Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
Polizei Trojaner mit Webcamfenster - Aufforderung zur Zahlung von 100€

Polizei Trojaner mit Webcamfenster - Aufforderung zur Zahlung von 100€


Plagegeister aller Art und deren Bekämpfung: Polizei Trojaner mit Webcamfenster - Aufforderung zur Zahlung von 100€

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 14.08.2012, 12:43   #1
sharebär
 
Polizei Trojaner mit Webcamfenster - Aufforderung zur Zahlung von 100€ - Standard

Polizei Trojaner mit Webcamfenster - Aufforderung zur Zahlung von 100€


Hallo,

ich habe mir heute auch zum ersten Mal diesen Polizeitojaner eingefangen. Wohl die neuere Version mit der Webcam rechts oben (Betriebssystem: Windows 7, 64bit).
Mein bisheriges Vorgehen: Ich habe den Laptop ausgeschaltet (Ausschaltknopf lange gedrückt), danach im abgesichtern Modus wieder hochgefahren und das System auf den Stand von vor ca. zwei Wochen wiederhergestellt (Windows-Systemwiederherstellung). Dann habe ich mit Malwarebytes einen vollständigen Scan durchgeführt. Eine schädliche Datei wurde gefunden. Diese habe ich mit Malwarebytes gelöscht und das System anschließend wie gefordert neugestartet. Im Anhang findet ihr die Log-Datei.


Es scheint alles promblemlos zu finktionieren. Ist der Trojaner damit entfernt?

Gruß

frank

Alt 14.08.2012, 16:45   #2
t'john
/// Helfer-Team
 
Polizei Trojaner mit Webcamfenster - Aufforderung zur Zahlung von 100€ - Standard

Polizei Trojaner mit Webcamfenster - Aufforderung zur Zahlung von 100€




CustomScan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop. Falls schon vorhanden, bitte die ältere vorhandene Datei durch die neu heruntergeladene Datei ersetzen, damit du auch wirklich mit einer aktuellen Version von OTL arbeitest.

  • Starte bitte die OTL.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet

Code:
ATTFilter
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\*.*
%APPDATA%\*AcroIEH*.*
%APPDATA%\*.exe
%APPDATA%\*.tmp
CREATERESTOREPOINT
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Klick auf .
  • Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread
__________________

__________________
Alt 14.08.2012, 19:15   #3
sharebär
 
Polizei Trojaner mit Webcamfenster - Aufforderung zur Zahlung von 100€ - Standard

Polizei Trojaner mit Webcamfenster - Aufforderung zur Zahlung von 100€


Vielen Dank schonmal für die extrem schnelle Hilfe!

Im Anhang ist der OTL-log.


Grüße

frank

OTL EXTRAS Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 14.08.2012 19:34:20 - Run 1
OTL by OldTimer - Version 3.2.57.0     Folder = C:\Users\Frank\Downloads
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,75 Gb Total Physical Memory | 2,12 Gb Available Physical Memory | 56,49% Memory free
7,49 Gb Paging File | 5,35 Gb Available in Paging File | 71,51% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 232,73 Gb Total Space | 132,14 Gb Free Space | 56,78% Space Free | Partition Type: NTFS
Drive D: | 232,64 Gb Total Space | 129,31 Gb Free Space | 55,58% Space Free | Partition Type: NTFS
Drive G: | 423,93 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: FRANK-TOSH | User Name: Frank | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-3022412598-1715788579-1025777123-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{051035E8-684F-461B-A0C8-04E585819928}" = lport=139 | protocol=6 | dir=in | app=system | 
"{09FF1053-FAF6-487E-A700-4869C655644B}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{218DFC4D-2B19-48DA-91F8-3F04003750F4}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{3734584A-1474-438E-990C-C819542F7B63}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{3B1FDB57-81E3-44D4-B596-230D0E1CFB68}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{44E7980D-C003-4BBE-81DC-00F8FC5208EE}" = lport=137 | protocol=17 | dir=in | app=system | 
"{4FDF198E-2710-46DD-B242-F34F355018BB}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{5478F211-0195-4C2C-B3B3-27E61F93B09B}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{59B78098-E4C2-4A33-ABA2-F248BC56A55E}" = rport=139 | protocol=6 | dir=out | app=system | 
"{68D32077-555B-4D63-AB0A-C4DB9632EF18}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{76AD10A9-317E-42AE-A24E-27FF42FB2DDE}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{881E9E39-18B0-45B7-ACAD-A996932EF58C}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{9E29EDC6-6056-46E4-8F4A-00F0A52120D8}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{A2E993D2-4514-48E1-B35A-B4A133E9B5B0}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{A4BD1F2F-88FE-4707-B83C-8E00B03EE6EF}" = rport=137 | protocol=17 | dir=out | app=system | 
"{A9EA2AA0-C45F-469D-B3E5-07B7FE9783DE}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{B13E283B-4A66-4599-BBC5-3556232C8393}" = rport=445 | protocol=6 | dir=out | app=system | 
"{BA5C8C8D-DFA5-41B5-9B2A-5EC2FE1930BD}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe | 
"{C097D377-F9B4-46C3-BCA9-086678D365FE}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{C55E884D-0E42-4AB0-875D-E42474ACF324}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{D5182C86-62D7-4689-B63A-ACF599F309C8}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{D99CE9ED-44E4-485D-A112-F930C94721D1}" = rport=138 | protocol=17 | dir=out | app=system | 
"{E39F2357-4C40-4858-807F-9B946806BDAE}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{E65716B5-B802-4AE3-B9B4-4132D8109764}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{EFA8BD10-D941-46DD-AB14-35DAB15A52F6}" = lport=445 | protocol=6 | dir=in | app=system | 
"{FC42B69C-5DE0-40D7-9F4A-875E9E6B0B98}" = lport=138 | protocol=17 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01B5829D-130C-42FD-BEBD-2679BDE7D48F}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpfccopy.exe | 
"{05CE4723-7787-4FEF-A97F-5BBD4CB22604}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{0F745FC8-3F8E-4BB6-BAD1-6F6D47477FC8}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7m\icq.exe | 
"{1A3A08AC-31F8-446A-AC90-AF34F9868089}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe | 
"{20310882-67E5-446D-A499-F3EF1BF7D775}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | 
"{22831872-C13C-4C63-B972-FFE51ABECEDA}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe | 
"{228AB8E7-12FB-425D-9BF6-D5C8A35129D9}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgplgtupl.exe | 
"{25240B31-A9DF-4467-AFC5-6C38F82282B7}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe | 
"{281F5387-6D04-49A4-9437-BE14C0DA31F0}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{2A06E6DB-ABE7-4212-A414-B22772226E4F}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{2B8654D7-E3B2-498A-B873-2D0FC08A2247}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe | 
"{32A16995-9672-4199-A559-3EEF6D17DE74}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpzwiz01.exe | 
"{32A3A2FD-A3A0-465F-A705-73303E6D8823}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{3C1EF463-7DF6-4F17-A62B-14026FBCDFAB}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpofxs08.exe | 
"{3CCDF667-7D11-4809-9CD3-4AB88B3F32A6}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{47D4795B-46C6-497E-9D4B-6AFB359D5E26}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{4F14A7D2-25DD-46CF-BBAF-F1F2BD451D35}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{50627758-CB57-4732-8B6F-CE8033F67739}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqste08.exe | 
"{50F0B485-93EE-42DA-BDB2-2DDE401A368F}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{5D2CF9BF-81C8-4F61-8DBE-D4414FA5E82B}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe | 
"{5D76FE33-E9B9-4AE9-9554-98BF734748B6}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | 
"{5E4E9C35-8B67-44BD-8076-B019D72F170C}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7m\icq.exe | 
"{60A62979-D751-4495-99A1-6AAC37CF371C}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7m\icq.exe | 
"{60EBD5A4-3060-410C-A07F-D0330B286414}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe | 
"{62984ACB-EC08-4303-B36C-B70D61EB1793}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
"{69C519C3-B2F3-4998-8C98-19F7FE0D124C}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe | 
"{6E9607EC-BB30-42A3-AFD0-03D0BBC6C54E}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqpse.exe | 
"{703326BC-C8DC-4AB1-9662-7D20FE9416DE}" = dir=in | app=c:\program files (x86)\hp\hp software update\hpwucli.exe | 
"{7653C8B5-584A-44DE-B62A-3F046118C21C}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | 
"{79669335-F790-4E71-B18A-C9AB7813604B}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{7B9F1983-7412-4176-A827-BE250E864D93}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe | 
"{7DEC3C7B-6605-4632-9602-1D837AB0628C}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe | 
"{80EA8FAC-9100-4647-AFCE-FB6A51D3A453}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{81BEAA7D-0A9F-461F-9593-68BCE28739A7}" = dir=in | app=c:\program files (x86)\common files\hp\digital imaging\bin\hpqphotocrm.exe | 
"{85765741-FE27-4371-84C1-979475C13217}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
"{85DA6223-22AA-4AFA-89F4-5F43C5F2BA45}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{873C8031-556B-40AF-AE1E-E64008DEC8C4}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqcopy2.exe | 
"{89B8CEE8-5F64-4B8F-93C9-8A069D2BEDF2}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpoews01.exe | 
"{91E570CB-CD49-4BCE-BE81-0ACC5150365E}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{94E0FBD0-56FB-4993-ACD6-E7A20BDA0D20}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe | 
"{97752723-C0F6-4E03-9BD1-8ABF05143099}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe | 
"{9A6C66E4-48F0-4403-94F4-87146F683F20}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgemca.exe | 
"{9C3B5AEE-47C1-4E85-B718-61FEB212AB39}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqsudi.exe | 
"{A73365F9-48BE-48F3-9FEC-7542E46B898D}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe | 
"{AFF39CA8-3F14-4AF6-9F0C-29E1523CE786}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{B07F4633-7B8E-49B2-9C11-F0C14AE431B7}" = dir=in | app=c:\users\frank\appdata\local\temp\7zs1088\setup\hpznui40.exe | 
"{B0DD3519-B4D8-4F5C-A5F8-B1F165FD6F9B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{B769445E-09EE-4B3D-AA26-B9C6CD24B8A5}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.7\icq.exe | 
"{B899CE22-8BE3-4219-BE4D-C4147D585046}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | 
"{B9A5D2F6-03BD-4F53-9D38-15DC039ADBC7}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
"{BCF8316C-0DCF-4622-8496-60865157C224}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe | 
"{BEA30C7A-13B4-426A-8A9F-00DA827742B5}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{C473E4EE-AE5E-4170-AE84-B329084D85BF}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgemca.exe | 
"{C48F9208-5A2B-4B0F-9315-1CDE6885AEE1}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe | 
"{C5B55062-7873-42DA-A9EA-197A9C6515A9}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{C96E0439-DED1-4E80-9BD0-D45693046E69}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7m\icq.exe | 
"{CE7ED52C-AE21-45DF-B7C0-17F84226232B}" = protocol=6 | dir=out | app=system | 
"{CF330A7B-6F27-4894-A95F-F12CF1571ED7}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgemca.exe | 
"{D019AC08-668E-4470-B3A1-0B230FAA0975}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgh.exe | 
"{D10D6C4B-DFF6-4F5D-A900-848AF8AA8A4C}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpofxm08.exe | 
"{D21AB191-E1FF-4306-853B-6E990EF12A2D}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgm.exe | 
"{D54DEDBA-D14E-40DF-8490-FAAD4EAD6592}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe | 
"{D7A57411-8A2C-4488-83D2-03E81D75BFC5}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{D83DA7FF-CF56-4B7F-AF8F-17E89D6F7945}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.7\icq.exe | 
"{D908037E-7C8D-4AF6-8C3D-C463B56E02C4}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{DA3CD508-7E4B-4F57-83CA-5046F612BD1C}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgpc01.exe | 
"{DB2B7C6B-6AE7-4C99-A74E-27A27C16D800}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposfx08.exe | 
"{DC9B6CDE-009B-4B22-B250-6E50E2049EA5}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{DF4CF181-2C0C-45A9-9151-BF191E0BEEC6}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqfxt08.exe | 
"{E534B491-B90A-4441-B6F1-03E196162771}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{E5859670-1871-45F3-ACF7-5636CFFF89E6}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqpsapp.exe | 
"{E639260F-1DBB-42F5-A8F2-8F7D7613E3FC}" = dir=in | app=c:\program files (x86)\hp\digital imaging\smart web printing\smartwebprintexe.exe | 
"{F1F39FD8-A41E-47E4-BF9B-D84397E5E7D0}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqnrs08.exe | 
"{F3102755-4470-400B-950A-3FFBAEDCAEAD}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{F4C39E0A-74D7-4BC6-8CC9-C5B3EF0625FE}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{F4EA482D-E67C-4B39-B74C-8A2FDC32E63D}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{F863CD7B-1F0B-4DF1-9DB3-03DCD1A62DE2}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgemca.exe | 
"{FADCD9F3-CE11-424B-B367-0994BA5F1286}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{FBB153B5-A77D-4F92-B81C-BB1890A30F0E}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{05EFBF37-0E52-4579-875C-7EEF0DFB4FCB}" = Network64
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP990_series" = Canon MP990 series MP Drivers
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{21E2A283-1416-AF26-6DA1-92FDE02224EB}" = ccc-utility64
"{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1" = Media Player Classic - Home Cinema v1.5.2.3456 x64
"{3C8159DD-1890-4625-A5B2-E3D8D78D4486}" = AVG 2012
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5792CD64-61B4-C448-0D22-3C51DD73AB2A}" = ATI Catalyst Install Manager
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{5FDC06BF-3D3D-4367-8FFB-4FAFCB61972D}" = Cisco Systems VPN Client 5.0.07.0440
"{6A76BEAF-6D1F-4273-A79B-DA8410A2E56B}" = Apple Mobile Device Support
"{6BFAB6C1-6D46-46DB-A538-A269907C9F2F}" = Network64
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{840A3BAA-4C68-4581-9C7A-6F8D6CF531B9}" = iTunes
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{90140000-006D-0407-1000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{988329F4-A1A1-4D51-803C-EF2725A97627}" = HP Photosmart All-In-One Driver Software 13.0 Rel. 2
"{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}" = TOSHIBA PC Health Monitor
"{A0E99122-25C1-4CA4-9063-499A2A814EB6}" = TOSHIBA ReelTime
"{AB071C8B-873C-459F-ACA9-9EBE03C3E89B}" = MSVC90_x64
"{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}" = TOSHIBA eco Utility
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Media Creator
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{C14518AF-1A0F-4D39-8011-69BAA01CD380}" = TOSHIBA Bulletin Board
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{D050583D-5CEC-47B1-88AA-8B328CAA8621}" = AVG 2012
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{E65C7D8E-186D-484B-BEA8-DEF0331CE600}" = TRORMCLauncher
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
"{FF21C3E6-97FD-474F-9518-8DCBE94C2854}" = 64 Bit HP CIO Components Installer
"72A50F48CC5601190B9C4E74D81161693133E7F7" = Windows-Treiberpaket - Nokia Modem  (02/25/2011 7.01.0.9)
"AVG" = AVG 2012
"Broadcom 802.11 Network Adapter" = Broadcom 802.11 Network Adapter
"CNXT_AUDIO_HDA" = Conexant HD Audio
"CNXT_AUDIO_HDA_HDMI" = Conexant Audio Driver For AMD HDMI Codec
"E0AC723A3DE3A04256288CADBBB011B112AED454" = Windows-Treiberpaket - Nokia Modem  (02/25/2011 4.7)
"FCEC33AD40CEA5E0FC4CEE6E42041A0DA189652D" = Windows-Treiberpaket - Nokia pccsmcfd  (08/22/2008 7.0.0.0)
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Photosmart Essential" = HP Photosmart Essential 3.5
"HP Smart Web Printing" = HP Smart Web Printing 4.51
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"HPOCR" = OCR Software by I.R.I.S. 13.0
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Shop for HP Supplies" = Shop for HP Supplies
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WinRAR archiver" = WinRAR 4.01 (64-Bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{02950E10-1AA3-DF62-FED5-42CBD4ADC5C1}" = CCC Help Dutch
"{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}" = Messenger Companion
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{06E6E30D-B498-442F-A943-07DE41D7F785}" = Microsoft Search Enhancement Pack
"{073B89C3-BA88-41B5-965F-B35A88EAE838}" = TOSHIBA Supervisor Password
"{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = Bing Bar
"{08C8666B-C502-4AB3-B4CB-D74AC42D14FE}" = Nero BackItUp 10 Help (CHM)
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0EF5BEA9-B9D3-46d7-8958-FB69A0BAEACC}" = Status
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{0FF68F26-416C-4954-ACA5-6AD5F9DE99C1}" = Nero Multimedia Suite 10 Essentials
"{112B0ED9-57F8-4883-8E6A-5BEAABDABBC1}" = Crazy Machines II
"{118F5964-DA03-7B46-BDEA-7C3FA203D293}" = CCC Help Spanish
"{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support
"{162d74e4-7d6d-4949-8018-50e96e314696}" = C6200_Help
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{1B87C40B-A60B-4EF3-9A68-706CF4B69978}" = Toshiba Assist
"{1CF51B76-7485-410C-D06D-23D1060974D3}" = Catalyst Control Center Core Implementation
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1EC71BFB-01A3-4239-B6AF-B1AE656B15C0}" = TrayApp
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1F7FB68F-52F6-46A3-B42F-38CE46295AE5}" = Nero MediaHub 10
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20EFC9AA-BBC1-4DFD-81FF-99654F71CBF8}" = HPPhotoSmartDiscLabel_PrintOnDisc
"{21759FAC-AE5F-F171-EB4C-D2FBF66EDD04}" = CCC Help Czech
"{219B4856-468A-F0BB-8249-E630AD4E86C2}" = ccc-core-static
"{2290A680-4083-410A-ADCC-7092C67FC052}" = TOSHIBA Online Product Information
"{23EA31D7-28CD-F7B3-024C-6EB784F1BC79}" = CCC Help Russian
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{2D99A593-C841-43A7-B7C9-D6F3AE70B756}" = Nokia Connectivity Cable Driver
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2FF8C687-DB7D-4adc-A5DC-57983EC25046}" = DeviceDiscovery
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{31228E31-2BFF-11D2-8866-00805F0D9D40}" = QPST
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{33643918-7957-4839-92C7-EA96CB621A98}" = Nero Express 10 Help (CHM)
"{3669F19D-D7C2-3240-C4EC-A57DECC124FC}" = CCC Help Japanese
"{38A0161D-7CD3-51AD-0ACB-F46DD34D2FF6}" = CCC Help Greek
"{39670BCD-6300-21D8-78A4-ECD68D0C4D95}" = CCC Help Chinese Standard
"{3C92B2E6-380D-4fef-B4DF-4A3B4B669771}" = Copy
"{3D047C6C-19EE-46E3-C14B-9FA84260DF9B}" = Photo Service - powered by myphotobook
"{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}" = NVIDIA PhysX
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{440B915A-0C85-45DB-92AE-75AE14704A64}" = Fax
"{46A46830-50AA-3326-7A57-72BB03E6B3EC}" = CCC Help Hungarian
"{47984ADB-54E9-BE8F-E39F-8B1FAAD4B192}" = CCC Help Polish
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport
"{51123D42-6B9C-4B93-900C-29F9EC5963C9}" = NETGEAR WG111T 108Mbps Wireless USB2.0 Adapter
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
"{555868C6-49FB-484F-BB43-8980651A1B00}" = Nero BurnRights 10 Help (CHM)
"{5570C266-C606-85BC-6E23-C858566E02DB}" = CCC Help Swedish
"{5E620377-939F-3E6B-F328-4A69D9CA0D1B}" = CCC Help French
"{5E6F6CF3-BACC-4144-868C-E14622C658F3}" = TOSHIBA Web Camera Application
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{65F5F454-0029-045D-82ED-126F650B5C8F}" = Catalyst Control Center Graphics Previews Vista
"{66049135-9659-4AAD-9169-9CCA269EBB3E}" = Nero InfoTool 10 Help (CHM)
"{681B698F-C997-42C3-B184-B489C6CA24C9}" = HPPhotoSmartDiscLabelContent1
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{685B0843-6C8D-4E42-B60D-2B86B45526E0}" = PS_AIO_02_Software_Min
"{68AB6930-5BFF-4FF6-923B-516A91984FE6}" = Nero BackItUp 10
"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{6C29152D-3FF9-43B2-84E4-9B35FC0BF5C2}" = Vodafone Mobile Broadband Lite
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{70550193-1C22-445C-8FA4-564E155DB1A7}" = Nero Express 10
"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TOSHIBA Recovery Media Creator Reminder
"{781B39EC-2E18-41FC-9B00-B84E4FFCA85F}" = ICQ7M
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{836775DC-DC27-BC0C-7770-68E2591F6CC6}" = CCC Help Norwegian
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{86236CB1-023D-82B2-A706-74ECFFA91A8E}" = Catalyst Control Center Graphics Previews Common
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{8B4BD0EF-A058-3F42-0AD8-763267A735D0}" = Catalyst Control Center Graphics Full New
"{8BD785CF-30C7-4182-B250-0D5FCE78D4DD}" = Catalyst Control Center - Branding
"{8BE504E9-0677-87AC-07D2-1A1428E17A92}" = Catalyst Control Center InstallProxy
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E9CEA3B-EBD1-439C-A01D-830CB39613C6}" = TOSHIBA Hardware Setup
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.SingleImage_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.SingleImage_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.SingleImage_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.SingleImage_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90FF4432-21B7-4AF6-BA6E-FB8C1FED9173}" = Toshiba Manuals
"{91D25D3C-A6D8-78D4-CDE7-F70B93389A03}" = CCC Help Italian
"{92E25238-61A3-4ACD-A407-3C480EEF47A7}" = Nero RescueAgent 10 Help (CHM)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{943CFD7D-5336-47AF-9418-E02473A5A517}" = Nero BurnRights 10
"{94F8D42D-BB31-4858-9705-7D756D8D9655}" = PS_AIO_02_Software
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{983CD6FE-8320-4B80-A8F6-0D0366E0AA22}" = TOSHIBA Media Controller
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9CD5AC28-04E5-07A5-100D-953D2B3A8747}" = Catalyst Control Center Graphics Full Existing
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9E48FF52-082C-4CC2-BB67-6E10D09C0431}" = Windows Live UX Platform Language Pack
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A74F16FA-1D5B-405B-8D8D-1BC6F9DAED8B}" = Amazon.de
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC6569FA-6919-442A-8552-073BE69E247A}" = TOSHIBA Service Station
"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.6 - Deutsch
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{AD8D84C3-D43A-776D-E4A8-2A4433BCBD32}" = CCC Help Korean
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B0402CE4-783A-773C-239B-FF45BDFB400E}" = Catalyst Control Center Localization All
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B20F9D1C-A0A5-4cd8-8306-DA03872311B1}" = Belkin F7D1102 Surf Wireless Micro USB Adapter
"{B28635AB-1DF3-4F07-BFEA-975D911B549B}" = hpphotosmartdisclabelplugin
"{B32B60B9-C31B-3193-257A-2381305A0851}" = CCC Help German
"{B3B66630-DA7C-BD66-DFA4-F37AC82873EE}" = CCC Help Danish
"{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}" = TOSHIBA eco Utility
"{B4B2096B-B13E-408E-8985-BD07463D5487}" = PS_AIO_02_ProductContext
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B8615768-6D66-5E53-C4E1-6F7EC8D9BFFE}" = CCC Help English
"{B95B1BA9-F887-4B3C-8D3A-CCD4C4675120}" = Microsoft Default Manager
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C289841E-5B5F-0198-F3FF-CB361D007DA3}" = CCC Help Thai
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C373F7C4-05D2-4047-96D1-6AF30661C6AA}" = PC Connectivity Solution
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C7BC4EBB-D88F-019D-8ED0-F42F89096B18}" = CCC Help Turkish
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D0D14551-3A2D-433B-861F-F4DCE5422759}" = Nokia PC Suite
"{D10D079D-EFDA-9601-98F8-F935A2A411A0}" = CCC Help Chinese Traditional
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential
"{D86B0E2E-DF9A-441C-AF77-8D1A0FF00FA6}" = AIO_Scan
"{D9D8F2CF-FE2D-4644-9762-01F916FE90A9}" = HPPhotoSmartDiscLabel_PaperLabel
"{DBB7021A-3437-446F-ACE5-7261644A972C}" = Toshiba TEMPRO
"{DC635845-46D3-404B-BCB1-FC4A91091AFA}" = SmartWebPrinting
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DFD723B7-1762-73EC-32BC-A7D9E838808D}" = Catalyst Control Center Graphics Light
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E0FAA369-B0E3-48B8-9447-4873103B0012}" = TOSHIBA ConfigFree
"{E337E787-CF61-4B7B-B84F-509202A54023}" = Nero RescueAgent 10
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E819AA87-4215-D35A-6872-BF97C32A9DB3}" = CCC Help Finnish
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}" = TOSHIBA Media Controller Plug-in
"{F412B4AF-388C-4FF5-9B2F-33DB1C536953}" = Nero InfoTool 10
"{F467862A-D9CA-47ED-8D81-B4B3C9399272}" = Nero MediaHub 10 Help (CHM)
"{F5CB822F-B365-43D1-BCC0-4FDA1A2017A7}" = Nero 10 Movie ThemePack Basic
"{F6117F9C-ADB5-4590-9BE4-12C7BEC28702}" = Nero StartSmart 10 Help (CHM)
"{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}" = Nero StartSmart 10
"{F631F1BE-00B0-49CF-8DFB-9885975B27CD}" = C6200
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"{FD1F254C-48B2-A188-0127-03855BA15D16}" = CCC Help Portuguese
"{FDE58148-57E7-43BF-879A-29CCE818C078}" = eBay
"{FF2609E3-194C-44DB-A34F-20D02103B5F1}" = Bing Bar Platform
"5513-1208-7298-9440" = JDownloader 0.9
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"DAEMON Tools Lite" = DAEMON Tools Lite
"eu.myphotobook.001F9DF2D0BAABEB11F42CCEE43224607B61109C.1" = Photo Service - powered by myphotobook
"Free PDF to Word Doc Converter_is1" = Free PDF to Word Doc Converter v1.1
"FreeHideIP" = Free Hide IP
"InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"InstallShield_{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TOSHIBA Recovery Media Creator Reminder
"InstallShield_{A0E99122-25C1-4CA4-9063-499A2A814EB6}" = TOSHIBA ReelTime
"InstallShield_{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}" = TOSHIBA eco Utility
"InstallShield_{C14518AF-1A0F-4D39-8011-69BAA01CD380}" = TOSHIBA Bulletin Board
"InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"InstallShield_{E65C7D8E-186D-484B-BEA8-DEF0331CE600}" = TRORMCLauncher
"InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300
"Mozilla Firefox 14.0.1 (x86 de)" = Mozilla Firefox 14.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Nokia PC Suite" = Nokia PC Suite
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"Office14.SingleImage" = Microsoft Office Home and Student 2010
"OpenAL" = OpenAL
"TOSHIBA Game Console" = WildTangent ORB Game Console
"VLC media player" = VLC media player 2.0.1
"WildTangent toshiba Master Uninstall" = WildTangent-Spiele
"WinLiveSuite" = Windows Live Essentials
"Write-N-Cite" = Write-N-Cite
"WT088682" = Bejeweled 2 Deluxe
"WT088696" = Chuzzle Deluxe
"WT088759" = Polar Bowler
"WT089367" = Farm Mania 2
"WT089378" = Jewel Quest II
"WT089380" = Penguins!
"WT089381" = Slingo Supreme
"WT089388" = Zuma Deluxe
"WT089395" = Plants vs. Zombies - Game of the Year
"WT089404" = Fishdom
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 15.07.2012 11:25:11 | Computer Name = Frank-TOSH | Source = VmbService | ID = 0
Description = conflictManagerTypeValue
 
Error - 16.07.2012 01:47:59 | Computer Name = Frank-TOSH | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: TosBtAvAC.exe, Version: 7.10.4820.1,
 Zeitstempel: 0x4bf4f85a  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7600.16915,
 Zeitstempel: 0x4ec49d10  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00033242  ID des fehlerhaften
 Prozesses: 0x1560  Startzeit der fehlerhaften Anwendung: 0x01cd629e3e9ee9b8  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtAvAC.exe
Pfad
 des fehlerhaften Moduls: C:\Windows\SysWOW64\ntdll.dll  Berichtskennung: cc1b15c4-cf09-11e1-823e-e68dd184279f
 
Error - 17.07.2012 12:09:05 | Computer Name = Frank-TOSH | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
 (x86)\Nokia\Nokia PC Suite 7\TIS_Windows7PIM.dll".  Die abhängige Assemblierung "Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 20.07.2012 02:27:47 | Computer Name = Frank-TOSH | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
 (x86)\Nokia\Nokia PC Suite 7\TIS_Windows7PIM.dll".  Die abhängige Assemblierung "Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 24.07.2012 09:13:15 | Computer Name = Frank-TOSH | Source = VmbService | ID = 0
Description = conflictManagerTypeValue
 
Error - 27.07.2012 11:03:15 | Computer Name = Frank-TOSH | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
 (x86)\Nokia\Nokia PC Suite 7\TIS_Windows7PIM.dll".  Die abhängige Assemblierung "Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 28.07.2012 00:35:56 | Computer Name = Frank-TOSH | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: TosBtAvAC.exe, Version: 7.10.4820.1,
 Zeitstempel: 0x4bf4f85a  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7600.16915,
 Zeitstempel: 0x4ec49d10  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00033242  ID des fehlerhaften
 Prozesses: 0x1ad4  Startzeit der fehlerhaften Anwendung: 0x01cd699e3bd0ea3e  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtAvAC.exe
Pfad
 des fehlerhaften Moduls: C:\Windows\SysWOW64\ntdll.dll  Berichtskennung: b857a260-d86d-11e1-9021-a0bf58cda68b
 
Error - 31.07.2012 14:11:01 | Computer Name = Frank-TOSH | Source = VmbService | ID = 0
Description = conflictManagerTypeValue
 
Error - 31.07.2012 23:48:09 | Computer Name = Frank-TOSH | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: TosBtAvAC.exe, Version: 7.10.4820.1,
 Zeitstempel: 0x4bf4f85a  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7600.16915,
 Zeitstempel: 0x4ec49d10  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00033242  ID des fehlerhaften
 Prozesses: 0x1614  Startzeit der fehlerhaften Anwendung: 0x01cd6f47f30169af  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtAvAC.exe
Pfad
 des fehlerhaften Moduls: C:\Windows\SysWOW64\ntdll.dll  Berichtskennung: b53196b2-db8b-11e1-bcdb-9e2ddef7c593
 
Error - 01.08.2012 00:19:16 | Computer Name = Frank-TOSH | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
 (x86)\Nokia\Nokia PC Suite 7\TIS_Windows7PIM.dll".  Die abhängige Assemblierung "Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
[ System Events ]
Error - 14.08.2012 04:50:22 | Computer Name = Frank-TOSH | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 14.08.2012 04:50:22 | Computer Name = Frank-TOSH | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 14.08.2012 04:51:56 | Computer Name = Frank-TOSH | Source = Service Control Manager | ID = 7001
Description = Der Dienst "PnP-X-IP-Busenumerator" ist vom Dienst "Funktionssuchanbieter-Host"
 abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 14.08.2012 04:52:13 | Computer Name = Frank-TOSH | Source = DCOM | ID = 10005
Description = 
 
Error - 14.08.2012 05:01:50 | Computer Name = Frank-TOSH | Source = DCOM | ID = 10016
Description = 
 
Error - 14.08.2012 07:10:46 | Computer Name = Frank-TOSH | Source = DCOM | ID = 10016
Description = 
 
Error - 14.08.2012 07:12:00 | Computer Name = Frank-TOSH | Source = bowser | ID = 8003
Description = 
 
Error - 14.08.2012 08:54:28 | Computer Name = Frank-TOSH | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?14.?08.?2012 um 14:51:23 unerwartet heruntergefahren.
 
Error - 14.08.2012 08:55:32 | Computer Name = Frank-TOSH | Source = bowser | ID = 8003
Description = 
 
Error - 14.08.2012 08:55:34 | Computer Name = Frank-TOSH | Source = DCOM | ID = 10016
Description = 
 
 
< End of report >
--- --- ---
__________________
Alt 14.08.2012, 20:40   #4
t'john
/// Helfer-Team
 
Polizei Trojaner mit Webcamfenster - Aufforderung zur Zahlung von 100€ - Standard

Polizei Trojaner mit Webcamfenster - Aufforderung zur Zahlung von 100€


wo ist die OTL.txt?
__________________
Mfg, t'john
Das TB unterstützen

Alt 15.08.2012, 09:14   #5
sharebär
 
Polizei Trojaner mit Webcamfenster - Aufforderung zur Zahlung von 100€ - Standard

Polizei Trojaner mit Webcamfenster - Aufforderung zur Zahlung von 100€


Die OTL.txt war zu groß für den Anhang...

Habe sie hier hochgeladen:

hxxp://www.uploadarea.de/files/jicfan7ttt1jl8h59nwmbsnef.txt


Ich hoffe das geht auch. Bin echt so dankbar für die Hilfe hier


Alt 15.08.2012, 10:55   #6
t'john
/// Helfer-Team
 
Polizei Trojaner mit Webcamfenster - Aufforderung zur Zahlung von 100€ - Standard

Polizei Trojaner mit Webcamfenster - Aufforderung zur Zahlung von 100€


Ist Zippen ein Begriff fuer dich?

Fixen mit OTL

Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).

  • Deaktiviere etwaige Virenscanner wie Avira, Kaspersky etc.
  • Starte die OTL.exe.
    Vista- und Windows 7-User starten mit Rechtsklick auf das Programm-Icon und wählen "Als Administrator ausführen".
  • Kopiere folgendes Skript in das Textfeld unterhalb von Benuterdefinierte Scans/Fixes:


Code:
ATTFilter
:OTL
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {C43DBF5E-D1A0-4EBD-80BE-C3D9D766BCBD} 
IE:64bit: - HKLM\..\SearchScopes\{C43DBF5E-D1A0-4EBD-80BE-C3D9D766BCBD}: "URL" = http://www.bing.com/search?q={searchTerms}&form=TSHMDF&pc=MATM&src=IE-SearchBox 
IE - HKLM\..\SearchScopes,DefaultScope = {053E8DA7-509A-458D-AEF4-C5862F3F30A9} 
IE - HKLM\..\SearchScopes\{053E8DA7-509A-458D-AEF4-C5862F3F30A9}: "URL" = http://www.bing.com/search?q={searchTerms}&form=TSHMDF&pc=MATM&src=IE-SearchBox 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 
IE - HKU\S-1-5-21-3022412598-1715788579-1025777123-1000\..\SearchScopes,DefaultScope = {053E8DA7-509A-458D-AEF4-C5862F3F30A9} 
IE - HKU\S-1-5-21-3022412598-1715788579-1025777123-1000\..\SearchScopes\{0A38BE73-35C7-4053-AFE1-3E60DE8F25B2}: "URL" = http://rover.ebay.com/rover/1/707-44556-9400-9/4?satitle={searchTerms} 
IE - HKU\S-1-5-21-3022412598-1715788579-1025777123-1000\..\SearchScopes\{F05E788E-068E-4DDD-9BF9-AB28429D5D7C}: "URL" = http://www.amazon.de/gp/search?ie=UTF8&keywords={searchTerms}&tag=tochibade-win7-ie-search-21&index=blended&linkCode=ur2 
IE - HKU\S-1-5-21-3022412598-1715788579-1025777123-1000\..\SearchScopes\{FF7D4BD9-77EF-4430-A2E5-5A4F2BAE8467}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=HIP&o=102875&src=kw&q={searchTerms}&locale=&apn_ptnrs=6F&apn_dtid=YYYYYYYYDE&apn_uid=785f9630-2dc5-4287-827f-35a728ae8c0b&apn_sauid=0ED8A062-FABC-4AE0-8EA2-84493A5DDA3C 
IE - HKU\S-1-5-21-3022412598-1715788579-1025777123-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 
IE - HKU\S-1-5-21-3022412598-1715788579-1025777123-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local 
IE - HKU\S-1-5-21-3022412598-1715788579-1025777123-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=;ftp=;https=; 
FF - prefs.js..browser.search.defaultengine: "Google" 
FF - prefs.js..browser.search.defaultenginename: "Google" 
FF - prefs.js..browser.search.order.1: "Ask.com" 
FF - prefs.js..browser.startup.homepage: "http://www.google.de/" 
FF - user.js - File not found 
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found 
O2:64bit: - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\MSKAPB~1.DLL File not found 
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll File not found 
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. 
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. 
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found 
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found 
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe) 
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe) 
O4 - Startup: C:\Users\Frank\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe) 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1 
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) 
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) 
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) 
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found 
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found 
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. 
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. 
O32 - HKLM CDRom: AutoRun - 1 
O32 - AutoRun File - [2009.04.16 15:43:51 | 000,000,044 | R--- | M] () - G:\Autorun.inf -- [ CDFS ] 
O33 - MountPoints2\{325d50ea-c757-11e1-9e6a-95382ceb7c5c}\Shell - "" = AutoRun 
O33 - MountPoints2\{325d50ea-c757-11e1-9e6a-95382ceb7c5c}\Shell\AutoRun\command - "" = F:\setup_vmb_lite.exe /checkApplicationPresence 
O33 - MountPoints2\{38480749-b85c-11e1-92ff-abc0e7446c49}\Shell - "" = AutoRun 
O33 - MountPoints2\{38480749-b85c-11e1-92ff-abc0e7446c49}\Shell\AutoRun\command - "" = F:\AutoRun.exe 
O33 - MountPoints2\{48bd6db6-1930-11e1-891c-00266cb0d4d8}\Shell - "" = AutoRun 
O33 - MountPoints2\{48bd6db6-1930-11e1-891c-00266cb0d4d8}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a 
O33 - MountPoints2\{4ec10159-df67-11e0-b3cc-00266cb0d4d8}\Shell - "" = AutoRun 
O33 - MountPoints2\{4ec10159-df67-11e0-b3cc-00266cb0d4d8}\Shell\AutoRun\command - "" = F:\AutoRun.exe 
O33 - MountPoints2\{4ec10167-df67-11e0-b3cc-00266cb0d4d8}\Shell - "" = AutoRun 
O33 - MountPoints2\{4ec10167-df67-11e0-b3cc-00266cb0d4d8}\Shell\AutoRun\command - "" = F:\AutoRun.exe 
O33 - MountPoints2\{4ec10172-df67-11e0-b3cc-00266cb0d4d8}\Shell - "" = AutoRun 
O33 - MountPoints2\{4ec10172-df67-11e0-b3cc-00266cb0d4d8}\Shell\AutoRun\command - "" = I:\Install.exe 
O33 - MountPoints2\{5312cd71-ddd0-11e0-8562-00266cb0d4d8}\Shell - "" = AutoRun 
O33 - MountPoints2\{5312cd71-ddd0-11e0-8562-00266cb0d4d8}\Shell\AutoRun\command - "" = F:\AutoRun.exe 
O33 - MountPoints2\{5312cd73-ddd0-11e0-8562-00266cb0d4d8}\Shell - "" = AutoRun 
O33 - MountPoints2\{5312cd73-ddd0-11e0-8562-00266cb0d4d8}\Shell\AutoRun\command - "" = F:\AutoRun.exe 
O33 - MountPoints2\{5312cd93-ddd0-11e0-8562-00266cb0d4d8}\Shell - "" = AutoRun 
O33 - MountPoints2\{5312cd93-ddd0-11e0-8562-00266cb0d4d8}\Shell\AutoRun\command - "" = F:\AutoRun.exe 
O33 - MountPoints2\{5312cd99-ddd0-11e0-8562-00266cb0d4d8}\Shell - "" = AutoRun 
O33 - MountPoints2\{5312cd99-ddd0-11e0-8562-00266cb0d4d8}\Shell\AutoRun\command - "" = H:\AutoRun.exe 
O33 - MountPoints2\{5312cdc3-ddd0-11e0-8562-00266cb0d4d8}\Shell - "" = AutoRun 
O33 - MountPoints2\{5312cdc3-ddd0-11e0-8562-00266cb0d4d8}\Shell\AutoRun\command - "" = G:\AutoRun.exe 
O33 - MountPoints2\{5312cdc8-ddd0-11e0-8562-00266cb0d4d8}\Shell - "" = AutoRun 
O33 - MountPoints2\{5312cdc8-ddd0-11e0-8562-00266cb0d4d8}\Shell\AutoRun\command - "" = H:\AutoRun.exe 
O33 - MountPoints2\{5312cde7-ddd0-11e0-8562-00266cb0d4d8}\Shell - "" = AutoRun 
O33 - MountPoints2\{5312cde7-ddd0-11e0-8562-00266cb0d4d8}\Shell\AutoRun\command - "" = G:\AutoRun.exe 
O33 - MountPoints2\{5312cdeb-ddd0-11e0-8562-00266cb0d4d8}\Shell - "" = AutoRun 
O33 - MountPoints2\{5312cdeb-ddd0-11e0-8562-00266cb0d4d8}\Shell\AutoRun\command - "" = G:\AutoRun.exe 
O33 - MountPoints2\{6d4d909e-bdcb-11e1-9e9e-d6bf099ab979}\Shell - "" = AutoRun 
O33 - MountPoints2\{6d4d909e-bdcb-11e1-9e9e-d6bf099ab979}\Shell\AutoRun\command - "" = F:\setup_vmb_lite.exe /checkApplicationPresence 
O33 - MountPoints2\{8dc06649-dd30-11e0-a69e-00266cb0d4d8}\Shell - "" = AutoRun 
O33 - MountPoints2\{8dc06649-dd30-11e0-a69e-00266cb0d4d8}\Shell\AutoRun\command - "" = F:\AutoRun.exe 
O33 - MountPoints2\{8dc0664e-dd30-11e0-a69e-00266cb0d4d8}\Shell - "" = AutoRun 
O33 - MountPoints2\{8dc0664e-dd30-11e0-a69e-00266cb0d4d8}\Shell\AutoRun\command - "" = G:\AutoRun.exe 
O33 - MountPoints2\{8eb74e95-e801-11e0-a425-00266cb0d4d8}\Shell - "" = AutoRun 
O33 - MountPoints2\{8eb74e95-e801-11e0-a425-00266cb0d4d8}\Shell\AutoRun\command - "" = G:\StartUp.exe -- [2011.02.24 17:45:20 | 000,646,392 | R--- | M] (dtp entertainment AG) 
O33 - MountPoints2\{907bd140-b5f2-11e1-94ee-92b89e72a2de}\Shell - "" = AutoRun 
O33 - MountPoints2\{907bd140-b5f2-11e1-94ee-92b89e72a2de}\Shell\AutoRun\command - "" = I:\AutoRun.exe 
O33 - MountPoints2\{907bd158-b5f2-11e1-94ee-92b89e72a2de}\Shell - "" = AutoRun 
O33 - MountPoints2\{907bd158-b5f2-11e1-94ee-92b89e72a2de}\Shell\AutoRun\command - "" = I:\AutoRun.exe 
O33 - MountPoints2\{907bd20f-b5f2-11e1-94ee-92b89e72a2de}\Shell - "" = AutoRun 
O33 - MountPoints2\{907bd20f-b5f2-11e1-94ee-92b89e72a2de}\Shell\AutoRun\command - "" = I:\AutoRun.exe 
O33 - MountPoints2\{907bd213-b5f2-11e1-94ee-92b89e72a2de}\Shell - "" = AutoRun 
O33 - MountPoints2\{907bd213-b5f2-11e1-94ee-92b89e72a2de}\Shell\AutoRun\command - "" = I:\AutoRun.exe 
O33 - MountPoints2\{907bd22d-b5f2-11e1-94ee-92b89e72a2de}\Shell - "" = AutoRun 
O33 - MountPoints2\{907bd22d-b5f2-11e1-94ee-92b89e72a2de}\Shell\AutoRun\command - "" = H:\setup_vmb_lite.exe /checkApplicationPresence 
O33 - MountPoints2\{9b021c8b-b7e8-11e1-9625-ac310c45d95f}\Shell - "" = AutoRun 
O33 - MountPoints2\{9b021c8b-b7e8-11e1-9625-ac310c45d95f}\Shell\AutoRun\command - "" = F:\setup_vmb_lite.exe /checkApplicationPresence 
O33 - MountPoints2\{a928fb69-f88c-11e0-b9eb-00266cb0d4d8}\Shell - "" = AutoRun 
O33 - MountPoints2\{a928fb69-f88c-11e0-b9eb-00266cb0d4d8}\Shell\AutoRun\command - "" = F:\AutoRun.exe 
O33 - MountPoints2\{a928fb74-f88c-11e0-b9eb-00266cb0d4d8}\Shell - "" = AutoRun 
O33 - MountPoints2\{a928fb74-f88c-11e0-b9eb-00266cb0d4d8}\Shell\AutoRun\command - "" = F:\AutoRun.exe 
O33 - MountPoints2\{ac629117-b3f7-11e1-b55b-d8b51b84947c}\Shell - "" = AutoRun 
O33 - MountPoints2\{ac629117-b3f7-11e1-b55b-d8b51b84947c}\Shell\AutoRun\command - "" = F:\AutoRun.exe 
O33 - MountPoints2\{ac62911a-b3f7-11e1-b55b-d8b51b84947c}\Shell - "" = AutoRun 
O33 - MountPoints2\{ac62911a-b3f7-11e1-b55b-d8b51b84947c}\Shell\AutoRun\command - "" = F:\AutoRun.exe 
O33 - MountPoints2\{d21dbf8b-7d75-11e1-bb82-00266cb0d4d8}\Shell - "" = AutoRun 
O33 - MountPoints2\{d21dbf8b-7d75-11e1-bb82-00266cb0d4d8}\Shell\AutoRun\command - "" = F:\setup_vmb_lite.exe /checkApplicationPresence 
O33 - MountPoints2\{d21dbf99-7d75-11e1-bb82-00266cb0d4d8}\Shell - "" = AutoRun 
O33 - MountPoints2\{d21dbf99-7d75-11e1-bb82-00266cb0d4d8}\Shell\AutoRun\command - "" = F:\setup_vmb_lite.exe /checkApplicationPresence 
O33 - MountPoints2\{e392781d-b705-11e1-b532-4cedde97a17e}\Shell - "" = AutoRun 
O33 - MountPoints2\{e392781d-b705-11e1-b532-4cedde97a17e}\Shell\AutoRun\command - "" = F:\setup_vmb_lite.exe /checkApplicationPresence 
O33 - MountPoints2\{e9a6dcab-b887-11e1-8284-4cedde97a17e}\Shell - "" = AutoRun 
O33 - MountPoints2\{e9a6dcab-b887-11e1-8284-4cedde97a17e}\Shell\AutoRun\command - "" = H:\setup_vmb_lite.exe /checkApplicationPresence 
O33 - MountPoints2\{f6a16d1e-611f-11e1-a5c4-00266cb0d4d8}\Shell - "" = AutoRun 
O33 - MountPoints2\{f6a16d1e-611f-11e1-a5c4-00266cb0d4d8}\Shell\AutoRun\command - "" = I:\AutoRun.exe 
O33 - MountPoints2\{f6a16d2a-611f-11e1-a5c4-00266cb0d4d8}\Shell - "" = AutoRun 
O33 - MountPoints2\{f6a16d2a-611f-11e1-a5c4-00266cb0d4d8}\Shell\AutoRun\command - "" = J:\AutoRun.exe 
O33 - MountPoints2\{f6a16d43-611f-11e1-a5c4-00266cb0d4d8}\Shell - "" = AutoRun 
O33 - MountPoints2\{f6a16d43-611f-11e1-a5c4-00266cb0d4d8}\Shell\AutoRun\command - "" = J:\AutoRun.exe 
O33 - MountPoints2\{f6a16d4d-611f-11e1-a5c4-00266cb0d4d8}\Shell - "" = AutoRun 
O33 - MountPoints2\{f6a16d4d-611f-11e1-a5c4-00266cb0d4d8}\Shell\AutoRun\command - "" = J:\AutoRun.exe 
O33 - MountPoints2\{f6a16d58-611f-11e1-a5c4-00266cb0d4d8}\Shell - "" = AutoRun 
O33 - MountPoints2\{f6a16d58-611f-11e1-a5c4-00266cb0d4d8}\Shell\AutoRun\command - "" = I:\AutoRun.exe 
O33 - MountPoints2\{f6a16f0b-611f-11e1-a5c4-00266cb0d4d8}\Shell - "" = AutoRun 
O33 - MountPoints2\{f6a16f0b-611f-11e1-a5c4-00266cb0d4d8}\Shell\AutoRun\command - "" = F:\setup_vmb_lite.exe /checkApplicationPresence 
O33 - MountPoints2\{f6a16f2c-611f-11e1-a5c4-00266cb0d4d8}\Shell - "" = AutoRun 
O33 - MountPoints2\{f6a16f2c-611f-11e1-a5c4-00266cb0d4d8}\Shell\AutoRun\command - "" = F:\setup_vmb_lite.exe /checkApplicationPresence 
O33 - MountPoints2\{ff84aa88-dec9-11e0-8161-00266cb0d4d8}\Shell - "" = AutoRun 
O33 - MountPoints2\{ff84aa88-dec9-11e0-8161-00266cb0d4d8}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a 
O33 - MountPoints2\F\Shell - "" = AutoRun 
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\setup_vmb_lite.exe /checkApplicationPresence 
O33 - MountPoints2\I\Shell - "" = AutoRun 
O33 - MountPoints2\I\Shell\AutoRun\command - "" = I:\AutoRun.exe 
[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] 
[2012.08.14 10:48:30 | 004,503,728 | ---- | M] () -- C:\ProgramData\ism_0_llatsni.pad 
[2011.09.14 10:50:41 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\AVG2012 
[2007.10.23 09:27:20 | 000,110,592 | ---- | M] () -- C:\Users\Frank\AppData\Roaming\U3\Temp\cleanup.exe 


:Files

ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
  • Schließe alle Programme.
  • Klicke auf den Fix Button.
  • Wenn OTL einen Neustart verlangt, bitte zulassen.
  • Kopiere den Inhalt des Logfiles hier in Code-Tags in Deinen Thread.
    Nachträglich kannst Du das Logfile hier einsehen => C:\_OTL\MovedFiles\<datum_nummer.log>

Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!
__________________
--> Polizei Trojaner mit Webcamfenster - Aufforderung zur Zahlung von 100€

Alt 27.09.2012, 20:19   #7
t'john
/// Helfer-Team
 
Polizei Trojaner mit Webcamfenster - Aufforderung zur Zahlung von 100€ - Standard

Polizei Trojaner mit Webcamfenster - Aufforderung zur Zahlung von 100€


Fehlende Rückmeldung

Gibt es Probleme beim Abarbeiten obiger Anleitung?

Um Kapazitäten für andere Hilfesuchende freizumachen, lösche ich dieses Thema aus meinen Benachrichtigungen.

Solltest Du weitermachen wollen, schreibe mir eine PN oder eröffne ein neues Thema.
http://www.trojaner-board.de/69886-a...-beachten.html


Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner sauber ist.
__________________
Mfg, t'john
Das TB unterstützen

Antwort

Themen zu Polizei Trojaner mit Webcamfenster - Aufforderung zur Zahlung von 100€
64bit, anhang, aufforderung, betriebssystem, datei, entfernt, gelöscht, heute, lange, laptop, malwarebytes, modus, rechts, scan, schei, schließe, troja, trojaner, version, vorgehen, webcam, windows, windows 7, woche, wochen, zahlung


« Der Computer ist für die Verletzung der Gesetze der Bundesrepublik Deutschland wurde blockiert | Bundespolizei-Trojaner (Matsnu.F) Windows 7 Home Premium 64 bit »


Ähnliche Themen: Polizei Trojaner mit Webcamfenster - Aufforderung zur Zahlung von 100€


  1. WINDOWS 7 - Sperrbildschirm und Aufforderung zur Zahlung per PaySafeCard
    Log-Analyse und Auswertung - 10.11.2014 (1)
  2. Polizei Popup bei Kinox, Zahlung innerhalb 46h, Trojaner?
    Plagegeister aller Art und deren Bekämpfung - 05.06.2014 (11)
  3. Polizei Trojaner, Aufforderung zur Zalung
    Plagegeister aller Art und deren Bekämpfung - 09.03.2013 (15)
  4. PolizeiTrojaner Aufforderung zur Zahlung
    Mülltonne - 09.03.2013 (2)
  5. PolizeiTrojaner Aufforderung zur Zahlung
    Mülltonne - 09.03.2013 (2)
  6. GVU Aufforderung zur Zahlung einer Geldstrafe
    Log-Analyse und Auswertung - 14.07.2012 (1)
  7. Verschlüsselungs-Trojaner eingefangen und Aufforderung zur Zahlung von 50 Euro
    Plagegeister aller Art und deren Bekämpfung - 04.05.2012 (3)
  8. Aufforderung einer Zahlung von 50euro aufgrund des Polizeivirus(Trojaner)
    Log-Analyse und Auswertung - 16.04.2012 (2)
  9. Windowssystem gesperrt - Aufforderung zu einer Zahlung (no. 2)
    Log-Analyse und Auswertung - 22.03.2012 (5)
  10. Anitvir Virus? ; Aufforderung zur Zahlung von 50 €
    Plagegeister aller Art und deren Bekämpfung - 21.03.2012 (16)
  11. Trojaner - Aufforderung zur Zahlung von 100€ - Scananalysen
    Log-Analyse und Auswertung - 20.03.2012 (2)
  12. Rechner gesperrt; Aufforderung zu 50€ Zahlung
    Plagegeister aller Art und deren Bekämpfung - 07.02.2012 (3)
  13. Windows blockiert. Aufforderung zur Zahlung von 50 Euro
    Plagegeister aller Art und deren Bekämpfung - 30.12.2011 (1)
  14. Windows blockiert, Aufforderung zum Download und zur Zahlung
    Log-Analyse und Auswertung - 21.12.2011 (8)
  15. Windows XP system blockiert und aufforderung zu 50€ Zahlung
    Log-Analyse und Auswertung - 20.12.2011 (5)
  16. Windows blockiert und aufforderung zur Zahlung zur freigabe
    Plagegeister aller Art und deren Bekämpfung - 20.12.2011 (6)
  17. Windows Sperrung, Aufforderung zur Zahlung i.H.v. 50 EUR
    Plagegeister aller Art und deren Bekämpfung - 10.12.2011 (19)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Polizei Trojaner mit Webcamfenster - Aufforderung zur Zahlung von 100€ - Hallo, ich habe mir heute auch zum ersten Mal diesen Polizeitojaner eingefangen. Wohl die neuere Version mit der Webcam rechts oben (Betriebssystem: Windows 7, 64bit). Mein bisheriges Vorgehen: Ich habe - Polizei Trojaner mit Webcamfenster - Aufforderung zur Zahlung von 100€...
Archiv
Du betrachtest: Polizei Trojaner mit Webcamfenster - Aufforderung zur Zahlung von 100€ auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19