Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: GVU Trojaner mit Kamera

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 22.07.2012, 08:37   #1
JoeCool
 
GVU Trojaner mit Kamera - Standard

GVU Trojaner mit Kamera



Hallo,
hab (hatte?) mir den GVU Trojaner mit Kamera eingefangen.
Habs zuerst erfolglos mit Kaspersky Windowsunlocker versucht. Hat nix gebracht.
Dann aus abgesicherten Modus Sys-Wiederherstellung.

Anschließend dann (in dieser Reihenfolge
Ad-Aware - 15 Funde (wo finde ich denn die LOG Datei?)
Antivir - 0 Funde
SpyBot - 0 Funde
Im Moment läuft Malwarebytes.
HiJackThis hab ich auch mal laufen lassen. War lt. Auswertung nichts gefährliches dabei.

Meine Hoffnung ist nun natürlich, das der Lap sauber ist, weil AntiVir und SpyBot ja nichts mehr gefunden haben. Eine komplette Neuinstallation wäre schon sehr anstrengend und ich wüßte auch gar nicht, was ich neben meinen Dokumenten etc. alles sichern sollte (Einstellungen etc.) und wie ich verhinder, nicht ausversehen noch infizierte Dateien mitzusichern?

Für Hilfe und Ratschläge wäre ich sehr dankbar. Hier die Logs von AntiVir und Spybot (von AdAware ginde ich nur nen nutzlosen Kurbericht?!?). Malwarebytes folgt wenn fertig.

Schonmal vielen Dank im Voraus!

AntiVir Log:

Avira Free Antivirus
Erstellungsdatum der Reportdatei: Sonntag, 22. Juli 2012 02:52

Es wird nach 3911053 Virenstämmen gesucht.

Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.

Lizenznehmer : Avira AntiVir Personal - Free Antivirus
Seriennummer : 0000149996-ADJIE-0000001
Plattform : Windows 7 Home Premium
Windowsversion : (Service Pack 1) [6.1.7601]
Boot Modus : Normal gebootet
Benutzername : SYSTEM
Computername : ACER-NETBOOK

Versionsinformationen:
BUILD.DAT : 12.0.0.1125 41829 Bytes 02.05.2012 16:34:00
AVSCAN.EXE : 12.3.0.15 466896 Bytes 01.05.2012 22:48:48
AVSCAN.DLL : 12.3.0.15 66256 Bytes 02.05.2012 00:02:50
LUKE.DLL : 12.3.0.15 68304 Bytes 01.05.2012 23:31:47
AVSCPLR.DLL : 12.3.0.14 97032 Bytes 01.05.2012 22:13:36
AVREG.DLL : 12.3.0.17 232200 Bytes 27.06.2012 06:22:27
VBASE000.VDF : 7.10.0.0 19875328 Bytes 06.11.2009 18:18:34
VBASE001.VDF : 7.11.0.0 13342208 Bytes 14.12.2010 23:22:12
VBASE002.VDF : 7.11.19.170 14374912 Bytes 20.12.2011 23:31:36
VBASE003.VDF : 7.11.21.238 4472832 Bytes 01.02.2012 09:58:50
VBASE004.VDF : 7.11.26.44 4329472 Bytes 28.03.2012 10:43:53
VBASE005.VDF : 7.11.34.116 4034048 Bytes 29.06.2012 06:26:20
VBASE006.VDF : 7.11.34.117 2048 Bytes 29.06.2012 06:26:20
VBASE007.VDF : 7.11.34.118 2048 Bytes 29.06.2012 06:26:20
VBASE008.VDF : 7.11.34.119 2048 Bytes 29.06.2012 06:26:20
VBASE009.VDF : 7.11.34.120 2048 Bytes 29.06.2012 06:26:20
VBASE010.VDF : 7.11.34.121 2048 Bytes 29.06.2012 06:26:20
VBASE011.VDF : 7.11.34.122 2048 Bytes 29.06.2012 06:26:20
VBASE012.VDF : 7.11.34.123 2048 Bytes 29.06.2012 06:26:20
VBASE013.VDF : 7.11.34.124 2048 Bytes 29.06.2012 06:26:20
VBASE014.VDF : 7.11.34.201 169472 Bytes 02.07.2012 06:26:46
VBASE015.VDF : 7.11.35.19 122368 Bytes 04.07.2012 06:25:44
VBASE016.VDF : 7.11.35.87 146944 Bytes 06.07.2012 06:36:00
VBASE017.VDF : 7.11.35.143 126464 Bytes 09.07.2012 06:36:04
VBASE018.VDF : 7.11.35.235 151552 Bytes 12.07.2012 06:44:22
VBASE019.VDF : 7.11.36.45 118784 Bytes 13.07.2012 06:44:22
VBASE020.VDF : 7.11.36.107 123904 Bytes 16.07.2012 06:44:25
VBASE021.VDF : 7.11.36.147 238592 Bytes 17.07.2012 06:44:26
VBASE022.VDF : 7.11.36.209 135168 Bytes 19.07.2012 06:44:30
VBASE023.VDF : 7.11.37.19 116224 Bytes 21.07.2012 10:06:52
VBASE024.VDF : 7.11.37.20 2048 Bytes 21.07.2012 10:06:52
VBASE025.VDF : 7.11.37.21 2048 Bytes 21.07.2012 10:06:53
VBASE026.VDF : 7.11.37.22 2048 Bytes 21.07.2012 10:06:53
VBASE027.VDF : 7.11.37.23 2048 Bytes 21.07.2012 10:06:53
VBASE028.VDF : 7.11.37.24 2048 Bytes 21.07.2012 10:06:53
VBASE029.VDF : 7.11.37.25 2048 Bytes 21.07.2012 10:06:53
VBASE030.VDF : 7.11.37.26 2048 Bytes 21.07.2012 10:06:54
VBASE031.VDF : 7.11.37.28 2048 Bytes 21.07.2012 10:06:54
Engineversion : 8.2.10.118
AEVDF.DLL : 8.1.2.10 102772 Bytes 11.07.2012 06:36:06
AESCRIPT.DLL : 8.1.4.34 455035 Bytes 21.07.2012 10:06:56
AESCN.DLL : 8.1.8.2 131444 Bytes 16.02.2012 16:11:36
AESBX.DLL : 8.2.5.12 606578 Bytes 27.06.2012 06:22:27
AERDL.DLL : 8.1.9.15 639348 Bytes 20.01.2012 23:21:32
AEPACK.DLL : 8.3.0.16 807287 Bytes 21.07.2012 10:06:55
AEOFFICE.DLL : 8.1.2.42 201083 Bytes 21.07.2012 10:06:55
AEHEUR.DLL : 8.1.4.76 5063031 Bytes 21.07.2012 10:06:55
AEHELP.DLL : 8.1.23.2 258422 Bytes 29.06.2012 05:56:53
AEGEN.DLL : 8.1.5.34 434548 Bytes 21.07.2012 10:06:54
AEEXP.DLL : 8.1.0.68 86389 Bytes 21.07.2012 10:06:56
AEEMU.DLL : 8.1.3.2 393587 Bytes 11.07.2012 06:36:06
AECORE.DLL : 8.1.27.2 201078 Bytes 11.07.2012 06:36:05
AEBB.DLL : 8.1.1.0 53618 Bytes 20.01.2012 23:21:28
AVWINLL.DLL : 12.3.0.15 27344 Bytes 01.05.2012 22:59:21
AVPREF.DLL : 12.3.0.15 51920 Bytes 01.05.2012 22:44:31
AVREP.DLL : 12.3.0.15 179208 Bytes 01.05.2012 22:13:35
AVARKT.DLL : 12.3.0.15 211408 Bytes 01.05.2012 22:21:32
AVEVTLOG.DLL : 12.3.0.15 169168 Bytes 01.05.2012 22:28:49
SQLITE3.DLL : 3.7.0.1 398288 Bytes 16.04.2012 21:11:02
AVSMTP.DLL : 12.3.0.15 63440 Bytes 01.05.2012 22:51:35
NETNT.DLL : 12.3.0.15 17104 Bytes 01.05.2012 23:33:29
RCIMAGE.DLL : 12.3.0.15 4447952 Bytes 02.05.2012 00:03:51
RCTEXT.DLL : 12.3.0.15 98512 Bytes 02.05.2012 00:03:51

Konfiguration für den aktuellen Suchlauf:
Job Name..............................: Vollständige Systemprüfung
Konfigurationsdatei...................: C:\Program Files (x86)\Avira\AntiVir Desktop\sysscan.avp
Protokollierung.......................: standard
Primäre Aktion........................: interaktiv
Sekundäre Aktion......................: ignorieren
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: ein
Bootsektoren..........................: C:,
Durchsuche aktive Programme...........: ein
Laufende Programme erweitert..........: ein
Durchsuche Registrierung..............: ein
Suche nach Rootkits...................: ein
Integritätsprüfung von Systemdateien..: aus
Datei Suchmodus.......................: Alle Dateien
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: erweitert
Auszulassende Dateien.................: C:\Program Files (x86)\CSJ,

Beginn des Suchlaufs: Sonntag, 22. Juli 2012 02:52

Der Suchlauf über die Masterbootsektoren wird begonnen:
Masterbootsektor HD0
[INFO] Es wurde kein Virus gefunden!

Der Suchlauf über die Bootsektoren wird begonnen:
Bootsektor 'C:\'
[INFO] Es wurde kein Virus gefunden!

Der Suchlauf nach versteckten Objekten wird begonnen.

Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'SpybotSD.exe' - '86' Modul(e) wurden durchsucht
Durchsuche Prozess 'avscan.exe' - '89' Modul(e) wurden durchsucht
Durchsuche Prozess 'avcenter.exe' - '107' Modul(e) wurden durchsucht
Durchsuche Prozess 'jucheck.exe' - '67' Modul(e) wurden durchsucht
Durchsuche Prozess 'IAStorDataMgrSvc.exe' - '49' Modul(e) wurden durchsucht
Durchsuche Prozess 'fwupdate.exe' - '49' Modul(e) wurden durchsucht
Durchsuche Prozess 'AdAware.exe' - '90' Modul(e) wurden durchsucht
Durchsuche Prozess 'adawarebp.exe' - '60' Modul(e) wurden durchsucht
Durchsuche Prozess 'avgnt.exe' - '79' Modul(e) wurden durchsucht
Durchsuche Prozess 'jusched.exe' - '72' Modul(e) wurden durchsucht
Durchsuche Prozess 'KiesTrayAgent.exe' - '80' Modul(e) wurden durchsucht
Durchsuche Prozess 'iTunesHelper.exe' - '71' Modul(e) wurden durchsucht
Durchsuche Prozess 'CNMNSUT.exe' - '36' Modul(e) wurden durchsucht
Durchsuche Prozess 'IAStorIcon.exe' - '59' Modul(e) wurden durchsucht
Durchsuche Prozess 'LManager.EXE' - '48' Modul(e) wurden durchsucht
Durchsuche Prozess 'SDWinSec.exe' - '48' Modul(e) wurden durchsucht
Durchsuche Prozess 'UpdaterService.exe' - '23' Modul(e) wurden durchsucht
Durchsuche Prozess 'MediaServer.exe' - '68' Modul(e) wurden durchsucht
Durchsuche Prozess 'PDVD8Serv.exe' - '29' Modul(e) wurden durchsucht
Durchsuche Prozess 'GoogleCalendarSync.exe' - '41' Modul(e) wurden durchsucht
Durchsuche Prozess 'Skype.exe' - '163' Modul(e) wurden durchsucht
Durchsuche Prozess 'DAVSRV.EXE' - '98' Modul(e) wurden durchsucht
Durchsuche Prozess 'KiesPDLR.exe' - '59' Modul(e) wurden durchsucht
Durchsuche Prozess 'snuvcdsm.exe' - '45' Modul(e) wurden durchsucht
Durchsuche Prozess 'PLFSetI.exe' - '39' Modul(e) wurden durchsucht
Durchsuche Prozess 'sqlbrowser.exe' - '24' Modul(e) wurden durchsucht
Durchsuche Prozess 'SBAMSvc.exe' - '120' Modul(e) wurden durchsucht
Durchsuche Prozess 'RS_Service.exe' - '20' Modul(e) wurden durchsucht
Durchsuche Prozess 'sqlservr.exe' - '75' Modul(e) wurden durchsucht
Durchsuche Prozess 'msftesql.exe' - '30' Modul(e) wurden durchsucht
Durchsuche Prozess 'IJPLMSVC.EXE' - '22' Modul(e) wurden durchsucht
Durchsuche Prozess 'GregHSRW.exe' - '24' Modul(e) wurden durchsucht
Durchsuche Prozess 'AppleMobileDeviceService.exe' - '64' Modul(e) wurden durchsucht
Durchsuche Prozess 'avguard.exe' - '73' Modul(e) wurden durchsucht
Durchsuche Prozess 'AdAwareService.exe' - '36' Modul(e) wurden durchsucht
Durchsuche Prozess 'sched.exe' - '42' Modul(e) wurden durchsucht

Der Suchlauf auf Verweise zu ausführbaren Dateien (Registry) wird begonnen:
C:\Program Files (x86)\TVersity Codec Pack\uninst.exe
[WARNUNG] Unerwartetes Dateiende erreicht
C:\Program Files (x86)\gs\gs9.05\uninstgs.exe
[WARNUNG] Unerwartetes Dateiende erreicht
Die Registry wurde durchsucht ( '8613' Dateien ).


Der Suchlauf über die ausgewählten Dateien wird begonnen:

Beginne mit der Suche in 'C:\' <Acer>
C:\Program Files (x86)\CSS3 Menu\icons\aesthetica.m3ico
[WARNUNG] Die Datei ist kennwortgeschützt
C:\Program Files (x86)\CSS3 Menu\icons\border-blue.m3ico
[WARNUNG] Die Datei ist kennwortgeschützt
C:\Program Files (x86)\CSS3 Menu\icons\brilliance.m3ico
[WARNUNG] Die Datei ist kennwortgeschützt
C:\Program Files (x86)\CSS3 Menu\icons\cherry.m3ico
[WARNUNG] Die Datei ist kennwortgeschützt
C:\Program Files (x86)\CSS3 Menu\icons\chrome.m3ico
[WARNUNG] Die Datei ist kennwortgeschützt
C:\Program Files (x86)\CSS3 Menu\icons\circle-blue.m3ico
[WARNUNG] Die Datei ist kennwortgeschützt
C:\Program Files (x86)\CSS3 Menu\icons\color-web.m3ico
[WARNUNG] Die Datei ist kennwortgeschützt
C:\Program Files (x86)\CSS3 Menu\icons\coquette.m3ico
[WARNUNG] Die Datei ist kennwortgeschützt
C:\Program Files (x86)\CSS3 Menu\icons\coquette2.m3ico
[WARNUNG] Die Datei ist kennwortgeschützt
C:\Program Files (x86)\CSS3 Menu\icons\crystal.m3ico
[WARNUNG] Die Datei ist kennwortgeschützt
C:\Program Files (x86)\CSS3 Menu\icons\danish.m3ico
[WARNUNG] Die Datei ist kennwortgeschützt
C:\Program Files (x86)\CSS3 Menu\icons\glossy.m3ico
[WARNUNG] Die Datei ist kennwortgeschützt
C:\Program Files (x86)\CSS3 Menu\icons\mango.m3ico
[WARNUNG] Die Datei ist kennwortgeschützt
C:\Program Files (x86)\CSS3 Menu\icons\marmalade.m3ico
[WARNUNG] Die Datei ist kennwortgeschützt
C:\Program Files (x86)\CSS3 Menu\icons\mobile.m3ico
[WARNUNG] Die Datei ist kennwortgeschützt
C:\Program Files (x86)\CSS3 Menu\icons\round-vista.m3ico
[WARNUNG] Die Datei ist kennwortgeschützt
C:\Program Files (x86)\CSS3 Menu\icons\silk1.m3ico
[WARNUNG] Die Datei ist kennwortgeschützt
C:\Program Files (x86)\CSS3 Menu\icons\silk2.m3ico
[WARNUNG] Die Datei ist kennwortgeschützt
C:\Program Files (x86)\CSS3 Menu\icons\simple.m3ico
[WARNUNG] Die Datei ist kennwortgeschützt
C:\Program Files (x86)\CSS3 Menu\icons\sunny.m3ico
[WARNUNG] Die Datei ist kennwortgeschützt
C:\Program Files (x86)\CSS3 Menu\icons\tango.m3ico
[WARNUNG] Die Datei ist kennwortgeschützt
C:\Program Files (x86)\CSS3 Menu\icons\vista.m3ico
[WARNUNG] Die Datei ist kennwortgeschützt
C:\Program Files (x86)\CSS3 Menu\templates\Android.c3mt
[WARNUNG] Die Datei ist kennwortgeschützt
C:\Program Files (x86)\CSS3 Menu\templates\Blocks.c3mt
[WARNUNG] Die Datei ist kennwortgeschützt
C:\Program Files (x86)\CSS3 Menu\templates\Charge.c3mt
[WARNUNG] Die Datei ist kennwortgeschützt
C:\Program Files (x86)\CSS3 Menu\templates\Compact Gray.c3mt
[WARNUNG] Die Datei ist kennwortgeschützt
C:\Program Files (x86)\CSS3 Menu\templates\Core.c3mt
[WARNUNG] Die Datei ist kennwortgeschützt
C:\Program Files (x86)\CSS3 Menu\templates\Current.c3mt
[WARNUNG] Die Datei ist kennwortgeschützt
C:\Program Files (x86)\CSS3 Menu\templates\Elegant.c3mt
[WARNUNG] Die Datei ist kennwortgeschützt
C:\Program Files (x86)\CSS3 Menu\templates\Enterprise.c3mt
[WARNUNG] Die Datei ist kennwortgeschützt
C:\Program Files (x86)\CSS3 Menu\templates\Fair.c3mt
[WARNUNG] Die Datei ist kennwortgeschützt
C:\Program Files (x86)\CSS3 Menu\templates\Frame.c3mt
[WARNUNG] Die Datei ist kennwortgeschützt
C:\Program Files (x86)\CSS3 Menu\templates\Fresh.c3mt
[WARNUNG] Die Datei ist kennwortgeschützt
C:\Program Files (x86)\CSS3 Menu\templates\Gradient Gray.c3mt
[WARNUNG] Die Datei ist kennwortgeschützt
C:\Program Files (x86)\CSS3 Menu\templates\Mac.c3mt
[WARNUNG] Die Datei ist kennwortgeschützt
C:\Program Files (x86)\CSS3 Menu\templates\Mercury.c3mt
[WARNUNG] Die Datei ist kennwortgeschützt
C:\Program Files (x86)\CSS3 Menu\templates\Modern.c3mt
[WARNUNG] Die Datei ist kennwortgeschützt
C:\Program Files (x86)\CSS3 Menu\templates\Neon.c3mt
[WARNUNG] Die Datei ist kennwortgeschützt
C:\Program Files (x86)\CSS3 Menu\templates\Point.c3mt
[WARNUNG] Die Datei ist kennwortgeschützt
C:\Program Files (x86)\CSS3 Menu\templates\Rise.c3mt
[WARNUNG] Die Datei ist kennwortgeschützt
C:\Program Files (x86)\CSS3 Menu\templates\Rounded Alpha.c3mt
[WARNUNG] Die Datei ist kennwortgeschützt
C:\Program Files (x86)\CSS3 Menu\templates\Simple.c3mt
[WARNUNG] Die Datei ist kennwortgeschützt
C:\Program Files (x86)\CSS3 Menu\templates\Stream.c3mt
[WARNUNG] Die Datei ist kennwortgeschützt
C:\Program Files (x86)\CSS3 Menu\templates\Toolbars.c3mt
[WARNUNG] Die Datei ist kennwortgeschützt
C:\Program Files (x86)\gs\gs9.05\uninstgs.exe
[WARNUNG] Unerwartetes Dateiende erreicht
C:\Program Files (x86)\Lexware\LX07-SETUP\Data\IE6\IENT_S1.CAB
[WARNUNG] Einige Dateien dieses Archives sind auf mehrere Teilarchive verteilt (multiple volume)
C:\Program Files (x86)\Lexware\LX07-SETUP\Data\IE6\IENT_S2.CAB
[WARNUNG] Einige Dateien dieses Archives sind auf mehrere Teilarchive verteilt (multiple volume)
C:\Program Files (x86)\Lexware\LX07-SETUP\Data\IE6\IENT_S3.CAB
[WARNUNG] Einige Dateien dieses Archives sind auf mehrere Teilarchive verteilt (multiple volume)
C:\Program Files (x86)\Lexware\LX07-SETUP\Data\IE6\IENT_S4.CAB
[WARNUNG] Einige Dateien dieses Archives sind auf mehrere Teilarchive verteilt (multiple volume)
C:\Program Files (x86)\Lexware\LX07-SETUP\Data\IE6\IENT_S5.CAB
[WARNUNG] Einige Dateien dieses Archives sind auf mehrere Teilarchive verteilt (multiple volume)
C:\Program Files (x86)\Lexware\LX07-SETUP\Data\IE6\IE_S1.CAB
[WARNUNG] Einige Dateien dieses Archives sind auf mehrere Teilarchive verteilt (multiple volume)
C:\Program Files (x86)\Lexware\LX07-SETUP\Data\IE6\IE_S2.CAB
[WARNUNG] Einige Dateien dieses Archives sind auf mehrere Teilarchive verteilt (multiple volume)
C:\Program Files (x86)\Lexware\LX07-SETUP\Data\IE6\IE_S3.CAB
[WARNUNG] Einige Dateien dieses Archives sind auf mehrere Teilarchive verteilt (multiple volume)
C:\Program Files (x86)\Lexware\LX07-SETUP\Data\IE6\IE_S4.CAB
[WARNUNG] Einige Dateien dieses Archives sind auf mehrere Teilarchive verteilt (multiple volume)
C:\Program Files (x86)\Lexware\LX07-SETUP\Data\IE6\IE_S5.CAB
[WARNUNG] Einige Dateien dieses Archives sind auf mehrere Teilarchive verteilt (multiple volume)
C:\Program Files (x86)\Lexware\setups\quicksteuer_2010\Data\IE6\IENT_S1.CAB
[WARNUNG] Einige Dateien dieses Archives sind auf mehrere Teilarchive verteilt (multiple volume)
C:\Program Files (x86)\Lexware\setups\quicksteuer_2010\Data\IE6\IENT_S2.CAB
[WARNUNG] Einige Dateien dieses Archives sind auf mehrere Teilarchive verteilt (multiple volume)
C:\Program Files (x86)\Lexware\setups\quicksteuer_2010\Data\IE6\IENT_S3.CAB
[WARNUNG] Einige Dateien dieses Archives sind auf mehrere Teilarchive verteilt (multiple volume)
C:\Program Files (x86)\Lexware\setups\quicksteuer_2010\Data\IE6\IENT_S4.CAB
[WARNUNG] Einige Dateien dieses Archives sind auf mehrere Teilarchive verteilt (multiple volume)
C:\Program Files (x86)\Lexware\setups\quicksteuer_2010\Data\IE6\IENT_S5.CAB
[WARNUNG] Einige Dateien dieses Archives sind auf mehrere Teilarchive verteilt (multiple volume)
C:\Program Files (x86)\Lexware\setups\quicksteuer_2010\Data\IE6\IE_S1.CAB
[WARNUNG] Einige Dateien dieses Archives sind auf mehrere Teilarchive verteilt (multiple volume)
C:\Program Files (x86)\Lexware\setups\quicksteuer_2010\Data\IE6\IE_S2.CAB
[WARNUNG] Einige Dateien dieses Archives sind auf mehrere Teilarchive verteilt (multiple volume)
C:\Program Files (x86)\Lexware\setups\quicksteuer_2010\Data\IE6\IE_S3.CAB
[WARNUNG] Einige Dateien dieses Archives sind auf mehrere Teilarchive verteilt (multiple volume)
C:\Program Files (x86)\Lexware\setups\quicksteuer_2010\Data\IE6\IE_S4.CAB
[WARNUNG] Einige Dateien dieses Archives sind auf mehrere Teilarchive verteilt (multiple volume)
C:\Program Files (x86)\Lexware\setups\quicksteuer_2010\Data\IE6\IE_S5.CAB
[WARNUNG] Einige Dateien dieses Archives sind auf mehrere Teilarchive verteilt (multiple volume)
C:\Program Files (x86)\TuneUp Utilities 2012\data\VistaDefault.tbs
[WARNUNG] Der Archivheader ist defekt
C:\Program Files (x86)\TuneUp Utilities 2012\data\VistaDefault.tla
[WARNUNG] Der Archivheader ist defekt
C:\Program Files (x86)\TuneUp Utilities 2012\data\VistaDefault.tls
[WARNUNG] Der Archivheader ist defekt
C:\Program Files (x86)\TVersity Codec Pack\uninst.exe
[WARNUNG] Unerwartetes Dateiende erreicht
C:\Program Files (x86)\WinRAR\rarnew.dat
[WARNUNG] Das Archiv ist unbekannt oder defekt
C:\ProgramData\Spybot - Search & Destroy\Recovery\AdFLVPlayer.zip
[WARNUNG] Die Datei ist kennwortgeschützt
C:\ProgramData\Spybot - Search & Destroy\Recovery\AdFLVPlayer1.zip
[WARNUNG] Die Datei ist kennwortgeschützt
C:\ProgramData\Spybot - Search & Destroy\Recovery\AdFLVPlayer2.zip
[WARNUNG] Die Datei ist kennwortgeschützt
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar.zip
[WARNUNG] Die Datei ist kennwortgeschützt
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar1.zip
[WARNUNG] Die Datei ist kennwortgeschützt
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar10.zip
[WARNUNG] Die Datei ist kennwortgeschützt
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar11.zip
[WARNUNG] Die Datei ist kennwortgeschützt
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar12.zip
[WARNUNG] Die Datei ist kennwortgeschützt
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar13.zip
[WARNUNG] Die Datei ist kennwortgeschützt
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar14.zip
[WARNUNG] Die Datei ist kennwortgeschützt
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar15.zip
[WARNUNG] Die Datei ist kennwortgeschützt
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar16.zip
[WARNUNG] Die Datei ist kennwortgeschützt
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar17.zip
[WARNUNG] Die Datei ist kennwortgeschützt
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar18.zip
[WARNUNG] Die Datei ist kennwortgeschützt
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar19.zip
[WARNUNG] Die Datei ist kennwortgeschützt
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar2.zip
[WARNUNG] Die Datei ist kennwortgeschützt
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar20.zip
[WARNUNG] Die Datei ist kennwortgeschützt
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar21.zip
[WARNUNG] Die Datei ist kennwortgeschützt
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar22.zip
[WARNUNG] Die Datei ist kennwortgeschützt
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar23.zip
[WARNUNG] Die Datei ist kennwortgeschützt
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar24.zip
[WARNUNG] Die Datei ist kennwortgeschützt
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar25.zip
[WARNUNG] Die Datei ist kennwortgeschützt
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar26.zip
[WARNUNG] Die Datei ist kennwortgeschützt
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar27.zip
[WARNUNG] Die Datei ist kennwortgeschützt
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar28.zip
[WARNUNG] Die Datei ist kennwortgeschützt
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar29.zip
[WARNUNG] Die Datei ist kennwortgeschützt
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar3.zip
[WARNUNG] Die Datei ist kennwortgeschützt
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar30.zip
[WARNUNG] Die Datei ist kennwortgeschützt
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar31.zip
[WARNUNG] Die Datei ist kennwortgeschützt
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar32.zip
[WARNUNG] Die Datei ist kennwortgeschützt
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar33.zip
[WARNUNG] Die Datei ist kennwortgeschützt
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar34.zip
[WARNUNG] Die Datei ist kennwortgeschützt
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar35.zip
[WARNUNG] Die Datei ist kennwortgeschützt
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar36.zip
[WARNUNG] Die Datei ist kennwortgeschützt
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar37.zip
[WARNUNG] Die Datei ist kennwortgeschützt
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar38.zip
[WARNUNG] Die Datei ist kennwortgeschützt
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar39.zip
[WARNUNG] Die Datei ist kennwortgeschützt
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar4.zip
[WARNUNG] Die Datei ist kennwortgeschützt
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar40.zip
[WARNUNG] Die Datei ist kennwortgeschützt
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar41.zip
[WARNUNG] Die Datei ist kennwortgeschützt
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar42.zip
[WARNUNG] Die Datei ist kennwortgeschützt
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar43.zip
[WARNUNG] Die Datei ist kennwortgeschützt
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar44.zip
[WARNUNG] Die Datei ist kennwortgeschützt
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar45.zip
[WARNUNG] Die Datei ist kennwortgeschützt
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar46.zip
[WARNUNG] Die Datei ist kennwortgeschützt
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar47.zip
[WARNUNG] Die Datei ist kennwortgeschützt
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar48.zip
[WARNUNG] Die Datei ist kennwortgeschützt
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar49.zip
[WARNUNG] Die Datei ist kennwortgeschützt
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar5.zip
[WARNUNG] Die Datei ist kennwortgeschützt
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar50.zip
[WARNUNG] Die Datei ist kennwortgeschützt
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar51.zip
[WARNUNG] Die Datei ist kennwortgeschützt
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar6.zip
[WARNUNG] Die Datei ist kennwortgeschützt
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar7.zip
[WARNUNG] Die Datei ist kennwortgeschützt
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar8.zip
[WARNUNG] Die Datei ist kennwortgeschützt
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar9.zip
[WARNUNG] Die Datei ist kennwortgeschützt
C:\ProgramData\Spybot - Search & Destroy\Recovery\IncrediBar.zip
[WARNUNG] Die Datei ist kennwortgeschützt
C:\ProgramData\Spybot - Search & Destroy\Recovery\IncrediBar1.zip
[WARNUNG] Die Datei ist kennwortgeschützt
C:\ProgramData\Spybot - Search & Destroy\Recovery\IncrediBar2.zip
[WARNUNG] Die Datei ist kennwortgeschützt
C:\ProgramData\Spybot - Search & Destroy\Recovery\IncrediBar3.zip
[WARNUNG] Die Datei ist kennwortgeschützt
C:\ProgramData\Spybot - Search & Destroy\Recovery\IncrediBar4.zip
[WARNUNG] Die Datei ist kennwortgeschützt
C:\ProgramData\Spybot - Search & Destroy\Recovery\IncrediBar5.zip
[WARNUNG] Die Datei ist kennwortgeschützt
C:\ProgramData\Spybot - Search & Destroy\Recovery\IncrediBar6.zip
[WARNUNG] Die Datei ist kennwortgeschützt
C:\ProgramData\Spybot - Search & Destroy\Recovery\IncrediBar7.zip
[WARNUNG] Die Datei ist kennwortgeschützt
C:\ProgramData\Spybot - Search & Destroy\Recovery\IncrediBar8.zip
[WARNUNG] Die Datei ist kennwortgeschützt
C:\ProgramData\Spybot - Search & Destroy\Recovery\WidgiToolbar.zip
[WARNUNG] Die Datei ist kennwortgeschützt
C:\ProgramData\Spybot - Search & Destroy\Recovery\WidgiToolbar1.zip
[WARNUNG] Die Datei ist kennwortgeschützt
C:\ProgramData\Spybot - Search & Destroy\Recovery\WidgiToolbar2.zip
[WARNUNG] Die Datei ist kennwortgeschützt
C:\ProgramData\Spybot - Search & Destroy\Recovery\WidgiToolbar3.zip
[WARNUNG] Die Datei ist kennwortgeschützt
C:\Users\JoeCool\Downloads\avira_free_antivirus_de.exe
[WARNUNG] Die Datei ist kennwortgeschützt
C:\Users\JoeCool\Downloads\Steal-crypterREFUDEDBy20messi.rar
[WARNUNG] Das gesamte Archiv ist kennwortgeschützt




Ende des Suchlaufs: Sonntag, 22. Juli 2012 06:36
Benötigte Zeit: 3:43:07 Stunde(n)

Der Suchlauf wurde vollständig durchgeführt.

35754 Verzeichnisse wurden überprüft
1287755 Dateien wurden geprüft
0 Viren bzw. unerwünschte Programme wurden gefunden
0 Dateien wurden als verdächtig eingestuft
0 Dateien wurden gelöscht
0 Viren bzw. unerwünschte Programme wurden repariert
0 Dateien wurden in die Quarantäne verschoben
0 Dateien wurden umbenannt
0 Dateien konnten nicht durchsucht werden
1287755 Dateien ohne Befall
9310 Archive wurden durchsucht
260 Warnungen
0 Hinweise
1101948 Objekte wurden beim Rootkitscan durchsucht
0 Versteckte Objekte wurden gefunden

SpyBot Log


--- Search result list ---
Babylon.Toolbar: [SBI $E0B59C7B] Class ID (Registrierungsdatenbank-Schlüssel, fixed)
HKEY_CLASSES_ROOT\CLSID\{2EECD738-5844-4a99-B4B6-146BF802613B}

Babylon.Toolbar: [SBI $295D1CA8] Class ID (Registrierungsdatenbank-Schlüssel, fixed)
HKEY_CLASSES_ROOT\CLSID\{E46C8196-B634-44a1-AF6E-957C64278AB1}

Babylon.Toolbar: [SBI $D1EDD9CA] Einstellungen (Registrierungsdatenbank-Schlüssel, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Babylon

Widgi.Toolbar: [SBI $65C7C8B1] Shared DLL (-2147483648 Anwendungen) (Registrierungsdatenbank-Wert, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls\C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe

Widgi.Toolbar: [SBI $5AE37010] Shared DLL (-2147483648 Anwendungen) (Registrierungsdatenbank-Wert, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls\C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe


--- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---

2009-01-26 blindman.exe (1.0.0.8)
2009-01-26 SDFiles.exe (1.6.1.7)
2009-01-26 SDMain.exe (1.0.0.6)
2009-01-26 SDShred.exe (1.0.2.5)
2009-01-26 SDUpdate.exe (1.6.0.12)
2009-01-26 SDWinSec.exe (1.0.0.12)
2009-01-26 SpybotSD.exe (1.6.2.46)
2009-03-05 TeaTimer.exe (1.6.6.32)
2012-03-04 unins000.exe (51.49.0.0)
2009-01-26 Update.exe (1.6.0.7)
2009-11-04 advcheck.dll (1.6.5.20)
2007-04-02 aports.dll (2.1.0.0)
2008-06-14 DelZip179.dll (1.79.11.1)
2009-01-26 SDHelper.dll (1.6.2.14)
2008-06-19 sqlite3.dll
2009-01-26 Tools.dll (2.1.6.10)
2009-01-16 UninsSrv.dll (1.0.0.0)
2012-01-16 Includes\Adware.sbi (*)
2012-07-17 Includes\AdwareC.sbi (*)
2010-08-13 Includes\Cookies.sbi (*)
2010-12-14 Includes\Dialer.sbi (*)
2011-11-29 Includes\DialerC.sbi (*)
2012-01-31 Includes\HeavyDuty.sbi (*)
2012-06-19 Includes\Hijackers.sbi (*)
2012-05-16 Includes\HijackersC.sbi (*)
2010-09-15 Includes\iPhone.sbi (*)
2012-03-13 Includes\Keyloggers.sbi (*)
2012-03-13 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2012-06-18 Includes\Malware.sbi (*)
2012-07-10 Includes\MalwareC.sbi (*)
2011-02-24 Includes\PUPS.sbi (*)
2012-07-11 Includes\PUPSC.sbi (*)
2010-01-25 Includes\Revision.sbi (*)
2012-06-19 Includes\Security.sbi (*)
2011-12-13 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2012-01-17 Includes\Spyware.sbi (*)
2012-05-08 Includes\SpywareC.sbi (*)
2010-03-08 Includes\Tracks.uti
2011-09-28 Includes\Trojans.sbi (*)
2012-07-17 Includes\TrojansC-02.sbi (*)
2012-07-17 Includes\TrojansC-03.sbi (*)
2012-07-17 Includes\TrojansC-04.sbi (*)
2012-07-12 Includes\TrojansC-05.sbi (*)
2012-07-17 Includes\TrojansC.sbi (*)
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll



--- System information ---
Unknown Windows version 6.1 (Build: 7601) Service Pack 1 (6.1.7601)
/ MSXML4SP2: FIX: ASP stops responding when calling Response.Redirect to another server using msxml4 sp2
/ MSXML4SP2: Security update for MSXML4 SP2 (KB954430)
/ MSXML4SP2: Security update for MSXML4 SP2 (KB973688)


--- Startup entries list ---
Located: HK_LM:Run,
command:
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: HK_LM:Run, Ad-Aware Antivirus
command: "C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher" --windows-run
file: C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: HK_LM:Run, Ad-Aware Browsing Protection
command: "C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe"
file: C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
size: 198032
MD5: C5F1D82D9CC8979971CC748FCB2EE7CA

Located: HK_LM:Run, Adobe ARM
command: "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
file: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
size: 843712
MD5: B8E421C0890356CD4A793D8A346D9096

Located: HK_LM:Run, Adobe Reader Speed Launcher
command: "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
file: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe
size: 37296
MD5: C98FF6C440E8967251F59C7919B505A1

Located: HK_LM:Run, APSDaemon
command: "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
file: C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
size: 59240
MD5: 1F3FF6C062B311FE410EC89F6BFAC213

Located: HK_LM:Run, avgnt
command: "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
file: C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
size: 348624
MD5: 382BBC7FE9D818B94FE5A8BAA7F4577E

Located: HK_LM:Run, CanonSolutionMenuEx
command: C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logon
file: C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE
size: 1185112
MD5: 3B78ACCCAA5132638E7CF419F4A965C7

Located: HK_LM:Run, GrooveMonitor
command: "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
file: C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe
size: 30040
MD5: 0E34B7BB1FCF22BCC1E394D16F9E992B

Located: HK_LM:Run, IAStorIcon
command: C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
file: C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
size: 283160
MD5: C0B97E53A0E39A48EEA2DCD500EEA07A

Located: HK_LM:Run, IJNetworkScanUtility
command: C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
file: C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
size: 140640
MD5: C14CF3A71C99E7AD48ECC928886317AC

Located: HK_LM:Run, iTunesHelper
command: "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
file: C:\Program Files (x86)\iTunes\iTunesHelper.exe
size: 421736
MD5: 444EB38A256BE60F2013488C49D2AB3F

Located: HK_LM:Run, KiesTrayAgent
command: C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
file: C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
size: 3521464
MD5: FEE45AD0B1EBF2C2D295B59BA593F6CD

Located: HK_LM:Run, LGODDFU
command: "C:\Program Files (x86)\lg_fwupdate\lgfw.exe" blrun
file: C:\Program Files (x86)\lg_fwupdate\lgfw.exe
size: 27760
MD5: 9D56299FA5C9B3D9E67FF3ACB301139F

Located: HK_LM:Run, LManager
command: C:\Program Files (x86)\Launch Manager\LManager.exe
file: C:\Program Files (x86)\Launch Manager\LManager.exe
size: 825864
MD5: 5FB1BFA389CDF13F38607EB1EBAC3753

Located: HK_LM:Run, PLFSetL
command: C:\Windows\PLFSetL.exe
file: C:\Windows\PLFSetL.exe
size: 94208
MD5: 51FDB84B862BE121189F63D03FACA33C

Located: HK_LM:Run, QuickTime Task
command: "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
file: C:\Program Files (x86)\QuickTime\QTTask.exe
size: 421888
MD5: AF43C4F7F3C8BC95DAD95024F96CDC4A

Located: HK_LM:Run, RemoteControl8
command: "C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe"
file: C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe
size: 91432
MD5: 28FD28A29C637C9AFEFE0A26E27C6DFE

Located: HK_LM:Run, ROC_roc_dec12
command: "C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12
file: C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: HK_LM:Run, snuvcdsm
command: C:\Windows\snuvcdsm.exe
file: C:\Windows\snuvcdsm.exe
size: 27184
MD5: C56060DFFB2EECEA5CD98B56DE67D0B0

Located: HK_LM:Run, SunJavaUpdateSched
command: "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
file: C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
size: 254696
MD5: 98A078F838A70F84E1BD490D7C7675F4

Located: HK_LM:Run, Adobe ARM (DISABLED)
command: "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
file: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
size: 843712
MD5: B8E421C0890356CD4A793D8A346D9096

Located: HK_LM:Run, Adobe Reader Speed Launcher (DISABLED)
command: "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
file: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe
size: 37296
MD5: C98FF6C440E8967251F59C7919B505A1

Located: HK_LM:Run, EgisTecLiveUpdate (DISABLED)
command: "C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe"
file: C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe
size: 199464
MD5: EF533F9D1E4F51C783D4349A7C3F518F

Located: HK_LM:Run, LexwareInfoService (DISABLED)
command: C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe /autostart
file: C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe
size: 339240
MD5: 8FDD61D9F50DB1BE962C20D99F355BCF

Located: HK_LM:Run, SunJavaUpdateSched (DISABLED)
command: "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
file: C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
size: 254696
MD5: 98A078F838A70F84E1BD490D7C7675F4

Located: HK_CU:RunOnce, adaware
where: .DEFAULT...
command: reg.exe delete "HKCU\Software\AppDataLow\Software\adaware" /f
file: C:\Windows\system32\reg.exe
size: 62464
MD5: D69A9ABBB0D795F21995C2F48C1EB560

Located: HK_CU:RunOnce, adaware_XP
where: .DEFAULT...
command: reg.exe delete "HKCU\Software\adaware" /f
file: C:\Windows\system32\reg.exe
size: 62464
MD5: D69A9ABBB0D795F21995C2F48C1EB560

Located: HK_CU:Run, Sidebar
where: S-1-5-19...
command: %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
file: C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
size: 1174016
MD5: DCCA4B04AF87E52EF9EAA2190E06CBAC

Located: HK_CU:RunOnce, mctadmin
where: S-1-5-19...
command: C:\Windows\System32\mctadmin.exe
file: C:\Windows\System32\mctadmin.exe
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: HK_CU:Run, Sidebar
where: S-1-5-20...
command: %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
file: C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
size: 1174016
MD5: DCCA4B04AF87E52EF9EAA2190E06CBAC

Located: HK_CU:RunOnce, mctadmin
where: S-1-5-20...
command: C:\Windows\System32\mctadmin.exe
file: C:\Windows\System32\mctadmin.exe
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: HK_CU:Run, 1&1_1&1 Office-Drive Manager
where: S-1-5-21-3899731673-2456997713-1197237625-1001...
command: "C:\Program Files (x86)\1&1\1&1 Office-Drive Manager\DAVSRV.EXE" /hide
file: C:\Program Files (x86)\1&1\1&1 Office-Drive Manager\DAVSRV.EXE
size: 964688
MD5: EA2BF144B5D5018E92DC287F3BE7D06A

Located: HK_CU:Run, KiesHelper
where: S-1-5-21-3899731673-2456997713-1197237625-1001...
command: C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe /s
file: C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: HK_CU:Run, KiesPDLR
where: S-1-5-21-3899731673-2456997713-1197237625-1001...
command: C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
file: C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
size: 21432
MD5: 984F6749E0741C3F22D86C91B46177BE

Located: HK_CU:RunOnce, adaware
where: S-1-5-18...
command: reg.exe delete "HKCU\Software\AppDataLow\Software\adaware" /f
file: C:\Windows\system32\reg.exe
size: 62464
MD5: D69A9ABBB0D795F21995C2F48C1EB560

Located: HK_CU:RunOnce, adaware_XP
where: S-1-5-18...
command: reg.exe delete "HKCU\Software\adaware" /f
file: C:\Windows\system32\reg.exe
size: 62464
MD5: D69A9ABBB0D795F21995C2F48C1EB560

Located: Startup (allgemein), Google Calendar Sync.lnk
where: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup...
command: C:\Program Files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe
file: C:\Program Files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe
size: 542264
MD5: C5B5552E5C1A0079C1F7313E7CC7707E



--- Browser helper object list ---
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} (AcroIEHelperStub)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name: AcroIEHelperStub
CLSID name: Adobe PDF Link Helper
Path: C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\
Long name: AcroIEHelperShim.dll
Short name: ACROIE~2.DLL
Date (created): 26.03.2012 17:39:00
Date (last access): 14.05.2012 18:40:04
Date (last write): 26.03.2012 17:39:00
Filesize: 75200
Attributes: archive
MD5: 885BA7AE8F650E7D7BCB5B966E00DDCE
CRC32: A0D904C3
Version: 9.5.1.283

{3785D0AD-BFFF-47F6-BF5B-A587C162FED9} (Canon Easy-WebPrint EX BHO)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name: Canon Easy-WebPrint EX BHO
CLSID name: Canon Easy-WebPrint EX BHO
Path: C:\Program Files (x86)\Canon\Easy-WebPrint EX\
Long name: ewpexbho.dll
Short name:
Date (created): 14.11.2011 17:42:28
Date (last access): 14.11.2011 17:42:28
Date (last write): 08.11.2010 14:49:26
Filesize: 202144
Attributes: archive
MD5: E2C59B4BC4296C39EE41997482B14241
CRC32: 5EB04FBE
Version: 1.2.0.0

{6c97a91e-4524-4019-86af-2aa2d567bf5c} (Ad-Aware Security Toolbar)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name: Ad-Aware Security Toolbar
CLSID name: Ad-Aware Security Toolbar
Path: C:\Program Files (x86)\adawaretb\
Long name: adawareDx.dll
Short name: ADAWAR~2.DLL
Date (created): 11.04.2012 22:08:22
Date (last access): 21.07.2012 14:10:58
Date (last write): 11.04.2012 22:08:22
Filesize: 87440
Attributes: archive
MD5: 6B94578EE59FB048F573B9C8C4149FC7
CRC32: 18DD0785
Version: 1.0.0.20

{72853161-30C5-4D22-B7F9-0BBC1D38A37E} (Groove GFS Browser Helper)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Groove GFS Browser Helper
Path: C:\Program Files (x86)\Microsoft Office\Office12\
Long name: GrooveShellExtensions.dll
Short name: GR469A~1.DLL
Date (created): 26.02.2009 19:36:54
Date (last access): 11.12.2011 12:13:50
Date (last write): 26.02.2009 19:36:54
Filesize: 2217832
Attributes: archive
MD5: 30DB64D316F502558DB2380F7343C9FD
CRC32: 152B40A2
Version: 12.0.6500.5000

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (Java(tm) Plug-In SSV Helper)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Java(tm) Plug-In SSV Helper
Path: C:\Program Files (x86)\Java\jre6\bin\
Long name: ssv.dll
Short name:
Date (created): 26.03.2012 10:07:42
Date (last access): 26.03.2012 10:07:42
Date (last write): 26.03.2012 10:07:42
Filesize: 325408
Attributes: archive
MD5: 8E6C86726B67D3FAA3144849B9AAC06C
CRC32: B1F4AB5B
Version: 6.0.310.5

{9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live ID-Anmelde-Hilfsprogramm)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Windows Live ID-Anmelde-Hilfsprogramm
Path: C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\
Long name: WindowsLiveLogin.dll
Short name: WINDOW~1.DLL
Date (created): 30.03.2009 17:31:54
Date (last access): 25.12.2009 15:09:06
Date (last write): 30.03.2009 17:31:54
Filesize: 403824
Attributes: archive
MD5: 9144D1A2D7AC4CE489C863E11FC5E478
CRC32: 55343708
Version: 6.500.3146.0

{DBC80044-A445-435b-BC74-9C25C1C588A9} (Java(tm) Plug-In 2 SSV Helper)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Java(tm) Plug-In 2 SSV Helper
Path: C:\Program Files (x86)\Java\jre6\bin\
Long name: jp2ssv.dll
Short name:
Date (created): 26.03.2012 10:07:42
Date (last access): 26.03.2012 10:07:42
Date (last write): 26.03.2012 10:07:42
Filesize: 42272
Attributes: archive
MD5: A9770771B622A871643EA2A4A3983E95
CRC32: D1C0DA03
Version: 6.0.310.5

{E87806B5-E908-45FD-AF5E-957D83E58E68} (Softonic Helper Object)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name: Softonic Helper Object
CLSID name: Softonic Helper Object
Path: C:\Program Files (x86)\Softonic\Softonic\1.5.21.0\bh\
Long name: Softonic.dll
Short name:
Date (created): 15.03.2012 15:57:20
Date (last access): 19.05.2012 11:50:42
Date (last write): 15.03.2012 15:57:20
Filesize: 242384
Attributes: archive
MD5: 99E5B8DBF98FE9FDBB95EA2B8B43A305
CRC32: 5930E520
Version: 1.5.21.0



--- ActiveX list ---
{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object)
DPF name:
CLSID name: QuickTime Object
Installer: C:\Windows\Downloaded Program Files\QTPlugin.inf
Codebase: hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
description: Apple Quicktime
classification: Legitimate
known filename: QTPLUGIN.OCX
info link:
info source: Patrick M. Kolla
Path: C:\Program Files (x86)\QuickTime\
Long name: QTPlugin.ocx
Short name:
Date (created): 24.10.2011 16:30:12
Date (last access): 26.02.2012 13:00:56
Date (last write): 24.10.2011 16:30:12
Filesize: 796520
Attributes: archive
MD5: CF31570FD81E28CC2D7CD11D6CE9F863
CRC32: A6507249
Version: 7.7.1.0

{166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control)
DPF name:
CLSID name: Shockwave ActiveX Control
Installer: C:\Windows\Downloaded Program Files\swdir.inf
Codebase: hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
description: Macromedia ShockWave Flash Player 7
classification: Legitimate
known filename: SWDIR.DLL
info link:
info source: Patrick M. Kolla
Path: C:\Windows\SysWow64\Adobe\Director\
Long name: SwDir.dll
Short name:
Date (created): 12.01.2010 08:40:40
Date (last access): 07.03.2010 15:17:42
Date (last write): 12.01.2010 08:40:40
Filesize: 213272
Attributes: archive
MD5: 95244A5ECEFFF530AE1DF421018C6EF9
CRC32: E54EB77A
Version: 11.5.6.606

{8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_31
Installer:
Codebase: hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
description: Sun Java
classification: Legitimate
known filename: %PROGRAM FILES%\JabaSoft\JRE\*\Bin\npjava131.dll
info link:
info source: Patrick M. Kolla
Path: C:\Program Files (x86)\Java\jre6\bin\
Long name: jp2iexp.dll
Short name:
Date (created): 26.03.2012 10:07:42
Date (last access): 26.03.2012 10:07:42
Date (last write): 26.03.2012 10:07:42
Filesize: 104224
Attributes: archive
MD5: C7AD5E5E4FC8AF697A91BF56D1806B8D
CRC32: D5225578
Version: 6.0.310.5

{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0
Installer:
Codebase: hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
description:
classification: Legitimate
known filename: npjpi160.dll
info link:
info source: Safer Networking Ltd.
Path: C:\Program Files (x86)\Java\jre6\bin\
Long name: jp2iexp.dll
Short name:
Date (created): 26.03.2012 10:07:42
Date (last access): 26.03.2012 10:07:42
Date (last write): 26.03.2012 10:07:42
Filesize: 104224
Attributes: archive
MD5: C7AD5E5E4FC8AF697A91BF56D1806B8D
CRC32: D5225578
Version: 6.0.310.5

{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_31
Installer:
Codebase: hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
Path: C:\Program Files (x86)\Java\jre6\bin\
Long name: jp2iexp.dll
Short name:
Date (created): 26.03.2012 10:07:42
Date (last access): 26.03.2012 10:07:42
Date (last write): 26.03.2012 10:07:42
Filesize: 104224
Attributes: archive
MD5: C7AD5E5E4FC8AF697A91BF56D1806B8D
CRC32: D5225578
Version: 6.0.310.5

{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_31
Installer:
Codebase: hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
description:
classification: Legitimate
known filename: npjpi150_06.dll
info link:
info source: Safer Networking Ltd.
Path: C:\Program Files (x86)\Java\jre6\bin\
Long name: npjpi160_31.dll
Short name: NPJPI1~1.DLL
Date (created): 26.03.2012 10:07:42
Date (last access): 26.03.2012 10:07:42
Date (last write): 26.03.2012 10:07:42
Filesize: 141088
Attributes: archive
MD5: 77149DCA2C3134C50150ECD33593F4A8
CRC32: 88B54397
Version: 6.0.310.5



--- Process list ---
PID: 0 ( 0) [System]
PID: 2784 (2408) C:\Windows\PLFSetI.exe
size: 200704
MD5: 0D3DFFA8BA3E63592FC2C652CF3B0E9C
PID: 2892 (2408) C:\Windows\snuvcdsm.exe
size: 27184
MD5: C56060DFFB2EECEA5CD98B56DE67D0B0
PID: 3012 (2408) C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
size: 21432
MD5: 984F6749E0741C3F22D86C91B46177BE
PID: 3020 (2408) C:\Program Files (x86)\1&1\1&1 Office-Drive Manager\DAVSRV.EXE
size: 964688
MD5: EA2BF144B5D5018E92DC287F3BE7D06A
PID: 3032 (2408) C:\Program Files (x86)\Skype\Phone\Skype.exe
size: 17417392
MD5: 62C847F150929CD0A7167CB7DC6E85C5
PID: 2132 (2408) C:\Program Files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe
size: 542264
MD5: C5B5552E5C1A0079C1F7313E7CC7707E
PID: 2688 (3044) C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe
size: 91432
MD5: 28FD28A29C637C9AFEFE0A26E27C6DFE
PID: 2276 (3044) C:\Program Files (x86)\Launch Manager\LManager.EXE
size: 825864
MD5: 5FB1BFA389CDF13F38607EB1EBAC3753
PID: 4060 (3044) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
size: 283160
MD5: C0B97E53A0E39A48EEA2DCD500EEA07A
PID: 4260 (3044) C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
size: 140640
MD5: C14CF3A71C99E7AD48ECC928886317AC
PID: 672 (3044) C:\Program Files (x86)\iTunes\iTunesHelper.exe
size: 421736
MD5: 444EB38A256BE60F2013488C49D2AB3F
PID: 5156 (3044) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
size: 3521464
MD5: FEE45AD0B1EBF2C2D295B59BA593F6CD
PID: 5196 (3044) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
size: 254696
MD5: 98A078F838A70F84E1BD490D7C7675F4
PID: 5208 (3044) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
size: 348624
MD5: 382BBC7FE9D818B94FE5A8BAA7F4577E
PID: 5216 (3044) C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
size: 198032
MD5: C5F1D82D9CC8979971CC748FCB2EE7CA
PID: 6000 (1480) C:\PROGRA~2\AD-AWA~1\AdAware.exe
size: 18832264
MD5: 5E57EAB47E565BF754BCF99A410C3354
PID: 1756 (2364) C:\Program Files (x86)\lg_fwupdate\fwupdate.exe
size: 871536
MD5: 8667D9B4FFA3ABD1EC3D61004667E1DA
PID: 5928 (5196) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
size: 508136
MD5: 7C5A4D3222DEA5570C8F08EC7FC74199
PID: 6408 (2408) C:\Program Files (x86)\Spybot - Search & Destroy\SpybotSD.exe
size: 5365592
MD5: 0477C2F9171599CA5BC3307FDFBA8D89
PID: 7040 (2408) C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE
size: 12997488
MD5: 0E5398084278E4CD84DDB0A2B646548D
PID: 3344 (2408) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
size: 913888
MD5: D3C0837346C49095B8AF9EF54AD7E90A
PID: 4 ( 0) System
PID: 336 ( 4) smss.exe
PID: 484 ( 476) csrss.exe
PID: 536 ( 476) wininit.exe
size: 96256
PID: 556 ( 528) csrss.exe
PID: 600 ( 536) services.exe
PID: 624 ( 536) lsass.exe
PID: 632 ( 536) lsm.exe
PID: 684 ( 528) winlogon.exe
PID: 772 ( 600) svchost.exe
size: 20992
PID: 904 ( 600) svchost.exe
size: 20992
PID: 1012 ( 600) svchost.exe
size: 20992
PID: 380 ( 600) svchost.exe
size: 20992
PID: 488 ( 600) svchost.exe
size: 20992
PID: 1056 ( 600) svchost.exe
size: 20992
PID: 1180 ( 600) svchost.exe
size: 20992
PID: 1268 ( 380) wlanext.exe
size: 77312
PID: 1276 ( 484) conhost.exe
PID: 1348 ( 600) spoolsv.exe
PID: 1384 ( 600) sched.exe
PID: 1408 ( 600) svchost.exe
size: 20992
PID: 1480 ( 600) AdAwareService.exe
PID: 1516 ( 600) BTHSAmpPalService.exe
PID: 1540 ( 600) avguard.exe
PID: 1580 ( 600) AppleMobileDeviceService.exe
PID: 1640 ( 600) mDNSResponder.exe
PID: 1672 ( 600) BTHSSecurityMgr.exe
PID: 1700 ( 600) dgdersvc.exe
size: 95568
PID: 1780 ( 600) ePowerSvc.exe
PID: 1812 ( 600) EvtEng.exe
PID: 1836 ( 600) svchost.exe
size: 20992
PID: 1976 ( 600) C:\Windows\System32\taskhost.exe
PID: 1044 ( 600) GregHSRW.exe
PID: 1440 ( 600) ijplmsvc.exe
PID: 1636 ( 600) msftesql.exe
PID: 1888 ( 600) sqlservr.exe
PID: 2164 ( 600) svchost.exe
size: 20992
PID: 2212 ( 600) svchost.exe
size: 20992
PID: 2240 ( 600) RegSrvc.exe
PID: 2300 ( 600) RS_Service.exe
PID: 2340 ( 600) SBAMSvc.exe
PID: 2396 ( 380) C:\Windows\System32\dwm.exe
PID: 2408 (2384) C:\Windows\explorer.exe
size: 2871808
MD5: 332FEAB1435662FC6C672E25BEB37BE3
PID: 2532 ( 600) sqlbrowser.exe
PID: 2556 ( 600) sqlwriter.exe
PID: 2760 (2408) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
size: 320000
MD5: 2C2C3D428E6581CF56A80416AA327425
PID: 2768 (2408) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
size: 823840
MD5: E64270B5DB7218E60AD62ED0C52E3A09
PID: 2776 (2408) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
size: 1808168
MD5: FD217F6DDBB90D84A46B36E17E99CA0C
PID: 2792 (2408) C:\Windows\System32\igfxtray.exe
PID: 2800 (2408) C:\Windows\System32\hkcmd.exe
PID: 2828 (2408) C:\Windows\System32\igfxpers.exe
PID: 2880 ( 772) C:\Windows\System32\igfxsrvc.exe
PID: 2920 (2408) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
size: 11780712
MD5: 77A441250C9C66B889828132855ACD54
PID: 3480 ( 600) svchost.exe
size: 20992
PID: 3732 ( 600) TuneUpUtilitiesService64.exe
PID: 3872 ( 600) MediaServer.exe
PID: 3996 ( 600) UpdaterService.exe
PID: 464 ( 600) SDWinSec.exe
PID: 4240 (3732) C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesApp64.exe
size: 1340736
MD5: 0F71CB03736B5FEC70B1E0888367A30B
PID: 4252 ( 772) unsecapp.exe
PID: 4480 ( 772) WmiPrvSE.exe
PID: 4644 (1540) avshadow.exe
PID: 4652 ( 484) conhost.exe
PID: 4784 ( 772) C:\Windows\System32\igfxext.exe
PID: 4912 ( 600) SearchIndexer.exe
size: 427520
PID: 4936 ( 772) C:\Windows\System32\wbem\unsecapp.exe
PID: 5056 (1780) ePowerEvent.exe
PID: 3748 ( 600) svchost.exe
size: 20992
PID: 2152 (2776) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
size: 120616
MD5: C6BE59AE498497F78EC46DADB5335766
PID: 4884 ( 600) wmpnetwk.exe
PID: 5832 ( 600) svchost.exe
size: 20992
PID: 6112 ( 600) iPodService.exe
PID: 5260 ( 600) svchost.exe
size: 20992
PID: 4084 ( 600) IAStorDataMgrSvc.exe
PID: 5460 ( 488) C:\Windows\System32\wuauclt.exe
PID: 6036 (3192) C:\Windows\SysWOW64\WerFault.exe
size: 360448
MD5: 5FEAB868CAEDBBD1B7A145CA8261E4AA
PID: 2224 ( 600) taskhost.exe


--- Browser start & search pages list ---
Spybot - Search & Destroy browser pages report, 22.07.2012 09:01:40

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page
C:\Windows\system32\blank.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page
hxxp://go.microsoft.com/fwlink/?LinkId=54896
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
about:blank
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_1810tz&r=273612090016l0333z125t4851a38n
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page
C:\Windows\SysWOW64\blank.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page
hxxp://go.microsoft.com/fwlink/?LinkId=54896
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page
hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_1810tz&r=273612090016l0333z125t4851a38n
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_1810tz&r=273612090016l0333z125t4851a38n
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
hxxp://go.microsoft.com/fwlink/?LinkId=54896


--- Winsock Layered Service Provider list ---
Protocol 0: MSAFD-Tcpip [TCP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip[*]

Protocol 1: MSAFD-Tcpip [UDP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip[*]

Protocol 2: MSAFD-Tcpip [RAW/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip[*]

Protocol 3: MSAFD-Tcpip [TCP/IPv6]
GUID: {F9EAB0C0-26D4-11D0-BBBF-00AA006C34E4}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IPv6 protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip[*]

Protocol 4: MSAFD-Tcpip [UDP/IPv6]
GUID: {F9EAB0C0-26D4-11D0-BBBF-00AA006C34E4}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IPv6 protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip[*]

Protocol 5: MSAFD-Tcpip [RAW/IPv6]
GUID: {F9EAB0C0-26D4-11D0-BBBF-00AA006C34E4}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IPv6 protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip[*]

Protocol 6: RSVP-TCPv6-Dienstanbieter
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider

Protocol 7: RSVP-TCP-Dienstanbieter
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider

Protocol 8: RSVP-UDPv6-Dienstanbieter
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider

Protocol 9: RSVP-UDP-Dienstanbieter
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider

Protocol 10: MSAFD RfComm [Bluetooth]
GUID: {9FC48064-7298-43E4-B7BD-181F2089792A}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Bluetooth
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD RfComm [Bluetooth]

Namespace Provider 0: NLA (Network Location Awareness, NLAv1)-Namespace
GUID: {6642243A-3BA8-4AA6-BAA5-2E0BD71FDD83}
Filename:
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: NLA-Namespace

Namespace Provider 1: E-Mail-Namenshimanbieter
GUID: {964ACBA2-B2BC-40EB-8C6A-A6DB40161CAE}
Filename:

Namespace Provider 2: PNRP-Wolken-Namespaceanbieter
GUID: {03FE89CE-766D-4976-B9C1-BB9BC42C7B4D}
Filename:

Namespace Provider 3: PNRP-Namen-Namespaceanbieter
GUID: {03FE89CD-766D-4976-B9C1-BB9BC42C7B4D}
Filename:

Namespace Provider 4: Bluetooth Namespace
GUID: {06AA63E0-7D60-41FF-AFB2-3EE6D2D9392D}
Filename: %SystemRoot%\system32\wshbth.dll
Description: Bluetooth
DB filename: %SystemRoot%\system32\wshbth.dll
DB protocol: Bluetooth-Namespace

Namespace Provider 5: WindowsLive NSP
GUID: {4177DDE9-6028-479E-B7B7-03591A63FF3A}
Filename: C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL

Namespace Provider 6: WindowsLive Local NSP
GUID: {229F2A2C-5F18-4A06-8F89-3A372170624D}
Filename: C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL

Namespace Provider 7: TCP/IP
GUID: {22059D40-7E9E-11CF-AE5A-00AA00A7112B}
Filename:
Description: Microsoft Windows NT/2k/XP TCP/IP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: TCP/IP

Namespace Provider 8: NTDS
GUID: {3B2637EE-E580-11CF-A555-00C04FD8D4AC}
Filename: %SystemRoot%\System32\winrnr.dll
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\winrnr.dll
DB protocol: NTDS

Namespace Provider 9: mdnsNSP
GUID: {B600E6E9-553B-4A19-8696-335E5C896153}
Filename: C:\Program Files (x86)\Bonjour\mdnsNSP.dll
Description: Apple Rendezvous protocol
DB filename: %ProgramFiles%\Rendezvous\bin\mdnsNSP.dll
DB protocol: mdnsNSP

Alt 22.07.2012, 09:41   #2
t'john
/// Helfer-Team
 
GVU Trojaner mit Kamera - Standard

GVU Trojaner mit Kamera





1. Schritt

Bitte einen Vollscan mit Malwarebytes Anti-Malware machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Malwarebytes Anti-Malware
- Anwendbar auf Windows 2000, XP, Vista und 7.
- Installiere das Programm in den vorgegebenen Pfad.
- Aktiviere "Komplett Scan durchführen" => Scan.
- Wähle alle verfügbaren Laufwerke (ausser CD/DVD) aus und starte den Scan.
- Funde bitte löschen lassen oder in Quarantäne.
- Wenn der Scan beendet ist, klicke auf "Zeige Resultate".

2. Schritt
Systemscan mit OTL (bebilderte Anleitung)

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop ( falls noch nicht vorhanden)- Doppelklick auf die OTL.exe
- Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
- Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
- Unter Extra Registry, wähle bitte Use SafeList
- Klicke nun auf Run Scan links oben
- Wenn der Scan beendet wurde werden 2 Logfiles erstellt
- Poste die Logfiles hier in den Thread.
__________________

__________________

Alt 22.07.2012, 09:53   #3
JoeCool
 
GVU Trojaner mit Kamera - Standard

GVU Trojaner mit Kamera



Hallo und Danke für die schnelle Meldung.

OTL hab ich schon durch - Wie kann ich das hier Posten? Datei ist als Anhang zu groß.

Malwarebytes läuft noch.

Inzwischen hat Antivir folgende Funde gemeldet:
RKIT/AGENT.DEPG.1
TR/SPY.BANKER.GEN

Hab auf Details geklickt, aber da kommt nix. Also auf Löschen, kam dann etwa 10x und dann war ruhe. Jetzt ist AntiVir deaktiviert wegen den Suchlauf von Malwarebytes.
__________________

Alt 22.07.2012, 09:56   #4
t'john
/// Helfer-Team
 
GVU Trojaner mit Kamera - Standard

GVU Trojaner mit Kamera



Zippen schau mal
__________________
Mfg, t'john
Das TB unterstützen

Alt 22.07.2012, 09:59   #5
JoeCool
 
GVU Trojaner mit Kamera - Standard

GVU Trojaner mit Kamera



Kopiere die OTL Logs mal mit copy & paste rein. Ich hab extra 60 Tage eingestellt, weil ich anfang Juni viel gedowloaded hatte. Vlt. hab ic mir da was eingefangen...OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 22.07.2012 10:09:23 - Run 1
OTL by OldTimer - Version 3.2.54.0     Folder = C:\Users\JoeCool\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,93 Gb Total Physical Memory | 0,57 Gb Available Physical Memory | 29,49% Memory free
3,87 Gb Paging File | 1,60 Gb Available in Paging File | 41,29% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 220,79 Gb Total Space | 148,73 Gb Free Space | 67,36% Space Free | Partition Type: NTFS
 
Computer Name: ACER-NETBOOK | User Name: JoeCool | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 60 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\JoeCool\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\lg_fwupdate\fwupdate.exe (BitLeader)
PRC - C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe (Lavasoft Limited)
PRC - C:\PROGRA~2\AD-AWA~1\AdAware.exe (Lavasoft Limited)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
PRC - C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe (GFI Software)
PRC - C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft)
PRC - C:\Program Files (x86)\1&1\1&1 Office-Drive Manager\DAVSRV.EXE (1&1 Internet AG)
PRC - C:\ProgramData\TVersity\Media Server\MediaServer.exe ()
PRC - C:\Program Files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe (Google)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE ()
PRC - C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe (CANON INC.)
PRC - C:\Program Files (x86)\Launch Manager\LManager.EXE (Dritek System Inc.)
PRC - C:\Program Files (x86)\Acer\Registration\GregHSRW.exe (Acer Incorporated)
PRC - C:\Windows\snuvcdsm.exe ()
PRC - C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe (Acer Incorporated)
PRC - C:\Programme\Acer\Acer Updater\UpdaterService.exe (Acer)
PRC - C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe (CyberLink Corp.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Windows\PLFSetI.exe ()
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Users\JoeCool\AppData\Local\Temp\26b4a1dd-e07b-48af-be4e-9642b273284b\CliSecureRT.dll ()
MOD - C:\Users\JoeCool\AppData\Roaming\13001.026\components\AcroFF026.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\3989b4ca6cf904061992daec9e7d5644\PresentationFramework.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\42221dddc2b53dc24f14e9c285d1de8f\PresentationFramework.Aero.ni.dll ()
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\6a6f4be744ed5bc5273cbcf0fcf303e3\System.Management.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\dc1f0dbf1d3ba856eccec90b62b55d79\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\035910922f160d304fb834aae41f45a6\System.Xaml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\17e020ae92d7fab33bcc1c98b25019d0\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\713647b987b140a17e3c4ffe4c721f85\System.Core.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\3963e9ce8d44f50e8367e92a8e3e42e6\PresentationCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\dd57bc19f5807c6dbe8f88d4a23277f6\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\e997d0200c25f7db6bd32313d50b729d\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\d17606e813f01376bd0def23726ecc62\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System\964da027ebca3b263a05cadb8eaa20a3\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\246f1a5abb686b9dcdf22d3505b08cea\mscorlib.ni.dll ()
MOD - C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\39cf4f0f0e6adca3403df6c641a73e15\IAStorUtil.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\262285b3d0afafc5059f3fe9be69bff5\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\8177623eac8f15cf95b587625439eac7\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\a1c4a635721f85bef0ea4194b888b871\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\47b9e7f070271ff50f988f75ea68fa3e\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\9866d1f6178e1cde25642f1ac293ff8d\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\e620323cacb5b6bfd93fd28d263440e4\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\faf4e8730ecbd07570111bb7c3b20565\System.ni.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\ebfad289d9759034cd3a887802fadb5b\IAStorCommon.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll ()
MOD - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\MSPTLS.DLL ()
MOD - C:\PROGRA~2\MICROS~1\Office12\ADDINS\UMOUTL~1.DLL ()
MOD - C:\PROGRA~2\MICROS~1\Office12\OUTLCTL.DLL ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\Windows\snuvcdsm.exe ()
MOD - C:\PROGRA~2\MICROS~1\Office12\ADDINS\COLLEA~1.DLL ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll ()
MOD - C:\Windows\PLFSetI.exe ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (UxTuneUp) -- C:\Windows\SysNative\uxtuneup.dll (TuneUp Software)
SRV:64bit: - (dgdersvc) -- C:\Windows\SysNative\dgdersvc.exe (Devguru Co., Ltd.)
SRV - (Ad-Aware Service) -- C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe (Lavasoft Limited)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (SBAMSvc) -- C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe (GFI Software)
SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe (TuneUp Software)
SRV - (UxTuneUp) -- C:\Windows\SysWOW64\uxtuneup.dll (TuneUp Software)
SRV - (AMPPALR3) -- C:\Programme\Intel\BluetoothHS\BTHSAmpPalService.exe (Intel Corporation)
SRV - (TVersityMediaServer) -- C:\ProgramData\TVersity\Media Server\MediaServer.exe ()
SRV - (EvtEng) Intel(R) -- C:\Programme\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
SRV - (RegSrvc) Intel(R) -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
SRV - (BTHSSecurityMgr) Intel(R) Centrino(R) Wireless Bluetooth(R) -- C:\Programme\Intel\BluetoothHS\BTHSSecurityMgr.exe (Intel(R) Corporation)
SRV - (IAStorDataMgrSvc) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (dgdersvc) -- C:\Windows\SysWOW64\dgdersvc.exe (Devguru Co., Ltd.)
SRV - (IJPLMSVC) -- C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE ()
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (ePowerSvc) -- C:\Programme\Acer\Acer ePower Management\ePowerSvc.exe (Acer Incorporated)
SRV - (HPSLPSVC) -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL (Hewlett-Packard Co.)
SRV - (MWLService) -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe ()
SRV - (Greg_Service) -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe (Acer Incorporated)
SRV - (RS_Service) -- C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe (Acer Incorporated)
SRV - (Updater Service) -- C:\Programme\Acer\Acer Updater\UpdaterService.exe (Acer)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)
SRV - (DBService) -- C:\Program Files (x86)\Common Files\DATA BECKER Shared\DBService.exe (DATA BECKER GmbH & Co KG)
SRV - (SQLWriter) -- C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH)
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (sbhips) -- C:\Windows\SysNative\drivers\sbhips.sys (GFI Software)
DRV:64bit: - (sbapifs) -- C:\Windows\SysNative\drivers\sbapifs.sys (GFI Software)
DRV:64bit: - (SBRE) -- C:\Windows\SysNative\drivers\sbredrv.sys (GFI Software)
DRV:64bit: - (AMPPALP) -- C:\Windows\SysNative\drivers\AmpPal.sys (Windows (R) Win 7 DDK provider)
DRV:64bit: - (AMPPAL) -- C:\Windows\SysNative\drivers\AmpPal.sys (Windows (R) Win 7 DDK provider)
DRV:64bit: - (NETwNs64) ___ Intel(R) -- C:\Windows\SysNative\drivers\NETwNs64.sys (Intel Corporation)
DRV:64bit: - (ui11drdr) -- C:\Windows\SysNative\drivers\ui11drdr.SYS (1&1 Internet AG)
DRV:64bit: - (SWDUMon) -- C:\Windows\SysNative\drivers\SWDUMon.sys ()
DRV:64bit: - (ssadmdm) -- C:\Windows\SysNative\drivers\ssadmdm.sys (MCCI Corporation)
DRV:64bit: - (ssadbus) SAMSUNG Android USB Composite Device driver (WDM) -- C:\Windows\SysNative\drivers\ssadbus.sys (MCCI Corporation)
DRV:64bit: - (ssadmdfl) SAMSUNG Android USB Modem (Filter) -- C:\Windows\SysNative\drivers\ssadmdfl.sys (MCCI Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (dgderdrv) -- C:\Windows\SysNative\drivers\dgderdrv.sys (Devguru Co., Ltd)
DRV:64bit: - (TFsExDisk) -- C:\Windows\SysNative\drivers\TFsExDisk.sys (Teruten Inc)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (NETw5s64) Intel(R) -- C:\Windows\SysNative\drivers\NETw5s64.sys (Intel Corporation)
DRV:64bit: - (SNP2UVC) USB2.0 PC Camera (SNP2UVC) -- C:\Windows\SysNative\drivers\snp2uvc.sys ()
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (WSDPrintDevice) -- C:\Windows\SysNative\drivers\WSDPrint.sys (Microsoft Corporation)
DRV:64bit: - (WSDScan) -- C:\Windows\SysNative\drivers\WSDScan.sys (Microsoft Corporation)
DRV:64bit: - (ROOTMODEM) -- C:\Windows\SysNative\drivers\rootmdm.sys (Microsoft Corporation)
DRV:64bit: - (usb_rndisx) -- C:\Windows\SysNative\drivers\usb8023x.sys (Microsoft Corporation)
DRV:64bit: - (IntcHdmiAddService) Intel(R) -- C:\Windows\SysNative\drivers\IntcHdmi.sys (Intel(R) Corporation)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (netr28ux) -- C:\Windows\SysNative\drivers\netr28ux.sys (Ralink Technology Corp.)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (mwlPSDVDisk) -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys (Egis Technology Inc.)
DRV:64bit: - (mwlPSDFilter) -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys (Egis Technology Inc.)
DRV:64bit: - (mwlPSDNServ) -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys (Egis Technology Inc.)
DRV:64bit: - (AmUStor) -- C:\Windows\SysNative\drivers\AmUStor.sys (Alcor Micro, Corp.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (RimVSerPort) -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys (Research in Motion Ltd)
DRV:64bit: - (USBModem) -- C:\Windows\SysNative\drivers\lgx64modem.sys (LG Electronics Inc.)
DRV:64bit: - (UsbDiag) -- C:\Windows\SysNative\drivers\lgx64diag.sys (LG Electronics Inc.)
DRV:64bit: - (usbbus) -- C:\Windows\SysNative\drivers\lgx64bus.sys (LG Electronics Inc.)
DRV:64bit: - (int15.sys) -- C:\Windows\SysNative\OEM\factory\int15.sys (Acer, Inc.)
DRV:64bit: - (L1C) -- C:\Windows\SysNative\drivers\L1C62x64.sys (Atheros Communications, Inc.)
DRV - (TuneUpUtilitiesDrv) -- C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys (TuneUp Software)
DRV - (SBRE) -- C:\Windows\SysWOW64\drivers\SBREDrv.sys (GFI Software)
DRV - (dgderdrv) -- C:\Windows\SysWOW64\drivers\dgderdrv.sys (Devguru Co., Ltd)
DRV - (TFsExDisk) -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys (Teruten Inc)
DRV - (cpudrv64) -- C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys ()
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_1810tz&r=273612090016l0333z125t4851a38n
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_1810tz&r=273612090016l0333z125t4851a38n
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_1810tz&r=273612090016l0333z125t4851a38n
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_1810tz&r=273612090016l0333z125t4851a38n
IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_1810tz&r=273612090016l0333z125t4851a38n
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = hxxp://www.web.de/
IE - HKCU\..\URLSearchHook: {66bd2442-241b-44cd-8c7a-b51037053cdb} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{074E482C-DD2C-42B8-96A8-F67ECCE9D474}: "URL" = hxxp://de.wikipedia.org/w/index.php?title=Spezial:Suche&search={searchTerms}
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&AF=119998&babsrc=SP_ss&mntrId=9a65cef7000000000000001e64348cf3
IE - HKCU\..\SearchScopes\{45F03664-29FC-4820-A20A-8DE6B05D7FB2}: "URL" = hxxp://dict.leo.org/ende?lp=ende&lang=de&searchLoc=0&cmpType=relaxed&sectHdr=on&spellToler=on&chinese=both&pinyin=diacritic&search={searchTerms}&relink=on
IE - HKCU\..\SearchScopes\{6299DCEA-64DA-464A-9A47-0BE3CAEED0DB}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2548838
IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_deDE357DE357
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKCU\..\SearchScopes\{86B187AB-D745-4E00-A33A-93D6330BCFB8}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=827316&p={searchTerms}
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = hxxp://isearch.avg.com/search?cid={42903223-B249-4FA0-AF3F-5D1BAAACD349}&mid=36b9e18315d147d183b1d16fd89b6449-75968e8b8846c8686ff11da71a6687c5bf2fec85&lang=de&ds=tt014&pr=sa&d=2011-12-11 09:34:09&v=8.0.0.34&sap=dsp&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_265.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\Windows\system32\TVUAx\npTVUAx.dll (TVU networks)
FF - HKLM\Software\MozillaPlugins\@protectdisc.com/NPPDLicenseHelper: C:\Program Files (x86)\ProtectDisc\License Helper\NPPDLicenseHelper.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\WEB ASSISTANT\FIREFOX
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\Program Files\Web Assistant\Firefox
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.07.21 14:11:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\googlebar@google.com: C:\Users\JoeCool\AppData\Roaming\Google_Toolbar\Google_Toolbar\1.0.0.0 [2012.06.12 14:47:21 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{9A207F60-3F1C-4ED0-972D-0A4CDFBFF803}: C:\Users\JoeCool\AppData\Roaming\13001.026 [2012.07.17 18:00:21 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.07.21 14:11:20 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2011.04.22 07:17:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\JoeCool\AppData\Roaming\mozilla\Extensions
[2012.07.21 14:11:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\JoeCool\AppData\Roaming\mozilla\Firefox\Profiles\ohbo7nap.default\extensions
[2012.07.21 14:11:05 | 000,000,000 | ---D | M] (Ad-Aware Security Toolbar) -- C:\Users\JoeCool\AppData\Roaming\mozilla\Firefox\Profiles\ohbo7nap.default\extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c}
[2012.07.21 14:11:10 | 000,000,000 | ---D | M] (Lavasoft Search Plugin) -- C:\Users\JoeCool\AppData\Roaming\mozilla\Firefox\Profiles\ohbo7nap.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack
[2012.07.21 14:11:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\JoeCool\AppData\Roaming\mozilla\Firefox\Profiles\v2v7uv93.default-1339507078693\extensions
[2012.07.21 14:11:05 | 000,000,000 | ---D | M] (Ad-Aware Security Toolbar) -- C:\Users\JoeCool\AppData\Roaming\mozilla\Firefox\Profiles\v2v7uv93.default-1339507078693\extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c}
[2012.07.21 14:11:10 | 000,000,000 | ---D | M] (Lavasoft Search Plugin) -- C:\Users\JoeCool\AppData\Roaming\mozilla\Firefox\Profiles\v2v7uv93.default-1339507078693\extensions\jid1-yZwVFzbsyfMrqQ@jetpack
[2012.05.11 07:11:59 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2011.07.19 11:45:01 | 000,000,000 | ---D | M] (Long Titles) -- C:\PROGRAM FILES (X86)\HAUFE\IDESK\IDESKBROWSER\EXTENSIONS\{C24AECC7-7C95-507F-D71F-155CB86656DF}
[2012.06.20 20:59:58 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011.11.11 16:45:42 | 000,002,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\adawaretb.xml
[2012.02.18 08:35:09 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.01.24 02:31:45 | 000,003,768 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml
[2012.03.23 21:00:41 | 000,002,310 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
[2012.02.18 08:35:09 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.02.18 08:35:09 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.02.18 08:35:09 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.02.18 08:35:09 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.02.18 08:35:09 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider:  ()
CHR - default_search_provider: search_url = 
CHR - default_search_provider: suggest_url = 
CHR - homepage: hxxp://www.google.com
CHR - Extension: No name found = C:\Users\JoeCool\AppData\Local\Google\Chrome\User Data\Default\Extensions\cknkimpcfkpmmikggddpidpmaljigegp\3_0\
 
O1 HOSTS File: ([2012.03.04 12:49:00 | 000,441,475 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1	www.007guard.com
O1 - Hosts: 127.0.0.1	007guard.com
O1 - Hosts: 127.0.0.1	008i.com
O1 - Hosts: 127.0.0.1	www.008k.com
O1 - Hosts: 127.0.0.1	008k.com
O1 - Hosts: 127.0.0.1	www.00hq.com
O1 - Hosts: 127.0.0.1	00hq.com
O1 - Hosts: 127.0.0.1	010402.com
O1 - Hosts: 127.0.0.1	www.032439.com
O1 - Hosts: 127.0.0.1	032439.com
O1 - Hosts: 127.0.0.1	www.0scan.com
O1 - Hosts: 127.0.0.1	0scan.com
O1 - Hosts: 127.0.0.1	www.1000gratisproben.com
O1 - Hosts: 127.0.0.1	1000gratisproben.com
O1 - Hosts: 127.0.0.1	1001namen.com
O1 - Hosts: 127.0.0.1	www.1001namen.com
O1 - Hosts: 127.0.0.1	100888290cs.com
O1 - Hosts: 127.0.0.1	www.100888290cs.com
O1 - Hosts: 127.0.0.1	www.100sexlinks.com
O1 - Hosts: 127.0.0.1	100sexlinks.com
O1 - Hosts: 127.0.0.1	www.10sek.com
O1 - Hosts: 127.0.0.1	10sek.com
O1 - Hosts: 127.0.0.1	www.1-2005-search.com
O1 - Hosts: 127.0.0.1	1-2005-search.com
O1 - Hosts: 127.0.0.1	www.123fporn.info
O1 - Hosts: 15172 more lines...
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (Ad-Aware Security Toolbar) - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll ()
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Softonic Helper Object) - {E87806B5-E908-45FD-AF5E-957D83E58E68} - C:\Program Files (x86)\Softonic\Softonic\1.5.21.0\bh\Softonic.dll (Softonic.com)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Softonic Toolbar) - {5018CFD2-804D-4C99-9F81-25EAEA2769DE} - C:\Program Files (x86)\Softonic\Softonic\1.5.21.0\SoftonicTlbr.dll (Softonic.com)
O3 - HKLM\..\Toolbar: (Ad-Aware Security Toolbar) - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll ()
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {30F9B915-B755-4826-820B-08FBA6BD249D} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {66BD2442-241B-44CD-8C7A-B51037053CDB} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7E111A5C-3D11-4F56-9463-5310C3C69025} - No CLSID value found.
O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Programme\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (AlcorMicro Co., Ltd.)
O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe ()
O4:64bit: - HKLM..\Run: [PLFSetL] C:\Windows\PLFSetL.exe (sonix)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [SNUVCDSM] C:\Windows\snuvcdsm.exe ()
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Ad-Aware Antivirus] C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher.exe (Lavasoft Limited)
O4 - HKLM..\Run: [Ad-Aware Browsing Protection] C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [IJNetworkScanUtility] C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe (CANON INC.)
O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [LGODDFU] C:\Program Files (x86)\lg_fwupdate\lgfw.exe (Bitleader)
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [PLFSetL] C:\Windows\PLFSetL.exe (sonix)
O4 - HKLM..\Run: [RemoteControl8] C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [ROC_roc_dec12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12 File not found
O4 - HKLM..\Run: [snuvcdsm] C:\Windows\snuvcdsm.exe ()
O4 - HKCU..\Run: [1&1_1&1 Office-Drive Manager] C:\Program Files (x86)\1&1\1&1 Office-Drive Manager\DAVSRV.EXE (1&1 Internet AG)
O4 - HKCU..\Run: [KiesHelper] C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe /s File not found
O4 - HKCU..\Run: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: MaxRecentDocs = 7
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetOpenWith = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108859
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html File not found
O9:64bit: - Extra 'Tools' menuitem : ELO Konfiguration - {0221703C-6E84-4915-9960-593A66B3D84E} - C:\Program Files (x86)\ELOoffice\EloArcConnect.exe ()
O9:64bit: - Extra Button: ELO Archiv - {39FC0E7F-84EA-4962-AB58-33913BC63CAB} - C:\Program Files (x86)\ELOoffice\EloInternetExplorer.htm ()
O9 - Extra 'Tools' menuitem : ELO Konfiguration - {0221703C-6E84-4915-9960-593A66B3D84E} - C:\Program Files (x86)\ELOoffice\EloArcConnect.exe ()
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: ELO Archiv - {39FC0E7F-84EA-4962-AB58-33913BC63CAB} - C:\Program Files (x86)\ELOoffice\EloInternetExplorer.htm ()
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe ()
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: fritz.box ([]* in Lokales Intranet)
O15 - HKCU\..Trusted Ranges: Range1 ([*] in Lokales Intranet)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (QuickTime Object)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{209CAB17-3433-4606-BBA1-C77E5434E188}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7DF772E7-62EB-4A1D-9BD0-AE5DDB4DECB3}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\haufereader - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\haufereader - No CLSID value found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKCU Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{d7d2b325-588f-11e0-a0af-00269e7f8dba}\Shell - "" = AutoRun
O33 - MountPoints2\{d7d2b325-588f-11e0-a0af-00269e7f8dba}\Shell\AutoRun\command - "" = D:\USBAutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 60 Days ==========
 
[2012.07.22 09:39:41 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\JoeCool\Desktop\OTL.exe
[2012.07.21 14:14:13 | 000,000,000 | ---D | C] -- C:\Users\JoeCool\AppData\Local\adaware
[2012.07.21 14:13:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ad-Aware Antivirus
[2012.07.21 14:13:38 | 000,060,536 | ---- | C] (GFI Software) -- C:\Windows\SysNative\drivers\sbhips.sys
[2012.07.21 14:13:37 | 000,045,936 | ---- | C] (GFI Software) -- C:\Windows\SysNative\sbbd.exe
[2012.07.21 14:13:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ad-Aware Antivirus
[2012.07.21 14:11:18 | 000,000,000 | ---D | C] -- C:\Users\JoeCool\AppData\Local\adawarebp
[2012.07.21 14:11:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Ad-Aware Browsing Protection
[2012.07.21 14:10:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\adawaretb
[2012.07.21 14:09:55 | 000,000,000 | ---D | C] -- C:\Users\JoeCool\AppData\Roaming\Ad-Aware Antivirus
[2012.07.19 13:16:46 | 000,000,000 | ---D | C] -- C:\Users\JoeCool\Desktop\MariCon
[2012.07.17 18:00:17 | 000,000,000 | ---D | C] -- C:\Users\JoeCool\AppData\Roaming\13001.026
[2012.07.17 12:52:27 | 000,000,000 | ---D | C] -- C:\Users\JoeCool\AppData\Roaming\Skype
[2012.07.17 12:51:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012.07.17 12:51:53 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2012.07.17 12:51:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2012.07.17 12:51:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2012.07.14 20:46:51 | 000,000,000 | ---D | C] -- C:\Users\JoeCool\AppData\Roaming\13001.025
[2012.07.13 17:08:34 | 000,000,000 | ---D | C] -- C:\Users\JoeCool\AppData\Roaming\13001.024
[2012.07.12 20:42:42 | 000,000,000 | ---D | C] -- C:\Users\JoeCool\AppData\Roaming\13001.023
[2012.07.12 14:40:32 | 000,000,000 | ---D | C] -- C:\Users\JoeCool\AppData\Roaming\UAs
[2012.07.12 14:04:59 | 000,000,000 | ---D | C] -- C:\Users\JoeCool\AppData\Roaming\13001.022
[2012.07.12 14:04:34 | 000,000,000 | ---D | C] -- C:\Users\JoeCool\AppData\Roaming\xmldm
[2012.07.12 14:04:30 | 000,000,000 | ---D | C] -- C:\Users\JoeCool\AppData\Roaming\kock
[2012.07.06 12:55:11 | 000,000,000 | ---D | C] -- C:\Users\JoeCool\AppData\Roaming\EurekaLog
[2012.06.27 08:27:05 | 000,000,000 | ---D | C] -- C:\Users\JoeCool\AppData\Roaming\Avira
[2012.06.27 08:21:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2012.06.27 08:21:27 | 000,132,832 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys
[2012.06.27 08:21:27 | 000,098,848 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2012.06.27 08:21:27 | 000,027,760 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avkmgr.sys
[2012.06.27 08:21:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2012.06.27 08:21:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
[2012.06.26 12:15:07 | 000,000,000 | ---D | C] -- C:\Users\JoeCool\AppData\Roaming\Temp
[2012.06.26 12:02:02 | 000,177,640 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\ssadmdm.sys
[2012.06.26 12:02:02 | 000,013,800 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\ssadwhnt.sys
[2012.06.26 12:02:01 | 000,157,672 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\ssadbus.sys
[2012.06.26 12:02:01 | 000,016,872 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\ssadmdfl.sys
[2012.06.26 12:02:01 | 000,013,288 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\ssadcmnt.sys
[2012.06.26 11:33:00 | 000,000,000 | ---D | C] -- C:\2c9c9d0d276235ed2517d9b428
[2012.06.25 13:07:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BMWi-Businessplaner
[2012.06.25 13:07:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BMWi-Businessplaner
[2012.06.21 07:48:17 | 000,000,000 | ---D | C] -- C:\Users\JoeCool\AppData\Local\Macromedia
[2012.06.19 12:22:28 | 002,622,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll
[2012.06.19 12:22:28 | 000,057,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe
[2012.06.19 12:22:28 | 000,044,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups2.dll
[2012.06.19 12:22:18 | 000,701,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll
[2012.06.19 12:22:18 | 000,099,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll
[2012.06.19 12:22:18 | 000,038,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups.dll
[2012.06.19 12:21:57 | 000,186,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll
[2012.06.19 12:21:57 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe
[2012.06.12 16:35:21 | 000,109,248 | ---- | C] (Microsoft Corporation) -- C:\MSWINSCK.OCX
[2012.06.12 16:35:21 | 000,000,000 | ---D | C] -- C:\Program Files\Accessories
[2012.06.12 16:35:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Cannonnt
[2012.06.12 16:07:33 | 001,386,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\c.dll
[2012.06.12 16:06:55 | 001,386,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieobject.dll
[2012.06.12 16:06:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WebDevl
[2012.06.12 16:05:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Accessories
[2012.06.12 11:18:33 | 000,000,000 | ---D | C] -- C:\Users\JoeCool\AppData\Roaming\Google_Toolbar
[2012.06.12 11:18:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gmail Hacker Pro
[2012.06.12 11:18:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HackerPro
[2012.06.12 11:18:23 | 000,000,000 | ---D | C] -- C:\Users\JoeCool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Gmail Hacker Pro
[2012.06.12 07:58:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SecurityXploded
[2012.06.11 12:47:27 | 000,000,000 | ---D | C] -- C:\Users\JoeCool\Documents\CyberLink
[2012.06.11 07:43:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced Renamer
[2012.06.10 12:30:58 | 000,000,000 | ---D | C] -- C:\Users\JoeCool\AppData\Roaming\Serif
[2012.06.10 12:29:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\MSSoap
[2012.06.10 12:29:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Serif Applications
[2012.06.10 12:29:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Serif
[2012.06.10 12:18:10 | 000,000,000 | ---D | C] -- C:\Users\JoeCool\.dia
[2012.06.10 11:29:04 | 000,000,000 | ---D | C] -- C:\Users\JoeCool\.gimp-2.8
[2012.06.09 10:57:01 | 000,000,000 | ---D | C] -- C:\Users\JoeCool\AppData\Local\SmartTools_Publishing,_Th
[2012.06.09 10:48:06 | 000,000,000 | ---D | C] -- C:\Users\JoeCool\Documents\Add-in Express
[2012.06.09 10:48:02 | 000,000,000 | ---D | C] -- C:\Users\JoeCool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SmartTools
[2012.06.09 10:48:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SmartTools
[2012.06.09 10:44:05 | 000,000,000 | ---D | C] -- C:\Users\JoeCool\AppData\Roaming\SmartTools
[2012.06.09 10:41:37 | 000,000,000 | ---D | C] -- C:\Users\JoeCool\AppData\Roaming\Hulubulu
[2012.06.09 10:41:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Advanced Renamer
[2012.06.09 10:24:17 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallShield
[2012.06.08 09:12:26 | 000,000,000 | ---D | C] -- C:\Users\JoeCool\My PowerPoints
[2012.06.07 07:27:49 | 000,000,000 | ---D | C] -- C:\Users\JoeCool\MISC
[2012.06.05 16:46:04 | 000,000,000 | R--D | C] -- C:\Users\JoeCool\Documents\Scanned Documents
[2012.06.05 16:46:04 | 000,000,000 | ---D | C] -- C:\Users\JoeCool\Documents\Fax
[2012.06.05 12:53:13 | 000,000,000 | ---D | C] -- C:\Users\JoeCool\AppData\Roaming\1&1
[2012.06.05 12:53:00 | 000,199,752 | ---- | C] (1&1 Internet AG) -- C:\Windows\SysNative\drivers\ui11drdr.SYS
[2012.06.05 12:53:00 | 000,011,776 | ---- | C] (1&1 Internet AG) -- C:\Windows\SysNative\ui11dnp.dll
[2012.06.05 12:53:00 | 000,008,192 | ---- | C] (1&1 Internet AG) -- C:\Windows\SysWow64\ui11dnp.dll
[2012.06.05 12:52:59 | 000,000,000 | ---D | C] -- C:\Users\JoeCool\AppData\Local\1&1
[2012.06.05 12:52:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\1&1
[2012.06.05 12:52:59 | 000,000,000 | ---D | C] -- C:\ProgramData\1&1
[2012.06.05 12:52:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\1&1
[2012.06.02 10:51:38 | 000,000,000 | ---D | C] -- C:\Users\JoeCool\AppData\Roaming\kompozer.net
[2012.06.02 10:51:38 | 000,000,000 | ---D | C] -- C:\Users\JoeCool\AppData\Local\kompozer.net
[2012.06.02 10:50:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KompoZer_BETA
[2012.06.02 10:50:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\KompoZer_BETA
[2012.05.31 14:56:55 | 000,000,000 | ---D | C] -- C:\Users\JoeCool\AppData\Roaming\XMLmind
[2012.05.31 14:56:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XML Editor
[2012.05.31 14:55:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\XML_Editor
[2009.10.23 08:50:09 | 000,036,136 | ---- | C] (Oberon Media) -- C:\ProgramData\FullRemove.exe
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\JoeCool\AppData\Roaming\*.tmp files -> C:\Users\JoeCool\AppData\Roaming\*.tmp -> ]
 
========== Files - Modified Within 60 Days ==========
 
[2012.07.22 10:05:01 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.07.22 09:39:46 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\JoeCool\Desktop\OTL.exe
[2012.07.22 09:20:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.07.21 18:05:17 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.07.21 14:27:50 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.07.21 14:27:50 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.07.21 14:26:24 | 001,864,982 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.07.21 14:26:24 | 000,797,262 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.07.21 14:26:24 | 000,735,300 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.07.21 14:26:24 | 000,185,004 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.07.21 14:26:24 | 000,148,068 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.07.21 14:21:36 | 000,000,343 | ---- | M] () -- C:\Windows\lgfwup.ini
[2012.07.21 14:21:26 | 000,001,872 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
[2012.07.21 14:19:14 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.07.21 14:19:06 | 1556,279,296 | -HS- | M] () -- C:\hiberfil.sys
[2012.07.21 12:03:34 | 000,000,064 | ---- | M] () -- C:\Windows\SysWow64\rp_stats.dat
[2012.07.21 12:03:34 | 000,000,044 | ---- | M] () -- C:\Windows\SysWow64\rp_rules.dat
[2012.07.21 11:53:34 | 004,503,728 | ---- | M] () -- C:\ProgramData\kp_0loor.pad
[2012.07.19 16:10:34 | 002,686,168 | ---- | M] () -- C:\Users\JoeCool\Desktop\Whisky.gif
[2012.07.17 18:12:51 | 000,001,117 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.07.17 18:10:48 | 000,000,051 | ---- | M] () -- C:\Users\JoeCool\AppData\Roaming\blckdom.res
[2012.07.17 17:49:55 | 000,171,712 | ---- | M] () -- C:\Users\JoeCool\AppData\Roaming\AcroIEHelpe170.dll
[2012.07.17 17:49:55 | 000,006,400 | ---- | M] () -- C:\Users\JoeCool\AppData\Roaming\BAcroIEHelpe170.dll
[2012.07.17 16:52:52 | 001,269,795 | ---- | M] () -- C:\Users\JoeCool\Desktop\Overwatch.pdf
[2012.07.17 12:51:54 | 000,002,517 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2012.07.14 16:09:00 | 000,000,011 | ---- | M] () -- C:\Users\JoeCool\AppData\Roaming\urhtps.dat
[2012.07.13 23:00:55 | 000,007,030 | ---- | M] () -- C:\Users\JoeCool\Desktop\avatar-2910.jpg
[2012.07.12 09:20:30 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012.07.12 09:20:30 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012.07.08 20:39:21 | 004,503,728 | ---- | M] () -- C:\ProgramData\go_0molg.pad
[2012.07.05 23:03:34 | 000,028,648 | ---- | M] () -- C:\Users\JoeCool\Desktop\gj9jsfoy.jpg
[2012.07.03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.06.27 08:21:39 | 000,001,998 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012.06.26 11:49:41 | 001,842,876 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.06.25 13:07:29 | 000,001,356 | ---- | M] () -- C:\Users\Public\Desktop\BMWi-Businessplaner Gründung.lnk
[2012.06.12 18:08:25 | 000,000,860 | ---- | M] () -- C:\Windows\SysWow64\runrefog.lnk
[2012.06.12 17:16:53 | 000,000,046 | ---- | M] () -- C:\Windows\winclfile.dll
[2012.06.12 17:15:59 | 000,000,026 | ---- | M] () -- C:\Windows\refsdm.dll
[2012.06.12 17:12:01 | 000,000,790 | ---- | M] () -- C:\Windows\slog.dll
[2012.06.12 16:10:25 | 000,000,001 | ---- | M] () -- C:\Windows\dwatson.dll
[2012.06.12 16:06:56 | 000,000,006 | ---- | M] () -- C:\Windows\ntcore.dll
[2012.06.12 16:06:55 | 000,000,019 | ---- | M] () -- C:\Windows\NTVDLL.dll
[2012.06.12 15:48:41 | 000,000,782 | ---- | M] () -- C:\Windows\wininit.ini
[2012.06.12 14:37:21 | 000,000,955 | ---- | M] () -- C:\Users\JoeCool\Desktop\Ardamax Keylogger 3.8.5.lnk
[2012.06.12 11:18:24 | 000,001,027 | ---- | M] () -- C:\Users\JoeCool\Desktop\Gmail Hacker Pro.lnk
[2012.06.12 08:15:05 | 000,000,853 | ---- | M] () -- C:\user.js
[2012.06.12 07:58:33 | 000,001,107 | ---- | M] () -- C:\Users\JoeCool\Desktop\SXPasswordSuite.lnk
[2012.06.11 12:20:00 | 000,076,328 | ---- | M] () -- C:\Users\JoeCool\Desktop\Germany - Lloyd's Crystal.pdf
[2012.06.11 07:43:59 | 000,001,047 | ---- | M] () -- C:\Users\JoeCool\Desktop\Advanced Renamer.lnk
[2012.06.11 06:31:32 | 000,443,920 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.06.10 12:29:52 | 000,002,250 | ---- | M] () -- C:\Users\Public\Desktop\Serif PagePlus Starter Edition.lnk
[2012.06.10 12:17:44 | 000,007,469 | ---- | M] () -- C:\Users\JoeCool\AppData\Local\recently-used.xbel
[2012.06.07 13:46:19 | 000,001,335 | ---- | M] () -- C:\Users\JoeCool\Desktop\STRIKE_CLUB.lnk
[2012.06.07 07:43:06 | 000,002,091 | ---- | M] () -- C:\Users\JoeCool\Desktop\julitecCRM.lnk
[2012.06.07 07:42:25 | 000,001,887 | ---- | M] () -- C:\Users\JoeCool\Desktop\ELOoffice.lnk
[2012.06.07 07:36:18 | 000,001,030 | ---- | M] () -- C:\Users\JoeCool\Desktop\Bewerbungen.lnk
[2012.06.07 07:33:31 | 000,004,979 | ---- | M] () -- C:\Users\JoeCool\Desktop\filezilla.exe.lnk
[2012.06.07 07:33:10 | 000,000,992 | ---- | M] () -- C:\Users\JoeCool\Desktop\MARICON.lnk
[2012.06.06 16:18:21 | 000,006,144 | ---- | M] () -- C:\Users\JoeCool\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.06.06 13:53:31 | 000,000,277 | ---- | M] () -- C:\Windows\ODBC.INI
[2012.06.06 07:09:32 | 000,000,039 | ---- | M] () -- C:\Windows\combit.ini
[2012.06.05 12:52:59 | 000,001,413 | ---- | M] () -- C:\Users\Public\Desktop\Office-Driver.lnk
[2012.06.04 08:59:19 | 000,011,530 | ---- | M] () -- C:\Users\JoeCool\Documents\DOT.sla
[2012.06.04 08:53:25 | 000,011,530 | ---- | M] () -- C:\Users\JoeCool\Documents\DOT.sla.autosave
[2012.06.03 00:19:46 | 000,038,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wups.dll
[2012.06.03 00:19:42 | 000,057,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe
[2012.06.03 00:19:42 | 000,044,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wups2.dll
[2012.06.03 00:19:23 | 000,701,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll
[2012.06.03 00:15:31 | 002,622,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll
[2012.06.03 00:15:08 | 000,099,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll
[2012.06.02 15:19:42 | 000,186,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll
[2012.06.02 15:15:12 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe
[2012.06.02 10:45:28 | 000,001,650 | ---- | M] () -- C:\Windows\mozver.dat
[2012.05.29 09:38:50 | 000,330,240 | ---- | M] ((주)마크애니) -- C:\Windows\MASetupCaller.dll
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\JoeCool\AppData\Roaming\*.tmp files -> C:\Users\JoeCool\AppData\Roaming\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.07.21 14:13:58 | 000,001,872 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
[2012.07.20 17:43:23 | 004,503,728 | ---- | C] () -- C:\ProgramData\kp_0loor.pad
[2012.07.19 16:10:33 | 002,686,168 | ---- | C] () -- C:\Users\JoeCool\Desktop\Whisky.gif
[2012.07.17 18:12:51 | 000,001,117 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.07.17 17:49:55 | 000,171,712 | ---- | C] () -- C:\Users\JoeCool\AppData\Roaming\AcroIEHelpe170.dll
[2012.07.17 17:49:55 | 000,006,400 | ---- | C] () -- C:\Users\JoeCool\AppData\Roaming\BAcroIEHelpe170.dll
[2012.07.17 16:52:00 | 001,269,795 | ---- | C] () -- C:\Users\JoeCool\Desktop\Overwatch.pdf
[2012.07.17 12:51:54 | 000,002,517 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2012.07.14 16:09:00 | 000,000,011 | ---- | C] () -- C:\Users\JoeCool\AppData\Roaming\urhtps.dat
[2012.07.13 23:00:51 | 000,007,030 | ---- | C] () -- C:\Users\JoeCool\Desktop\avatar-2910.jpg
[2012.07.12 14:04:50 | 000,000,051 | ---- | C] () -- C:\Users\JoeCool\AppData\Roaming\blckdom.res
[2012.07.08 20:19:28 | 004,503,728 | ---- | C] () -- C:\ProgramData\go_0molg.pad
[2012.07.05 23:03:25 | 000,028,648 | ---- | C] () -- C:\Users\JoeCool\Desktop\gj9jsfoy.jpg
[2012.06.27 08:21:39 | 000,001,998 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012.06.25 13:07:29 | 000,001,356 | ---- | C] () -- C:\Users\Public\Desktop\BMWi-Businessplaner Gründung.lnk
[2012.06.12 18:08:25 | 000,000,860 | ---- | C] () -- C:\Windows\SysWow64\runrefog.lnk
[2012.06.12 16:33:15 | 000,000,026 | ---- | C] () -- C:\Windows\refsdm.dll
[2012.06.12 16:29:06 | 000,000,790 | ---- | C] () -- C:\Windows\slog.dll
[2012.06.12 16:10:25 | 000,000,046 | ---- | C] () -- C:\Windows\winclfile.dll
[2012.06.12 16:10:25 | 000,000,001 | ---- | C] () -- C:\Windows\dwatson.dll
[2012.06.12 16:06:56 | 000,000,006 | ---- | C] () -- C:\Windows\ntcore.dll
[2012.06.12 16:06:55 | 000,000,019 | ---- | C] () -- C:\Windows\NTVDLL.dll
[2012.06.12 14:37:21 | 000,000,955 | ---- | C] () -- C:\Users\JoeCool\Desktop\Ardamax Keylogger 3.8.5.lnk
[2012.06.12 11:18:24 | 000,001,027 | ---- | C] () -- C:\Users\JoeCool\Desktop\Gmail Hacker Pro.lnk
[2012.06.12 07:58:33 | 000,001,107 | ---- | C] () -- C:\Users\JoeCool\Desktop\SXPasswordSuite.lnk
[2012.06.11 12:20:00 | 000,076,328 | ---- | C] () -- C:\Users\JoeCool\Desktop\Germany - Lloyd's Crystal.pdf
[2012.06.11 07:43:59 | 000,001,047 | ---- | C] () -- C:\Users\JoeCool\Desktop\Advanced Renamer.lnk
[2012.06.10 12:29:52 | 000,002,250 | ---- | C] () -- C:\Users\Public\Desktop\Serif PagePlus Starter Edition.lnk
[2012.06.10 12:29:51 | 000,002,499 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Serif PagePlus Starter Edition.lnk
[2012.06.10 12:17:44 | 000,007,469 | ---- | C] () -- C:\Users\JoeCool\AppData\Local\recently-used.xbel
[2012.06.07 13:46:19 | 000,001,335 | ---- | C] () -- C:\Users\JoeCool\Desktop\STRIKE_CLUB.lnk
[2012.06.07 07:43:06 | 000,002,091 | ---- | C] () -- C:\Users\JoeCool\Desktop\julitecCRM.lnk
[2012.06.07 07:42:25 | 000,001,887 | ---- | C] () -- C:\Users\JoeCool\Desktop\ELOoffice.lnk
[2012.06.07 07:36:18 | 000,001,030 | ---- | C] () -- C:\Users\JoeCool\Desktop\Bewerbungen.lnk
[2012.06.07 07:33:31 | 000,004,979 | ---- | C] () -- C:\Users\JoeCool\Desktop\filezilla.exe.lnk
[2012.06.07 07:33:10 | 000,000,992 | ---- | C] () -- C:\Users\JoeCool\Desktop\MARICON.lnk
[2012.06.05 12:52:59 | 000,001,413 | ---- | C] () -- C:\Users\Public\Desktop\Office-Driver.lnk
[2012.06.04 08:53:25 | 000,011,530 | ---- | C] () -- C:\Users\JoeCool\Documents\DOT.sla.autosave
[2012.06.04 07:32:08 | 000,011,530 | ---- | C] () -- C:\Users\JoeCool\Documents\DOT.sla
[2012.06.02 10:45:11 | 000,001,650 | ---- | C] () -- C:\Windows\mozver.dat
[2012.05.28 10:40:39 | 000,028,672 | ---- | C] () -- C:\Windows\SysWow64\nnr.dll
[2012.05.12 11:11:41 | 000,038,425 | ---- | C] () -- C:\Users\JoeCool\AppData\Roaming\Microsoft Excel 97-2003.ADR
[2012.04.28 10:54:37 | 000,000,039 | ---- | C] () -- C:\Windows\combit.ini
[2012.04.24 14:01:04 | 000,000,277 | ---- | C] () -- C:\Windows\ODBC.INI
[2012.04.24 13:49:28 | 000,350,208 | ---- | C] () -- C:\Windows\SysWow64\EloOpenOffice.dll
[2012.04.24 13:49:28 | 000,163,160 | ---- | C] () -- C:\Windows\SysWow64\ELOComRes.dll
[2012.04.24 13:49:22 | 000,005,632 | ---- | C] () -- C:\Windows\SysWow64\fteh006n.dll
[2012.04.24 13:45:17 | 000,000,000 | ---- | C] () -- C:\Windows\FULINST.INI
[2012.03.04 12:10:42 | 000,000,782 | ---- | C] () -- C:\Windows\wininit.ini
[2012.01.25 14:49:20 | 000,000,000 | ---- | C] () -- C:\Windows\OPPRIN~1.INI
[2012.01.25 14:27:17 | 000,338,432 | ---- | C] () -- C:\Windows\SysWow64\sqlite36_engine.dll
[2011.12.23 21:58:28 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2011.07.19 10:16:33 | 000,239,616 | ---- | C] ( ) -- C:\Windows\SysWow64\rsnp2uvc.dll
[2011.07.19 10:16:33 | 000,027,184 | ---- | C] () -- C:\Windows\snuvcdsm.exe
[2011.07.19 10:16:33 | 000,000,323 | ---- | C] () -- C:\Windows\PidList.ini
[2011.05.20 08:59:18 | 000,038,441 | ---- | C] () -- C:\Users\JoeCool\AppData\Roaming\Kommagetrennte Werte (Windows).ADR
[2011.05.17 12:28:58 | 000,245,354 | ---- | C] () -- C:\Windows\hpoins19.dat
[2011.05.17 12:28:58 | 000,013,898 | ---- | C] () -- C:\Windows\hpomdl19.dat
[2011.05.04 11:04:31 | 000,000,064 | ---- | C] () -- C:\Windows\SysWow64\rp_stats.dat
[2011.05.04 11:04:31 | 000,000,044 | ---- | C] () -- C:\Windows\SysWow64\rp_rules.dat
[2011.04.22 07:17:18 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2011.04.15 12:34:30 | 000,007,598 | ---- | C] () -- C:\Users\JoeCool\AppData\Local\Resmon.ResmonCfg
[2011.04.07 17:19:01 | 000,000,343 | ---- | C] () -- C:\Windows\lgfwup.ini
[2010.12.16 22:29:02 | 000,000,316 | ---- | C] () -- C:\Windows\Jelly.ini
[2010.11.07 11:54:25 | 000,178,176 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2010.09.06 09:19:40 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2010.09.06 09:19:40 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2010.09.06 09:19:40 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2010.09.06 09:19:40 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2009.12.25 13:30:39 | 000,006,144 | ---- | C] () -- C:\Users\JoeCool\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 147 bytes -> C:\ProgramData\Temp:4D066AD2
@Alternate Data Stream - 146 bytes -> C:\ProgramData\Temp:AB689DEA
@Alternate Data Stream - 138 bytes -> C:\ProgramData\Temp:5D7E5A8F
@Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:E1F04E8D
@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:ABE89FFE
@Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:0B9176C0
@Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:4CF61E54

< End of report >
         
--- --- ---

----OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 22.07.2012 10:09:23 - Run 1
OTL by OldTimer - Version 3.2.54.0     Folder = C:\Users\JoeCool\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,93 Gb Total Physical Memory | 0,57 Gb Available Physical Memory | 29,49% Memory free
3,87 Gb Paging File | 1,60 Gb Available in Paging File | 41,29% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 220,79 Gb Total Space | 148,73 Gb Free Space | 67,36% Space Free | Partition Type: NTFS
 
Computer Name: ACER-NETBOOK | User Name: JoeCool | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 60 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Program Files (x86)\combit\cRM\Tools\editor\Scite.exe %1
jsefile [edit] -- C:\Program Files (x86)\combit\cRM\\Tools\editor\Scite.exe %1
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
vbefile [edit] -- C:\Program Files (x86)\combit\cRM\\Tools\editor\Scite.exe %1
vbsfile [edit] -- C:\Program Files (x86)\combit\cRM\Tools\editor\Scite.exe %1
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Directory [TVersity] -- "C:\ProgramData\TVersity\Media Server\GUILaunch.exe" -type "folder" -url "%1" -title "" -tags "" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Program Files (x86)\combit\cRM\Tools\editor\Scite.exe %1
jsefile [edit] -- C:\Program Files (x86)\combit\cRM\\Tools\editor\Scite.exe %1
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
vbefile [edit] -- C:\Program Files (x86)\combit\cRM\\Tools\editor\Scite.exe %1
vbsfile [edit] -- C:\Program Files (x86)\combit\cRM\Tools\editor\Scite.exe %1
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Directory [TVersity] -- "C:\ProgramData\TVersity\Media Server\GUILaunch.exe" -type "folder" -url "%1" -title "" -tags "" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()
"C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()
"C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{019951C3-1C99-40DE-A186-4E559D1CEE96}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{02E421BD-37A2-40BD-A94E-A1274D477968}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{076A816D-2581-4CE7-8EF6-E0D9BC5FF978}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{251FBBB8-11D6-48CA-9781-32A4B70498C6}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{26A20839-DC1D-4ED6-A244-C1F40B34A429}" = rport=445 | protocol=6 | dir=out | app=system | 
"{29CBF912-AB23-4F05-AFEE-EFB405EB1C30}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe | 
"{2AA753BE-B2D2-478F-AA81-6999969158BB}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{350F8951-8CF4-4C99-84D7-666C9FE7775C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{3A0A9E0F-78AC-43AE-88E5-B40A61A769AF}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{44363E6E-9E0D-4BA5-8D6F-D6D22F040AD1}" = rport=2869 | protocol=6 | dir=out | app=system | 
"{4A2FFA07-4982-4AAE-A485-123A73C1688C}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{575C6EC3-4CBF-4A22-A603-5E9D88DC68F1}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{61661006-663B-4646-AB6C-2BB519BD7C9C}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{6193AB39-796B-4C54-A0BA-BC5BDEC6C0CD}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{6A0EB992-4AF1-4E09-9CB3-94C4E764AAEE}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{72125DC3-06F4-43C4-90FC-77B4C3FD424C}" = lport=138 | protocol=17 | dir=in | app=system | 
"{7AA62526-8230-4616-8732-896C6F076A25}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{7C8EFEE3-4EDB-4ED9-9903-515379382263}" = rport=137 | protocol=17 | dir=out | app=system | 
"{7D36344F-E5ED-4DFE-8BA0-03291D1FB230}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{81B05B84-A3CF-4B52-B563-1697064976FA}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{8331B423-5EEC-4404-A560-559E69AFB284}" = lport=139 | protocol=6 | dir=in | app=system | 
"{92621AC1-E7BA-4836-BF16-7107876953D5}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{96DC1309-6D17-45D9-8E44-F52D0CD6434C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{9D1A1B6E-D587-4E58-8945-BE95EA99BC94}" = lport=137 | protocol=17 | dir=in | app=system | 
"{AD3E67A3-7C42-4F0C-836D-E91AB15DA9DF}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{AEFF8A2F-BDE2-40EB-960A-28053878AC27}" = rport=138 | protocol=17 | dir=out | app=system | 
"{B858A87E-662D-423D-BFB1-2291CCA49DDE}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{C6D9EB52-1995-4FED-85C8-A53903DB6B96}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{CB193A92-D3DD-4B31-A9AA-4EAE1DCCD0B2}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{D6CFDF84-48E2-451F-B6A4-0A00896CBED5}" = rport=139 | protocol=6 | dir=out | app=system | 
"{DE4E99C2-7B02-4367-A762-A4622CCA781E}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{E4BAE3C2-F217-4A5A-92E2-3B5447EB23C0}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{E91C8DFF-D87E-4A4D-BBC0-83AD8F8BB5BF}" = lport=445 | protocol=6 | dir=in | app=system | 
"{EEE82DC8-D717-4892-B063-2A27D9D27FEF}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{003C28DE-4E84-4464-B73A-C4A833AF59AA}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqste08.exe | 
"{01A310EE-6993-4B32-91AF-C3524A98DE25}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgm.exe | 
"{035C9307-2680-47C5-8287-DA18248C2185}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqcopy2.exe | 
"{05B3D514-5D58-417D-AA58-A9E08EF020CC}" = protocol=6 | dir=in | app=c:\program files (x86)\rayv\rayv\rayv.exe | 
"{0A4732AB-3FD7-4B43-94FC-5DCF0669B990}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqpse.exe | 
"{0BFC2AF2-0E16-400D-80FF-763DE3D7ECB0}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpfccopy.exe | 
"{0ED77FEF-6611-49CD-AD93-68034B5A659E}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpoews01.exe | 
"{11927016-17A6-40B1-8FDC-6C410E0D2A83}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe | 
"{131D4EFC-2901-4E7C-B7F7-A85A26358879}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{17EAF686-B5BC-4EFF-B0DA-272D5CBFFBC7}" = protocol=6 | dir=in | app=c:\program files (x86)\rayv\rayv\rayv.exe | 
"{1A408AC7-D2BB-48F1-A29B-1F345EA7087D}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 | 
"{1D98C195-8B0B-4E30-AAF1-6A2A5A24B529}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe | 
"{26763DC9-4FF4-4D15-9B0B-246F7AF0D526}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{267A1C27-9CCD-479B-9B26-295BEB50F63A}" = dir=in | app=c:\program files (x86)\common files\hp\digital imaging\bin\hpqphotocrm.exe | 
"{2DA7C2A5-6DC4-488C-9C19-C1CABD149A7C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{2E7791BB-7C2F-4A0C-8272-F8DE6FAAAFB2}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe | 
"{2F5556C2-B3E6-48EE-A3C9-DE4D6636DB41}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgpc01.exe | 
"{2FB830A0-B618-4000-906F-C4766B2F2AE7}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqsudi.exe | 
"{364CD55A-3AD2-465C-A4D8-B2B50F27F57A}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{3D146DA2-6AFE-4282-BA3F-853A73B0674C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{3EEA3DC5-D3D6-423F-A7E6-0E5C70481D5B}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpofxm08.exe | 
"{3FDB48DF-895F-4E7D-BF03-B8AFDB3F8737}" = protocol=6 | dir=out | app=system | 
"{4130F6CB-5F98-405D-9369-D8DE983DBEC2}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | 
"{4599EADA-4427-48CA-854E-BF099494AD10}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | 
"{4BD9D63B-8549-45F3-820C-8A35644617C8}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{4C7BEED6-0944-4BC0-9DD0-1F0E9F8A5AC7}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{4C9CDE30-8AD9-45AE-BEE9-3C04F5768010}" = dir=in | app=c:\program files (x86)\hp\hp software update\hpwucli.exe | 
"{4FA2EAB6-575E-4AD0-AE4D-3CE482681B74}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{4FF4E3A8-B7AA-46D3-BCF0-798674C1F35D}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{575A4804-9069-4FE7-9E6A-6DE5B4F9E9B9}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{5C8B2F5A-3393-4690-A4E0-A9094BF9C6F5}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqfxt08.exe | 
"{5CC4FE2F-D506-4A20-9EC7-93EA66CBC0CF}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{62A835AB-E066-47B5-A079-2BD662C52C3A}" = protocol=17 | dir=in | app=c:\program files (x86)\rayv\rayv\rayv.dll | 
"{682A5125-3680-4A1F-A1D9-738024E03E18}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgplgtupl.exe | 
"{6C24E2BF-8679-4ACF-9DC4-2DFC6892BA9E}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe | 
"{6E470209-D99F-4934-9E43-97E72D5D35F3}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{6FCC02AE-8373-4FB4-A919-706D97FC5BEA}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{72C0BB05-4485-46C3-889A-0F5B1F928F5B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{7ADC6447-0877-433F-9924-C80B35EC57D0}" = protocol=17 | dir=in | app=c:\program files (x86)\rayv\rayv\rayv.dll | 
"{841A03F1-B2EE-4946-97F4-CB7C61BCCBBF}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqnrs08.exe | 
"{85A11F5F-65E7-4E30-90E2-9C3CD460BC70}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe | 
"{861040D1-973C-48ED-AB14-2DE90EE1F9C8}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqpsapp.exe | 
"{87D959A7-48D7-4097-859C-1241EC9C8E68}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{8A71ED90-FBB3-4AE2-897F-EE78BD09B97E}" = dir=in | app=c:\program files (x86)\hp\digital imaging\smart web printing\smartwebprintexe.exe | 
"{97124854-8DAC-4585-BEB9-4CCC550E2E4E}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd8\powerdvd8.exe | 
"{98C7A3E5-8A85-473A-AE21-B05CEFC84475}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{99B0FA31-8A7A-43F5-8740-CCFDCC659653}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{9F2765F8-B79F-4A6F-AC77-550A523B77D8}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"{A201CB10-9DD7-4028-ABF7-879C84916AD6}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe | 
"{ABC5063F-3631-4110-A07B-54C1BCCB4BB0}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{B3C19819-F970-4585-BA91-1920FED9B488}" = protocol=17 | dir=in | app=c:\program files (x86)\rayv\rayv\rayv.exe | 
"{B7768752-48F6-4FAF-B03A-24142FFDE3FF}" = protocol=6 | dir=in | app=c:\program files (x86)\rayv\rayv\rayv.dll | 
"{B86F35C4-D4E8-46D8-B293-1E1E2EA61453}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpofxs08.exe | 
"{B8F16573-E282-4641-AC6A-6EDE0B515EAF}" = dir=in | app=c:\program files (x86)\acer\acer vcm\vc.exe | 
"{BACAFB9E-1315-475D-BE4E-CAC2580A171A}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe | 
"{BF73BE70-F179-45A9-93A0-1EC0B4FA6201}" = protocol=17 | dir=in | app=c:\program files (x86)\rayv\rayv\rayv.exe | 
"{BF7C8D4D-76F8-4839-A53C-8316A6A6C53D}" = dir=in | app=c:\program files (x86)\acer\acer vcm\rs_service.exe | 
"{CEE5ADAA-C65C-4AAA-8BF2-0656A2C34B37}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpzwiz01.exe | 
"{D3E2AF50-233A-44D1-9BD5-8A1D1C5910F5}" = protocol=6 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe | 
"{DB98C6DF-7714-4F88-896E-68C828D5ADDC}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe | 
"{E9AB88B7-4F65-4762-8544-BCBC260BA6AA}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{EC7ED577-0033-4975-8F0E-25D3EBFE2B45}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{ECCFA772-4A09-402B-93C2-36496B7F19B1}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{F0948863-3EE0-4413-A70E-C5689FC88FBA}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgh.exe | 
"{F5F0151B-B8CC-46B0-899D-8ED93428F78B}" = protocol=6 | dir=in | app=c:\program files (x86)\rayv\rayv\rayv.dll | 
"{F76B2608-5EF1-4BD2-AF7C-9EE45680C9AF}" = protocol=17 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe | 
"{F9BF9041-6ED5-4D50-AACD-20A8AD031C54}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposfx08.exe | 
"{F9DC5605-BFE3-4E56-9E01-F3ABB6A9C441}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"TCP Query User{16F77AF2-DC52-4F07-BF20-47B0B08F1288}C:\program files (x86)\nas utility\pnmd\pnmd.exe" = protocol=6 | dir=in | app=c:\program files (x86)\nas utility\pnmd\pnmd.exe | 
"UDP Query User{7B3E1F31-F802-4A1A-8B4C-E4C7DB22B540}C:\program files (x86)\nas utility\pnmd\pnmd.exe" = protocol=17 | dir=in | app=c:\program files (x86)\nas utility\pnmd\pnmd.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{05EFBF37-0E52-4579-875C-7EEF0DFB4FCB}" = Network64
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{11538652-E5E4-37F1-86D7-418871E45292}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5200_series" = Canon MG5200 series MP Drivers
"{25FBDA9A-E868-4B3B-B9FF-D923818511A1}" = Intel(R) PROSet/Wireless WiFi-Software
"{26A24AE4-039D-4CA4-87B4-2F86416017FF}" = Java(TM) 6 Update 17 (64-bit)
"{529125EF-E3AC-4B74-97E6-F688A7C0F1C0}" = Paint.NET v3.5.10
"{55D55008-E5F6-47D6-B16F-B2A40D4D145F}" = 64 Bit HP CIO Components Installer
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6C30966B-A597-41FA-A897-702A761DAFE3}" = Microsoft SQL Server Management Studio Express
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{75104836-CAC7-444E-A39E-3F54151942F5}" = Apple Mobile Device Support
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{B0EFB716-085B-4564-8060-212E41F5CE50}" = Windows Live ID-Anmelde-Assistent
"{B61ED343-0B14-4241-999C-490CB1A20DA4}" = HP Photosmart Officejet and Deskjet All-In-One Driver Software 13.0 Rel. B
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D285FC5F-3021-32E9-9C59-24CA325BDC5C}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729
"{D66F0C3C-24F2-4463-9E2F-4381E5C40A26}" = iTunes
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F68310EC-B615-4044-B7D7-1A6349758D42}" = Microsoft SQL Server VSS Writer
"{F90F5A11-53E6-4045-ACB1-BC03D71FB06C}" = Microsoft SQL Server Native Client
"CANONIJINBOXADDON100" = Canon Inkjet Printer Driver Add-On Module
"GIMP-2_is1" = GIMP 2.8.0
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HPOCR" = OCR Software by I.R.I.S. 13.0
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Microsoft Visual Studio 2010 Tools for Office Runtime (x64)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
"ProInst" = Intel PROSet Wireless
"SynTPDeinstKey" = Synaptics Pointing Device Driver
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = LG CyberLink YouCam
"{047F790A-7A2A-4B6A-AD02-38092BA63DAC}" = Acer VCM
"{07629207-FAA0-4F1A-8092-BF5085BE511F}" = Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)
"{0C262D84-FFA4-4621-8ED7-41F8287369F5}" = Google Apps Migration For Microsoft Outlook® 2.3.12.34
"{0DD140D3-9563-481E-AA75-BA457CBDAEF2}" = PC Inspector File Recovery
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{104066F4-5897-4067-85D3-4C88B67CCF75}" = AIO_Scan
"{17271AB7-D7EC-4a95-9861-FAFE5A4664AD}" = 6300Trb
"{1C4AAC59-364D-4804-957A-5F7A2688ED25}" = Lexware büro easy 2007
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = LG Power Tools
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{20aa4150-b5f4-11de-8a39-0800200c9a66}_is1" = KompoZer 0.8b3
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{245E74BE-A9EF-4EC2-BF23-C93AAFE69B07}" = Lexware online banking 4.80
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{29826F3D-1139-4F06-B109-C6B29B1D6339}" = Lexware online banking 4.80
"{2b12a4e9-c782-45ef-801e-abd0a08d3d8d}" = Ad-Aware Antivirus
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"{2E868046-F930-47A6-85FD-7AC08DD1A9D1}" = Lexware büro easy 2007
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{32364CEA-7855-4A3C-B674-53D8E9B97936}" = TuneUp Utilities 2012
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java(TM) SE Runtime Environment 6
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = WebCam
"{3AD96D37-7CAF-4295-A274-E403F1F38065}" = Tools für Microsoft SQL Server 2005
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer ePower Management
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker
"{3FD62708-FA3F-42DF-AD66-F400A1BDBFF1}" = Lexware büro easy 2007
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = LG CyberLink Power2Go
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{461B11E8-BF34-4ACB-962A-1CBE905BD9EB}" = LG United Mobile Drivers
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport
"{4FB3B7B9-1DD2-4707-9138-23010E65AEA6}" = Lexware online banking 4.80
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{56FDB311-6511-11DE-832F-0050560400B1}" = Haufe iDesk-Browser
"{59624372-3B85-47f4-9B04-4911E551DF1E}" = Lexware Info Service
"{5A22D889-FBDD-4AE8-86EC-089D45FC133E}" = Alcor Micro USB Card Reader
"{5B4383F2-37EE-4E97-AD81-F5FF76F286DA}" = OutlookAddInNet3Setup
"{5BE4CACE-8B98-4BE7-B854-2CF79D983F3D}" = Lexware Abschreibungsrechner
"{5C6F884D-680C-448B-B4C9-22296EE1B206}" = Logitech Harmony Remote Software 7
"{5C98D841-6392-41F1-A80E-B1A741F32A95}" = DSL-Speedtest
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{6179550A-3E7C-499E-BCC9-9E8113E0A285}" = LG ODD Auto Firmware Update
"{65CB4C08-C47B-4A7E-A6A4-50C06ADA5FC6}" = Adobe AIR
"{68301905-2DEA-41CE-A4D4-E8B443B099BA}" = MyWinLocker
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{80F19EAA-44C4-47C2-AE87-1C7628E858D6}" = Logitech Harmony Remote Software 7
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110209593}" = Chicken Invaders 2
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110551697}" = Granny In Paradise
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112662477}" = Merriam Websters Spell Jam
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11273477}" = Amazonia
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112920767}" = Alice Greenfingers
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113786380}" = Heroes of Hellas
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113832110}" = Dream Day First Home
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115053100}" = Dairy Dash
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115208410}" = First Class Flurry
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11531173}" = Farm Frenzy 2
"{82E85DB5-7C06-418E-8CB9-9805E27C0B65}" = Lexware büro easy 2007
"{8471021C-F529-43DE-84DF-3612E10F58C4}" = Remote Control USB Driver
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ed9688e-4f79-4308-91ca-f1c37ca142b4}_is1" = Acer GameZone Console
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0015-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0017-0407-0000-0000000FF1CE}" = Microsoft Office SharePoint Designer MUI (German) 2007
"{90120000-0017-0407-0000-0000000FF1CE}_OMUI.de-de_{2733AA87-26FC-41B0-9D2F-3092345BC370}" = Microsoft Office SharePoint Designer 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}_OMUI.de-de_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}_OMUI.de-de_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}_OMUI.de-de_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}_OMUI.de-de_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_OMUI.de-de_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}_OMUI.de-de_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0100-0407-0000-0000000FF1CE}" = Microsoft Office O MUI (German) 2007
"{90120000-0100-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0101-0407-0000-0000000FF1CE}" = Microsoft Office X MUI (German) 2007
"{90120000-0101-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{904CD0E4-4B72-4CF7-9828-267C6678A22E}" = System Requirements Lab for Intel
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9F6B13E2-B93F-4203-9BD4-5DC18C9F9DEB}" = AIO_CDB_Software
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC2A17B5-82EB-4E4A-9A90-A57E20909F92}" = Lexware büro easy 2007
"{AC42EE05-1F5D-4B92-851A-DBFE81088A0C}" = QuickSteuer 2010
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.5.1 MUI
"{AC849092-6F19-4395-8860-BC3B82CAFE51}" = funScreenScraping Microsoft Systemdateien
"{ADD5DB49-72CF-11D8-9D75-000129760D75}" = LG CyberLink PowerBackup
"{AED96948-B28A-4958-9318-73FF9F4746AA}}_is1" = Netpas Distance
"{B3276CB1-20B6-4AF9-AAEC-E72C83816495}" = IKEA Home Planner
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{BC39DBA4-D1B7-483C-BA0D-9EB0BB0B6DCF}" = 6300
"{BDEDBDD9-C97B-4333-B7BE-6979A34F6F74}" = 6300_Help
"{C08EF2EB-27C6-4E99-B5C3-15AE8210B614}" = ELOoffice
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LG CyberLink LabelPrint
"{C675C60B-0CB7-4108-B8CA-C3EC0706DEF0}" = Serif PagePlus Starter Edition
"{C7ACA1FD-E1A7-42D1-93C2-6EBD868584E9}" = ELO Pdf Drucker
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CE026CFE-73FE-4FED-9D5F-2C8D4DB512B0}" = TuneUp Utilities Language Pack (de-DE)
"{CF78AB2B-1CA0-42D2-A2F1-FDEBC7876EF0}" = Microsoft SQL Server 2005 (COMBIT_CRM)
"{D05FC947-69D8-4A56-9BAB-AD87E59122C5}" = Lexware Abschreibungsrechner
"{D0ACE89D-EC7F-470F-80BE-4C98ED366B32}" = Acer Crystal Eye webcam Ver:1.1.95.714
"{D6EC987A-1E19-47F3-8172-60511412D1DD}" = PNMD
"{DA0AB139-B29E-5B54-726C-B2A5CE6DA2CC}" = BMWi-Businessplaner Gründung
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E1640DA5-89B4-4F52-B15D-5DA3D14F29D4}" = LG USB Modem Drivers
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E3723A04-A894-4036-A78E-282E18F43C0A}_is1" = Tinypic 3.18
"{E3D2C89A-6C03-49F4-822D-C7665BC86410}" = funScreenScraping Client Version
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E7112940-5F8E-4918-B9FE-251F2F8DC81F}" = AIO_CDB_ProductContext
"{EB5AE940-8E5D-11DE-992A-005056B12123}" = Haufe iDesk-Service
"{EC2F8A30-787F-4DA5-9A8F-8E7DFE777CC2}" = Servicepack Datumsaktualisierung
"{EDF80EF9-3903-4DDC-96BC-F7D863E689C4}" = QuickSteuer Wissens-Center 2010
"{EE027410-D08E-47B0-8AE6-53CCFA8048F6}" = Lexware büro easy 2007
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"1&1 Office-Drive Manager" = 1&1 Office-Drive Manager
"Acer Registration" = Acer Registration
"Acer Screensaver" = Acer ScreenSaver
"Acer Welcome Center" = Welcome Center
"Ad-Aware Browsing Protection" = Ad-Aware Browsing Protection
"adawaretb" = Ad-Aware Security Toolbar
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Advanced Renamer_is1" = Advanced Renamer
"Avira AntiVir Desktop" = Avira Free Antivirus
"AVMFBox" = AVM FRITZ!Box Dokumentation
"BGBlitz_is1" = BGBlitz 2.7.0
"BitTorrent" = BitTorrent
"BMWiBusinessplanerGruenden" = BMWi-Businessplaner Gründung
"Calculatem Pro_is1" = Calculatem Pro
"CameraWindowDC8" = Canon Utilities CameraWindow DC 8
"CameraWindowLauncher" = Canon Utilities CameraWindow Launcher
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
"Canon MG5200 series Benutzerregistrierung" = Canon MG5200 series Benutzerregistrierung
"Canon MOV Decoder" = Canon MOV Decoder
"Canon MOV Encoder" = Canon MOV Encoder
"Canon_IJ_Network_Scan_UTILITY" = Canon IJ Network Scan Utility
"Canon_IJ_Network_UTILITY" = Canon IJ Network Tool
"CANONIJPLM100" = Canon Inkjet Printer/Scanner/Fax Extended Survey Program
"CanonMyPrinter" = Canon My Printer
"CanonSolutionMenuEX" = Canon Solution Menu EX
"Charter Party Viewer" = Charter Party Viewer
"CSS3 Menu" = CSS3 Menu
"Dia" = Dia (nur entfernen)
"Easy-PhotoPrint EX" = Canon Easy-PhotoPrint EX
"Easy-WebPrint EX" = Canon Easy-WebPrint EX
"ElsterFormular 12.2.2.6665k" = ElsterFormular
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Google Calendar Sync" = Google Calendar Sync
"GPL Ghostscript 9.05" = GPL Ghostscript
"GridVista" = Acer GridVista
"GSview 5.0" = GSview 5.0
"Identity Card" = Identity Card
"Inkscape" = Inkscape 0.48.3.1
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = LG CyberLink YouCam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = LG Power Tools
"InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = LG CyberLink Power2Go
"InstallShield_{5A22D889-FBDD-4AE8-86EC-089D45FC133E}" = Alcor Micro USB Card Reader
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LG CyberLink LabelPrint
"InstallShield_{D6EC987A-1E19-47F3-8172-60511412D1DD}" = PNMD
"IrfanView" = IrfanView (remove only)
"JellyFish Light 3.5" = JellyFish Light 3.5
"julitecCRM_is1" = julitecCRM 6.0
"KLiteCodecPack_is1" = K-Lite Codec Pack 5.6.1 (Basic)
"LinkedIn Outlook Connector" = LinkedIn Outlook Connector
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300
"MediaNavigation.CDLabelPrint" = CD-LabelPrint
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"MovieUploaderForYouTube" = Canon Utilities Movie Uploader for YouTube
"Mozilla Firefox 13.0.1 (x86 de)" = Mozilla Firefox 13.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MP Navigator EX 4.0" = Canon MP Navigator EX 4.0
"MyCamera" = Canon Utilities MyCamera
"MyCamera Download Plugin" = CANON iMAGE GATEWAY MyCamera Download Plugin
"Nvu_is1" = Nvu 1.0
"OMUI.de-de" = Microsoft Office Language Pack 2007 - German/Deutsch
"Open Codecs" = Xiph.Org Open Codecs 0.85.17777
"PartyPoker" = PartyPoker
"PhotoRecord" = Canon PhotoRecord
"PhotoStitch" = Canon Utilities PhotoStitch
"Picasa 3" = Picasa 3
"ProInst" = Intel PROSet Wireless
"Protect Disc License Helper" = Protect Disc License Helper 1.0.118
"Scribus 1.4.1" = Scribus 1.4.1
"Softonic" = Softonic toolbar  on IE and Chrome
"SopCast" = SopCast 3.5.0
"TreeSize Free_is1" = TreeSize Free V2.5
"TuneUp Utilities 2012" = TuneUp Utilities 2012
"TVersity Codec Pack" = TVersity Codec Pack 1.7
"TVersity Media Server" = TVersity Media Server 1.9.7
"TWIN 7 Tweaker_is1" = DATA BECKER TWIN 7 Tweaker
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"WOW Slider" = WOW Slider
"XMLmind XML Editor_is1" = XMLmind XML Editor Personal Edition 5.2.1 (2012-05-09)
"xp-AntiSpy" = xp-AntiSpy 3.97-7
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"ActiveTrader 5.1.2_b2" = ActiveTrader 5.1.2_b2
"Video Player" = Video Player
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 18.07.2012 01:19:30 | Computer Name = Acer-NetBook | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 18.07.2012 01:19:30 | Computer Name = Acer-NetBook | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 4133231
 
Error - 18.07.2012 01:19:30 | Computer Name = Acer-NetBook | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 4133231
 
Error - 18.07.2012 01:19:31 | Computer Name = Acer-NetBook | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 18.07.2012 01:19:32 | Computer Name = Acer-NetBook | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 4134229
 
Error - 18.07.2012 01:19:32 | Computer Name = Acer-NetBook | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 4134229
 
Error - 19.07.2012 01:26:27 | Computer Name = Acer-NetBook | Source = Lavasoft Ad-Aware Service | ID = 0
Description = 
 
Error - 21.07.2012 06:00:53 | Computer Name = Acer-NetBook | Source = Avira Antivirus | ID = 4110
Description = Während der Initialisierung der Suchengine trat ein unbekannter Fehler
 auf!  Fehlercode: 0x35
 
Error - 21.07.2012 06:01:52 | Computer Name = Acer-NetBook | Source = Lavasoft Ad-Aware Service | ID = 0
Description = 
 
Error - 21.07.2012 06:03:52 | Computer Name = Acer-NetBook | Source = Lavasoft Ad-Aware Service | ID = 0
Description = 
 
[ Media Center Events ]
Error - 03.01.2010 22:23:47 | Computer Name = Acer-NetBook | Source = MCUpdate | ID = 0
Description = 03:23:46 - Fehler beim Herstellen der Internetverbindung.  03:23:46 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 03.01.2010 23:23:53 | Computer Name = Acer-NetBook | Source = MCUpdate | ID = 0
Description = 04:23:52 - Fehler beim Herstellen der Internetverbindung.  04:23:52 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 04.01.2010 00:23:59 | Computer Name = Acer-NetBook | Source = MCUpdate | ID = 0
Description = 05:23:58 - Fehler beim Herstellen der Internetverbindung.  05:23:58 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 04.01.2010 01:28:51 | Computer Name = Acer-NetBook | Source = MCUpdate | ID = 0
Description = 06:28:50 - Fehler beim Herstellen der Internetverbindung.  06:28:50 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 14.01.2010 05:11:43 | Computer Name = Acer-NetBook | Source = MCUpdate | ID = 0
Description = 10:11:37 - Fehler beim Herstellen der Internetverbindung.  10:11:37 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 10.02.2010 15:21:44 | Computer Name = Acer-NetBook | Source = MCUpdate | ID = 0
Description = 20:21:44 - Fehler beim Herstellen der Internetverbindung.  20:21:44 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 10.02.2010 15:21:53 | Computer Name = Acer-NetBook | Source = MCUpdate | ID = 0
Description = 20:21:49 - Fehler beim Herstellen der Internetverbindung.  20:21:49 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 14.02.2010 02:51:10 | Computer Name = Acer-NetBook | Source = MCUpdate | ID = 0
Description = 07:51:10 - Fehler beim Herstellen der Internetverbindung.  07:51:10 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 21.02.2010 02:52:20 | Computer Name = Acer-NetBook | Source = MCUpdate | ID = 0
Description = 07:52:19 - Fehler beim Herstellen der Internetverbindung.  07:52:20 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 21.02.2010 02:52:29 | Computer Name = Acer-NetBook | Source = MCUpdate | ID = 0
Description = 07:52:25 - Fehler beim Herstellen der Internetverbindung.  07:52:25 
-     Serververbindung konnte nicht hergestellt werden..  
 
[ OSession Events ]
Error - 07.03.2012 17:23:13 | Computer Name = Acer-NetBook | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6612.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 5
 seconds with 0 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 21.07.2012 05:55:26 | Computer Name = Acer-NetBook | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   AFD  avipbb  avkmgr  DfsC  discache  mwlPSDFilter  mwlPSDNServ  mwlPSDVDisk  NetBIOS  NetBT  nsiproxy
Psched
rdbss
spldr
tdx
ui11drdr
vwififlt
Wanarpv6
WfpLwf
 
Error - 21.07.2012 05:56:11 | Computer Name = Acer-NetBook | Source = DCOM | ID = 10005
Description = 
 
Error - 21.07.2012 06:00:53 | Computer Name = Acer-NetBook | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Avira Echtzeit Scanner" wurde mit folgendem dienstspezifischem
 Fehler beendet: %%306.
 
Error - 21.07.2012 06:01:52 | Computer Name = Acer-NetBook | Source = Service Control Manager | ID = 7034
Description = Dienst "Lavasoft Ad-Aware Service" wurde unerwartet beendet. Dies 
ist bereits 1 Mal passiert.
 
Error - 21.07.2012 06:02:14 | Computer Name = Acer-NetBook | Source = DCOM | ID = 10016
Description = 
 
Error - 21.07.2012 06:04:38 | Computer Name = Acer-NetBook | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Heimnetzgruppen-Listener" wurde mit folgendem dienstspezifischem
 Fehler beendet: %%-2147023143.
 
Error - 21.07.2012 08:13:12 | Computer Name = Acer-NetBook | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Lbd" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%2
 
Error - 21.07.2012 08:20:32 | Computer Name = Acer-NetBook | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   cdrom  Lbd
 
Error - 21.07.2012 08:20:35 | Computer Name = Acer-NetBook | Source = DCOM | ID = 10016
Description = 
 
Error - 21.07.2012 08:21:18 | Computer Name = Acer-NetBook | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Heimnetzgruppen-Listener" wurde mit folgendem dienstspezifischem
 Fehler beendet: %%-2147023143.
 
 
< End of report >
         
--- --- ---


Alt 22.07.2012, 10:04   #6
JoeCool
 
GVU Trojaner mit Kamera - Standard

GVU Trojaner mit Kamera



...Hier als ZIP Files

Alt 22.07.2012, 10:05   #7
t'john
/// Helfer-Team
 
GVU Trojaner mit Kamera - Standard

GVU Trojaner mit Kamera



Fixen mit OTL

Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).

  • Deaktiviere etwaige Virenscanner wie Avira, Kaspersky etc.
  • Starte die OTL.exe.
    Vista- und Windows 7-User starten mit Rechtsklick auf das Programm-Icon und wählen "Als Administrator ausführen".
  • Kopiere folgendes Skript in das Textfeld unterhalb von Benuterdefinierte Scans/Fixes:


Code:
ATTFilter
:OTL
PRC - C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE () 
PRC - C:\Windows\snuvcdsm.exe () 
PRC - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.) 
PRC - C:\Windows\PLFSetI.exe () 
MOD - C:\Users\JoeCool\AppData\Local\Temp\26b4a1dd-e07b-48af-be4e-9642b273284b\CliSecureRT.dll () 
MOD - C:\Users\JoeCool\AppData\Roaming\13001.026\components\AcroFF026.dll () 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} 
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC 
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 
IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64} 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC 
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW 
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 
IE - HKCU\..\URLSearchHook: {66bd2442-241b-44cd-8c7a-b51037053cdb} - No CLSID value found 
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} 
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC 
IE - HKCU\..\SearchScopes\{074E482C-DD2C-42B8-96A8-F67ECCE9D474}: "URL" = http://de.wikipedia.org/w/index.php?title=Spezial:Suche&search={searchTerms} 
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&AF=119998&babsrc=SP_ss&mntrId=9a65cef7000000000000001e64348cf3 
IE - HKCU\..\SearchScopes\{45F03664-29FC-4820-A20A-8DE6B05D7FB2}: "URL" = http://dict.leo.org/ende?lp=ende&lang=de&searchLoc=0&cmpType=relaxed§Hdr=on&spellToler=on&chinese=both&pinyin=diacritic&search={searchTerms}&relink=on 
IE - HKCU\..\SearchScopes\{6299DCEA-64DA-464A-9A47-0BE3CAEED0DB}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2548838 
IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_deDE357DE357 
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 
IE - HKCU\..\SearchScopes\{86B187AB-D745-4E00-A33A-93D6330BCFB8}: "URL" = http://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=827316&p={searchTerms} 
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={42903223-B249-4FA0-AF3F-5D1BAAACD349}&mid=36b9e18315d147d183b1d16fd89b6449-75968e8b8846c8686ff11da71a6687c5bf2fec85&lang=de&ds=tt014&pr=sa&d=2011-12-11 09:34:09&v=8.0.0.34&sap=dsp&q={searchTerms} 
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local 
FF - user.js - File not found 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_265.dll File not found 
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found 
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) 
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) 
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\WEB ASSISTANT\FIREFOX 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\Program Files\Web Assistant\Firefox 
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. 
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. 
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found. 
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {30F9B915-B755-4826-820B-08FBA6BD249D} - No CLSID value found. 
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {66BD2442-241B-44CD-8C7A-B51037053CDB} - No CLSID value found. 
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7E111A5C-3D11-4F56-9463-5310C3C69025} - No CLSID value found. 
O4:64bit: - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe () 
O4:64bit: - HKLM..\Run: [SNUVCDSM] C:\Windows\snuvcdsm.exe () 
O4 - HKLM..\Run: [] File not found 
O4 - HKLM..\Run: [ROC_roc_dec12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12 File not found 
O4 - HKLM..\Run: [snuvcdsm] C:\Windows\snuvcdsm.exe () 
O4 - HKCU..\Run: [KiesHelper] C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe /s File not found 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108859 
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found 
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found 
O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html File not found 
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found 
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html File not found 
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found 
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found 
O32 - HKLM CDRom: AutoRun - 1 
O33 - MountPoints2\{d7d2b325-588f-11e0-a0af-00269e7f8dba}\Shell - "" = AutoRun 
O33 - MountPoints2\{d7d2b325-588f-11e0-a0af-00269e7f8dba}\Shell\AutoRun\command - "" = D:\USBAutoRun.exe 

[2012.06.12 18:08:25 | 000,000,860 | ---- | M] () -- C:\Windows\SysWow64\runrefog.lnk 
[2012.06.12 18:08:25 | 000,000,860 | ---- | C] () -- C:\Windows\SysWow64\runrefog.lnk 
@Alternate Data Stream - 147 bytes -> C:\ProgramData\Temp:4D066AD2 
@Alternate Data Stream - 146 bytes -> C:\ProgramData\Temp:AB689DEA 
@Alternate Data Stream - 138 bytes -> C:\ProgramData\Temp:5D7E5A8F 
@Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:E1F04E8D 
@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:ABE89FFE 
@Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:0B9176C0 
@Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:4CF61E54 


[2012.07.12 14:40:32 | 000,000,000 | ---D | C] -- C:\Users\JoeCool\AppData\Roaming\UAs 
[2012.07.22 10:05:01 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job 
[2012.07.22 09:20:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job 
[2012.07.21 18:05:17 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job 
[2012.07.21 11:53:34 | 004,503,728 | ---- | M] () -- C:\ProgramData\kp_0loor.pad 
[2012.07.08 20:39:21 | 004,503,728 | ---- | M] () -- C:\ProgramData\go_0molg.pad 
[2012.06.26 11:49:41 | 001,842,876 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI 
[2012.06.12 18:08:25 | 000,000,860 | ---- | M] () -- C:\Windows\SysWow64\runrefog.lnk 


:Files

ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[emptyflash]
         
  • Schließe alle Programme.
  • Klicke auf den Fix Button.
  • Wenn OTL einen Neustart verlangt, bitte zulassen.
  • Kopiere den Inhalt des Logfiles hier in Code-Tags in Deinen Thread.
    Nachträglich kannst Du das Logfile hier einsehen => C:\_OTL\MovedFiles\

Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!
__________________
Mfg, t'john
Das TB unterstützen

Alt 22.07.2012, 10:08   #8
JoeCool
 
GVU Trojaner mit Kamera - Standard

GVU Trojaner mit Kamera



Ok, mach ich sobald Malwarbytes durch ist. Danke!

Hier nun das LOG von Malwarbytes: (Keine Funde)

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.07.22.03

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
JoeCool :: ACER-NETBOOK [Administrator]

22.07.2012 10:54:45
mbam-log-2012-07-22 (10-54-45).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 399787
Laufzeit: 1 Stunde(n), 52 Minute(n), 57 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)


Mach dann als nächstes die OTL Reinigung wie oben beschrieben. Geht aber erst heut nachmittag.

So, hab jetzt OTL mit den Script laufen lassen. Mittendrin hat sich Windows mit "Es ist ein kritischer Fehler aufgetreten. Windows wird in einer Minute heruntergefahren..."
OTL ist aber noch zu ende gelaufen und hat dann nach Neustert gefragt. Ich hab mit "OK" bestätigt.

Hier das Log:
Code:
ATTFilter
All processes killed
========== OTL ==========
No active process named Program Files was found!
No active process named snuvcdsm.exe was found!
No active process named Program Files was found!
No active process named PLFSetI.exe was found!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{66bd2442-241b-44cd-8c7a-b51037053cdb} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{66bd2442-241b-44cd-8c7a-b51037053cdb}\ not found.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{074E482C-DD2C-42B8-96A8-F67ECCE9D474}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{074E482C-DD2C-42B8-96A8-F67ECCE9D474}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{45F03664-29FC-4820-A20A-8DE6B05D7FB2}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{45F03664-29FC-4820-A20A-8DE6B05D7FB2}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6299DCEA-64DA-464A-9A47-0BE3CAEED0DB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6299DCEA-64DA-464A-9A47-0BE3CAEED0DB}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{86B187AB-D745-4E00-A33A-93D6330BCFB8}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{86B187AB-D745-4E00-A33A-93D6330BCFB8}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}\ not found.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@adobe.com/FlashPlayer\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@tools.google.com/Google Update;version=3\ deleted successfully.
C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@tools.google.com/Google Update;version=9\ deleted successfully.
File C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll not found.
File HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\Program Files\Web Assistant\Firefox not found.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{30F9B915-B755-4826-820B-08FBA6BD249D} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{66BD2442-241B-44CD-8C7A-B51037053CDB} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{66BD2442-241B-44CD-8C7A-B51037053CDB}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7E111A5C-3D11-4F56-9463-5310C3C69025} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7E111A5C-3D11-4F56-9463-5310C3C69025}\ not found.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\PLFSetI deleted successfully.
C:\Windows\PLFSetI.exe moved successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SNUVCDSM deleted successfully.
C:\Windows\snuvcdsm.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ROC_roc_dec12 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\snuvcdsm deleted successfully.
File C:\Windows\snuvcdsm.exe not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\KiesHelper deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\PromptOnSecureDesktop deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutoRun deleted successfully.
64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Add to Google Photos Screensa&ver\ deleted successfully.
64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\E&xport to Microsoft Excel\ deleted successfully.
64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Google Sidewiki...\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\E&xport to Microsoft Excel\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Google Sidewiki...\ not found.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d7d2b325-588f-11e0-a0af-00269e7f8dba}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d7d2b325-588f-11e0-a0af-00269e7f8dba}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d7d2b325-588f-11e0-a0af-00269e7f8dba}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d7d2b325-588f-11e0-a0af-00269e7f8dba}\ not found.
File D:\USBAutoRun.exe not found.
C:\Windows\SysWow64\runrefog.lnk moved successfully.
File C:\Windows\SysWow64\runrefog.lnk not found.
ADS C:\ProgramData\Temp:4D066AD2 deleted successfully.
ADS C:\ProgramData\Temp:AB689DEA deleted successfully.
ADS C:\ProgramData\Temp:5D7E5A8F deleted successfully.
ADS C:\ProgramData\Temp:E1F04E8D deleted successfully.
ADS C:\ProgramData\Temp:ABE89FFE deleted successfully.
ADS C:\ProgramData\Temp:0B9176C0 deleted successfully.
ADS C:\ProgramData\Temp:4CF61E54 deleted successfully.
C:\Users\JoeCool\AppData\Roaming\UAs folder moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job moved successfully.
C:\Windows\Tasks\Adobe Flash Player Updater.job moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job moved successfully.
C:\ProgramData\kp_0loor.pad moved successfully.
C:\ProgramData\go_0molg.pad moved successfully.
C:\Windows\SysWOW64\PerfStringBackup.INI moved successfully.
File C:\Windows\SysWow64\runrefog.lnk not found.
========== FILES ==========
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\JoeCool\Desktop\cmd.bat deleted successfully.
C:\Users\JoeCool\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56478 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Hanni
 
User: JoeCool
->Temp folder emptied: 13593670 bytes
->Temporary Internet Files folder emptied: 46077541 bytes
->Java cache emptied: 67218870 bytes
->FireFox cache emptied: 445832133 bytes
->Google Chrome cache emptied: 42752132 bytes
->Flash cache emptied: 116018 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 24928 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1091569 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67832 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 588,00 mb
 
 
[EMPTYFLASH]
 
User: All Users
 
User: Default
->Flash cache emptied: 0 bytes
 
User: Default User
->Flash cache emptied: 0 bytes
 
User: Hanni
 
User: JoeCool
->Flash cache emptied: 0 bytes
 
User: Public
 
Total Flash Files Cleaned = 0,00 mb
 
 
OTL by OldTimer - Version 3.2.54.0 log created on 07222012_145700

Files\Folders moved on Reboot...
C:\Users\JoeCool\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...
File C:\Users\JoeCool\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!

Registry entries deleted on Reboot...
         

Alt 22.07.2012, 14:14   #9
JoeCool
 
GVU Trojaner mit Kamera - Standard

GVU Trojaner mit Kamera



Und im Anhang nochmal als ZIP...

Alt 22.07.2012, 17:51   #10
JoeCool
 
GVU Trojaner mit Kamera - Standard

GVU Trojaner mit Kamera



Hab jetzt auch mal alle wichtigen Windows Updates gemacht.
System läuft soweit rund.
Was wäre denn nun der nächte Schritt?

ADWCLEANER?

Alt 22.07.2012, 18:37   #11
t'john
/// Helfer-Team
 
GVU Trojaner mit Kamera - Standard

GVU Trojaner mit Kamera



Sehr gut!


1. Schritt
Bitte einen Vollscan mit Malwarebytes Anti-Malware machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Malwarebytes Anti-Malware
- Anwendbar auf Windows 2000, XP, Vista und 7.
- Installiere das Programm in den vorgegebenen Pfad.
- Aktiviere "Komplett Scan durchführen" => Scan.
- Wähle alle verfügbaren Laufwerke (ausser CD/DVD) aus und starte den Scan.
- Funde bitte löschen lassen oder in Quarantäne.
- Wenn der Scan beendet ist, klicke auf "Zeige Resultate".
danach:

2. Schritt

Downloade Dir bitte AdwCleaner auf deinen Desktop.

  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Search.
  • Nach Ende des Suchlaufs öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[R1].txt.
__________________
Mfg, t'john
Das TB unterstützen

Alt 22.07.2012, 19:20   #12
JoeCool
 
GVU Trojaner mit Kamera - Standard

GVU Trojaner mit Kamera



Ok, lass dann Malware über Nacht laufen und poste morgen. Hat ja ewig gedauert, der letzte Scan.

Vielen Dank soweit & einen schönen Sonntag noch.

Alt 22.07.2012, 20:34   #13
t'john
/// Helfer-Team
 
GVU Trojaner mit Kamera - Standard

GVU Trojaner mit Kamera



Alles klar, bis morgen
__________________
Mfg, t'john
Das TB unterstützen

Alt 22.07.2012, 20:51   #14
JoeCool
 
GVU Trojaner mit Kamera - Standard

GVU Trojaner mit Kamera



Hier ist jetzt doch schon mal Malwarbytes...

Code:
ATTFilter
Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.07.22.08

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
JoeCool :: ACER-NETBOOK [Administrator]

22.07.2012 20:35:36
mbam-log-2012-07-22 (20-35-36).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 402211
Laufzeit: 1 Stunde(n), 14 Minute(n), 13 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
         
Und hier der AdwCleaner...

Code:
ATTFilter
# AdwCleaner v1.703 - Logfile created 07/22/2012 at 21:54:00
# Updated 20/07/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : JoeCool - ACER-NETBOOK
# Running from : C:\Users\JoeCool\Desktop\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

Folder Found : C:\Users\JoeCool\AppData\Local\Conduit
Folder Found : C:\Users\JoeCool\AppData\Local\OpenCandy
Folder Found : C:\Users\JoeCool\AppData\LocalLow\Conduit
Folder Found : C:\Users\JoeCool\AppData\Roaming\OpenCandy
Folder Found : C:\Program Files (x86)\Conduit
Folder Found : C:\Program Files (x86)\Softonic
Folder Found : C:\Program Files (x86)\Common Files\AVG Secure Search
File Found : C:\Program Files (x86)\Mozilla Firefox\searchplugins\avg-secure-search.xml
File Found : C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml

***** [Registry] *****
[*] Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2548838[*] Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2736476
Key Found : HKCU\Software\AppDataLow\Software\Conduit
Key Found : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Found : HKCU\Software\IM
Key Found : HKCU\Software\ImInstaller
Key Found : HKCU\Software\Softonic
Key Found : HKCU\Software\Zugo
Key Found : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Found : HKLM\SOFTWARE\Classes\S
Key Found : HKLM\SOFTWARE\Classes\Softonic.dskBnd
Key Found : HKLM\SOFTWARE\Classes\Softonic.dskBnd.1
Key Found : HKLM\SOFTWARE\Classes\Softonic.SoftonicHlpr
Key Found : HKLM\SOFTWARE\Classes\Softonic.SoftonicHlpr.1
Key Found : HKLM\SOFTWARE\Classes\SoftonicApp.appCore
Key Found : HKLM\SOFTWARE\Classes\SoftonicApp.appCore.1
Key Found : HKLM\SOFTWARE\Classes\srv.SoftonicSrvc
Key Found : HKLM\SOFTWARE\Classes\srv.SoftonicSrvc.1
Key Found : HKLM\SOFTWARE\Conduit
Key Found : HKLM\SOFTWARE\Description
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASMANCS
Key Found : HKLM\SOFTWARE\Web Assistant
Value Found : HKLM\SOFTWARE\Mozilla\Firefox\extensions [{336D0C35-8A85-403a-B9D2-65C292C39087}]
[x64] Key Found : HKCU\Software\AppDataLow\Software\Conduit
[x64] Key Found : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
[x64] Key Found : HKCU\Software\IM
[x64] Key Found : HKCU\Software\ImInstaller
[x64] Key Found : HKCU\Software\Softonic
[x64] Key Found : HKCU\Software\Zugo
[x64] Key Found : HKLM\SOFTWARE\Classes\Conduit.Engine
[x64] Key Found : HKLM\SOFTWARE\Classes\S
[x64] Key Found : HKLM\SOFTWARE\Classes\Softonic.dskBnd
[x64] Key Found : HKLM\SOFTWARE\Classes\Softonic.dskBnd.1
[x64] Key Found : HKLM\SOFTWARE\Classes\Softonic.SoftonicHlpr
[x64] Key Found : HKLM\SOFTWARE\Classes\Softonic.SoftonicHlpr.1
[x64] Key Found : HKLM\SOFTWARE\Classes\SoftonicApp.appCore
[x64] Key Found : HKLM\SOFTWARE\Classes\SoftonicApp.appCore.1
[x64] Key Found : HKLM\SOFTWARE\Classes\srv.SoftonicSrvc
[x64] Key Found : HKLM\SOFTWARE\Classes\srv.SoftonicSrvc.1
[x64] Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
[x64] Key Found : HKLM\SOFTWARE\Web Assistant
[x64] Value Found : HKLM\SOFTWARE\Mozilla\Firefox\extensions [{336D0C35-8A85-403a-B9D2-65C292C39087}]

***** [Registre - GUID] *****

Key Found : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Found : HKLM\SOFTWARE\Classes\AppID\{7ABBFE1C-E485-44AA-8F36-353751B4124D}
Key Found : HKLM\SOFTWARE\Classes\AppID\{B15F118E-AF21-45E8-A809-29FDD7362565}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{44B50C01-4993-48E2-ADEE-D812BAE2E9A2}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{5018CFD2-804D-4C99-9F81-25EAEA2769DE}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{A3E2F089-DDBB-4CBF-B06C-5D44DA316ED3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{A5679AB0-C59E-49E7-83C4-5289F844A6E0}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{CA0167C2-6295-41B8-9BDA-704B2F5E4CD9}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E87806B5-E908-45FD-AF5E-957D83E58E68}
Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : HKLM\SOFTWARE\Classes\Interface\{087CDC12-0A11-4D1D-8DCF-44185D7C3496}
Key Found : HKLM\SOFTWARE\Classes\Interface\{088BF3A9-6AE8-47B9-A3FB-26262F236C79}
Key Found : HKLM\SOFTWARE\Classes\Interface\{2AC7B9EB-3881-4EB9-8DEE-0A731A309FDE}
Key Found : HKLM\SOFTWARE\Classes\Interface\{349C0469-ACDD-49DF-9B3E-0D82E7C7DC4D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{41226591-6F7A-4082-B63A-67FE4A0CF7A6}
Key Found : HKLM\SOFTWARE\Classes\Interface\{55D69CD1-6715-4C40-BF05-9519AC4DC6E6}
Key Found : HKLM\SOFTWARE\Classes\Interface\{66C8FD57-54C4-4D4F-BC95-DCCC763B410A}
Key Found : HKLM\SOFTWARE\Classes\Interface\{717BAE33-7061-4279-8AE5-6C13BC8AF3F9}
Key Found : HKLM\SOFTWARE\Classes\Interface\{84F06F7A-F811-48D7-8B34-3F4145183D8F}
Key Found : HKLM\SOFTWARE\Classes\Interface\{88F6D55F-AA3F-4003-BE69-4AC1998D6492}
Key Found : HKLM\SOFTWARE\Classes\Interface\{8DBCDED5-08AD-41A2-9BBC-235D84F4FE06}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{A0F66203-1A86-4812-9603-A57E09A4D7A3}
Key Found : HKLM\SOFTWARE\Classes\Interface\{BC39D1B3-4471-41C1-AACA-E097FAF4B7AA}
Key Found : HKLM\SOFTWARE\Classes\Interface\{DEB85542-1311-4EC6-8A32-5372EB27FC94}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{11D9E165-B8C1-4734-A56C-BC4FCACA966B}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{2D5E2D34-BED5-4B9F-9793-A31E26E6806E}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{B15F118E-AF21-45E8-A809-29FDD7362565}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9CF034EA-7B46-48D3-8895-8A14B32AE445}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E87806B5-E908-45FD-AF5E-957D83E58E68}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{5018CFD2-804D-4C99-9F81-25EAEA2769DE}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{E87806B5-E908-45FD-AF5E-957D83E58E68}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5018CFD2-804D-4C99-9F81-25EAEA2769DE}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E87806B5-E908-45FD-AF5E-957D83E58E68}
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{5018CFD2-804D-4C99-9F81-25EAEA2769DE}]
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\{7ABBFE1C-E485-44AA-8F36-353751B4124D}
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\{B15F118E-AF21-45E8-A809-29FDD7362565}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{087CDC12-0A11-4D1D-8DCF-44185D7C3496}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{088BF3A9-6AE8-47B9-A3FB-26262F236C79}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{2AC7B9EB-3881-4EB9-8DEE-0A731A309FDE}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{349C0469-ACDD-49DF-9B3E-0D82E7C7DC4D}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{41226591-6F7A-4082-B63A-67FE4A0CF7A6}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{55D69CD1-6715-4C40-BF05-9519AC4DC6E6}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{66C8FD57-54C4-4D4F-BC95-DCCC763B410A}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{717BAE33-7061-4279-8AE5-6C13BC8AF3F9}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{84F06F7A-F811-48D7-8B34-3F4145183D8F}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{88F6D55F-AA3F-4003-BE69-4AC1998D6492}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{8DBCDED5-08AD-41A2-9BBC-235D84F4FE06}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{A0F66203-1A86-4812-9603-A57E09A4D7A3}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{BC39D1B3-4471-41C1-AACA-E097FAF4B7AA}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{DEB85542-1311-4EC6-8A32-5372EB27FC94}
[x64] Key Found : HKLM\SOFTWARE\Classes\TypeLib\{11D9E165-B8C1-4734-A56C-BC4FCACA966B}
[x64] Key Found : HKLM\SOFTWARE\Classes\TypeLib\{2D5E2D34-BED5-4B9F-9793-A31E26E6806E}
[x64] Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
[x64] Key Found : HKLM\SOFTWARE\Classes\TypeLib\{B15F118E-AF21-45E8-A809-29FDD7362565}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{5018CFD2-804D-4C99-9F81-25EAEA2769DE}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{E87806B5-E908-45FD-AF5E-957D83E58E68}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5018CFD2-804D-4C99-9F81-25EAEA2769DE}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E87806B5-E908-45FD-AF5E-957D83E58E68}

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v13.0.1 (de)

Profile name : default 
File : C:\Users\JoeCool\AppData\Roaming\Mozilla\Firefox\Profiles\ohbo7nap.default\prefs.js

Found : user_pref("browser.babylon.HPOnNewTab", "search.babylon.com");
Found : user_pref("browser.search.defaultenginename", "MyStart Search");
Found : user_pref("browser.search.order.1", "Search the web (Babylon)");
Found : user_pref("browser.search.selectedEngine", "Search the Web");
Found : user_pref("browser.startup.homepage", "hxxp://Mystart.incredibar.com/mb124");
Found : user_pref("extensions.BabylonToolbar_i.aflt", "babsst");
Found : user_pref("extensions.BabylonToolbar_i.babExt", "");
Found : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=119998");
Found : user_pref("extensions.BabylonToolbar_i.hardId", "9a65cef7000000000000001e64348cf3");
Found : user_pref("extensions.BabylonToolbar_i.id", "9a65cef7000000000000001e64348cf3");
Found : user_pref("extensions.BabylonToolbar_i.instlDay", "15422");
Found : user_pref("extensions.BabylonToolbar_i.instlRef", "sst");
Found : user_pref("extensions.BabylonToolbar_i.newTab", true);
Found : user_pref("extensions.BabylonToolbar_i.newTabUrl", "hxxp://search.babylon.com/?AF=119998&babsrc=NT_s[...]
Found : user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar");
Found : user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon");
Found : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
Found : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
Found : user_pref("extensions.BabylonToolbar_i.tlbrId", "tb9");
Found : user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17");
Found : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.1720:00:45");
Found : user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17");
Found : user_pref("extensions.Softonic.admin", false);
Found : user_pref("extensions.Softonic.aflt", "orgnl");
Found : user_pref("extensions.Softonic.autoRvrt", "false");
Found : user_pref("extensions.Softonic.dfltLng", "");
Found : user_pref("extensions.Softonic.excTlbr", false);
Found : user_pref("extensions.Softonic.id", "9a65cef7000000000000001e64348cf3");
Found : user_pref("extensions.Softonic.instlDay", "15479");
Found : user_pref("extensions.Softonic.instlRef", "MON00001");
Found : user_pref("extensions.Softonic.prdct", "Softonic");
Found : user_pref("extensions.Softonic.prtnrId", "softonic");
Found : user_pref("extensions.Softonic.rvrtMsg", "Click Yes to keep current home page and default search set[...]
Found : user_pref("extensions.Softonic.tlbrId", "base");
Found : user_pref("extensions.Softonic.tlbrSrchUrl", "hxxp://search.softonic.com/MON00001/tb_v1?SearchSource[...]
Found : user_pref("extensions.Softonic.vrsn", "1.5.21.0");
Found : user_pref("extensions.Softonic.vrsni", "1.5.21.0");
Found : user_pref("extensions.Softonic_i.newTab", false);
Found : user_pref("extensions.Softonic_i.smplGrp", "none");
Found : user_pref("extensions.Softonic_i.vrsnTs", "1.5.21.011:51:49");
Found : user_pref("extensions.enabledAddons", "ffxtlbr@incredibar.com:1.5.0,googlebar@google.com:1.0,{972ce4[...]
Found : user_pref("extensions.incredibar.actvtyRptTime", "1339484352821");
Found : user_pref("extensions.incredibar.admin", false);
Found : user_pref("extensions.incredibar.aflt", "orgnl");
Found : user_pref("extensions.incredibar.afterInstallRpt", "sent");
Found : user_pref("extensions.incredibar.cntry", "DE");
Found : user_pref("extensions.incredibar.dfltLng", "EN");
Found : user_pref("extensions.incredibar.dfltSrch", false);
Found : user_pref("extensions.incredibar.dfltlng", "EN");
Found : user_pref("extensions.incredibar.dfltsrch", "false");
Found : user_pref("extensions.incredibar.did", "10657");
Found : user_pref("extensions.incredibar.envrmnt", "production");
Found : user_pref("extensions.incredibar.excTlbr", false);
Found : user_pref("extensions.incredibar.hdrMd5", "0A3A46359486F678F6583F5DB39F58FF");
Found : user_pref("extensions.incredibar.hmpg", false);
Found : user_pref("extensions.incredibar.hrdid", "0");
Found : user_pref("extensions.incredibar.id", "9a65cef7000000000000001e64348cf3");
Found : user_pref("extensions.incredibar.installerproductid", "26");
Found : user_pref("extensions.incredibar.instlDay", "15503");
Found : user_pref("extensions.incredibar.instlRef", "");
Found : user_pref("extensions.incredibar.instlday", "15503");
Found : user_pref("extensions.incredibar.instlref", "");
Found : user_pref("extensions.incredibar.isDcmntCmplt", true);
Found : user_pref("extensions.incredibar.isdcmntcmplt", "false");
Found : user_pref("extensions.incredibar.keywordurl", "");
Found : user_pref("extensions.incredibar.lastVrsnTs", "1.5.11.148:15:03");
Found : user_pref("extensions.incredibar.mntrvrsn", "1.2.0");
Found : user_pref("extensions.incredibar.newTab", false);
Found : user_pref("extensions.incredibar.newtab", "false");
Found : user_pref("extensions.incredibar.newtaburl", "");
Found : user_pref("extensions.incredibar.noFFXTlbr", false);
Found : user_pref("extensions.incredibar.ppd", "");
Found : user_pref("extensions.incredibar.prdct", "incredibar");
Found : user_pref("extensions.incredibar.productid", "26");
Found : user_pref("extensions.incredibar.propectorlck", 78067074);
Found : user_pref("extensions.incredibar.prtkHmpg", 1);
Found : user_pref("extensions.incredibar.prtnrId", "Incredibar");
Found : user_pref("extensions.incredibar.prtnrid", "Incredibar");
Found : user_pref("extensions.incredibar.sg", "none");
Found : user_pref("extensions.incredibar.smplGrp", "none");
Found : user_pref("extensions.incredibar.smplgrp", "none");
Found : user_pref("extensions.incredibar.srch", "");
Found : user_pref("extensions.incredibar.srchprvdr", "");
Found : user_pref("extensions.incredibar.tlbrId", "base");
Found : user_pref("extensions.incredibar.tlbrSrchUrl", "hxxp://mystart.Incredibar.com/?a=6OyEHkzSSo&loc=IB_T[...]
Found : user_pref("extensions.incredibar.tlbrid", "base");
Found : user_pref("extensions.incredibar.tlbrsrchurl", "hxxp://mystart.Incredibar.com/?a=6OyEHkzSSo&loc=IB_T[...]
Found : user_pref("extensions.incredibar.upn2", "6OyEHkzSSo");
Found : user_pref("extensions.incredibar.upn2n", "92261571160651468");
Found : user_pref("extensions.incredibar.vrsn", "1.5.11.14");
Found : user_pref("extensions.incredibar.vrsnTs", "1.5.11.148:15:03");
Found : user_pref("extensions.incredibar.vrsni", "1.5.11.14");
Found : user_pref("extensions.incredibar.vrsnts", "1.5.11.148:15:03");
Found : user_pref("extensions.incredibar_i.aflt", "orgnl");
Found : user_pref("extensions.incredibar_i.dfltLng", "");
Found : user_pref("extensions.incredibar_i.did", "10657");
Found : user_pref("extensions.incredibar_i.excTlbr", false);
Found : user_pref("extensions.incredibar_i.id", "9a65cef7000000000000001e64348cf3");
Found : user_pref("extensions.incredibar_i.installerproductid", "26");
Found : user_pref("extensions.incredibar_i.instlDay", "15503");
Found : user_pref("extensions.incredibar_i.instlRef", "");
Found : user_pref("extensions.incredibar_i.ms_url_id", "");
Found : user_pref("extensions.incredibar_i.newTab", false);
Found : user_pref("extensions.incredibar_i.ppd", "");
Found : user_pref("extensions.incredibar_i.prdct", "incredibar");
Found : user_pref("extensions.incredibar_i.productid", "26");
Found : user_pref("extensions.incredibar_i.prtnrId", "Incredibar");
Found : user_pref("extensions.incredibar_i.smplGrp", "none");
Found : user_pref("extensions.incredibar_i.tlbrId", "base");
Found : user_pref("extensions.incredibar_i.tlbrSrchUrl", "hxxp://mystart.Incredibar.com/?a=6OyEHkzSSo&loc=IB[...]
Found : user_pref("extensions.incredibar_i.upn2", "6OyEHkzSSo");
Found : user_pref("extensions.incredibar_i.upn2n", "92261571160651468");
Found : user_pref("extensions.incredibar_i.vrsn", "1.5.11.14");
Found : user_pref("extensions.incredibar_i.vrsnTs", "1.5.11.148:15:03");
Found : user_pref("extensions.incredibar_i.vrsni", "1.5.11.14");
Found : user_pref("keyword.URL", "hxxp://mystart.incredibar.com/mb155/?loc=IB_DS&a=6OyEHkzSSo&&i=26&search="[...]
Found : user_pref("{336D0C35-8A85-403a-B9D2-65C292C39087}.ScriptData_WSG_whiteList", "{\"search.babylon.com\[...]

Profile name : default-1339507078693 [Profil par défaut]
File : C:\Users\JoeCool\AppData\Roaming\Mozilla\Firefox\Profiles\v2v7uv93.default-1339507078693\prefs.js

[OK] File is clean.

-\\ Google Chrome v [Unable to get version]

File : C:\Users\JoeCool\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [18564 octets] - [22/07/2012 21:54:00]

########## EOF - C:\AdwCleaner[R1].txt - [18693 octets] ##########
         

Alt 22.07.2012, 21:09   #15
t'john
/// Helfer-Team
 
GVU Trojaner mit Kamera - Standard

GVU Trojaner mit Kamera



Sehr gut!


  • Schließe alle offenen Programme und Browser.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Delete.
  • Bestätige jeweils mit Ok.
  • Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[S1].txt.




danach:


Malware-Scan mit Emsisoft Anti-Malware

Lade die Gratisversion von => Emsisoft Anti-Malware herunter und installiere das Programm.
Lade über Jetzt Updaten die aktuellen Signaturen herunter.
Wähle den Freeware-Modus aus.

Wähle Detail Scan und starte über den Button Scan die Überprüfung des Computers.
Am Ende des Scans nichts loeschen lassen!. Mit Klick auf Bericht speichern das Logfile auf dem Desktop speichern und hier in den Thread posten.

Anleitung: http://www.trojaner-board.de/103809-...i-malware.html
__________________
Mfg, t'john
Das TB unterstützen

Antwort

Themen zu GVU Trojaner mit Kamera
.dll, appdatalow, avg, avg secure search, cftmon.lnk, desktop, firefox, go_0molg.pad, gvu trojaner, gvu trojaner 2.07, gvu trojaner entfernen, gvu trojaner mit webcam, gvu-trojaner, infizierte dateien, internet, kaspersky, locker, plug-in, programm, registry, reveton.c, safer networking, secure search, softonic, verweise, warnung, webcam gvu trojaner, webcamfenster, windowsunlocker




Ähnliche Themen: GVU Trojaner mit Kamera


  1. WLAN-Pakete holen Kamera-Drohne vom Himmel
    Nachrichten - 10.08.2015 (0)
  2. Kamera Canon Eos D 700 und 550 - Ferngesteuert bzw. Menüpunkte schwinden
    Netzwerk und Hardware - 26.05.2015 (8)
  3. EXP/CVE-2010-2568.A und W32/Virut.Gen auf Kamera
    Plagegeister aller Art und deren Bekämpfung - 22.05.2014 (7)
  4. Probleme mit der Kamera/Grafikkarte
    Netzwerk und Hardware - 09.02.2014 (1)
  5. Ich suche eine IP Kamera ohne Portweiterleitung
    Netzwerk und Hardware - 02.02.2014 (6)
  6. Mich hat es mit GVU (mit Kamera) erwischt
    Plagegeister aller Art und deren Bekämpfung - 29.05.2013 (1)
  7. 100 Euro Kamera; Mikro; 48 stunden Virus
    Alles rund um Windows - 18.01.2013 (2)
  8. GVU-Trojaner mit Kamera - Laptop befallen
    Log-Analyse und Auswertung - 03.01.2013 (14)
  9. Win7 32-bit: GVU 2.07 mit Kamera
    Log-Analyse und Auswertung - 05.11.2012 (45)
  10. GUV Trojaner mit Kamera eingefangen
    Log-Analyse und Auswertung - 19.09.2012 (1)
  11. Web-Kamera lässt sich nicht abstellen
    Plagegeister aller Art und deren Bekämpfung - 06.08.2012 (41)
  12. GUV Trojaner mit Kamera eingefangen
    Plagegeister aller Art und deren Bekämpfung - 17.07.2012 (9)
  13. Trojaner mit Zahlunsgaufforderung und Kamera
    Log-Analyse und Auswertung - 29.06.2012 (1)
  14. Laptop Kamera Spanner
    Plagegeister aller Art und deren Bekämpfung - 11.02.2012 (15)
  15. Missgeschick: Kamera mit Virus
    Nachrichten - 25.06.2010 (0)
  16. Kamera als Webcam
    Netzwerk und Hardware - 11.10.2009 (4)
  17. 1300k Pixel PC Kamera mit 6LEDS und Mikrofon
    Mülltonne - 20.11.2006 (1)

Zum Thema GVU Trojaner mit Kamera - Hallo, hab (hatte?) mir den GVU Trojaner mit Kamera eingefangen. Habs zuerst erfolglos mit Kaspersky Windowsunlocker versucht. Hat nix gebracht. Dann aus abgesicherten Modus Sys-Wiederherstellung. Anschließend dann (in dieser Reihenfolge - GVU Trojaner mit Kamera...
Archiv
Du betrachtest: GVU Trojaner mit Kamera auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.