E407-4F48-9355-E0DB1093C0AD} folder moved successfully.
File\Folder C:\Users\****\AppData\Local\Temp\*.exe not found.
File\Folder C:\Users\****\AppData\LocalLow\Sun\Java\Deployment\cache not found.
File/Folder C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk not found.
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\****\Desktop\cmd.bat deleted successfully.
C:\Users\****\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: ****
->Temp folder emptied: 199423427 bytes
->Temporary Internet Files folder emptied: 16418101451 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1090960638 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 596595 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 751 bytes
RecycleBin emptied: 14633418333 bytes
 
Total Files Cleaned = 30.844,00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 10032012_203032

Files\Folders moved on Reboot...
C:\Users\****\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File\Folder C:\Users\****\AppData\Local\Temp\~DF27C7EFD2CAFC866E.TMP not found!
File\Folder C:\Users\****\AppData\Local\Temp\~DF393E7F54D3F0F25B.TMP not found!
File\Folder C:\Users\****\AppData\Local\Temp\~DF80BEA2E684731E47.TMP not found!
File\Folder C:\Users\****\AppData\Local\Temp\~DF93F666F8F687BF90.TMP not found!
File\Folder C:\Users\****\AppData\Local\Temp\~DF9CB94D7E35399079.TMP not found!
File\Folder C:\Users\****\AppData\Local\Temp\~DFB15325DE5E562526.TMP not found!
File\Folder C:\Users\****\AppData\Local\Temp\~DFC326B354CDA5C6AA.TMP not found!
File\Folder C:\Users\****\AppData\Local\Temp\~DFC765A3C4881174CB.TMP not found!
File\Folder C:\Users\****\AppData\Local\Temp\~DFCABF4FE3CEC1AEA5.TMP not found!
File\Folder C:\Users\****\AppData\Local\Temp\~DFEA4AD2D09043A825.TMP not found!
File\Folder C:\Users\****\AppData\Local\Temp\~DFEAE8F83E98DD2525.TMP not found!
File\Folder C:\Users\****\AppData\Local\Temp\~DFF3F37B14910422BA.TMP not found!

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
         

Alt 04.10.2012, 17:58   #7
t'john
/// Helfer-Team
 
Bundeskriminalamt Trojan.Zbot - Standard

Bundeskriminalamt Trojan.Zbot



Wo ist das Fix Log vom ersten durchlauf?
__________________
Mfg, t'john
Das TB unterstützen

Alt 05.10.2012, 21:10   #8
aero
 
Bundeskriminalamt Trojan.Zbot - Standard

Bundeskriminalamt Trojan.Zbot



Der erste Durchlauf hat offensichtlich nicht geklappt, den das Fix Log des ersten Durchlaufs ist das, auf was du die Frage gestellt hast, was das sein soll!

LG aero

Alt 05.10.2012, 23:15   #9
t'john
/// Helfer-Team
 
Bundeskriminalamt Trojan.Zbot - Standard

Bundeskriminalamt Trojan.Zbot



Zitat:
das Fix Log des ersten Durchlaufs ist das, auf was du die Frage gestellt hast, was das sein soll!
das ist alles andere als ein OTL-Fix Log, wo auch immer du das her hast.


Wie laeuft der Rechner?


Malware-Scan mit Emsisoft Anti-Malware

Lade die Gratisversion von => Emsisoft Anti-Malware herunter und installiere das Programm.
Lade über Jetzt Updaten die aktuellen Signaturen herunter.
Wähle den Freeware-Modus aus.

Wähle Detail Scan und starte über den Button Scan die Überprüfung des Computers.
Am Ende des Scans nichts loeschen lassen!. Mit Klick auf Bericht speichern das Logfile auf dem Desktop speichern und hier in den Thread posten.

Anleitung: http://www.trojaner-board.de/103809-...i-malware.html
__________________
Mfg, t'john
Das TB unterstützen

Alt 09.10.2012, 22:42   #10
aero
 
Bundeskriminalamt Trojan.Zbot - Standard

Bundeskriminalamt Trojan.Zbot



ich habs hier eingesehen: C:\_OTL\MovedFiles\<datum_nummer.log - wie du gesagt hat und da raus kopiert - aber ich denke der erste durchlauf hat einfach nicht funktioniert - warum auch immer - installationsprobleme oder ähnliches - keine ahnung!

der rechner läuft soweit normal!
es ist mir nichts außergewöhnliches aufgefallen!

hier das gewünschte logfile mit der emsisoft-anti-maleware erstellt:

Code:
ATTFilter
Emsisoft Anti-Malware - Version 7.0
Letztes Update: 09.10.2012 20:26:57

Scan Einstellungen:

Scan Methode: Detail Scan
Objekte: Rootkits, Speicher, Traces, C:\

Riskware-Erkennung: Aus
Archiv Scan: An
ADS Scan: An
Dateitypen-Filter: Aus
Erweitertes Caching: An
Direkter Festplattenzugriff: Aus

Scan Beginn:	09.10.2012 20:28:17


Gescannt	492808
Gefunden	0

Scan Ende:	09.10.2012 21:51:43
Scan Zeit:	1:23:26
         
danke und lg

Alt 09.10.2012, 23:45   #11
t'john
/// Helfer-Team
 
Bundeskriminalamt Trojan.Zbot - Standard

Bundeskriminalamt Trojan.Zbot



Sehr gut!


Deinstalliere:
Emsisoft Anti-Malware


ESET Online Scanner

Vorbereitung

  • Schließe evtl. vorhandene externe Festplatten und/oder sonstigen Wechselmedien (z. B. evtl. vorhandene USB-Sticks) an den Rechner an.
  • Bitte während des Online-Scans Anti-Virus-Programm und Firewall deaktivieren.
  • Vista/Win7-User: Bitte den Browser unbedingt als Administrator starten.
Los geht's

  • Lade und starte Eset Smartinstaller
  • Haken setzen bei YES, I accept the Terms of Use.
  • Klick auf Start.
  • Haken setzen bei Remove found threads und Scan archives.
  • Klick auf Start.
  • Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Finish drücken.
  • Browser schließen.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (manchmal auch C:\Programme\Eset\log.txt) suchen und mit Deinem Editor öffnen.
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset
__________________
Mfg, t'john
Das TB unterstützen

Alt 11.10.2012, 17:24   #12
aero
 
Bundeskriminalamt Trojan.Zbot - Standard

Bundeskriminalamt Trojan.Zbot




Ich hoffe, es hat auch mit diesem Logfile geklappt.

Hab diesesmal auch wieder alles nach deiner Anleitung befolgt. Allerdings kam nachdem ich Finish geklickt und das Fenster geschlossen hatte die Meldung, dass das Programm nicht richtig installiert wurde.
Es hat jedoch alles deiner Anleitung nach richtig funktioniert??!!
Jedenfalls hier das Log:

Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=aecdf14b9c0ec542a1aa545f5c353b4e
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-10-10 10:35:39
# local_time=2012-10-11 12:35:39 (+0100, Mitteleuropäische Sommerzeit)
# country="Austria"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=1792 16777215 100 0 697316 697316 0 0
# compatibility_mode=5893 16776574 100 94 11322816 101531093 0 0
# compatibility_mode=8192 67108863 100 0 207 207 0 0
# scanned=203735
# found=2
# cleaned=2
# scan_time=7296
C:\Users\****\Downloads\SoftonicDownloader_fuer_xrecode-ii.exe	a variant of Win32/SoftonicDownloader.A application (cleaned by deleting - quarantined)	00000000000000000000000000000000	C
C:\_OTL\MovedFiles\10022012_181057\C_Users\****\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32\65cadb60-757e09d4	Java/Exploit.CVE-2012-1723.CK trojan (deleted - quarantined)	00000000000000000000000000000000	C
         
Soll ich Eset nochmal neu installieren und den Vorgang wiederholen?

Alt 11.10.2012, 19:01   #13
t'john
/// Helfer-Team
 
Bundeskriminalamt Trojan.Zbot - Standard

Bundeskriminalamt Trojan.Zbot



Ne, ist alles richtig.

Java aktualisieren

Dein Java ist nicht mehr aktuell. Älter Versionen enthalten Sicherheitslücken, die von Malware missbraucht werden können.
  • Downloade dir bitte die neueste Java-Version von hier
  • Speichere die jxpiinstall.exe
  • Schließe alle laufenden Programme. Speziell deinen Browser.
  • Starte die jxpiinstall.exe. Diese wird den Installer für die neueste Java Version ( Java 7 Update 7 ) herunter laden.
  • Wenn die Installation beendet wurde
    Start --> Systemsteuerung --> Programme und deinstalliere alle älteren Java Versionen.
  • Starte deinen Rechner neu sobald alle älteren Versionen deinstalliert wurden.
Nach dem Neustart
  • Öffne erneut die Systemsteuerung --> Programme und klicke auf das Java Symbol.
  • Im Reiter Allgemein, klicke unter Temporäre Internetdateien auf Einstellungen.
  • Klicke auf Dateien löschen....
  • Gehe sicher das überall ein Hacken gesetzt ist und klicke OK.
  • Klicke erneut OK.


Dann so einstellen: http://www.trojaner-board.de/105213-...tellungen.html

Danach poste (kopieren und einfuegen) mir, was du hier angezeigt bekommst: PluginCheck



Java deaktivieren

Aufgrund derezeitigen Sicherheitsluecke:

http://www.trojaner-board.de/122961-...ktivieren.html

Danach poste mir (kopieren und einfuegen), was du hier angezeigt bekommst: PluginCheck
__________________
Mfg, t'john
Das TB unterstützen

Alt 12.10.2012, 17:55   #14
aero
 
Bundeskriminalamt Trojan.Zbot - Standard

Bundeskriminalamt Trojan.Zbot



Ok - hab die Anleitung befolgt und Java aktualisiert - die alten Java-Programme deinstalliert und Rechner neu gestartet.

1. PluginCheck:
Internet Explorer 9.0 ist aktuell
Flash (11,4,402,287) ist aktuell.
Java (1,7,0,7) ist aktuell.
Adobe Reader 10,1,0,0 ist veraltet!
Aktualisieren Sie bitte auf die neueste Version: 10,1,3


Danach bin ich deinem Link "Java deaktivieren" gefolgt und da auf dieser Seite ja steht, dass "wer den Internet Expoplorer einsetzt, sollte Java daher besser vollständig über Systemsteuerung/Software deinstallieren, da das reine Deaktivieren des Plug-ins keine Wirkung hatte", hab ich Java wieder deinstalliert.

Hier das Ergebnis des 2. PluginChecks:

Internet Explorer 9.0 ist aktuell
Flash (11,4,402,287) ist aktuell.
Java ist nicht installiert oder nicht aktiviert.
Adobe Reader 10,1,0,0 ist veraltet!
Aktualisieren Sie bitte auf die neueste Version: 10,1,3

Ich nehme an den Adobe Reader zu aktualisieren ist empfehlenswert.
Was ich nicht verstehe ist, dass bei den Installationen immer gefragt wird, ob man automatische Updates eben wegen Sicherheitslücken haben will, und dann hat man doch wieder veraltete Version von Java oder Adobe auf dem Rechner.
Und was ist jetzt mit Java? Wird das nicht mehr benötigt oder wie? Sorry - versteh grad nur Bahnhof!

Alt 13.10.2012, 00:42   #15
t'john
/// Helfer-Team
 
Bundeskriminalamt Trojan.Zbot - Standard

Bundeskriminalamt Trojan.Zbot



Zitat:
Und was ist jetzt mit Java? Wird das nicht mehr benötigt oder wie? Sorry - versteh grad nur Bahnhof!
wo brauchst du es denn?


Sehr gut!

damit bist Du sauber und entlassen!

adwCleaner entfernen

  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Uninstall.
  • Bestätige mit Ja.




Tool-Bereinigung mit OTL


Wir werden nun die CleanUp!-Funktion von OTL nutzen, um die meisten Programme, die wir zur Bereinigung installiert haben, wieder von Deinem System zu löschen.
  • Bitte lade Dir (falls noch nicht vorhanden) OTL von OldTimer herunter.
  • Speichere es auf Deinem Desktop.
  • Doppelklick auf OTL.exe um das Programm auszuführen.
    Vista- und Windows 7-User starten mit Rechtsklick auf das Programm-Icon und wählen "Als Administrator ausführen".
  • Klicke auf den Button "Bereinigung"
  • OTL fragt eventuell nach einem Neustart.
    Sollte es dies tun, so lasse dies bitte zu.
Anmerkung: Nach dem Neustart werden OTL und andere Helferprogramme, die Du im Laufe der Bereinigung heruntergeladen hast, nicht mehr vorhanden sein. Sie wurden entfernt. Es ist daher Ok, wenn diese Programme nicht mehr vorhanden sind. Sollten noch welche übrig geblieben sein, lösche sie manuell.


Zurücksetzen der Sicherheitszonen

Lasse die Sicherheitszonen wieder zurücksetzen, da diese manipuliert wurden um den Browser für weitere Angriffe zu öffnen.
Gehe dabei so vor: http://www.trojaner-board.de/111805-...ecksetzen.html


Systemwiederherstellungen leeren

Damit der Rechner nicht mit einer infizierten Systemwiederherstellung erneut infiziert werden kann, muessen wir diese leeren. Dazu schalten wir sie einmal aus und dann wieder ein:
Systemwiederherstellung deaktivieren Tutorial fuer Windows XP, Windows Vista, Windows 7
Danach wieder aktivieren.


Aufräumen mit CCleaner

Lasse mit CCleaner (Download) (Anleitung) Fehler in der

  • Registry beheben (mehrmals, solange bis keine Fehler mehr gefunden werden) und
  • temporäre Dateien löschen.




Lektuere zum abarbeiten:
http://www.trojaner-board.de/90880-d...tallation.html
http://www.trojaner-board.de/105213-...tellungen.html
PluginCheck
http://www.trojaner-board.de/96344-a...-rechners.html
Secunia Online Software Inspector
http://www.trojaner-board.de/71715-k...iendungen.html
http://www.trojaner-board.de/83238-a...sschalten.html
http://www.trojaner-board.de/109844-...ren-seite.html
PC wird immer langsamer - was tun?
__________________
Mfg, t'john
Das TB unterstützen

Antwort

Themen zu Bundeskriminalamt Trojan.Zbot
anleitung, bildschirm, bundeskriminalamt, dateien, ebenfalls, eingefroren, eintrag, feedback, fenster, funktioniert, gelöscht, hallo zusammen, interne, laptop, layout, nicht sicher, nochmals, plötzlich, quarantäne, rechner, sauber, schädlinge, surfen, taskmanager, verlangt, wirklich, zusammen



Ähnliche Themen: Bundeskriminalamt Trojan.Zbot


  1. WIN 8: Trojan.Zbot aus Spam-Mail
    Log-Analyse und Auswertung - 21.04.2014 (3)
  2. Trojan-Ransom.Win32.Blocker.cbsn & Trojan-Spy.Win.32.Zbot.nsur eingefangen -.-
    Plagegeister aller Art und deren Bekämpfung - 12.04.2014 (23)
  3. Trojan.zbot.FV und Spyware.zbot.-ED auf Netbook Asus Eee PC /Win7
    Plagegeister aller Art und deren Bekämpfung - 21.07.2013 (23)
  4. Onlinebanking Attacke...Trojan.Zbot.FV
    Plagegeister aller Art und deren Bekämpfung - 06.06.2013 (13)
  5. Trojan Agent, Trojan Zbot und pup.blabbers
    Plagegeister aller Art und deren Bekämpfung - 14.04.2013 (10)
  6. Trojan.Agent.IET / IPH.Trojan.Zbot.Rke / 100er Tan Abfrage OnlineBanking Deutsche Bank
    Log-Analyse und Auswertung - 27.03.2013 (10)
  7. PWS:Win32/Zbot malware : Trojan.Phex.TGen (File) und Trojan.Agent.IET (Registry Value und File)
    Log-Analyse und Auswertung - 16.01.2013 (15)
  8. Trojan.Ransom.FGen - Bundeskriminalamt - Ukash 100€
    Plagegeister aller Art und deren Bekämpfung - 16.12.2012 (6)
  9. Frage zu Trojan. Zbot
    Diskussionsforum - 02.11.2012 (1)
  10. TR/Trash.Gen - Trojan.Zbot.CBC.Gen
    Log-Analyse und Auswertung - 04.08.2012 (1)
  11. PUP.OfferBundler.ST; Trojan.FakeTwain; Trojan.Zbot.Gen
    Log-Analyse und Auswertung - 22.05.2012 (5)
  12. Trojan.Zbot mit Malwarebytes gefunden
    Log-Analyse und Auswertung - 02.06.2011 (1)
  13. Spyware.Zbot/Trojan Downloader/Trojan.Hiloti Viren Problem!
    Plagegeister aller Art und deren Bekämpfung - 04.10.2010 (3)
  14. Probleme trotz beseitigung von trojan.Zbot und Trojan.Downloader, OTL Logfile, MalwareByte Logfile!
    Plagegeister aller Art und deren Bekämpfung - 28.07.2010 (10)
  15. Trojan.Zbot/Hiloti auf dem rechner
    Plagegeister aller Art und deren Bekämpfung - 04.07.2010 (8)
  16. Trojan-Spy.Win32.Zbot
    Log-Analyse und Auswertung - 24.01.2010 (1)
  17. Trojan-spy.Win32.Zbot.edu
    Plagegeister aller Art und deren Bekämpfung - 13.01.2009 (1)

Zum Thema Bundeskriminalamt Trojan.Zbot - Hallo zusammen! Ich erstelle zum ersten Mal einen Eintrag auf so einer Plattform und bin daher noch ein echter Frischling. Wende mich an euch, da ich nach meinen Internet-Recherchen sicher - Bundeskriminalamt Trojan.Zbot...
Archiv
Du betrachtest: Bundeskriminalamt Trojan.Zbot auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.