|
Plagegeister aller Art und deren Bekämpfung: Polizei Virus Österreich, mit Webcam - MBAM - Scan bereits ausgeführtWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
28.08.2012, 22:44 | #1 |
| Polizei Virus Österreich, mit Webcam - MBAM - Scan bereits ausgeführt Hallo, ich wende mich ebenfalls mit der Bitte um Hilfe an Euch! Ich habe mir gestern den Polizei-Virus, mit Webcam-Aktivierung und der Aufforderung 100€ mittels paysafe-card zu bezahlen, eingefangen. Heute habe ich mich hier im Forum schon ein wenig umgesehen, und da eigentlich immer der Scan mittels Malwarebytes Anti-Malware vorgeschlagen wurde und danach der Systemscan mit OTL von Oldtimer, habe ich nach einer Systemwiederherstellung diese zwei Punkte bereits durchgeführt... Falls ich manche Sachen vielleicht nicht richtig poste, oder bei ganz logischen Sachen noch einmal nachfrage, dann seid mir bitte nicht böse - aber ich bin eigentlich nicht sehr bewandt was Computer betrifft.... Hier die Log-Datei von MBAM: Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.62.0.1300 www.malwarebytes.org Datenbank Version: v2012.08.28.04 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 9.0.8112.16421 Steffi2 :: STEFFI2-VAIO [Administrator] Schutz: Aktiviert 28.08.2012 14:22:32 mbam-log-2012-08-28 (14-22-32).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|Q:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 274230 Laufzeit: 2 Stunde(n), 18 Minute(n), 50 Sekunde(n) Infizierte Speicherprozesse: 1 C:\Program Files\Savings Sidekick\Savings Sidekick-bg.exe (Adware.GamePlayLabs) -> 2864 -> Löschen bei Neustart. Infizierte Speichermodule: 1 C:\Program Files\Savings Sidekick\Savings Sidekick.dll (Adware.GamePlayLabs) -> Löschen bei Neustart. Infizierte Registrierungsschlüssel: 22 HKCR\CLSID\{11111111-1111-1111-1111-110011501160} (Adware.GamePlayLabs) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\TypeLib\{44444444-4444-4444-4444-440044504460} (Adware.GamePlayLabs) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\Interface\{55555555-5555-5555-5555-550055505560} (Adware.GamePlayLabs) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\CrossriderApp0005060.BHO.1 (Adware.GamePlayLabs) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110011501160} (Adware.GamePlayLabs) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110011501160} (Adware.GamePlayLabs) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110011501160} (Adware.GamePlayLabs) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011501160} (Adware.GamePlayLabs) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Savings Sidekick (Adware.GamePlayLabs) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\CrossriderApp0005060.BHO (PUP.CrossFire.Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\CrossriderApp0005060.BHO.1 (PUP.CrossFire.Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\CrossriderApp0005060.Sandbox (PUP.CrossFire.Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\CrossriderApp0005060.Sandbox.1 (PUP.CrossFire.Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\Software\Cr_Installer\5060 (Adware.GamePlayLab) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\215 APPS (PUP.CrossFire.SA) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110011501160} (PUP.GamePlayLab) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\CLSID\{11111111-1111-1111-1111-110011501160} (PUP.GamePlayLab) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\TypeLib\{44444444-4444-4444-4444-440044504460} (PUP.GamePlayLab) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\Interface\{55555555-5555-5555-5555-550055505560} (PUP.GamePlayLab) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110011501160} (PUP.GamePlayLab) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110011501160} (PUP.GamePlayLab) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011501160} (PUP.GamePlayLab) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Registrierungswerte: 1 HKCU\Software\InstalledBrowserExtensions\215 Apps|5060 (PUP.CrossFire.SA) -> Daten: Savings Sidekick -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 11 C:\Program Files\Savings Sidekick\Savings Sidekick.dll (Adware.GamePlayLabs) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files\Savings Sidekick\Savings Sidekick-bg.exe (Adware.GamePlayLabs) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files\Savings Sidekick\Savings Sidekick.exe (Adware.GamePlayLabs) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files\Savings Sidekick\Uninstall.exe (Adware.GamePlayLabs) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files\Uninstall Information\ib_uninst_342\uninstall.exe (PUP.BundleInstaller.IB) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files\Uninstall Information\ib_uninst_383\uninstall.exe (PUP.BundleInstaller.IB) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files\Uninstall Information\ib_uninst_514\uninstall.exe (PUP.BundleInstaller.IB) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files\Uninstall Information\ib_uninst_569\uninstall.exe (PUP.BundleInstaller.IB) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Steffi2\AppData\Local\Temp\softonic_ssk_conduit.exe (PUP.BundleInstaller.IB) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Steffi2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk (Trojan.Ransom.Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files\Savings Sidekick\Savings Sidekick.dll (PUP.GamePlayLab) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Und dann noch die OTL Log-Dateien: OTL.Txt: Code:
ATTFilter OTL logfile created on: 28.08.2012 23:23:15 - Run 1 OTL by OldTimer - Version 3.2.59.1 Folder = C:\Users\Steffi2\Desktop Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy 3,50 Gb Total Physical Memory | 2,24 Gb Available Physical Memory | 64,07% Memory free 6,99 Gb Paging File | 5,38 Gb Available in Paging File | 77,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 453,50 Gb Total Space | 417,55 Gb Free Space | 92,07% Space Free | Partition Type: NTFS Computer Name: STEFFI2-VAIO | User Name: Steffi2 | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Steffi2\Desktop\OTL.exe (OldTimer Tools) PRC - C:\ProgramData\PC Performer Manager\2.2.580.182\{16cdff19-861d-48e3-a751-d99a27784753}\pcpmngr.exe () PRC - C:\Windows\System32\Macromed\Flash\FlashUtil32_11_3_300_271_ActiveX.exe (Adobe Systems Incorporated) PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) PRC - C:\Programme\Internet Explorer\iexplore.exe (Microsoft Corporation) PRC - C:\Programme\Microsoft Security Client\msseces.exe (Microsoft Corporation) PRC - c:\Programme\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation) PRC - C:\Programme\Sony\VAIO Update 5\VAIOUpdt.exe (Sony Corporation) PRC - C:\Programme\Sony\VAIO Update Common\VUAgent.exe (Sony Corporation) PRC - C:\Programme\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE (Microsoft Corporation) PRC - C:\Programme\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation) PRC - C:\Programme\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) PRC - C:\Programme\Sony\VAIO Smart Network\VSNClient.exe (Sony Corporation) PRC - C:\Programme\Sony\VAIO Smart Network\VSNService.exe (Sony Corporation) PRC - C:\Windows\System32\atieclxx.exe (AMD) PRC - C:\Windows\System32\atiesrxx.exe (AMD) PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Advanced Micro Devices, Inc.) PRC - C:\Programme\Sony\VAIO Event Service\VESMgrSub.exe (Sony Corporation) PRC - C:\Programme\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation) PRC - C:\Programme\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation) PRC - C:\Programme\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe (ArcSoft, Inc.) PRC - C:\Programme\Sony\ISB Utility\ISBMgr.exe (Sony Corporation) PRC - C:\Programme\Sony\VAIO Care\VCPerfService.exe (Sony Corporation) PRC - C:\Programme\Sony\VAIO Care\listener.exe (Sony of America Corporation) PRC - C:\Programme\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation) PRC - C:\Programme\Sony\PMB\PMBDeviceInfoProvider.exe (Sony Corporation) PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation) PRC - C:\Windows\System32\schtasks.exe (Microsoft Corporation) PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corp.) PRC - C:\Programme\WIDCOMM\Bluetooth Software\BTStackServer.exe (Broadcom Corporation.) PRC - C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.) PRC - C:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.) ========== Modules (No Company Name) ========== MOD - C:\ProgramData\PC Performer Manager\2.2.580.182\{16cdff19-861d-48e3-a751-d99a27784753}\pcpmngr.exe () MOD - c:\ProgramData\PC Performer Manager\2.2.580.182\{16cdff19-861d-48e3-a751-d99a27784753}\pcpmngr.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\f2f8201dd3453250dfd9ed1afce630a0\WindowsFormsIntegration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\a501b7960f6c6e2e39162b83f3303aaa\System.Web.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\e717a230496832656b05b515eb9f3bc5\PresentationFramework.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\14a87218ea49639f38097e278b98a3da\PresentationCore.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\dfd33f59a5803a3c73cf408362e6e0b7\System.Core.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\107779ca2708d2b31b2e1560e47f6d15\System.ServiceModel.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\8e56489276063ededde74e597a121df3\PresentationFramework.Aero.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll () MOD - C:\Windows\assembly\GAC_MSIL\PresentationFramework.resources\3.0.0.0_de_31bf3856ad364e35\PresentationFramework.resources.dll () MOD - C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll () MOD - C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll () MOD - C:\Programme\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll () MOD - C:\Programme\ATI Technologies\ATI.ACE\Branding\Branding.dll () MOD - C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll () MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll () ========== Services (SafeList) ========== SRV - (PC Performer Manager) -- C:\ProgramData\PC Performer Manager\2.2.580.182\{16cdff19-861d-48e3-a751-d99a27784753}\pcpmngr.exe () SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (MBAMService) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (NisSrv) -- c:\Programme\Microsoft Security Client\NisSrv.exe (Microsoft Corporation) SRV - (MsMpSvc) -- c:\Programme\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation) SRV - (VUAgent) -- C:\Programme\Sony\VAIO Update Common\VUAgent.exe (Sony Corporation) SRV - (cvhsvc) -- C:\Programme\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE (Microsoft Corporation) SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation) SRV - (sftvsa) -- C:\Programme\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation) SRV - (sftlist) -- C:\Programme\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) SRV - (VSNService) -- C:\Programme\Sony\VAIO Smart Network\VSNService.exe (Sony Corporation) SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD) SRV - (AMD FUEL Service) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Advanced Micro Devices, Inc.) SRV - (VcmIAlzMgr) -- C:\Programme\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe (Sony Corporation) SRV - (VAIO Event Service) -- C:\Programme\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation) SRV - (BBSvc) -- C:\Programme\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.) SRV - (SeaPort) -- C:\Programme\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation) SRV - (uCamMonitor) -- C:\Programme\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe (ArcSoft, Inc.) SRV - (SOHCImp) -- C:\Programme\Common Files\Sony Shared\SOHLib\SOHCImp.exe (Sony Corporation) SRV - (SOHDs) -- C:\Programme\Common Files\Sony Shared\SOHLib\SOHDs.exe (Sony Corporation) SRV - (VcmXmlIfHelper) -- C:\Programme\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe (Sony Corporation) SRV - (VcmINSMgr) -- C:\Programme\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe (Sony Corporation) SRV - (VCService) -- C:\Programme\Sony\VAIO Care\VCService.exe (Sony Corporation) SRV - (SampleCollector) -- C:\Program Files\Sony\VAIO Care\VCPerfService.exe (Sony Corporation) SRV - (SpfService) -- C:\Programme\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService.exe (Sony Corporation) SRV - (VCFw) -- C:\Programme\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe (Sony Corporation) SRV - (PMBDeviceInfoProvider) -- C:\Programme\Sony\PMB\PMBDeviceInfoProvider.exe (Sony Corporation) SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) SRV - (wlcrasvc) -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation) SRV - (wlidsvc) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) SRV - (btwdins) -- C:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.) SRV - (ACDaemon) -- C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.) SRV - (osppsvc) -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation) SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation) SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation) DRV - (NisDrv) -- C:\Windows\System32\drivers\NisDrvWFP.sys (Microsoft Corporation) DRV - (Sftvol) -- C:\Windows\System32\drivers\Sftvollh.sys (Microsoft Corporation) DRV - (Sftredir) -- C:\Windows\System32\drivers\Sftredirlh.sys (Microsoft Corporation) DRV - (Sftplay) -- C:\Windows\System32\drivers\Sftplaylh.sys (Microsoft Corporation) DRV - (Sftfs) -- C:\Windows\System32\drivers\Sftfslh.sys (Microsoft Corporation) DRV - (AtiHDAudioService) -- C:\Windows\System32\drivers\AtihdW73.sys (Advanced Micro Devices) DRV - (amdkmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.) DRV - (amdkmdap) -- C:\Windows\System32\drivers\atikmpag.sys (Advanced Micro Devices, Inc.) DRV - (RSUSBSTOR) -- C:\Windows\System32\drivers\RtsUStor.sys (Realtek Semiconductor Corp.) DRV - (amd_xata) -- C:\Windows\System32\drivers\amd_xata.sys (Advanced Micro Devices) DRV - (amd_sata) -- C:\Windows\System32\drivers\amd_sata.sys (Advanced Micro Devices) DRV - (usbfilter) -- C:\Windows\System32\drivers\usbfilter.sys (Advanced Micro Devices) DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV - (TsUsbGD) -- C:\Windows\System32\drivers\TsUsbGD.sys (Microsoft Corporation) DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.) DRV - (L1C) -- C:\Windows\System32\drivers\L1C62x86.sys (Atheros Communications, Inc.) DRV - (SFEP) -- C:\Windows\System32\drivers\SFEP.sys (Sony Corporation) DRV - (amdiox86) -- C:\Windows\System32\drivers\amdiox86.sys (Advanced Micro Devices) DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.) DRV - (hwusbdev) -- C:\Windows\System32\drivers\ewusbdev.sys (Huawei Technologies Co., Ltd.) DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation) DRV - (e1yexpress) -- C:\Windows\System32\drivers\e1y6032.sys (Intel Corporation) DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (ArcSoftKsUFilter) -- C:\Windows\System32\drivers\ArcSoftKsUFilter.sys (ArcSoft, Inc.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\URLSearchHook: {0cc09160-108c-4759-bab1-5c12c216e005} - C:\Programme\appbario8\prxtbappb.dll (Conduit Ltd.) IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=SNYEDF&pc=MASE&src=IE-SearchBox IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> IE - HKU\S-1-5-21-2221601324-2731082479-1097585904-1001\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page = hxxp://www.google.at/ IE - HKU\S-1-5-21-2221601324-2731082479-1097585904-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://vaioportal.sony.eu IE - HKU\S-1-5-21-2221601324-2731082479-1097585904-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://sony.msn.com [binary data] IE - HKU\S-1-5-21-2221601324-2731082479-1097585904-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.at/ IE - HKU\S-1-5-21-2221601324-2731082479-1097585904-1001\..\URLSearchHook: {0cc09160-108c-4759-bab1-5c12c216e005} - C:\Programme\appbario8\prxtbappb.dll (Conduit Ltd.) IE - HKU\S-1-5-21-2221601324-2731082479-1097585904-1001\..\SearchScopes,bProtectorDefaultScope = {7A382638-CD04-49D3-93A6-28B3CFEF3EEA} IE - HKU\S-1-5-21-2221601324-2731082479-1097585904-1001\..\SearchScopes,DefaultScope = {7A382638-CD04-49D3-93A6-28B3CFEF3EEA} IE - HKU\S-1-5-21-2221601324-2731082479-1097585904-1001\..\SearchScopes\{7A382638-CD04-49D3-93A6-28B3CFEF3EEA}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3227980 IE - HKU\S-1-5-21-2221601324-2731082479-1097585904-1001\..\SearchScopes\{B387E638-5DCA-44AB-80C2-ABFFD14BEB3C}: "URL" = hxxp://rover.ebay.com/rover/1/5221-29898-16445-29/4?mpre=hxxp://shop.ebay.at/?oemInLn=ieSrch-Q311&_nkw={searchTerms} IE - HKU\S-1-5-21-2221601324-2731082479-1097585904-1001\..\SearchScopes\{FC6B614B-F8C0-4478-9D9D-37D71C3C8C48}: "URL" = hxxp://services.zinio.com/search?s={searchTerms}&rf=sonyslices IE - HKU\S-1-5-21-2221601324-2731082479-1097585904-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2221601324-2731082479-1097585904-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_271.dll () FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}: C:\Program Files\PriceGong\2.6.4\FF [2012.08.19 15:24:46 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{b64982b1-d112-42b5-b1e4-d3867c4533f8}: C:\ProgramData\PC Performer Manager\2.2.580.182\{16cdff19-861d-48e3-a751-d99a27784753}\FirefoxExtension [2012.08.19 15:25:20 | 000,000,000 | ---D | M] O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (appbario8 Toolbar) - {0cc09160-108c-4759-bab1-5c12c216e005} - C:\Programme\appbario8\prxtbappb.dll (Conduit Ltd.) O2 - BHO: (Shopping Assistant Plugin) - {1631550F-191D-4826-B069-D9439253D926} - C:\Programme\PriceGong\2.6.4\PriceGongIE.dll (PriceGong) O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll File not found O2 - BHO: (SpecialSavings) - {74F475FA-6C75-43BD-AAB9-ECDA6184F600} - C:\Programme\SpecialSavings\SpecialSavingsSinged.dll (SpecialSavings) O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O3 - HKLM\..\Toolbar: (no name) - {D0F4A166-B8D4-48b8-9D63-80849FE137CB} - No CLSID value found. O3 - HKU\S-1-5-21-2221601324-2731082479-1097585904-1001\..\Toolbar\WebBrowser: (appbario8 Toolbar) - {0CC09160-108C-4759-BAB1-5C12C216E005} - C:\Programme\appbario8\prxtbappb.dll (Conduit Ltd.) O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe (Sony Corporation) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4 - HKLM..\Run: [PMBVolumeWatcher] C:\Programme\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation) O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O9 - Extra Button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: SpecialSavings - {A69A551A-1AAE-4B67-8C2E-52F8B8A19504} - C:\Programme\SpecialSavings\SpecialSavingsSinged.dll (SpecialSavings) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0FC06950-436D-4283-B86F-0A91960F7672}: DhcpNameServer = 10.0.0.138 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{12BEFC47-8320-4F3C-8A52-73E0CDE689DE}: DhcpNameServer = 192.52.112.29 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Programme\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation) O20 - AppInit_DLLs: (c:\progra~2\pcperf~1\22580~1.182\{16cdf~1\pcpmngr.dll) - c:\ProgramData\PC Performer Manager\2.2.580.182\{16cdff19-861d-48e3-a751-d99a27784753}\pcpmngr.dll () O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{4bd8af84-427b-11e1-8669-60d819f0cf4b}\Shell - "" = AutoRun O33 - MountPoints2\{4bd8af84-427b-11e1-8669-60d819f0cf4b}\Shell\AutoRun\command - "" = D:\AutoRun.exe O33 - MountPoints2\{4bd8af95-427b-11e1-8669-60d819f0cf4b}\Shell - "" = AutoRun O33 - MountPoints2\{4bd8af95-427b-11e1-8669-60d819f0cf4b}\Shell\AutoRun\command - "" = D:\AutoRun.exe O33 - MountPoints2\{b869acd1-75f5-11e1-9354-60d819f0cf4b}\Shell - "" = AutoRun O33 - MountPoints2\{b869acd1-75f5-11e1-9354-60d819f0cf4b}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.08.28 23:21:18 | 000,598,528 | ---- | C] (OldTimer Tools) -- C:\Users\Steffi2\Desktop\OTL.exe [2012.08.28 14:20:22 | 000,000,000 | ---D | C] -- C:\Users\Steffi2\AppData\Roaming\Malwarebytes [2012.08.28 14:20:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.08.28 14:19:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.08.28 14:19:44 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012.08.28 14:19:43 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012.08.28 14:16:52 | 010,652,120 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Steffi2\Desktop\mbam-setup-1.62.0.1300.exe [2012.08.19 15:27:02 | 000,000,000 | ---D | C] -- C:\ProgramData\IBUpdaterService [2012.08.19 15:26:45 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit [2012.08.19 15:26:24 | 000,000,000 | ---D | C] -- C:\Users\Steffi2\AppData\Local\Conduit [2012.08.19 15:26:22 | 000,000,000 | ---D | C] -- C:\Program Files\appbario8 [2012.08.19 15:25:23 | 000,000,000 | ---D | C] -- C:\Users\Steffi2\Start Menu [2012.08.19 15:25:23 | 000,000,000 | ---D | C] -- C:\Windows\System32\searchplugins [2012.08.19 15:25:23 | 000,000,000 | ---D | C] -- C:\Windows\System32\Extensions [2012.08.19 15:25:16 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Performer Manager [2012.08.19 15:24:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PriceGong [2012.08.19 15:24:45 | 000,000,000 | ---D | C] -- C:\Program Files\PriceGong [2012.08.19 15:24:10 | 000,000,000 | ---D | C] -- C:\Users\Steffi2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpecialSavings [2012.08.19 15:24:10 | 000,000,000 | ---D | C] -- C:\Users\Steffi2\AppData\Local\Google [2012.08.19 15:24:08 | 000,000,000 | ---D | C] -- C:\Program Files\SpecialSavings [2012.08.19 15:24:08 | 000,000,000 | ---D | C] -- C:\Users\Steffi2\AppData\Local\Savings Sidekick [2012.08.19 15:24:00 | 000,000,000 | ---D | C] -- C:\Program Files\Savings Sidekick [2012.08.19 15:23:00 | 000,000,000 | ---D | C] -- C:\Users\Steffi2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft ICE [2012.08.19 15:22:58 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Research [2012.08.19 12:31:32 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2012.08.19 12:31:29 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2012.08.19 12:31:28 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2012.08.19 12:31:27 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2012.08.19 12:31:26 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2012.08.19 12:31:25 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2012.08.19 12:31:21 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2012.08.19 10:28:08 | 000,400,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\srcore.dll [2012.08.19 10:28:03 | 002,345,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2012.08.19 10:27:49 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\browcli.dll [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.08.28 23:25:51 | 000,020,608 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.08.28 23:25:51 | 000,020,608 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.08.28 23:22:41 | 000,699,450 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.08.28 23:22:41 | 000,654,728 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.08.28 23:22:41 | 000,149,356 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.08.28 23:22:41 | 000,122,302 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.08.28 23:21:18 | 000,598,528 | ---- | M] (OldTimer Tools) -- C:\Users\Steffi2\Desktop\OTL.exe [2012.08.28 23:18:06 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.08.28 23:18:00 | 2814,562,304 | -HS- | M] () -- C:\hiberfil.sys [2012.08.28 22:46:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.08.28 14:20:08 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.08.28 14:17:13 | 010,652,120 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Steffi2\Desktop\mbam-setup-1.62.0.1300.exe [2012.08.27 19:47:46 | 004,503,728 | ---- | M] () -- C:\ProgramData\ism_0_llatsni.pad [2012.08.19 15:26:51 | 000,000,009 | ---- | M] () -- C:\END [2012.08.19 15:20:57 | 002,270,208 | ---- | M] () -- C:\Users\Steffi2\Desktop\ICE-1.4.4-for-32-bit-Windows.msi [2012.08.19 14:19:57 | 000,290,616 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012.08.19 11:46:34 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe [2012.08.19 11:46:33 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2012.08.19 10:18:03 | 000,001,754 | ---- | M] () -- C:\Users\Public\Desktop\Browserwahl.lnk [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.08.28 14:20:08 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.08.27 19:44:17 | 004,503,728 | ---- | C] () -- C:\ProgramData\ism_0_llatsni.pad [2012.08.19 15:26:51 | 000,000,009 | ---- | C] () -- C:\END [2012.08.19 15:20:46 | 002,270,208 | ---- | C] () -- C:\Users\Steffi2\Desktop\ICE-1.4.4-for-32-bit-Windows.msi [2012.08.19 10:18:03 | 000,001,754 | ---- | C] () -- C:\Users\Public\Desktop\Browserwahl.lnk [2012.03.22 12:20:58 | 000,287,364 | ---- | C] () -- C:\Windows\System32\s000000.dat [2011.10.12 01:00:35 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2011.10.12 01:00:34 | 000,699,450 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2011.10.12 01:00:34 | 000,149,356 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2011.10.12 01:00:34 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2011.10.11 15:29:02 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2011.07.04 09:44:44 | 000,233,765 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat [2011.07.04 09:44:44 | 000,003,929 | ---- | C] () -- C:\Windows\System32\atipblag.dat [2011.05.24 23:44:26 | 000,059,904 | ---- | C] () -- C:\Windows\System32\OVDecode.dll ========== LOP Check ========== [2012.08.28 23:16:55 | 000,000,000 | ---D | M] -- C:\Users\Steffi2\AppData\Roaming\SoftGrid Client [2011.12.24 23:59:49 | 000,000,000 | ---D | M] -- C:\Users\Steffi2\AppData\Roaming\TP [2012.06.16 13:33:20 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > Code:
ATTFilter OTL Extras logfile created on: 28.08.2012 23:23:15 - Run 1 OTL by OldTimer - Version 3.2.59.1 Folder = C:\Users\Steffi2\Desktop Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy 3,50 Gb Total Physical Memory | 2,24 Gb Available Physical Memory | 64,07% Memory free 6,99 Gb Paging File | 5,38 Gb Available in Paging File | 77,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 453,50 Gb Total Space | 417,55 Gb Free Space | 92,07% Space Free | Partition Type: NTFS Computer Name: STEFFI2-VAIO | User Name: Steffi2 | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = Reg Error: Unknown registry data type -- File not found "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0C4BB492-2B56-4F17-B224-0BB809106A7E}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{2793665F-ACF3-4F33-B224-D1ED42976515}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{2B8B35E3-5B06-4E2E-BF8D-08CE2863B3D5}" = rport=138 | protocol=17 | dir=out | app=system | "{3DE90089-0054-4E1B-B747-22DF002A6562}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework\v4.0.30319\smsvchost.exe | "{5229E0D4-B643-4DBF-9B04-1C4239DD5101}" = lport=139 | protocol=6 | dir=in | app=system | "{61C38703-14E1-4758-9109-B144EDF3CF1E}" = lport=137 | protocol=17 | dir=in | app=system | "{719DAB6C-8DF5-4CD7-9434-9141A59B1023}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{7B0DFBC3-8101-46A2-8ECA-C8AB9641B947}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{9F641856-E508-44EA-B606-B3A59D637A70}" = rport=139 | protocol=6 | dir=out | app=system | "{A0612C54-9E18-456B-AD26-FF54391B77B9}" = rport=445 | protocol=6 | dir=out | app=system | "{ABF66F6B-3B04-404E-ACD3-1F0BC9528C7B}" = rport=137 | protocol=17 | dir=out | app=system | "{B9D2E821-C470-439B-9641-6E329712EACA}" = lport=445 | protocol=6 | dir=in | app=system | "{CDFD7279-DC88-4B5E-B3D9-3C701A831511}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{D2387770-CB11-4129-951F-2935572A1820}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | "{F6F1638F-2983-4FF9-9ECE-6399CA4845AF}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{FC63977F-9A35-43F1-AD16-01235138FD57}" = lport=138 | protocol=17 | dir=in | app=system | "{FFF6CE22-9451-4C61-A35E-0D54C8333FAD}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{073EABCD-7E9E-4D1C-BCAE-7FDA978C0402}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{2F014C7F-2AEC-4D26-A507-46F820C491B4}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{5852A249-4E12-420F-AD85-A4EC6ACC58C3}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{5D015602-D473-4814-A0B2-D9FD8F9B6EC3}" = dir=in | app=c:\program files\windows live\mesh\moe.exe | "{5D2DF3B4-846D-48A5-9A72-E81502C426CE}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{5D9D7313-809B-4BE2-A898-05463D72AF55}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{7372680F-D355-4876-81BF-72946F18718E}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | "{8A129D52-35DD-46B3-B82C-6E6111ED7F88}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | "{B52D9239-4906-49C5-AB4C-F887C97E335D}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | "{C6CE6841-9163-4B43-BA6D-886ACA1CDC28}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{00884F14-05BD-4D8E-90E5-1ABF78948CA4}" = Windows Live Mesh "{00B03993-F5A1-47B1-9C54-EC8FBDDDE17E}" = VAIO Care "{0125DB4D-98A0-4DBF-B68A-23BF08FFA6A3}" = Windows Live Messenger "{02602409-9189-4567-BC07-562605243B69}" = Windows Live Remote Client Resources "{039480EE-6933-4845-88B8-77FD0C3D059D}" = Windows Live Mesh "{046885A1-B4AE-4459-A0D1-8C93706698D6}" = "{05E379CC-F626-4E7D-8354-463865B303BF}" = Windows Live UX Platform Language Pack "{063CF438-A265-D88D-FA96-02F13D642018}" = CCC Help Japanese "{0654EA5D-308A-4196-882B-5C09744A5D81}" = Windows Live Photo Common "{07441A52-E208-478A-92B7-5C337CA8C131}" = VAIO - Remote Play mit PlayStation®3 "{0891B708-EF3F-4D7E-9724-265245F46276}" = Windows Live Remote Service Resources "{0899D75A-C2FC-42EA-A702-5B9A5F24EAD5}" = VAIO Smart Network "{08D7BC86-7358-464C-8AD0-0D84B5F0A0C9}" = Remote Keyboard "{09922FFE-D153-44AE-8B60-EA3CB8088F93}" = Windows Live UX Platform Language Pack "{09B7C7EB-3140-4B5E-842F-9C79A7137139}" = Windows Live Mesh ActiveX-kontroll for eksterne tilkoblinger "{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended "{0A9256E0-C924-46DE-921B-F6C4548A1C64}" = Windows Live Messenger "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer "{0C1931EB-8339-4837-8BEC-75029BF42734}" = Windows Live UX Platform Language Pack "{0C975FCC-A06E-4CB6-8F54-A9B52CF37781}" = Windows Liven sähköposti "{0C99EF4B-8242-55C8-6BC6-66DB82C0E99D}" = Catalyst Control Center Localization All "{0EC0B576-90F9-43C3-8FAD-A4902DF4B8F4}" = Galeria de Fotografias do Windows Live "{0F842B77-56EA-4AAF-8295-81A022350B5E}" = Microsoft Security Client "{10186F1A-6A14-43DF-A404-F0105D09BB07}" = Windows Live Mail "{110668B7-54C6-47C9-BAC4-1CE77F156AF5}" = Windows Live Mesh "{11417707-1F72-4279-95A3-01E0B898BBF5}" = Windows Live Mesh "{11778DA1-0495-4ED9-972F-F9E0B0367CD5}" = Windows Live Writer "{1203DC60-D9BD-44F9-B372-2B8F227E6094}" = Windows Live Temel Parçalar "{1280E900-35DA-4E08-A700-B79A5B2B8532}" = Microsoft Antimalware Service DE-DE Language Pack "{133D9D67-D475-4407-AC3C-D558087B2453}" = Windows Live Movie Maker "{14B441B7-774D-4170-98EA-A13667AE6218}" = Windows Live Writer Resources "{14C9BA5B-09ED-2367-6D15-1847F8564A0A}" = CCC Help French "{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693}" = PC Performer Manager "{1651B6EC-C0CF-E4E6-2ED6-1D38CB60B7DF}" = CCC Help Italian "{168E7302-890A-4138-9109-A225ACAF7AD1}" = Windows Live Photo Common "{17504ED4-DB08-40A8-81C2-27D8C01581DA}" = Windows Live Remote Service Resources "{17835B63-8308-427F-8CF5-D76E0D5FE457}" = Windows Live Essentials "{17E76DF8-5D02-4C73-B03D-156AD18D3295}" = VAIO Improvement Validation "{17F99FCE-8F03-4439-860A-25C5A5434E18}" = Windows Live Essentials "{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser "{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 "{198EA334-8A3F-4CB2-9D61-6C10B8168A6F}" = Windows Live Writer "{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client "{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker "{1A72337E-D126-4BAF-AC89-E6122DB71866}" = Windows Liven valokuvavalikoima "{1B0545C4-620F-4661-A369-C4D113F24932}" = Windows Live Writer Resources "{1D69D439-D60C-1247-C2A0-B2265AF7B907}" = CCC Help Portuguese "{1DA6D447-C54D-4833-84D4-3EA31CAECE9B}" = Windows Live UX Platform Language Pack "{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources "{1E03DB52-D5CB-4338-A338-E526DD4D4DB1}" = Bing Bar "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update "{1FC83EAE-74C8-4C72-8400-2D8E40A017DE}" = Windows Live Writer "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions "{201B5096-AF6E-423E-B987-023E040D9B42}" = Windows Live Remote Service Resources "{220C7F8C-929D-4F71-9DC7-F7A6823B38E4}" = Windows Live UX Platform Language Pack "{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service "{2303F9E7-6293-4A85-BC21-CA226FAD5CE4}" = Windows Live Mail "{241E7104-937A-4366-AD57-8FDDDB003939}" = Uzak Bağlantılar İçin Windows Live Mesh ActiveX Denetimi "{244C5A67-39DC-4C6C-BF1B-BCC9D342A4C4}" = Windows Live Remote Client Resources "{24DF33E0-F924-4D0D-9B96-11F28F0D602D}" = Windows Live UX Platform Language Pack "{25A381E1-0AB9-4E7A-ACCE-BA49D519CF4E}" = Windows Live Mail "{25CD4B12-8CC5-433E-B723-C9CB41FA8C5A}" = Windows Live Writer "{260E3D78-94E6-47EC-8E29-46301572BB1E}" = Control ActiveX Windows Live Mesh pentru conexiuni la distanță "{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 22 "{26E3C07C-7FF7-4362-9E99-9E49E383CF16}" = Windows Live Writer Resources "{270380EB-8812-42E1-8289-53700DB840D2}" = PMB VAIO Edition Plug-in "{28B9D2D8-4304-483F-AD71-51890A063A74}" = Windows Live Photo Common "{28E541B1-915C-A21A-68B4-46C76A723B49}" = AMD Fuel "{28EE1E92-273D-20FE-211A-5A4D173F7E0E}" = CCC Help Hungarian "{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections "{2A07C35B-8384-4DA4-9A95-442B6C89A073}" = Windows Live Essentials "{2AD2DD70-27F7-4343-BB4E-DE50A32D854B}" = Windows Live Messenger "{2B3EA5DA-D040-48FB-813F-1CF8C0123698}" = Windows Live Remote Client Resources "{2BA5FD10-653F-4CAF-9CCD-F685082A1DC1}" = Windows Live Writer "{2C7E8AA1-9C03-4606-BF34-5D99D07964DA}" = Windows Live Messenger "{2C8FBAB0-4564-47B8-AC4B-9C7401B94BF2}" = Основи Windows Live "{2CC3F1D0-B4FD-DD06-2BF0-9268AF7D9604}" = AMD VISION Engine Control Center "{2D3E034E-F76B-410A-A169-55755D2637BB}" = Windows Live Mesh "{2E50E321-4747-4EB5-9ECB-BBC6C3AC0F31}" = Windows Live Writer Resources "{303143DD-1F6D-4BC5-9342-FFC2E19B2DBD}" = Windows Live Messenger "{3125D9DE-8D7A-4987-95F3-8A42389833D8}" = Windows Live Writer Resources "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery "{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live "{34C4F5AF-D757-4E6A-ABCA-65AB5A50A1A8}" = Windows Live Messenger "{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery "{36C5BBF0-E5BF-4DE1-B684-7E90B0C93FB5}" = VAIO Care "{370F888E-42A7-4911-9E34-7D74632E17EB}" = Windows Live Photo Common "{376D59B1-42D9-4FA2-B6CC-E346B6BE14F5}" = ActiveX-kontroll för fjärranslutningar för Windows Live Mesh "{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack "{39889CAB-DE03-B341-CAC0-A6191D3962E1}" = CCC Help Chinese Standard "{39BDD209-5704-480C-9F4A-B69D0370DDBB}" = Windows Live Messenger "{39F95B0B-A0B7-4FA7-BB6C-197DA2546468}" = Windows Live Mesh "{3A26D9BD-0F73-432D-B522-2BA18138F7EF}" = VAIO Improvement "{3A65A74A-5B6E-451A-92D8-50F1182BBE9A}" = Windows Live Remote Service Resources "{3A94F54D-A8A4-4B82-B346-92B4D56A2708}" = VESx86 "{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer "{3BC3B1A5-30E3-4DDB-BE08-E7262B838B5F}" = Windows Live Remote Client Resources "{3BFB2388-64EE-4AAA-9235-5FE725FED6DE}" = Windows Live Remote Service Resources "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{3D0C22FA-96D7-4789-BC5B-991A5A99BFFA}" = Windows Live Messenger "{3D599ADA-65D9-4B51-898F-CE718DEC5DBB}" = Microsoft Image Composite Editor "{3F4143A1-9C21-4011-8679-3BC1014C6886}" = Windows Live Mesh "{40BFD84C-64CD-42CC-9909-8734C50429C6}" = Windows Live UX Platform Language Pack "{41E4FA4B-9376-4C32-AA46-65FCC0087CD5}" = Windows Live Remote Service Resources "{4264C020-850B-4F08-ACBE-98205D9C336C}" = Windows Live Writer "{429DF1A0-3610-4E9E-8ACE-3C8AC1BA8FCA}" = Windows Live Photo Gallery "{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}" = WIDCOMM Bluetooth Software "{437454B4-E8F4-6435-1B98-B23B5402B3D8}" = CCC Help German "{443545C3-E73D-F98A-7682-0804B59ADE53}" = CCC Help Dutch "{4444F27C-B1A8-464E-9486-4C37BAB39A09}" = Фотогалерия на Windows Live "{454F5782-A4C3-480E-A629-D435795DEFD8}" = Windows Live Remote Client Resources "{458F399F-62AC-4747-99F5-499BBF073D29}" = Windows Live Writer Resources "{45CE286B-D094-69F2-FA5D-6A2614C3A5BD}" = CCC Help Swedish "{464B3406-A4D0-4914-910F-7CA4380DCC13}" = Windows Live Remote Client Resources "{46872828-6453-4138-BE1C-CE35FBF67978}" = Windows Live Mesh "{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR "{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live "{49D43C8F-D7A3-78EC-AC96-70076927DE7A}" = CCC Help Norwegian "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4A04DB63-8F81-4EF4-9D09-61A2057EF419}" = Windows Live Essentials "{4AB15610-70BC-195D-EE43-67521381D7F5}" = CCC Help Finnish "{4B1EDAFC-B0EB-465F-886C-24FAC1BED2AC}" = Windows Live Remote Client Resources "{4B28D47A-5FF0-45F8-8745-11DC2A1C9D0F}" = Windows Live Writer "{4C378B16-46B7-4DA1-A2CE-2EE676F74680}" = Windows Live UX Platform Language Pack "{4CB33CC4-E13B-FB12-5254-AAC82D4A2236}" = CCC Help Chinese Traditional "{4CF6F287-5121-483C-A5A2-07BDE19D8B4E}" = Windows Live Meshin etäyhteyksien ActiveX-komponentti "{4E1FC19F-0460-D618-9EF0-878291B562D2}" = Catalyst Control Center Profiles Mobile "{5008BC55-FD3D-4A32-A1B7-610E18F4D220}" = Windows Live Remote Service Resources "{50300123-F8FC-4B50-B449-E847D04F1BA2}" = Windows Live Messenger "{506FC723-8E6C-4417-9CFF-351F99130425}" = Windows Live UX Platform Language Pack "{50779A29-834E-4E36-BBEB-B7CABC67A825}" = Microsoft Security Client DE-DE Language Pack "{523DF2BB-3A85-4047-9898-29DC8AEB7E69}" = Windows Live UX Platform Language Pack "{5275D81E-83AD-4DE4-BC2B-6E6BA3A33244}" = Windows Live Writer Resources "{547C9EB4-4CA6-402F-9D1B-8BD30DC71E44}" = VAIO Sample Contents "{55D003F4-9599-44BF-BA9E-95D060730DD3}" = Contrôle ActiveX Windows Live Mesh pour connexions à distance "{57220148-3B2B-412A-A2E0-82B9DF423696}" = Windows Live Mesh ActiveX-objekt til fjernforbindelser "{578401DB-5B21-FD5D-67EA-F1E271A10527}" = AMD Media Foundation Decoders "{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack "{57B955CE-B5D3-495D-AF1B-FAEE0540BFEF}" = VAIO Data Restore Tool "{5BEE8F1F-BD32-4553-8107-500439E43BD7}" = VAIO Update "{5C2F5C1B-9732-4F81-8FBF-6711627DC508}" = Windows Live Fotogalleri "{5D2E7BD7-4B6F-4086-BA8A-E88484750624}" = Windows Live Writer Resources "{5DA8EF95-939A-111C-3439-B54A12F68A90}" = Catalyst Control Center Graphics Previews Common "{5DDAFB4B-C52E-468A-9E23-3B0CEEB671BF}" = VAIO-Support für Übertragungen "{5E627606-53B9-42D1-97E1-D03F6229E248}" = Windows Live UX Platform Language Pack "{5FA51AAF-23FE-42F4-A724-D79F85F41D4B}" = Remote Play with PlayStation 3 "{6057E21C-ABE9-4059-AE3E-3BEB9925E660}" = Windows Live Messenger "{60C3C026-DB53-4DAB-8B97-7C1241F9A847}" = Windows Live Movie Maker "{61438020-DDD4-42FA-99A2-50225441980A}" = ArcSoft Magic-i Visual Effects 2 "{61A5DE19-BE38-45AF-A9BC-73E49703315E}" = Windows Live Remote Service Resources "{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant "{6255D9FC-427F-4867-84DB-164DBEA0661F}" = Windows Live Remote Client Resources "{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources "{63C43435-F428-42BA-8E7B-5848749D9262}" = SSLx86 "{63CF7D0C-B6E7-4EE9-8253-816B613CC437}" = Windows Live Mail "{640798A0-A4FB-4C52-AC72-755134767F1E}" = Windows Live Movie Maker "{64376910-1860-4CEF-8B34-AA5D205FC5F1}" = Poczta usługi Windows Live "{6491AB99-A11E-41FD-A5E7-32DE8A097B8E}" = Windows Live Essentials "{64B2D6B3-71AC-45A7-A6A1-2E07ABF58341}" = Windows Live Movie Maker "{66081CDD-C1FE-415F-BB3A-F2622BA27461}" = PMB VAIO Edition Guide "{66B0B400-22AB-47E6-8673-38A5D37F6331}" = Windows Live Remote Client Resources "{6756D5CA-3E31-4308-9BF0-79DFD1AF196E}" = Елемент керування Windows Live Mesh ActiveX для віддалених підключень "{677AAD91-1790-4FC5-B285-0E6A9D65F7DC}" = Windows Live Mail "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE "{6986737B-F286-40D1-87AF-938339DCF6AB}" = Windows Live Messenger "{69CAC24D-B1DC-4B97-A1BE-FE21843108FE}" = Windows Live Writer Resources "{69CEB718-11A6-7757-29F2-3659AA8BB8D7}" = CCC Help Russian "{6A4ABCDC-0A49-4132-944E-01FBCCB3465C}" = Windows Live UX Platform Language Pack "{6A563426-3474-41C6-B847-42B39F1485B2}" = Windows Live Messenger "{6ABE832B-A5C7-44C1-B697-3E123B7B4D5B}" = Windows Live Mesh "{6AC57EEF-2733-4DE6-81BB-E78ACB964C22}" = Windows Live Photo Common "{6D30E864-46AE-435B-8230-8B5D42B4AE37}" = Windows Live Messenger "{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker "{6E29C4F7-C2C2-4B18-A15C-E09B92065F15}" = Windows Live Mesh ActiveX-vezérlő távoli kapcsolatokhoz "{6EE9F44A-B8C7-4CDB-B2A9-441AF2AE315A}" = Windows Live Messenger "{6EF2BE2C-3121-48B7-B7A6-C56046B3A588}" = Windows Live Movie Maker "{6F37D92B-41AA-44B7-80D2-457ABDE11896}" = Windows Live Photo Common "{6F663FE6-3ED0-4ABF-816C-44744F7ACABA}" = Media Gallery "{70991E0A-1108-437E-BA7D-085702C670C0}" = "{70EED410-697B-4193-A2CB-2F790F82B420}" = VAIO Data Restore Tool "{71A81378-79D5-40CC-9BDC-380642D1A87F}" = Windows Live Writer "{71C95134-F6A9-45E7-B7B3-07CA6012BF2A}" = Windows Live Mesh "{72042FA6-5609-489F-A8EA-3C2DD650F667}" = VAIO Control Center "{7272F232-A7E0-4B2B-A5D2-71B7C5E2379C}" = Windows Live Fotótár "{734104DE-C2BF-412F-BB97-FCCE1EC94229}" = Windows Live Writer Resources "{7373E17D-18E0-44A7-AC3A-6A3BFB85D3B3}" = Windows Live Movie Maker "{7396FB15-9AB4-4B78-BDD8-24A9C15D2C65}" = VAIO - Remote-Tastatur "{73D8886A-D416-4687-B609-0D3836BA410C}" = VAIO Event Service "{73FC3510-6421-40F7-9503-EDAE4D0CF70D}" = Windows Live Photo Common "{7465A996-0FCA-4D2D-A52C-F833B0829B5B}" = Windows Live Movie Maker "{7496FD31-E5CB-4AE4-82D3-31099558BF6A}" = Windows Live Mesh "{74E8A7F6-575D-42C7-9178-E87D1B3BEFE8}" = Windows Live UX Platform Language Pack "{77F69CA1-E53D-4D77-8BA3-FA07606CC851}" = Фотоальбом Windows Live "{78906B56-0E81-42A7-AC25-F54C946E1538}" = Windows Live Photo Common "{79ACFD18-AD87-480B-88E0-CF74DD9BBA63}" = PMB VAIO Edition Plug-in "{7A143876-9658-4A58-82E7-B5F02D942957}" = Windows Live Remote Client Resources "{7A9D47BA-6D50-4087-866F-0800D8B89383}" = Podstawowe programy Windows Live "{7ADFA72D-2A9F-4DEC-80A5-2FAA27E23F0F}" = Windows Live Photo Common "{7AF8E500-B349-4A77-8265-9854E9A47925}" = Windows Live Movie Maker "{7C80D30A-AC02-4E3F-B95D-29F0E4FF937B}" = VAIO Easy Connect "{7CB529B2-6C74-4878-9C3F-C29C3C3BBDC6}" = Windows Live Writer Resources "{7D0DE76C-874E-4BDE-A204-F4240160693E}" = Windows Live Photo Common "{7E017923-16F8-4E32-94EF-0A150BD196FE}" = Windows Live Writer "{7F6021AE-E688-4D03-843A-C2260482BA0D}" = Windows Live Messenger "{7FF11E53-C002-4F40-8D68-6BE751E5DD62}" = Windows Live Writer Resources "{80651674-74AA-4155-AF2D-1339E628D187}" = Windows Live Movie Maker "{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger "{80E8C65A-8F70-4585-88A2-ABC54BABD576}" = Windows Live Mesh "{81F81AE6-94F2-A647-747B-4EBC0CE213D9}" = CCC Help Danish "{827D3E4A-0186-48B7-9801-7D1E9DD40C07}" = Windows Live Essentials "{82803FF3-563F-414F-A403-8D4C167D4120}" = Windows Live Mail "{82EE333F-45A9-4585-A5D9-31FE16B7FB25}" = Windows Live Remote Service Resources "{82F09B1C-F602-4552-9C40-5BD5F8EAF750}" = "{8356CB97-A48F-44CB-837A-A12838DC4669}" = PMB VAIO Edition Plug-in "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform "{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" = Windows Live Mesh "{84267681-BF16-40B6-9564-27BC57D7D71C}" = Windows Live Photo Common "{845E0BCB-8C8D-4FAB-8588-AD5FFD156C95}" = Windows Live Remote Service Resources "{84CD9BCD-38B5-C34A-4A2C-6E26E3DE81BA}" = CCC Help Polish "{84D3CB13-C7EE-4A29-817E-D82697320BF5}" = Windows Live Remote Client Resources "{85373DA7-834E-4850-8AF5-1D99F7526857}" = Windows Live Photo Common "{855DDD3C-131E-42A8-BCBD-F9581F80CACB}" = "{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer "{8604F8AF-08EE-F845-9529-D9997192DD27}" = CCC Help Greek "{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger "{87C83A79-608C-6DE0-F042-39C820A072EC}" = Catalyst Control Center InstallProxy "{885F1BCD-C344-4758-85BD-09640CF449A5}" = Windows Live Photo Gallery "{8909CFA8-97BF-4077-AC0F-6925243FFE08}" = Windows Liven asennustyökalu "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime "{8CF5D47D-27B7-49D6-A14F-10550B92749D}" = Windows Live UX Platform Language Pack "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{90140000-006D-0407-0000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010 "{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch "{91BD94FE-ADCA-49CC-BE96-97D4BBC36FAF}" = Windows Live Mesh "{92280FD3-A119-41E6-A740-A62DBA4DFB53}" = Windows Live UX Platform Language Pack "{924B4D82-1B97-48EB-8F1E-55C4353C22DB}" = Windows Live Mail "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker "{931292A9-7DE7-DCB7-0116-A6883373FCFB}" = CCC Help Korean "{93E464B3-D075-4989-87FD-A828B5C308B1}" = Windows Live Writer Resources "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010 "{95140000-00AF-0407-0000-0000000FF1CE}" = Microsoft PowerPoint Viewer "{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader "{97124033-1253-4474-8B25-1AB314A920E6}" = Windows Live Remote Service Resources "{97F77D62-5110-4FA3-A2D3-410B92D31199}" = Windows Live Fotogaléria "{9B088046-8A01-4355-99DD-8530C022F682}" = VCCx86 "{9BD262D0-B788-4546-A0A5-F4F56EC3834B}" = Windows Live Photo Common "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail "{9E27F3D4-9BF7-7C5D-E761-054B80B7C812}" = CCC Help English "{9F8E6025-423A-2A9F-3951-71E9BE2A85E7}" = ATI Catalyst Install Manager "{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail "{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh "{A25FF1C0-80B6-4B8B-A551-DC525697A408}" = AMD APP SDK Runtime "{A49A517F-5332-4665-922C-6D9AD31ADD4F}" = VSNx86 "{A4C16B19-10AA-4990-AA87-D14F653E3345}" = Windows Live Remote Client Resources "{A60B3BF0-954B-42AF-B8D8-2C1D34B613AA}" = Windows Live Photo Gallery "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer "{A7C30414-2382-4086-B0D6-01A88ABA21C3}" = VAIO Gate "{A9ABC0A6-DC01-4102-BEC9-86974A73B214}" = Windows Live Remote Client Resources "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer "{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer "{AB78C965-5C67-409B-8433-D7B5BDB12073}" = Windows Live Writer Resources "{AB93C51F-71F9-4A28-8134-FE1B5B9373E9}" = Windows Live Remote Service Resources "{ABF3F2A9-5A4F-8851-05A9-B56E0E3862F7}" = CCC Help Thai "{AC0628FF-532F-4800-91EC-40903B04682F}" = Windows Live Remote Service Resources "{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X (10.1.4) MUI "{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh "{AD001A69-88CC-4766-B2DB-3C1DFAB9AC72}" = Windows Live Mesh "{ADE85655-8D1E-4E4B-BF88-5E312FB2C74F}" = Windows Live Mail "{ADFE4AED-7F8E-4658-8D6E-742B15B9F120}" = Windows Live Photo Common "{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter "{B04A0E2F-1E4C-4E61-B18E-3B2BD6779CA7}" = Formant ActiveX programu Windows Live Mesh odpowiedzialny za obsługę połączeń zdalnych "{B0AD205F-60D0-4084-AFB8-34D9A706D9A8}" = Windows Live Essentials "{B0F02BA9-4ED6-4818-B213-4CFDC1844E61}" = Catalyst Control Center - Branding "{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie "{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail "{B3BA4D1C-23EF-4859-9C11-1B2CCB7FADBB}" = ActiveX контрола на Windows Live Mesh за отдалечени връзки "{B618C3BF-5142-4630-81DD-F96864F97C7E}" = Windows Live Essentials "{B6190387-0036-4BEB-8D74-A0AFC5F14706}" = Ovládací prvek ActiveX platformy Windows Live Mesh pro vzdálená připojení "{B63F0CE3-CCD0-490A-9A9C-E1A3B3A17137}" = Почта Windows Live "{B6A98E5F-D6A7-46FB-9E9D-1F7BF443491C}" = PMB "{B6F55C3E-30EE-4D25-8BAD-CEE4BF8C78EB}" = Windows Live Remote Client Resources "{B7546697-2A80-4256-A24B-1C33163F535B}" = VAIO Gate Default "{B7EA9CFF-E16F-7C84-5C3C-50CE04189316}" = CCC Help Spanish "{B8991D99-88FD-41F2-8C32-DB70278D5C30}" = VWSTx86 "{BA8D4CEF-D23D-44AB-8A89-66E602253791}" = Windows Live Remote Service Resources "{BCB0D6F7-7EAB-4009-A6F2-8E0E7F317773}" = Элемент управления Windows Live Mesh ActiveX для удаленных подключений "{BD4EBDB5-EB14-4120-BB04-BE0A26C7FB3E}" = Windows Live Photo Common "{BD695C2F-3EA0-4DA4-92D5-154072468721}" = Windows Live Fotoğraf Galerisi "{BF022D76-9F72-4203-B8FA-6522DC66DFDA}" = Windows Live Movie Maker "{BF35168D-F6F9-4202-BA87-86B5E3C9BF7A}" = Windows Live Mesh "{C00C2A91-6CB3-483F-80B3-2958E29468F1}" = Συλλογή φωτογραφιών του Windows Live "{C08D5964-C42F-48EE-A893-2396F9562A7C}" = Windows Live Mesh "{C115A674-A398-49E5-9C6E-C0A541D3EA10}" = Фотоколекція Windows Live "{C1C9D199-B4DD-4895-92DD-9A726A2FE341}" = Windows Live Writer "{C29FC15D-E84B-4EEC-8505-4DED94414C59}" = Windows Live Writer Resources "{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common "{C2FD7DB5-FE30-49B6-8A2F-C5652E053C31}" = Ovládací prvok ActiveX programu Windows Live Mesh pre vzdialené pripojenia "{C30628D8-D3A0-4F23-90F0-F145808087B6}" = Windows Live Remote Client Resources "{C32CE55C-12BA-4951-8797-0967FDEF556F}" = Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen "{C411942C-C26B-4450-8B9A-173DCC22AEC6}" = Windows Live Remote Service Resources "{C454280F-3C3E-4929-B60E-9E6CED5717E7}" = Windows Live Mail "{C4E7704D-5AFB-44CA-B8BA-F16C8FA46D5F}" = Windows Live Remote Service Resources "{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections "{C5BD7D41-6F0A-9222-4DF7-DC5187EC786E}" = ccc-utility "{C63A1E60-B6A4-440B-89A5-1FC6E4AC1C94}" = Windows Live Mesh ActiveX Control for Remote Connections "{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail "{C6E893E7-E5EA-4CD5-917C-5443E753FCBD}" = VAIO-Handbuch "{C72E35E5-C5C6-4328-AD9A-BBCCC816A2E6}" = VAIO Hardware Diagnostics "{C793AD32-2BB8-4CC4-ABD3-A1469C21593C}" = ArcSoft WebCam Companion 4 "{C8421D85-CA0E-4E93-A9A9-B826C4FB88EA}" = Windows Live Mail "{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common "{C911A0C2-2236-3164-AA47-F2566C01AE5E}" = Microsoft .NET Framework 4 Extended DEU Language Pack "{CB3F59BB-7858-41A1-A7EA-4B8A6FC7D431}" = Galeria fotografii usługi Windows Live "{CB66242D-12B1-4494-82D2-6F53A7E024A3}" = Galerie foto Windows Live "{CB7224D9-6DCA-43F1-8F83-6B1E39A00F92}" = Windows Live Movie Maker "{CD442136-9115-4236-9C14-278F6A9DCB3F}" = Windows Live Movie Maker "{CD6CB7F1-1B8E-424A-9B81-F8D2F03958EC}" = Windows Live Remote Client Resources "{CD7CB1E6-267A-408F-877D-B532AD2C882E}" = Windows Live Photo Common "{CDC39BF2-9697-4959-B893-A2EE05EF6ACB}" = Windows Live Writer "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform "{CF671BFE-6BA3-44E7-98C1-500D9C51D947}" = Windows Live Photo Gallery "{D07B1FDA-876B-4914-9E9A-309732B6D44F}" = Windows Live Mail "{D17C2A58-E0EA-4DD7-A2D6-C448FD25B6F6}" = VIx86 "{D2D23D08-D10E-43D6-883C-78E0B2AC9CC6}" = VU5x86 "{D31169F2-CD71-4337-B783-3E53F29F4CAD}" = Windows Live Mail "{D378BEA1-912E-4827-B9DB-D3B2C3D0BD4A}" = Windows Live Remote Service Resources "{D3CAE2CA-BE71-4CA4-9EB9-46E1C82E778B}" = Windows Live Remote Service Resources "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform "{D57A002F-2B34-4E7B-A58B-0A4FBDA2E93F}" = Windows Live Messenger "{D588365A-AE39-4F27-BDAE-B4E72C8E900C}" = Windows Live Mail "{D6F25CF9-4E87-43EB-B324-C12BE9CDD668}" = Windows Live UX Platform Language Pack "{DA29F644-2420-4448-8128-1331BE588999}" = Windows Live Writer "{DAEF48AD-89C8-4A93-B1DD-45B7E4FB6071}" = Windows Live Movie Maker "{DB1208F4-B2FE-44E9-BFE6-8824DBD7891B}" = Windows Live Movie Maker "{DCAB6BA7-6533-44BF-9235-E5BF33B7431C}" = Windows Live Writer "{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources "{DE7C13A6-E4EA-4296-B0D5-5D7E8AD69501}" = Windows Live Writer "{DE8F99FD-2FC7-4C98-AA67-2729FDE1F040}" = Windows Live Writer Resources "{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh "{DEDF8BAB-98D7-4CFA-9C42-27431EC4BD1F}" = Windows Live Remote Service Resources "{DEF91E0F-D266-453D-B6F2-1BA002B40CB6}" = Windows Live Essentials "{DFDBE1F9-04CE-4645-BB6C-4590EABC7A9C}" = Windows Live Remote Client Resources "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E1629C45-9CEF-498E-83CD-D6A09CADA176}" = Windows Live Remote Client Resources "{E4715C25-7114-4F40-A915-C1951D4D7520}" = VAIO Update Merge Module x86 "{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker "{E54EEB5D-41ED-40FE-B4A8-8565DB81469B}" = Controlo ActiveX do Windows Live Mesh para Ligações Remotas "{E55E0C35-AC3C-4683-BA2F-834348577B80}" = Windows Live Writer "{E5DD4723-FE0B-436E-A815-DC23CF902A0B}" = Windows Live UX Platform Language Pack "{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1 "{E7688C7D-DE09-4D43-9785-534EDE9BC18E}" = Windows Live Messenger "{E83DC314-C926-4214-AD58-147691D6FE9F}" = Основные компоненты Windows Live "{E8524B28-3BBB-4763-AC83-0E83FE31C350}" = Windows Live Writer "{E9D98402-21AB-4E9F-BF6B-47AF36EF7E97}" = Windows Live Writer Resources "{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger "{EB50A96F-8205-41CA-995E-73826CCC9F30}" = Windows Live Remote Service Resources "{ED16B700-D91F-44B0-867C-7EB5253CA38D}" = Raccolta foto di Windows Live "{EDB85C39-A68C-6EE2-B711-9ADF2653B574}" = CCC Help Turkish "{EE533B4D-8D00-8841-D11F-CC466FE17F84}" = CCC Help Czech "{EFB0CE72-A5A7-4185-9B9D-0A6F7812BB17}" = Windows Live Remote Client Resources "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0CCBE54-9132-44E9-82DF-CD364AD5C22D}" = Windows Live Remote Client Resources "{F0F9505B-3ACF-4158-9311-D0285136AA00}" = Windows Live Essentials "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F28C98E9-BAC1-41FF-81F2-8885925CCB48}" = Windows Live Writer "{F4BEA6C1-AAC3-4810-AAEA-588E26E0F237}" = Windows Live UX Platform Language Pack "{F665F3B8-01B4-46A9-8E47-FF8DC2208C9F}" = Στοιχείο ελέγχου ActiveX του Windows Live Mesh για απομακρυσμένες συνδέσεις "{F694D1F7-1F12-4550-9B7A-C871273ABAD5}" = Windows Live Messenger "{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{F80E5450-3EF3-4270-B26C-6AC53BEC5E76}" = Windows Live Movie Maker "{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials "{FA6CF94F-DACF-4FE7-959D-55C421B91B17}" = Windows Live Mail "{FA870BF1-44A1-4B7D-93E1-C101369AF0C1}" = VAIO - Media Gallery "{FB3D07AE-73D0-47A9-AC12-6F50BF8B6202}" = Windows Live Movie Maker "{FB79FDB7-4DE1-453D-99FE-9A880F57380E}" = Windows Live Fotogalerie "{FCDE76CB-989D-4E32-9739-6A272D2B0ED7}" = Windows Live Mesh "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials "{FE62C88B-425B-4BDE-8B70-CD5AE3B83176}" = Windows Live Essentials "{FEEF7F78-5876-438B-B554-C4CC426A4302}" = Windows Live Essentials "{FF3DFA01-1E98-46B4-A065-DA8AD47C9598}" = Windows Live Movie Maker "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "appbario8 Toolbar" = appbario8 Toolbar "InstallShield_{270380EB-8812-42E1-8289-53700DB840D2}" = VAIO - PMB VAIO Edition Plug-in "InstallShield_{66081CDD-C1FE-415F-BB3A-F2622BA27461}" = VAIO - PMB VAIO Edition Guide "InstallShield_{7C80D30A-AC02-4E3F-B95D-29F0E4FF937B}" = VAIO Easy Connect "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended "Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack "Microsoft Security Client" = Microsoft Security Essentials "Mobile Partner" = Mobile Partner "Office14.Click2Run" = Microsoft Office Klick-und-Los 2010 "PriceGong" = PriceGong 2.6.4 "SpecialSavings" = SpecialSavings "SynTPDeinstKey" = Synaptics Pointing Device Driver "VAIO Help and Support" = "VAIO Hero Screensaver - Summer 2011 Screensaver" = VAIO Hero Screensaver - Summer 2011 Screensaver "WinLiveSuite" = Windows Live Essentials ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 20.06.2012 06:12:50 | Computer Name = Steffi2-VAIO | Source = WinMgmt | ID = 10 Description = Error - 20.06.2012 12:49:32 | Computer Name = Steffi2-VAIO | Source = WinMgmt | ID = 10 Description = Error - 21.06.2012 16:46:45 | Computer Name = Steffi2-VAIO | Source = WinMgmt | ID = 10 Description = Error - 22.06.2012 03:19:47 | Computer Name = Steffi2-VAIO | Source = WinMgmt | ID = 10 Description = Error - 24.06.2012 11:54:54 | Computer Name = Steffi2-VAIO | Source = WinMgmt | ID = 10 Description = Error - 25.06.2012 01:57:00 | Computer Name = Steffi2-VAIO | Source = WinMgmt | ID = 10 Description = Error - 25.06.2012 13:33:11 | Computer Name = Steffi2-VAIO | Source = WinMgmt | ID = 10 Description = Error - 25.06.2012 14:47:47 | Computer Name = Steffi2-VAIO | Source = CVHSVC | ID = 100 Description = Nur zur Information. (Patch task for {90140011-0066-0407-0000-0000000FF1CE}): DownloadLatest Failed: Error - 26.06.2012 03:40:59 | Computer Name = Steffi2-VAIO | Source = WinMgmt | ID = 10 Description = Error - 26.06.2012 17:11:58 | Computer Name = Steffi2-VAIO | Source = WinMgmt | ID = 10 Description = [ System Events ] Error - 28.08.2012 08:02:33 | Computer Name = Steffi2-VAIO | Source = DCOM | ID = 10010 Description = Error - 28.08.2012 08:11:31 | Computer Name = Steffi2-VAIO | Source = Microsoft Antimalware | ID = 2004 Description = Beim Laden der Signaturen wurde von %%860 ein Fehler festgestellt. Es wird versucht, einen als gültig bekannten Signatursatz wiederherzustellen. Versuchte Signaturen: %%824 Fehlercode: 0x80070002 Fehlerbeschreibung: Das System kann die angegebene Datei nicht finden. Signaturversion: 1.133.61.0;1.133.61.0 Modulversion: 1.1.8703.0 Error - 28.08.2012 08:11:56 | Computer Name = Steffi2-VAIO | Source = Service Control Manager | ID = 7026 Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: cdrom Error - 28.08.2012 08:24:35 | Computer Name = Steffi2-VAIO | Source = Microsoft Antimalware | ID = 2001 Description = Beim Aktualisieren der Signaturen wurde von %%860 ein Fehler festgestellt. Neue Signaturversion: 1.133.517.0 Vorherige Signaturversion: 1.133.61.0 Aktualisierungsquelle: %%815 Aktualisierungsphase: %%854 Quellpfad: Signaturtyp: %%800 Aktualisierungstyp: %%804 Benutzer: NT-AUTORITÄT\SYSTEM Aktuelle Modulversion: 1.1.8601.0 Vorherige Modulversion: 1.1.8703.0 Fehlercode: 0x80070666 Fehlerbeschreibung: Eine andere Version des Produkts ist bereits installiert. Die Installation dieser Version kann nicht fortgesetzt werden. Verwenden Sie die Systemsteuerungsoption "Software", um die vorhandene Version dieses Produkts zu konfigurieren oder zu entfernen. Error - 28.08.2012 08:24:35 | Computer Name = Steffi2-VAIO | Source = Microsoft Antimalware | ID = 2001 Description = Beim Aktualisieren der Signaturen wurde von %%860 ein Fehler festgestellt. Neue Signaturversion: 1.133.517.0 Vorherige Signaturversion: 1.133.61.0 Aktualisierungsquelle: %%815 Aktualisierungsphase: %%854 Quellpfad: Signaturtyp: %%801 Aktualisierungstyp: %%804 Benutzer: NT-AUTORITÄT\SYSTEM Aktuelle Modulversion: 1.1.8601.0 Vorherige Modulversion: 1.1.8703.0 Fehlercode: 0x80070666 Fehlerbeschreibung: Eine andere Version des Produkts ist bereits installiert. Die Installation dieser Version kann nicht fortgesetzt werden. Verwenden Sie die Systemsteuerungsoption "Software", um die vorhandene Version dieses Produkts zu konfigurieren oder zu entfernen. Error - 28.08.2012 08:24:54 | Computer Name = Steffi2-VAIO | Source = Microsoft Antimalware | ID = 2001 Description = Beim Aktualisieren der Signaturen wurde von %%860 ein Fehler festgestellt. Neue Signaturversion: Vorherige Signaturversion: 1.133.61.0 Aktualisierungsquelle: %%859 Aktualisierungsphase: %%854 Quellpfad: hxxp://www.microsoft.com Signaturtyp: %%800 Aktualisierungstyp: %%803 Benutzer: NT-AUTORITÄT\SYSTEM Aktuelle Modulversion: Vorherige Modulversion: 1.1.8703.0 Fehlercode: 0x80070643 Fehlerbeschreibung: Schwerwiegender Fehler bei der Installation. Error - 28.08.2012 08:25:07 | Computer Name = Steffi2-VAIO | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20 Description = Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80070643 fehlgeschlagen: Definitionsupdate für Microsoft Security Essentials – KB2310138 (Definition 1.133.517.0) Error - 28.08.2012 17:17:04 | Computer Name = Steffi2-VAIO | Source = DCOM | ID = 10010 Description = Error - 28.08.2012 17:18:26 | Computer Name = Steffi2-VAIO | Source = Service Control Manager | ID = 7026 Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: cdrom Error - 28.08.2012 17:20:19 | Computer Name = Steffi2-VAIO | Source = bowser | ID = 8003 Description = < End of report > So, ich hoffe das war einigermaßen übersichtlich und verständlich - ich habe mich bemüht....=) Vielen Dank für Eure Mühe, ist ja ein Wahnsinn wenn man da so durchs Forum schaut wieviel ihr hier am helfen seid..... Also würde mich natürlich über eine Antwort freuen, bis dahin mal liebe Grüße, Steffi |
29.08.2012, 03:54 | #2 |
/// Helfer-Team | Polizei Virus Österreich, mit Webcam - MBAM - Scan bereits ausgeführtFixen mit OTL Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).
Code:
ATTFilter :OTL IE - HKLM\..\URLSearchHook: {0cc09160-108c-4759-bab1-5c12c216e005} - C:\Programme\appbario8\prxtbappb.dll (Conduit Ltd.) IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=SNYEDF&pc=MASE&src=IE-SearchBox IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = IE - HKU\S-1-5-21-2221601324-2731082479-1097585904-1001\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page = http://www.google.at/ IE - HKU\S-1-5-21-2221601324-2731082479-1097585904-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://vaioportal.sony.eu IE - HKU\S-1-5-21-2221601324-2731082479-1097585904-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://sony.msn.com [binary data] IE - HKU\S-1-5-21-2221601324-2731082479-1097585904-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.at/ IE - HKU\S-1-5-21-2221601324-2731082479-1097585904-1001\..\URLSearchHook: {0cc09160-108c-4759-bab1-5c12c216e005} - C:\Programme\appbario8\prxtbappb.dll (Conduit Ltd.) IE - HKU\S-1-5-21-2221601324-2731082479-1097585904-1001\..\SearchScopes,bProtectorDefaultScope = {7A382638-CD04-49D3-93A6-28B3CFEF3EEA} IE - HKU\S-1-5-21-2221601324-2731082479-1097585904-1001\..\SearchScopes,DefaultScope = {7A382638-CD04-49D3-93A6-28B3CFEF3EEA} IE - HKU\S-1-5-21-2221601324-2731082479-1097585904-1001\..\SearchScopes\{7A382638-CD04-49D3-93A6-28B3CFEF3EEA}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3227980 IE - HKU\S-1-5-21-2221601324-2731082479-1097585904-1001\..\SearchScopes\{B387E638-5DCA-44AB-80C2-ABFFD14BEB3C}: "URL" = http://rover.ebay.com/rover/1/5221-29898-16445-29/4?mpre=http://shop.ebay.at/?oemInLn=ieSrch-Q311&_nkw={searchTerms} IE - HKU\S-1-5-21-2221601324-2731082479-1097585904-1001\..\SearchScopes\{FC6B614B-F8C0-4478-9D9D-37D71C3C8C48}: "URL" = http://services.zinio.com/search?s={searchTerms}&rf=sonyslices IE - HKU\S-1-5-21-2221601324-2731082479-1097585904-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2221601324-2731082479-1097585904-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{b64982b1-d112-42b5-b1e4-d3867c4533f8}: C:\ProgramData\PC Performer Manager\2.2.580.182\{16cdff19-861d-48e3-a751-d99a27784753}\FirefoxExtension [2012.08.19 15:25:20 | 000,000,000 | ---D | M] O2 - BHO: (appbario8 Toolbar) - {0cc09160-108c-4759-bab1-5c12c216e005} - C:\Programme\appbario8\prxtbappb.dll (Conduit Ltd.) O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll File not found O3 - HKLM\..\Toolbar: (no name) - {D0F4A166-B8D4-48b8-9D63-80849FE137CB} - No CLSID value found. O3 - HKU\S-1-5-21-2221601324-2731082479-1097585904-1001\..\Toolbar\WebBrowser: (appbario8 Toolbar) - {0CC09160-108C-4759-BAB1-5C12C216E005} - C:\Programme\appbario8\prxtbappb.dll (Conduit Ltd.) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{4bd8af84-427b-11e1-8669-60d819f0cf4b}\Shell - "" = AutoRun O33 - MountPoints2\{4bd8af84-427b-11e1-8669-60d819f0cf4b}\Shell\AutoRun\command - "" = D:\AutoRun.exe O33 - MountPoints2\{4bd8af95-427b-11e1-8669-60d819f0cf4b}\Shell - "" = AutoRun O33 - MountPoints2\{4bd8af95-427b-11e1-8669-60d819f0cf4b}\Shell\AutoRun\command - "" = D:\AutoRun.exe O33 - MountPoints2\{b869acd1-75f5-11e1-9354-60d819f0cf4b}\Shell - "" = AutoRun O33 - MountPoints2\{b869acd1-75f5-11e1-9354-60d819f0cf4b}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a [2012.08.19 15:27:02 | 000,000,000 | ---D | C] -- C:\ProgramData\IBUpdaterService [2012.08.19 15:24:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PriceGong [2012.08.27 19:47:46 | 004,503,728 | ---- | M] () -- C:\ProgramData\ism_0_llatsni.pad [2012.08.19 15:26:45 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit [2012.08.19 15:26:24 | 000,000,000 | ---D | C] -- C:\Users\Steffi2\AppData\Local\Conduit [2012.08.19 15:26:51 | 000,000,009 | ---- | M] () -- C:\END [2012.08.19 15:24:45 | 000,000,000 | ---D | C] -- C:\Program Files\PriceGong [2012.08.19 15:24:08 | 000,000,000 | ---D | C] -- C:\Users\Steffi2\AppData\Local\Savings Sidekick [2012.08.19 15:24:00 | 000,000,000 | ---D | C] -- C:\Program Files\Savings Sidekick [2012.08.28 22:46:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job :Files C:\Users\Steffi2\AppData\Local\{*} C:\ProgramData\*.exe C:\ProgramData\TEMP C:\Users\Steffi2\AppData\Local\Temp\*.exe C:\Users\Steffi2\AppData\LocalLow\Sun\Java\Deployment\cache %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk %SystemRoot%\System32\*.tmp %SystemRoot%\SysWOW64\*.tmp ipconfig /flushdns /c :Commands [purity] [emptytemp]
Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden. Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!
__________________ |
29.08.2012, 10:50 | #3 |
| Polizei Virus Österreich, mit Webcam - MBAM - Scan bereits ausgeführt Super...dankeschön!!!!
__________________Hier nun das neue Logfile: Code:
ATTFilter All processes killed ========== OTL ========== Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{0cc09160-108c-4759-bab1-5c12c216e005} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0cc09160-108c-4759-bab1-5c12c216e005}\ deleted successfully. C:\Programme\appbario8\prxtbappb.dll moved successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully! Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found. HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully! HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully! HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully! HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully! HKU\S-1-5-21-2221601324-2731082479-1097585904-1001\SOFTWARE\Microsoft\Internet Explorer\Main\\bProtector Start Page| /E : value set successfully! HKU\S-1-5-21-2221601324-2731082479-1097585904-1001\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully! HKU\S-1-5-21-2221601324-2731082479-1097585904-1001\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Secondary_Page_URL| /E : value set successfully! HKU\S-1-5-21-2221601324-2731082479-1097585904-1001\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully! Registry value HKEY_USERS\S-1-5-21-2221601324-2731082479-1097585904-1001\Software\Microsoft\Internet Explorer\URLSearchHooks\\{0cc09160-108c-4759-bab1-5c12c216e005} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0cc09160-108c-4759-bab1-5c12c216e005}\ deleted successfully. File C:\Programme\appbario8\prxtbappb.dll not found. HKEY_USERS\S-1-5-21-2221601324-2731082479-1097585904-1001\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully! HKEY_USERS\S-1-5-21-2221601324-2731082479-1097585904-1001\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully! Registry key HKEY_USERS\S-1-5-21-2221601324-2731082479-1097585904-1001\Software\Microsoft\Internet Explorer\SearchScopes\{7A382638-CD04-49D3-93A6-28B3CFEF3EEA}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7A382638-CD04-49D3-93A6-28B3CFEF3EEA}\ not found. Registry key HKEY_USERS\S-1-5-21-2221601324-2731082479-1097585904-1001\Software\Microsoft\Internet Explorer\SearchScopes\{B387E638-5DCA-44AB-80C2-ABFFD14BEB3C}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B387E638-5DCA-44AB-80C2-ABFFD14BEB3C}\ not found. Registry key HKEY_USERS\S-1-5-21-2221601324-2731082479-1097585904-1001\Software\Microsoft\Internet Explorer\SearchScopes\{FC6B614B-F8C0-4478-9D9D-37D71C3C8C48}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FC6B614B-F8C0-4478-9D9D-37D71C3C8C48}\ not found. HKU\S-1-5-21-2221601324-2731082479-1097585904-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully! HKU\S-1-5-21-2221601324-2731082479-1097585904-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully! Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully. Registry value HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{b64982b1-d112-42b5-b1e4-d3867c4533f8} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b64982b1-d112-42b5-b1e4-d3867c4533f8}\ not found. C:\ProgramData\PC Performer Manager\2.2.580.182\{16cdff19-861d-48e3-a751-d99a27784753}\FirefoxExtension\content folder moved successfully. C:\ProgramData\PC Performer Manager\2.2.580.182\{16cdff19-861d-48e3-a751-d99a27784753}\FirefoxExtension\components folder moved successfully. C:\ProgramData\PC Performer Manager\2.2.580.182\{16cdff19-861d-48e3-a751-d99a27784753}\FirefoxExtension folder moved successfully. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0cc09160-108c-4759-bab1-5c12c216e005}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0cc09160-108c-4759-bab1-5c12c216e005}\ deleted successfully. File C:\Programme\appbario8\prxtbappb.dll not found. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{27B4851A-3207-45A2-B947-BE8AFE6163AB}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{27B4851A-3207-45A2-B947-BE8AFE6163AB}\ deleted successfully. Registry delete failed. HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D0F4A166-B8D4-48b8-9D63-80849FE137CB} scheduled to be deleted on reboot. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D0F4A166-B8D4-48b8-9D63-80849FE137CB}\ not found. Registry value HKEY_USERS\S-1-5-21-2221601324-2731082479-1097585904-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{0CC09160-108C-4759-BAB1-5C12C216E005} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0CC09160-108C-4759-BAB1-5C12C216E005}\ deleted successfully. File C:\Programme\appbario8\prxtbappb.dll not found. Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully. File move failed. C:\Windows\System32\mctadmin.exe scheduled to be moved on reboot. Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully. File move failed. C:\Windows\System32\mctadmin.exe scheduled to be moved on reboot. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully. Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93} Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found. Starting removal of ActiveX control {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ not found. Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully! C:\autoexec.bat moved successfully. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4bd8af84-427b-11e1-8669-60d819f0cf4b}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4bd8af84-427b-11e1-8669-60d819f0cf4b}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4bd8af84-427b-11e1-8669-60d819f0cf4b}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4bd8af84-427b-11e1-8669-60d819f0cf4b}\ not found. File D:\AutoRun.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4bd8af95-427b-11e1-8669-60d819f0cf4b}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4bd8af95-427b-11e1-8669-60d819f0cf4b}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4bd8af95-427b-11e1-8669-60d819f0cf4b}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4bd8af95-427b-11e1-8669-60d819f0cf4b}\ not found. File D:\AutoRun.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b869acd1-75f5-11e1-9354-60d819f0cf4b}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b869acd1-75f5-11e1-9354-60d819f0cf4b}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b869acd1-75f5-11e1-9354-60d819f0cf4b}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b869acd1-75f5-11e1-9354-60d819f0cf4b}\ not found. File E:\LaunchU3.exe -a not found. C:\ProgramData\IBUpdaterService folder moved successfully. C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PriceGong folder moved successfully. C:\ProgramData\ism_0_llatsni.pad moved successfully. C:\Program Files\Conduit\Community Alerts folder moved successfully. C:\Program Files\Conduit folder moved successfully. C:\Users\Steffi2\AppData\Local\Conduit\CT3227982 folder moved successfully. C:\Users\Steffi2\AppData\Local\Conduit folder moved successfully. C:\END moved successfully. C:\Program Files\PriceGong\2.6.4\FF\components folder moved successfully. C:\Program Files\PriceGong\2.6.4\FF\chrome\skin folder moved successfully. C:\Program Files\PriceGong\2.6.4\FF\chrome\locale\en-US folder moved successfully. C:\Program Files\PriceGong\2.6.4\FF\chrome\locale folder moved successfully. C:\Program Files\PriceGong\2.6.4\FF\chrome\content folder moved successfully. C:\Program Files\PriceGong\2.6.4\FF\chrome folder moved successfully. C:\Program Files\PriceGong\2.6.4\FF folder moved successfully. C:\Program Files\PriceGong\2.6.4 folder moved successfully. C:\Program Files\PriceGong folder moved successfully. C:\Users\Steffi2\AppData\Local\Savings Sidekick\Chrome folder moved successfully. C:\Users\Steffi2\AppData\Local\Savings Sidekick folder moved successfully. C:\Program Files\Savings Sidekick folder moved successfully. C:\Windows\Tasks\Adobe Flash Player Updater.job moved successfully. ========== FILES ========== File\Folder C:\Users\Steffi2\AppData\Local\{*} not found. File\Folder C:\ProgramData\*.exe not found. C:\ProgramData\TEMP folder moved successfully. C:\Users\Steffi2\AppData\Local\Temp\DataCard_Setup.exe moved successfully. C:\Users\Steffi2\AppData\Local\Temp\ResetDevice.exe moved successfully. C:\Users\Steffi2\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\tmp folder moved successfully. C:\Users\Steffi2\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\muffin folder moved successfully. C:\Users\Steffi2\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\host folder moved successfully. C:\Users\Steffi2\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9 folder moved successfully. C:\Users\Steffi2\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\8 folder moved successfully. C:\Users\Steffi2\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\7 folder moved successfully. C:\Users\Steffi2\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63 folder moved successfully. C:\Users\Steffi2\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62 folder moved successfully. C:\Users\Steffi2\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61 folder moved successfully. C:\Users\Steffi2\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\60 folder moved successfully. C:\Users\Steffi2\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6 folder moved successfully. C:\Users\Steffi2\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59 folder moved successfully. C:\Users\Steffi2\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58 folder moved successfully. C:\Users\Steffi2\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57 folder moved successfully. C:\Users\Steffi2\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\56 folder moved successfully. C:\Users\Steffi2\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55 folder moved successfully. C:\Users\Steffi2\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54 folder moved successfully. C:\Users\Steffi2\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53 folder moved successfully. C:\Users\Steffi2\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52 folder moved successfully. C:\Users\Steffi2\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\51 folder moved successfully. C:\Users\Steffi2\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50 folder moved successfully. C:\Users\Steffi2\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5 folder moved successfully. C:\Users\Steffi2\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49 folder moved successfully. C:\Users\Steffi2\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48 folder moved successfully. C:\Users\Steffi2\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47 folder moved successfully. C:\Users\Steffi2\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46 folder moved successfully. C:\Users\Steffi2\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\45 folder moved successfully. C:\Users\Steffi2\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44 folder moved successfully. C:\Users\Steffi2\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43 folder moved successfully. C:\Users\Steffi2\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\42 folder moved successfully. C:\Users\Steffi2\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41 folder moved successfully. C:\Users\Steffi2\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\40 folder moved successfully. C:\Users\Steffi2\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\4 folder moved successfully. C:\Users\Steffi2\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\39 folder moved successfully. C:\Users\Steffi2\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38 folder moved successfully. C:\Users\Steffi2\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\37 folder moved successfully. C:\Users\Steffi2\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36 folder moved successfully. C:\Users\Steffi2\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35 folder moved successfully. C:\Users\Steffi2\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34 folder moved successfully. C:\Users\Steffi2\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33 folder moved successfully. C:\Users\Steffi2\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32 folder moved successfully. C:\Users\Steffi2\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31 folder moved successfully. C:\Users\Steffi2\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\30 folder moved successfully. C:\Users\Steffi2\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\3 folder moved successfully. C:\Users\Steffi2\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29 folder moved successfully. C:\Users\Steffi2\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28 folder moved successfully. C:\Users\Steffi2\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27 folder moved successfully. C:\Users\Steffi2\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26 folder moved successfully. C:\Users\Steffi2\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25 folder moved successfully. C:\Users\Steffi2\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\24 folder moved successfully. C:\Users\Steffi2\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\23 folder moved successfully. C:\Users\Steffi2\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22 folder moved successfully. C:\Users\Steffi2\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21 folder moved successfully. C:\Users\Steffi2\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20 folder moved successfully. C:\Users\Steffi2\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2 folder moved successfully. C:\Users\Steffi2\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\19 folder moved successfully. C:\Users\Steffi2\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18 folder moved successfully. C:\Users\Steffi2\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17 folder moved successfully. C:\Users\Steffi2\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16 folder moved successfully. C:\Users\Steffi2\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15 folder moved successfully. C:\Users\Steffi2\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\14 folder moved successfully. C:\Users\Steffi2\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\13 folder moved successfully. C:\Users\Steffi2\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12 folder moved successfully. C:\Users\Steffi2\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\11 folder moved successfully. C:\Users\Steffi2\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10 folder moved successfully. C:\Users\Steffi2\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1 folder moved successfully. C:\Users\Steffi2\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0 folder moved successfully. C:\Users\Steffi2\AppData\LocalLow\Sun\Java\Deployment\cache\6.0 folder moved successfully. C:\Users\Steffi2\AppData\LocalLow\Sun\Java\Deployment\cache folder moved successfully. File/Folder C:\Users\Steffi2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk not found. File/Folder C:\Windows\System32\*.tmp not found. File/Folder C:\Windows\SysWOW64\*.tmp not found. < ipconfig /flushdns /c > Windows-IP-Konfiguration Der DNS-Aufl”sungscache wurde geleert. C:\Users\Steffi2\Desktop\cmd.bat deleted successfully. C:\Users\Steffi2\Desktop\cmd.txt deleted successfully. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 56502 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Public User: Steffi2 ->Temp folder emptied: 35460058 bytes ->Temporary Internet Files folder emptied: 485368046 bytes ->Flash cache emptied: 80179 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 25253472 bytes RecycleBin emptied: 59605 bytes Total Files Cleaned = 521,00 mb OTL by OldTimer - Version 3.2.59.1 log created on 08292012_113512 Files\Folders moved on Reboot... File move failed. C:\Windows\System32\mctadmin.exe scheduled to be moved on reboot. PendingFileRenameOperations files... Registry entries deleted on Reboot... Registry delete failed. HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D0F4A166-B8D4-48b8-9D63-80849FE137CB} scheduled to be deleted on reboot. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D0F4A166-B8D4-48b8-9D63-80849FE137CB}\ not found. |
29.08.2012, 19:38 | #4 |
/// Helfer-Team | Polizei Virus Österreich, mit Webcam - MBAM - Scan bereits ausgeführt Sehr gut! Wie laeuft der Rechner? 1. Schritt Bitte einen Vollscan mit Malwarebytes Anti-Malware machen und Log posten.danach: 2. Schritt Downloade Dir bitte AdwCleaner auf deinen Desktop.
|
30.08.2012, 02:03 | #5 |
| Polizei Virus Österreich, mit Webcam - MBAM - Scan bereits ausgeführt Super....so weit ich das beurteilen kann läuft alles ganz normal... Die neue Logfile von MBAM - es wurden schon mal keine infzierten Objekte gefunden: Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.62.0.1300 www.malwarebytes.org Datenbank Version: v2012.08.29.08 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 9.0.8112.16421 Steffi2 :: STEFFI2-VAIO [Administrator] Schutz: Aktiviert 29.08.2012 21:40:44 mbam-log-2012-08-29 (21-40-44).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|Q:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 269124 Laufzeit: 1 Stunde(n), 33 Minute(n), 21 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Und die Datei die mir AdwCleaner ausgespuckt hat: Code:
ATTFilter # AdwCleaner v1.801 - Logfile created 08/30/2012 at 02:55:15 # Updated 14/08/2012 by Xplode # Operating system : Windows 7 Home Premium Service Pack 1 (32 bits) # User : Steffi2 - STEFFI2-VAIO # Boot Mode : Normal # Running from : C:\Users\Steffi2\Desktop\adwcleaner.exe # Option [Search] ***** [Services] ***** ***** [Files / Folders] ***** Folder Found : C:\Users\Steffi2\AppData\LocalLow\appbario8 Folder Found : C:\Users\Steffi2\AppData\LocalLow\Conduit Folder Found : C:\Users\Steffi2\AppData\LocalLow\PriceGong Folder Found : C:\ProgramData\pc performer manager Folder Found : C:\Program Files\appbario8 ***** [Registry] ***** [*] Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3227982 Key Found : HKCU\Software\AppDataLow\Software\Conduit Key Found : HKCU\Software\AppDataLow\Software\ConduitSearchScopes Key Found : HKCU\Software\AppDataLow\Software\PriceGong Key Found : HKCU\Software\AppDataLow\Software\SmartBar Key Found : HKCU\Software\AppDataLow\Toolbar Key Found : HKCU\Software\bProtector Key Found : HKCU\Software\Cr_Installer Key Found : HKCU\Software\DataMngr Key Found : HKCU\Software\DataMngr_Toolbar Key Found : HKCU\Software\InstalledBrowserExtensions Key Found : HKCU\Software\Softonic Key Found : HKLM\SOFTWARE\appbario8 Key Found : HKLM\SOFTWARE\Classes\AppID\PriceGongIE.DLL Key Found : HKLM\SOFTWARE\Classes\PriceFactorIE.PriceGongBHO Key Found : HKLM\SOFTWARE\Classes\PriceFactorIE.PriceGongBHO.1 Key Found : HKLM\SOFTWARE\Classes\PriceGongIE.PriceGongCtrl Key Found : HKLM\SOFTWARE\Classes\PriceGongIE.PriceGongCtrl.1 Key Found : HKLM\SOFTWARE\Conduit Key Found : HKLM\SOFTWARE\DataMngr Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\bkomkajifikmkfnjgphkjcfeepbnojok Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\appbario8 Toolbar Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PriceGong Value Found : HKCU\Software\Mozilla\Firefox\Extensions [{8a9386b4-e958-4c4c-adf4-8f26db3e4829}] ***** [Registre - GUID] ***** Key Found : HKLM\SOFTWARE\Classes\AppID\{835315FC-1BF6-4CA9-80CD-F6C158D40692} Key Found : HKLM\SOFTWARE\Classes\CLSID\{1631550F-191D-4826-B069-D9439253D926} Key Found : HKLM\SOFTWARE\Classes\CLSID\{D2A2595C-4FE4-4315-AA9B-19DBD6271B71} Key Found : HKLM\SOFTWARE\Classes\CLSID\{0CC09160-108C-4759-BAB1-5C12C216E005} Key Found : HKLM\SOFTWARE\Classes\CLSID\{17FBAC21-3A8E-43BD-AB17-F02E52037EDB} Key Found : HKLM\SOFTWARE\Classes\Interface\{7D86A08B-0A8F-4BE0-B693-F05E6947E780} Key Found : HKLM\SOFTWARE\Classes\TypeLib\{8B3372D0-09F0-41A5-8D9B-134E148672FB} Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C3B4407B-B40A-4B02-8355-6A90DDF0E9F0} Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DB49EED7-70F3-46BC-811C-E38F027AF5EA} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1631550F-191D-4826-B069-D9439253D926} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{17FBAC21-3A8E-43BD-AB17-F02E52037EDB} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0CC09160-108C-4759-BAB1-5C12C216E005} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1631550F-191D-4826-B069-D9439253D926} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0CC09160-108C-4759-BAB1-5C12C216E005} Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{0CC09160-108C-4759-BAB1-5C12C216E005}] ***** [Internet Browsers] ***** -\\ Internet Explorer v9.0.8112.16421 [OK] Registry is clean. ************************* AdwCleaner[R1].txt - [3781 octets] - [30/08/2012 02:55:15] ########## EOF - C:\AdwCleaner[R1].txt - [3909 octets] ########## |
30.08.2012, 18:49 | #6 |
/// Helfer-Team | Polizei Virus Österreich, mit Webcam - MBAM - Scan bereits ausgeführt Sehr gut!
danach: Malware-Scan mit Emsisoft Anti-Malware Lade die Gratisversion von => Emsisoft Anti-Malware herunter und installiere das Programm. Lade über Jetzt Updaten die aktuellen Signaturen herunter. Wähle den Freeware-Modus aus. Wähle Detail Scan und starte über den Button Scan die Überprüfung des Computers. Am Ende des Scans nichts loeschen lassen!. Mit Klick auf Bericht speichern das Logfile auf dem Desktop speichern und hier in den Thread posten. Anleitung: http://www.trojaner-board.de/103809-...i-malware.html
__________________ --> Polizei Virus Österreich, mit Webcam - MBAM - Scan bereits ausgeführt |
31.08.2012, 13:13 | #7 |
| Polizei Virus Österreich, mit Webcam - MBAM - Scan bereits ausgeführt Super...also wie gesagt ich kenn mich ja nicht so aus...aber ich glaube mittlerweile schaut`s echt nicht schlecht aus...=) Vielen Dank... Die neue Logdatei von AdwCleaner: Code:
ATTFilter # AdwCleaner v1.801 - Logfile created 08/31/2012 at 11:38:04 # Updated 14/08/2012 by Xplode # Operating system : Windows 7 Home Premium Service Pack 1 (32 bits) # User : Steffi2 - STEFFI2-VAIO # Boot Mode : Normal # Running from : C:\Users\Steffi2\Desktop\adwcleaner.exe # Option [Delete] ***** [Services] ***** ***** [Files / Folders] ***** Folder Deleted : C:\Users\Steffi2\AppData\LocalLow\appbario8 Folder Deleted : C:\Users\Steffi2\AppData\LocalLow\Conduit Folder Deleted : C:\Users\Steffi2\AppData\LocalLow\PriceGong Deleted on reboot : C:\ProgramData\pc performer manager Folder Deleted : C:\Program Files\appbario8 ***** [Registry] ***** [*] Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3227982 Key Deleted : HKCU\Software\AppDataLow\Software\Conduit Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar Key Deleted : HKCU\Software\AppDataLow\Toolbar Key Deleted : HKCU\Software\bProtector Key Deleted : HKCU\Software\Cr_Installer Key Deleted : HKCU\Software\DataMngr Key Deleted : HKCU\Software\InstalledBrowserExtensions Key Deleted : HKCU\Software\Softonic Key Deleted : HKLM\SOFTWARE\appbario8 Key Deleted : HKLM\SOFTWARE\Classes\AppID\PriceGongIE.DLL Key Deleted : HKLM\SOFTWARE\Classes\PriceFactorIE.PriceGongBHO Key Deleted : HKLM\SOFTWARE\Classes\PriceFactorIE.PriceGongBHO.1 Key Deleted : HKLM\SOFTWARE\Classes\PriceGongIE.PriceGongCtrl Key Deleted : HKLM\SOFTWARE\Classes\PriceGongIE.PriceGongCtrl.1 Key Deleted : HKLM\SOFTWARE\Conduit Key Deleted : HKLM\SOFTWARE\DataMngr Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\bkomkajifikmkfnjgphkjcfeepbnojok Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\appbario8 Toolbar Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PriceGong Value Deleted : HKCU\Software\Mozilla\Firefox\Extensions [{8a9386b4-e958-4c4c-adf4-8f26db3e4829}] ***** [Registre - GUID] ***** Key Deleted : HKLM\SOFTWARE\Classes\AppID\{835315FC-1BF6-4CA9-80CD-F6C158D40692} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1631550F-191D-4826-B069-D9439253D926} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D2A2595C-4FE4-4315-AA9B-19DBD6271B71} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{0CC09160-108C-4759-BAB1-5C12C216E005} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{17FBAC21-3A8E-43BD-AB17-F02E52037EDB} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7D86A08B-0A8F-4BE0-B693-F05E6947E780} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{8B3372D0-09F0-41A5-8D9B-134E148672FB} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C3B4407B-B40A-4B02-8355-6A90DDF0E9F0} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DB49EED7-70F3-46BC-811C-E38F027AF5EA} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1631550F-191D-4826-B069-D9439253D926} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{17FBAC21-3A8E-43BD-AB17-F02E52037EDB} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0CC09160-108C-4759-BAB1-5C12C216E005} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1631550F-191D-4826-B069-D9439253D926} Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{0CC09160-108C-4759-BAB1-5C12C216E005}] ***** [Internet Browsers] ***** -\\ Internet Explorer v9.0.8112.16421 [OK] Registry is clean. ************************* AdwCleaner[R1].txt - [3910 octets] - [30/08/2012 02:55:15] AdwCleaner[S1].txt - [3777 octets] - [31/08/2012 11:38:04] ########## EOF - C:\AdwCleaner[S1].txt - [3905 octets] ########## Und die Logdatei von Emsisoft Anti-Malware: Code:
ATTFilter Emsisoft Anti-Malware - Version 6.6 Letztes Update: 31.08.2012 13:15:21 Scan Einstellungen: Scan Methode: Detail Scan Objekte: Rootkits, Speicher, Traces, C:\, Q:\ Archiv Scan: An ADS Scan: An Scan Beginn: 31.08.2012 13:17:40 Gescannt 533633 Gefunden 0 Scan Ende: 31.08.2012 13:53:23 Scan Zeit: 0:35:43 |
31.08.2012, 20:05 | #8 |
/// Helfer-Team | Polizei Virus Österreich, mit Webcam - MBAM - Scan bereits ausgeführt Sehr gut! Deinstalliere: Emsisoft Anti-Malware ESET Online Scanner Vorbereitung
|
01.09.2012, 14:50 | #9 |
| Polizei Virus Österreich, mit Webcam - MBAM - Scan bereits ausgeführt Super....auch hier siehts meiner Meinung nach ganz gut aus....=) Logfile von ESET Online Scanner: Code:
ATTFilter ESETSmartInstaller@High as downloader log: all ok # version=7 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6583 # api_version=3.0.2 # EOSSerial=5e4800c6e729ee409b52d795d417df3c # end=finished # remove_checked=true # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2012-09-01 01:29:17 # local_time=2012-09-01 03:29:17 (+0100, Mitteleuropäische Sommerzeit) # country="Austria" # lang=1033 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode=5893 16776574 66 85 28120391 98125583 0 0 # compatibility_mode=8192 67108863 100 0 302 302 0 0 # scanned=149269 # found=0 # cleaned=0 # scan_time=11765 |
02.09.2012, 05:29 | #10 |
/// Helfer-Team | Polizei Virus Österreich, mit Webcam - MBAM - Scan bereits ausgeführt Java aktualisieren Dein Java ist nicht mehr aktuell. Älter Versionen enthalten Sicherheitslücken, die von Malware missbraucht werden können.
Dann so einstellen: http://www.trojaner-board.de/105213-...tellungen.html Danach poste (kopieren und einfuegen) mir, was du hier angezeigt bekommst: PluginCheck Java deaktivieren Aufgrund derezeitigen Sicherheitsluecke: http://www.trojaner-board.de/122961-...ktivieren.html Danach poste mir (kopieren und einfuegen), was du hier angezeigt bekommst: PluginCheck |
02.09.2012, 08:27 | #11 |
| Polizei Virus Österreich, mit Webcam - MBAM - Scan bereits ausgeführt ok...danke....ich hoffe ich hab das richtig gemacht.....also: einmal mit aktuellem Java-Update Code:
ATTFilter PluginCheck Der PluginCheck hilft die größten Sicherheitslücken beim Surfen im Internet zu schliessen. Überprüft wird: Browser, Flash, Java und Adobe Reader Version. Internet Explorer 9.0 ist aktuell Flash 11,3,300,271 ist veraltet! Aktualisieren Sie bitte auf die neueste Version! Java (1,7,0,7) ist aktuell. Adobe Reader 10,1,0,0 ist veraltet! Aktualisieren Sie bitte auf die neueste Version: 10,1,3 Code:
ATTFilter PluginCheck Der PluginCheck hilft die größten Sicherheitslücken beim Surfen im Internet zu schliessen. Überprüft wird: Browser, Flash, Java und Adobe Reader Version. Internet Explorer 9.0 ist aktuell Flash 11,3,300,271 ist veraltet! Aktualisieren Sie bitte auf die neueste Version! Java ist nicht Installiert oder nicht aktiviert. Adobe Reader 10,1,0,0 ist veraltet! Aktualisieren Sie bitte auf die neueste Version: 10,1,3 |
02.09.2012, 08:54 | #12 |
/// Helfer-Team | Polizei Virus Österreich, mit Webcam - MBAM - Scan bereits ausgeführt Sehr gut! damit bist Du sauber und entlassen! adwCleaner entfernen
Tool-Bereinigung mit OTL Wir werden nun die CleanUp!-Funktion von OTL nutzen, um die meisten Programme, die wir zur Bereinigung installiert haben, wieder von Deinem System zu löschen.
Zurücksetzen der Sicherheitszonen Lasse die Sicherheitszonen wieder zurücksetzen, da diese manipuliert wurden um den Browser für weitere Angriffe zu öffnen. Gehe dabei so vor: http://www.trojaner-board.de/111805-...ecksetzen.html Systemwiederherstellungen leeren Damit der Rechner nicht mit einer infizierten Systemwiederherstellung erneut infiziert werden kann, muessen wir diese leeren. Dazu schalten wir sie einmal aus und dann wieder ein: Systemwiederherstellung deaktivieren Tutorial fuer Windows XP, Windows Vista, Windows 7 Danach wieder aktivieren. Aufräumen mit CCleaner Lasse mit CCleaner (Download) (Anleitung) Fehler in der
Lektuere zum abarbeiten: http://www.trojaner-board.de/90880-d...tallation.html http://www.trojaner-board.de/105213-...tellungen.html PluginCheck http://www.trojaner-board.de/96344-a...-rechners.html Secunia Online Software Inspector http://www.trojaner-board.de/71715-k...iendungen.html http://www.trojaner-board.de/83238-a...sschalten.html PC wird immer langsamer - was tun? |
Themen zu Polizei Virus Österreich, mit Webcam - MBAM - Scan bereits ausgeführt |
adware.gameplaylab, adware.gameplaylabs, autorun, bingbar, branding, browser, error, firefox, iexplore.exe, install.exe, installation, log-datei, microsoft office starter 2010, pc performer, performer, plug-in, polizei-virus, pup.bundleinstaller.ib, pup.crossfire.gen, pup.crossfire.sa, pup.gameplaylab, realtek, rundll, savings, savings sidekick, scan, sidekick, softonic, software, svchost.exe, taskhost.exe, trojan.ransom.gen, usb 2.0, virus |