|
Log-Analyse und Auswertung: Trojaner Bundespolizei über Startseite der Telekom?Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
05.08.2012, 19:01 | #1 |
| Trojaner Bundespolizei über Startseite der Telekom? Meine Frau hat am 30.7. einen Bericht über den weissen Hautkrebs der T-Online Startseite gelesen. Danach war der Bildschirm mit dem Bundespolizeitrojaner blockiert. Ich habe den Rechner über den abgesicherten Modus etc. wieder zun Laufen bekommen. Aber mal eine grundsätzliche Frage: Wir hatten Microsoft security Essentail drauf und meine Frau sagt, sie habe keine email geöffent. Kann es sein, dass wir uns den Trojaner über die T-Online-Seite eingefangen haben? Ich habe jetzt Norten drauf und der meldet nichts mehr (ebenfalls die von dieser Seite empfohlenen Programme) |
06.08.2012, 03:04 | #2 |
/// Helfer-Team | Trojaner Bundespolizei über Startseite der Telekom?Klar ist es moeglich (auch wenn unwahrscheinlich) Die Luecke wird wohl noch da sein. 1. Schritt Bitte einen Vollscan mit Malwarebytes Anti-Malware machen und Log posten. 2. Schritt Systemscan mit OTL (bebilderte Anleitung)
__________________ |
07.08.2012, 21:19 | #3 |
| Trojaner Bundespolizei über Startseite der Telekom? Hier die MalwareAuswertung:
__________________Malwarebytes Anti-Malware (Test) 1.62.0.1300 www.malwarebytes.org Datenbank Version: v2012.08.07.06 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Admin :: ADMIN-VAIO [Administrator] Schutz: Deaktiviert 07.08.2012 19:45:42 mbam-log-2012-08-07 (19-45-42).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|E:\|F:\|G:\|L:\|O:\|Q:\|S:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 652547 Laufzeit: 2 Stunde(n), 20 Minute(n), 15 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Und hier die OTL Auswertung:OTL Logfile: Code:
ATTFilter OTL logfile created on: 07.08.2012 22:06:49 - Run 1 OTL by OldTimer - Version 3.2.56.0 Folder = C:\Users\Admin\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 7,98 Gb Total Physical Memory | 4,47 Gb Available Physical Memory | 56,03% Memory free 15,96 Gb Paging File | 12,36 Gb Available in Paging File | 77,42% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 293,05 Gb Total Space | 211,63 Gb Free Space | 72,22% Space Free | Partition Type: NTFS Drive D: | 824,35 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Drive E: | 27,54 Gb Total Space | 1,36 Gb Free Space | 4,94% Space Free | Partition Type: NTFS Drive F: | 73,24 Gb Total Space | 33,16 Gb Free Space | 45,28% Space Free | Partition Type: NTFS Drive G: | 14,65 Gb Total Space | 12,01 Gb Free Space | 81,98% Space Free | Partition Type: NTFS Drive L: | 73,24 Gb Total Space | 72,35 Gb Free Space | 98,78% Space Free | Partition Type: NTFS Drive O: | 6,63 Gb Total Space | 1,12 Gb Free Space | 16,82% Space Free | Partition Type: NTFS Drive S: | 90,13 Gb Total Space | 9,55 Gb Free Space | 10,59% Space Free | Partition Type: NTFS Computer Name: ADMIN-VAIO | User Name: Admin | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Admin\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_270_ActiveX.exe (Adobe Systems Incorporated) PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) PRC - C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\ccSvcHst.exe (Symantec Corporation) PRC - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe (Google Inc.) PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation) PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation) PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) PRC - C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe (Atheros) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) PRC - C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe (Sony Corporation) PRC - C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation) PRC - C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe (ArcSoft, Inc.) PRC - C:\Programme\Sony\VAIO Care\VCService.exe (Sony Corporation) PRC - C:\Programme\Sony\VAIO Care\listener.exe (Sony of America Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) PRC - C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation) PRC - C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe (Sony Corporation) PRC - C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo) PRC - C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.) PRC - C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe () PRC - S:\Program Files (x86)\TV Enhance\Kernel\TV\TVESched.exe () PRC - S:\Program Files (x86)\TV Enhance\Kernel\TV\TVECapSvc.exe () PRC - C:\Windows\SysWOW64\IoctlSvc.exe (Prolific Technology Inc.) ========== Modules (No Company Name) ========== MOD - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2iexp.dll () MOD - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2native.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\b1acb6d21dd13ae76f360354dc8f8de3\IAStorUtil.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\a501b7960f6c6e2e39162b83f3303aaa\System.Web.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\e2ed613308593613ac154671c7549c26\IAStorCommon.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll () MOD - C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll () MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll () MOD - C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe () ========== Win32 Services (SafeList) ========== SRV:64bit: - (UxTuneUp) -- C:\Windows\SysNative\uxtuneup.dll (TuneUp Software) SRV:64bit: - (SampleCollector) -- C:\Program Files\Sony\VAIO Care\VCPerfService.exe (Sony Corporation) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation) SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) SRV - (NIS) -- C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\ccSvcHst.exe (Symantec Corporation) SRV - (VUAgent) -- C:\Programme\Sony\VAIO Update Common\VUAgent.exe (Sony Corporation) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe (TuneUp Software) SRV - (UxTuneUp) -- C:\Windows\SysWOW64\uxtuneup.dll (TuneUp Software) SRV - (BBSvc) -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.) SRV - (BBUpdate) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation) SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation) SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) SRV - (VSNService) -- C:\Programme\Sony\VAIO Smart Network\VSNService.exe (Sony Corporation) SRV - (DCDhcpService) -- C:\Programme\Sony\VAIO Smart Network\WFDA\DCDhcpService.exe (Atheros Communication Inc.) SRV - (VcmIAlzMgr) -- C:\Programme\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe (Sony Corporation) SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) SRV - (Atheros Bt&Wlan Coex Agent) -- C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe (Atheros) SRV - (AtherosSvc) -- C:\Program Files (x86)\Bluetooth Suite\adminservice.exe (Atheros Commnucations) SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) SRV - (VAIO Event Service) -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation) SRV - (uCamMonitor) -- C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe (ArcSoft, Inc.) SRV - (SOHCImp) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe (Sony Corporation) SRV - (SOHDs) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe (Sony Corporation) SRV - (VcmXmlIfHelper) -- C:\Programme\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe (Sony Corporation) SRV - (VcmINSMgr) -- C:\Programme\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe (Sony Corporation) SRV - (VAIO Power Management) -- C:\Programme\Sony\VAIO Power Management\SPMService.exe (Sony Corporation) SRV - (VCService) -- C:\Programme\Sony\VAIO Care\VCService.exe (Sony Corporation) SRV - (SpfService) -- C:\Programme\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe (Sony Corporation) SRV - (VCFw) -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe (Sony Corporation) SRV - (IAStorDataMgrSvc) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) SRV - (PMBDeviceInfoProvider) -- C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe (Sony Corporation) SRV - (wlcrasvc) -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation) SRV - (IviRegMgr) -- C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (ACDaemon) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.) SRV - (PSI_SVC_2) -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.) SRV - (Roxio Upnp Server 10) -- C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe (Sonic Solutions) SRV - (Roxio UPnP Renderer 10) -- C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe (Sonic Solutions) SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (TVESched) -- S:\Program Files (x86)\TV Enhance\Kernel\TV\TVESched.exe () SRV - (TVECapSvc) -- S:\Program Files (x86)\TV Enhance\Kernel\TV\TVECapSvc.exe () SRV - (PLFlash DeviceIoControl Service) -- C:\Windows\SysWOW64\IoctlSvc.exe (Prolific Technology Inc.) ========== Driver Services (SafeList) ========== DRV:64bit: - (SymEvent) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS (Symantec Corporation) DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation) DRV:64bit: - (SymNetS) -- C:\Windows\SysNative\drivers\NISx64\1307010.005\symnets.sys (Symantec Corporation) DRV:64bit: - (SymIM) -- C:\Windows\SysNative\drivers\SymIMV.sys (Symantec Corporation) DRV:64bit: - (SymEFA) -- C:\Windows\SysNative\drivers\NISx64\1307010.005\symefa64.sys (Symantec Corporation) DRV:64bit: - (SymIRON) -- C:\Windows\SysNative\drivers\NISx64\1307010.005\ironx64.sys (Symantec Corporation) DRV:64bit: - (SRTSP) -- C:\Windows\SysNative\drivers\NISx64\1307010.005\srtsp64.sys (Symantec Corporation) DRV:64bit: - (SRTSPX) -- C:\Windows\SysNative\drivers\NISx64\1307010.005\srtspx64.sys (Symantec Corporation) DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (ccSet_NIS) -- C:\Windows\SysNative\drivers\NISx64\1307010.005\ccsetx64.sys (Symantec Corporation) DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation) DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation) DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation) DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation) DRV:64bit: - (SymDS) -- C:\Windows\SysNative\drivers\NISx64\1307010.005\symds64.sys (Symantec Corporation) DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.) DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (BtFilter) -- C:\Windows\SysNative\drivers\btfilter.sys (Atheros) DRV:64bit: - (BTATH_RCP) -- C:\Windows\SysNative\drivers\btath_rcp.sys (Atheros) DRV:64bit: - (BTATH_A2DP) -- C:\Windows\SysNative\drivers\btath_a2dp.sys (Atheros) DRV:64bit: - (BTATH_HCRP) -- C:\Windows\SysNative\drivers\btath_hcrp.sys (Atheros) DRV:64bit: - (btath_avdt) -- C:\Windows\SysNative\drivers\btath_avdt.sys (Atheros) DRV:64bit: - (BTATH_LWFLT) -- C:\Windows\SysNative\drivers\btath_lwflt.sys (Atheros) DRV:64bit: - (ATHDFU) -- C:\Windows\SysNative\drivers\AthDfu.sys (Windows (R) Win 7 DDK provider) DRV:64bit: - (AthBTPort) -- C:\Windows\SysNative\drivers\btath_flt.sys (Atheros) DRV:64bit: - (BTATH_BUS) -- C:\Windows\SysNative\drivers\btath_bus.sys (Atheros) DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek ) DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated) DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation) DRV:64bit: - (risdsnpe) -- C:\Windows\SysNative\drivers\risdsnxc64.sys (REDC) DRV:64bit: - (rimspci) -- C:\Windows\SysNative\drivers\rimssne64.sys (REDC) DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (Renesas Electronics Corporation) DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (Renesas Electronics Corporation) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation) DRV:64bit: - (ElbyCDIO) -- C:\Windows\SysNative\drivers\ElbyCDIO.sys (Elaborate Bytes AG) DRV:64bit: - (AnyDVD) -- C:\Windows\SysNative\drivers\AnyDVD.sys (SlySoft, Inc.) DRV:64bit: - (SFEP) -- C:\Windows\SysNative\drivers\SFEP.sys (Sony Corporation) DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions) DRV:64bit: - (hotcore3) -- C:\Windows\SysNative\drivers\hotcore3.sys (Paragon Software Group) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (e1yexpress) -- C:\Windows\SysNative\drivers\e1y60x64.sys (Intel Corporation) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (ArcSoftKsUFilter) -- C:\Windows\SysNative\drivers\ArcSoftKsUFilter.sys (ArcSoft, Inc.) DRV:64bit: - (camdrv42) -- C:\Windows\SysNative\drivers\camdrv42.sys () DRV:64bit: - (regi) -- C:\Windows\SysNative\drivers\regi.sys (InterVideo) DRV:64bit: - (6077757b) -- C:\Windows\SysNative\drivers\regi.sys (InterVideo) DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\Definitions\VirusDefs\20120807.002\ex64.sys (Symantec Corporation) DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\Definitions\VirusDefs\20120807.002\eng64.sys (Symantec Corporation) DRV - (EraserUtilRebootDrv) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation) DRV - (eeCtrl) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys (Symantec Corporation) DRV - (IDSVia64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\Definitions\IPSDefs\20120807.001\IDSviA64.sys (Symantec Corporation) DRV - (BHDrvx64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\Definitions\BASHDefs\20120803.001\BHDrvx64.sys (Symantec Corporation) DRV - (TuneUpUtilitiesDrv) -- C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesDriver64.sys (TuneUp Software) DRV - (AnyDVD) -- C:\Windows\SysWOW64\drivers\AnyDVD.sys (SlySoft, Inc.) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=SNYEDF&pc=MASE&src=IE-SearchBox IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2413}: "URL" = hxxp://www.searchqu.com/web?src=ieb&appid=0&systemid=413&sr=0&q={searchTerms} IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=SNYEDF&pc=MASE&src=IE-SearchBox IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2413}: "URL" = hxxp://www.searchqu.com/web?src=ieb&appid=0&systemid=413&sr=0&q={searchTerms} IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> IE - HKU\S-1-5-21-2315673442-75662965-3545331599-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.t-online.de/ IE - HKU\S-1-5-21-2315673442-75662965-3545331599-1000\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKU\S-1-5-21-2315673442-75662965-3545331599-1000\..\SearchScopes\{0D32BB32-FAC8-4FAB-9D91-D731E1E360ED}: "URL" = hxxp://de.shopping.com/?linkin_id=8056363 IE - HKU\S-1-5-21-2315673442-75662965-3545331599-1000\..\SearchScopes\{1C50681D-D0D1-4AE6-80B3-155EBE051CA0}: "URL" = hxxp://rover.ebay.com/rover/1/707-37276-16609-21/4?satitle={searchTerms} IE - HKU\S-1-5-21-2315673442-75662965-3545331599-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7RNRN_de IE - HKU\S-1-5-21-2315673442-75662965-3545331599-1000\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2413}: "URL" = hxxp://www.searchqu.com/web?src=ieb&appid=0&systemid=413&sr=0&q={searchTerms} IE - HKU\S-1-5-21-2315673442-75662965-3545331599-1000\..\SearchScopes\{A19FFAC4-9B04-4D82-8B5D-60FCE80BD614}: "URL" = hxxp://services.zinio.com/search?s={searchTerms}&rf=sonyslices IE - HKU\S-1-5-21-2315673442-75662965-3545331599-1000\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = hxxp://int.search-results.com/web?q={SEARCHTERMS}&o=15527&l=dis&prt=NIS&chn=retail&geo=DE&ver=19 IE - HKU\S-1-5-21-2315673442-75662965-3545331599-1000\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = hxxp://mystart.incredibar.com/mb119/?search={searchTerms}&loc=IB_DS&a=6R8n1RX6lb&i=26 IE - HKU\S-1-5-21-2315673442-75662965-3545331599-1000\..\SearchScopes\{E7D7061E-71BE-4A72-BD0D-C9685E35050B}: "URL" = hxxp://de.search.yahoo.com/search?p={searchterms}&ei=UTF-8&fr=w3i&type=W3i_DS,136,0_0,Search,20110833,17131,0,18,0 IE - HKU\S-1-5-21-2315673442-75662965-3545331599-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2315673442-75662965-3545331599-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "MyStart Search" FF - prefs.js..browser.search.order.1: "Searchqu Web Search" FF - prefs.js..browser.search.selectedEngine: "MyStart Search" FF - prefs.js..browser.startup.homepage: "www.t-online.de" FF - prefs.js..keyword.URL: "hxxp://mystart.incredibar.com/mb119/?loc=IB_DS&a=6R8n1RX6lb&&i=26&search=" FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_270.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_270.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.4.53: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.4.53: c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.4.53: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012.07.31 20:21:27 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012.07.31 20:21:27 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\IPSFFPlgn\ [2012.08.03 19:00:10 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\coFFPlgn\ [2012.08.07 19:26:22 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.07.18 20:27:23 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}: C:\Program Files (x86)\PriceGong\2.5.1\FF [2012.08.07 16:03:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin\AppData\Roaming\mozilla\Extensions [2012.05.26 09:54:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\5gg5j44k.default\extensions [2012.01.01 22:52:31 | 000,000,000 | ---D | M] (Searchqu Toolbar) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\5gg5j44k.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7} [2012.04.01 11:28:30 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\5gg5j44k.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2012.05.26 09:54:08 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\5gg5j44k.default\extensions\ich@maltegoetz.de [2012.03.16 22:17:40 | 000,000,000 | ---D | M] (TheBflix) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\5gg5j44k.default\extensions\info@bflix.info [2012.03.16 22:17:32 | 000,002,203 | ---- | M] () -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5gg5j44k.default\searchplugins\MyStart Search.xml [2012.01.01 22:52:28 | 000,002,520 | ---- | M] () -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5gg5j44k.default\searchplugins\SearchResults.xml [2012.08.07 16:03:45 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.07.31 20:41:31 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2012.07.31 20:21:27 | 000,000,000 | ---D | M] (QuickStores-Toolbar) -- C:\Program Files (x86)\mozilla firefox\extensions\quickstores@quickstores.de [2012.08.07 19:26:22 | 000,000,000 | ---D | M] (Norton Toolbar) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\COFFPLGN [2012.04.04 21:01:27 | 000,634,964 | ---- | M] () (No name found) -- C:\USERS\ADMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5GG5J44K.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI [2012.07.14 02:15:45 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.07.14 02:45:08 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.07.14 02:45:08 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.07.14 02:45:08 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.07.14 02:45:08 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.01.01 22:52:28 | 000,002,520 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\SearchResults.xml [2012.07.14 02:45:08 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.07.14 02:45:07 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - homepage: hxxp://www.searchqu.com/413 CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms} CHR - homepage: hxxp://www.searchqu.com/413 CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.60\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll CHR - plugin: Java Deployment Toolkit 6.0.220.4 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U22 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll CHR - plugin: RealNetworks(tm) RealPlayer Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL CHR - plugin: Chrome NaCl (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.60\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.60\pdf.dll CHR - plugin: Nero Kwik Media Helper (Enabled) = C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.67\npGoogleUpdate3.dll CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: Default Plug-in (Enabled) = default_plugin CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\ CHR - Extension: Norton Identity Protection = C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.4.6_0\ O1 HOSTS File: ([2012.08.06 14:40:49 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\coIEPlg.dll (Symantec Corporation) O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\IPS\IPSBHO.DLL (Symantec Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation) O2 - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations) O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation) O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\coIEPlg.dll (Symantec Corporation) O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found. O3:64bit: - HKU\S-1-5-21-2315673442-75662965-3545331599-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3 - HKU\S-1-5-21-2315673442-75662965-3545331599-1000\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\coIEPlg.dll (Symantec Corporation) O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) O4 - HKLM..\Run: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation) O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DSL-Manager.lnk = File not found O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DSL-Manager.lnk = File not found O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-2315673442-75662965-3545331599-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-2315673442-75662965-3545331599-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\S-1-5-21-2315673442-75662965-3545331599-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0 O8:64bit: - Extra context menu item: add to &BOM - S:\\PROGRA~2\\BIET-O~1\\\\AddToBOM.hta () O8:64bit: - Extra context menu item: Free YouTube to DVD Converter - C:\Users\Admin\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetodvdconverter.htm () O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Admin\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: add to &BOM - S:\\PROGRA~2\\BIET-O~1\\\\AddToBOM.hta () O8 - Extra context menu item: Free YouTube to DVD Converter - C:\Users\Admin\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetodvdconverter.htm () O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Admin\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O9 - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16:64bit: - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool) O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 10.5.1) O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 10.5.1) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B9AA7092-BF93-402F-B6CE-638B5C69334B}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2010.10.04 03:27:16 | 000,000,000 | ---D | M] - D:\autorun -- [ CDFS ] O32 - AutoRun File - [2010.09.20 09:59:24 | 000,000,062 | R--- | M] () - D:\autorun.inf -- [ CDFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.08.07 21:48:48 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\{90140011-0066-0407-0000-0000000FF1CE} [2012.08.07 21:48:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Virtualized Applications [2012.08.07 20:39:01 | 000,000,000 | R--D | C] -- C:\Users\Admin\Desktop\Rescue [2012.08.07 19:45:03 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.08.07 19:45:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.08.07 19:45:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012.08.07 19:28:22 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{ED8196B0-94B0-46F3-85C6-94655625411E} [2012.08.07 19:28:09 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{3FB67EF2-8D35-4346-8AB0-7BFE2F9D4CED} [2012.08.06 15:04:36 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2012.08.06 14:42:57 | 000,000,000 | ---D | C] -- C:\Windows\temp [2012.08.06 14:34:26 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2012.08.06 14:34:26 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2012.08.06 14:34:26 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2012.08.06 14:34:11 | 000,000,000 | ---D | C] -- C:\Qoobox [2012.08.06 14:34:02 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2012.08.05 19:41:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro [2012.08.05 12:42:48 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{70390762-85B3-48C1-84CB-81FF57694A9C} [2012.08.05 12:42:36 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{719C9AEB-AFD5-4C89-85EE-6DDBB9514B5A} [2012.08.05 12:29:20 | 000,000,000 | ---D | C] -- C:\ProgramData\GFI Software [2012.08.05 11:05:45 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2012.08.05 11:00:16 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{1F44C43A-96C0-43E5-8AA3-10B2856B0E68} [2012.08.05 11:00:05 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{C415DF1A-6A3B-45EE-91C6-03CB400789E5} [2012.08.04 22:58:32 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\NPE [2012.08.04 20:31:21 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{AFBBEBF8-EB72-4D55-A3E8-1286056D868B} [2012.08.04 20:31:10 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{627E7519-17EC-45FF-A50C-2E789041E0C8} [2012.08.04 20:12:58 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Malwarebytes [2012.08.04 20:12:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.08.04 19:37:17 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{12D70706-9940-4539-AA20-8D186550A0C6} [2012.08.04 19:37:04 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{432E229A-DF5C-43FF-B70A-7887363CBB60} [2012.08.03 20:25:48 | 000,043,640 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SymIMV.sys [2012.08.03 19:51:00 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{BEBD45D4-EA85-483A-A5D7-5B151AF21D06} [2012.08.03 19:50:43 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{AD6C75C4-0829-479A-A300-8D0C92EF1D3C} [2012.08.03 19:09:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Symantec Shared [2012.08.03 19:01:52 | 001,092,728 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1307010.005\symefa64.sys [2012.08.03 19:01:52 | 000,737,912 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1307010.005\srtsp64.sys [2012.08.03 19:01:52 | 000,451,192 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1307010.005\symds64.sys [2012.08.03 19:01:52 | 000,405,624 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1307010.005\symnets.sys [2012.08.03 19:01:52 | 000,190,072 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1307010.005\ironx64.sys [2012.08.03 19:01:52 | 000,167,048 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1307010.005\ccsetx64.sys [2012.08.03 19:01:52 | 000,037,496 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1307010.005\srtspx64.sys [2012.08.03 19:01:47 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NISx64\1307010.005 [2012.08.03 19:00:04 | 000,175,736 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS [2012.08.03 19:00:04 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared [2012.08.03 19:00:04 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec [2012.08.03 18:59:35 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NISx64 [2012.08.03 18:59:32 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Internet Security [2012.08.03 18:59:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Norton Internet Security [2012.08.03 18:59:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton [2012.08.03 18:57:44 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller [2012.08.03 18:57:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NortonInstaller [2012.08.02 22:20:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2012.08.02 22:20:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Oracle [2012.08.02 22:20:02 | 000,227,760 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe [2012.08.02 21:56:31 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{5C85A346-4F39-40B4-A16F-FA5F6CAB2C29} [2012.08.02 21:56:17 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{974AB646-1B75-4BD7-AC7B-F45854D1A464} [2012.08.02 21:54:21 | 000,000,000 | R--D | C] -- C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices [2012.08.01 16:18:02 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{DDB80A22-A82D-407C-B334-17A564A1183F} [2012.08.01 16:17:49 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{56C57F48-C67B-4BE4-AAE4-F37FE0990158} [2012.08.01 12:20:16 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{F28A4995-A961-4880-A660-173FBBC5402C} [2012.08.01 12:20:03 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{1249E4E9-65E7-49D7-9C10-72797FE277B1} [2012.08.01 11:15:13 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{36C1A40A-E2AB-4CE2-80AD-01E6B025F7D1} [2012.07.31 23:59:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SkyDrive [2012.07.31 23:59:17 | 000,000,000 | R--D | C] -- C:\Users\Admin\SkyDrive [2012.07.31 23:59:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft SkyDrive [2012.07.31 20:54:18 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\Downloaded Installations [2012.07.31 20:53:43 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Ad-Aware Antivirus [2012.07.31 20:41:30 | 000,772,544 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\npdeployJava1.dll [2012.07.31 20:41:30 | 000,174,064 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe [2012.07.31 20:41:30 | 000,174,064 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe [2012.07.31 20:39:27 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{F0332064-6371-453E-839A-82704B43AD76} [2012.07.31 20:39:16 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{BC30AF47-8EBF-4B3E-ADDE-83627074BEC8} [2012.07.31 20:08:12 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\MpEngineStore [2012.07.31 19:10:28 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP [2012.07.31 19:09:38 | 000,000,000 | ---D | C] -- C:\Users\Admin\Documents\Simply Super Software [2012.07.31 19:09:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trojan Remover [2012.07.31 19:09:31 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Simply Super Software [2012.07.31 19:09:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Simply Super Software [2012.07.31 18:32:13 | 000,000,000 | ---D | C] -- C:\Config.Msi [2012.07.31 18:24:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Unlocker [2012.07.31 17:36:15 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{01CBCD7B-2E02-4656-B98D-04443BDF9D1F} [2012.07.31 17:36:03 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{77C36703-90FE-47AF-8725-85F22323607B} [2012.07.31 17:35:12 | 000,000,000 | ---D | C] -- C:\ProgramData\kgnmfdbppprcnfq [2012.07.30 16:22:05 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{3FB48E93-6E3F-49C5-873D-11A631089842} [2012.07.30 16:21:52 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{F56E156A-BCA9-496E-9AF0-80B41692727D} [2012.07.29 20:31:14 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{7630988E-A76E-404B-98A2-56C5770E642C} [2012.07.29 20:31:01 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{0D253B24-5745-463E-8DA9-ABF27C6C070C} [2012.07.29 14:19:17 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{362FC6CD-77B7-4AA3-9F4F-655C9B14C948} [2012.07.27 21:05:22 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{4BAF36B0-77E7-4024-9D0F-2842C12D7DF8} [2012.07.27 21:05:09 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{526AAE2F-941A-4107-9D78-F908C7C01F68} [2012.07.19 19:00:20 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{5B95B3B3-4B03-4E61-9F61-C457C1D98079} [2012.07.19 19:00:06 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{762D168E-9B0C-45A8-A2A8-EC4C15CE843F} [2012.07.18 20:29:56 | 000,000,000 | ---D | C] -- C:\SPLASH.SYS [2012.07.18 20:27:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service [2012.07.18 20:27:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla [2012.07.18 12:29:19 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\The Creative Assembly [2012.07.18 09:30:27 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{4892FB17-C77C-4C99-830A-391D9284240B} [2012.07.18 09:30:16 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{E0921C32-B0DA-4A4B-9D0B-82DABD564FD1} [2012.07.16 20:05:13 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{00F2B1AE-CCBA-435D-A42D-142AAC8A268C} [2012.07.16 20:04:59 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{41FA7EC8-1BE1-4EA5-AE41-A12DBEFE3C93} [2012.07.14 11:16:10 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{A435EDB1-7A93-492D-86F3-290E0401F331} [2012.07.14 11:15:57 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{BC2FABAF-2A55-4E13-B815-4DD52D53207F} [2012.07.13 20:46:05 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{A0E6F7B3-D99C-4C68-A664-0088E00A2150} [2012.07.13 19:41:57 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{8C0F6B43-CCD3-48A4-BFFB-C57496F1F22E} [2012.07.13 19:41:43 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{4F4339A7-06AC-43DA-8441-3A8005A152B1} [2012.07.12 22:15:19 | 000,000,000 | ---D | C] -- C:\ProgramData\T-Online [2012.07.12 22:15:07 | 000,041,024 | ---- | C] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\Windows\SysNative\drivers\DslTestSp5a64.sys [2012.07.12 22:14:46 | 000,019,008 | ---- | C] (T-Systems Enterprise Services GmbH) -- C:\Windows\SysNative\drivers\dslmnlwf.sys [2012.07.12 22:05:00 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{DD74F8E3-1A8C-493E-A5C7-CA9402208E33} [2012.07.12 22:04:48 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{BF88ADAA-ACCB-46ED-AB65-2CF49C4FDC4E} [2012.07.11 11:37:05 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{F0B6C152-30C1-4B93-93A2-85615BF08611} [2012.07.11 11:36:52 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{AED18F1B-70D7-4EF1-838D-B818AAF7CC5E} [2012.07.10 22:08:51 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{1AC76FFA-047F-49A0-A068-E20BAAC825D2} [2012.07.10 22:08:40 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{0C08877F-6122-415B-BDEC-AF565A374B47} [2012.07.10 21:59:29 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2012.07.10 21:59:29 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2012.07.10 21:59:28 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2012.07.10 21:59:28 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2012.07.10 21:59:27 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2012.07.10 21:59:27 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2012.07.10 21:59:26 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2012.07.10 21:59:26 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2012.07.10 21:59:25 | 002,311,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2012.07.10 21:59:25 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2012.07.10 21:59:25 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2012.07.10 21:59:25 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2012.07.10 21:59:25 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2012.07.10 21:58:15 | 001,133,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdosys.dll [2012.07.10 21:58:15 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cdosys.dll [2012.07.10 21:58:12 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll [2012.07.10 21:58:10 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3r.dll [2012.07.10 21:58:10 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msxml3r.dll [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [2 C:\Users\Admin\*.tmp files -> C:\Users\Admin\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.08.07 21:57:13 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.08.07 21:22:28 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.08.07 19:33:19 | 000,020,720 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.08.07 19:33:19 | 000,020,720 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.08.07 19:26:03 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.08.07 19:25:45 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.08.07 19:25:40 | 2132,713,471 | -HS- | M] () -- C:\hiberfil.sys [2012.08.06 14:40:49 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2012.08.06 14:33:57 | 001,614,892 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.08.06 14:33:57 | 000,697,534 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.08.06 14:33:57 | 000,652,812 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.08.06 14:33:57 | 000,148,540 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.08.06 14:33:57 | 000,121,486 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.08.05 10:41:25 | 000,688,850 | ---- | M] () -- C:\test.xml [2012.08.03 20:25:46 | 001,697,677 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1307010.005\Cat.DB [2012.08.03 19:21:24 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2012.08.03 19:21:24 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2012.08.03 19:02:01 | 000,008,942 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1307010.005\VT20120410.034 [2012.08.03 19:00:04 | 000,175,736 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS [2012.08.03 19:00:04 | 000,007,488 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT [2012.08.03 19:00:04 | 000,000,855 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF [2012.08.03 18:58:53 | 000,001,912 | ---- | M] () -- C:\Windows\epplauncher.mif [2012.08.02 22:19:48 | 000,174,064 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe [2012.08.02 22:19:48 | 000,174,064 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe [2012.07.18 20:30:15 | 000,000,074 | -H-- | M] () -- C:\splash.idx [2012.07.15 11:44:05 | 000,000,952 | -HS- | M] () -- C:\ProgramData\KGyGaAvL.sys [2012.07.10 22:05:54 | 000,339,688 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [2 C:\Users\Admin\*.tmp files -> C:\Users\Admin\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.08.07 19:45:04 | 000,001,117 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.08.06 14:34:26 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2012.08.06 14:34:26 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2012.08.06 14:34:26 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2012.08.06 14:34:26 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2012.08.06 14:34:26 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2012.08.03 19:03:12 | 001,697,677 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1307010.005\Cat.DB [2012.08.03 19:02:33 | 000,008,942 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1307010.005\VT20120410.034 [2012.08.03 19:01:52 | 000,007,496 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1307010.005\symds64.cat [2012.08.03 19:01:52 | 000,007,468 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1307010.005\ccsetx64.cat [2012.08.03 19:01:52 | 000,007,462 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1307010.005\srtspx64.cat [2012.08.03 19:01:52 | 000,007,460 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1307010.005\symefa64.cat [2012.08.03 19:01:52 | 000,007,458 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1307010.005\symnet64.cat [2012.08.03 19:01:52 | 000,007,458 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1307010.005\srtsp64.cat [2012.08.03 19:01:52 | 000,007,450 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1307010.005\iron.cat [2012.08.03 19:01:52 | 000,003,434 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1307010.005\symefa.inf [2012.08.03 19:01:52 | 000,002,852 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1307010.005\symds.inf [2012.08.03 19:01:52 | 000,001,441 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1307010.005\symnet.inf [2012.08.03 19:01:52 | 000,001,437 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1307010.005\srtsp64.inf [2012.08.03 19:01:52 | 000,001,419 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1307010.005\srtspx64.inf [2012.08.03 19:01:52 | 000,000,853 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1307010.005\ccsetx64.inf [2012.08.03 19:01:52 | 000,000,772 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1307010.005\iron.inf [2012.08.03 19:01:47 | 000,000,172 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1307010.005\isolate.ini [2012.08.03 19:00:04 | 000,007,488 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT [2012.08.03 19:00:04 | 000,000,855 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF [2012.07.07 10:42:38 | 000,000,017 | ---- | C] () -- C:\Users\Admin\AppData\Local\resmon.resmoncfg [2012.05.15 02:21:50 | 000,423,744 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe [2012.03.26 21:14:22 | 088,037,102 | ---- | C] () -- C:\Users\Admin\Fotobuch_NEU.cpr [2012.02.15 21:26:10 | 000,018,751 | ---- | C] () -- C:\Users\Admin\ESt2011_Bohlender_Oliver_und_Katrin.elfo [2012.01.11 17:10:56 | 000,002,048 | -HS- | C] () -- C:\Users\Admin\AppData\Local\{df2b8479-42c0-3a35-8d9f-5097004778d7}\@ [2011.11.18 21:36:48 | 000,095,929 | ---- | C] () -- C:\Users\Admin\ESt2010_Löwer_Manfred.elfo [2011.11.17 21:25:34 | 000,006,656 | ---- | C] () -- C:\Users\Admin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.11.07 19:36:44 | 000,000,040 | -HS- | C] () -- C:\ProgramData\.zreglib [2011.11.03 21:21:04 | 000,000,000 | ---- | C] () -- C:\Users\Admin\AppData\Roaming\FileOut.cns [2011.11.03 21:21:04 | 000,000,000 | ---- | C] () -- C:\Users\Admin\AppData\Roaming\FileIn.cns [2011.09.03 14:55:47 | 000,015,873 | ---- | C] () -- C:\Windows\SysWow64\Inetde.dll [2011.08.22 21:54:05 | 000,000,128 | ---- | C] () -- C:\Users\Admin\AppData\Roaming\Default.PLS [2011.08.22 21:52:55 | 000,000,917 | ---- | C] () -- C:\Windows\SysWow64\CLWatson.ini [2011.08.22 21:37:10 | 000,001,024 | ---- | C] () -- C:\Users\Admin\.rnd [2011.08.20 23:14:36 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini [2011.08.13 00:25:57 | 000,000,952 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys [2011.05.02 10:10:35 | 000,341,504 | ---- | C] () -- C:\Windows\SysWow64\SonyVideoProcessor.dll [2011.03.08 02:53:48 | 000,066,856 | ---- | C] () -- C:\Windows\SysWow64\SynTPEnhPS.dll [2011.02.11 01:03:27 | 001,644,062 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI ========== LOP Check ========== [2012.07.31 22:47:01 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Ad-Aware Antivirus [2012.01.18 21:47:23 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Amazon [2011.09.04 20:08:03 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Auslogics [2012.07.31 20:21:32 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\BOM [2011.12.21 15:39:11 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Broad Intelligence [2011.10.11 21:18:17 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Buhl Data Service [2011.11.17 20:00:45 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Buhl Data Service GmbH [2012.02.02 23:19:12 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Canneverbe Limited [2011.10.11 21:19:46 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\DataDesign [2012.04.08 21:55:12 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\DVDVideoSoft [2012.04.08 21:55:07 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\DVDVideoSoftIEHelpers [2011.11.16 20:40:16 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\elsterformular [2012.01.01 22:55:58 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\FreeFLVConverter [2012.07.31 20:21:32 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\IrfanView [2012.03.02 21:50:02 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Petroglyph [2012.07.16 21:16:28 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Quest3D [2012.07.31 19:09:31 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Simply Super Software [2012.08.07 21:50:03 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\SoftGrid Client [2011.08.17 21:44:33 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Stellarium [2012.07.18 12:29:19 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\The Creative Assembly [2011.08.14 21:24:55 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\TP [2011.08.13 00:56:37 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\TuneUp Software [2011.08.18 23:08:18 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Windows Live Writer [2012.08.07 21:48:48 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\{90140011-0066-0407-0000-0000000FF1CE} [2012.07.31 22:23:41 | 000,000,000 | ---D | M] -- C:\Users\Katrin Bohlender\AppData\Roaming\Ad-Aware Antivirus [2012.08.05 09:21:54 | 000,000,000 | ---D | M] -- C:\Users\Katrin Bohlender\AppData\Roaming\TuneUp Software [2012.07.31 20:23:07 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 888 bytes -> C:\Users\Admin\Documents\Liebe Grüße von den drei Bohlenders.eml:OECustomProperty @Alternate Data Stream - 769 bytes -> C:\Users\Admin\Documents\Order Process.eml:OECustomProperty @Alternate Data Stream - 150 bytes -> C:\ProgramData\TEMP:CB0AACC9 < End of report > |
07.08.2012, 23:37 | #4 |
/// Helfer-Team | Trojaner Bundespolizei über Startseite der Telekom? Warum wurde Combofix auf diesem Rechner ausgefuehrt? Fixen mit OTL Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).
Code:
ATTFilter :OTL IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=SNYEDF&pc=MASE&src=IE-SearchBox IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2413}: "URL" = http://www.searchqu.com/web?src=ieb&appid=0&systemid=413&sr=0&q={searchTerms} IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=SNYEDF&pc=MASE&src=IE-SearchBox IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2413}: "URL" = http://www.searchqu.com/web?src=ieb&appid=0&systemid=413&sr=0&q={searchTerms} IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = IE - HKU\S-1-5-21-2315673442-75662965-3545331599-1000\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKU\S-1-5-21-2315673442-75662965-3545331599-1000\..\SearchScopes\{0D32BB32-FAC8-4FAB-9D91-D731E1E360ED}: "URL" = http://de.shopping.com/?linkin_id=8056363 IE - HKU\S-1-5-21-2315673442-75662965-3545331599-1000\..\SearchScopes\{1C50681D-D0D1-4AE6-80B3-155EBE051CA0}: "URL" = http://rover.ebay.com/rover/1/707-37276-16609-21/4?satitle={searchTerms} IE - HKU\S-1-5-21-2315673442-75662965-3545331599-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7RNRN_de IE - HKU\S-1-5-21-2315673442-75662965-3545331599-1000\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2413}: "URL" = http://www.searchqu.com/web?src=ieb&appid=0&systemid=413&sr=0&q={searchTerms} IE - HKU\S-1-5-21-2315673442-75662965-3545331599-1000\..\SearchScopes\{A19FFAC4-9B04-4D82-8B5D-60FCE80BD614}: "URL" = http://services.zinio.com/search?s={searchTerms}&rf=sonyslices IE - HKU\S-1-5-21-2315673442-75662965-3545331599-1000\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://int.search-results.com/web?q={SEARCHTERMS}&o=15527&l=dis&prt=NIS&chn=retail&geo=DE&ver=19 IE - HKU\S-1-5-21-2315673442-75662965-3545331599-1000\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = http://mystart.incredibar.com/mb119/?search={searchTerms}&loc=IB_DS&a=6R8n1RX6lb&i=26 IE - HKU\S-1-5-21-2315673442-75662965-3545331599-1000\..\SearchScopes\{E7D7061E-71BE-4A72-BD0D-C9685E35050B}: "URL" = http://de.search.yahoo.com/search?p={searchterms}&ei=UTF-8&fr=w3i&type=W3i_DS,136,0_0,Search,20110833,17131,0,18,0 IE - HKU\S-1-5-21-2315673442-75662965-3545331599-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2315673442-75662965-3545331599-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = FF - prefs.js..browser.search.defaultenginename: "MyStart Search" FF - prefs.js..browser.search.order.1: "Searchqu Web Search" FF - prefs.js..browser.search.selectedEngine: "MyStart Search" FF - prefs.js..browser.startup.homepage: "www.t-online.de" FF - prefs.js..keyword.URL: "http://mystart.incredibar.com/mb119/?loc=IB_DS&a=6R8n1RX6lb&&i=26&search=" FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_270.dll File not found FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012.07.31 20:21:27 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012.07.31 20:21:27 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\IPSFFPlgn\ [2012.08.03 19:00:10 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\coFFPlgn\ [2012.08.07 19:26:22 | 000,000,000 | ---D | M] [2012.08.07 19:26:22 | 000,000,000 | ---D | M] (Norton Toolbar) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\COFFPLGN CHR - homepage: http://www.searchqu.com/413 O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\coIEPlg.dll (Symantec Corporation) O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found. O3 - HKU\S-1-5-21-2315673442-75662965-3545331599-1000\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\coIEPlg.dll (Symantec Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKU\S-1-5-21-2315673442-75662965-3545331599-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16:64bit: - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 10.5.1) O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 10.5.1) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2010.09.20 09:59:24 | 000,000,062 | R--- | M] () - D:\autorun.inf -- [ CDFS ] [2012.07.31 19:10:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Temp [2012.07.31 17:35:12 | 000,000,000 | ---D | C] -- C:\ProgramData\kgnmfdbppprcnfq @Alternate Data Stream - 888 bytes -> C:\Users\Admin\Documents\Liebe Grüße von den drei Bohlenders.eml:OECustomProperty @Alternate Data Stream - 769 bytes -> C:\Users\Admin\Documents\Order Process.eml:OECustomProperty @Alternate Data Stream - 150 bytes -> C:\ProgramData\Temp:CB0AACC9 [2012.01.01 22:52:31 | 000,000,000 | ---D | M] (Searchqu Toolbar) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\5gg5j44k.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7} [2012.03.16 22:17:40 | 000,000,000 | ---D | M] (TheBflix) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\5gg5j44k.default\extensions\info@bflix.info [2012.07.14 02:45:08 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.07.14 02:45:08 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.07.14 02:45:08 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.07.14 02:45:08 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.07.14 02:45:08 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.07.14 02:45:07 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml [2012.08.07 21:48:48 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\{90140011-0066-0407-0000-0000000FF1CE} [2012.08.06 14:34:11 | 000,000,000 | ---D | C] -- C:\Qoobox [2012.08.07 21:57:13 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.08.07 21:22:28 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.01.11 17:10:56 | 000,002,048 | -HS- | C] () -- C:\Users\Admin\AppData\Local\{df2b8479-42c0-3a35-8d9f-5097004778d7}\@ :Files ipconfig /flushdns /c :Commands [purity] [emptytemp] [emptyflash]
Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden. Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen! |
08.08.2012, 07:30 | #5 |
| Trojaner Bundespolizei über Startseite der Telekom? Combofix hat der Computerspezialist von nebenan (Fa. PC Profi) ausgeführt. Dort hatte ich den Rechner, damit die ebenfalls mal drüber schauen sollten. Die hatten nichts gefunden. Die OTL auf dem Desktop eine eingeschaltetes Norten:OTL Logfile: Code:
ATTFilter OTL logfile created on: 08.08.2012 08:45:02 - Run 2 OTL by OldTimer - Version 3.2.56.0 Folder = C:\Users\Admin\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 7,98 Gb Total Physical Memory | 6,08 Gb Available Physical Memory | 76,14% Memory free 15,96 Gb Paging File | 13,94 Gb Available in Paging File | 87,34% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 293,05 Gb Total Space | 211,55 Gb Free Space | 72,19% Space Free | Partition Type: NTFS Drive D: | 824,35 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Drive E: | 27,54 Gb Total Space | 1,36 Gb Free Space | 4,94% Space Free | Partition Type: NTFS Drive F: | 73,24 Gb Total Space | 33,16 Gb Free Space | 45,28% Space Free | Partition Type: NTFS Drive G: | 14,65 Gb Total Space | 12,01 Gb Free Space | 81,98% Space Free | Partition Type: NTFS Drive L: | 73,24 Gb Total Space | 72,35 Gb Free Space | 98,78% Space Free | Partition Type: NTFS Drive O: | 6,63 Gb Total Space | 1,12 Gb Free Space | 16,82% Space Free | Partition Type: NTFS Drive S: | 90,13 Gb Total Space | 9,55 Gb Free Space | 10,59% Space Free | Partition Type: NTFS Computer Name: ADMIN-VAIO | User Name: Admin | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Admin\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_270_ActiveX.exe (Adobe Systems Incorporated) PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) PRC - C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\ccSvcHst.exe (Symantec Corporation) PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation) PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation) PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) PRC - C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe (Atheros) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) PRC - C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe (Sony Corporation) PRC - C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation) PRC - C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe (ArcSoft, Inc.) PRC - C:\Programme\Sony\VAIO Care\VCService.exe (Sony Corporation) PRC - C:\Programme\Sony\VAIO Care\listener.exe (Sony of America Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) PRC - C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation) PRC - C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe (Sony Corporation) PRC - C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo) PRC - C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.) PRC - S:\Program Files (x86)\TV Enhance\Kernel\TV\TVESched.exe () PRC - S:\Program Files (x86)\TV Enhance\Kernel\TV\TVECapSvc.exe () PRC - C:\Windows\SysWOW64\IoctlSvc.exe (Prolific Technology Inc.) ========== Modules (No Company Name) ========== MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\b1acb6d21dd13ae76f360354dc8f8de3\IAStorUtil.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\e2ed613308593613ac154671c7549c26\IAStorCommon.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll () MOD - C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll () MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll () ========== Win32 Services (SafeList) ========== SRV:64bit: - (UxTuneUp) -- C:\Windows\SysNative\uxtuneup.dll (TuneUp Software) SRV:64bit: - (SampleCollector) -- C:\Program Files\Sony\VAIO Care\VCPerfService.exe (Sony Corporation) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation) SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) SRV - (NIS) -- C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\ccSvcHst.exe (Symantec Corporation) SRV - (VUAgent) -- C:\Programme\Sony\VAIO Update Common\VUAgent.exe (Sony Corporation) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe (TuneUp Software) SRV - (UxTuneUp) -- C:\Windows\SysWOW64\uxtuneup.dll (TuneUp Software) SRV - (BBSvc) -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.) SRV - (BBUpdate) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation) SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation) SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) SRV - (VSNService) -- C:\Programme\Sony\VAIO Smart Network\VSNService.exe (Sony Corporation) SRV - (DCDhcpService) -- C:\Programme\Sony\VAIO Smart Network\WFDA\DCDhcpService.exe (Atheros Communication Inc.) SRV - (VcmIAlzMgr) -- C:\Programme\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe (Sony Corporation) SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) SRV - (Atheros Bt&Wlan Coex Agent) -- C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe (Atheros) SRV - (AtherosSvc) -- C:\Program Files (x86)\Bluetooth Suite\adminservice.exe (Atheros Commnucations) SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) SRV - (VAIO Event Service) -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation) SRV - (uCamMonitor) -- C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe (ArcSoft, Inc.) SRV - (SOHCImp) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe (Sony Corporation) SRV - (SOHDs) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe (Sony Corporation) SRV - (VcmXmlIfHelper) -- C:\Programme\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe (Sony Corporation) SRV - (VcmINSMgr) -- C:\Programme\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe (Sony Corporation) SRV - (VAIO Power Management) -- C:\Programme\Sony\VAIO Power Management\SPMService.exe (Sony Corporation) SRV - (VCService) -- C:\Programme\Sony\VAIO Care\VCService.exe (Sony Corporation) SRV - (SpfService) -- C:\Programme\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe (Sony Corporation) SRV - (VCFw) -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe (Sony Corporation) SRV - (IAStorDataMgrSvc) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) SRV - (PMBDeviceInfoProvider) -- C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe (Sony Corporation) SRV - (wlcrasvc) -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation) SRV - (IviRegMgr) -- C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (ACDaemon) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.) SRV - (PSI_SVC_2) -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.) SRV - (Roxio Upnp Server 10) -- C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe (Sonic Solutions) SRV - (Roxio UPnP Renderer 10) -- C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe (Sonic Solutions) SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (TVESched) -- S:\Program Files (x86)\TV Enhance\Kernel\TV\TVESched.exe () SRV - (TVECapSvc) -- S:\Program Files (x86)\TV Enhance\Kernel\TV\TVECapSvc.exe () SRV - (PLFlash DeviceIoControl Service) -- C:\Windows\SysWOW64\IoctlSvc.exe (Prolific Technology Inc.) ========== Driver Services (SafeList) ========== DRV:64bit: - (SymEvent) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS (Symantec Corporation) DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation) DRV:64bit: - (SymNetS) -- C:\Windows\SysNative\drivers\NISx64\1307010.005\symnets.sys (Symantec Corporation) DRV:64bit: - (SymIM) -- C:\Windows\SysNative\drivers\SymIMV.sys (Symantec Corporation) DRV:64bit: - (SymEFA) -- C:\Windows\SysNative\drivers\NISx64\1307010.005\symefa64.sys (Symantec Corporation) DRV:64bit: - (SymIRON) -- C:\Windows\SysNative\drivers\NISx64\1307010.005\ironx64.sys (Symantec Corporation) DRV:64bit: - (SRTSP) -- C:\Windows\SysNative\drivers\NISx64\1307010.005\srtsp64.sys (Symantec Corporation) DRV:64bit: - (SRTSPX) -- C:\Windows\SysNative\drivers\NISx64\1307010.005\srtspx64.sys (Symantec Corporation) DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (ccSet_NIS) -- C:\Windows\SysNative\drivers\NISx64\1307010.005\ccsetx64.sys (Symantec Corporation) DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation) DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation) DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation) DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation) DRV:64bit: - (SymDS) -- C:\Windows\SysNative\drivers\NISx64\1307010.005\symds64.sys (Symantec Corporation) DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.) DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (BtFilter) -- C:\Windows\SysNative\drivers\btfilter.sys (Atheros) DRV:64bit: - (BTATH_RCP) -- C:\Windows\SysNative\drivers\btath_rcp.sys (Atheros) DRV:64bit: - (BTATH_A2DP) -- C:\Windows\SysNative\drivers\btath_a2dp.sys (Atheros) DRV:64bit: - (BTATH_HCRP) -- C:\Windows\SysNative\drivers\btath_hcrp.sys (Atheros) DRV:64bit: - (btath_avdt) -- C:\Windows\SysNative\drivers\btath_avdt.sys (Atheros) DRV:64bit: - (BTATH_LWFLT) -- C:\Windows\SysNative\drivers\btath_lwflt.sys (Atheros) DRV:64bit: - (ATHDFU) -- C:\Windows\SysNative\drivers\AthDfu.sys (Windows (R) Win 7 DDK provider) DRV:64bit: - (AthBTPort) -- C:\Windows\SysNative\drivers\btath_flt.sys (Atheros) DRV:64bit: - (BTATH_BUS) -- C:\Windows\SysNative\drivers\btath_bus.sys (Atheros) DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek ) DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated) DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation) DRV:64bit: - (risdsnpe) -- C:\Windows\SysNative\drivers\risdsnxc64.sys (REDC) DRV:64bit: - (rimspci) -- C:\Windows\SysNative\drivers\rimssne64.sys (REDC) DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (Renesas Electronics Corporation) DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (Renesas Electronics Corporation) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation) DRV:64bit: - (ElbyCDIO) -- C:\Windows\SysNative\drivers\ElbyCDIO.sys (Elaborate Bytes AG) DRV:64bit: - (AnyDVD) -- C:\Windows\SysNative\drivers\AnyDVD.sys (SlySoft, Inc.) DRV:64bit: - (SFEP) -- C:\Windows\SysNative\drivers\SFEP.sys (Sony Corporation) DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions) DRV:64bit: - (hotcore3) -- C:\Windows\SysNative\drivers\hotcore3.sys (Paragon Software Group) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (e1yexpress) -- C:\Windows\SysNative\drivers\e1y60x64.sys (Intel Corporation) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (ArcSoftKsUFilter) -- C:\Windows\SysNative\drivers\ArcSoftKsUFilter.sys (ArcSoft, Inc.) DRV:64bit: - (camdrv42) -- C:\Windows\SysNative\drivers\camdrv42.sys () DRV:64bit: - (regi) -- C:\Windows\SysNative\drivers\regi.sys (InterVideo) DRV:64bit: - (6077757b) -- C:\Windows\SysNative\drivers\regi.sys (InterVideo) DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\Definitions\VirusDefs\20120807.018\ex64.sys (Symantec Corporation) DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\Definitions\VirusDefs\20120807.018\eng64.sys (Symantec Corporation) DRV - (eeCtrl) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys (Symantec Corporation) DRV - (EraserUtilRebootDrv) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation) DRV - (IDSVia64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\Definitions\IPSDefs\20120807.001\IDSviA64.sys (Symantec Corporation) DRV - (BHDrvx64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\Definitions\BASHDefs\20120803.001\BHDrvx64.sys (Symantec Corporation) DRV - (TuneUpUtilitiesDrv) -- C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesDriver64.sys (TuneUp Software) DRV - (AnyDVD) -- C:\Windows\SysWOW64\drivers\AnyDVD.sys (SlySoft, Inc.) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=SNYEDF&pc=MASE&src=IE-SearchBox IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2413}: "URL" = hxxp://www.searchqu.com/web?src=ieb&appid=0&systemid=413&sr=0&q={searchTerms} IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=SNYEDF&pc=MASE&src=IE-SearchBox IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2413}: "URL" = hxxp://www.searchqu.com/web?src=ieb&appid=0&systemid=413&sr=0&q={searchTerms} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Nachrichten - Service - Shopping bei t-online.de IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKCU\..\SearchScopes\{0D32BB32-FAC8-4FAB-9D91-D731E1E360ED}: "URL" = Shopping.com Deutschland - der große Produkt- und Preisvergleich IE - HKCU\..\SearchScopes\{1C50681D-D0D1-4AE6-80B3-155EBE051CA0}: "URL" = hxxp://rover.ebay.com/rover/1/707-37276-16609-21/4?satitle={searchTerms} IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7RNRN_deDE444 IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2413}: "URL" = hxxp://www.searchqu.com/web?src=ieb&appid=0&systemid=413&sr=0&q={searchTerms} IE - HKCU\..\SearchScopes\{A19FFAC4-9B04-4D82-8B5D-60FCE80BD614}: "URL" = hxxp://services.zinio.com/search?s={searchTerms}&rf=sonyslices IE - HKCU\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = hxxp://int.search-results.com/web?q={SEARCHTERMS}&o=15527&l=dis&prt=NIS&chn=retail&geo=DE&ver=19 IE - HKCU\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = hxxp://mystart.incredibar.com/mb119/?search={searchTerms}&loc=IB_DS&a=6R8n1RX6lb&i=26 IE - HKCU\..\SearchScopes\{E7D7061E-71BE-4A72-BD0D-C9685E35050B}: "URL" = hxxp://de.search.yahoo.com/search?p={searchterms}&ei=UTF-8&fr=w3i&type=W3i_DS,136,0_0,Search,20110833,17131,0,18,0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "MyStart Search" FF - prefs.js..browser.search.order.1: "Searchqu Web Search" FF - prefs.js..browser.search.selectedEngine: "MyStart Search" FF - prefs.js..browser.startup.homepage: "www.t-online.de" FF - prefs.js..keyword.URL: "hxxp://mystart.incredibar.com/mb119/?loc=IB_DS&a=6R8n1RX6lb&&i=26&search=" FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_270.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_270.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.4.53: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.4.53: c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.4.53: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012.07.31 20:21:27 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012.07.31 20:21:27 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\IPSFFPlgn\ [2012.08.03 19:00:10 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\coFFPlgn\ [2012.08.08 08:23:40 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.07.18 20:27:23 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}: C:\Program Files (x86)\PriceGong\2.5.1\FF [2012.08.07 16:03:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin\AppData\Roaming\mozilla\Extensions [2012.08.07 23:03:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\5gg5j44k.default\extensions [2012.01.01 22:52:31 | 000,000,000 | ---D | M] (Searchqu Toolbar) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\5gg5j44k.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7} [2012.04.01 11:28:30 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\5gg5j44k.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2012.05.26 09:54:08 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\5gg5j44k.default\extensions\ich@maltegoetz.de [2012.03.16 22:17:40 | 000,000,000 | ---D | M] (TheBflix) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\5gg5j44k.default\extensions\info@bflix.info [2012.03.16 22:17:32 | 000,002,203 | ---- | M] () -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5gg5j44k.default\searchplugins\MyStart Search.xml [2012.01.01 22:52:28 | 000,002,520 | ---- | M] () -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5gg5j44k.default\searchplugins\SearchResults.xml [2012.08.07 16:03:45 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.07.31 20:41:31 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2012.07.31 20:21:27 | 000,000,000 | ---D | M] (QuickStores-Toolbar) -- C:\Program Files (x86)\mozilla firefox\extensions\quickstores@quickstores.de [2012.08.08 08:23:40 | 000,000,000 | ---D | M] (Norton Toolbar) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\COFFPLGN [2012.08.07 23:03:19 | 000,741,958 | ---- | M] () (No name found) -- C:\USERS\ADMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5GG5J44K.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI [2012.07.14 02:15:45 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.07.14 02:45:08 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.07.14 02:45:08 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.07.14 02:45:08 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.07.14 02:45:08 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.01.01 22:52:28 | 000,002,520 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\SearchResults.xml [2012.07.14 02:45:08 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.07.14 02:45:07 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - homepage: Search CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms} CHR - homepage: Search CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.60\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll CHR - plugin: Java Deployment Toolkit 6.0.220.4 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U22 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll CHR - plugin: RealNetworks(tm) RealPlayer Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL CHR - plugin: Chrome NaCl (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.60\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.60\pdf.dll CHR - plugin: Nero Kwik Media Helper (Enabled) = C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.67\npGoogleUpdate3.dll CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: Default Plug-in (Enabled) = default_plugin CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\ CHR - Extension: Norton Identity Protection = C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.4.6_0\ O1 HOSTS File: ([2012.08.06 14:40:49 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\coIEPlg.dll (Symantec Corporation) O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\IPS\IPSBHO.DLL (Symantec Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation) O2 - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations) O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation) O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\coIEPlg.dll (Symantec Corporation) O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found. O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\coIEPlg.dll (Symantec Corporation) O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) O4 - HKLM..\Run: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0 O8:64bit: - Extra context menu item: add to &BOM - S:\\PROGRA~2\\BIET-O~1\\\\AddToBOM.hta () O8:64bit: - Extra context menu item: Free YouTube to DVD Converter - C:\Users\Admin\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetodvdconverter.htm () O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Admin\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: add to &BOM - S:\\PROGRA~2\\BIET-O~1\\\\AddToBOM.hta () O8 - Extra context menu item: Free YouTube to DVD Converter - C:\Users\Admin\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetodvdconverter.htm () O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Admin\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O9 - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16:64bit: - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool) O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 10.5.1) O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 10.5.1) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B9AA7092-BF93-402F-B6CE-638B5C69334B}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2010.10.04 03:27:16 | 000,000,000 | ---D | M] - D:\autorun -- [ CDFS ] O32 - AutoRun File - [2010.09.20 09:59:24 | 000,000,062 | R--- | M] () - D:\autorun.inf -- [ CDFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.08.07 21:48:48 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\{90140011-0066-0407-0000-0000000FF1CE} [2012.08.07 21:48:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Virtualized Applications [2012.08.07 20:39:01 | 000,000,000 | R--D | C] -- C:\Users\Admin\Desktop\Rescue [2012.08.07 19:28:22 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{ED8196B0-94B0-46F3-85C6-94655625411E} [2012.08.07 19:28:09 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{3FB67EF2-8D35-4346-8AB0-7BFE2F9D4CED} [2012.08.06 15:04:36 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2012.08.06 14:42:57 | 000,000,000 | ---D | C] -- C:\Windows\temp [2012.08.06 14:34:26 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2012.08.06 14:34:26 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2012.08.06 14:34:26 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2012.08.06 14:34:11 | 000,000,000 | ---D | C] -- C:\Qoobox [2012.08.06 14:34:02 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2012.08.05 19:41:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro [2012.08.05 12:42:48 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{70390762-85B3-48C1-84CB-81FF57694A9C} [2012.08.05 12:42:36 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{719C9AEB-AFD5-4C89-85EE-6DDBB9514B5A} [2012.08.05 12:29:20 | 000,000,000 | ---D | C] -- C:\ProgramData\GFI Software [2012.08.05 11:05:45 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2012.08.05 11:00:16 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{1F44C43A-96C0-43E5-8AA3-10B2856B0E68} [2012.08.05 11:00:05 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{C415DF1A-6A3B-45EE-91C6-03CB400789E5} [2012.08.04 22:58:32 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\NPE [2012.08.04 20:31:21 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{AFBBEBF8-EB72-4D55-A3E8-1286056D868B} [2012.08.04 20:31:10 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{627E7519-17EC-45FF-A50C-2E789041E0C8} [2012.08.04 20:12:58 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Malwarebytes [2012.08.04 20:12:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.08.04 19:37:17 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{12D70706-9940-4539-AA20-8D186550A0C6} [2012.08.04 19:37:04 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{432E229A-DF5C-43FF-B70A-7887363CBB60} [2012.08.03 20:25:48 | 000,043,640 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SymIMV.sys [2012.08.03 19:51:00 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{BEBD45D4-EA85-483A-A5D7-5B151AF21D06} [2012.08.03 19:50:43 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{AD6C75C4-0829-479A-A300-8D0C92EF1D3C} [2012.08.03 19:09:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Symantec Shared [2012.08.03 19:01:52 | 001,092,728 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1307010.005\symefa64.sys [2012.08.03 19:01:52 | 000,737,912 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1307010.005\srtsp64.sys [2012.08.03 19:01:52 | 000,451,192 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1307010.005\symds64.sys [2012.08.03 19:01:52 | 000,405,624 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1307010.005\symnets.sys [2012.08.03 19:01:52 | 000,190,072 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1307010.005\ironx64.sys [2012.08.03 19:01:52 | 000,167,048 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1307010.005\ccsetx64.sys [2012.08.03 19:01:52 | 000,037,496 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1307010.005\srtspx64.sys [2012.08.03 19:01:47 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NISx64\1307010.005 [2012.08.03 19:00:04 | 000,175,736 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS [2012.08.03 19:00:04 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared [2012.08.03 19:00:04 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec [2012.08.03 18:59:35 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NISx64 [2012.08.03 18:59:32 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Internet Security [2012.08.03 18:59:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Norton Internet Security [2012.08.03 18:59:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton [2012.08.03 18:57:44 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller [2012.08.03 18:57:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NortonInstaller [2012.08.02 22:20:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2012.08.02 22:20:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Oracle [2012.08.02 22:20:02 | 000,227,760 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe [2012.08.02 21:56:31 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{5C85A346-4F39-40B4-A16F-FA5F6CAB2C29} [2012.08.02 21:56:17 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{974AB646-1B75-4BD7-AC7B-F45854D1A464} [2012.08.02 21:54:21 | 000,000,000 | R--D | C] -- C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices [2012.08.01 16:18:02 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{DDB80A22-A82D-407C-B334-17A564A1183F} [2012.08.01 16:17:49 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{56C57F48-C67B-4BE4-AAE4-F37FE0990158} [2012.08.01 12:20:16 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{F28A4995-A961-4880-A660-173FBBC5402C} [2012.08.01 12:20:03 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{1249E4E9-65E7-49D7-9C10-72797FE277B1} [2012.08.01 11:15:13 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{36C1A40A-E2AB-4CE2-80AD-01E6B025F7D1} [2012.07.31 23:59:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SkyDrive [2012.07.31 23:59:17 | 000,000,000 | R--D | C] -- C:\Users\Admin\SkyDrive [2012.07.31 23:59:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft SkyDrive [2012.07.31 20:54:18 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\Downloaded Installations [2012.07.31 20:53:43 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Ad-Aware Antivirus [2012.07.31 20:41:30 | 000,772,544 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\npdeployJava1.dll [2012.07.31 20:41:30 | 000,174,064 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe [2012.07.31 20:41:30 | 000,174,064 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe [2012.07.31 20:39:27 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{F0332064-6371-453E-839A-82704B43AD76} [2012.07.31 20:39:16 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{BC30AF47-8EBF-4B3E-ADDE-83627074BEC8} [2012.07.31 20:08:12 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\MpEngineStore [2012.07.31 19:10:28 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP [2012.07.31 19:09:38 | 000,000,000 | ---D | C] -- C:\Users\Admin\Documents\Simply Super Software [2012.07.31 19:09:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trojan Remover [2012.07.31 19:09:31 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Simply Super Software [2012.07.31 19:09:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Simply Super Software [2012.07.31 18:32:13 | 000,000,000 | ---D | C] -- C:\Config.Msi [2012.07.31 18:24:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Unlocker [2012.07.31 17:36:15 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{01CBCD7B-2E02-4656-B98D-04443BDF9D1F} [2012.07.31 17:36:03 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{77C36703-90FE-47AF-8725-85F22323607B} [2012.07.31 17:35:12 | 000,000,000 | ---D | C] -- C:\ProgramData\kgnmfdbppprcnfq [2012.07.30 16:22:05 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{3FB48E93-6E3F-49C5-873D-11A631089842} [2012.07.30 16:21:52 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{F56E156A-BCA9-496E-9AF0-80B41692727D} [2012.07.29 20:31:14 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{7630988E-A76E-404B-98A2-56C5770E642C} [2012.07.29 20:31:01 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{0D253B24-5745-463E-8DA9-ABF27C6C070C} [2012.07.29 14:19:17 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{362FC6CD-77B7-4AA3-9F4F-655C9B14C948} [2012.07.27 21:05:22 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{4BAF36B0-77E7-4024-9D0F-2842C12D7DF8} [2012.07.27 21:05:09 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{526AAE2F-941A-4107-9D78-F908C7C01F68} [2012.07.19 19:00:20 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{5B95B3B3-4B03-4E61-9F61-C457C1D98079} [2012.07.19 19:00:06 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{762D168E-9B0C-45A8-A2A8-EC4C15CE843F} [2012.07.18 20:29:56 | 000,000,000 | ---D | C] -- C:\SPLASH.SYS [2012.07.18 20:27:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service [2012.07.18 20:27:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla [2012.07.18 12:29:19 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\The Creative Assembly [2012.07.18 09:30:27 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{4892FB17-C77C-4C99-830A-391D9284240B} [2012.07.18 09:30:16 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{E0921C32-B0DA-4A4B-9D0B-82DABD564FD1} [2012.07.16 20:05:13 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{00F2B1AE-CCBA-435D-A42D-142AAC8A268C} [2012.07.16 20:04:59 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{41FA7EC8-1BE1-4EA5-AE41-A12DBEFE3C93} [2012.07.14 11:16:10 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{A435EDB1-7A93-492D-86F3-290E0401F331} [2012.07.14 11:15:57 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{BC2FABAF-2A55-4E13-B815-4DD52D53207F} [2012.07.13 20:46:05 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{A0E6F7B3-D99C-4C68-A664-0088E00A2150} [2012.07.13 19:41:57 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{8C0F6B43-CCD3-48A4-BFFB-C57496F1F22E} [2012.07.13 19:41:43 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{4F4339A7-06AC-43DA-8441-3A8005A152B1} [2012.07.12 22:15:19 | 000,000,000 | ---D | C] -- C:\ProgramData\T-Online [2012.07.12 22:15:07 | 000,041,024 | ---- | C] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\Windows\SysNative\drivers\DslTestSp5a64.sys [2012.07.12 22:14:46 | 000,019,008 | ---- | C] (T-Systems Enterprise Services GmbH) -- C:\Windows\SysNative\drivers\dslmnlwf.sys [2012.07.12 22:05:00 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{DD74F8E3-1A8C-493E-A5C7-CA9402208E33} [2012.07.12 22:04:48 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{BF88ADAA-ACCB-46ED-AB65-2CF49C4FDC4E} [2012.07.11 11:37:05 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{F0B6C152-30C1-4B93-93A2-85615BF08611} [2012.07.11 11:36:52 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{AED18F1B-70D7-4EF1-838D-B818AAF7CC5E} [2012.07.10 22:08:51 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{1AC76FFA-047F-49A0-A068-E20BAAC825D2} [2012.07.10 22:08:40 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{0C08877F-6122-415B-BDEC-AF565A374B47} [2012.07.10 21:59:29 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2012.07.10 21:59:29 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2012.07.10 21:59:28 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2012.07.10 21:59:28 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2012.07.10 21:59:27 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2012.07.10 21:59:27 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2012.07.10 21:59:26 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2012.07.10 21:59:26 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2012.07.10 21:59:25 | 002,311,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2012.07.10 21:59:25 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2012.07.10 21:59:25 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2012.07.10 21:59:25 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2012.07.10 21:59:25 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2012.07.10 21:58:15 | 001,133,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdosys.dll [2012.07.10 21:58:15 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cdosys.dll [2012.07.10 21:58:12 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll [2012.07.10 21:58:10 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3r.dll [2012.07.10 21:58:10 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msxml3r.dll [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [2 C:\Users\Admin\*.tmp files -> C:\Users\Admin\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.08.08 08:30:14 | 000,020,720 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.08.08 08:30:14 | 000,020,720 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.08.08 08:24:19 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.08.08 08:22:11 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.08.08 08:22:08 | 2132,713,471 | -HS- | M] () -- C:\hiberfil.sys [2012.08.07 23:57:00 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.08.07 23:21:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.08.06 14:40:49 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2012.08.06 14:33:57 | 001,614,892 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.08.06 14:33:57 | 000,697,534 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.08.06 14:33:57 | 000,652,812 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.08.06 14:33:57 | 000,148,540 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.08.06 14:33:57 | 000,121,486 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.08.05 10:41:25 | 000,688,850 | ---- | M] () -- C:\test.xml [2012.08.03 20:25:46 | 001,697,677 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1307010.005\Cat.DB [2012.08.03 19:21:24 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2012.08.03 19:21:24 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2012.08.03 19:02:01 | 000,008,942 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1307010.005\VT20120410.034 [2012.08.03 19:00:04 | 000,175,736 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS [2012.08.03 19:00:04 | 000,007,488 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT [2012.08.03 19:00:04 | 000,000,855 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF [2012.08.03 18:58:53 | 000,001,912 | ---- | M] () -- C:\Windows\epplauncher.mif [2012.08.02 22:19:48 | 000,174,064 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe [2012.08.02 22:19:48 | 000,174,064 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe [2012.07.18 20:30:15 | 000,000,074 | -H-- | M] () -- C:\splash.idx [2012.07.15 11:44:05 | 000,000,952 | -HS- | M] () -- C:\ProgramData\KGyGaAvL.sys [2012.07.10 22:05:54 | 000,339,688 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [2 C:\Users\Admin\*.tmp files -> C:\Users\Admin\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.08.06 14:34:26 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2012.08.06 14:34:26 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2012.08.06 14:34:26 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2012.08.06 14:34:26 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2012.08.06 14:34:26 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2012.08.03 19:03:12 | 001,697,677 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1307010.005\Cat.DB [2012.08.03 19:02:33 | 000,008,942 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1307010.005\VT20120410.034 [2012.08.03 19:01:52 | 000,007,496 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1307010.005\symds64.cat [2012.08.03 19:01:52 | 000,007,468 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1307010.005\ccsetx64.cat [2012.08.03 19:01:52 | 000,007,462 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1307010.005\srtspx64.cat [2012.08.03 19:01:52 | 000,007,460 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1307010.005\symefa64.cat [2012.08.03 19:01:52 | 000,007,458 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1307010.005\symnet64.cat [2012.08.03 19:01:52 | 000,007,458 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1307010.005\srtsp64.cat [2012.08.03 19:01:52 | 000,007,450 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1307010.005\iron.cat [2012.08.03 19:01:52 | 000,003,434 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1307010.005\symefa.inf [2012.08.03 19:01:52 | 000,002,852 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1307010.005\symds.inf [2012.08.03 19:01:52 | 000,001,441 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1307010.005\symnet.inf [2012.08.03 19:01:52 | 000,001,437 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1307010.005\srtsp64.inf [2012.08.03 19:01:52 | 000,001,419 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1307010.005\srtspx64.inf [2012.08.03 19:01:52 | 000,000,853 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1307010.005\ccsetx64.inf [2012.08.03 19:01:52 | 000,000,772 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1307010.005\iron.inf [2012.08.03 19:01:47 | 000,000,172 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1307010.005\isolate.ini [2012.08.03 19:00:04 | 000,007,488 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT [2012.08.03 19:00:04 | 000,000,855 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF [2012.07.07 10:42:38 | 000,000,017 | ---- | C] () -- C:\Users\Admin\AppData\Local\resmon.resmoncfg [2012.05.15 02:21:50 | 000,423,744 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe [2012.03.26 21:14:22 | 088,037,102 | ---- | C] () -- C:\Users\Admin\Fotobuch_NEU.cpr [2012.02.15 21:26:10 | 000,018,751 | ---- | C] () -- C:\Users\Admin\ESt2011_Bohlender_Oliver_und_Katrin.elfo [2012.01.11 17:10:56 | 000,002,048 | -HS- | C] () -- C:\Users\Admin\AppData\Local\{df2b8479-42c0-3a35-8d9f-5097004778d7}\@ [2011.11.18 21:36:48 | 000,095,929 | ---- | C] () -- C:\Users\Admin\ESt2010_Löwer_Manfred.elfo [2011.11.17 21:25:34 | 000,006,656 | ---- | C] () -- C:\Users\Admin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.11.07 19:36:44 | 000,000,040 | -HS- | C] () -- C:\ProgramData\.zreglib [2011.11.03 21:21:04 | 000,000,000 | ---- | C] () -- C:\Users\Admin\AppData\Roaming\FileOut.cns [2011.11.03 21:21:04 | 000,000,000 | ---- | C] () -- C:\Users\Admin\AppData\Roaming\FileIn.cns [2011.09.03 14:55:47 | 000,015,873 | ---- | C] () -- C:\Windows\SysWow64\Inetde.dll [2011.08.22 21:54:05 | 000,000,128 | ---- | C] () -- C:\Users\Admin\AppData\Roaming\Default.PLS [2011.08.22 21:52:55 | 000,000,917 | ---- | C] () -- C:\Windows\SysWow64\CLWatson.ini [2011.08.22 21:37:10 | 000,001,024 | ---- | C] () -- C:\Users\Admin\.rnd [2011.08.20 23:14:36 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini [2011.08.13 00:25:57 | 000,000,952 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys [2011.05.02 10:10:35 | 000,341,504 | ---- | C] () -- C:\Windows\SysWow64\SonyVideoProcessor.dll [2011.03.08 02:53:48 | 000,066,856 | ---- | C] () -- C:\Windows\SysWow64\SynTPEnhPS.dll [2011.02.11 01:03:27 | 001,644,062 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI ========== LOP Check ========== [2012.07.31 22:47:01 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Ad-Aware Antivirus [2012.01.18 21:47:23 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Amazon [2011.09.04 20:08:03 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Auslogics [2012.07.31 20:21:32 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\BOM [2011.12.21 15:39:11 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Broad Intelligence [2011.10.11 21:18:17 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Buhl Data Service [2011.11.17 20:00:45 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Buhl Data Service GmbH [2012.02.02 23:19:12 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Canneverbe Limited [2011.10.11 21:19:46 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\DataDesign [2012.04.08 21:55:12 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\DVDVideoSoft [2012.04.08 21:55:07 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\DVDVideoSoftIEHelpers [2011.11.16 20:40:16 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\elsterformular [2012.01.01 22:55:58 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\FreeFLVConverter [2012.07.31 20:21:32 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\IrfanView [2012.03.02 21:50:02 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Petroglyph [2012.07.16 21:16:28 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Quest3D [2012.07.31 19:09:31 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Simply Super Software [2012.08.07 22:29:21 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\SoftGrid Client [2011.08.17 21:44:33 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Stellarium [2012.07.18 12:29:19 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\The Creative Assembly [2011.08.14 21:24:55 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\TP [2011.08.13 00:56:37 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\TuneUp Software [2011.08.18 23:08:18 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Windows Live Writer [2012.08.07 21:48:48 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\{90140011-0066-0407-0000-0000000FF1CE} [2012.07.31 20:23:07 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 888 bytes -> C:\Users\Admin\Documents\Liebe Grüße von den drei xxxxers.eml:OECustomProperty @Alternate Data Stream - 769 bytes -> C:\Users\Admin\Documents\Order Process.eml:OECustomProperty @Alternate Data Stream - 150 bytes -> C:\ProgramData\TEMP:CB0AACC9 < End of report > o.g. Logfile natürlich OHNE Norten-Aktivierung, sorry Die zweite Logfile:OTL EXTRAS Logfile: Code:
ATTFilter OTL Extras logfile created on: 08.08.2012 08:45:03 - Run 2 OTL by OldTimer - Version 3.2.56.0 Folder = C:\Users\Admin\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 7,98 Gb Total Physical Memory | 6,08 Gb Available Physical Memory | 76,14% Memory free 15,96 Gb Paging File | 13,94 Gb Available in Paging File | 87,34% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 293,05 Gb Total Space | 211,55 Gb Free Space | 72,19% Space Free | Partition Type: NTFS Drive D: | 824,35 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Drive E: | 27,54 Gb Total Space | 1,36 Gb Free Space | 4,94% Space Free | Partition Type: NTFS Drive F: | 73,24 Gb Total Space | 33,16 Gb Free Space | 45,28% Space Free | Partition Type: NTFS Drive G: | 14,65 Gb Total Space | 12,01 Gb Free Space | 81,98% Space Free | Partition Type: NTFS Drive L: | 73,24 Gb Total Space | 72,35 Gb Free Space | 98,78% Space Free | Partition Type: NTFS Drive O: | 6,63 Gb Total Space | 1,12 Gb Free Space | 16,82% Space Free | Partition Type: NTFS Drive S: | 90,13 Gb Total Space | 9,55 Gb Free Space | 10,59% Space Free | Partition Type: NTFS Computer Name: ADMIN-VAIO | User Name: Admin | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) .html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation) https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 "FirewallDisableNotify" = 0 "AntiVirusDisableNotify" = 0 "UpdatesDisableNotify" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirewallDisableNotify" = 0 "AntiVirusDisableNotify" = 0 "UpdatesDisableNotify" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 ========== Firewall Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 "DoNotAllowExceptions" = 0 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{049B5848-584D-404D-A381-FED16EB81033}" = rport=138 | protocol=17 | dir=out | app=system | "{093F91B7-E508-423C-BC44-937E94FB8315}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | "{131BFBB4-7462-4F54-9358-50621028A528}" = rport=137 | protocol=17 | dir=out | app=system | "{260941D3-B465-462B-943C-C56DF92F1AFE}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{271A3AAD-3E1D-43F5-A992-EF1959148EA1}" = lport=445 | protocol=6 | dir=in | app=system | "{2839692A-F253-42B6-9DB8-B89B68B3E7B5}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{2EEAAE20-0887-4E3E-9ECB-4F6CFCDBD55D}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe | "{3613798B-CF6B-4D91-8415-A217B281E33E}" = rport=10243 | protocol=6 | dir=out | app=system | "{504A32D5-5212-4504-A2DE-767B4AF5A319}" = lport=10243 | protocol=6 | dir=in | app=system | "{5770BB7B-012D-4BDB-8459-579C45B1F128}" = rport=445 | protocol=6 | dir=out | app=system | "{5C1718BA-1CC7-4395-A89B-E907673F23DA}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{5D8C616B-FA3B-464D-8515-BC4DEB5DC052}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{6BF80555-E888-43F1-9273-EDA0FE772B73}" = lport=137 | protocol=17 | dir=in | app=system | "{737E6E2A-C69C-4BEA-8D57-B78068CE1162}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{74119E89-9130-4800-9514-0A283215E4E1}" = rport=139 | protocol=6 | dir=out | app=system | "{95F74C28-EF8F-4050-BB11-BBEFD0C66AB7}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | "{9A9B247D-2217-4B39-85E8-F8DAD44FD808}" = lport=138 | protocol=17 | dir=in | app=system | "{ABEBFE92-5482-4439-85E2-F044341036FB}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{AD827080-E12B-408E-AF1A-75595A621162}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{AFEE0A17-2152-4889-8B8B-8045F047EF09}" = lport=2869 | protocol=6 | dir=in | app=system | "{C64132A4-8E15-4209-AF37-FF5EED3BD8BC}" = lport=80 | protocol=6 | dir=in | app=c:\program files\sony\vaio smart network\wfda\wifidirectapplication.exe | "{CCD8BA56-BACE-449D-86A6-F07CCB4B3F66}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{D047F470-AED0-4081-8BAC-526EE043146B}" = lport=53 | protocol=17 | dir=in | app=c:\program files\sony\vaio smart network\wfda\dcdhcpservice.exe | "{DBC9329B-F123-40B7-8BD0-6B8FB31AF085}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{E1B9D216-B8F3-4EE0-A494-CB62D270A9BD}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{E22D9B2B-770D-4726-BE55-CF773E76D3D4}" = lport=139 | protocol=6 | dir=in | app=system | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0596A4D6-9ACE-40CD-8E83-86D7BEAB1226}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{0BF267E6-C9BF-4C92-82AE-5D69EC951BC3}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{0F95A661-1767-4ABF-A7ED-BBA63001B21A}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{10867A1D-C026-4D5C-BC0E-72198CC5CE44}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{1D351EE2-9E85-4B97-8530-55866A53D148}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{1F4EF700-259A-4F04-A1C1-34533206BAFD}" = protocol=17 | dir=in | app=e:\program files (x86)\steam\steamapps\common\napoleon total war\napoleon.exe | "{21864860-F87B-46DD-B628-44F25CD00EE7}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{24F6525F-1353-41CE-8A1D-30E4D9EF5205}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{2B5EEE3E-5975-4B70-9E32-633E9D088BA7}" = dir=in | app=s:\program files (x86)\makedisc\makedisc.exe | "{2DD2E3F8-2D48-4538-8F18-621185A6A471}" = protocol=6 | dir=in | app=s:\program files (x86)\ubisoft\far cry 2\bin\farcry2.exe | "{3026F197-935A-4E37-BF9F-6D214C644F76}" = dir=in | app=s:\program files (x86)\powerdirector\pdr.exe | "{31A526F9-6214-45BF-99BA-2A8F53811E73}" = protocol=17 | dir=in | app=s:\program files (x86)\ubisoft\far cry 2\bin\farcry2.exe | "{3C3349F1-618B-437A-9899-D3253C9A3F8A}" = protocol=17 | dir=in | app=c:\program files\sony\vaio smart network\wfda\wifidirectapplication.exe | "{3EB7A7C7-6061-4CBC-B04C-7F7506306FEC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{40F842B5-8FF8-432E-B409-C1BE33C57D72}" = protocol=6 | dir=in | app=s:\program files (x86)\ubisoft\far cry 2\bin\fc2launcher.exe | "{41A7579D-18B5-4965-92F2-543A5B71D6D4}" = protocol=6 | dir=in | app=l:\program files (x86)\landwirtschafts simulator 2011\farmingsimulator2011.exe | "{41D0A9A5-8296-46AC-86A8-BD7E391DAD01}" = protocol=17 | dir=in | app=s:\program files (x86)\ubisoft\far cry 2\bin\fc2launcher.exe | "{42841E55-4B2B-40DA-A391-98B425D7999C}" = protocol=6 | dir=out | app=system | "{44F33F81-C9D8-4976-8FA5-57DF5F28ADED}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{45E02CFB-DE4A-40CE-B997-A621F9181B66}" = dir=in | app=s:\program files (x86)\tv enhance\tveservice.exe | "{491EC596-B0B4-4F6B-98CB-CA8D0ADBFBF9}" = protocol=6 | dir=in | app=s:\program files (x86)\codemasters\of dragon rising\ofdr.exe | "{4BC4F795-43A5-49E0-B1C9-0CC99C61BBC6}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | "{549B7A32-51F9-4D4F-A21D-B22F72555390}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{579E5A2F-41DA-42A4-B927-AD1A2C0C4D63}" = protocol=6 | dir=in | app=e:\program files (x86)\steam\steamapps\common\napoleon total war\napoleon.exe | "{5B0964F4-5CEB-4E3E-A99D-CC31D2C83751}" = protocol=17 | dir=in | app=e:\program files (x86)\steam\steam.exe | "{5E32D253-96DA-4770-B109-A8CB13697FFF}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | "{6554EDCC-D61B-4C05-9AF6-D31523E77DC9}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | "{79807C4F-375C-4E0F-83BF-0A8CE6D0F8A1}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{7B0F6F36-2445-4CF9-B27F-6D9F0184FEDE}" = protocol=17 | dir=in | app=e:\program files (x86)\steam\steamapps\common\ship simulator extremes\steam.exe | "{7DC52E9C-3DCC-4BB4-A1C9-39159E890408}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{7F881294-F89F-478B-862E-FF2DE94D01F8}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{88A0396C-0EA2-41F7-8DA5-FE6AB24ECB37}" = protocol=17 | dir=in | app=s:\program files (x86)\lucasarts\star wars empire at war forces of corruption\swfoc.exe | "{8E59BECC-B936-4B2F-8367-99C7778767CA}" = protocol=17 | dir=in | app=s:\program files (x86)\ubisoft\far cry 2\bin\fc2editor.exe | "{906F761D-8D4D-4829-A3B0-51CB453725D2}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{9409FF10-12E3-4A08-962A-54522F87EA38}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\hp1006mc.exe | "{988DE007-433F-4A75-872D-E2AF9A205C2A}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{9ABC77A3-EEA8-4597-BFA4-AB21E15B6A97}" = protocol=6 | dir=in | app=l:\program files (x86)\landwirtschafts simulator 2011\game.exe | "{9E76EB9C-1ADC-487E-B9E7-9819FAAAB6E3}" = protocol=17 | dir=in | app=s:\program files (x86)\lucasarts\star wars the force unleashed 2\swtfu2.exe | "{A1623D87-1641-4308-835C-187925AE8C13}" = protocol=17 | dir=in | app=l:\program files (x86)\landwirtschafts simulator 2011\farmingsimulator2011.exe | "{A380C194-3108-4860-B1FD-B30F55187500}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{A661EB46-9A3A-4EB7-AB13-0E5CFDADE17E}" = protocol=6 | dir=in | app=c:\program files (x86)\sony\vaio transfer support\vaiotransfer.exe | "{AA0F99C4-CD5B-429E-BBF2-D103ED076FD5}" = protocol=6 | dir=in | app=e:\program files (x86)\steam\steam.exe | "{AFD788E3-C502-4FE6-888E-7437BAABD24C}" = protocol=17 | dir=in | app=s:\program files (x86)\lucasarts\star wars empire at war\gamedata\sweaw.exe | "{BC34BB7B-97FF-4A43-A84D-A15193F10B00}" = protocol=17 | dir=in | app=l:\program files (x86)\landwirtschafts simulator 2011\game.exe | "{C2F67080-7D2A-47F3-9115-9573867C4855}" = protocol=6 | dir=in | app=e:\program files (x86)\steam\steamapps\common\ship simulator extremes\steam.exe | "{C7CAC493-D8CB-4FCB-AD62-E3EE7B0E8010}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{C84C0BFB-CDB0-4436-B6B9-54C5D4A56712}" = protocol=17 | dir=in | app=s:\program files (x86)\codemasters\of dragon rising\ofdr.exe | "{D4A6A964-031C-432D-B4F7-8C5586C62028}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{D5D06795-02C8-43F9-B1CB-89FCAF2675B1}" = protocol=6 | dir=in | app=s:\program files (x86)\lucasarts\star wars empire at war\gamedata\sweaw.exe | "{DD166B91-1927-4B8B-8B74-4330BC14505F}" = protocol=6 | dir=in | app=s:\program files (x86)\lucasarts\star wars empire at war forces of corruption\swfoc.exe | "{E3E45DFF-2EBD-4D61-A38C-8BA6C616D86D}" = dir=in | app=s:\program files (x86)\tv enhance\tvenhance.exe | "{E6A164C4-F6DF-480A-AEDA-70FA027A155C}" = protocol=6 | dir=in | app=c:\program files\sony\vaio smart network\wfda\wifidirectapplication.exe | "{EB6CAF2A-334B-41AA-9627-8D0CFCCDEFA7}" = dir=in | app=s:\program files (x86)\powerdvd\powerdvd.exe | "{F0B3AA25-6E12-4005-AC1E-E40475871A31}" = protocol=6 | dir=in | app=s:\program files (x86)\lucasarts\star wars the force unleashed 2\swtfu2.exe | "{F107F5C4-2E63-406F-968C-BF089A618324}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\hp1006mc.exe | "{F5E56DC2-32A8-4F5A-81C6-53CF9C8900FB}" = protocol=6 | dir=in | app=s:\program files (x86)\ubisoft\far cry 2\bin\fc2editor.exe | "{FDBAB4B5-07EB-4354-96A4-C166D7A45329}" = protocol=17 | dir=in | app=c:\program files (x86)\sony\vaio transfer support\vaiotransfer.exe | "TCP Query User{3ABF0771-1FF8-44F0-B5D8-5A10E46627A6}S:\program files (x86)\lucasarts\star wars empire at war\gamedata\fpupdate.exe" = protocol=6 | dir=in | app=s:\program files (x86)\lucasarts\star wars empire at war\gamedata\fpupdate.exe | "TCP Query User{4164ABF6-A276-4B99-A341-541A9707F054}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe | "TCP Query User{55832118-F369-4675-8562-07B1354A427B}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | "TCP Query User{6AA1902C-AE49-42B9-B6DC-870054CE6EC1}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | "TCP Query User{8992FFB5-7864-4F3C-97D9-580D7DC396AE}L:\program files (x86)\landwirtschafts simulator 2011\game.exe" = protocol=6 | dir=in | app=l:\program files (x86)\landwirtschafts simulator 2011\game.exe | "UDP Query User{3E7630D7-D63A-45A0-A19C-2C45DC5784C4}S:\program files (x86)\lucasarts\star wars empire at war\gamedata\fpupdate.exe" = protocol=17 | dir=in | app=s:\program files (x86)\lucasarts\star wars empire at war\gamedata\fpupdate.exe | "UDP Query User{83A17D74-49DD-4A03-AF63-DCFB9E21DC38}L:\program files (x86)\landwirtschafts simulator 2011\game.exe" = protocol=17 | dir=in | app=l:\program files (x86)\landwirtschafts simulator 2011\game.exe | "UDP Query User{921C3674-95F9-4E6E-A974-817DDF84D3DE}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe | "UDP Query User{955C85C6-81B0-41A4-A83A-F4D484466B0E}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | "UDP Query User{CC7B8C5C-8216-4353-90CE-08D2459D567C}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack "{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector "{02A5BD31-16AC-45DF-BE9F-A3167BC4AFB2}" = Windows Live Family Safety "{0D87AE67-14EB-4C10-88A5-DA6C3181EB18}" = Windows Live Family Safety "{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{115B60D5-BBDB-490E-AF2E-064D37A3CE01}" = Media Gallery "{11D25EF7-85FC-4B58-8278-485939C8637F}" = VAIO Update Merge Module x64 "{1280E900-35DA-4E08-A700-B79A5B2B8532}" = Microsoft Antimalware Service DE-DE Language Pack "{133D3F07-D558-46CE-80E8-F4D75DBBAD63}" = PMB VAIO Edition Plug-in "{1685AE50-97ED-485B-80F6-145071EE14B0}" = Windows Live Remote Service Resources "{17A4FD95-A507-43F1-BC92-D8572AF8340A}" = Windows Live Remote Service Resources "{19F09425-3C20-4730-9E2A-FC2E17C9F362}" = Windows Live Remote Service Resources "{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant "{1EB2CFC3-E1C5-4FC4-B1F8-549DD6242C67}" = Windows Live Remote Service Resources "{2128559D-BBCD-4744-87F0-7C0CD5CFB464}" = Windows Live Family Safety "{22AB5CFD-B3DB-414E-9F99-4D024CCF1DA6}" = Windows Live Remote Client Resources "{230D1595-57DA-4933-8C4E-375797EBB7E1}" = Bluetooth Win7 Suite (64) "{2426E29F-9E8C-4C0B-97FC-0DB690C1ED98}" = Windows Live Remote Client Resources "{26A24AE4-039D-4CA4-87B4-2F86416022FF}" = Java(TM) 6 Update 22 (64-bit) "{27B3E5AA-5B75-414A-AC37-F5ADDFA68BDB}" = Windows Live Family Safety "{2C1A6191-9804-4FDC-AB01-6F9183C91A13}" = Windows Live Remote Client Resources "{2F304EF4-0C31-47F4-8557-0641AAE4197C}" = Windows Live Remote Client Resources "{312395BC-7CC2-434C-A660-30250276A926}" = SSLx64 "{34384A2A-2CA2-4446-AB0E-1F360BA2AAC5}" = Windows Live Remote Service Resources "{3921492E-82D2-4180-8124-E347AD2F2DB4}" = Windows Live Remote Client Resources "{3BDBA092-5F32-4F3D-B315-DFA3A2B72856}" = Windows Live Family Safety "{3F2A8756-C008-43D7-8E1D-7300AA394549}" = Windows Live Family Safety "{46261E1C-5E0D-484E-8CCC-7F770375FBA2}" = VU5x64 "{480F28F0-8BCE-404A-A52E-0DBB7D1CE2EF}" = Windows Live Remote Service Resources "{48491B19-3759-428B-9560-7AE4697B8FFF}" = Windows Live Family Safety "{4BB3027E-7ABE-43EA-BA1B-9521EF69B530}" = Windows Live Family Safety "{4C2E49C0-9276-4324-841D-774CCCE5DB48}" = Windows Live Remote Client Resources "{4EFA8109-732B-4026-9F0C-B70ECF3F9293}" = Windows Live Remote Service Resources "{4F31AC31-0A28-4F5A-8416-513972DA1F79}" = Sony Corporation "{5141AA6E-5FAC-4473-BFFB-BEE69DDC7F2B}" = Windows Live Remote Service Resources "{5151E2DB-0748-4FD1-86A2-72E2F94F8BE7}" = Windows Live Remote Service Resources "{57F2BD1C-14A3-4785-8E48-2075B96EB2DF}" = Windows Live Remote Service Resources "{5E2CD4FB-4538-4831-8176-05D653C3E6D4}" = Windows Live Remote Service Resources "{5ECA80C9-7D7A-49AC-B487-52F1CF47ECEE}" = Windows Live Family Safety "{5F44A3A1-5D24-4708-8776-66B42B174C64}" = Windows Live Remote Client Resources "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{5FEAD3E5-A158-4B66-B92B-0C959D7CF838}" = Windows Live Remote Service Resources "{61407251-7F7D-4303-810D-226A04D5CFF3}" = Windows Live Remote Service Resources "{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources "{692CCE55-9EAE-4F57-A834-092882E7FE0B}" = Windows Live Remote Client Resources "{698EAE05-09DE-47D0-9586-29E41A0934DD}" = Windows Live Family Safety "{6C9D3F1D-DBBE-46F9-96A0-726CC72935AF}" = Windows Live Remote Service Resources "{6CBFDC3C-CF21-4C02-A6DC-A5A2707FAF55}" = Windows Live Remote Service Resources "{74AC7ECE-87E1-41F7-ABA2-5ED9B13CECFA}" = Windows Live Family Safety "{75C95C84-264F-4CC7-8A7E-346444E6C7C1}" = VAIO Improvement Validation "{7AEC844D-448A-455E-A34E-E1032196BBCD}" = Windows Live Remote Service Resources "{7C3AC18F-F19B-4082-8D13-7D603848E06C}" = VAIO Update Merge Module x64 "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 "{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources "{850B8072-2EA7-4EDC-B930-7FE569495E76}" = Windows Live Remote Client Resources "{8970AE69-40BE-4058-9916-0ACB1B974A3D}" = Windows Live Remote Client Resources "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended "{90140000-006D-0407-1000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010 "{944E73EF-857E-4F71-9DC4-CD059D7ADDEF}" = Windows Live Family Safety "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{99E6C2F3-59B2-4308-B1CD-4928B55B7E30}" = VGClientX64 "{9E9C960F-7F47-46D5-A95D-950B354DE2B8}" = Windows Live Remote Service Resources "{9F672527-2BE4-47AB-B061-C057BDE30B30}" = Windows Live Remote Client Resources "{A060182D-CDBE-4AD6-B9B4-860B435D6CBD}" = Windows Live Remote Client Resources "{A0CC1C12-528A-42A3-B9A3-10C4F9E65C9E}" = Windows Live Family Safety "{A35001F0-F1E4-11DD-A38B-005056C00008}" = Paragon Partition Manager™ 10.0 Professional "{A986CF32-C1C2-4B53-91AD-78EE027875C7}" = Windows Live Family Safety "{AAE97E7E-B3A6-42BA-ADA5-04A0E6FD7224}" = Windows Live Family Safety "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64) "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 301.42 "{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 301.42 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 301.42 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 301.42 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.0213 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.8.15 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.16.0 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components "{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 "{B750FA38-7AB0-42CB-ACBB-E7DBE9FF603F}" = Windows Live Remote Client Resources "{BFBE6E95-5724-47EC-85A0-74D436AD938F}" = Windows Live Family Safety "{C504EC13-E122-4939-BD6E-EE5A3BAA5FEC}" = Windows Live Remote Client Resources "{C9F05151-95A9-4B9B-B534-1760E2D014A5}" = Windows Live Remote Client Resources "{CE6D49CE-ED18-47E1-8449-037BC7181450}" = Windows Live Family Safety "{D0C56275-9E7F-4BE5-AB37-15124BF808F2}" = Windows Live Family Safety "{D1C1556C-7FF3-48A3-A5D6-7126F0FAFB66}" = Windows Live Remote Client Resources "{D55EAC07-7207-44BD-B524-0F063F327743}" = VIx64 "{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources "{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources "{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter "{DB9C43F7-0B0F-4E43-9E6B-F945C71C469E}" = VD64Inst "{DBEAA361-F8A4-4298-B41C-9E9DCB9AAB84}" = VPMx64 "{DBEDAF67-C5A3-4C91-951D-31F3FE63AF3F}" = Windows Live Remote Client Resources "{DC911ADF-7B60-40F2-A112-FB1EB6402D07}" = Microsoft Security Client DE-DE Language Pack "{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client "{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service "{E743BA71-5955-420B-AA52-67508054AD66}" = VAIO Update Merge Module x64 "{ED421F97-E1C3-4E78-9F54-A53888215D58}" = Windows Live Remote Client Resources "{F1DC5C16-9B1F-467B-85E3-CB48C27AC50D}" = VESx64 "{F20B6800-68D7-48DB-A2EB-26BB7BFD1F77}" = Windows Live Family Safety "{F2611404-06BF-4E67-A5B7-8DB2FFC1CBF6}" = VSNx64 "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "{F6CB2C5F-B2C1-4DF1-BF44-39D0DC06FE6F}" = Windows Live Remote Service Resources "{F71F4E15-C711-4010-B1BD-74EE2618B86F}" = Windows Live Family Safety "{FD41A335-9425-44CB-B1D6-E657C52F7DC6}" = Windows Live Family Safety "CCleaner" = CCleaner "MediaCoder x64" = MediaCoder x64 2011 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended "Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack "SynTPDeinstKey" = Synaptics Pointing Device Driver "WinRAR archiver" = WinRAR 4.01 (64-Bit) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{00884F14-05BD-4D8E-90E5-1ABF78948CA4}" = Windows Live Mesh "{039480EE-6933-4845-88B8-77FD0C3D059D}" = Windows Live Mesh "{046885A1-B4AE-4459-A0D1-8C93706698D6}" = "{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}" = Messenger Companion "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam "{05E379CC-F626-4E7D-8354-463865B303BF}" = Windows Live UX Platform Language Pack "{062E4D94-8306-46D5-81B6-45E6AD09C799}" = Windows Live Messenger "{0654EA5D-308A-4196-882B-5C09744A5D81}" = Windows Live Photo Common "{066219C8-4BE6-46D7-9E01-60FCFA6B32DC}" = Messenger Companion "{07441A52-E208-478A-92B7-5C337CA8C131}" = VAIO - Remote Play mit PlayStation®3 "{082E37F5-3924-4168-A69A-1B6B1FEA587C}" = Messenger Companion "{0899D75A-C2FC-42EA-A702-5B9A5F24EAD5}" = VAIO Smart Network "{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86 "{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Central Data "{09922FFE-D153-44AE-8B60-EA3CB8088F93}" = Windows Live UX Platform Language Pack "{09B7C7EB-3140-4B5E-842F-9C79A7137139}" = Windows Live Mesh ActiveX-kontroll for eksterne tilkoblinger "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer "{0C1931EB-8339-4837-8BEC-75029BF42734}" = Windows Live UX Platform Language Pack "{0C975FCC-A06E-4CB6-8F54-A9B52CF37781}" = Windows Liven sähköposti "{0D005F09-A5F4-473B-A901-5735C6AF5628}" = Silent Hunter 4 Wolves of the Pacific "{0E3DB576-9B7D-43FA-9F4B-D09A86899DAB}" = ProTrain Perfect 2 - Aufgabenfix - "{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime "{0EC0B576-90F9-43C3-8FAD-A4902DF4B8F4}" = Galeria de Fotografias do Windows Live "{10186F1A-6A14-43DF-A404-F0105D09BB07}" = Windows Live Mail "{110668B7-54C6-47C9-BAC4-1CE77F156AF5}" = Windows Live Mesh "{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1 "{11417707-1F72-4279-95A3-01E0B898BBF5}" = Windows Live Mesh "{11778DA1-0495-4ED9-972F-F9E0B0367CD5}" = Windows Live Writer "{1203DC60-D9BD-44F9-B372-2B8F227E6094}" = Windows Live Temel Parçalar "{133D9D67-D475-4407-AC3C-D558087B2453}" = Windows Live Movie Maker "{13EC74A6-4707-4D26-B9B9-E173403F3B08}" = Quick Web Access "{14B441B7-774D-4170-98EA-A13667AE6218}" = Windows Live Writer Resources "{168E7302-890A-4138-9109-A225ACAF7AD1}" = Windows Live Photo Common "{17835B63-8308-427F-8CF5-D76E0D5FE457}" = Windows Live Essentials "{17F99FCE-8F03-4439-860A-25C5A5434E18}" = Windows Live Essentials "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser "{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 "{198EA334-8A3F-4CB2-9D61-6C10B8168A6F}" = Windows Live Writer "{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker "{19D92B1E-F158-4C02-8689-5A28E757AB35}" = Majestic Chess "{1A4052AB-BA77-44F7-8EE7-9F9131BFD7A6}" = OF Dragon Rising "{1A72337E-D126-4BAF-AC89-E6122DB71866}" = Windows Liven valokuvavalikoima "{1B0545C4-620F-4661-A369-C4D113F24932}" = Windows Live Writer Resources "{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger "{1D67FB28-58DA-4425-B426-99E894468197}" = PMDG744X_PW_IB "{1DA6D447-C54D-4833-84D4-3EA31CAECE9B}" = Windows Live UX Platform Language Pack "{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Central Tools "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update "{1FC83EAE-74C8-4C72-8400-2D8E40A017DE}" = Windows Live Writer "{1FE4482C-E7EC-4A88-B3EE-AC13054E789E}" = ProTrain Perfect 2 - Nürnberg - Saalfeld - "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions "{20372FAA-3AF4-4B3D-9B1D-564CDEA5957C}" = PMDG744X_GE_LH "{21DD6041-7251-40FA-9D06-C5EB30268E0F}" = Qualcomm Atheros Direct Connect "{22008CF9-2B54-4022-AFD8-3B7D42C89E6B}" = PMB VAIO Edition Plug-in "{220C7F8C-929D-4F71-9DC7-F7A6823B38E4}" = Windows Live UX Platform Language Pack "{2303F9E7-6293-4A85-BC21-CA226FAD5CE4}" = Windows Live Mail "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{235211CA-D0E3-4EC8-95D4-C024CE37537C}" = WISO Mein Geld 2012 Professional "{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}" = TuneUp Utilities 2011 "{241E7104-937A-4366-AD57-8FDDDB003939}" = Uzak Bağlantılar İçin Windows Live Mesh ActiveX Denetimi "{24DF33E0-F924-4D0D-9B96-11F28F0D602D}" = Windows Live UX Platform Language Pack "{24EE4523-711A-4BD1-95EA-F73A8A6950D3}" = Audials TV "{25A381E1-0AB9-4E7A-ACCE-BA49D519CF4E}" = Windows Live Mail "{25AF1025-095C-4AA9-A3FD-29710D3C3AE5}" = Remote Keyboard "{25CD4B12-8CC5-433E-B723-C9CB41FA8C5A}" = Windows Live Writer "{260E3D78-94E6-47EC-8E29-46301572BB1E}" = Control ActiveX Windows Live Mesh pentru conexiuni la distanță "{26A24AE4-039D-4CA4-87B4-2F83216033FF}" = Java(TM) 6 Update 33 "{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java(TM) 7 Update 5 "{26E3C07C-7FF7-4362-9E99-9E49E383CF16}" = Windows Live Writer Resources "{28B9D2D8-4304-483F-AD71-51890A063A74}" = Windows Live Photo Common "{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1 "{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections "{2A07C35B-8384-4DA4-9A95-442B6C89A073}" = Windows Live Essentials "{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger "{2BA5FD10-653F-4CAF-9CCD-F685082A1DC1}" = Windows Live Writer "{2C8FBAB0-4564-47B8-AC4B-9C7401B94BF2}" = Основи Windows Live "{2D3E034E-F76B-410A-A169-55755D2637BB}" = Windows Live Mesh "{2E50E321-4747-4EB5-9ECB-BBC6C3AC0F31}" = Windows Live Writer Resources "{2E97F7E8-ABDE-4E0D-B0AD-B6B4BAD89E24}" = Rome - Total War - Gold Edition "{3125D9DE-8D7A-4987-95F3-8A42389833D8}" = Windows Live Writer Resources "{31C2BE56-FC30-4EC8-9E53-509252008243}" = PMDG744XF_GE_AFF "{32B08666-1587-435D-988C-7958A04B218A}_is1" = OMSI Addon Manager Version 1.2.4 "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery "{339F9B4D-00CB-4C1C-BED8-EC86A9AB602A}" = PMB VAIO Edition Guide "{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live "{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery "{36C5BBF0-E5BF-4DE1-B684-7E90B0C93FB5}" = VAIO Care "{3705D53F-BB01-4BEE-8585-289E71CAC4B4}" = Компаньон Messenger "{370F888E-42A7-4911-9E34-7D74632E17EB}" = Windows Live Photo Common "{376D59B1-42D9-4FA2-B6CC-E346B6BE14F5}" = ActiveX-kontroll för fjärranslutningar för Windows Live Mesh "{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack "{38E3EF60-58D7-424F-A6A3-773706D6713F}" = SevenClean 2012 "{39F95B0B-A0B7-4FA7-BB6C-197DA2546468}" = Windows Live Mesh "{3A09ED0F-8DDF-47BB-B53D-841AB9D1D3A7}" = Complemento Messenger "{3A26D9BD-0F73-432D-B522-2BA18138F7EF}" = VAIO Improvement "{3A94F54D-A8A4-4B82-B346-92B4D56A2708}" = VESx86 "{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer "{3D42025D-A83A-42A3-B2E2-95CD5F74ED00}" = Just Flight - C-130 Hercules FSX "{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology "{3F4143A1-9C21-4011-8679-3BC1014C6886}" = Windows Live Mesh "{40BFD84C-64CD-42CC-9909-8734C50429C6}" = Windows Live UX Platform Language Pack "{40F75775-0940-4F2D-B43F-2BB37E51F13A}" = PMDG744X_GE_SV "{41583634-4D73-4826-8983-3A2CDA08A7CC}" = aerosoft's - German Airports 3 - Paderborn-Lippstadt X "{4264C020-850B-4F08-ACBE-98205D9C336C}" = Windows Live Writer "{429DF1A0-3610-4E9E-8ACE-3C8AC1BA8FCA}" = Windows Live Photo Gallery "{443B561F-DE1B-4DEF-ADD9-484B684653C7}" = Windows Live Messenger "{4444F27C-B1A8-464E-9486-4C37BAB39A09}" = Фотогалерия на Windows Live "{45191C61-3D04-4D03-B78A-592DF13264CC}" = Windows Live Messenger "{458F399F-62AC-4747-99F5-499BBF073D29}" = Windows Live Writer Resources "{46872828-6453-4138-BE1C-CE35FBF67978}" = Windows Live Mesh "{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR "{47948554-90C6-4AAC-8CFA-D23CE11C1031}" = Nero 8 Essentials "{48294D95-EE9A-4377-8213-44FC4265FB27}" = Windows Live Messenger "{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4A04DB63-8F81-4EF4-9D09-61A2057EF419}" = Windows Live Essentials "{4B28D47A-5FF0-45F8-8745-11DC2A1C9D0F}" = Windows Live Writer "{4B744C85-DBB1-4038-B989-4721EB22C582}" = Windows Live Messenger "{4C378B16-46B7-4DA1-A2CE-2EE676F74680}" = Windows Live UX Platform Language Pack "{4CF6F287-5121-483C-A5A2-07BDE19D8B4E}" = Windows Live Meshin etäyhteyksien ActiveX-komponentti "{506FC723-8E6C-4417-9CFF-351F99130425}" = Windows Live UX Platform Language Pack "{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion "{51E13E14-F72A-4C97-8FD7-04322D995E2F}" = Philips SPC 900NC PC Camera "{520C2FC2-F39B-4B95-BDA9-3FB6BCA135BF}" = PMDG744XF_GE_XHF "{523DF2BB-3A85-4047-9898-29DC8AEB7E69}" = Windows Live UX Platform Language Pack "{5275D81E-83AD-4DE4-BC2B-6E6BA3A33244}" = Windows Live Writer Resources "{537BF16E-7412-448C-95D8-846E85A1D817}" = Roxio Easy Media Creator 10 LJ "{53E5E2ED-1603-4531-B602-42526F2BB973}" = CR-Software's - German Landmarks FSX "{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver "{547C9EB4-4CA6-402F-9D1B-8BD30DC71E44}" = VAIO Sample Contents "{55D003F4-9599-44BF-BA9E-95D060730DD3}" = Contrôle ActiveX Windows Live Mesh pour connexions à distance "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml "{56D42B00-572C-4AE9-BCFB-CD45A3B5D0E1}" = Messenger Assistent "{57220148-3B2B-412A-A2E0-82B9DF423696}" = Windows Live Mesh ActiveX-objekt til fjernforbindelser "{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack "{57B955CE-B5D3-495D-AF1B-FAEE0540BFEF}" = VAIO Data Restore Tool "{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth "{5BEE8F1F-BD32-4553-8107-500439E43BD7}" = VAIO Update "{5C1F18D2-F6B7-4242-B803-B5A78648185D}" = Corel WinDVD "{5C2F5C1B-9732-4F81-8FBF-6711627DC508}" = Windows Live Fotogalleri "{5D2E7BD7-4B6F-4086-BA8A-E88484750624}" = Windows Live Writer Resources "{5D4C60AA-84E6-4E1A-8A68-69970D387BE1}" = TuneUp Utilities Language Pack (de-DE) "{5DDAFB4B-C52E-468A-9E23-3B0CEEB671BF}" = VAIO-Support für Übertragungen "{5E627606-53B9-42D1-97E1-D03F6229E248}" = Windows Live UX Platform Language Pack "{5FA51AAF-23FE-42F4-A724-D79F85F41D4B}" = Remote Play with PlayStation 3 "{60C3C026-DB53-4DAB-8B97-7C1241F9A847}" = Windows Live Movie Maker "{61438020-DDD4-42FA-99A2-50225441980A}" = ArcSoft Magic-i Visual Effects 2 "{61957FA7-34C1-4F46-871C-A0FD49848832}" = Aerosoft's - HelgolandX "{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources "{63C43435-F428-42BA-8E7B-5848749D9262}" = SSLx86 "{63CF7D0C-B6E7-4EE9-8253-816B613CC437}" = Windows Live Mail "{640798A0-A4FB-4C52-AC72-755134767F1E}" = Windows Live Movie Maker "{64376910-1860-4CEF-8B34-AA5D205FC5F1}" = Poczta usługi Windows Live "{6491AB99-A11E-41FD-A5E7-32DE8A097B8E}" = Windows Live Essentials "{64B2D6B3-71AC-45A7-A6A1-2E07ABF58341}" = Windows Live Movie Maker "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components "{6592FDEC-2C1A-413A-9985-25FEC2F0848D}" = Star Wars Empire at War Forces of Corruption "{65F16251-D875-444D-A435-10C55F74A1E7}" = Audials "{6748E773-5DA0-4D19-8AA5-273B4133A09B}" = SmartSound Quicktracks for Premiere Elements 9.0 "{6756D5CA-3E31-4308-9BF0-79DFD1AF196E}" = Елемент керування Windows Live Mesh ActiveX для віддалених підключень "{677AAD91-1790-4FC5-B285-0E6A9D65F7DC}" = Windows Live Mail "{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE "{69CAC24D-B1DC-4B97-A1BE-FE21843108FE}" = Windows Live Writer Resources "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin "{6A4ABCDC-0A49-4132-944E-01FBCCB3465C}" = Windows Live UX Platform Language Pack "{6A67578E-095B-4661-88F7-0B199CEC3371}" = Windows Live Messenger "{6ABE832B-A5C7-44C1-B697-3E123B7B4D5B}" = Windows Live Mesh "{6AC57EEF-2733-4DE6-81BB-E78ACB964C22}" = Windows Live Photo Common "{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 "{6D2F0A26-ECEA-49CE-833C-9A6125F3D5E8}" = Doplnok programu Messenger "{6DD3B54B-F0D0-4A69-8344-F52033225A02}" = Messenger Companion "{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker "{6E29C4F7-C2C2-4B18-A15C-E09B92065F15}" = Windows Live Mesh ActiveX-vezérlő távoli kapcsolatokhoz "{6E5324C1-84FC-4F76-9A3A-C65E07F80EE6}" = Complément Messenger "{6E8AFC13-F7B8-41D8-88AB-F1D0CFC56305}" = Windows Live Messenger "{6EF2BE2C-3121-48B7-B7A6-C56046B3A588}" = Windows Live Movie Maker "{6F37D92B-41AA-44B7-80D2-457ABDE11896}" = Windows Live Photo Common "{70991E0A-1108-437E-BA7D-085702C670C0}" = "{70D78DCD-8369-4857-BFEF-021C9899DA75}" = PMDG744X_GE_AF "{70EED410-697B-4193-A2CB-2F790F82B420}" = VAIO Data Restore Tool "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser und SDK "{71A81378-79D5-40CC-9BDC-380642D1A87F}" = Windows Live Writer "{71C95134-F6A9-45E7-B7B3-07CA6012BF2A}" = Windows Live Mesh "{72042FA6-5609-489F-A8EA-3C2DD650F667}" = VAIO Control Center "{7272F232-A7E0-4B2B-A5D2-71B7C5E2379C}" = Windows Live Fotótár "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{734104DE-C2BF-412F-BB97-FCCE1EC94229}" = Windows Live Writer Resources "{7373E17D-18E0-44A7-AC3A-6A3BFB85D3B3}" = Windows Live Movie Maker "{7396FB15-9AB4-4B78-BDD8-24A9C15D2C65}" = VAIO - Remote-Tastatur "{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Central Audio "{73D8886A-D416-4687-B609-0D3836BA410C}" = VAIO Event Service "{73FC3510-6421-40F7-9503-EDAE4D0CF70D}" = Windows Live Photo Common "{7465A996-0FCA-4D2D-A52C-F833B0829B5B}" = Windows Live Movie Maker "{7496FD31-E5CB-4AE4-82D3-31099558BF6A}" = Windows Live Mesh "{74E8A7F6-575D-42C7-9178-E87D1B3BEFE8}" = Windows Live UX Platform Language Pack "{7655E113-C306-11D9-A373-0050BAE317E1}" = MCE Software Encoder 1.1 "{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime "{77F69CA1-E53D-4D77-8BA3-FA07606CC851}" = Фотоальбом Windows Live "{781E0319-15CD-4A4C-A47E-D9FFF697E7A1}" = Messenger Companion "{78906B56-0E81-42A7-AC25-F54C946E1538}" = Windows Live Photo Common "{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core "{7A9D47BA-6D50-4087-866F-0800D8B89383}" = Podstawowe programy Windows Live "{7ADFA72D-2A9F-4DEC-80A5-2FAA27E23F0F}" = Windows Live Photo Common "{7AF8E500-B349-4A77-8265-9854E9A47925}" = Windows Live Movie Maker "{7C80D30A-AC02-4E3F-B95D-29F0E4FF937B}" = VAIO Easy Connect "{7CB529B2-6C74-4878-9C3F-C29C3C3BBDC6}" = Windows Live Writer Resources "{7D0DE76C-874E-4BDE-A204-F4240160693E}" = Windows Live Photo Common "{7D606567-5047-451A-B49E-29FCB6012B4E}" = Microsoft Flight Simulator X: Acceleration "{7D916FA5-DAE9-4A25-B089-655C70EAF607}" = Atheros WiFi Driver Installation "{7E017923-16F8-4E32-94EF-0A150BD196FE}" = Windows Live Writer "{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP "{7FF11E53-C002-4F40-8D68-6BE751E5DD62}" = Windows Live Writer Resources "{803E4FA5-A940-4420-B89D-A8BC2E160247}" = "{80651674-74AA-4155-AF2D-1339E628D187}" = Windows Live Movie Maker "{80E8C65A-8F70-4585-88A2-ABC54BABD576}" = Windows Live Mesh "{8142D25E-028A-4563-86ED-5755783C8029}" = Messenger Companion "{827D3E4A-0186-48B7-9801-7D1E9DD40C07}" = Windows Live Essentials "{82803FF3-563F-414F-A403-8D4C167D4120}" = Windows Live Mail "{82F09B1C-F602-4552-9C40-5BD5F8EAF750}" = "{8356CB97-A48F-44CB-837A-A12838DC4669}" = PMB VAIO Edition Plug-in "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform "{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" = Windows Live Mesh "{84267681-BF16-40B6-9564-27BC57D7D71C}" = Windows Live Photo Common "{85373DA7-834E-4850-8AF5-1D99F7526857}" = Windows Live Photo Common "{855DDD3C-131E-42A8-BCBD-F9581F80CACB}" = "{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer "{885F1BCD-C344-4758-85BD-09640CF449A5}" = Windows Live Photo Gallery "{8909CFA8-97BF-4077-AC0F-6925243FFE08}" = Windows Liven asennustyökalu "{8A3D1E45-8D8C-4FC6-A769-DF1232776190}" = PMDG744X_GE_AC "{8B583EF5-FA7B-4AE2-9008-51B7FD505886}" = VGClientX86 "{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime "{8CF5D47D-27B7-49D6-A14F-10550B92749D}" = Windows Live UX Platform Language Pack "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch "{91BD94FE-ADCA-49CC-BE96-97D4BBC36FAF}" = Windows Live Mesh "{92280FD3-A119-41E6-A740-A62DBA4DFB53}" = Windows Live UX Platform Language Pack "{924B4D82-1B97-48EB-8F1E-55C4353C22DB}" = Windows Live Mail "{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86 "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker "{93E464B3-D075-4989-87FD-A828B5C308B1}" = Windows Live Writer Resources "{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010 "{9547B52A-58E0-4AB5-B159-506728C5404B}" = ProTrain Perfect 2 - Streckenupdate - "{96403552-88D1-429F-9C92-388B814B885E}" = Messenger Companion "{96E1C9EE-5109-41FA-B412-E3358626051D}" = PMDG744X_PW_NW3 "{97F77D62-5110-4FA3-A2D3-410B92D31199}" = Windows Live Fotogaléria "{9914149D-1296-4988-B7F3-BCD82C60A783}" = German Landmarks FSX "{99AE7207-8612-4DBA-A8F8-BAE5C633390D}" = Star Wars Empire at War "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9AE850A4-B89D-4875-A159-B1B64D717EFB}" = OMSI - Der Omnibussimulator "{9B088046-8A01-4355-99DD-8530C022F682}" = VCCx86 "{9BD262D0-B788-4546-A0A5-F4F56EC3834B}" = Windows Live Photo Common "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9C979BC5-0B86-47A1-B6C1-6057297DB61C}" = PMDG744X_RR_BA "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail "{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail "{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh "{A1D97ADB-EFF4-4F31-B286-873F06AC6496}" = PMDG744X_GE_NH "{A298A7A7-3BD2-42EE-B48C-12C97A9BBF08}" = aerosoft's - German Airports 2 - Dortmund X "{A3389C72-1782-4BB4-BBAA-33345DE52E3F}" = Windows Live Messenger "{A49A517F-5332-4665-922C-6D9AD31ADD4F}" = VSNx86 "{A5D65411-8E73-4C85-AD80-9FE8B7391CF9}" = Rome Total War - patch 1.3 "{A60B3BF0-954B-42AF-B8D8-2C1D34B613AA}" = Windows Live Photo Gallery "{A7056D45-C63A-4FE4-A69D-FB54EF9B21BB}" = Windows Live Messenger "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer "{A7C30414-2382-4086-B0D6-01A88ABA21C3}" = VAIO Gate "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer "{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer "{AB61A2E9-37D3-485D-9085-19FBDF8CEF4A}" = Windows Live Messenger "{AB78C965-5C67-409B-8433-D7B5BDB12073}" = Windows Live Writer Resources "{ABD462F9-7436-4086-A65B-AC6360ED45FC}" = PMDG744XF_RR_CXF "{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X (10.1.3) MUI "{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh "{AD001A69-88CC-4766-B2DB-3C1DFAB9AC72}" = Windows Live Mesh "{ADE85655-8D1E-4E4B-BF88-5E312FB2C74F}" = Windows Live Mail "{ADFE4AED-7F8E-4658-8D6E-742B15B9F120}" = Windows Live Photo Common "{B04A0E2F-1E4C-4E61-B18E-3B2BD6779CA7}" = Formant ActiveX programu Windows Live Mesh odpowiedzialny za obsługę połączeń zdalnych "{B0AD205F-60D0-4084-AFB8-34D9A706D9A8}" = Windows Live Essentials "{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie "{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail "{B145EC69-66F5-11D8-9D75-000129760D75}" = MakeDisc "{B2E90616-C50D-4B89-A40D-92377AC669E5}" = Windows Live Messenger "{B3BA4D1C-23EF-4859-9C11-1B2CCB7FADBB}" = ActiveX контрола на Windows Live Mesh за отдалечени връзки "{B4089055-D468-45A4-A6BA-5A138DD715FC}" = Bing Bar "{B44F3823-52DD-45CA-A916-8B320778715D}" = Messenger Companion "{B618C3BF-5142-4630-81DD-F96864F97C7E}" = Windows Live Essentials "{B6190387-0036-4BEB-8D74-A0AFC5F14706}" = Ovládací prvek ActiveX platformy Windows Live Mesh pro vzdálená připojení "{B63F0CE3-CCD0-490A-9A9C-E1A3B3A17137}" = Почта Windows Live "{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Central Copy "{B6A98E5F-D6A7-46FB-9E9D-1F7BF443491C}" = PMB "{B7546697-2A80-4256-A24B-1C33163F535B}" = VAIO Gate Default "{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer "{B8991D99-88FD-41F2-8C32-DB70278D5C30}" = VWSTx86 "{BAEE0C24-C8C2-4820-9DF4-887909F1A286}" = aerosoft's - Mega Airport Frankfurt X "{BCB0D6F7-7EAB-4009-A6F2-8E0E7F317773}" = Элемент управления Windows Live Mesh ActiveX для удаленных подключений "{BD0C3887-64E6-41D8-9A38-BC6F34369352}" = Windows Live Messenger "{BD4EBDB5-EB14-4120-BB04-BE0A26C7FB3E}" = Windows Live Photo Common "{BD695C2F-3EA0-4DA4-92D5-154072468721}" = Windows Live Fotoğraf Galerisi "{BD8DA595-F501-4ABE-85A0-5C23E82472A0}" = Pomocnik Messenger "{BF022D76-9F72-4203-B8FA-6522DC66DFDA}" = Windows Live Movie Maker "{BF05DD52-4D84-474D-A7ED-F1DCAAE39E82}" = PMDG744XF_RR_CVF3 "{BF35168D-F6F9-4202-BA87-86B5E3C9BF7A}" = Windows Live Mesh "{BFC47A0B-D487-4DF0-889E-D6D392DF31E0}" = Windows Live Messenger "{C00C2A91-6CB3-483F-80B3-2958E29468F1}" = Συλλογή φωτογραφιών του Windows Live "{C08D5964-C42F-48EE-A893-2396F9562A7C}" = Windows Live Mesh "{C115A674-A398-49E5-9C6E-C0A541D3EA10}" = Фотоколекція Windows Live "{C14EAE86-C526-4E00-B245-CFF86233C3D2}" = VAIO 3D Portal "{C1C9D199-B4DD-4895-92DD-9A726A2FE341}" = Windows Live Writer "{C29FC15D-E84B-4EEC-8505-4DED94414C59}" = Windows Live Writer Resources "{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common "{C2FD7DB5-FE30-49B6-8A2F-C5652E053C31}" = Ovládací prvok ActiveX programu Windows Live Mesh pre vzdialené pripojenia "{C32CE55C-12BA-4951-8797-0967FDEF556F}" = Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen "{C454280F-3C3E-4929-B60E-9E6CED5717E7}" = Windows Live Mail "{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections "{C63A1E60-B6A4-440B-89A5-1FC6E4AC1C94}" = Windows Live Mesh ActiveX Control for Remote Connections "{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail "{C6E893E7-E5EA-4CD5-917C-5443E753FCBD}" = VAIO-Handbuch "{C72E35E5-C5C6-4328-AD9A-BBCCC816A2E6}" = VAIO Hardware Diagnostics "{C793AD32-2BB8-4CC4-ABD3-A1469C21593C}" = ArcSoft WebCam Companion 4 "{C7DAD22D-29D4-438F-B986-03B9ED582EA4}" = Messenger Companion "{C8421D85-CA0E-4E93-A9A9-B826C4FB88EA}" = Windows Live Mail "{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common "{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector "{CB3F59BB-7858-41A1-A7EA-4B8A6FC7D431}" = Galeria fotografii usługi Windows Live "{CB66242D-12B1-4494-82D2-6F53A7E024A3}" = Galerie foto Windows Live "{CB7224D9-6DCA-43F1-8F83-6B1E39A00F92}" = Windows Live Movie Maker "{CBDF2C61-C3C9-4AC0-9415-B4502A930DCD}_is1" = Titanic: Der Tauchfahrt-Simulator "{CBFD061C-4B27-4A89-ADD8-210316EEFA11}" = Windows Live Messenger "{CD442136-9115-4236-9C14-278F6A9DCB3F}" = Windows Live Movie Maker "{CD7CB1E6-267A-408F-877D-B532AD2C882E}" = Windows Live Photo Common "{CDC39BF2-9697-4959-B893-A2EE05EF6ACB}" = Windows Live Writer "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform "{CF671BFE-6BA3-44E7-98C1-500D9C51D947}" = Windows Live Photo Gallery "{D00FF1A5-0F56-47B7-95F1-4F7636B74F06}" = VCAD Demo Version "{D07B1FDA-876B-4914-9E9A-309732B6D44F}" = Windows Live Mail "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64 "{D17C2A58-E0EA-4DD7-A2D6-C448FD25B6F6}" = VIx86 "{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86 "{D2D23D08-D10E-43D6-883C-78E0B2AC9CC6}" = VU5x86 "{D31169F2-CD71-4337-B783-3E53F29F4CAD}" = Windows Live Mail "{D312F154-8455-45C1-A44E-1AED321E6E95}" = NVIDIA 3D Vision Video Player "{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow! "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform "{D4CF23EE-B0B6-4E5F-A335-8E63F8AFAC98}" = PMDG744X_GE_KL "{D4E7BB46-310E-4A21-B261-052A5997EA2F}" = V3DPX86 "{D531F5A4-18F6-4130-B9A4-9179D6E349FC}" = VAIO Care "{D588365A-AE39-4F27-BDAE-B4E72C8E900C}" = Windows Live Mail "{D5A9B7C0-8751-11D8-9D75-000129760D75}" = MediaShow "{D657CCB5-9F2F-4D3C-B93D-F77EBEF79B66}" = Messenger-kumppani "{D6F25CF9-4E87-43EB-B324-C12BE9CDD668}" = Windows Live UX Platform Language Pack "{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86 "{DA29F644-2420-4448-8128-1331BE588999}" = Windows Live Writer "{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}" = NVIDIA PhysX "{DAEF48AD-89C8-4A93-B1DD-45B7E4FB6071}" = Windows Live Movie Maker "{DB1208F4-B2FE-44E9-BFE6-8824DBD7891B}" = Windows Live Movie Maker "{DCAB6BA7-6533-44BF-9235-E5BF33B7431C}" = Windows Live Writer "{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources "{DE7C13A6-E4EA-4296-B0D5-5D7E8AD69501}" = Windows Live Writer "{DE8F99FD-2FC7-4C98-AA67-2729FDE1F040}" = Windows Live Writer Resources "{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh "{DEF91E0F-D266-453D-B6F2-1BA002B40CB6}" = Windows Live Essentials "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E110F951-FDE7-46AF-A469-C234666E98EF}" = PMDG744XF_GE_VC25A "{E45EC4EA-CE0C-4F1C-9DA4-908A5860CDBA}" = PMDG744XF_GE_5XF "{E4C891D6-6844-41B8-86E8-633CACCC644F}" = CyberLink TV Enhance "{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker "{E54EEB5D-41ED-40FE-B4A8-8565DB81469B}" = Controlo ActiveX do Windows Live Mesh para Ligações Remotas "{E55E0C35-AC3C-4683-BA2F-834348577B80}" = Windows Live Writer "{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger "{E5DD4723-FE0B-436E-A815-DC23CF902A0B}" = Windows Live UX Platform Language Pack "{E83DC314-C926-4214-AD58-147691D6FE9F}" = Основные компоненты Windows Live "{E8524B28-3BBB-4763-AC83-0E83FE31C350}" = Windows Live Writer "{E9AD2143-26D5-4201-BED1-19DCC03B407D}" = Windows Live Messenger "{E9D98402-21AB-4E9F-BF6B-47AF36EF7E97}" = Windows Live Writer Resources "{EA57A1B9-0DD2-44DD-9B70-64E8DA553F6F}" = Philips VLounge "{EAB979F7-84A6-47B6-AB39-CA73A6EEAE69}" = PMDG744X_PW_UA3 "{EB91AE13-BCA6-41F4-9804-62C4724549F2}" = VAIO - Media Gallery "{ED16B700-D91F-44B0-867C-7EB5253CA38D}" = Raccolta foto di Windows Live "{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Central Core "{EDCEE320-0FB3-4197-9F86-8C1CCF2278FB}" = PMDG 747-400/400F for FSX "{EF32F291-8B08-43EF-8BAA-58B9F8C9540F}" = aerosoft's - Lukla X - Mount Everest "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0F9505B-3ACF-4158-9311-D0285136AA00}" = Windows Live Essentials "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F2835483-37F2-4123-B4FE-0E77D58447F2}" = Far Cry 2 "{F28C98E9-BAC1-41FF-81F2-8885925CCB48}" = Windows Live Writer "{F2979AAA-FDD7-4CB3-93BC-5C24D965D679}" = Windows Live Messenger "{F302F4F0-588D-6501-1ACF-BE3FDCC9135D}" = Adobe Community Help "{F35DC85A-E96B-496B-ABE7-F04192824856}" = Windows Live Messenger "{F3ECEB0A-82A0-4DB9-BB44-393A66BA0871}" = Messenger kísérő "{F4BEA6C1-AAC3-4810-AAEA-588E26E0F237}" = Windows Live UX Platform Language Pack "{F535B2CF-C9BB-4162-B03A-02D6971F32CC}" = Microsoft Flight Simulator X "{F665F3B8-01B4-46A9-8E47-FF8DC2208C9F}" = Στοιχείο ελέγχου ActiveX του Windows Live Mesh για απομακρυσμένες συνδέσεις "{F80E5450-3EF3-4270-B26C-6AC53BEC5E76}" = Windows Live Movie Maker "{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials "{FA6CF94F-DACF-4FE7-959D-55C421B91B17}" = Windows Live Mail "{FB3D07AE-73D0-47A9-AC12-6F50BF8B6202}" = Windows Live Movie Maker "{FB77DB0C-6951-47B6-9D80-A0FDBEE0334C}" = "{FB79FDB7-4DE1-453D-99FE-9A880F57380E}" = Windows Live Fotogalerie "{FCC90D75-FCD8-4FE8-A1A4-4B3F553A72B7}" = Рупор Messenger "{FCDE76CB-989D-4E32-9739-6A272D2B0ED7}" = Windows Live Mesh "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials "{FE51662F-D8F6-43B5-99D9-D4894AF00F83}" = Roxio Easy Media Creator Home "{FE62C88B-425B-4BDE-8B70-CD5AE3B83176}" = Windows Live Essentials "{FEA0181F-3758-46DA-B7EC-F3CDFA7E0CE7}" = Помощник на Messenger "{FEEF7F78-5876-438B-B554-C4CC426A4302}" = Windows Live Essentials "{FF3DFA01-1E98-46B4-A065-DA8AD47C9598}" = Windows Live Movie Maker "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "{FFFA0584-8E3D-4195-8283-CCA3AD73C746}" = Windows Live Messenger "777 'The Modern Airliner Collection'" = 777 'The Modern Airliner Collection' "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9 "AnyDVD" = AnyDVD "AuranTS2009_ptp2_is1" = ProTrain Perfect 2 "Biet-O-Matic v2.14.8" = Biet-O-Matic v2.14.8 "Brutal Chess" = Brutal Chess "chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help "Cities XL 2011" = Cities XL 2011 "Cities XL 2012" = Cities XL 2012 "DVD Shrink DE_is1" = DVD Shrink 3.2 deutsch (DeCSS-frei) "DVD Shrink_is1" = DVD Shrink 3.2 "ElsterFormular 12.4.0.7094p" = ElsterFormular "FarmingSimulator2011DE_is1" = Landwirtschafts Simulator 2011 "FlightSim_{7D606567-5047-451A-B49E-29FCB6012B4E}" = Microsoft Flight Simulator X: Acceleration "Free Audio CD to MP3 Converter_is1" = Free Audio CD to MP3 Converter version 1.3.12.1228 "Free FLV Converter_is1" = Free FLV Converter V 7.3.0 "Free Video to MP3 Converter_is1" = Free Video to MP3 Converter version 5.0.6.221 "Free YouTube to DVD Converter_is1" = Free YouTube to DVD Converter version 3.0.9.221 "Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.18.403 "FS Global 2008 for FSX" = FS Global 2008 for FSX "FS2Crew: FSX PMDG 747 Edition Version 1.1" = FS2Crew: FSX PMDG 747 Edition Version 1.1 "Google Chrome" = Google Chrome "InstallShield_{22008CF9-2B54-4022-AFD8-3B7D42C89E6B}" = VAIO - PMB VAIO Edition Plug-in "InstallShield_{339F9B4D-00CB-4C1C-BED8-EC86A9AB602A}" = VAIO - PMB VAIO Edition Guide "InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver "InstallShield_{6748E773-5DA0-4D19-8AA5-273B4133A09B}" = SmartSound Quicktracks for Premiere Elements 9.0 "InstallShield_{7C80D30A-AC02-4E3F-B95D-29F0E4FF937B}" = VAIO Easy Connect "InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer "InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector "InstallShield_{F535B2CF-C9BB-4162-B03A-02D6971F32CC}" = Microsoft Flight Simulator X "IrfanView" = IrfanView (remove only) "Mozilla Firefox 14.0.1 (x86 de)" = Mozilla Firefox 14.0.1 (x86 de) "MozillaMaintenanceService" = Mozilla Maintenance Service "NIS" = Norton Internet Security "NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver "NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver "Office14.Click2Run" = Microsoft Office Klick-und-Los 2010 "RealPlayer 15.0" = RealPlayer "Rossmann Fotowelt Software" = Rossmann Fotowelt Software 4.9 "splashtop" = Quick Web Access "Star Wars: The Force Unleashed 2_is1" = Star Wars: The Force Unleashed 2 "Star Wars: The Force Unleashed_is1" = Star Wars: The Force Unleashed "Steam App 34030" = Napoleon: Total War "Steam App 48800" = Ship Simulator Extremes "Stellarium_is1" = Stellarium 0.10.6.1 "SystemRequirementsLab" = System Requirements Lab "Trusted Software Assistant_is1" = File Type Assistant "TuneUp Utilities 2011" = TuneUp Utilities 2011 "VAIO F Series - Summer 2011 Screensaver" = VAIO F Series - Summer 2011 Screensaver "VAIO Help and Support" = "WinLiveSuite" = Windows Live Essentials "WISO Mein Geld 2012 Professional" = WISO Mein Geld 2012 Professional "x730" = 737 Captain (737-100 Exterior Model) 0.1 ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "737 Pilot in Command (FSX - Vista)" = 737 Pilot in Command (FSX - Vista) "Caio Alpha" = Caio Alpha "Spandau Xtreme Part 2 - Going East V2 (Final)" = Spandau Xtreme Part 2 - Going East V2 (Final) ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 01.04.2012 13:12:06 | Computer Name = Admin-VAIO | Source = SideBySide | ID = 16842832 Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Admin\Downloads\SoftonicDownloader_fuer_bundesliga-ticker-und-mehr-gadget.exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Komponente 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Error - 01.04.2012 14:17:47 | Computer Name = Admin-VAIO | Source = Application Hang | ID = 1002 Description = Programm Explorer.EXE, Version 6.1.7601.17567 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 61c Startzeit: 01cd102539801dc2 Endzeit: 16 Anwendungspfad: C:\Windows\Explorer.EXE Berichts-ID: f91ff6c3-7c26-11e1-85d2-90004eb8723e Error - 01.04.2012 14:19:45 | Computer Name = Admin-VAIO | Source = SideBySide | ID = 16842832 Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Admin\Downloads\SoftonicDownloader_fuer_bundesliga-ticker-und-mehr-gadget.exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Komponente 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Error - 01.04.2012 14:21:20 | Computer Name = Admin-VAIO | Source = MsiInstaller | ID = 10005 Description = Error - 02.04.2012 12:54:29 | Computer Name = Admin-VAIO | Source = WinMgmt | ID = 10 Description = Error - 02.04.2012 16:34:35 | Computer Name = Admin-VAIO | Source = WinMgmt | ID = 10 Description = Error - 02.04.2012 16:39:51 | Computer Name = Admin-VAIO | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: Titanic.exe, Version: 1.0.0.0, Zeitstempel: 0x4be54ea6 Name des fehlerhaften Moduls: Game.dll, Version: 0.0.0.0, Zeitstempel: 0x4beeaa44 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0003663d ID des fehlerhaften Prozesses: 0x10d0 Startzeit der fehlerhaften Anwendung: 0x01cd11109e190abc Pfad der fehlerhaften Anwendung: G:\Program Files (x86)\Titanic - Der Tauchfahrt-Simulator\Titanic.exe Pfad des fehlerhaften Moduls: G:\Program Files (x86)\Titanic - Der Tauchfahrt-Simulator\Game.dll Berichtskennung: fe277da8-7d03-11e1-979a-90004eb8723e Error - 02.04.2012 16:56:25 | Computer Name = Admin-VAIO | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: Titanic.exe, Version: 1.0.0.0, Zeitstempel: 0x4be54ea6 Name des fehlerhaften Moduls: Titanic.exe, Version: 1.0.0.0, Zeitstempel: 0x4be54ea6 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0002a307 ID des fehlerhaften Prozesses: 0x788 Startzeit der fehlerhaften Anwendung: 0x01cd111162014adb Pfad der fehlerhaften Anwendung: G:\Program Files (x86)\Titanic - Der Tauchfahrt-Simulator\Titanic.exe Pfad des fehlerhaften Moduls: G:\Program Files (x86)\Titanic - Der Tauchfahrt-Simulator\Titanic.exe Berichtskennung: 4eace778-7d06-11e1-979a-90004eb8723e Error - 03.04.2012 13:54:36 | Computer Name = Admin-VAIO | Source = WinMgmt | ID = 10 Description = Error - 04.04.2012 12:01:35 | Computer Name = Admin-VAIO | Source = WinMgmt | ID = 10 Description = [ System Events ] Error - 07.08.2012 17:06:28 | Computer Name = Admin-VAIO | Source = Service Control Manager | ID = 7000 Description = Der Dienst "regi" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error - 07.08.2012 17:06:40 | Computer Name = Admin-VAIO | Source = Service Control Manager | ID = 7026 Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: SBRE Error - 07.08.2012 17:08:42 | Computer Name = Admin-VAIO | Source = Service Control Manager | ID = 7038 Description = Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: %%1330 Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC). Error - 07.08.2012 17:08:42 | Computer Name = Admin-VAIO | Source = Service Control Manager | ID = 7000 Description = Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet: %%1069 Error - 07.08.2012 17:08:43 | Computer Name = Admin-VAIO | Source = Service Control Manager | ID = 7009 Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Roxio Upnp Server 10 erreicht. Error - 08.08.2012 02:22:21 | Computer Name = Admin-VAIO | Source = Service Control Manager | ID = 7000 Description = Der Dienst "regi" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error - 08.08.2012 02:22:32 | Computer Name = Admin-VAIO | Source = Service Control Manager | ID = 7026 Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: SBRE Error - 08.08.2012 02:24:43 | Computer Name = Admin-VAIO | Source = Service Control Manager | ID = 7038 Description = Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: %%1330 Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC). Error - 08.08.2012 02:24:43 | Computer Name = Admin-VAIO | Source = Service Control Manager | ID = 7000 Description = Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet: %%1069 Error - 08.08.2012 02:24:43 | Computer Name = Admin-VAIO | Source = Service Control Manager | ID = 7009 Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Roxio Upnp Server 10 erreicht. < End of report > |
08.08.2012, 14:39 | #6 |
/// Helfer-Team | Trojaner Bundespolizei über Startseite der Telekom? Du sollst den Fix in OTL einfuegen und ausfuehren! NOCHMAL! Anleitung beachten!
__________________ --> Trojaner Bundespolizei über Startseite der Telekom? |
08.08.2012, 16:23 | #7 |
| Trojaner Bundespolizei über Startseite der Telekom? ------------------------- |
08.08.2012, 16:43 | #8 |
/// Helfer-Team | Trojaner Bundespolizei über Startseite der Telekom? |
08.08.2012, 17:08 | #9 |
| Trojaner Bundespolizei über Startseite der Telekom? Sorry, war etwas gaga. Habe Norten ausgeschaltet Dein LOG eingefügt in den OTL in gefixt. Hier das Ergebnis: All processes killed ========== OTL ========== HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully! 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2413}\ deleted successfully. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2413}\ not found. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully! Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2413}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2413}\ not found. HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully! HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully! HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully! HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully! HKEY_USERS\S-1-5-21-2315673442-75662965-3545331599-1000\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully! Registry key HKEY_USERS\S-1-5-21-2315673442-75662965-3545331599-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0D32BB32-FAC8-4FAB-9D91-D731E1E360ED}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0D32BB32-FAC8-4FAB-9D91-D731E1E360ED}\ not found. Registry key HKEY_USERS\S-1-5-21-2315673442-75662965-3545331599-1000\Software\Microsoft\Internet Explorer\SearchScopes\{1C50681D-D0D1-4AE6-80B3-155EBE051CA0}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1C50681D-D0D1-4AE6-80B3-155EBE051CA0}\ not found. Registry key HKEY_USERS\S-1-5-21-2315673442-75662965-3545331599-1000\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found. Registry key HKEY_USERS\S-1-5-21-2315673442-75662965-3545331599-1000\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2413}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2413}\ not found. Registry key HKEY_USERS\S-1-5-21-2315673442-75662965-3545331599-1000\Software\Microsoft\Internet Explorer\SearchScopes\{A19FFAC4-9B04-4D82-8B5D-60FCE80BD614}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A19FFAC4-9B04-4D82-8B5D-60FCE80BD614}\ not found. Registry key HKEY_USERS\S-1-5-21-2315673442-75662965-3545331599-1000\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}\ not found. Registry key HKEY_USERS\S-1-5-21-2315673442-75662965-3545331599-1000\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}\ not found. Registry key HKEY_USERS\S-1-5-21-2315673442-75662965-3545331599-1000\Software\Microsoft\Internet Explorer\SearchScopes\{E7D7061E-71BE-4A72-BD0D-C9685E35050B}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E7D7061E-71BE-4A72-BD0D-C9685E35050B}\ not found. HKU\S-1-5-21-2315673442-75662965-3545331599-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully! HKU\S-1-5-21-2315673442-75662965-3545331599-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully! Prefs.js: "MyStart Search" removed from browser.search.defaultenginename Prefs.js: "Searchqu Web Search" removed from browser.search.order.1 Prefs.js: "MyStart Search" removed from browser.search.selectedEngine Prefs.js: "www.t-online.de" removed from browser.startup.homepage Prefs.js: "hxxp://mystart.incredibar.com/mb119/?loc=IB_DS&a=6R8n1RX6lb&&i=26&search=" removed from keyword.URL 64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@adobe.com/FlashPlayer\ deleted successfully. File HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext not found. File HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext not found. File HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\IPSFFPlgn\ not found. File HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\coFFPlgn\ not found. Folder move failed. C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\COFFPLGN\content scheduled to be moved on reboot. Folder move failed. C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\COFFPLGN\components scheduled to be moved on reboot. Folder move failed. C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\COFFPLGN\chrome\skin scheduled to be moved on reboot. Folder move failed. C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\COFFPLGN\chrome scheduled to be moved on reboot. Folder move failed. C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\COFFPLGN scheduled to be moved on reboot. Use Chrome's Settings page to change the HomePage. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} deleted successfully. Unable to delete registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}\ . File move failed. C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\coIEPlg.dll scheduled to be moved on reboot. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 deleted successfully. Registry value HKEY_USERS\S-1-5-21-2315673442-75662965-3545331599-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} deleted successfully. Unable to delete registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}\ . File move failed. C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\coIEPlg.dll scheduled to be moved on reboot. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDrives deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully. Registry value HKEY_USERS\S-1-5-21-2315673442-75662965-3545331599-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDrives deleted successfully. Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93} 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully. Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found. Starting removal of ActiveX control {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ deleted successfully. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ deleted successfully. Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ deleted successfully. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ not found. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ not found. Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found. Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93} Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found. Starting removal of ActiveX control {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}\ deleted successfully. Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}\ not found. Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found. 64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully! File move failed. D:\autorun.inf scheduled to be moved on reboot. C:\ProgramData\Temp folder moved successfully. C:\ProgramData\kgnmfdbppprcnfq folder moved successfully. ADS C:\Users\Admin\Documents\Liebe Grüße von den drei Bohlenders.eml:OECustomProperty deleted successfully. ADS C:\Users\Admin\Documents\Order Process.eml:OECustomProperty deleted successfully. Unable to delete ADS C:\ProgramData\Temp:CB0AACC9 . C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\5gg5j44k.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\components folder moved successfully. C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\5gg5j44k.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\searchbar folder moved successfully. C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\5gg5j44k.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\options folder moved successfully. C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\5gg5j44k.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\weatherbutton\panels\images folder moved successfully. C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\5gg5j44k.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\weatherbutton\panels folder moved successfully. C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\5gg5j44k.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\weatherbutton\icons folder moved successfully. C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\5gg5j44k.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\weatherbutton folder moved successfully. C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\5gg5j44k.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\uwa folder moved successfully. C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\5gg5j44k.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\radio\images folder moved successfully. C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\5gg5j44k.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\radio\css folder moved successfully. C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\5gg5j44k.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\radio folder moved successfully. C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\5gg5j44k.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\images folder moved successfully. C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\5gg5j44k.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\default\scripts folder moved successfully. C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\5gg5j44k.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\default\images folder moved successfully. C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\5gg5j44k.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\default\css folder moved successfully. C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\5gg5j44k.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\default folder moved successfully. C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\5gg5j44k.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\css folder moved successfully. C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\5gg5j44k.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels folder moved successfully. C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\5gg5j44k.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib folder moved successfully. C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\5gg5j44k.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin folder moved successfully. C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\5gg5j44k.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\widgets\net.vmn.www.PPCBully folder moved successfully. C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\5gg5j44k.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\widgets folder moved successfully. C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\5gg5j44k.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\modules folder moved successfully. C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\5gg5j44k.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\lib folder moved successfully. C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\5gg5j44k.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\data\search folder moved successfully. C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\5gg5j44k.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\data folder moved successfully. C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\5gg5j44k.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content folder moved successfully. C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\5gg5j44k.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome folder moved successfully. C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\5gg5j44k.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7} folder moved successfully. C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\5gg5j44k.default\extensions\info@bflix.info\content folder moved successfully. C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\5gg5j44k.default\extensions\info@bflix.info folder moved successfully. C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml moved successfully. C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml moved successfully. C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml moved successfully. C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml moved successfully. C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml moved successfully. C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml moved successfully. C:\Users\Admin\AppData\Roaming\{90140011-0066-0407-0000-0000000FF1CE} folder moved successfully. C:\Qoobox\Quarantine\Registry_backups folder moved successfully. C:\Qoobox\Quarantine\C\Users\Admin\AppData\Roaming\Roaming\Quest3D\ShipSimExtreme folder moved successfully. C:\Qoobox\Quarantine\C\Users\Admin\AppData\Roaming\Roaming\Quest3D folder moved successfully. C:\Qoobox\Quarantine\C\Users\Admin\AppData\Roaming\Roaming folder moved successfully. C:\Qoobox\Quarantine\C\Users\Admin\AppData\Roaming folder moved successfully. C:\Qoobox\Quarantine\C\Users\Admin\AppData folder moved successfully. C:\Qoobox\Quarantine\C\Users\Admin folder moved successfully. C:\Qoobox\Quarantine\C\Users folder moved successfully. C:\Qoobox\Quarantine\C\ProgramData folder moved successfully. C:\Qoobox\Quarantine\C\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\components folder moved successfully. C:\Qoobox\Quarantine\C\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\searchbar folder moved successfully. C:\Qoobox\Quarantine\C\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\options folder moved successfully. C:\Qoobox\Quarantine\C\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images folder moved successfully. C:\Qoobox\Quarantine\C\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels folder moved successfully. C:\Qoobox\Quarantine\C\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\icons folder moved successfully. C:\Qoobox\Quarantine\C\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton folder moved successfully. C:\Qoobox\Quarantine\C\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa folder moved successfully. C:\Qoobox\Quarantine\C\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images folder moved successfully. C:\Qoobox\Quarantine\C\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\css folder moved successfully. C:\Qoobox\Quarantine\C\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio folder moved successfully. C:\Qoobox\Quarantine\C\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images folder moved successfully. C:\Qoobox\Quarantine\C\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\scripts folder moved successfully. C:\Qoobox\Quarantine\C\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images folder moved successfully. C:\Qoobox\Quarantine\C\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\css folder moved successfully. C:\Qoobox\Quarantine\C\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default folder moved successfully. C:\Qoobox\Quarantine\C\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\css folder moved successfully. C:\Qoobox\Quarantine\C\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels folder moved successfully. C:\Qoobox\Quarantine\C\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib folder moved successfully. C:\Qoobox\Quarantine\C\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin folder moved successfully. C:\Qoobox\Quarantine\C\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.PPCBully folder moved successfully. C:\Qoobox\Quarantine\C\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\widgets folder moved successfully. C:\Qoobox\Quarantine\C\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\modules folder moved successfully. C:\Qoobox\Quarantine\C\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib folder moved successfully. C:\Qoobox\Quarantine\C\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\data\search folder moved successfully. C:\Qoobox\Quarantine\C\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\data folder moved successfully. C:\Qoobox\Quarantine\C\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content folder moved successfully. C:\Qoobox\Quarantine\C\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome folder moved successfully. C:\Qoobox\Quarantine\C\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar folder moved successfully. C:\Qoobox\Quarantine\C\Program Files (x86)\Windows Searchqu Toolbar\Datamngr folder moved successfully. C:\Qoobox\Quarantine\C\Program Files (x86)\Windows Searchqu Toolbar folder moved successfully. C:\Qoobox\Quarantine\C\Program Files (x86) folder moved successfully. C:\Qoobox\Quarantine\C folder moved successfully. C:\Qoobox\Quarantine folder moved successfully. Folder move failed. C:\Qoobox\BackEnv scheduled to be moved on reboot. C:\Qoobox folder moved successfully. C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job moved successfully. C:\Windows\Tasks\Adobe Flash Player Updater.job moved successfully. C:\Users\Admin\AppData\Local\{df2b8479-42c0-3a35-8d9f-5097004778d7}\@ moved successfully. ========== FILES ========== < ipconfig /flushdns /c > Windows-IP-Konfiguration Der DNS-Aufl”sungscache wurde geleert. C:\Users\Admin\Downloads\cmd.bat deleted successfully. C:\Users\Admin\Downloads\cmd.txt deleted successfully. ========== COMMANDS ========== [EMPTYTEMP] User: Admin ->Temp folder emptied: 1316028 bytes ->Temporary Internet Files folder emptied: 6405736 bytes ->Java cache emptied: 2804324 bytes ->FireFox cache emptied: 59519943 bytes ->Google Chrome cache emptied: 0 bytes ->Flash cache emptied: 56997 bytes User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 56502 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Katrin Bohlender ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 5512032 bytes ->Java cache emptied: 0 bytes ->Flash cache emptied: 57008 bytes User: Public ->Temp folder emptied: 0 bytes User: UpdatusUser ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 56502 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 200704 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 525308 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 237585 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 73,00 mb [EMPTYFLASH] User: Admin ->Flash cache emptied: 0 bytes User: All Users User: Default ->Flash cache emptied: 0 bytes User: Default User ->Flash cache emptied: 0 bytes User: Kaxxxx Boxxxxer ->Flash cache emptied: 0 bytes User: Public User: UpdatusUser ->Flash cache emptied: 0 bytes Total Flash Files Cleaned = 0,00 mb OTL by OldTimer - Version 3.2.56.0 log created on 08082012_180340 Files\Folders moved on Reboot... Folder move failed. C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\COFFPLGN\content scheduled to be moved on reboot. Folder move failed. C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\COFFPLGN\components scheduled to be moved on reboot. Folder move failed. C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\COFFPLGN\chrome\skin scheduled to be moved on reboot. Folder move failed. C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\COFFPLGN\chrome\skin scheduled to be moved on reboot. Folder move failed. C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\COFFPLGN\chrome scheduled to be moved on reboot. Folder move failed. C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\COFFPLGN\content scheduled to be moved on reboot. Folder move failed. C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\COFFPLGN\components scheduled to be moved on reboot. Folder move failed. C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\COFFPLGN\chrome\skin scheduled to be moved on reboot. Folder move failed. C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\COFFPLGN\chrome scheduled to be moved on reboot. Folder move failed. C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\COFFPLGN scheduled to be moved on reboot. File move failed. C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\coIEPlg.dll scheduled to be moved on reboot. File move failed. D:\autorun.inf scheduled to be moved on reboot. File\Folder C:\Qoobox\BackEnv not found! C:\Users\Admin\AppData\Local\Temp\Low\REG8326.tmp moved successfully. C:\Users\Admin\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully. C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\RD4B0A5J\121332-trojaner-bundespolizei-startseite-telekom[1].htm moved successfully. C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat moved successfully. C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully. PendingFileRenameOperations files... File C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\COFFPLGN\content not found! File C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\COFFPLGN\components not found! File C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\COFFPLGN\chrome\skin not found! File C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\COFFPLGN\chrome not found! File C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\COFFPLGN not found! [2012.05.10 02:42:05 | 000,502,200 | R--- | M] (Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\coIEPlg.dll : MD5=8E90564550214FF2AB781985A54E6F42 [2010.09.20 09:59:24 | 000,000,062 | R--- | M] () D:\autorun.inf : MD5=11D8C839E7F7C332D098B741805864CE File C:\Qoobox\BackEnv not found! File C:\Users\Admin\AppData\Local\Temp\Low\REG8326.tmp not found! File C:\Users\Admin\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found! File C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\RD4B0A5J\121332-trojaner-bundespolizei-startseite-telekom[1].htm not found! File C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat not found! File C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT not found! Registry entries deleted on Reboot... |
08.08.2012, 19:07 | #10 |
/// Helfer-Team | Trojaner Bundespolizei über Startseite der Telekom? Sehr gut! Wie laeuft der Rechner? 1. Schritt Bitte einen Vollscan mit Malwarebytes Anti-Malware machen und Log posten.danach: 2. Schritt Downloade Dir bitte AdwCleaner auf deinen Desktop.
|
08.08.2012, 20:41 | #11 |
| Trojaner Bundespolizei über Startseite der Telekom? So, hier der Malwarebericht: Malwarebytes Anti-Malware (Test) 1.62.0.1300 Malwarebytes : Free Anti-Malware download Datenbank Version: v2012.08.08.08 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Admin :: ADMIN-VAIO [Administrator] Schutz: Deaktiviert 08.08.2012 20:42:15 mbam-log-2012-08-08 (20-42-15).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|E:\|F:\|G:\|L:\|O:\|Q:\|S:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 649298 Laufzeit: 53 Minute(n), 55 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) und hier der AdwCleaner Bericht: # AdwCleaner v1.800 - Logfile created 08/08/2012 at 21:39:50 # Updated 01/08/2012 by Xplode # Operating system : Windows 7 Home Premium Service Pack 1 (64 bits) # User : Admin - ADMIN-VAIO # Running from : C:\Users\Admin\Downloads\adwcleaner.exe # Option [Search] ***** [Services] ***** ***** [Files / Folders] ***** Folder Found : C:\Users\Admin\AppData\LocalLow\PriceGong Folder Found : C:\Users\Admin\AppData\LocalLow\Searchqutoolbar Folder Found : C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5gg5j44k.default\Searchqutoolbar Folder Found : C:\ProgramData\boost_interprocess Folder Found : C:\ProgramData\InstallMate Folder Found : C:\Program Files (x86)\Mozilla Firefox\Extensions\quickstores@quickstores.de File Found : C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\QuickStores.url File Found : C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5gg5j44k.default\searchplugins\MyStart Search.xml File Found : C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5gg5j44k.default\searchplugins\SearchResults.xml File Found : C:\Program Files (x86)\Mozilla Firefox\searchplugins\SearchResults.xml ***** [Registry] ***** Key Found : HKCU\Software\AppDataLow\Software\PriceGong Key Found : HKCU\Software\IM Key Found : HKCU\Software\ImInstaller Key Found : HKCU\Software\Softonic Key Found : HKLM\SOFTWARE\Classes\AppID\PriceGongIE.DLL Key Found : HKLM\SOFTWARE\Freeze.com Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\bkomkajifikmkfnjgphkjcfeepbnojok Key Found : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASAPI32 Key Found : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASMANCS Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASAPI32 Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASMANCS Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASAPI32 Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASMANCS Value Found : HKCU\Software\Mozilla\Firefox\Extensions [{8a9386b4-e958-4c4c-adf4-8f26db3e4829}] [x64] Key Found : HKCU\Software\AppDataLow\Software\PriceGong [x64] Key Found : HKCU\Software\IM [x64] Key Found : HKCU\Software\ImInstaller [x64] Key Found : HKCU\Software\Softonic [x64] Key Found : HKLM\SOFTWARE\Classes\AppID\PriceGongIE.DLL [x64] Value Found : HKCU\Software\Mozilla\Firefox\Extensions [{8a9386b4-e958-4c4c-adf4-8f26db3e4829}] ***** [Registre - GUID] ***** Key Found : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826} Key Found : HKLM\SOFTWARE\Classes\AppID\{835315FC-1BF6-4CA9-80CD-F6C158D40692} Key Found : HKLM\SOFTWARE\Classes\Interface\{7D86A08B-0A8F-4BE0-B693-F05E6947E780} Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{99079A25-328F-4BD4-BE04-00955ACAA0A7} [x64] Key Found : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826} [x64] Key Found : HKLM\SOFTWARE\Classes\AppID\{835315FC-1BF6-4CA9-80CD-F6C158D40692} ***** [Internet Browsers] ***** -\\ Internet Explorer v9.0.8112.16421 [OK] Registry is clean. -\\ Mozilla Firefox v14.0.1 (de) Profile name : default File : C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5gg5j44k.default\prefs.js Found : user_pref("extensions.3499ur3ur4hfsudfs.scode", "(function(){try{if('mystart.incredibar.com,premiumr[...] Found : user_pref("extensions.incredibar_i.aflt", "orgnl"); Found : user_pref("extensions.incredibar_i.dfltLng", ""); Found : user_pref("extensions.incredibar_i.did", "10606"); Found : user_pref("extensions.incredibar_i.excTlbr", false); Found : user_pref("extensions.incredibar_i.id", "e60fa24300000000000090004eb8723d"); Found : user_pref("extensions.incredibar_i.installerproductid", "26"); Found : user_pref("extensions.incredibar_i.instlDay", "15415"); Found : user_pref("extensions.incredibar_i.instlRef", ""); Found : user_pref("extensions.incredibar_i.ms_url_id", ""); Found : user_pref("extensions.incredibar_i.newTab", false); Found : user_pref("extensions.incredibar_i.ppd", "27%5F3"); Found : user_pref("extensions.incredibar_i.prdct", "incredibar"); Found : user_pref("extensions.incredibar_i.productid", "26"); Found : user_pref("extensions.incredibar_i.prtnrId", "Incredibar"); Found : user_pref("extensions.incredibar_i.smplGrp", "none"); Found : user_pref("extensions.incredibar_i.tlbrId", "base"); Found : user_pref("extensions.incredibar_i.tlbrSrchUrl", "hxxp://mystart.Incredibar.com/?a=6R8n1RX6lb&loc=IB[...] Found : user_pref("extensions.incredibar_i.upn2", "6R8n1RX6lb"); Found : user_pref("extensions.incredibar_i.upn2n", "92824025909213265"); Found : user_pref("extensions.incredibar_i.vrsn", "1.5.11.14"); Found : user_pref("extensions.incredibar_i.vrsnTs", "1.5.11.1421:17:39"); Found : user_pref("extensions.incredibar_i.vrsni", "1.5.11.14"); -\\ Google Chrome v21.0.1180.60 File : C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences Found : "homepage": "hxxp://www.searchqu.com/413", Found : "urls_to_restore_on_startup": [ "hxxp://www.searchqu.com/413" ] Found : "homepage": "hxxp://www.searchqu.com/413", Found : "urls_to_restore_on_startup": [ "hxxp://www.searchqu.com/413" ] ************************* AdwCleaner[R1].txt - [5312 octets] - [08/08/2012 21:39:50] ########## EOF - C:\AdwCleaner[R1].txt - [5440 octets] ########## Ich hoffe, das System ist clean. |
08.08.2012, 20:43 | #12 |
/// Helfer-Team | Trojaner Bundespolizei über Startseite der Telekom? Sehr gut!
danach: Malware-Scan mit Emsisoft Anti-Malware Lade die Gratisversion von => Emsisoft Anti-Malware herunter und installiere das Programm. Lade über Jetzt Updaten die aktuellen Signaturen herunter. Wähle den Freeware-Modus aus. Wähle Detail Scan und starte über den Button Scan die Überprüfung des Computers. Am Ende des Scans nichts loeschen lassen!. Mit Klick auf Bericht speichern das Logfile auf dem Desktop speichern und hier in den Thread posten. Anleitung: http://www.trojaner-board.de/103809-...i-malware.html |
08.08.2012, 21:14 | #13 |
| Trojaner Bundespolizei über Startseite der Telekom? Das ist der Malware Log: Malwarebytes Anti-Malware (Test) 1.62.0.1300 Malwarebytes : Free Anti-Malware download Datenbank Version: v2012.08.08.08 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Admin :: ADMIN-VAIO [Administrator] Schutz: Deaktiviert 08.08.2012 20:42:15 mbam-log-2012-08-08 (20-42-15).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|E:\|F:\|G:\|L:\|O:\|Q:\|S:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 649298 Laufzeit: 53 Minute(n), 55 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) und dass der adwcleaner: # AdwCleaner v1.800 - Logfile created 08/08/2012 at 21:39:50 # Updated 01/08/2012 by Xplode # Operating system : Windows 7 Home Premium Service Pack 1 (64 bits) # User : Admin - ADMIN-VAIO # Running from : C:\Users\Admin\Downloads\adwcleaner.exe # Option [Search] ***** [Services] ***** ***** [Files / Folders] ***** Folder Found : C:\Users\Admin\AppData\LocalLow\PriceGong Folder Found : C:\Users\Admin\AppData\LocalLow\Searchqutoolbar Folder Found : C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5gg5j44k.default\Searchqutoolbar Folder Found : C:\ProgramData\boost_interprocess Folder Found : C:\ProgramData\InstallMate Folder Found : C:\Program Files (x86)\Mozilla Firefox\Extensions\quickstores@quickstores.de File Found : C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\QuickStores.url File Found : C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5gg5j44k.default\searchplugins\MyStart Search.xml File Found : C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5gg5j44k.default\searchplugins\SearchResults.xml File Found : C:\Program Files (x86)\Mozilla Firefox\searchplugins\SearchResults.xml ***** [Registry] ***** Key Found : HKCU\Software\AppDataLow\Software\PriceGong Key Found : HKCU\Software\IM Key Found : HKCU\Software\ImInstaller Key Found : HKCU\Software\Softonic Key Found : HKLM\SOFTWARE\Classes\AppID\PriceGongIE.DLL Key Found : HKLM\SOFTWARE\Freeze.com Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\bkomkajifikmkfnjgphkjcfeepbnojok Key Found : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASAPI32 Key Found : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASMANCS Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASAPI32 Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASMANCS Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASAPI32 Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASMANCS Value Found : HKCU\Software\Mozilla\Firefox\Extensions [{8a9386b4-e958-4c4c-adf4-8f26db3e4829}] [x64] Key Found : HKCU\Software\AppDataLow\Software\PriceGong [x64] Key Found : HKCU\Software\IM [x64] Key Found : HKCU\Software\ImInstaller [x64] Key Found : HKCU\Software\Softonic [x64] Key Found : HKLM\SOFTWARE\Classes\AppID\PriceGongIE.DLL [x64] Value Found : HKCU\Software\Mozilla\Firefox\Extensions [{8a9386b4-e958-4c4c-adf4-8f26db3e4829}] ***** [Registre - GUID] ***** Key Found : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826} Key Found : HKLM\SOFTWARE\Classes\AppID\{835315FC-1BF6-4CA9-80CD-F6C158D40692} Key Found : HKLM\SOFTWARE\Classes\Interface\{7D86A08B-0A8F-4BE0-B693-F05E6947E780} Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{99079A25-328F-4BD4-BE04-00955ACAA0A7} [x64] Key Found : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826} [x64] Key Found : HKLM\SOFTWARE\Classes\AppID\{835315FC-1BF6-4CA9-80CD-F6C158D40692} ***** [Internet Browsers] ***** -\\ Internet Explorer v9.0.8112.16421 [OK] Registry is clean. -\\ Mozilla Firefox v14.0.1 (de) Profile name : default File : C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5gg5j44k.default\prefs.js Found : user_pref("extensions.3499ur3ur4hfsudfs.scode", "(function(){try{if('mystart.incredibar.com,premiumr[...] Found : user_pref("extensions.incredibar_i.aflt", "orgnl"); Found : user_pref("extensions.incredibar_i.dfltLng", ""); Found : user_pref("extensions.incredibar_i.did", "10606"); Found : user_pref("extensions.incredibar_i.excTlbr", false); Found : user_pref("extensions.incredibar_i.id", "e60fa24300000000000090004eb8723d"); Found : user_pref("extensions.incredibar_i.installerproductid", "26"); Found : user_pref("extensions.incredibar_i.instlDay", "15415"); Found : user_pref("extensions.incredibar_i.instlRef", ""); Found : user_pref("extensions.incredibar_i.ms_url_id", ""); Found : user_pref("extensions.incredibar_i.newTab", false); Found : user_pref("extensions.incredibar_i.ppd", "27%5F3"); Found : user_pref("extensions.incredibar_i.prdct", "incredibar"); Found : user_pref("extensions.incredibar_i.productid", "26"); Found : user_pref("extensions.incredibar_i.prtnrId", "Incredibar"); Found : user_pref("extensions.incredibar_i.smplGrp", "none"); Found : user_pref("extensions.incredibar_i.tlbrId", "base"); Found : user_pref("extensions.incredibar_i.tlbrSrchUrl", "hxxp://mystart.Incredibar.com/?a=6R8n1RX6lb&loc=IB[...] Found : user_pref("extensions.incredibar_i.upn2", "6R8n1RX6lb"); Found : user_pref("extensions.incredibar_i.upn2n", "92824025909213265"); Found : user_pref("extensions.incredibar_i.vrsn", "1.5.11.14"); Found : user_pref("extensions.incredibar_i.vrsnTs", "1.5.11.1421:17:39"); Found : user_pref("extensions.incredibar_i.vrsni", "1.5.11.14"); -\\ Google Chrome v21.0.1180.60 File : C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences Found : "homepage": "hxxp://www.searchqu.com/413", Found : "urls_to_restore_on_startup": [ "hxxp://www.searchqu.com/413" ] Found : "homepage": "hxxp://www.searchqu.com/413", Found : "urls_to_restore_on_startup": [ "hxxp://www.searchqu.com/413" ] ************************* AdwCleaner[R1].txt - [5312 octets] - [08/08/2012 21:39:50] ########## EOF - C:\AdwCleaner[R1].txt - [5440 octets] ########## SOrry die werte kommen gleich! Hier schon mal die AdwCleane Auswertung. Anti Malware orgelt noch: # AdwCleaner v1.800 - Logfile created 08/08/2012 at 22:19:53 # Updated 01/08/2012 by Xplode # Operating system : Windows 7 Home Premium Service Pack 1 (64 bits) # User : Admin - ADMIN-VAIO # Running from : C:\Users\Admin\Downloads\adwcleaner.exe # Option [Delete] ***** [Services] ***** ***** [Files / Folders] ***** Folder Deleted : C:\Users\Admin\AppData\LocalLow\PriceGong Folder Deleted : C:\Users\Admin\AppData\LocalLow\Searchqutoolbar Folder Deleted : C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5gg5j44k.default\Searchqutoolbar Folder Deleted : C:\ProgramData\boost_interprocess Folder Deleted : C:\ProgramData\InstallMate Folder Deleted : C:\Program Files (x86)\Mozilla Firefox\Extensions\quickstores@quickstores.de File Deleted : C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\QuickStores.url File Deleted : C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5gg5j44k.default\searchplugins\MyStart Search.xml File Deleted : C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5gg5j44k.default\searchplugins\SearchResults.xml File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\SearchResults.xml ***** [Registry] ***** Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong Key Deleted : HKCU\Software\IM Key Deleted : HKCU\Software\ImInstaller Key Deleted : HKCU\Software\Softonic Key Deleted : HKLM\SOFTWARE\Classes\AppID\PriceGongIE.DLL Key Deleted : HKLM\SOFTWARE\Freeze.com Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\bkomkajifikmkfnjgphkjcfeepbnojok Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASMANCS Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASMANCS Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASMANCS Value Deleted : HKCU\Software\Mozilla\Firefox\Extensions [{8a9386b4-e958-4c4c-adf4-8f26db3e4829}] ***** [Registre - GUID] ***** Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{835315FC-1BF6-4CA9-80CD-F6C158D40692} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7D86A08B-0A8F-4BE0-B693-F05E6947E780} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{99079A25-328F-4BD4-BE04-00955ACAA0A7} ***** [Internet Browsers] ***** -\\ Internet Explorer v9.0.8112.16421 [OK] Registry is clean. -\\ Mozilla Firefox v14.0.1 (de) Profile name : default File : C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5gg5j44k.default\prefs.js C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5gg5j44k.default\user.js ... Deleted ! Deleted : user_pref("extensions.3499ur3ur4hfsudfs.scode", "(function(){try{if('mystart.incredibar.com,premiumr[...] Deleted : user_pref("extensions.incredibar_i.aflt", "orgnl"); Deleted : user_pref("extensions.incredibar_i.dfltLng", ""); Deleted : user_pref("extensions.incredibar_i.did", "10606"); Deleted : user_pref("extensions.incredibar_i.excTlbr", false); Deleted : user_pref("extensions.incredibar_i.id", "e60fa24300000000000090004eb8723d"); Deleted : user_pref("extensions.incredibar_i.installerproductid", "26"); Deleted : user_pref("extensions.incredibar_i.instlDay", "15415"); Deleted : user_pref("extensions.incredibar_i.instlRef", ""); Deleted : user_pref("extensions.incredibar_i.ms_url_id", ""); Deleted : user_pref("extensions.incredibar_i.newTab", false); Deleted : user_pref("extensions.incredibar_i.ppd", "27%5F3"); Deleted : user_pref("extensions.incredibar_i.prdct", "incredibar"); Deleted : user_pref("extensions.incredibar_i.productid", "26"); Deleted : user_pref("extensions.incredibar_i.prtnrId", "Incredibar"); Deleted : user_pref("extensions.incredibar_i.smplGrp", "none"); Deleted : user_pref("extensions.incredibar_i.tlbrId", "base"); Deleted : user_pref("extensions.incredibar_i.tlbrSrchUrl", "hxxp://mystart.Incredibar.com/?a=6R8n1RX6lb&loc=IB[...] Deleted : user_pref("extensions.incredibar_i.upn2", "6R8n1RX6lb"); Deleted : user_pref("extensions.incredibar_i.upn2n", "92824025909213265"); Deleted : user_pref("extensions.incredibar_i.vrsn", "1.5.11.14"); Deleted : user_pref("extensions.incredibar_i.vrsnTs", "1.5.11.1421:17:39"); Deleted : user_pref("extensions.incredibar_i.vrsni", "1.5.11.14"); -\\ Google Chrome v21.0.1180.60 File : C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences Deleted : "homepage": "hxxp://www.searchqu.com/413", Deleted : "urls_to_restore_on_startup": [ "hxxp://www.searchqu.com/413" ] Deleted : "homepage": "hxxp://www.searchqu.com/413", Deleted : "urls_to_restore_on_startup": [ "hxxp://www.searchqu.com/413" ] ************************* AdwCleaner[R1].txt - [5425 octets] - [08/08/2012 21:39:50] AdwCleaner[S1].txt - [5040 octets] - [08/08/2012 22:19:53] ########## EOF - C:\AdwCleaner[S1].txt - [5168 octets] ########## Das ist der antimalware bericht: Emsisoft Anti-Malware - Version 6.6 Letztes Update: 08.08.2012 22:25:39 Scan Einstellungen: Scan Methode: Detail Scan Objekte: Rootkits, Speicher, Traces, C:\, E:\, F:\, G:\, L:\, O:\, Q:\, S:\ Archiv Scan: An ADS Scan: An Scan Beginn: 08.08.2012 22:25:51 c:\program files (x86)\gamespy arcade gefunden: Trace.File.gamespy arcade!E1 c:\program files (x86)\gamespy arcade\install.log gefunden: Trace.File.gamespy arcade!E1 S:\Program Files (x86)\LucasArts\Star Wars Empire at War\LaunchEAW.exe gefunden: Riskware.Crack.StarWarsEAW!E2 Gescannt 835968 Gefunden 3 Scan Ende: 08.08.2012 23:26:15 Scan Zeit: 1:00:24 S:\Program Files (x86)\LucasArts\Star Wars Empire at War\LaunchEAW.exe Quarantäne Riskware.Crack.StarWarsEAW!E2 c:\program files (x86)\gamespy arcade Quarantäne Trace.File.gamespy arcade!E1 c:\program files (x86)\gamespy arcade\install.log Quarantäne Trace.File.gamespy arcade!E1 Quarantäne 3 |
09.08.2012, 08:37 | #14 |
/// Helfer-Team | Trojaner Bundespolizei über Startseite der Telekom? Sehr gut! Deinstalliere: Emsisoft Anti-Malware ESET Online Scanner Vorbereitung
|
09.08.2012, 18:49 | #15 |
| Trojaner Bundespolizei über Startseite der Telekom? ESETSmartInstaller@High as downloader log: all ok esets_scanner_update returned -1 esets_gle=12 # version=7 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6583 # api_version=3.0.2 # EOSSerial=c5e1de035a01d148bffe47837aa1b225 # end=finished # remove_checked=true # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2012-08-09 05:27:25 # local_time=2012-08-09 07:27:25 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # lang=1033 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode=512 16777215 100 0 338471 338471 0 0 # compatibility_mode=3588 16777214 85 67 513374 13237555 0 0 # compatibility_mode=5893 16776573 100 94 166442 96156889 0 0 # compatibility_mode=8192 67108863 100 0 168 168 0 0 # scanned=425151 # found=0 # cleaned=0 # scan_time=6236 |
Themen zu Trojaner Bundespolizei über Startseite der Telekom? |
abgesicherten, bericht, bildschirm, ebenfalls, eingefangen, email, essen, frage, gefangen, gen, grundsätzliche, laufen, melde, meldet, microsoft, modus, nichts, norten, programme, rechner, security, seite, startseite, telekom, trojaner |