| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Bundestrojaner aber mit WebcamfensterWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
12.07.2012, 08:21
| #1 |
 |  Bundestrojaner aber mit Webcamfenster Auch ich habe mit einen Trojaner (ich glaube es ist der Bundestrojaner-da Aufforderung zur Zahlung,etc) eingefangen und werde Ihn nicht los. Er sieht aber leicht abgewandelt aus-und zwar mit Webcamfenster oben rechts. Er taucht aber nur auf und sperrt den Rechner, wenn ich mit dem Internet verbunden bin u schaltet auch sofort die webcam ein. Sonst läuft mein Rechner, bis auf den Taskmanager. F-Security Komplettclscan hat nichts gebracht... Jetzt bin ich am verzweifeln unter anderem weil ich mitten in der Prüfungszeit stecke und ich nicht ins Internet kann u meine daten auch nocht verlieren möchte....Hilfe !!! Was kann/ soll ich tun? Vielen vielen Lieben Dank im Voraus!!! Eva |
|
13.07.2012, 12:39
| #2 |
| /// Helfer-Team  | Bundestrojaner aber mit Webcamfenster 1. Schritt Neue Version! Bitte neu runterladen! Bitte einen Vollscan mit Malwarebytes Anti-Malware machen und Log posten.2. Schritt Systemscan mit OTL (bebilderte Anleitung)
__________________ |
|
15.07.2012, 16:16
| #3 |
| | Bundestrojaner aber mit Webcamfenster Vielen Dank - hier nun die LOG-Dateien:
__________________1) Malwarebytes: Malwarebytes Anti-Malware 1.62.0.1300 www.malwarebytes.org Datenbank Version: v2012.07.15.07 Windows 7 x64 NTFS (Abgesichertenmodus/Netzwerkfähig) Internet Explorer 9.0.8112.16421 eva :: EVA-VAIO [Administrator] 15.07.2012 13:34:17 mbam-log-2012-07-15 (16-26-13).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|F:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 672275 Laufzeit: 2 Stunde(n), 34 Minute(n), 7 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 10 C:\Users\eva\Desktop\keygen.exe (Trojan.Agent.CK) -> Keine Aktion durchgeführt. C:\Users\eva\Documents\Downloads\Codec-C (1).exe (Affiliate.Downloader) -> Keine Aktion durchgeführt. C:\Users\eva\Documents\Downloads\Codec-C.exe (Affiliate.Downloader) -> Keine Aktion durchgeführt. C:\Users\eva\Documents\Downloads\death_cab_for_cutie__codes_and_keys.exe (PUP.Adware.MediaGet) -> Keine Aktion durchgeführt. C:\Users\eva\Documents\Downloads\DownloadSetup (50).exe (Affiliate.Downloader) -> Keine Aktion durchgeführt. C:\Users\eva\Documents\Downloads\rodriguez_jr__the_split_part_1.exe (PUP.Adware.MediaGet) -> Keine Aktion durchgeführt. C:\Users\eva\Documents\Downloads\SoftonicDownloader_fuer_skype-voice-changer.exe (PUP.OfferBundler.ST) -> Keine Aktion durchgeführt. C:\Users\eva\Downloads\SoftonicDownloader_fuer_free-youtube-to-mp3-converter.exe (PUP.OfferBundler.ST) -> Keine Aktion durchgeführt. C:\Users\eva\Downloads\SoftonicDownloader_fuer_gpl-mpeg-1-2-directshow-decoder-filter.exe (PUP.OfferBundler.ST) -> Keine Aktion durchgeführt. C:\Users\eva\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk (Trojan.Ransom.Gen) -> Keine Aktion durchgeführt. (Ende) 2) OTL.Txt - Datei: Code:
ATTFilter OTL logfile created on: 15.07.2012 16:31:54 - Run 1 OTL by OldTimer - Version 3.2.54.0 Folder = C:\Users\eva\Desktop 64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,86 Gb Total Physical Memory | 2,81 Gb Available Physical Memory | 72,74% Memory free 7,71 Gb Paging File | 6,70 Gb Available in Paging File | 86,83% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 455,16 Gb Total Space | 41,51 Gb Free Space | 9,12% Space Free | Partition Type: NTFS Computer Name: EVA-VAIO | User Name: eva | Logged in as Administrator. Boot Mode: SafeMode with Networking | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\eva\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ========== Modules (No Company Name) ========== MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () MOD - C:\Program Files (x86)\Google\Chrome\Application\3.0.195.21\rlz.dll () MOD - C:\Program Files (x86)\Google\Chrome\Application\3.0.195.21\avutil-50.dll () MOD - C:\Program Files (x86)\Google\Chrome\Application\3.0.195.21\avformat-52.dll () MOD - C:\Program Files (x86)\Google\Chrome\Application\3.0.195.21\avcodec-52.dll () ========== Win32 Services (SafeList) ========== SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD) SRV:64bit: - (SampleCollector) Intel(R) -- C:\Program Files\Sony\VAIO Care\collsvc.exe (Intel Corporation) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (fshoster) -- C:\Program Files (x86)\F-Secure\fshoster32.exe (F-Secure Corporation) SRV - (FSORSPClient) -- C:\Program Files (x86)\F-Secure\ORSP Client\fsorsp.exe (F-Secure Corporation) SRV - (FSDFWD) -- C:\Program Files (x86)\F-Secure\FWES\Program\fsdfwd.exe (F-Secure Corporation) SRV - (F-Secure Gatekeeper Handler Starter) -- C:\Program Files (x86)\F-Secure\Anti-Virus\fsgk32st.exe (F-Secure Corporation) SRV - (FSMA) -- C:\Program Files (x86)\F-Secure\Common\FSMA32.EXE (F-Secure Corporation) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (ACDaemon) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.) SRV - (SwitchBoard) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) SRV - (BrYNSvc) -- C:\Program Files (x86)\Browny02\BrYNSvc.exe (Brother Industries, Ltd.) SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation) SRV - (UNS) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) SRV - (LMS) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) SRV - (VAIO Event Service) -- C:\Program Files (x86)\SONY\VAIO Event Service\VESMgr.exe (Sony Corporation) SRV - (VAIO Power Management) -- C:\Programme\Sony\VAIO Power Management\SPMService.exe (Sony Corporation) SRV - (VSNService) -- C:\Programme\Sony\VAIO Smart Network\VSNService.exe (Sony Corporation) SRV - (IAStorDataMgrSvc) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) SRV - (OpenVPNService) -- C:\Program Files (x86)\OpenVPN\bin\openvpnserv.exe () SRV - (VUAgent) -- C:\Programme\Sony\VAIO Update 5\VUAgent.exe (Sony Corporation) SRV - (PMBDeviceInfoProvider) -- C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe (Sony Corporation) SRV - (SOHDms) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe (Sony Corporation) SRV - (SOHPlMgr) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe (Sony Corporation) SRV - (SOHDs) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe (Sony Corporation) SRV - (SOHCImp) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe (Sony Corporation) SRV - (SOHDBSvr) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe (Sony Corporation) SRV - (VcmIAlzMgr) -- C:\Programme\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe (Sony Corporation) SRV - (VzCdbSvc) -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe (Sony Corporation) SRV - (VAIO Entertainment TV Device Arbitration Service) -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe (Sony Corporation) SRV - (VCFw) -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe (Sony Corporation) SRV - (VcmXmlIfHelper) -- C:\Programme\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe (Sony Corporation) SRV - (btwdins) -- C:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.) SRV - (VcmINSMgr) -- C:\Programme\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe (Sony Corporation) SRV - (Roxio Upnp Server 10) -- C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe (Sonic Solutions) SRV - (Roxio UPnP Renderer 10) -- C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe (Sonic Solutions) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (uCamMonitor) -- C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe (ArcSoft, Inc.) SRV - (EPSON_EB_RPCV4_01) EPSON V5 Service4(01) -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE (SEIKO EPSON CORPORATION) SRV - (EPSON_PM_RPCV4_01) EPSON V3 Service4(01) -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE (SEIKO EPSON CORPORATION) ========== Driver Services (SafeList) ========== DRV:64bit: - (fsbts) -- C:\Windows\SysNative\drivers\fsbts.sys () DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.) DRV:64bit: - (dtsoftbus01) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys (DT Soft Ltd) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (FSES) -- C:\Windows\SysNative\drivers\fses.sys (F-Secure Corporation) DRV:64bit: - (FSFW) -- C:\Windows\SysNative\drivers\fsdfw.sys (F-Secure Corporation) DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.) DRV:64bit: - (IntcDAud) Intel(R) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation) DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation) DRV:64bit: - (RTHDMIAzAudService) -- C:\Windows\SysNative\drivers\RtHDMIVX.sys (Realtek Semiconductor Corp.) DRV:64bit: - (HECIx64) Intel(R) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation) DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation) DRV:64bit: - (tap0901) -- C:\Windows\SysNative\drivers\tap0901.sys (The OpenVPN Project) DRV:64bit: - (btwrchid) -- C:\Windows\SysNative\drivers\btwrchid.sys (Broadcom Corporation.) DRV:64bit: - (btwavdt) -- C:\Windows\SysNative\drivers\btwavdt.sys (Broadcom Corporation.) DRV:64bit: - (btwaudio) -- C:\Windows\SysNative\drivers\btwaudio.sys (Broadcom Corporation.) DRV:64bit: - (btusbflt) -- C:\Windows\SysNative\drivers\btusbflt.sys (Broadcom Corporation.) DRV:64bit: - (btwl2cap) -- C:\Windows\SysNative\drivers\btwl2cap.sys (Broadcom Corporation.) DRV:64bit: - (Impcd) -- C:\Windows\SysNative\drivers\Impcd.sys (Intel Corporation) DRV:64bit: - (yukonw7) -- C:\Windows\SysNative\drivers\yk62x64.sys () DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.) DRV:64bit: - (rimspci) -- C:\Windows\SysNative\drivers\rimssne64.sys (REDC) DRV:64bit: - (ApfiltrService) -- C:\Windows\SysNative\drivers\Apfiltr.sys (Alps Electric Co., Ltd.) DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation) DRV:64bit: - (risdsnpe) -- C:\Windows\SysNative\drivers\risdsne64.sys (REDC) DRV:64bit: - (SFEP) -- C:\Windows\SysNative\drivers\SFEP.sys (Sony Corporation) DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (ArcSoftKsUFilter) -- C:\Windows\SysNative\drivers\ArcSoftKsUFilter.sys (ArcSoft, Inc.) DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.) DRV:64bit: - (adfs) -- C:\Windows\SysNative\drivers\adfs.sys (Adobe Systems, Inc.) DRV:64bit: - (RimUsb) -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys (Research In Motion Limited) DRV - (F-Secure Gatekeeper) -- C:\Program Files (x86)\F-Secure\Anti-Virus\minifilter\fsgk.sys () DRV - (fsbts) -- C:\Windows\SysWOW64\drivers\fsbts.sys () DRV - (F-Secure HIPS) -- C:\Program Files (x86)\F-Secure\HIPS\drivers\fshs.sys (F-Secure Corporation) DRV - (fsvista) -- C:\Program Files (x86)\F-Secure\Anti-Virus\minifilter\fsvista.sys () DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=102&systemid=406&sr=0&q={searchTerms} IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=102&systemid=406&sr=0&q={searchTerms} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=SVEC&bmod=EU01 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ IE - HKCU\..\URLSearchHook: - No CLSID value found IE - HKCU\..\URLSearchHook: {a51a36e6-31e7-4838-9ff7-76298b527ec0} - No CLSID value found IE - HKCU\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{2ADE1F2D-601B-4CBA-BB18-35D372A1434E}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SVEC_deDE377 IE - HKCU\..\SearchScopes\{3A86E50D-52C6-4A01-B1BF-BBEF32359CAB}: "URL" = hxxp://rover.ebay.com/rover/1/707-37276-16609-0/4?satitle={searchTerms} IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\..\SearchScopes\{7237F0F4-BF74-426E-BEFC-6D96B84F95A1}: "URL" = hxxp://de.shopping.com/?linkin_id=8056363 IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=102&systemid=406&sr=0&q={searchTerms} IE - HKCU\..\SearchScopes\{BDD3D21F-DBDA-4475-BA3F-4F31818EE7F1}: "URL" = hxxp://www.zinio.com/search/index.jsp?s={searchTerms}&rf=sonyie8search IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Search Results" FF - prefs.js..browser.search.defaultthis.engineName: "softonic-Germany Customized Web Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2449729&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.search.order.1: "Search Results" FF - prefs.js..browser.search.selectedEngine: "Search Results" FF - prefs.js..browser.startup.homepage: "hxxp://www.searchqu.com/406" FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - prefs.js..extensions.enabledItems: litmus-ff@f-secure.com:1.10 FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.2.5.2 FF - prefs.js..extensions.enabledItems: {a51a36e6-31e7-4838-9ff7-76298b527ec0}:3.2.5.2 FF - prefs.js..extensions.enabledItems: {c45c406e-ab73-11d8-be73-000a95be3b12}:1.1.9 FF - prefs.js..extensions.enabledItems: {AE93811A-5C9A-4d34-8462-F7B864FC4696}:3.81 FF - prefs.js..keyword.URL: "hxxp://dts.search-results.com/sr?src=ffb&appid=102&systemid=406&sr=0&q=" FF - prefs.js..network.proxy.http: "188.94.228.46" FF - prefs.js..network.proxy.http_port: 8080 FF - prefs.js..network.proxy.type: 1 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\eva\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll File not found FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}: C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} [2010.06.09 11:45:06 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\litmus-ff@f-secure.com: C:\Program Files (x86)\F-Secure\NRS\litmus-ff@f-secure.com [2012.06.06 09:37:00 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.04.18 19:19:42 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.04.19 09:01:33 | 000,000,000 | ---D | M] [2011.12.30 10:02:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\eva\AppData\Roaming\mozilla\Extensions [2012.06.28 15:43:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\eva\AppData\Roaming\mozilla\Firefox\Profiles\14ntmd2g.default\extensions [2012.06.28 15:43:27 | 000,000,000 | ---D | M] (Facebook Friend Request, Notifications & Messages Alerts + Facebook Like Button) -- C:\Users\eva\AppData\Roaming\mozilla\Firefox\Profiles\14ntmd2g.default\extensions\{30A7232F-77C9-4bd3-A812-3036704DB7AC} [2011.05.21 10:06:33 | 000,000,000 | ---D | M] (ColorZilla) -- C:\Users\eva\AppData\Roaming\mozilla\Firefox\Profiles\14ntmd2g.default\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326} [2011.08.28 13:34:15 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\eva\AppData\Roaming\mozilla\Firefox\Profiles\14ntmd2g.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2011.03.31 12:59:04 | 000,000,000 | ---D | M] (Web Developer) -- C:\Users\eva\AppData\Roaming\mozilla\Firefox\Profiles\14ntmd2g.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12} [2011.06.20 14:12:22 | 000,000,935 | ---- | M] () -- C:\Users\eva\AppData\Roaming\Mozilla\Firefox\Profiles\14ntmd2g.default\searchplugins\conduit.xml [2011.08.16 08:21:10 | 000,000,950 | ---- | M] () -- C:\Users\eva\AppData\Roaming\Mozilla\Firefox\Profiles\14ntmd2g.default\searchplugins\icqplugin-1.xml [2010.07.24 14:47:45 | 000,000,950 | ---- | M] () -- C:\Users\eva\AppData\Roaming\Mozilla\Firefox\Profiles\14ntmd2g.default\searchplugins\icqplugin-2.xml [2010.08.19 00:22:46 | 000,000,950 | ---- | M] () -- C:\Users\eva\AppData\Roaming\Mozilla\Firefox\Profiles\14ntmd2g.default\searchplugins\icqplugin-3.xml [2010.11.04 21:08:31 | 000,000,950 | ---- | M] () -- C:\Users\eva\AppData\Roaming\Mozilla\Firefox\Profiles\14ntmd2g.default\searchplugins\icqplugin-4.xml [2010.11.04 21:27:01 | 000,000,950 | ---- | M] () -- C:\Users\eva\AppData\Roaming\Mozilla\Firefox\Profiles\14ntmd2g.default\searchplugins\icqplugin-5.xml [2010.12.11 17:14:27 | 000,000,950 | ---- | M] () -- C:\Users\eva\AppData\Roaming\Mozilla\Firefox\Profiles\14ntmd2g.default\searchplugins\icqplugin-6.xml [2011.01.05 14:36:18 | 000,000,950 | ---- | M] () -- C:\Users\eva\AppData\Roaming\Mozilla\Firefox\Profiles\14ntmd2g.default\searchplugins\icqplugin-7.xml [2010.06.19 09:47:43 | 000,000,947 | ---- | M] () -- C:\Users\eva\AppData\Roaming\Mozilla\Firefox\Profiles\14ntmd2g.default\searchplugins\icqplugin.xml [2011.12.08 00:17:07 | 000,002,519 | ---- | M] () -- C:\Users\eva\AppData\Roaming\Mozilla\Firefox\Profiles\14ntmd2g.default\searchplugins\Search_Results.xml [2012.04.19 09:01:41 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2011.11.13 23:39:51 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2012.04.19 09:01:42 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} [2011.08.13 19:47:04 | 000,372,161 | ---- | M] () (No name found) -- C:\USERS\EVA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\14NTMD2G.DEFAULT\EXTENSIONS\{AE93811A-5C9A-4D34-8462-F7B864FC4696}.XPI [2011.08.13 19:47:04 | 000,127,576 | ---- | M] () (No name found) -- C:\USERS\EVA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\14NTMD2G.DEFAULT\EXTENSIONS\{E4A8A97B-F2ED-450B-B12D-EE082BA24781}.XPI [2011.08.13 19:47:04 | 000,015,691 | ---- | M] () (No name found) -- C:\USERS\EVA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\14NTMD2G.DEFAULT\EXTENSIONS\ICH@MALTEGOETZ.DE.XPI [2012.03.13 06:38:06 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2010.03.27 18:06:04 | 000,067,032 | ---- | M] (Adobe Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npContribute.dll [2012.04.19 09:01:25 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2012.03.13 07:23:34 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.03.13 07:06:36 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.03.13 07:23:34 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.03.13 07:23:34 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2011.12.08 00:17:07 | 000,002,519 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\Search_Results.xml [2012.03.13 07:23:34 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.03.13 07:23:34 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - default_search_provider: Google () CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms} CHR - homepage: hxxp://www.google.com/ O1 HOSTS File: ([2010.10.14 21:58:54 | 000,000,355 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2:64bit: - BHO: (Windows Live Family Safety Browser Helper Class) - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Programme\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Browsing Protection Class) - {C6867EB7-8350-4856-877F-93CF8AE3DC9C} - C:\Program Files (x86)\F-Secure\NRS\iescript\baselitmus.dll (F-Secure Corporation) O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found. O3 - HKLM\..\Toolbar: (Browsing Protection Toolbar) - {265EEE8E-3228-44D3-AEA5-F7FDF5860049} - C:\Program Files (x86)\F-Secure\NRS\iescript\baselitmus.dll (F-Secure Corporation) O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.) O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {30F9B915-B755-4826-820B-08FBA6BD249D} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {A51A36E6-31E7-4838-9FF7-76298B527EC0} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found. O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated) O4:64bit: - HKLM..\Run: [Apoint] C:\Programme\Apoint\Apoint.exe (Alps Electric Co., Ltd.) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AdobeCS6ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [BrStsMon00] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [F-Secure Hoster] C:\Program Files (x86)\F-Secure\fshoster32.exe (F-Secure Corporation) O4 - HKLM..\Run: [F-Secure Manager] C:\Program Files (x86)\F-Secure\Common\FSM32.EXE (F-Secure Corporation) O4 - HKLM..\Run: [F-Secure TNB] C:\Program Files (x86)\F-Secure\FSGUI\TNBUtil.exe (F-Secure Corporation) O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe (Sony Corporation) O4 - HKLM..\Run: [MarketingTools] C:\Program Files (x86)\Sony\Marketing Tools\MarketingTools.exe (Sony Corporation) O4 - HKLM..\Run: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) O4 - HKCU..\Run: [AdobeBridge] File not found O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) O4 - HKCU..\Run: [EPSON S21 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIFAE.EXE /FU "C:\Windows\TEMP\E_S7023.tmp" /EF "HKCU" File not found O4 - HKCU..\Run: [Spotify] C:\Users\eva\AppData\Roaming\Spotify\spotify.exe (Spotify Ltd) O4 - HKCU..\Run: [Spotify Web Helper] C:\Users\eva\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe () O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11e_Plugin.exe (Adobe Systems, Inc.) O4 - Startup: C:\Users\eva\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\eva\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\eva\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm () O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\eva\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html File not found O8:64bit: - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000 File not found O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O8:64bit: - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Free YouTube Download - C:\Users\eva\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm () O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\eva\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html File not found O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - C:\Program Files (x86)\Evernote\Evernote3.5\enbar.dll (Evernote Corporation) O9 - Extra 'Tools' menuitem : Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - C:\Program Files (x86)\Evernote\Evernote3.5\enbar.dll (Evernote Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\F-Secure\FSPS\program\fslsp_x64.dll (F-Secure Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\F-Secure\FSPS\program\fslsp_x64.dll (F-Secure Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\F-Secure\FSPS\program\fslsp_x64.dll (F-Secure Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\F-Secure\FSPS\program\fslsp_x64.dll (F-Secure Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Program Files (x86)\F-Secure\FSPS\program\fslsp_x64.dll (F-Secure Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Program Files (x86)\F-Secure\FSPS\program\fslsp_x64.dll (F-Secure Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Program Files (x86)\F-Secure\FSPS\program\fslsp_x64.dll (F-Secure Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Program Files (x86)\F-Secure\FSPS\program\fslsp_x64.dll (F-Secure Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - C:\Program Files (x86)\F-Secure\FSPS\program\fslsp_x64.dll (F-Secure Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - C:\Program Files (x86)\F-Secure\FSPS\program\fslsp_x64.dll (F-Secure Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000011 - C:\Program Files (x86)\F-Secure\FSPS\program\fslsp_x64.dll (F-Secure Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000023 - C:\Program Files (x86)\F-Secure\FSPS\program\fslsp_x64.dll (F-Secure Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\F-Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\F-Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\F-Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\F-Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\F-Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\F-Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\F-Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\F-Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files (x86)\F-Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files (x86)\F-Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files (x86)\F-Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Program Files (x86)\F-Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16) O16:64bit: - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16) O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3A8880E9-E472-48C3-A214-9ED99D85C5A0}: DhcpNameServer = 192.168.10.2 192.168.110.2 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5DB63988-98C6-4312-8B36-AA4B2FAA958F}: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D61CA8A8-A9C5-4B05-8B5C-1FF6CD0702CA}: DhcpNameServer = 94.125.79.244 94.125.78.66 O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18:64bit: - Protocol\Filter\text/xml - No CLSID value found O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O20 - Winlogon\Notify\VESWinlogon: DllName - (VESWinlogon.dll) - C:\Windows\SysWow64\VESWinlogon.dll (Sony Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{017ad081-5432-11df-94f7-506313a3d9b2}\Shell - "" = AutoRun O33 - MountPoints2\{017ad081-5432-11df-94f7-506313a3d9b2}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a O33 - MountPoints2\{d15df991-0ecd-11e0-8654-506313a3d9b2}\Shell - "" = AutoRun O33 - MountPoints2\{d15df991-0ecd-11e0-8654-506313a3d9b2}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -a O33 - MountPoints2\{e5484eb7-552b-11df-93f8-506313a3d9b2}\Shell - "" = AutoRun O33 - MountPoints2\{e5484eb7-552b-11df-93f8-506313a3d9b2}\Shell\AutoRun\command - "" = "H:\WD SmartWare.exe" autoplay=true O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.07.15 13:33:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.07.15 13:33:18 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.07.15 12:11:25 | 007,870,824 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\eva\Desktop\mbam-rules.exe [2012.07.15 12:00:19 | 000,000,000 | ---D | C] -- C:\Users\eva\Desktop\Malwarebytes' Anti-Malware [2012.07.15 12:00:06 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\eva\Desktop\OTL.exe [2012.07.15 11:53:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012.07.15 11:40:34 | 000,000,000 | ---D | C] -- C:\Users\eva\AppData\Roaming\Malwarebytes [2012.07.15 11:40:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.07.12 03:51:24 | 000,000,000 | -HSD | C] -- C:\found.000 [2012.07.12 03:08:00 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2012.07.12 03:08:00 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2012.07.12 03:07:59 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2012.07.12 03:07:59 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2012.07.12 03:07:57 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2012.07.12 03:07:57 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2012.07.12 03:07:57 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2012.07.12 03:07:56 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2012.07.12 03:07:54 | 002,311,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2012.07.12 03:07:54 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2012.07.12 03:07:54 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2012.07.12 03:07:54 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2012.07.12 03:07:53 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2012.07.11 10:48:59 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll [2012.07.09 18:52:01 | 000,000,000 | ---D | C] -- C:\Users\eva\Desktop\__MACOSX [2012.06.28 02:19:39 | 000,000,000 | ---D | C] -- C:\Users\eva\Desktop\biorb [2012.06.25 13:14:37 | 000,000,000 | ---D | C] -- C:\Adobe Dreamweaver CS6 [2012.06.25 13:13:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe Download Assistant [2012.06.21 18:34:23 | 002,622,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll [2012.06.21 18:34:23 | 000,057,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe [2012.06.21 18:34:23 | 000,044,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups2.dll [2012.06.21 18:33:49 | 000,701,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll [2012.06.21 18:33:49 | 000,099,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll [2012.06.21 18:33:49 | 000,038,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups.dll [2012.06.21 18:31:47 | 000,186,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll [2012.06.21 18:31:47 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe [2 C:\Users\eva\Desktop\*.tmp files -> C:\Users\eva\Desktop\*.tmp -> ] [1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.07.15 16:28:24 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.07.15 16:28:17 | 3106,480,128 | -HS- | M] () -- C:\hiberfil.sys [2012.07.15 13:33:20 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.07.15 13:24:20 | 004,503,728 | ---- | M] () -- C:\ProgramData\go_0molg.pad [2012.07.15 13:18:51 | 000,013,872 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.07.15 13:18:51 | 000,013,872 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.07.15 13:18:05 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.07.15 13:01:35 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.07.15 11:55:27 | 001,520,490 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.07.15 11:55:27 | 000,661,528 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.07.15 11:55:27 | 000,623,370 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.07.15 11:55:27 | 000,133,484 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.07.15 11:55:27 | 000,109,866 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.07.15 11:42:54 | 007,870,824 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\eva\Desktop\mbam-rules.exe [2012.07.15 11:34:24 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\eva\Desktop\OTL.exe [2012.07.12 03:56:04 | 005,102,392 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.07.06 10:41:56 | 000,001,456 | ---- | M] () -- C:\Users\eva\AppData\Local\Adobe Für Web speichern 12.0 Prefs [2012.07.03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.06.22 12:23:29 | 000,000,132 | ---- | M] () -- C:\Users\eva\AppData\Roaming\Adobe BMP Format CS5 Prefs [2 C:\Users\eva\Desktop\*.tmp files -> C:\Users\eva\Desktop\*.tmp -> ] [1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.07.15 13:33:20 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.07.12 00:08:26 | 004,503,728 | ---- | C] () -- C:\ProgramData\go_0molg.pad [2012.06.29 12:39:54 | 000,001,456 | ---- | C] () -- C:\Users\eva\AppData\Local\Adobe Für Web speichern 12.0 Prefs [2012.06.25 14:17:58 | 000,001,231 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Dreamweaver CS6.lnk [2012.06.25 14:11:51 | 000,001,353 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Extension Manager CS6.lnk [2012.06.25 14:11:43 | 000,001,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ExtendScript Toolkit CS6.lnk [2012.06.25 14:11:17 | 000,000,997 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Help.lnk [2012.06.25 14:09:41 | 000,001,097 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Widget Browser.lnk [2012.06.22 12:23:29 | 000,000,132 | ---- | C] () -- C:\Users\eva\AppData\Roaming\Adobe BMP Format CS5 Prefs [2012.05.16 20:33:04 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\BRTCPCON.DLL [2012.05.16 20:33:00 | 000,000,114 | ---- | C] () -- C:\Windows\SysWow64\BRLMW03A.INI [2012.04.05 12:06:58 | 000,003,584 | ---- | C] () -- C:\Users\eva\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.12.24 19:25:07 | 000,000,000 | ---- | C] () -- C:\Users\eva\AppData\Local\{E60D1F82-78B7-486D-8702-E9D633483BF5} [2011.10.31 23:04:53 | 000,000,000 | ---- | C] () -- C:\Users\eva\AppData\Local\{A1B1F6D0-DC75-4122-B05F-09AFE28D6899} [2011.09.28 22:45:58 | 000,000,000 | ---- | C] () -- C:\Users\eva\AppData\Local\{2292191B-5F2D-4B10-8812-DF1E528C97F6} [2011.09.19 09:51:17 | 000,000,000 | ---- | C] () -- C:\Users\eva\AppData\Local\{249B1F60-01C0-421C-AEED-32D0F184DDD7} [2011.07.27 23:48:13 | 000,000,000 | ---- | C] () -- C:\Users\eva\AppData\Local\{EE895F63-69EA-4E13-BF72-06499F7BE953} [2011.07.05 12:16:30 | 000,000,000 | ---- | C] () -- C:\Users\eva\AppData\Local\{178B0BBF-14C1-40C9-BF18-9C9BF1108783} [2011.07.05 11:56:52 | 000,000,000 | ---- | C] () -- C:\Users\eva\AppData\Local\{E6118442-0E2C-47AC-9031-DDF8BE7C6914} [2011.06.11 15:56:48 | 000,000,000 | ---- | C] () -- C:\Users\eva\AppData\Local\{0C6C207E-8325-4E0F-85FB-43781B590A4A} [2011.05.24 14:38:44 | 000,000,000 | ---- | C] () -- C:\Users\eva\AppData\Local\{3FCB5734-79F6-4372-9364-9B086E682027} [2011.03.22 13:26:20 | 000,000,176 | ---- | C] () -- C:\Users\eva\.bouml [2011.03.22 13:25:36 | 000,000,063 | ---- | C] () -- C:\Users\eva\.boumlrc [2010.09.30 16:29:22 | 000,042,672 | ---- | C] () -- C:\Windows\SysWow64\drivers\fsbts.sys [2010.09.30 16:28:31 | 001,543,394 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2010.04.28 23:17:05 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat ========== LOP Check ========== [2011.05.06 16:03:09 | 000,000,000 | ---D | M] -- C:\Users\eva\AppData\Roaming\Auslogics [2010.07.10 13:54:38 | 000,000,000 | ---D | M] -- C:\Users\eva\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 [2012.05.04 12:24:55 | 000,000,000 | ---D | M] -- C:\Users\eva\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant [2011.04.03 15:11:34 | 000,000,000 | ---D | M] -- C:\Users\eva\AppData\Roaming\DAEMON Tools Lite [2012.07.15 13:24:30 | 000,000,000 | ---D | M] -- C:\Users\eva\AppData\Roaming\Dropbox [2011.12.11 12:49:40 | 000,000,000 | ---D | M] -- C:\Users\eva\AppData\Roaming\DVDVideoSoft [2011.08.28 13:34:13 | 000,000,000 | ---D | M] -- C:\Users\eva\AppData\Roaming\DVDVideoSoftIEHelpers [2011.05.05 23:46:37 | 000,000,000 | ---D | M] -- C:\Users\eva\AppData\Roaming\elsterformular [2010.06.20 13:58:39 | 000,000,000 | ---D | M] -- C:\Users\eva\AppData\Roaming\EPSON [2010.09.21 13:55:38 | 000,000,000 | ---D | M] -- C:\Users\eva\AppData\Roaming\GHISLER [2010.11.12 16:40:54 | 000,000,000 | ---D | M] -- C:\Users\eva\AppData\Roaming\MySQL [2012.06.06 12:32:21 | 000,000,000 | ---D | M] -- C:\Users\eva\AppData\Roaming\PACE Anti-Piracy [2011.09.28 00:24:37 | 000,000,000 | ---D | M] -- C:\Users\eva\AppData\Roaming\Simfy [2012.07.15 13:05:22 | 000,000,000 | ---D | M] -- C:\Users\eva\AppData\Roaming\Spotify [2010.11.14 20:23:59 | 000,000,000 | ---D | M] -- C:\Users\eva\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1 [2011.06.24 15:56:47 | 000,000,000 | ---D | M] -- C:\Users\eva\AppData\Roaming\TeamViewer [2010.05.12 16:16:36 | 000,000,000 | ---D | M] -- C:\Users\eva\AppData\Roaming\UBitMenu [2011.12.24 19:23:18 | 000,032,540 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 1055 bytes -> C:\Users\eva\AppData\Local\Temp:kPr1MmTTPju4cyqYVJ @Alternate Data Stream - 1043 bytes -> C:\Users\eva\AppData\Local\zCHjK9DmX:kudQTrWqhWDCl56wHP0vZ < End of report > Code:
ATTFilter OTL Extras logfile created on: 15.07.2012 16:31:54 - Run 1
OTL by OldTimer - Version 3.2.54.0 Folder = C:\Users\eva\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,86 Gb Total Physical Memory | 2,81 Gb Available Physical Memory | 72,74% Memory free
7,71 Gb Paging File | 6,70 Gb Available in Paging File | 86,83% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 455,16 Gb Total Space | 41,51 Gb Free Space | 9,12% Space Free | Partition Type: NTFS
Computer Name: EVA-VAIO | User Name: eva | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02D41179-CEFD-479F-B980-A7B399D3F12C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{03E78000-FBB2-43E7-885D-2D7F043FF928}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{18ACB001-60E5-45C9-9D15-973E8F6ACFF3}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{192F28E1-F8E2-4115-A5D2-8A9620012330}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{19AF5AF3-CEC1-49EA-B514-3EDC5A044E60}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{2AAE1A98-606E-43EF-A6EA-7E5712CBEC28}" = lport=2869 | protocol=6 | dir=in | app=system |
"{3FB7C261-1FA8-401F-B59C-2A8B737BCF90}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{43326E26-79EE-4709-A1C5-8F62283F46E2}" = rport=445 | protocol=6 | dir=out | app=system |
"{451559B5-583A-4DE2-8297-1DBEBE9D5032}" = rport=137 | protocol=17 | dir=out | app=system |
"{4F47D7BB-3A61-4983-97F7-3EC71A0D690C}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{573A088D-C3E2-412D-8B5F-440C442A0C02}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{59237D38-DDAE-493A-AA52-4E4A93094E37}" = lport=10243 | protocol=6 | dir=in | app=system |
"{5DE3BF84-C5E4-4ACA-B70E-65C51FF22717}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{6BF781F2-2155-4375-BA42-9A574319A0DA}" = rport=10243 | protocol=6 | dir=out | app=system |
"{6CDADA40-296B-47F6-9CE6-3AA2AC1130A3}" = rport=138 | protocol=17 | dir=out | app=system |
"{6FE53945-4FD1-4B02-A32F-874F129240C5}" = lport=138 | protocol=17 | dir=in | app=system |
"{88AFE5D0-DF17-4792-BDF3-40B6BA2B0F24}" = lport=445 | protocol=6 | dir=in | app=system |
"{9A63398C-7358-48ED-BA5D-E4DB0060052E}" = lport=139 | protocol=6 | dir=in | app=system |
"{9DEDC8F1-1653-4474-883C-D4E982A8E137}" = rport=139 | protocol=6 | dir=out | app=system |
"{ADE3267F-6CC6-46A9-B60E-81EBE5A183F0}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{B63F3DCE-A57F-4BBB-BCC4-010673045F41}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{BF35F3A4-1534-4662-AF7D-5851B46D7783}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{D53C1658-5922-4271-9987-769F146A0993}" = lport=137 | protocol=17 | dir=in | app=system |
"{DDD79864-67E1-497C-93D8-BBFBF518EA44}" = lport=2869 | protocol=6 | dir=in | app=system |
"{E18FB7C2-C668-4C2E-ACD8-B24976D05278}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
"{F3E6577A-4603-4EC9-B502-4CE0E37CD16E}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00819582-C0AD-4476-AD8D-8812C15901DB}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{08847A60-3C16-4E1A-B9E0-ABEA0A439AB3}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{0990D90D-2929-41DE-9814-6314D81031A6}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{166EFC73-4BD4-4A6B-AA9F-E2D04F07F103}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{18F8F084-DEAC-4FFC-B1A0-E2984EF893CB}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{1E9C89DE-CAD5-466E-B88E-3C5BD2805EE2}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{22E3141A-B334-430F-97EA-4EF637D62838}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{230C255A-C995-4A0C-8071-FCBA98CDEE4C}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{265CFB88-164F-48FE-A8DE-6A0F78C00360}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{2DA73D12-ADCD-4197-826B-9D9C967F2219}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{2F6E0BCF-B28C-4403-BE2D-372759FDD4B6}" = protocol=17 | dir=in | app=c:\users\eva\appdata\roaming\dropbox\bin\dropbox.exe |
"{52211A61-DFC9-46B1-BE50-71E0D49D757A}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{52DF8F02-11D9-46EA-BFB9-2BA13681E4F2}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{603CBE8A-56E3-415A-8766-C97AC5A183EC}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{6695A057-5DDC-4AD0-922E-8B8A9960D76A}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{69ECCE45-16F6-41BD-9267-AA3CFD5E077B}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{6A715DBE-D41C-4769-9D80-794747FE2A4D}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{6C35F3DA-F7DC-436A-8D7B-008E4A4484E5}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{70241B9A-829A-4C10-8D86-4B21632CDB6C}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{7206A51E-BF5D-45AD-AC68-C3E266C83066}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{76AA6000-0B3E-4554-A837-5EEFD5213E00}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{7EE81958-852B-421A-94FC-ACBEF0CD5C83}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{865CAE9B-077A-4318-A9A0-CF68E90AF585}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{962DF7FF-3B5F-43DD-AF61-8EB131B62CEB}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{A1F7D60B-69C6-44BF-A8CE-862E80B41F3A}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{AE04B55B-E263-456D-BC74-0C6DA0E4DF9B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B0CF2608-1B54-4046-B5DB-EF80FEDE42E7}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B4448785-4ADF-4CB9-8DB9-769D4AE1AAE7}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{B4B12BBE-82FA-44E6-96B0-E94D2905EAFF}" = protocol=6 | dir=out | app=system |
"{B51308E8-2710-433F-B0B8-857190DB5469}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B83559C5-DFFE-4637-89E3-D2B30CCE3885}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe |
"{BBD25F0B-0FBF-4ACB-8231-E2225FC4C336}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{BCD7B793-91BA-4372-8306-41433993E224}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{C32F5B0D-6F32-4979-B1D9-AE5FA14284C8}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{C96BD7D2-D838-4C5C-AA43-3B1288F9B027}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{CD3493FB-EC50-4CF6-B4DE-CB4AABF68431}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{DD645E44-96E8-431B-B65A-7DD08CCC72BB}" = protocol=6 | dir=in | app=c:\users\eva\appdata\roaming\dropbox\bin\dropbox.exe |
"{EA084849-E095-4282-B1E7-8141B7331A8F}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{F1CE8FAF-D623-4397-A079-CA0BA9C1CE1E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"TCP Query User{018A17EE-4196-4F73-A34A-9CC1A574D9E3}C:\users\eva\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\eva\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{CB54CBED-0B41-4685-8D94-59E1D72DAC69}C:\users\eva\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\eva\appdata\roaming\dropbox\bin\dropbox.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{26A24AE4-039D-4CA4-87B4-2F86416016FF}" = Java(TM) 6 Update 16 (64-bit)
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D1163BE-5ECD-0303-87F7-35ED38BBB2E1}" = ATI Catalyst Install Manager
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = WIDCOMM Bluetooth Software
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Alps Pointing-device for VAIO
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}" = Apple Mobile Device Support
"{BF456ADA-407C-BFA2-52DA-08ECE9E18549}" = ccc-utility64
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{CF8FFD12-602B-422D-AF1D-511B411E7632}" = iTunes
"{F0A36649-873E-4832-A5F1-BF5DF8600BDB}" = Windows Live Family Safety
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F83779DF-E1F5-43A2-A7BE-732F856FADB7}" = Microsoft SQL Server Compact 3.5 SP1 x64 English
"3BA80AB4C7E9F8497C115C844953A3D4BEB84D21" = Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800)
"930E4792BDAEAFB62A9514EE7578775658A5D07C" = Windows Driver Package - Broadcom Bluetooth (09/09/2009 6.2.0.9405)
"CCleaner" = CCleaner
"EPSON S21 Series" = EPSON S21 Series Printer Uninstall
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"WinRAR archiver" = WinRAR
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{024521CF-C07E-4F8E-8481-0D75695E03AF}" = PxMergeModule
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{08096C0A-B9B2-7F42-3760-BD9A1CBA9A6E}" = Catalyst Control Center Graphics Full Existing
"{0899D75A-C2FC-42EA-A702-5B9A5F24EAD5}" = VAIO Smart Network
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Central Data
"{0D3CECCA-A589-ECCA-EC0B-2F98F2789F60}" = simfy
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{10014C6B-F482-991B-8865-32BFEA347CE1}" = CCC Help Hungarian
"{12D0BE8D-538C-4AB1-86DE-C540308F50DA}" = VAIO Content Metadata Manager Settings
"{1404E04F-C98C-5195-251E-9CED867E37D7}" = CCC Help French
"{1873FFC1-FDCB-47E1-B7C7-F418211E3530}" = PMB VAIO Edition plug-in (VAIO Image Optimizer)
"{1AA0193C-398B-D400-A156-C060CFDDF132}" = Catalyst Control Center Core Implementation
"{1BBD8D70-721A-41AD-AC8F-7308A0C8FA92}" = Adobe Creative Suite 5 Master Collection
"{1E450972-E996-4EC1-A4C3-1518A46928D0}" = VAIO Content Metadata Intelligent Network Service Manager
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Central Tools
"{1FD416D0-CC16-41D1-A25C-C9986CD8BBAB}" = VAIO Content Metadata Intelligent Analyzing Manager
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{208345BE-27BB-4367-B245-A5B6E764FDD0}" = VAIO Content Metadata Intelligent Analyzing Manager
"{2110ECBD-BF15-4673-8852-8C68DDEB26AC}" = Media Gallery
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{233C14B1-D05F-96A7-1509-C87417F899F8}" = CCC Help Turkish
"{23825B69-36DF-4DAD-9CFD-118D11D80F16}" = Einstellungen für VAIO-Inhaltsüberwachung
"{2637552C-A1EE-D6C9-3D9E-716BCB76081D}" = ccc-core-static
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{291FB4BF-EEC7-4CF9-8469-F39ED1DBC4D8}" = VAIO Content Metadata XML Interface Library
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{34DC654E-6E43-4BFA-9E00-6C16CFA7B9F0}" = VAIO Data Restore Tool
"{36C5BBF0-E5BF-4DE1-B684-7E90B0C93FB5}" = VAIO Care
"{37531547-B1F4-45E6-98FC-8AF5F2F0EAA4}" = VAIO Content Metadata Manager Settings
"{3A3BB39D-95C9-41FE-BAC2-5D3BAF65F49A}" = MySQL Workbench 5.2 OSS
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{4427F384-B5BE-4769-B7D0-C784FC321EB1}" = VAIO Content Metadata Intelligent Network Service Manager
"{4882EBF5-CA37-4EF4-BCB8-9B0E78B907D0}" = VAIO Content Metadata Intelligent Analyzing Manager
"{49939C5A-7835-120D-1195-7374E1AE1CAB}" = CCC Help Spanish
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4DCEA9C1-4D6E-41BF-A854-28CFA8B56DBF}" = PMB VAIO Edition plug-in (Click to Disc)
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{537BF16E-7412-448C-95D8-846E85A1D817}" = Roxio Easy Media Creator 10 LJ
"{5449FB4F-1802-4D5B-A6D8-087DB1142147}" = Realtek HDMI Audio Driver for ATI
"{57B955CE-B5D3-495D-AF1B-FAEE0540BFEF}" = VAIO Data Restore Tool
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{5810367F-CB89-1257-0283-EC37270741E7}" = CCC Help Russian
"{596BED91-A1D8-4DF1-8CD1-1C777F7588AC}" = VAIO DVD Menu Data
"{5A4C0B1D-2379-AAE0-4907-56E83D6D8A8C}" = CCC Help Italian
"{5BEE8F1F-BD32-4553-8107-500439E43BD7}" = VAIO Update 5
"{5DDAFB4B-C52E-468A-9E23-3B0CEEB671BF}" = VAIO-Support für Übertragungen
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{62F7DA7E-CCCB-439C-A760-00C3926E761F}" = Microsoft Works
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{650CF18F-629C-3CF1-307D-5C93321B41CD}" = Catalyst Control Center Graphics Full New
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{69131367-6458-6271-8277-25E408572433}" = CCC Help German
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6B1F20F2-6321-4669-A58C-33DF8E7517FF}" = VAIO Entertainment Platform
"{6D8ED20E-E792-4DAC-BB66-009836CBD80B}" = VAIO Content Monitoring Settings
"{6FA8BA2C-052B-4072-B8E2-2302C268BE9E}" = VAIO Movie Story Template Data
"{70991E0A-1108-437E-BA7D-085702C670C0}" =
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{72042FA6-5609-489F-A8EA-3C2DD650F667}" = VAIO Control Center
"{72A6B2E5-3286-4D77-8AAC-A4BE2A8FCB90}" = CCC Help Finnish
"{7392AA60-133D-4761-94DB-8FBC9B6CD5EA}" = VAIO Content Metadata Intelligent Network Service Manager
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Central Audio
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7BB90344-0647-468E-925A-7F69F7983421}" = ArcSoft Magic-i Visual Effects 2
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{803E4FA5-A940-4420-B89D-A8BC2E160247}" = VAIO Energie Verwaltung
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{870815CA-6B60-47B6-88DD-A67F42D2F03E}" = GPL MPEG-1/2 DirectShow Decoder Filter
"{87A29380-9FFF-6D32-BBF1-61569DFD5BEA}" = CCC Help Portuguese
"{87C2248A-C7DD-49ED-9BCD-B312A9D0819E}" = Epson Easy Photo Print 2
"{88C252C8-A7EE-4B60-BF74-8E5919A8048F}" = PMB VAIO Edition Guide
"{8D047BB8-0D97-4163-27CE-351BDF225D00}" = Catalyst Control Center Localization All
"{8DE50158-80AA-4FF2-9E9F-0A7C46F71FCD}" = VAIO Media plus
"{8F862B8C-D3F7-74F5-6C08-F0F70F744FF7}" = CCC Help Japanese
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.PRJPROR_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PRJPROR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PRJPROR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.PRJPROR_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.PRJPROR_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.PRJPROR_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.PRJPROR_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.PRJPROR_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00B4-0407-0000-0000000FF1CE}" = Microsoft Office Project MUI (German) 2010
"{90140000-00B4-0407-0000-0000000FF1CE}_Office14.PRJPROR_{86D01646-1942-4253-B11F-68F5ED259B17}" = Microsoft Project 2010 Service Pack 1 (SP1)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{91140000-003B-0000-0000-0000000FF1CE}" = Microsoft Office Project Professional 2010
"{91140000-003B-0000-0000-0000000FF1CE}_Office14.PRJPROR_{8A8F117F-8EDB-440D-B679-F08909D729F7}" = Microsoft Project 2010 Service Pack 1 (SP1)
"{9238E8A4-BEBA-43A3-B926-769BDBF194C5}" = VAIO Media plus Opening Movie
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{931FE23C-BB40-4C7A-A594-DB35908D8E83}" = VAIO Quick Web Access
"{935B5086-C002-0FBC-0723-5741D2478EE7}" = Catalyst Control Center InstallProxy
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{96D0B6C6-5A72-4B47-8583-A87E55F5FE81}" =
"{96D8E26D-70CB-44DE-AE50-43095A39E5B2}" = VAIO Entertainment Platform
"{9866E5F0-121F-E018-E2D1-2E1770847ABF}" = Adobe Download Assistant
"{9AA64011-2D75-4CFA-ACEB-3B801280910C}" = F-Secure Launch pad
"{9B163B82-3B46-4CE5-BF01-A53E550A8E58}" = Sony Home Network Library
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9DA53D22-D922-494C-B1D7-51CD9BCB9E4A}" = VAIO Hardware Diagnostics
"{9EAC0E21-510E-4259-A9C6-F5D5B8969036}" = Catalyst Control Center - Branding
"{A0F4F993-C4A7-F093-CF8D-5F03B39252F2}" = CCC Help Thai
"{A3563827-B0DB-44DC-B037-15CC4E5E692F}" = VAIO Content Metadata XML Interface Library
"{A477F82B-F291-5BB0-74FF-6654A27B311A}" = CCC Help Dutch
"{A4ED5E53-7AA0-11E1-BF04-B2D4D4A5360E}" = Adobe Dreamweaver CS6
"{A4EFAC49-5605-E9FA-5C1B-75D8AACF6139}" = Catalyst Control Center Graphics Light
"{A63E7492-A0BC-4BB9-89A7-352965222380}" = VAIO Original Funktion Einstellungen
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A7C30414-2382-4086-B0D6-01A88ABA21C3}" = VAIO Gate
"{A7DA438C-2E43-4C20-BFDA-C1F4A6208558}" = Setting Utility Series
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A95187EF-BCF4-4468-B501-C0BAB976ADD1}" = VAIO Personalization Manager
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AA668097-C081-B41E-DEDA-83BB12B7E85F}" = CCC Help Korean
"{AB259D46-F851-41B0-9AFA-AED8998AD68A}" = MusicStation
"{AC050677-EAFC-4B57-8F83-8205F65134D2}" = VAIO Content Metadata XML Interface Library
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.2) - Deutsch
"{AF37176A-78CA-545B-34EF-8B6A21514DD1}" = Adobe Help Manager
"{B1DADBEB-7F82-4B29-84D6-5F14A020F0A0}" = VAIO Content Metadata Intelligent Analyzing Manager
"{B25563A0-41F4-4A81-A6C1-6DBC0911B1F3}" = PMB VAIO Edition plug-in (VAIO Movie Story)
"{B2F0AAB1-8C1C-1EFE-6594-417BBB023D6B}" = CCC Help Czech
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Central Copy
"{B6A98E5F-D6A7-46FB-9E9D-1F7BF443491C}" = PMB
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B7546697-2A80-4256-A24B-1C33163F535B}" = VAIO Gate Default
"{BCA907B6-5A0F-473E-8C63-0FF0CFAEB7B7}" = VAIO Personalization Manager
"{C0618520-5C63-1583-B78A-CEE1139EF1E6}" = CCC Help Polish
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C7477742-DDB4-43E5-AC8D-0259E1E661B1}" = VAIO Event Service
"{C84E8865-5E2B-5A46-99F2-B8A35917B8BF}" = Catalyst Control Center Graphics Previews Common
"{CBCFD97D-FE82-43F4-A978-996CACF71E6B}_is1" = UBitMenuDE
"{D03D02D8-AB64-4785-A48E-5AA8B0FB8C14}" = Sony Home Network Library
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D36B6249-71E7-9E85-A9D6-E2239783301E}" = CCC Help Norwegian
"{D5DC1775-F67A-6399-BE1D-960FC2254F91}" = CCC Help Chinese Standard
"{D604D3C7-337D-FE67-09DE-A641D3B4D886}" = CCC Help Danish
"{D60F97EC-EF06-4E1E-B0D1-C2CBABA62FA3}" = VAIO Wallpaper Contents
"{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}" = Intel(R) Turbo Boost Technology Driver
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DD23714B-A2C6-A6D2-9309-75AFAFF1F8E6}" = CCC Help English
"{DD88F979-FA58-41AC-980C-A6E1A82B61D9}" = Media Gallery
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{DE8AAC73-6D8D-483E-96EA-CAEDDADB9079}" = ArcSoft WebCam Companion 3
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E2A97415-BD97-4867-B906-05E39E9EE51F}" = HL-2250DN
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E3DC1111-5D32-40F9-BB81-64E31294C1A4}" = VAIO Personalization Manager
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E59113EB-0285-4BFD-A37A-B79EAC6B8F4B}" = Microsoft SQL Server Compact 3.5 SP1 English
"{E7D5D189-E71D-EA01-419F-699F57B1ED65}" = Catalyst Control Center Graphics Previews Vista
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Central Core
"{EFBE6DD5-B224-96E5-72B9-68D328CB12A6}" = Adobe Widget Browser
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1432614-6183-49E6-98E8-674485463CFE}" = VAIO Original Function Settings
"{F2894826-BF35-CE79-5EA6-7BAD1DF6F8BF}" = CCC Help Greek
"{F392063E-8736-7812-47E7-7598F0B56D9D}" = CCC Help Swedish
"{F761359C-9CED-45AE-9A51-9D6605CD55C4}" = Evernote
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{FB77DB0C-6951-47B6-9D80-A0FDBEE0334C}" =
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"{FE51662F-D8F6-43B5-99D9-D4894AF00F83}" = Roxio Easy Media Creator Home
"{FF4EB4E5-55BB-D9AF-B5A2-3D6F359E7472}" = CCC Help Chinese Traditional
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Bouml_is1" = Bouml 4.21
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Help Manager
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant
"com.adobe.WidgetBrowser" = Adobe Widget Browser
"DAEMON Tools Lite" = DAEMON Tools Lite
"DivX Setup.divx.com" = DivX-Setup
"ElsterFormular für Privatanwender 12.2.0.6412p" = ElsterFormular für Privatanwender
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Free Studio_is1" = Free Studio version 5.1.7
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.14.1206
"F-Secure Product 444" = F-Secure Internet Security 2011
"F-Secure ServiceEnabler" = F-Secure Launch pad
"Google Chrome" = Google Chrome
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{1873FFC1-FDCB-47E1-B7C7-F418211E3530}" = PMB VAIO Edition plug-in (VAIO Image Optimizer)
"InstallShield_{4DCEA9C1-4D6E-41BF-A854-28CFA8B56DBF}" = PMB VAIO Edition plug-in (Click to Disc)
"InstallShield_{6FA8BA2C-052B-4072-B8E2-2302C268BE9E}" = VAIO Movie Story Template Data
"InstallShield_{88C252C8-A7EE-4B60-BF74-8E5919A8048F}" = PMB VAIO Edition Guide
"InstallShield_{B25563A0-41F4-4A81-A6C1-6DBC0911B1F3}" = PMB VAIO Edition plug-in (VAIO Movie Story)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300
"MarketingTools" = VAIO Marketing Tools
"Mozilla Firefox 11.0 (x86 de)" = Mozilla Firefox 11.0 (x86 de)
"Office14.PRJPROR" = Microsoft Project Professional 2010
"OpenVPN" = OpenVPN 2.1_rc22
"Restorer Ultimate_is1" = Restorer Ultimate 6.0
"Simfy" = simfy
"splashtop" = VAIO Quick Web Access
"Totalcmd" = Total Commander (Remove or Repair)
"TUGZip_is1" = TUGZip 3.5
"Uninstall_is1" = Uninstall 1.0.0.1
"VAIO Help and Support" =
"VAIO Premium Partners" = VAIO Premium Partners
"VAIO screensaver" = VAIO screensaver
"WinLiveSuite_Wave3" = Windows Live Essentials
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"pdfsam" = pdfsam
"Spotify" = Spotify
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 26.10.2011 21:09:18 | Computer Name = eva-VAIO | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 26.10.2011 21:09:21 | Computer Name = eva-VAIO | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 29.10.2011 19:24:21 | Computer Name = eva-VAIO | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: rodriguez_jr__the_split_part_1.exe,
Version: 1.0.0.0, Zeitstempel: 0x4eaaa705 Name des fehlerhaften Moduls: rodriguez_jr__the_split_part_1.exe,
Version: 1.0.0.0, Zeitstempel: 0x4eaaa705 Ausnahmecode: 0xc0000005 Fehleroffset:
0x00062f7b ID des fehlerhaften Prozesses: 0x4a90 Startzeit der fehlerhaften Anwendung:
0x01cc9691cbdc7dc7 Pfad der fehlerhaften Anwendung: C:\Users\eva\Documents\Downloads\rodriguez_jr__the_split_part_1.exe
Pfad
des fehlerhaften Moduls: C:\Users\eva\Documents\Downloads\rodriguez_jr__the_split_part_1.exe
Berichtskennung:
20eb27b7-0285-11e1-89f2-544249078d41
Error - 30.10.2011 14:00:02 | Computer Name = eva-VAIO | Source = Windows Backup | ID = 4103
Description =
Error - 31.10.2011 17:03:49 | Computer Name = eva-VAIO | Source = VzCdbSvc | ID = 7
Description = Das Plug-In-Modul konnte nicht geladen werden. (GUID = {48512A59-C8A5-4805-9048-23C9E4194BFA})
(Fehlercode = 0x80042000)
Error - 31.10.2011 17:03:49 | Computer Name = eva-VAIO | Source = VzCdbSvc | ID = 7
Description = Das Plug-In-Modul konnte nicht geladen werden. (GUID = {56F9312C-C989-4E04-8C23-299DEE3A36F5})
(Fehlercode = 0x80042019)
Error - 04.11.2011 22:49:27 | Computer Name = eva-VAIO | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: DivX Plus Player.exe, Version: 10.2.1.20,
Zeitstempel: 0x4cdc8b7a Name des fehlerhaften Moduls: QtCore4.dll, Version: 4.5.0.0,
Zeitstempel: 0x49a6280b Ausnahmecode: 0xc0000005 Fehleroffset: 0x000e1b16 ID des fehlerhaften
Prozesses: 0x2604 Startzeit der fehlerhaften Anwendung: 0x01cc9b655eda9543 Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\DivX\DivX Plus Player\DivX Plus
Player.exe Pfad des fehlerhaften Moduls: C:\Program Files (x86)\Common Files\DivX
Shared\Qt4.5\QtCore4.dll Berichtskennung: c6519543-0758-11e1-999d-506313a3d9b2
Error - 04.11.2011 22:51:19 | Computer Name = eva-VAIO | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: DivX Plus Player.exe, Version: 10.2.1.20,
Zeitstempel: 0x4cdc8b7a Name des fehlerhaften Moduls: QtCore4.dll, Version: 4.5.0.0,
Zeitstempel: 0x49a6280b Ausnahmecode: 0xc0000005 Fehleroffset: 0x000e1b16 ID des fehlerhaften
Prozesses: 0x271c Startzeit der fehlerhaften Anwendung: 0x01cc9b659654e728 Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\DivX\DivX Plus Player\DivX Plus
Player.exe Pfad des fehlerhaften Moduls: C:\Program Files (x86)\Common Files\DivX
Shared\Qt4.5\QtCore4.dll Berichtskennung: 091cf323-0759-11e1-999d-506313a3d9b2
Error - 06.11.2011 05:39:15 | Computer Name = eva-VAIO | Source = Application Hang | ID = 1002
Description = Programm FreeYouTubeToMP3Converter.exe, Version 3.10.8.815 kann nicht
mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
zu suchen. Prozess-ID: 404 Startzeit: 01cc9c168b75d812 Endzeit: 7 Anwendungspfad: C:\Program
Files (x86)\DVDVideoSoft\Free Studio\Free YouTube to MP3 Converter\FreeYouTubeToMP3Converter.exe
Berichts-ID:
2be5e4b1-085b-11e1-999d-506313a3d9b2
Error - 06.11.2011 05:39:59 | Computer Name = eva-VAIO | Source = Application Hang | ID = 1002
Description = Programm FreeYouTubeToMP3Converter.exe, Version 3.10.8.815 kann nicht
mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
zu suchen. Prozess-ID: 2c94 Startzeit: 01cc9c67fe5620fd Endzeit: 25 Anwendungspfad:
C:\Program Files (x86)\DVDVideoSoft\Free Studio\Free YouTube to MP3 Converter\FreeYouTubeToMP3Converter.exe
Berichts-ID:
429fa3b1-085b-11e1-999d-506313a3d9b2
[ OSession Events ]
Error - 12.05.2010 22:02:48 | Computer Name = eva-VAIO | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 78
seconds with 0 seconds of active time. This session ended with a crash.
Error - 17.05.2010 08:20:31 | Computer Name = eva-VAIO | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 382641
seconds with 0 seconds of active time. This session ended with a crash.
Error - 01.06.2011 10:20:53 | Computer Name = eva-VAIO | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6557.5001, Microsoft Office Version: 12.0.6425.1000. This session lasted 1210
seconds with 660 seconds of active time. This session ended with a crash.
Error - 14.06.2011 04:40:23 | Computer Name = eva-VAIO | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6550.5004, Microsoft Office Version: 12.0.6425.1000. This session lasted 68817
seconds with 3120 seconds of active time. This session ended with a crash.
Error - 24.06.2011 21:33:22 | Computer Name = eva-VAIO | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6557.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 15050
seconds with 240 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 15.07.2012 10:28:38 | Computer Name = eva-VAIO | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 15.07.2012 10:28:38 | Computer Name = eva-VAIO | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 15.07.2012 10:28:40 | Computer Name = eva-VAIO | Source = DCOM | ID = 10005
Description =
Error - 15.07.2012 10:28:50 | Computer Name = eva-VAIO | Source = DCOM | ID = 10005
Description =
Error - 15.07.2012 10:28:55 | Computer Name = eva-VAIO | Source = DCOM | ID = 10005
Description =
Error - 15.07.2012 10:28:55 | Computer Name = eva-VAIO | Source = DCOM | ID = 10005
Description =
Error - 15.07.2012 10:28:57 | Computer Name = eva-VAIO | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuchanbieter-Host"
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 15.07.2012 10:28:57 | Computer Name = eva-VAIO | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 15.07.2012 10:28:57 | Computer Name = eva-VAIO | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 15.07.2012 10:28:57 | Computer Name = eva-VAIO | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
< End of report >
|
|
15.07.2012, 16:25
| #4 |
| /// Helfer-Team | Bundestrojaner aber mit Webcamfenster Gibt es einen Grund warum Du die Funde nicht geloescht hast? Fixen mit OTL Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).
Code:
ATTFilter :OTL
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=102&systemid=406&sr=0&q={searchTerms}
IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=102&systemid=406&sr=0&q={searchTerms}
IE - HKCU\..\URLSearchHook: - No CLSID value found
IE - HKCU\..\URLSearchHook: {a51a36e6-31e7-4838-9ff7-76298b527ec0} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{2ADE1F2D-601B-4CBA-BB18-35D372A1434E}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SVEC_deDE377
IE - HKCU\..\SearchScopes\{3A86E50D-52C6-4A01-B1BF-BBEF32359CAB}: "URL" = http://rover.ebay.com/rover/1/707-37276-16609-0/4?satitle={searchTerms}
IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = http://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKCU\..\SearchScopes\{7237F0F4-BF74-426E-BEFC-6D96B84F95A1}: "URL" = http://de.shopping.com/?linkin_id=8056363
IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=102&systemid=406&sr=0&q={searchTerms}
IE - HKCU\..\SearchScopes\{BDD3D21F-DBDA-4475-BA3F-4F31818EE7F1}: "URL" = http://www.zinio.com/search/index.jsp?s={searchTerms}&rf=sonyie8search
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
FF - prefs.js..browser.search.defaultenginename: "Search Results"
FF - prefs.js..browser.search.defaultthis.engineName: "softonic-Germany Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2449729&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.order.1: "Search Results"
FF - prefs.js..browser.search.selectedEngine: "Search Results"
FF - prefs.js..browser.startup.homepage: "http://www.searchqu.com/406"
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: litmus-ff@f-secure.com:1.10
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.2.5.2
FF - prefs.js..extensions.enabledItems: {a51a36e6-31e7-4838-9ff7-76298b527ec0}:3.2.5.2
FF - prefs.js..extensions.enabledItems: {c45c406e-ab73-11d8-be73-000a95be3b12}:1.1.9
FF - prefs.js..extensions.enabledItems: {AE93811A-5C9A-4d34-8462-F7B864FC4696}:3.81
FF - prefs.js..keyword.URL: "http://dts.search-results.com/sr?src=ffb&appid=102&systemid=406&sr=0&q="
FF - prefs.js..network.proxy.http: "188.94.228.46"
FF - prefs.js..network.proxy.http_port: 8080
FF - prefs.js..network.proxy.type: 1
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {30F9B915-B755-4826-820B-08FBA6BD249D} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {A51A36E6-31E7-4838-9FF7-76298B527EC0} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKCU..\Run: [AdobeBridge] File not found
O4 - HKCU..\Run: [EPSON S21 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIFAE.EXE /FU "C:\Windows\TEMP\E_S7023.tmp" /EF "HKCU" File not found
O4 - HKCU..\Run: [Spotify] C:\Users\eva\AppData\Roaming\Spotify\spotify.exe (Spotify Ltd)
O4 - HKCU..\Run: [Spotify Web Helper] C:\Users\eva\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{017ad081-5432-11df-94f7-506313a3d9b2}\Shell - "" = AutoRun
O33 - MountPoints2\{017ad081-5432-11df-94f7-506313a3d9b2}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\{d15df991-0ecd-11e0-8654-506313a3d9b2}\Shell - "" = AutoRun
O33 - MountPoints2\{d15df991-0ecd-11e0-8654-506313a3d9b2}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -a
O33 - MountPoints2\{e5484eb7-552b-11df-93f8-506313a3d9b2}\Shell - "" = AutoRun
O33 - MountPoints2\{e5484eb7-552b-11df-93f8-506313a3d9b2}\Shell\AutoRun\command - "" = "H:\WD SmartWare.exe" autoplay=true
[2012.05.16 20:33:04 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\BRTCPCON.DLL
[2012.05.16 20:33:00 | 000,000,114 | ---- | C] () -- C:\Windows\SysWow64\BRLMW03A.INI
[2010.09.30 16:29:22 | 000,042,672 | ---- | C] () -- C:\Windows\SysWow64\drivers\fsbts.sys
[2010.09.30 16:28:31 | 001,543,394 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
@Alternate Data Stream - 1055 bytes -> C:\Users\eva\AppData\Local\Temp:kPr1MmTTPju4cyqYVJ
@Alternate Data Stream - 1043 bytes -> C:\Users\eva\AppData\Local\zCHjK9DmX:kudQTrWqhWDCl56wHP0vZ
[2012.07.15 13:24:20 | 004,503,728 | ---- | M] () -- C:\ProgramData\go_0molg.pad
[2012.07.15 13:24:30 | 000,000,000 | ---D | M] -- C:\Users\eva\AppData\Roaming\Dropbox
[2012.07.15 13:18:51 | 000,013,872 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.07.15 13:18:51 | 000,013,872 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.07.15 13:18:05 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.07.15 13:01:35 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.07.12 00:08:26 | 004,503,728 | ---- | C] () -- C:\ProgramData\go_0molg.pad
:Files
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[emptyflash]
Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden. Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen! |
|
16.07.2012, 08:53
| #5 |
| | Bundestrojaner aber mit Webcamfenster Sorry - das hatte ich irgendwie nicht kapiert - war also keine Absicht! Vielen Danke! Hier nun die neue LOG-Datei: Code:
ATTFilter All processes killed
========== OTL ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{a51a36e6-31e7-4838-9ff7-76298b527ec0} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a51a36e6-31e7-4838-9ff7-76298b527ec0}\ not found.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2ADE1F2D-601B-4CBA-BB18-35D372A1434E}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2ADE1F2D-601B-4CBA-BB18-35D372A1434E}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{3A86E50D-52C6-4A01-B1BF-BBEF32359CAB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3A86E50D-52C6-4A01-B1BF-BBEF32359CAB}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6552C7DD-90A4-4387-B795-F8F96747DE19}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{7237F0F4-BF74-426E-BEFC-6D96B84F95A1}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7237F0F4-BF74-426E-BEFC-6D96B84F95A1}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BDD3D21F-DBDA-4475-BA3F-4F31818EE7F1}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BDD3D21F-DBDA-4475-BA3F-4F31818EE7F1}\ not found.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
Prefs.js: "Search Results" removed from browser.search.defaultenginename
Prefs.js: "softonic-Germany Customized Web Search" removed from browser.search.defaultthis.engineName
Prefs.js: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2449729&SearchSource=3&q={searchTerms}" removed from browser.search.defaulturl
Prefs.js: "Search Results" removed from browser.search.order.1
Prefs.js: "Search Results" removed from browser.search.selectedEngine
Prefs.js: "hxxp://www.searchqu.com/406" removed from browser.startup.homepage
Prefs.js: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 removed from extensions.enabledItems
Prefs.js: litmus-ff@f-secure.com:1.10 removed from extensions.enabledItems
Prefs.js: engine@conduit.com:3.2.5.2 removed from extensions.enabledItems
Prefs.js: {a51a36e6-31e7-4838-9ff7-76298b527ec0}:3.2.5.2 removed from extensions.enabledItems
Prefs.js: {c45c406e-ab73-11d8-be73-000a95be3b12}:1.1.9 removed from extensions.enabledItems
Prefs.js: {AE93811A-5C9A-4d34-8462-F7B864FC4696}:3.81 removed from extensions.enabledItems
Prefs.js: "hxxp://dts.search-results.com/sr?src=ffb&appid=102&systemid=406&sr=0&q=" removed from keyword.URL
Prefs.js: "188.94.228.46" removed from network.proxy.http
Prefs.js: 8080 removed from network.proxy.http_port
Prefs.js: 1 removed from network.proxy.type
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@adobe.com/FlashPlayer\ deleted successfully.
C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@tools.google.com/Google Update;version=3\ deleted successfully.
C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@tools.google.com/Google Update;version=9\ deleted successfully.
File C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{30F9B915-B755-4826-820B-08FBA6BD249D} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{A51A36E6-31E7-4838-9FF7-76298B527EC0} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A51A36E6-31E7-4838-9FF7-76298B527EC0}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\DivXUpdate deleted successfully.
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\EPSON S21 Series deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Spotify deleted successfully.
C:\Users\eva\AppData\Roaming\Spotify\spotify.exe moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Spotify Web Helper deleted successfully.
C:\Users\eva\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{017ad081-5432-11df-94f7-506313a3d9b2}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{017ad081-5432-11df-94f7-506313a3d9b2}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{017ad081-5432-11df-94f7-506313a3d9b2}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{017ad081-5432-11df-94f7-506313a3d9b2}\ not found.
File G:\LaunchU3.exe -a not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d15df991-0ecd-11e0-8654-506313a3d9b2}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d15df991-0ecd-11e0-8654-506313a3d9b2}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d15df991-0ecd-11e0-8654-506313a3d9b2}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d15df991-0ecd-11e0-8654-506313a3d9b2}\ not found.
File I:\LaunchU3.exe -a not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e5484eb7-552b-11df-93f8-506313a3d9b2}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e5484eb7-552b-11df-93f8-506313a3d9b2}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e5484eb7-552b-11df-93f8-506313a3d9b2}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e5484eb7-552b-11df-93f8-506313a3d9b2}\ not found.
File "H:\WD SmartWare.exe" autoplay=true not found.
C:\Windows\SysWOW64\BRTCPCON.DLL moved successfully.
C:\Windows\SysWOW64\BRLMW03A.INI moved successfully.
C:\Windows\SysWOW64\drivers\fsbts.sys moved successfully.
C:\Windows\SysWOW64\PerfStringBackup.INI moved successfully.
ADS C:\Users\eva\AppData\Local\Temp:kPr1MmTTPju4cyqYVJ deleted successfully.
ADS C:\Users\eva\AppData\Local\zCHjK9DmX:kudQTrWqhWDCl56wHP0vZ deleted successfully.
C:\ProgramData\go_0molg.pad moved successfully.
Folder move failed. C:\Users\eva\AppData\Roaming\Dropbox\shellext\l scheduled to be moved on reboot.
C:\Users\eva\AppData\Roaming\Dropbox\shellext\dump folder moved successfully.
Folder move failed. C:\Users\eva\AppData\Roaming\Dropbox\shellext scheduled to be moved on reboot.
C:\Users\eva\AppData\Roaming\Dropbox\l folder moved successfully.
C:\Users\eva\AppData\Roaming\Dropbox\installer\l folder moved successfully.
C:\Users\eva\AppData\Roaming\Dropbox\installer folder moved successfully.
C:\Users\eva\AppData\Roaming\Dropbox\bin folder moved successfully.
Folder move failed. C:\Users\eva\AppData\Roaming\Dropbox scheduled to be moved on reboot.
C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 moved successfully.
C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job moved successfully.
File C:\ProgramData\go_0molg.pad not found.
========== FILES ==========
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\eva\Desktop\cmd.bat deleted successfully.
C:\Users\eva\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56475 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: eva
->Temp folder emptied: 5821265487 bytes
->Temporary Internet Files folder emptied: 3042750 bytes
->Java cache emptied: 17663836 bytes
->FireFox cache emptied: 55143616 bytes
->Google Chrome cache emptied: 18275090 bytes
->Flash cache emptied: 69356 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 310825544 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 36069724 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 5.972,00 mb
[EMPTYFLASH]
User: All Users
User: Default
->Flash cache emptied: 0 bytes
User: Default User
->Flash cache emptied: 0 bytes
User: eva
->Flash cache emptied: 0 bytes
User: Public
Total Flash Files Cleaned = 0,00 mb
OTL by OldTimer - Version 3.2.54.0 log created on 07162012_094416
Files\Folders moved on Reboot...
C:\Users\eva\AppData\Roaming\Dropbox\shellext\l folder moved successfully.
C:\Users\eva\AppData\Roaming\Dropbox\shellext folder moved successfully.
C:\Users\eva\AppData\Roaming\Dropbox folder moved successfully.
File move failed. C:\Users\eva\AppData\Local\Temp\FXSAPIDebugLogFile.txt scheduled to be moved on reboot.
PendingFileRenameOperations files...
File C:\Users\eva\AppData\Roaming\Dropbox\shellext\l not found!
File C:\Users\eva\AppData\Roaming\Dropbox\shellext not found!
File C:\Users\eva\AppData\Roaming\Dropbox not found!
[2010.04.28 20:40:59 | 000,000,000 | ---- | M] () C:\Users\eva\AppData\Local\Temp\FXSAPIDebugLogFile.txt : Unable to obtain MD5
Registry entries deleted on Reboot...
|
|
16.07.2012, 12:58
| #6 |
| /// Helfer-Team | Bundestrojaner aber mit Webcamfenster Sehr gut!  Wie laeuft der Rechner? Downloade Dir bitte AdwCleaner auf deinen Desktop.
__________________ --> Bundestrojaner aber mit Webcamfenster |
|
16.07.2012, 13:20
| #7 |
| | Bundestrojaner aber mit Webcamfenster im abgesicherten Modus läuft soweit alles gut  Hier die Logdatei von adwcleaner: Code:
ATTFilter # AdwCleaner v1.702 - Logfile created 07/16/2012 at 14:16:54
# Updated 13/07/2012 by Xplode
# Operating system : Windows 7 Home Premium (64 bits)
# User : eva - EVA-VAIO
# Running from : C:\Users\eva\Documents\Downloads\adwcleaner.exe
# Option [Search]
***** [Services] *****
***** [Files / Folders] *****
Folder Found : C:\Users\eva\AppData\Local\Conduit
Folder Found : C:\Users\eva\AppData\Local\Ilivid Player
Folder Found : C:\Users\eva\AppData\LocalLow\Conduit
Folder Found : C:\Users\eva\AppData\LocalLow\searchquband
Folder Found : C:\Users\eva\AppData\Roaming\Mozilla\Firefox\Profiles\14ntmd2g.default\Conduit
Folder Found : C:\Users\eva\AppData\Roaming\Mozilla\Firefox\Profiles\14ntmd2g.default\ConduitCommon
Folder Found : C:\Users\eva\AppData\Roaming\Mozilla\Firefox\Profiles\14ntmd2g.default\ConduitEngine
Folder Found : C:\ProgramData\boost_interprocess
Folder Found : C:\ProgramData\InstallMate
Folder Found : C:\Program Files (x86)\Ilivid
File Found : C:\Users\eva\AppData\Roaming\Mozilla\Firefox\Profiles\14ntmd2g.default\searchplugins\Conduit.xml
File Found : C:\Users\eva\AppData\Roaming\Mozilla\Firefox\Profiles\14ntmd2g.default\searchplugins\Search_Results.xml
File Found : C:\Program Files (x86)\Mozilla FireFox\searchplugins\Search_Results.xml
***** [Registry] *****
[*] Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2449729
Key Found : HKCU\Software\AppDataLow\Software\searchqutoolbar
Key Found : HKCU\Software\DataMngr
Key Found : HKCU\Software\Softonic
Key Found : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Found : HKLM\SOFTWARE\DT Soft
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASMANCS
[x64] Key Found : HKCU\Software\AppDataLow\Software\searchqutoolbar
[x64] Key Found : HKCU\Software\DataMngr
[x64] Key Found : HKCU\Software\Softonic
[x64] Key Found : HKLM\SOFTWARE\Classes\Conduit.Engine
[x64] Key Found : HKLM\SOFTWARE\DataMngr
***** [Registre - GUID] *****
Key Found : HKLM\SOFTWARE\Classes\CLSID\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
***** [Internet Browsers] *****
-\\ Internet Explorer v9.0.8112.16421
[OK] Registry is clean.
-\\ Mozilla Firefox v11.0 (de)
Profile name : default
File : C:\Users\eva\AppData\Roaming\Mozilla\Firefox\Profiles\14ntmd2g.default\prefs.js
Found : user_pref("CT2449729..clientLogIsEnabled", false);
Found : user_pref("CT2449729..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Found : user_pref("CT2449729..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Found : user_pref("CT2449729.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Found : user_pref("CT2449729.CT2449729", "CT2449729");
Found : user_pref("CT2449729.CurrentServerDate", "3-7-2011");
Found : user_pref("CT2449729.DialogsAlignMode", "LTR");
Found : user_pref("CT2449729.DialogsGetterLastCheckTime", "Fri Jul 01 2011 19:07:06 GMT+0200");
Found : user_pref("CT2449729.DownloadReferralCookieData", "");
Found : user_pref("CT2449729.EMailNotifierPollDate", "Sun Jul 03 2011 17:56:19 GMT+0200");
Found : user_pref("CT2449729.FeedLastCount129029445737143755", 1120);
Found : user_pref("CT2449729.FeedPollDate7470634014180506963", "Sun Jul 03 2011 17:56:19 GMT+0200");
Found : user_pref("CT2449729.FeedPollDate7470634014269327586", "Sun Jul 03 2011 17:56:19 GMT+0200");
Found : user_pref("CT2449729.FeedPollDate7470634014329599698", "Sun Jul 03 2011 17:56:19 GMT+0200");
Found : user_pref("CT2449729.FeedPollDate7470634014537505092", "Sun Jul 03 2011 17:56:19 GMT+0200");
Found : user_pref("CT2449729.FeedPollDate7470634014970726540", "Sun Jul 03 2011 17:56:19 GMT+0200");
Found : user_pref("CT2449729.FeedPollDate7470634015410831318", "Sun Jul 03 2011 14:54:37 GMT+0200");
Found : user_pref("CT2449729.FeedPollDate7470634015483395460", "Sun Jul 03 2011 17:56:19 GMT+0200");
Found : user_pref("CT2449729.FeedPollDate7470634015636754705", "Sun Jul 03 2011 17:56:19 GMT+0200");
Found : user_pref("CT2449729.FeedPollDate7470634015768347545", "Sun Jul 03 2011 17:56:19 GMT+0200");
Found : user_pref("CT2449729.FeedPollDate7470634015855543602", "Sun Jul 03 2011 17:56:19 GMT+0200");
Found : user_pref("CT2449729.FeedPollDate7470634016030710453", "Sun Jul 03 2011 17:56:19 GMT+0200");
Found : user_pref("CT2449729.FeedPollDate7470634016114705611", "Sun Jul 03 2011 17:56:19 GMT+0200");
Found : user_pref("CT2449729.FeedPollDate7470634016129205152", "Sun Jul 03 2011 14:54:37 GMT+0200");
Found : user_pref("CT2449729.FeedPollDate7470634016143724791", "Sun Jul 03 2011 14:54:37 GMT+0200");
Found : user_pref("CT2449729.FeedPollDate7470634016271239162", "Sun Jul 03 2011 14:54:37 GMT+0200");
Found : user_pref("CT2449729.FeedPollDate7470634016568520719", "Sun Jul 03 2011 17:56:19 GMT+0200");
Found : user_pref("CT2449729.FeedPollDate7470634016726993788", "Sun Jul 03 2011 17:56:19 GMT+0200");
Found : user_pref("CT2449729.FeedPollDate7470634017109031809", "Sun Jul 03 2011 17:56:19 GMT+0200");
Found : user_pref("CT2449729.FeedPollDate7470634017132743740", "Sun Jul 03 2011 17:56:19 GMT+0200");
Found : user_pref("CT2449729.FeedPollDate7470634017299547668", "Sun Jul 03 2011 17:56:19 GMT+0200");
Found : user_pref("CT2449729.FeedPollDate7470634017302327846", "Sun Jul 03 2011 17:56:19 GMT+0200");
Found : user_pref("CT2449729.FeedPollDate7470634017344111490", "Sun Jul 03 2011 17:56:19 GMT+0200");
Found : user_pref("CT2449729.FeedPollDate7470634017478360748", "Sun Jul 03 2011 14:54:38 GMT+0200");
Found : user_pref("CT2449729.FeedPollDate7470634017732797593", "Sun Jul 03 2011 17:56:19 GMT+0200");
Found : user_pref("CT2449729.FeedPollDate7470634017821686064", "Sun Jul 03 2011 14:54:37 GMT+0200");
Found : user_pref("CT2449729.FeedPollDate7470634018090228721", "Sun Jul 03 2011 17:56:19 GMT+0200");
Found : user_pref("CT2449729.FeedTTL7470634014269327586", 5);
Found : user_pref("CT2449729.FeedTTL7470634014537505092", 5);
Found : user_pref("CT2449729.FeedTTL7470634014970726540", 2);
Found : user_pref("CT2449729.FeedTTL7470634015636754705", 5);
Found : user_pref("CT2449729.FeedTTL7470634016568520719", 30);
Found : user_pref("CT2449729.FeedTTL7470634017109031809", 30);
Found : user_pref("CT2449729.FeedTTL7470634017299547668", 2);
Found : user_pref("CT2449729.FirstServerDate", "1-7-2011");
Found : user_pref("CT2449729.FirstTime", true);
Found : user_pref("CT2449729.FirstTimeFF3", true);
Found : user_pref("CT2449729.FixPageNotFoundErrors", true);
Found : user_pref("CT2449729.GroupingServerCheckInterval", 1440);
Found : user_pref("CT2449729.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Found : user_pref("CT2449729.HasUserGlobalKeys", true);
Found : user_pref("CT2449729.Initialize", true);
Found : user_pref("CT2449729.InitializeCommonPrefs", true);
Found : user_pref("CT2449729.InstallationAndCookieDataSentCount", 3);
Found : user_pref("CT2449729.InstalledDate", "Fri Jul 01 2011 19:07:06 GMT+0200");
Found : user_pref("CT2449729.InvalidateCache", false);
Found : user_pref("CT2449729.IsGrouping", false);
Found : user_pref("CT2449729.IsInitSetupIni", true);
Found : user_pref("CT2449729.IsMulticommunity", false);
Found : user_pref("CT2449729.IsOpenThankYouPage", true);
Found : user_pref("CT2449729.IsOpenUninstallPage", true);
Found : user_pref("CT2449729.LanguagePackLastCheckTime", "Fri Jul 01 2011 19:07:06 GMT+0200");
Found : user_pref("CT2449729.LanguagePackReloadIntervalMM", 1440);
Found : user_pref("CT2449729.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Found : user_pref("CT2449729.LastLogin_3.5.0.12", "Sun Jul 03 2011 17:56:20 GMT+0200");
Found : user_pref("CT2449729.LatestVersion", "3.3.3.2");
Found : user_pref("CT2449729.Locale", "de-de");
Found : user_pref("CT2449729.MCDetectTooltipHeight", "83");
Found : user_pref("CT2449729.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Found : user_pref("CT2449729.MCDetectTooltipWidth", "295");
Found : user_pref("CT2449729.MyStuffEnabledAtInstallation", true);
Found : user_pref("CT2449729.OriginalFirstVersion", "3.5.0.12");
Found : user_pref("CT2449729.RadioIsPodcast", false);
Found : user_pref("CT2449729.RadioLastCheckTime", "Sat Jul 02 2011 19:07:24 GMT+0200");
Found : user_pref("CT2449729.RadioLastUpdateIPServer", "3");
Found : user_pref("CT2449729.RadioLastUpdateServer", "3");
Found : user_pref("CT2449729.RadioMediaID", "9962");
Found : user_pref("CT2449729.RadioMediaType", "Media Player");
Found : user_pref("CT2449729.RadioMenuSelectedID", "EBRadioMenu_CT24497299962");
Found : user_pref("CT2449729.RadioShrinkedFromSetup", false);
Found : user_pref("CT2449729.RadioStationName", "California%20Rock");
Found : user_pref("CT2449729.RadioStationURL", "hxxp://feedlive.net/california.asx");
Found : user_pref("CT2449729.SavedHomepage", "hxxp://www.google.de/");
Found : user_pref("CT2449729.SearchFromAddressBarIsInit", true);
Found : user_pref("CT2449729.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT244[...]
Found : user_pref("CT2449729.SearchInNewTabEnabled", true);
Found : user_pref("CT2449729.SearchInNewTabIntervalMM", 1440);
Found : user_pref("CT2449729.SearchInNewTabLastCheckTime", "Fri Jul 01 2011 19:07:06 GMT+0200");
Found : user_pref("CT2449729.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Found : user_pref("CT2449729.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageServic[...]
Found : user_pref("CT2449729.SearchProtectorToolbarDisabled", true);
Found : user_pref("CT2449729.ServiceMapLastCheckTime", "Fri Jul 01 2011 19:07:04 GMT+0200");
Found : user_pref("CT2449729.SettingsLastCheckTime", "Fri Jul 01 2011 19:07:04 GMT+0200");
Found : user_pref("CT2449729.SettingsLastUpdate", "1306952841");
Found : user_pref("CT2449729.ThirdPartyComponentsInterval", 504);
Found : user_pref("CT2449729.ThirdPartyComponentsLastCheck", "Fri Jul 01 2011 19:07:03 GMT+0200");
Found : user_pref("CT2449729.ThirdPartyComponentsLastUpdate", "1255344657");
Found : user_pref("CT2449729.ToolbarShrinkedFromSetup", false);
Found : user_pref("CT2449729.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2449729");
Found : user_pref("CT2449729.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,OurTo[...]
Found : user_pref("CT2449729.Uninstall", true);
Found : user_pref("CT2449729.UserID", "UN01472215024760104");
Found : user_pref("CT2449729.WeatherNetwork", "");
Found : user_pref("CT2449729.WeatherPollDate", "Sun Jul 03 2011 17:56:19 GMT+0200");
Found : user_pref("CT2449729.WeatherUnit", "C");
Found : user_pref("CT2449729.alertChannelId", "843580");
Found : user_pref("CT2449729.backendstorage.firstinstall", "796573");
Found : user_pref("CT2449729.backendstorage.gsdomain", "");
Found : user_pref("CT2449729.backendstorage.lastrun", "31333039353430303237373936");
Found : user_pref("CT2449729.backendstorage.partner_id", "3937346665643236");
Found : user_pref("CT2449729.backendstorage.tbready", "74727565");
Found : user_pref("CT2449729.generalConfigFromLogin", "{\"SocialDomains\":\"social.conduit.com;apps.conduit.[...]
Found : user_pref("CT2449729.globalFirstTimeInfoLastCheckTime", "Sun Jul 03 2011 15:45:17 GMT+0200");
Found : user_pref("CT2449729.homepageProtectorEnableByLogin", true);
Found : user_pref("CT2449729.initDone", true);
Found : user_pref("CT2449729.isAppTrackingManagerOn", true);
Found : user_pref("CT2449729.isFirstRadioInstallation", false);
Found : user_pref("CT2449729.myStuffEnabled", true);
Found : user_pref("CT2449729.myStuffPublihserMinWidth", 400);
Found : user_pref("CT2449729.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Found : user_pref("CT2449729.myStuffServiceIntervalMM", 1440);
Found : user_pref("CT2449729.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Found : user_pref("CT2449729.searchProtectorDialogDelayInSec", 10);
Found : user_pref("CT2449729.searchProtectorEnableByLogin", true);
Found : user_pref("CT2449729.testingCtid", "");
Found : user_pref("CT2449729.toolbarAppMetaDataLastCheckTime", "Fri Jul 01 2011 19:07:06 GMT+0200");
Found : user_pref("CT2449729.toolbarContextMenuLastCheckTime", "Fri Jul 01 2011 19:07:06 GMT+0200");
Found : user_pref("CT2449729.usagesFlag", 2);
Found : user_pref("CommunityToolbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT2449729&Search[...]
Found : user_pref("CommunityToolbar.ConduitSearchList", "softonic-Germany Customized Web Search");
Found : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1249595/1245268/DE", "\"0\"[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/843580/839383/DE", "\"0\"")[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/909619/905414/DE", "\"0\"")[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2449729", [...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.engine.conduit-services.com/DLG.pkg?ver=3.3.3[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.5.[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2449729",[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=2/22/20[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/CT2449729/CT2449729[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=de-de", "\"[...]
Found : user_pref("CommunityToolbar.EngineHiddenByUser", true);
Found : user_pref("CommunityToolbar.EngineOwner", "ConduitEngine");
Found : user_pref("CommunityToolbar.EngineOwnerGuid", "engine@conduit.com");
Found : user_pref("CommunityToolbar.EngineOwnerToolbarId", "conduitengine");
Found : user_pref("CommunityToolbar.IsEngineShown", false);
Found : user_pref("CommunityToolbar.IsMyStuffImportedToEngine", true);
Found : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\eva\\AppData\\Roaming\\Mozilla\\Fir[...]
Found : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.5.0.12");
Found : user_pref("CommunityToolbar.OriginalEngineOwner", "ConduitEngine");
Found : user_pref("CommunityToolbar.OriginalEngineOwnerGuid", "engine@conduit.com");
Found : user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", "conduitengine");
Found : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "hxxp://search.icq.com/search/afe_results[...]
Found : user_pref("CommunityToolbar.ToolbarsList", "ConduitEngine,CT2449729");
Found : user_pref("CommunityToolbar.ToolbarsList2", "CT2449729");
Found : user_pref("CommunityToolbar.ToolbarsList4", "CT2449729");
Found : user_pref("CommunityToolbar.alert.alertDialogsGetterLastCheckTime", "Sat May 21 2011 10:08:16 GMT+02[...]
Found : user_pref("CommunityToolbar.alert.alertInfoInterval", 1440);
Found : user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Wed Jun 29 2011 08:45:11 GMT+0200");
Found : user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com");
Found : user_pref("CommunityToolbar.alert.locale", "en");
Found : user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);
Found : user_pref("CommunityToolbar.alert.loginLastCheckTime", "Wed Jun 29 2011 02:36:06 GMT+0200");
Found : user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1305622559");
Found : user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);
Found : user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");
Found : user_pref("CommunityToolbar.alert.showTrayIcon", false);
Found : user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);
Found : user_pref("CommunityToolbar.alert.userId", "5b2ddf0f-3376-4b1c-8b7d-1fcabe4e82a8");
Found : user_pref("CommunityToolbar.globalUserId", "fc89f353-5bff-4dce-8509-df4fbe641279");
Found : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Found : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Found : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT2449729");
Found : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Fri Jul 01 2011 19:07:0[...]
Found : user_pref("CommunityToolbar.notifications.alertEnabled", true);
Found : user_pref("CommunityToolbar.notifications.alertInfoInterval", 1440);
Found : user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Sat Jul 02 2011 11:09:07 GMT+020[...]
Found : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");
Found : user_pref("CommunityToolbar.notifications.locale", "en");
Found : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);
Found : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Fri Jul 01 2011 19:07:05 GMT+0200");
Found : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1305622559");
Found : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
Found : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");
Found : user_pref("CommunityToolbar.notifications.showTrayIcon", false);
Found : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
Found : user_pref("CommunityToolbar.notifications.userId", "dca52f3e-216a-48d7-bdfe-3b6bd4e462c0");
Found : user_pref("ConduitEngine.AppTrackingLastCheckTime", "Sat May 21 2011 10:08:17 GMT+0200");
Found : user_pref("ConduitEngine.CTID", "ConduitEngine");
Found : user_pref("ConduitEngine.DialogsGetterLastCheckTime", "Sat May 21 2011 10:08:10 GMT+0200");
Found : user_pref("ConduitEngine.FirstServerDate", "05/21/2011 11");
Found : user_pref("ConduitEngine.FirstTime", true);
Found : user_pref("ConduitEngine.FirstTimeFF3", true);
Found : user_pref("ConduitEngine.HasUserGlobalKeys", true);
Found : user_pref("ConduitEngine.Initialize", true);
Found : user_pref("ConduitEngine.InitializeCommonPrefs", true);
Found : user_pref("ConduitEngine.InstalledDate", "Wed Mar 09 2011 18:13:23 GMT+0100");
Found : user_pref("ConduitEngine.IsMulticommunity", false);
Found : user_pref("ConduitEngine.IsOpenThankYouPage", false);
Found : user_pref("ConduitEngine.IsOpenUninstallPage", true);
Found : user_pref("ConduitEngine.LanguagePackLastCheckTime", "Sat May 21 2011 10:08:10 GMT+0200");
Found : user_pref("ConduitEngine.LastLogin_3.3.3.2", "Sat May 21 2011 10:08:09 GMT+0200");
Found : user_pref("ConduitEngine.SearchFromAddressBarIsInit", true);
Found : user_pref("ConduitEngine.SettingsLastCheckTime", "Sat May 21 2011 10:08:16 GMT+0200");
Found : user_pref("ConduitEngine.UserID", "UN65627917077917696");
Found : user_pref("ConduitEngine.componentAlertEnabled", true);
Found : user_pref("ConduitEngine.engineLocale", "de");
Found : user_pref("ConduitEngine.enngineContextMenuLastCheckTime", "Sat May 21 2011 10:08:10 GMT+0200");
Found : user_pref("ConduitEngine.globalFirstTimeInfoLastCheckTime", "Mon May 23 2011 13:26:02 GMT+0200");
Found : user_pref("ConduitEngine.initDone", true);
Found : user_pref("ConduitEngine.isAppTrackingManagerOn", true);
Found : user_pref("ConduitEngine.usagesFlag", 1);
-\\ Google Chrome v3.0.195.21
File : C:\Users\eva\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] File is clean.
*************************
AdwCleaner[R1].txt - [21385 octets] - [16/07/2012 14:16:54]
########## EOF - C:\AdwCleaner[R1].txt - [21514 octets] ##########
Ich lasse das erstmal lieber und warte auf deine Antwort... danke schonmal |
|
16.07.2012, 15:41
| #8 |
| /// Helfer-Team | Bundestrojaner aber mit Webcamfenster Was ist mit dem normalen Modus?
|
|
16.07.2012, 15:58
| #9 |
| | Bundestrojaner aber mit Webcamfenster Ich probier gleich mal aus, wie's im normalen Modus ist... Aber hier erstmal die adwCleaner-Log-Datei: Code:
ATTFilter # AdwCleaner v1.702 - Logfile created 07/16/2012 at 16:53:40
# Updated 13/07/2012 by Xplode
# Operating system : Windows 7 Home Premium (64 bits)
# User : eva - EVA-VAIO
# Running from : C:\Users\eva\Documents\Downloads\adwcleaner.exe
# Option [Delete]
***** [Services] *****
***** [Files / Folders] *****
Folder Deleted : C:\Users\eva\AppData\Local\Conduit
Folder Deleted : C:\Users\eva\AppData\Local\Ilivid Player
Folder Deleted : C:\Users\eva\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\eva\AppData\LocalLow\searchquband
Folder Deleted : C:\Users\eva\AppData\Roaming\Mozilla\Firefox\Profiles\14ntmd2g.default\Conduit
Folder Deleted : C:\Users\eva\AppData\Roaming\Mozilla\Firefox\Profiles\14ntmd2g.default\ConduitCommon
Folder Deleted : C:\Users\eva\AppData\Roaming\Mozilla\Firefox\Profiles\14ntmd2g.default\ConduitEngine
Folder Deleted : C:\ProgramData\boost_interprocess
Folder Deleted : C:\ProgramData\InstallMate
Folder Deleted : C:\Program Files (x86)\Ilivid
File Deleted : C:\Users\eva\AppData\Roaming\Mozilla\Firefox\Profiles\14ntmd2g.default\searchplugins\Conduit.xml
File Deleted : C:\Users\eva\AppData\Roaming\Mozilla\Firefox\Profiles\14ntmd2g.default\searchplugins\Search_Results.xml
File Deleted : C:\Program Files (x86)\Mozilla FireFox\searchplugins\Search_Results.xml
***** [Registry] *****
[*] Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2449729
Key Deleted : HKCU\Software\AppDataLow\Software\searchqutoolbar
Key Deleted : HKCU\Software\DataMngr
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Deleted : HKLM\SOFTWARE\DT Soft
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASMANCS
[x64] Key Deleted : HKLM\SOFTWARE\DataMngr
***** [Registre - GUID] *****
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
***** [Internet Browsers] *****
-\\ Internet Explorer v9.0.8112.16421
[OK] Registry is clean.
-\\ Mozilla Firefox v11.0 (de)
Profile name : default
File : C:\Users\eva\AppData\Roaming\Mozilla\Firefox\Profiles\14ntmd2g.default\prefs.js
Deleted : user_pref("CT2449729..clientLogIsEnabled", false);
Deleted : user_pref("CT2449729..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Deleted : user_pref("CT2449729..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Deleted : user_pref("CT2449729.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Deleted : user_pref("CT2449729.CT2449729", "CT2449729");
Deleted : user_pref("CT2449729.CurrentServerDate", "3-7-2011");
Deleted : user_pref("CT2449729.DialogsAlignMode", "LTR");
Deleted : user_pref("CT2449729.DialogsGetterLastCheckTime", "Fri Jul 01 2011 19:07:06 GMT+0200");
Deleted : user_pref("CT2449729.DownloadReferralCookieData", "");
Deleted : user_pref("CT2449729.EMailNotifierPollDate", "Sun Jul 03 2011 17:56:19 GMT+0200");
Deleted : user_pref("CT2449729.FeedLastCount129029445737143755", 1120);
Deleted : user_pref("CT2449729.FeedPollDate7470634014180506963", "Sun Jul 03 2011 17:56:19 GMT+0200");
Deleted : user_pref("CT2449729.FeedPollDate7470634014269327586", "Sun Jul 03 2011 17:56:19 GMT+0200");
Deleted : user_pref("CT2449729.FeedPollDate7470634014329599698", "Sun Jul 03 2011 17:56:19 GMT+0200");
Deleted : user_pref("CT2449729.FeedPollDate7470634014537505092", "Sun Jul 03 2011 17:56:19 GMT+0200");
Deleted : user_pref("CT2449729.FeedPollDate7470634014970726540", "Sun Jul 03 2011 17:56:19 GMT+0200");
Deleted : user_pref("CT2449729.FeedPollDate7470634015410831318", "Sun Jul 03 2011 14:54:37 GMT+0200");
Deleted : user_pref("CT2449729.FeedPollDate7470634015483395460", "Sun Jul 03 2011 17:56:19 GMT+0200");
Deleted : user_pref("CT2449729.FeedPollDate7470634015636754705", "Sun Jul 03 2011 17:56:19 GMT+0200");
Deleted : user_pref("CT2449729.FeedPollDate7470634015768347545", "Sun Jul 03 2011 17:56:19 GMT+0200");
Deleted : user_pref("CT2449729.FeedPollDate7470634015855543602", "Sun Jul 03 2011 17:56:19 GMT+0200");
Deleted : user_pref("CT2449729.FeedPollDate7470634016030710453", "Sun Jul 03 2011 17:56:19 GMT+0200");
Deleted : user_pref("CT2449729.FeedPollDate7470634016114705611", "Sun Jul 03 2011 17:56:19 GMT+0200");
Deleted : user_pref("CT2449729.FeedPollDate7470634016129205152", "Sun Jul 03 2011 14:54:37 GMT+0200");
Deleted : user_pref("CT2449729.FeedPollDate7470634016143724791", "Sun Jul 03 2011 14:54:37 GMT+0200");
Deleted : user_pref("CT2449729.FeedPollDate7470634016271239162", "Sun Jul 03 2011 14:54:37 GMT+0200");
Deleted : user_pref("CT2449729.FeedPollDate7470634016568520719", "Sun Jul 03 2011 17:56:19 GMT+0200");
Deleted : user_pref("CT2449729.FeedPollDate7470634016726993788", "Sun Jul 03 2011 17:56:19 GMT+0200");
Deleted : user_pref("CT2449729.FeedPollDate7470634017109031809", "Sun Jul 03 2011 17:56:19 GMT+0200");
Deleted : user_pref("CT2449729.FeedPollDate7470634017132743740", "Sun Jul 03 2011 17:56:19 GMT+0200");
Deleted : user_pref("CT2449729.FeedPollDate7470634017299547668", "Sun Jul 03 2011 17:56:19 GMT+0200");
Deleted : user_pref("CT2449729.FeedPollDate7470634017302327846", "Sun Jul 03 2011 17:56:19 GMT+0200");
Deleted : user_pref("CT2449729.FeedPollDate7470634017344111490", "Sun Jul 03 2011 17:56:19 GMT+0200");
Deleted : user_pref("CT2449729.FeedPollDate7470634017478360748", "Sun Jul 03 2011 14:54:38 GMT+0200");
Deleted : user_pref("CT2449729.FeedPollDate7470634017732797593", "Sun Jul 03 2011 17:56:19 GMT+0200");
Deleted : user_pref("CT2449729.FeedPollDate7470634017821686064", "Sun Jul 03 2011 14:54:37 GMT+0200");
Deleted : user_pref("CT2449729.FeedPollDate7470634018090228721", "Sun Jul 03 2011 17:56:19 GMT+0200");
Deleted : user_pref("CT2449729.FeedTTL7470634014269327586", 5);
Deleted : user_pref("CT2449729.FeedTTL7470634014537505092", 5);
Deleted : user_pref("CT2449729.FeedTTL7470634014970726540", 2);
Deleted : user_pref("CT2449729.FeedTTL7470634015636754705", 5);
Deleted : user_pref("CT2449729.FeedTTL7470634016568520719", 30);
Deleted : user_pref("CT2449729.FeedTTL7470634017109031809", 30);
Deleted : user_pref("CT2449729.FeedTTL7470634017299547668", 2);
Deleted : user_pref("CT2449729.FirstServerDate", "1-7-2011");
Deleted : user_pref("CT2449729.FirstTime", true);
Deleted : user_pref("CT2449729.FirstTimeFF3", true);
Deleted : user_pref("CT2449729.FixPageNotFoundErrors", true);
Deleted : user_pref("CT2449729.GroupingServerCheckInterval", 1440);
Deleted : user_pref("CT2449729.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Deleted : user_pref("CT2449729.HasUserGlobalKeys", true);
Deleted : user_pref("CT2449729.Initialize", true);
Deleted : user_pref("CT2449729.InitializeCommonPrefs", true);
Deleted : user_pref("CT2449729.InstallationAndCookieDataSentCount", 3);
Deleted : user_pref("CT2449729.InstalledDate", "Fri Jul 01 2011 19:07:06 GMT+0200");
Deleted : user_pref("CT2449729.InvalidateCache", false);
Deleted : user_pref("CT2449729.IsGrouping", false);
Deleted : user_pref("CT2449729.IsInitSetupIni", true);
Deleted : user_pref("CT2449729.IsMulticommunity", false);
Deleted : user_pref("CT2449729.IsOpenThankYouPage", true);
Deleted : user_pref("CT2449729.IsOpenUninstallPage", true);
Deleted : user_pref("CT2449729.LanguagePackLastCheckTime", "Fri Jul 01 2011 19:07:06 GMT+0200");
Deleted : user_pref("CT2449729.LanguagePackReloadIntervalMM", 1440);
Deleted : user_pref("CT2449729.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Deleted : user_pref("CT2449729.LastLogin_3.5.0.12", "Sun Jul 03 2011 17:56:20 GMT+0200");
Deleted : user_pref("CT2449729.LatestVersion", "3.3.3.2");
Deleted : user_pref("CT2449729.Locale", "de-de");
Deleted : user_pref("CT2449729.MCDetectTooltipHeight", "83");
Deleted : user_pref("CT2449729.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Deleted : user_pref("CT2449729.MCDetectTooltipWidth", "295");
Deleted : user_pref("CT2449729.MyStuffEnabledAtInstallation", true);
Deleted : user_pref("CT2449729.OriginalFirstVersion", "3.5.0.12");
Deleted : user_pref("CT2449729.RadioIsPodcast", false);
Deleted : user_pref("CT2449729.RadioLastCheckTime", "Sat Jul 02 2011 19:07:24 GMT+0200");
Deleted : user_pref("CT2449729.RadioLastUpdateIPServer", "3");
Deleted : user_pref("CT2449729.RadioLastUpdateServer", "3");
Deleted : user_pref("CT2449729.RadioMediaID", "9962");
Deleted : user_pref("CT2449729.RadioMediaType", "Media Player");
Deleted : user_pref("CT2449729.RadioMenuSelectedID", "EBRadioMenu_CT24497299962");
Deleted : user_pref("CT2449729.RadioShrinkedFromSetup", false);
Deleted : user_pref("CT2449729.RadioStationName", "California%20Rock");
Deleted : user_pref("CT2449729.RadioStationURL", "hxxp://feedlive.net/california.asx");
Deleted : user_pref("CT2449729.SavedHomepage", "hxxp://www.google.de/");
Deleted : user_pref("CT2449729.SearchFromAddressBarIsInit", true);
Deleted : user_pref("CT2449729.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT244[...]
Deleted : user_pref("CT2449729.SearchInNewTabEnabled", true);
Deleted : user_pref("CT2449729.SearchInNewTabIntervalMM", 1440);
Deleted : user_pref("CT2449729.SearchInNewTabLastCheckTime", "Fri Jul 01 2011 19:07:06 GMT+0200");
Deleted : user_pref("CT2449729.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Deleted : user_pref("CT2449729.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageServic[...]
Deleted : user_pref("CT2449729.SearchProtectorToolbarDisabled", true);
Deleted : user_pref("CT2449729.ServiceMapLastCheckTime", "Fri Jul 01 2011 19:07:04 GMT+0200");
Deleted : user_pref("CT2449729.SettingsLastCheckTime", "Fri Jul 01 2011 19:07:04 GMT+0200");
Deleted : user_pref("CT2449729.SettingsLastUpdate", "1306952841");
Deleted : user_pref("CT2449729.ThirdPartyComponentsInterval", 504);
Deleted : user_pref("CT2449729.ThirdPartyComponentsLastCheck", "Fri Jul 01 2011 19:07:03 GMT+0200");
Deleted : user_pref("CT2449729.ThirdPartyComponentsLastUpdate", "1255344657");
Deleted : user_pref("CT2449729.ToolbarShrinkedFromSetup", false);
Deleted : user_pref("CT2449729.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2449729");
Deleted : user_pref("CT2449729.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,OurTo[...]
Deleted : user_pref("CT2449729.Uninstall", true);
Deleted : user_pref("CT2449729.UserID", "UN01472215024760104");
Deleted : user_pref("CT2449729.WeatherNetwork", "");
Deleted : user_pref("CT2449729.WeatherPollDate", "Sun Jul 03 2011 17:56:19 GMT+0200");
Deleted : user_pref("CT2449729.WeatherUnit", "C");
Deleted : user_pref("CT2449729.alertChannelId", "843580");
Deleted : user_pref("CT2449729.backendstorage.firstinstall", "796573");
Deleted : user_pref("CT2449729.backendstorage.gsdomain", "");
Deleted : user_pref("CT2449729.backendstorage.lastrun", "31333039353430303237373936");
Deleted : user_pref("CT2449729.backendstorage.partner_id", "3937346665643236");
Deleted : user_pref("CT2449729.backendstorage.tbready", "74727565");
Deleted : user_pref("CT2449729.generalConfigFromLogin", "{\"SocialDomains\":\"social.conduit.com;apps.conduit.[...]
Deleted : user_pref("CT2449729.globalFirstTimeInfoLastCheckTime", "Sun Jul 03 2011 15:45:17 GMT+0200");
Deleted : user_pref("CT2449729.homepageProtectorEnableByLogin", true);
Deleted : user_pref("CT2449729.initDone", true);
Deleted : user_pref("CT2449729.isAppTrackingManagerOn", true);
Deleted : user_pref("CT2449729.isFirstRadioInstallation", false);
Deleted : user_pref("CT2449729.myStuffEnabled", true);
Deleted : user_pref("CT2449729.myStuffPublihserMinWidth", 400);
Deleted : user_pref("CT2449729.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Deleted : user_pref("CT2449729.myStuffServiceIntervalMM", 1440);
Deleted : user_pref("CT2449729.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Deleted : user_pref("CT2449729.searchProtectorDialogDelayInSec", 10);
Deleted : user_pref("CT2449729.searchProtectorEnableByLogin", true);
Deleted : user_pref("CT2449729.testingCtid", "");
Deleted : user_pref("CT2449729.toolbarAppMetaDataLastCheckTime", "Fri Jul 01 2011 19:07:06 GMT+0200");
Deleted : user_pref("CT2449729.toolbarContextMenuLastCheckTime", "Fri Jul 01 2011 19:07:06 GMT+0200");
Deleted : user_pref("CT2449729.usagesFlag", 2);
Deleted : user_pref("CommunityToolbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT2449729&Search[...]
Deleted : user_pref("CommunityToolbar.ConduitSearchList", "softonic-Germany Customized Web Search");
Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1249595/1245268/DE", "\"0\"[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/843580/839383/DE", "\"0\"")[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/909619/905414/DE", "\"0\"")[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2449729", [...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.engine.conduit-services.com/DLG.pkg?ver=3.3.3[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.5.[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2449729",[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=2/22/20[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/CT2449729/CT2449729[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=de-de", "\"[...]
Deleted : user_pref("CommunityToolbar.EngineHiddenByUser", true);
Deleted : user_pref("CommunityToolbar.EngineOwner", "ConduitEngine");
Deleted : user_pref("CommunityToolbar.EngineOwnerGuid", "engine@conduit.com");
Deleted : user_pref("CommunityToolbar.EngineOwnerToolbarId", "conduitengine");
Deleted : user_pref("CommunityToolbar.IsEngineShown", false);
Deleted : user_pref("CommunityToolbar.IsMyStuffImportedToEngine", true);
Deleted : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\eva\\AppData\\Roaming\\Mozilla\\Fir[...]
Deleted : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.5.0.12");
Deleted : user_pref("CommunityToolbar.OriginalEngineOwner", "ConduitEngine");
Deleted : user_pref("CommunityToolbar.OriginalEngineOwnerGuid", "engine@conduit.com");
Deleted : user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", "conduitengine");
Deleted : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "hxxp://search.icq.com/search/afe_results[...]
Deleted : user_pref("CommunityToolbar.ToolbarsList", "ConduitEngine,CT2449729");
Deleted : user_pref("CommunityToolbar.ToolbarsList2", "CT2449729");
Deleted : user_pref("CommunityToolbar.ToolbarsList4", "CT2449729");
Deleted : user_pref("CommunityToolbar.alert.alertDialogsGetterLastCheckTime", "Sat May 21 2011 10:08:16 GMT+02[...]
Deleted : user_pref("CommunityToolbar.alert.alertInfoInterval", 1440);
Deleted : user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Wed Jun 29 2011 08:45:11 GMT+0200");
Deleted : user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com");
Deleted : user_pref("CommunityToolbar.alert.locale", "en");
Deleted : user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);
Deleted : user_pref("CommunityToolbar.alert.loginLastCheckTime", "Wed Jun 29 2011 02:36:06 GMT+0200");
Deleted : user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1305622559");
Deleted : user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);
Deleted : user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");
Deleted : user_pref("CommunityToolbar.alert.showTrayIcon", false);
Deleted : user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);
Deleted : user_pref("CommunityToolbar.alert.userId", "5b2ddf0f-3376-4b1c-8b7d-1fcabe4e82a8");
Deleted : user_pref("CommunityToolbar.globalUserId", "fc89f353-5bff-4dce-8509-df4fbe641279");
Deleted : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Deleted : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Deleted : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT2449729");
Deleted : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Fri Jul 01 2011 19:07:0[...]
Deleted : user_pref("CommunityToolbar.notifications.alertEnabled", true);
Deleted : user_pref("CommunityToolbar.notifications.alertInfoInterval", 1440);
Deleted : user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Sat Jul 02 2011 11:09:07 GMT+020[...]
Deleted : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");
Deleted : user_pref("CommunityToolbar.notifications.locale", "en");
Deleted : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);
Deleted : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Fri Jul 01 2011 19:07:05 GMT+0200");
Deleted : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1305622559");
Deleted : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
Deleted : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");
Deleted : user_pref("CommunityToolbar.notifications.showTrayIcon", false);
Deleted : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
Deleted : user_pref("CommunityToolbar.notifications.userId", "dca52f3e-216a-48d7-bdfe-3b6bd4e462c0");
Deleted : user_pref("ConduitEngine.AppTrackingLastCheckTime", "Sat May 21 2011 10:08:17 GMT+0200");
Deleted : user_pref("ConduitEngine.CTID", "ConduitEngine");
Deleted : user_pref("ConduitEngine.DialogsGetterLastCheckTime", "Sat May 21 2011 10:08:10 GMT+0200");
Deleted : user_pref("ConduitEngine.FirstServerDate", "05/21/2011 11");
Deleted : user_pref("ConduitEngine.FirstTime", true);
Deleted : user_pref("ConduitEngine.FirstTimeFF3", true);
Deleted : user_pref("ConduitEngine.HasUserGlobalKeys", true);
Deleted : user_pref("ConduitEngine.Initialize", true);
Deleted : user_pref("ConduitEngine.InitializeCommonPrefs", true);
Deleted : user_pref("ConduitEngine.InstalledDate", "Wed Mar 09 2011 18:13:23 GMT+0100");
Deleted : user_pref("ConduitEngine.IsMulticommunity", false);
Deleted : user_pref("ConduitEngine.IsOpenThankYouPage", false);
Deleted : user_pref("ConduitEngine.IsOpenUninstallPage", true);
Deleted : user_pref("ConduitEngine.LanguagePackLastCheckTime", "Sat May 21 2011 10:08:10 GMT+0200");
Deleted : user_pref("ConduitEngine.LastLogin_3.3.3.2", "Sat May 21 2011 10:08:09 GMT+0200");
Deleted : user_pref("ConduitEngine.SearchFromAddressBarIsInit", true);
Deleted : user_pref("ConduitEngine.SettingsLastCheckTime", "Sat May 21 2011 10:08:16 GMT+0200");
Deleted : user_pref("ConduitEngine.UserID", "UN65627917077917696");
Deleted : user_pref("ConduitEngine.componentAlertEnabled", true);
Deleted : user_pref("ConduitEngine.engineLocale", "de");
Deleted : user_pref("ConduitEngine.enngineContextMenuLastCheckTime", "Sat May 21 2011 10:08:10 GMT+0200");
Deleted : user_pref("ConduitEngine.globalFirstTimeInfoLastCheckTime", "Mon May 23 2011 13:26:02 GMT+0200");
Deleted : user_pref("ConduitEngine.initDone", true);
Deleted : user_pref("ConduitEngine.isAppTrackingManagerOn", true);
Deleted : user_pref("ConduitEngine.usagesFlag", 1);
-\\ Google Chrome v3.0.195.21
File : C:\Users\eva\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] File is clean.
*************************
AdwCleaner[R1].txt - [21502 octets] - [16/07/2012 14:16:54]
AdwCleaner[R2].txt - [21563 octets] - [16/07/2012 16:53:08]
AdwCleaner[R3].txt - [21624 octets] - [16/07/2012 16:53:33]
AdwCleaner[S1].txt - [21608 octets] - [16/07/2012 16:53:40]
########## EOF - C:\AdwCleaner[S1].txt - [21737 octets] ##########
|
|
16.07.2012, 16:01
| #10 |
| /// Helfer-Team | Bundestrojaner aber mit Webcamfenster Sehr gut! Bitte im normalen Modus: Bitte einen Vollscan mit Malwarebytes Anti-Malware machen und Log posten. |
|
16.07.2012, 21:12
| #11 |
| | Bundestrojaner aber mit Webcamfenster Es wurden keine infizierten Objekte gefunden - yay!!! Hier die Log- Datei: Code:
ATTFilter Malwarebytes Anti-Malware 1.62.0.1300 www.malwarebytes.org Datenbank Version: v2012.07.16.08 Windows 7 x64 NTFS Internet Explorer 9.0.8112.16421 eva :: EVA-VAIO [Administrator] Schutz: Aktiviert 16.07.2012 17:07:44 mbam-log-2012-07-16 (17-07-44).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|F:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 665316 Laufzeit: 3 Stunde(n), 18 Minute(n), 1 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Jedoch kommt jetzt eine Warnung von Windows: "An Windows wurde eine nicht authorisierte Änderung vorgenommen: Windows hat eine Änderung erkannt, die eine eingeschränkte Windows-Funktionalität verursacht. Verwenden Sie den folgenden Link, um zu erfahren, wie Windows repariert werden kann." Unten rechts im Desktopfenster steht zudem "Die Echtheit diesere Windows-Kopie wurde noch nicht bestätigt." Ich starte jetzt mal neu und schau dann ob die Meldung wieder kommt. Ein großes Dankeschön schonmal an dieser Stelle! ------------------------------------------ Stand nach dem Neustart - wieder kein Desktop Hintergrund- Bild bzw. Meldung unten links (siehe letzter Post) und es kommt folgende Meldung: "Geben Sie den Windows Product-Key ein. Eine lizensierte Komponente von Windows wurde geändert. Der Windows-Product-Key muss daher erneut eingegeben, und Windows muss erneut aktiviert werden." Mhm - was heißt das jetzt für mich?  vielen lieben Dank Geändert von Evi88 (16.07.2012 um 21:28 Uhr) |
|
16.07.2012, 21:37
| #12 |
| /// Helfer-Team | Bundestrojaner aber mit Webcamfenster Dein Rechner hat irgendwo einen Aufkleber (Laptop unten / Desktop hinten) mit der Lizenznummer. Kann sein dass du diese zum aktivieren eingeben musst. zur Kontrolle: Malware-Scan mit Emsisoft Anti-Malware Lade die Gratisversion von => Emsisoft Anti-Malware herunter und installiere das Programm. Lade über Jetzt Updaten die aktuellen Signaturen herunter. Wähle den Freeware-Modus aus. Wähle Detail Scan und starte über den Button Scan die Überprüfung des Computers. Am Ende des Scans nichts loeschen lassen!. Mit Klick auf Bericht speichern das Logfile auf dem Desktop speichern und hier in den Thread posten. Anleitung: http://www.trojaner-board.de/103809-...i-malware.html |
|
17.07.2012, 14:51
| #13 |
| | Bundestrojaner aber mit Webcamfenster Das mit der Key-Nr für die Windows-Betriebssystem- Authentifizierung hat geklappt. Wenn ich die Emsisoft.exe ausführen will kommt folgende Fehlermeldung:"Für den Betrieb auf Windows 7 benötigen ist das Service Pack 1 erforderlich." Was ist das Pack1? Vielen Dank - momentan sieht's trojaner-mäßig schon echt sehr gut aus  |
|
17.07.2012, 15:36
| #14 |
| /// Helfer-Team | Bundestrojaner aber mit Webcamfenster Bitte alle Updates von Windows einspielen! Danach wieder melden! |
|
30.07.2012, 11:07
| #15 |
| /// Helfer-Team | Bundestrojaner aber mit Webcamfenster Fehlende Rückmeldung Gibt es Probleme beim Abarbeiten obiger Anleitung? Um Kapazitäten für andere Hilfesuchende freizumachen, lösche ich dieses Thema aus meinen Benachrichtigungen. Solltest Du weitermachen wollen, schreibe mir eine PN oder eröffne ein neues Thema. http://www.trojaner-board.de/69886-a...-beachten.html Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner sauber ist. |
|
| Themen zu Bundestrojaner aber mit Webcamfenster |
| anderem, aufforderung, bundestrojaner, daten, eingefangen, gefangen, gen, glaube, interne, internet, leicht, liebe, lieben, nichts, rechner, schaltet, sofort, sperrt, taucht, troja, trojaner, verbunden, verliere, verlieren, verzweifeln, webcamfenster, zahlung |
Linear-Darstellung
