![]() |
Plagegeister aller Art und deren Bekämpfung: BUNDESTROJANER eingefangen! Was nun?Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
![]() |
![]() | #1 |
| ![]() BUNDESTROJANER eingefangen! Was nun? Hallo, ich hab mich grad so sehr erschrocken ![]() Befinde mich jetzt im "abgesichterten Modus". Wo kann ich OTL runterladen? und welche Schritte muss ich weiter gehen? Bitte um Hilfe. Habe wichtige Daten auf meinem Laptop. Betriebssystem: Vista Lg Queeny SCAN von OTL Ergebnis OTL.txt Code:
ATTFilter OTL logfile created on: 07.08.2012 02:23:26 - Run 1 OTL by OldTimer - Version Folder = C:\Users\Jodi Jean\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 2,45 Gb Available Physical Memory | 81,76% Memory free 6,19 Gb Paging File | 5,87 Gb Available in Paging File | 94,79% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 287,71 Gb Total Space | 155,00 Gb Free Space | 53,87% Space Free | Partition Type: NTFS Computer Name: BEBI-PC | User Name: Jodi Jean | Logged in as Administrator. Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.08.07 01:49:02 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Jodi Jean\Desktop\OTL.exe PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2008.01.21 04:25:33 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe ========== Modules (No Company Name) ========== MOD - [2012.01.08 15:41:12 | 000,093,696 | ---- | M] () -- C:\Programme\FileZilla FTP Client\fzshellext.dll MOD - [2011.05.28 23:04:56 | 000,140,288 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll MOD - [2011.03.17 01:11:16 | 004,297,568 | ---- | M] () -- C:\Programme\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF ========== Win32 Services (SafeList) ========== SRV - [2012.08.06 13:40:00 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.07.18 21:21:55 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.03.06 17:29:06 | 000,392,344 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Sony Shared\SOHLib\SOHDms.exe -- (SOHDms) SRV - [2012.03.06 17:29:06 | 000,093,336 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe -- (SOHPlMgr) SRV - [2012.03.06 17:29:06 | 000,076,952 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Sony Shared\SOHLib\SOHDs.exe -- (SOHDs) SRV - [2012.03.06 17:29:04 | 000,122,008 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Sony Shared\SOHLib\SOHCImp.exe -- (SOHCImp) SRV - [2012.03.06 17:29:04 | 000,072,856 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe -- (SOHDBSvr) SRV - [2012.01.13 10:53:48 | 000,939,624 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\sony\VAIO Update Common\VUAgent.exe -- (VUAgent) SRV - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2011.09.22 13:03:30 | 000,974,944 | ---- | M] (ESET) [Auto | Stopped] -- C:\Programme\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn) SRV - [2011.09.08 17:48:34 | 005,554,552 | ---- | M] (Wacom Technology, Corp.) [Auto | Stopped] -- C:\Programme\Tablet\Pen\Pen_Tablet.exe -- (TabletServicePen) SRV - [2011.09.08 17:48:34 | 000,451,960 | ---- | M] (Wacom Technology, Corp.) [Auto | Stopped] -- C:\Programme\Tablet\Pen\Pen_TouchService.exe -- (TouchServicePen) SRV - [2011.06.12 12:15:00 | 031,125,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service) SRV - [2011.05.21 07:01:00 | 002,214,504 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Programme\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService) SRV - [2011.04.22 14:21:10 | 000,092,592 | ---- | M] (TomTom) [Auto | Stopped] -- C:\Programme\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService) SRV - [2011.03.28 21:31:14 | 001,713,536 | ---- | M] (Microsoft Corp.) [Auto | Stopped] -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2010.03.18 12:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon) SRV - [2010.02.19 14:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Programme\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard) SRV - [2010.01.09 22:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc) SRV - [2010.01.09 22:18:00 | 000,149,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose) SRV - [2009.09.16 14:27:12 | 000,480,624 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe -- (VcmIAlzMgr) SRV - [2009.09.11 12:33:54 | 000,009,216 | ---- | M] (Vodafone) [Auto | Stopped] -- C:\Programme\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe -- (VMCService) SRV - [2009.09.08 19:09:14 | 000,083,312 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe -- (VcmXmlIfHelper) SRV - [2009.07.21 15:49:00 | 000,239,648 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2009.05.21 15:28:38 | 000,874,768 | ---- | M] (Intel(R) Corporation) [Auto | Stopped] -- C:\Programme\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) SRV - [2009.05.21 14:04:14 | 000,473,360 | ---- | M] (Intel(R) Corporation) [Auto | Stopped] -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) SRV - [2009.04.02 01:15:30 | 000,114,688 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR) SRV - [2009.03.05 19:47:40 | 000,313,264 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe -- (Vcsw) SRV - [2009.03.05 19:47:40 | 000,192,512 | ---- | M] (Sony Corporation) [Auto | Stopped] -- C:\Programme\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe -- (VzCdbSvc) SRV - [2009.03.05 19:47:40 | 000,069,632 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe -- (VAIO Entertainment TV Device Arbitration Service) SRV - [2009.03.05 19:41:58 | 005,189,992 | ---- | M] (Sony Corporation) [Auto | Stopped] -- C:\Programme\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe -- (VCFw) SRV - [2009.01.24 10:31:26 | 000,559,656 | ---- | M] (Broadcom Corporation.) [Auto | Stopped] -- C:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins) SRV - [2009.01.19 13:49:20 | 000,203,624 | ---- | M] (Sony Corporation) [Auto | Stopped] -- C:\Programme\sony\VAIO Event Service\VESMgr.exe -- (VAIO Event Service) SRV - [2008.12.21 22:55:06 | 000,303,104 | ---- | M] (Sony Corporation) [Auto | Stopped] -- C:\Programme\sony\Network Utility\NSUService.exe -- (NSUService) SRV - [2008.12.19 14:02:08 | 000,415,592 | ---- | M] (Sony Corporation) [Auto | Stopped] -- C:\Programme\sony\VAIO Power Management\SPMService.exe -- (VAIO Power Management) SRV - [2008.09.18 11:59:10 | 000,104,960 | ---- | M] (ArcSoft, Inc.) [Auto | Stopped] -- C:\Programme\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe -- (uCamMonitor) SRV - [2008.01.21 04:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2007.01.04 20:48:50 | 000,112,152 | ---- | M] (InterVideo) [Auto | Stopped] -- c:\Programme\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp) DRV - [2011.09.08 17:49:26 | 000,011,312 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wacommousefilter.sys -- (wacommousefilter) DRV - [2011.09.08 17:49:24 | 000,014,120 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wacomvhid.sys -- (wacomvhid) DRV - [2011.08.09 15:24:52 | 000,163,424 | ---- | M] (ESET) [File_System | Auto | Stopped] -- C:\Windows\System32\drivers\eamonm.sys -- (eamonm) DRV - [2011.08.04 10:20:38 | 000,103,112 | ---- | M] (ESET) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\epfwwfpr.sys -- (epfwwfpr) DRV - [2011.08.04 10:20:36 | 000,118,104 | ---- | M] (ESET) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\ehdrv.sys -- (ehdrv) DRV - [2009.07.21 19:16:00 | 009,558,080 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2009.06.29 18:59:02 | 000,112,128 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbnet.sys -- (ewusbnet) DRV - [2009.06.29 18:59:02 | 000,102,912 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbfake.sys -- (hwusbfake) DRV - [2009.05.28 23:41:28 | 004,233,728 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) DRV - [2009.04.09 14:38:26 | 000,102,784 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard) DRV - [2009.01.07 22:17:28 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio) DRV - [2008.11.24 23:41:52 | 000,010,216 | ---- | M] (Sony Corporation) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\DMICall.sys -- (DMICall) DRV - [2008.11.19 02:08:46 | 000,009,344 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SFEP.sys -- (SFEP) DRV - [2008.10.23 02:02:26 | 000,046,592 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\risdptsk.sys -- (risdptsk) DRV - [2008.10.23 02:02:05 | 000,068,608 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk) DRV - [2008.06.07 02:02:55 | 000,131,000 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\WimFltr.sys -- (WimFltr) DRV - [2008.04.24 15:06:40 | 000,017,920 | ---- | M] (ArcSoft, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ArcSoftKsUFilter.sys -- (ArcSoftKsUFilter) DRV - [2007.04.17 21:09:28 | 000,011,032 | ---- | M] (InterVideo) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\regi.sys -- (regi) DRV - [2004.04.01 17:30:46 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\pfc.sys -- (pfc) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=SNYT&bmod=EU01 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=SNYT&bmod=SNYT IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64} IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SNYT IE - HKLM\..\SearchScopes\{FEF36E3B-F768-4A7E-A590-DF7B1E9380CA}: "URL" = hxxp://www.google.de/search?hl=de&q={searchTerms}&meta= IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=SNYT&bmod=EU01 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=SNYT&bmod=EU01 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\SearchScopes,DefaultScope = {9AAA0826-24E7-4DCA-BFCB-F57B8961C97E} IE - HKCU\..\SearchScopes\{9AAA0826-24E7-4DCA-BFCB-F57B8961C97E}: "URL" = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8&rlz=1I7SNYK_de IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_270.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\@wacom.com/wacom-plugin,version= C:\Program Files\TabletPlugins\npwacom.dll (Wacom, Inc.) FF - HKLM\Software\MozillaPlugins\@wacom.com/wtPlugin,version= C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom) FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\wacom.com/WacomTabletPlugin: C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2012.04.14 02:01:55 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}: C:\Program Files\Adobe\Adobe Contribute CS5.1\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} [2012.02.08 16:34:36 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.07.18 21:21:56 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 13.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012.07.28 13:48:55 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2011.12.29 03:06:04 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.07.18 21:21:56 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.01.28 18:43:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jodi Jean\AppData\Roaming\mozilla\Extensions [2012.01.28 18:43:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jodi Jean\AppData\Roaming\mozilla\Extensions\home2@tomtom.com [2012.08.06 13:11:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jodi Jean\AppData\Roaming\mozilla\Firefox\Profiles\rdhpyawi.default\extensions [2012.05.18 21:35:55 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\Jodi Jean\AppData\Roaming\mozilla\Firefox\Profiles\rdhpyawi.default\extensions\ich@maltegoetz.de [2011.12.21 20:07:55 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2012.07.18 21:21:56 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2011.04.14 15:01:38 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files\mozilla firefox\components\Scriptff.dll [2011.11.05 05:38:54 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2011.11.05 05:32:18 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2011.11.05 05:38:54 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2011.11.05 05:38:54 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2011.11.05 05:38:54 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2011.11.05 05:38:54 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2011.11.28 15:19:39 | 000,000,859 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: localhost O1 - Hosts: ::1 localhost O1 - Hosts: activate.adobe.com O1 - Hosts: practivate.adobe.com O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Programme\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.) O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - Reg Error: Value error. File not found O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\Office14\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Programme\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.) O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found O4 - HKLM..\Run: [BambooCore] C:\Programme\Bamboo Dock\BambooCore.exe () O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\Office14\BCSSync.exe (Microsoft Corporation) O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET) O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe (Sony Corporation) O4 - HKLM..\Run: [MobileConnect] C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe (Vodafone) O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [SwitchBoard] C:\Programme\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [AdobeBridge] File not found O4 - HKCU..\Run: [NSUFloatingUI] C:\Program Files\Sony\Network Utility\LANUtil.exe (Sony Corporation) O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105 File not found O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Programme\ICQ7.7\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Programme\ICQ7.7\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0DD30EF4-3D03-4B91-B3D1-BFEDBAE01B50}: DhcpNameServer = O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{400A0307-6EF0-4B69-96D8-4BE8BD574F68}: DhcpNameServer = O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A2E27893-A70E-43A1-B92D-33895DB60DE1}: DhcpNameServer = O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AB0F77C7-90D8-4930-A204-89945BF863BC}: DhcpNameServer = O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F8C57B21-055C-4100-B24B-AB84EE0BFB4B}: DhcpNameServer = O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKCU Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKCU Winlogon: Shell - (C:\Users\Jodi Jean\AppData\Roaming\msconfig.dat) - C:\Users\Jodi Jean\AppData\Roaming\msconfig.dat () O20 - Winlogon\Notify\VESWinlogon: DllName - (VESWinlogon.dll) - C:\Windows\System32\VESWinlogon.dll (Sony Corporation) O24 - Desktop WallPaper: C:\Users\Jodi Jean\Pictures\Wallpaper\angelina_jolie.jpg O24 - Desktop BackupWallPaper: C:\Users\Jodi Jean\Pictures\Wallpaper\angelina_jolie.jpg O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\Office14\GROOVEEX.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{08f22909-299f-11e1-b1b5-001e101f79c9}\Shell - "" = AutoRun O33 - MountPoints2\{08f22909-299f-11e1-b1b5-001e101f79c9}\Shell\AutoRun\command - "" = G:\setup_vmc_lite.exe /checkApplicationPresence O33 - MountPoints2\{63b86b71-0f06-11e1-a51a-001dba76ce7b}\Shell - "" = AutoRun O33 - MountPoints2\{63b86b71-0f06-11e1-a51a-001dba76ce7b}\Shell\AutoRun\command - "" = G:\setup_vmc_lite.exe /checkApplicationPresence O33 - MountPoints2\{63b86b81-0f06-11e1-a51a-001e101f2500}\Shell - "" = AutoRun O33 - MountPoints2\{63b86b81-0f06-11e1-a51a-001e101f2500}\Shell\AutoRun\command - "" = G:\setup_vmc_lite.exe /checkApplicationPresence O33 - MountPoints2\G\Shell - "" = AutoRun O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\setup_vmc_lite.exe /checkApplicationPresence O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Macromedia Shockwave Flash ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation) NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk - C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe - (Broadcom Corporation.) MsConfig - StartUpReg: Acrobat Assistant 8.0 - hkey= - key= - C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.) MsConfig - StartUpReg: Adobe Acrobat Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated) MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - File not found MsConfig - StartUpReg: AdobeAAMUpdater-1.0 - hkey= - key= - C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated) MsConfig - StartUpReg: AdobeCS5.5ServiceManager - hkey= - key= - File not found MsConfig - StartUpReg: AutoKMS - hkey= - key= - Reg Error: Value error. File not found MsConfig - StartUpReg: MarketingTools - hkey= - key= - C:\Programme\sony\Marketing Tools\MarketingTools.exe (Sony Corporation) MsConfig - StartUpReg: MobileConnect - hkey= - key= - File not found MsConfig - StartUpReg: msnmsgr - hkey= - key= - C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation) MsConfig - StartUpReg: Skytel - hkey= - key= - C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.) MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) MsConfig - StartUpReg: SwitchBoard - hkey= - key= - C:\Programme\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) MsConfig - State: "startup" - 2 MsConfig - State: "bootini" - 2 CREATERESTOREPOINT Unable to start System Restore Service. Error code 1084 ========== Files/Folders - Created Within 30 Days ========== [2012.08.07 01:49:01 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Jodi Jean\Desktop\OTL.exe [2012.08.06 13:37:15 | 000,000,000 | ---D | C] -- C:\Windows\AutoKMS [2012.08.01 23:17:34 | 000,000,000 | ---D | C] -- C:\Users\Jodi Jean\Desktop\Ca_sandro [2012.07.31 10:50:28 | 000,000,000 | ---D | C] -- C:\Users\Jodi Jean\Desktop\sandro 2 [2012.07.28 00:12:57 | 000,000,000 | ---D | C] -- C:\Users\Jodi Jean\Desktop\CASANDRO Web [2012.07.28 00:09:14 | 000,000,000 | ---D | C] -- C:\Users\Jodi Jean\Desktop\DANNY [2012.07.28 00:06:52 | 000,000,000 | ---D | C] -- C:\Users\Jodi Jean\Desktop\BLOG EDIT [2012.07.21 19:53:06 | 000,000,000 | ---D | C] -- C:\Users\Jodi Jean\Desktop\Sandro_Photo [2012.07.20 23:00:51 | 000,000,000 | ---D | C] -- C:\Users\Jodi Jean\AppData\Local\ESET [2012.07.12 21:21:01 | 000,000,000 | ---D | C] -- C:\Users\Jodi Jean\AppData\Local\{6379D574-0B30-4640-8F71-AE8446A624B8} [2012.07.12 21:20:39 | 000,000,000 | ---D | C] -- C:\Users\Jodi Jean\AppData\Local\{DBC834F1-EF45-4D31-953A-70061A2DC1C7} ========== Files - Modified Within 30 Days ========== [2012.08.07 01:49:02 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Jodi Jean\Desktop\OTL.exe [2012.08.07 01:40:16 | 000,595,386 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.08.07 01:40:15 | 000,627,756 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.08.07 01:40:15 | 000,125,870 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.08.07 01:40:15 | 000,103,460 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.08.07 01:33:48 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.08.07 01:32:25 | 000,000,045 | ---- | M] () -- C:\Users\Jodi Jean\AppData\Roaming\msconfig.ini [2012.08.07 01:32:19 | 000,246,032 | ---- | M] () -- C:\ProgramData\nvModes.dat [2012.08.07 01:32:18 | 000,246,032 | ---- | M] () -- C:\ProgramData\nvModes.001 [2012.08.07 00:40:27 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012.08.07 00:40:27 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012.08.07 00:39:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.08.06 20:58:02 | 000,001,680 | ---- | M] () -- C:\Users\Jodi Jean\AppData\Local\Adobe Save for Web 12.0 Prefs [2012.08.06 15:07:26 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat [2012.08.06 13:35:54 | 000,000,768 | ---- | M] () -- C:\Users\Jodi Jean\Documents\Settings.ini [2012.08.02 13:52:59 | 000,176,608 | ---- | M] () -- C:\Users\Jodi Jean\Desktop\Bewerbungsfoto_Rufina_Neumann.jpg [2012.08.02 02:20:24 | 000,000,161 | ---- | M] () -- C:\Windows\AutoKMS.ini [2012.08.02 02:20:04 | 000,077,824 | ---- | M] () -- C:\Windows\KMSEmulator.exe [2012.08.01 21:25:19 | 000,034,304 | ---- | M] () -- C:\Users\Jodi Jean\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.07.31 12:28:59 | 056,666,006 | ---- | M] () -- C:\Users\Jodi Jean\Desktop\cas_map.psd [2012.07.31 01:09:01 | 000,311,430 | ---- | M] () -- C:\Users\Jodi Jean\Desktop\moodyclub_flyer_800x402.jpg [2012.07.31 00:58:40 | 000,446,546 | ---- | M] () -- C:\Users\Jodi Jean\Desktop\moodyclub_flyer.jpg [2012.07.31 00:58:27 | 005,930,562 | ---- | M] () -- C:\Users\Jodi Jean\Desktop\moddyclub_flyer.psd [2012.07.24 13:58:58 | 001,053,136 | ---- | M] () -- C:\Users\Jodi Jean\Desktop\pia.jpg [2012.07.21 20:47:21 | 000,000,132 | ---- | M] () -- C:\Users\Jodi Jean\AppData\Roaming\Adobe PNG Format CS5 Prefs [2012.07.12 16:00:31 | 000,202,872 | ---- | M] () -- C:\Users\Jodi Jean\Desktop\skizze.jpg [2012.07.11 16:14:00 | 003,767,944 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT ========== Files Created - No Company Name ========== [2012.08.07 01:20:33 | 000,000,045 | ---- | C] () -- C:\Users\Jodi Jean\AppData\Roaming\msconfig.ini [2012.08.06 13:35:54 | 000,000,768 | ---- | C] () -- C:\Users\Jodi Jean\Documents\Settings.ini [2012.08.06 13:35:27 | 026,835,456 | ---- | C] () -- C:\Users\Jodi Jean\Documents\Microsoft Toolkit.exe [2012.08.02 13:52:57 | 000,176,608 | ---- | C] () -- C:\Users\Jodi Jean\Desktop\Bewerbungsfoto_Rufina_Neumann.jpg [2012.08.02 02:20:04 | 000,077,824 | ---- | C] () -- C:\Windows\KMSEmulator.exe [2012.07.31 12:28:58 | 056,666,006 | ---- | C] () -- C:\Users\Jodi Jean\Desktop\cas_map.psd [2012.07.31 01:09:00 | 000,311,430 | ---- | C] () -- C:\Users\Jodi Jean\Desktop\moodyclub_flyer_800x402.jpg [2012.07.30 22:30:39 | 000,446,546 | ---- | C] () -- C:\Users\Jodi Jean\Desktop\moodyclub_flyer.jpg [2012.07.30 22:13:11 | 005,930,562 | ---- | C] () -- C:\Users\Jodi Jean\Desktop\moddyclub_flyer.psd [2012.07.24 11:53:30 | 001,053,136 | ---- | C] () -- C:\Users\Jodi Jean\Desktop\pia.jpg [2012.07.12 16:00:29 | 000,202,872 | ---- | C] () -- C:\Users\Jodi Jean\Desktop\skizze.jpg [2012.06.22 19:22:37 | 000,010,567 | R--- | C] () -- C:\Windows\hpwscr19.dat [2012.06.22 19:17:08 | 000,203,129 | ---- | C] () -- C:\Windows\hpwins19.dat [2012.06.08 00:58:25 | 000,000,132 | ---- | C] () -- C:\Users\Jodi Jean\AppData\Roaming\Adobe IllExport Filter CS5 Prefs [2012.01.23 22:36:44 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2012.01.19 19:51:33 | 000,126,976 | ---- | C] () -- C:\Users\Jodi Jean\AppData\Roaming\msconfig.dat [2012.01.15 10:06:40 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2011.12.27 22:49:10 | 000,001,680 | ---- | C] () -- C:\Users\Jodi Jean\AppData\Local\Adobe Save for Web 12.0 Prefs [2011.12.12 22:43:58 | 000,246,032 | ---- | C] () -- C:\ProgramData\nvModes.dat [2011.12.12 22:43:58 | 000,246,032 | ---- | C] () -- C:\ProgramData\nvModes.001 [2011.12.02 19:52:55 | 000,000,132 | ---- | C] () -- C:\Users\Jodi Jean\AppData\Roaming\Adobe PNG Format CS5 Prefs [2011.12.01 00:31:58 | 000,034,304 | ---- | C] () -- C:\Users\Jodi Jean\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.11.20 21:10:51 | 000,001,356 | ---- | C] () -- C:\Users\Jodi Jean\AppData\Local\d3d9caps.dat [2011.11.19 20:12:48 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2011.11.19 20:12:47 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2011.11.16 01:36:02 | 000,000,161 | ---- | C] () -- C:\Windows\AutoKMS.ini [2011.11.14 23:08:02 | 000,000,000 | ---- | C] () -- C:\Windows\VAIOUpdt.INI [2009.06.16 13:25:02 | 000,121,512 | R--- | C] () -- C:\ProgramData\DeviceManager.xml.rc4 ========== LOP Check ========== [2011.11.15 00:39:30 | 000,000,000 | ---D | M] -- C:\Users\Jodi Jean\AppData\Roaming\Bytemobile [2012.03.26 16:38:39 | 000,000,000 | ---D | M] -- C:\Users\Jodi Jean\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 [2011.11.29 23:46:40 | 000,000,000 | ---D | M] -- C:\Users\Jodi Jean\AppData\Roaming\com.adobe.WidgetBrowser.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1 [2012.08.01 03:00:19 | 000,000,000 | ---D | M] -- C:\Users\Jodi Jean\AppData\Roaming\FileZilla [2012.08.07 00:34:37 | 000,000,000 | ---D | M] -- C:\Users\Jodi Jean\AppData\Roaming\ICQ [2012.02.05 03:22:12 | 000,000,000 | ---D | M] -- C:\Users\Jodi Jean\AppData\Roaming\Image-Line [2011.12.02 18:20:01 | 000,000,000 | ---D | M] -- C:\Users\Jodi Jean\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1 [2011.11.15 23:02:40 | 000,000,000 | ---D | M] -- C:\Users\Jodi Jean\AppData\Roaming\Thunderbird [2012.01.28 18:43:28 | 000,000,000 | ---D | M] -- C:\Users\Jodi Jean\AppData\Roaming\TomTom [2011.11.15 00:39:30 | 000,000,000 | ---D | M] -- C:\Users\Jodi Jean\AppData\Roaming\Vodafone [2011.11.15 00:45:29 | 000,000,000 | ---D | M] -- C:\Users\Jodi Jean\AppData\Roaming\Vodafone Mobile Connect [2012.06.29 20:28:03 | 000,000,000 | ---D | M] -- C:\Users\Jodi Jean\AppData\Roaming\Wacom [2012.06.29 20:30:15 | 000,000,000 | ---D | M] -- C:\Users\Jodi Jean\AppData\Roaming\wacomid-desktop-launcher.DCFD4B89A63EE70BC162777F06D4B93B6397AEC7.1 [2012.08.06 15:07:26 | 000,032,510 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2012.03.20 19:45:56 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin [2011.11.19 20:51:10 | 000,000,000 | -HSD | M] -- C:\Boot [2012.08.06 18:45:00 | 000,000,000 | -H-D | M] -- C:\Config.Msi [2011.11.14 23:15:24 | 000,000,000 | ---D | M] -- C:\Documentation [2006.11.02 15:02:03 | 000,000,000 | -HSD | M] -- C:\Documents and Settings [2011.11.15 00:24:56 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen [2011.11.20 14:40:41 | 000,000,000 | ---D | M] -- C:\Intel [2012.01.28 13:50:40 | 000,000,000 | RH-D | M] -- C:\MSOCache [2011.11.20 22:22:18 | 000,000,000 | ---D | M] -- C:\NVIDIA [2008.01.21 04:32:31 | 000,000,000 | ---D | M] -- C:\PerfLogs [2012.06.29 20:27:13 | 000,000,000 | R--D | M] -- C:\Program Files [2012.06.29 20:27:54 | 000,000,000 | -H-D | M] -- C:\ProgramData [2011.11.15 00:24:56 | 000,000,000 | -HSD | M] -- C:\Programme [2012.08.07 01:21:41 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2012.04.21 14:36:13 | 000,000,000 | ---D | M] -- C:\Temp [2012.04.06 18:38:47 | 000,000,000 | ---D | M] -- C:\Update [2012.03.20 19:44:48 | 000,000,000 | R--D | M] -- C:\Users [2012.08.07 01:33:31 | 000,000,000 | ---D | M] -- C:\Windows [2011.11.14 23:15:24 | 000,000,000 | ---D | M] -- C:\_FS_SWRINFO < %PROGRAMFILES%\*.exe > < %LOCALAPPDATA%\*.exe > < %systemroot%\*. /mp /s > < MD5 for: AGP440.SYS > [2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys [2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys [2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys [2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys [2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys [2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys < MD5 for: ATAPI.SYS > [2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys [2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys [2008.01.21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\drivers\atapi.sys [2008.01.21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys [2008.01.21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys [2006.11.02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys < MD5 for: CNGAUDIT.DLL > [2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll [2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll < MD5 for: EXPLORER.EXE > [2008.10.29 08:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe [2008.10.29 08:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe [2008.10.30 05:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe [2008.10.28 04:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe [2008.01.21 04:24:24 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe < MD5 for: IASTOR.SYS > [2008.04.22 02:20:41 | 000,312,344 | ---- | M] (Intel Corporation) MD5=DB0CC620B27A928D968C1A1E9CD9CB87 -- C:\Windows\Drivers\INF\SATA Driver (Intel) (Non-RAID)\IaStor.sys [2008.04.22 02:20:41 | 000,312,344 | ---- | M] (Intel Corporation) MD5=DB0CC620B27A928D968C1A1E9CD9CB87 -- C:\Windows\System32\drivers\iaStor.sys [2008.04.22 02:20:41 | 000,312,344 | ---- | M] (Intel Corporation) MD5=DB0CC620B27A928D968C1A1E9CD9CB87 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_77c04a30\iaStor.sys [2008.04.22 02:20:41 | 000,312,344 | ---- | M] (Intel Corporation) MD5=DB0CC620B27A928D968C1A1E9CD9CB87 -- C:\Windows\System32\DriverStore\FileRepository\iastor.inf_054cd65f\iaStor.sys < MD5 for: IASTORV.SYS > [2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys [2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys [2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys [2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys < MD5 for: NETLOGON.DLL > [2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll [2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll [2008.01.21 04:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll < MD5 for: NVSTOR.SYS > [2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys [2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys [2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys [2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys < MD5 for: SCECLI.DLL > [2008.01.21 04:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll [2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll [2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll < MD5 for: USER32.DLL > [2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) MD5=75510147B94598407666F4802797C75A -- C:\Windows\System32\user32.dll [2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) MD5=75510147B94598407666F4802797C75A -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll [2008.01.21 04:24:21 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll < MD5 for: USERINIT.EXE > [2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe [2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe < MD5 for: WINLOGON.EXE > [2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe [2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe [2008.01.21 04:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe < MD5 for: WS2IFSL.SYS > [2008.01.21 04:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys [2008.01.21 04:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > [2008.01.21 05:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV [2008.01.21 05:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV [2008.01.21 05:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV [2006.11.02 12:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV [2006.11.02 12:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV < %systemroot%\system32\*.dll /lockedfiles > < %USERPROFILE%\*.* > [2012.06.29 20:27:55 | 000,000,002 | ---- | M] () -- C:\Users\Jodi Jean\.bdockinstall.log [2012.08.07 02:15:23 | 003,670,016 | -HS- | M] () -- C:\Users\Jodi Jean\NTUSER.DAT [2012.08.07 02:15:23 | 000,262,144 | -H-- | M] () -- C:\Users\Jodi Jean\ntuser.dat.LOG1 [2011.11.15 00:28:22 | 000,000,000 | -H-- | M] () -- C:\Users\Jodi Jean\ntuser.dat.LOG2 [2012.08.06 15:07:24 | 000,065,536 | -HS- | M] () -- C:\Users\Jodi Jean\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf [2012.08.06 15:07:24 | 000,524,288 | -HS- | M] () -- C:\Users\Jodi Jean\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms [2011.11.15 02:55:11 | 000,524,288 | -HS- | M] () -- C:\Users\Jodi Jean\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms [2011.11.15 00:28:23 | 000,000,020 | -HS- | M] () -- C:\Users\Jodi Jean\ntuser.ini < %USERPROFILE%\Local Settings\Temp\*.exe > < %USERPROFILE%\Local Settings\Temp\*.dll > < %USERPROFILE%\Application Data\*.exe > < HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs > HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16 ========== Alternate Data Streams ========== @Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:D3A96964 < End of report > Code:
ATTFilter OTL Extras logfile created on: 07.08.2012 02:23:26 - Run 1 OTL by OldTimer - Version Folder = C:\Users\Jodi Jean\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 2,45 Gb Available Physical Memory | 81,76% Memory free 6,19 Gb Paging File | 5,87 Gb Available in Paging File | 94,79% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 287,71 Gb Total Space | 155,00 Gb Free Space | 53,87% Space Free | Partition Type: NTFS Computer Name: BEBI-PC | User Name: Jodi Jean | Logged in as Administrator. Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\Office14\msohtmed.exe" %1 (Microsoft Corporation) htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\Office14\msohtmed.exe" /p %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = Reg Error: Unknown registry data type -- File not found "VistaSp2" = Reg Error: Unknown registry data type -- File not found ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0C4ED415-0F85-4D4C-8A7F-BCBF9B07A3EE}" = lport=7935 | protocol=6 | dir=in | name=adobe flash builder 4.5 | "{3738C42C-E768-4E6C-9C74-5C0C5232B784}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | "{53AE771F-D49F-4D86-BA68-751FE2299FF9}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | "{8D5D6C98-5E5B-4ED2-8D6A-ECA7FCD16D39}" = lport=2869 | protocol=6 | dir=in | app=system | "{96FAA392-C7C3-4DDD-BDA8-0A6B064DFD4B}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\office14\outlook.exe | "{9FC3F338-C436-4523-B835-5F7203D9C080}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | "{AA9541B7-FDAA-4565-A254-ECB279E90361}" = lport=7935 | protocol=6 | dir=in | name=adobe flash builder 4.5 | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0044E32E-01FF-4DE3-9BF3-BFEAF18B7362}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\office14\groove.exe | "{0CC6F66B-B409-4BDF-BCA4-EECC7CA39AF8}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | "{0F05F975-08BC-4884-9D08-A6DA7EC94D1C}" = protocol=17 | dir=in | app=c:\program files\icq7.7\icq.exe | "{13F2F5C3-866A-4E50-AE25-200F0DB73207}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | "{1802B28A-C564-4C7D-9422-BFF4AB63378E}" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\launcher.patch.exe | "{2A4C1F53-EA0F-4B39-9498-DA154F010034}" = dir=in | app=c:\program files\common files\mcafee\mna\mcnasvc.exe | "{3CDB3D3C-B736-4430-9AD6-1E4DA2243639}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\office14\onenote.exe | "{517A0A8E-7C9D-4938-9A87-E44C0231D9B7}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | "{56855CF9-A2D0-4A42-B355-AC15933BDD96}" = protocol=17 | dir=in | app=c:\program files\world of warcraft\launcher.patch.exe | "{5E175649-65CA-4380-87BB-F9E21BE493F7}" = protocol=6 | dir=in | app=c:\program files\world of warcraft\launcher.exe | "{6D490C3C-C131-4562-894D-AB7F537E1CAC}" = protocol=6 | dir=in | app=c:\program files\adobe\adobe flash builder 4.5\flashbuilder.exe | "{8F896B79-33F0-4B7C-8289-ADED3906D175}" = protocol=17 | dir=in | app=c:\program files\icq7.7\icq.exe | "{902CA7B4-2EF0-43E7-8BAE-C200753B3E1E}" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\launcher.patch.exe | "{92B62CEA-C758-4853-B2D3-1C2F4C04A179}" = protocol=6 | dir=in | app=c:\program files\adobe\adobe flash builder 4.5\flashbuilder.exe | "{9975574C-3070-40C6-A2CF-296C3C679F10}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | "{9AB078B7-D63A-4DB8-B0BE-227BD2225F75}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\office14\groove.exe | "{9CF176B2-C783-47A1-A444-451BF3EEA6CF}" = dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | "{9DBC9A07-1B5E-45A6-A03A-5D4F58CE7B18}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe | "{AA3FF900-9842-404B-8FCE-A05C8F09336B}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\office14\onenote.exe | "{B8A39A48-71CF-42F1-948E-D025F1AB5C4C}" = protocol=6 | dir=in | app=c:\program files\icq7.7\icq.exe | "{BEF3BF53-E059-4D5B-BE03-BBD3306C8CCD}" = protocol=17 | dir=in | app=c:\program files\adobe\adobe flash builder 4.5\flashbuilder.exe | "{C5E665E9-C773-4B59-A72F-64225C092B05}" = protocol=17 | dir=in | app=c:\program files\adobe\adobe flash builder 4.5\flashbuilder.exe | "{DB7CFEA5-068B-4963-AD28-144947B107E6}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe | "{DEFE2353-987F-4B40-AF46-0805230A582A}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{E23174F8-0222-4F3D-81BF-20369353656E}" = protocol=17 | dir=in | app=c:\program files\world of warcraft\launcher.exe | "{F36641DE-A581-483F-925D-19DF0DD839D3}" = protocol=6 | dir=in | app=c:\program files\world of warcraft\launcher.patch.exe | "{F71CC117-0932-4C58-9DFA-49CABEF474DA}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | "{FE5455D5-66EC-4C3F-91F0-2C357B4A010A}" = protocol=6 | dir=in | app=c:\program files\icq7.7\icq.exe | "TCP Query User{042F74C2-0747-46C9-A08E-69E57311796E}C:\users\public\games\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe | "TCP Query User{14562E9F-77F1-4AA0-8161-99E5E12A3DC6}C:\program files\world of warcraft\temp\wow-" = protocol=6 | dir=in | app=c:\program files\world of warcraft\temp\wow- | "TCP Query User{154BF3C6-2FD2-4403-96ED-380D75FEF058}C:\program files\world of warcraft\temp\wow-" = protocol=6 | dir=in | app=c:\program files\world of warcraft\temp\wow- | "TCP Query User{1A9B471F-8481-48EE-9ABB-2217E4227D45}C:\windows\system32\java.exe" = protocol=6 | dir=in | app=c:\windows\system32\java.exe | "TCP Query User{1D01D2FC-24E5-4F3E-95E1-EB7DF0647352}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | "TCP Query User{3CA52080-A746-453A-81E4-BBBBEFA7ABEC}C:\users\public\games\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe | "TCP Query User{74DEBD6F-425F-44D7-B34E-3748FA79A747}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe" = protocol=6 | dir=in | app=c:\windows\microsoft.net\framework\v2.0.50727\vbc.exe | "TCP Query User{7E2C4FB3-979A-46B3-999A-71303FCCEE21}C:\windows\kmsemulator.exe" = protocol=6 | dir=in | app=c:\windows\kmsemulator.exe | "TCP Query User{B3170B2C-9482-43FE-84D5-3CD612D848F8}C:\program files\world of warcraft\temp\wow-" = protocol=6 | dir=in | app=c:\program files\world of warcraft\temp\wow- | "TCP Query User{D9675B63-12B3-4BEF-8B1D-1949C2F10518}C:\windows\kmsemulator.exe" = protocol=6 | dir=in | app=c:\windows\kmsemulator.exe | "TCP Query User{E60490A2-FB83-4EE0-A347-35C8165466E9}C:\program files\world of warcraft\backgrounddownloader.exe" = protocol=6 | dir=in | app=c:\program files\world of warcraft\backgrounddownloader.exe | "TCP Query User{E85B8223-A716-447C-A2A1-D411977E50D1}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | "UDP Query User{10D51B2C-B929-4474-AC9D-8C224B8F2403}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | "UDP Query User{269CD265-452C-4F11-8EC9-076297A9058A}C:\windows\system32\java.exe" = protocol=17 | dir=in | app=c:\windows\system32\java.exe | "UDP Query User{3291EC49-47E3-46E0-8BC5-D2E6E0AF638D}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe" = protocol=17 | dir=in | app=c:\windows\microsoft.net\framework\v2.0.50727\vbc.exe | "UDP Query User{589A56C3-E66D-41F2-B89A-E48942CEB500}C:\users\public\games\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe | "UDP Query User{6BF2C26E-0FB5-4E98-BEC3-46AD3C8001B0}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | "UDP Query User{791FC1A5-F3D7-48EF-AF9E-A09AD102F493}C:\program files\world of warcraft\temp\wow-" = protocol=17 | dir=in | app=c:\program files\world of warcraft\temp\wow- | "UDP Query User{A31B674C-D5D0-4880-8C40-C1B9FBF56779}C:\windows\kmsemulator.exe" = protocol=17 | dir=in | app=c:\windows\kmsemulator.exe | "UDP Query User{A7BE9C6F-4760-4D21-A2D8-E56CFD1CCB47}C:\program files\world of warcraft\backgrounddownloader.exe" = protocol=17 | dir=in | app=c:\program files\world of warcraft\backgrounddownloader.exe | "UDP Query User{B9000F84-07F3-4D42-B93A-116319D00413}C:\windows\kmsemulator.exe" = protocol=17 | dir=in | app=c:\windows\kmsemulator.exe | "UDP Query User{BF0A41E5-D31C-4556-A081-803DB851515B}C:\program files\world of warcraft\temp\wow-" = protocol=17 | dir=in | app=c:\program files\world of warcraft\temp\wow- | "UDP Query User{BF2D3D0F-CB6C-4A57-8669-087EC86E4CDD}C:\program files\world of warcraft\temp\wow-" = protocol=17 | dir=in | app=c:\program files\world of warcraft\temp\wow- | "UDP Query User{C8C76EEA-3C6D-4CC7-9DA1-D30BBE324C71}C:\users\public\games\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{01FDC9FC-4D4F-4DB0-ACD1-D3E8E1D52902}" = Sony Video Shared Library "{024521CF-C07E-4F8E-8481-0D75695E03AF}" = PxMergeModule "{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86 "{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu "{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86 "{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Central Data "{0A5825FD-0FB7-4e45-9037-858D463F2943}" = BPDSoftware "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer "{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86 "{0F7C2E47-089E-4d23-B9F7-39BE00100776}" = Toolbox "{12D0BE8D-538C-4AB1-86DE-C540308F50DA}" = VAIO Content Metadata Manager Settings "{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter "{14291118-0C19-45EA-A4FA-5C1C0F5FDE09}" = Primo "{15D5C238-4C2E-4AEA-A66D-D6989A4C586B}" = VAIO Launcher "{18510937-0146-417B-95D8-14706649C384}" = VAIO Content Metadata Manager Settings "{18669FF9-C8FE-407a-9F70-E674896B1DB4}" = GPBaseService "{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate "{195F2C6C-A343-4b10-B1A4-3F00AB9E9DD9}" = Fax "{1B47F7BA-7CF9-4F00-9340-099E3A004059}" = VAIO Update Merge Module x86 "{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger "{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Central Tools "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions "{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = WinDVD for VAIO "{23825B69-36DF-4DAD-9CFD-118D11D80F16}" = VAIO Content Folder Setting "{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 29 "{2878C3C9-9D91-430F-8F50-885BB23DB001}" = VAIO Content Folder Watcher "{291FB4BF-EEC7-4CF9-8469-F39ED1DBC4D8}" = VAIO Content Metadata XML Interface Library "{2951A232-69BA-4925-BB9A-CEEB72B18B4F}" = BPDSoftware_Ini "{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update "{327B75F0-92AF-420A-988F-FA596A218E0B}" = VAIO Content Folder Watcher "{3521BDBD-D453-5D9F-AA55-44B75D214629}" = Adobe Community Help "{36FDBE6E-6684-462b-AE98-9A39A1B200CC}" = HPProductAssistant "{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack "{398E8625-6F3A-4C54-B54C-28F0ABB89774}" = BPD_HPSU "{3AF8C37F-696E-871C-0851-CDE980FD665E}" = Bamboo Dock "{3B659FAD-E772-44A3-B7E7-560FF084669F}" = VAIO Smart Network "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker "{4882EBF5-CA37-4EF4-BCB8-9B0E78B907D0}" = VAIO Content Metadata Intelligent Analyzing Manager "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4DCEA9C1-4D6E-41BF-A854-28CFA8B56DBF}" = Click to Disc Editor "{4E33D05D-76CF-5D3C-4D5D-7727530FA161}" = Adobe Content Viewer "{5109C064-813E-4e87-B0DE-C8AF7B5BC02B}" = SmartWebPrintingOC "{52A69E11-7CEB-4a7d-9607-68BA4F39A89B}" = DeviceDiscovery "{537BF16E-7412-448C-95D8-846E85A1D817}" = Roxio Easy Media Creator 10 LJ "{572F2A62-70CD-4429-8758-6D4D6DC696E1}" = 4500_Help "{57B955CE-B5D3-495D-AF1B-FAEE0540BFEF}" = VAIO Data Restore Tool "{596BED91-A1D8-4DF1-8CD1-1C777F7588AC}" = VAIO DVD Menu Data Basic "{5ACE69F0-A3E8-44eb-88C1-0A841E700180}" = TrayApp "{5BB4D7C1-52F2-4BFD-9E40-0D419E2E3021}" = bpd_scan "{5BEE8F1F-BD32-4553-8107-500439E43BD7}" = VAIO Update "{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.8 "{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI "{5F5867F0-2D23-4338-A206-01A76C823924}" = VAIO Energie Verwaltung "{62F7DA7E-CCCB-439C-A760-00C3926E761F}" = Microsoft Works "{6332AFF1-9D9A-429C-AA03-F82749FA4F49}" = SonicStage Mastering Studio "{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86 "{64DBE9FE-A07D-41A0-B81A-8D416D9647FF}" = VAIO Content Folder Watcher "{65CB4C08-C47B-4A7E-A6A4-50C06ADA5FC6}" = Adobe AIR "{6697D99E-E550-4498-B793-4A8DD8A1821F}" = ProductContext "{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder "{679EC478-3FF9-4987-B2FF-C2C2B27532A2}" = DocProc "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE "{687FEF8A-8597-40b4-832C-297EA3F35817}" = BufferChm "{68A69CFF-130D-4CDE-AB0E-7374ECB144C8}" = Click to Disc "{69C8B1E3-2665-4A0F-B049-67746E5C4CE3}" = Software Info for Me&My VAIO "{6B1F20F2-6321-4669-A58C-33DF8E7517FF}" = VAIO Entertainment Platform "{6E0C3C3D-CF8A-4AEC-AD6C-B4486A96BE8E}" = Bamboo Tablets Tutorial "{6EB6A82E-4918-481F-9AF8-3129E6D29B7E}" = Sony Home Network Library "{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder "{6FA8BA2C-052B-4072-B8E2-2302C268BE9E}" = VAIO Movie Story Template Data "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{72042FA6-5609-489F-A8EA-3C2DD650F667}" = VAIO Control Center "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{72EEB695-388B-4835-8EA6-0C04545B06B9}" = Intel(R) PROSet/Wireless WiFi-Software "{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Central Audio "{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762 "{76D7CCD6-8369-405C-B494-5F34FAE67249}" = Me&My VAIO "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{77F665FD-3F60-4B0A-AE14-EC124B7A7FCE}" = ICQ7.7 "{79A64F98-1796-4FA2-B5FF-C90F83D8BACD}" = Vodafone Mobile Connect Lite "{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec "{7B79CD75-F848-4B33-83E3-0EE1A1805A8C}" = VAIO Movie Story "{7BB90344-0647-468E-925A-7F69F7983421}" = ArcSoft Magic-i Visual Effects 2 "{80533B67-C407-485D-8B5D-63BB8ED9D878}" = Scan "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform "{86EF9FC4-F209-4520-B7E1-C7FF0EEBDFFF}" = Adobe Audition 1.5 "{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{8DE50158-80AA-4FF2-9E9F-0A7C46F71FCD}" = VAIO Media plus "{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules "{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System "{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010 "{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010 "{90140000-0015-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010 "{90140000-0016-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010 "{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010 "{90140000-0019-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010 "{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010 "{90140000-001B-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010 "{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUS_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010 "{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010 "{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010 "{90140000-001F-0410-0000-0000000FF1CE}_Office14.PROPLUS_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010 "{90140000-002C-0407-0000-0000000FF1CE}_Office14.PROPLUS_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010 "{90140000-0044-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010 "{90140000-006E-0407-0000-0000000FF1CE}_Office14.PROPLUS_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010 "{90140000-00A1-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010 "{90140000-00BA-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{9238E8A4-BEBA-43A3-B926-769BDBF194C5}" = VAIO Media plus Opening Movie "{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86 "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{96D0B6C6-5A72-4B47-8583-A87E55F5FE81}" = "{989ED050-E296-4FDC-9E4E-C48B4AF76E32}" = VAIO Content Metadata Intelligent Analyzing Manager "{98FC7A64-774B-49B5-B046-4B4EBC053FA9}" = VAIO MusicBox Sample Music "{9973498D-EA29-4A68-BE0B-C88D6E03E928}" = ArcSoft WebCam Companion 2 "{9C1C8A04-F8CA-4472-A92D-4288CE32DE86}" = SonicStage Mastering Studio Plugins "{A0B9F8DF-C949-45ed-9808-7DC5C0C19C81}" = Status "{A3563827-B0DB-44DC-B037-15CC4E5E692F}" = VAIO Content Metadata XML Interface Library "{A5AB9D5E-52E2-440e-A3ED-9512E253C81A}" = SolutionCenter "{A63E7492-A0BC-4BB9-89A7-352965222380}" = VAIO Original Function Setting "{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5 "{A7DA438C-2E43-4C20-BFDA-C1F4A6208558}" = Setting Utility Series "{A80FA752-C491-4ED9-ABF0-4278563160B2}" = 32 Bit HP CIO Components Installer "{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common "{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter "{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder "{AC76BA86-1033-F400-7760-000000000005}" = Adobe Acrobat X Pro - English, Français, Deutsch "{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch "{AEA6A4C2-7C4E-48F9-A770-879DE2EDEE1B}" = OpenMG Secure Module 5.4.00 "{AEF8B78C-4F3E-41F1-9C2D-88150D4BB3AD}" = Sony Home Network Library "{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder "{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter "{B1991F22-4F93-4D11-9866-A7DFE551DF9E}" = VAIO Content Metadata Intelligent Analyzing Manager "{B25563A0-41F4-4A81-A6C1-6DBC0911B1F3}" = VAIO Movie Story "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 275.33 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 275.33 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.3.5 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components "{B3668C08-EBB1-40F4-B4F9-4F8E13501A7D}" = VAIO Entertainment Platform "{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Central Copy "{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86 "{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player "{B8DBED1E-8BC3-4d08-B94A-F9D7D88E9BBF}" = HPSSupply "{BDE646E8-86E0-50E1-37BC-0AEBB2185D76}" = Adobe Widget Browser "{C0482AA0-9CDF-49B4-9B39-551FD1A7A7E6}" = VAIO Movie Story 1.5 Upgrade "{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common "{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}" = Norton Online Backup aktivieren "{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant "{C7477742-DDB4-43E5-AC8D-0259E1E661B1}" = VAIO Event Service "{CCB9B81A-167F-4832-B305-D2A0430840B3}" = WebReg "{CD0773D5-C18E-495c-B39B-21A96415EDD5}" = HP Officejet J4500 Series "{CE2121C6-C94D-4A73-8EA4-6943F33EE335}" = Music Transfer "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform "{CF0F8D1B-5FB9-468D-BD88-E6239906D2B7}" = Click to Disc "{D035FBF6-FDEF-487D-89CA-6F9DD07B783F}" = Dolby Control Center "{D03D02D8-AB64-4785-A48E-5AA8B0FB8C14}" = Sony Home Network Library "{D142FE39-3386-4d82-9AD3-36D4A92AC3C2}" = DocMgr "{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86 "{D239B547-8B20-4BDE-888D-C9CCA823FFD8}" = WIDCOMM Bluetooth Software "{D2D23D08-D10E-43D6-883C-78E0B2AC9CC6}" = VU5x86 "{D2E0F0CC-6BE0-490b-B08B-9267083E34C9}" = MarketResearch "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform "{D5068583-D569-468B-9755-5FBF5848F46F}" = Sony Picture Utility "{D57FC112-312E-4D70-860F-2DB8FB6858F0}" = Adobe Creative Suite 5.5 Master Collection "{D60F97EC-EF06-4E1E-B0D1-C2CBABA62FA3}" = VAIO Wallpaper Contents "{D613E659-6503-42A8-9617-4F599061EAD5}" = VAIO MusicBox "{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86 "{D99A8E3A-AE5A-4692-8B19-6F16D454E240}" = Destination Component "{DABF43D9-1104-4764-927B-5BED1274A3B0}" = Runtime "{DF7DB916-90E5-40F2-9010-B8125EB5FD6F}" = SonicStage Mastering Studio Audio Filter "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E4715C25-7114-4F40-A915-C1951D4D7520}" = VAIO Update Merge Module x86 "{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger "{EC37A846-53AC-4DA7-98FA-76A4E74AA900}" = Benutzerdefinierte Voreinstellungen für SonicStage Mastering Studio Audio Filter "{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Central Core "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F570A6CC-53ED-4AA9-8B08-551CD3E38D8B}" = "{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials "{FDEC11CC-4BD6-4a8c-A398-3CCD8E43EACA}" = J4500 "{FE51662F-D8F6-43B5-99D9-D4894AF00F83}" = Roxio Easy Media Creator Home "{FF872023-6648-42AF-9A07-1E6F55FE7291}" = ESET NOD32 Antivirus "5513-1208-7298-9440" = JDownloader 0.9 "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "ASIO4ALL" = ASIO4ALL "Bamboo Dock" = Bamboo Dock "chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help "com.adobe.dmp.contentviewer" = Adobe Content Viewer "com.adobe.WidgetBrowser.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1" = Adobe Widget Browser "DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters "dt icon module" = "EOS Utility" = Canon Utilities EOS Utility "FileZilla Client" = FileZilla Client 3.5.3 "FL Studio 10" = FL Studio 10 "HP Document Manager" = HP Document Manager 1.0 "HP Imaging Device Functions" = HP Imaging Device Functions 10.0 "HP Smart Web Printing" = HP Smart Web Printing "HP Solution Center & Imaging Support Tools" = HP Solution Center 10.0 "HPExtendedCapabilities" = HP Customer Participation Program 10.0 "HPOCR" = OCR Software by I.R.I.S. 10.0 "IL Download Manager" = IL Download Manager "InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = WinDVD for VAIO "InstallShield_{4DCEA9C1-4D6E-41BF-A854-28CFA8B56DBF}" = Click to Disc Editor "InstallShield_{AEA6A4C2-7C4E-48F9-A770-879DE2EDEE1B}" = OpenMG Secure Module 5.4.00 "MarketingTools" = VAIO Marketing Tools "MFU Module" = "Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "Mozilla Firefox 14.0.1 (x86 de)" = Mozilla Firefox 14.0.1 (x86 de) "Mozilla Thunderbird 13.0.1 (x86 de)" = Mozilla Thunderbird 13.0.1 (x86 de) "MozillaMaintenanceService" = Mozilla Maintenance Service "NVIDIA Drivers" = NVIDIA Drivers "NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver "Office14.PROPLUS" = Microsoft Office Professional Plus 2010 "Pen Tablet Driver" = Bamboo "Picture Style Editor" = Canon Utilities Picture Style Editor "ProInst" = Intel PROSet Wireless "Shop for HP Supplies" = Shop for HP Supplies "SynTPDeinstKey" = Synaptics Pointing Device Driver "SystemRequirementsLab" = System Requirements Lab "TomTom HOME" = TomTom HOME "VAIO Help and Support" = "VLC media player" = VLC media player 2.0.1 "Wacom WebTabletPlugin for IE" = WebTablet IE Plugin "Wacom WebTabletPlugin for Internet Explorer and Netscape" = WebTablet FB Plugin "Wacom WebTabletPlugin for Netscape" = WebTablet Netscape Plugin "wacomid-desktop-launcher.DCFD4B89A63EE70BC162777F06D4B93B6397AEC7.1" = Bamboo Dock "WinLiveSuite" = Windows Live Essentials "WinRAR archiver" = WinRAR 4.01 (32-Bit) "World of Warcraft" = World of Warcraft ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 27.07.2012 14:17:06 | Computer Name = Bebi-PC | Source = SideBySide | ID = 16842785 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\WksCal.exe". Die abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error - 27.07.2012 14:17:07 | Computer Name = Bebi-PC | Source = SideBySide | ID = 16842785 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\wksss.exe". Die abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error - 27.07.2012 14:17:07 | Computer Name = Bebi-PC | Source = SideBySide | ID = 16842785 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\WksWP.exe". Die abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error - 27.07.2012 14:17:58 | Computer Name = Bebi-PC | Source = VzCdbSvc | ID = 7 Description = Das Plug-In-Modul konnte nicht geladen werden. (GUID = {56F9312C-C989-4E04-8C23-299DEE3A36F5}) (Fehlercode = 0x80042019) Error - 27.07.2012 14:18:14 | Computer Name = Bebi-PC | Source = MsiInstaller | ID = 10005 Description = Error - 28.07.2012 07:22:10 | Computer Name = Bebi-PC | Source = VMCService | ID = 0 Description = conflictManagerTypeValue Error - 28.07.2012 07:22:11 | Computer Name = Bebi-PC | Source = WinMgmt | ID = 10 Description = Error - 28.07.2012 07:23:41 | Computer Name = Bebi-PC | Source = VzCdbSvc | ID = 7 Description = Das Plug-In-Modul konnte nicht geladen werden. (GUID = {56F9312C-C989-4E04-8C23-299DEE3A36F5}) (Fehlercode = 0x80042019) Error - 28.07.2012 07:25:19 | Computer Name = Bebi-PC | Source = SideBySide | ID = 16842785 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\wksdb.exe". Die abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error - 28.07.2012 07:25:19 | Computer Name = Bebi-PC | Source = SideBySide | ID = 16842785 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\WksCal.exe". Die abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". [ System Events ] Error - 21.11.2011 17:41:21 | Computer Name = Bebi-PC | Source = Dhcp | ID = 1002 Description = Die IP-Adresslease für die Netzwerkkarte mit der Netzwerkadresse 001E101F82A7 wurde durch den DHCP-Server abgelehnt (der DHCP-Server hat eine DHCPNACK-Meldung gesendet). Error - 21.11.2011 18:47:38 | Computer Name = Bebi-PC | Source = Dhcp | ID = 1002 Description = Die IP-Adresslease für die Netzwerkkarte mit der Netzwerkadresse 001E101F82A7 wurde durch den DHCP-Server abgelehnt (der DHCP-Server hat eine DHCPNACK-Meldung gesendet). Error - 21.11.2011 18:47:38 | Computer Name = Bebi-PC | Source = Tcpip | ID = 4199 Description = Das System hat einen Adressenkonflikt der IP-Adresse mit dem Computer mit der Netzwerkhardwareadresse 02-50-F3-00-00-00 ermittelt. Netzwerkvorgänge könnten daher auf diesem System unterbrochen werden. Error - 24.11.2011 16:49:11 | Computer Name = Bebi-PC | Source = Dhcp | ID = 1002 Description = Die IP-Adresslease für die Netzwerkkarte mit der Netzwerkadresse 001E101FB4DF wurde durch den DHCP-Server abgelehnt (der DHCP-Server hat eine DHCPNACK-Meldung gesendet). Error - 28.11.2011 08:05:16 | Computer Name = Bebi-PC | Source = Dhcp | ID = 1002 Description = Die IP-Adresslease für die Netzwerkkarte mit der Netzwerkadresse 001E101F2B52 wurde durch den DHCP-Server abgelehnt (der DHCP-Server hat eine DHCPNACK-Meldung gesendet). Error - 28.11.2011 08:23:51 | Computer Name = Bebi-PC | Source = DCOM | ID = 10005 Description = Error - 28.11.2011 08:23:51 | Computer Name = Bebi-PC | Source = Service Control Manager | ID = 7009 Description = Error - 28.11.2011 08:23:51 | Computer Name = Bebi-PC | Source = Service Control Manager | ID = 7000 Description = Error - 28.11.2011 09:39:50 | Computer Name = Bebi-PC | Source = Dhcp | ID = 1002 Description = Die IP-Adresslease für die Netzwerkkarte mit der Netzwerkadresse 001E101F2B52 wurde durch den DHCP-Server abgelehnt (der DHCP-Server hat eine DHCPNACK-Meldung gesendet). Error - 30.11.2011 09:39:16 | Computer Name = Bebi-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20 Description = < End of report > Ob es nun weg ist? :-/ |
![]() | #2 |
/// Helfer-Team ![]() ![]() | ![]() BUNDESTROJANER eingefangen! Was nun? moin moin,
__________________das mußt Du selbst entscheiden. Unabhängig vom GVU-Trojaner kann man sich mit Keygens und Patches auch die Krätze an den Hals, sprich Schadsoftware auf den Rechner holen. Denk mal drüber nach. Volker
__________________ |
![]() | #3 | |
| ![]() BUNDESTROJANER eingefangen! Was nun?Zitat:
Wie bekomme ich jetzt den Trojaner weg? |
![]() | #4 | ||
/// Helfer-Team ![]() ![]() | ![]() BUNDESTROJANER eingefangen! Was nun? Dass Du illegale Software downloadest will ich garnicht sagen. Mir ist nur folgendes aufgefallen: Zitat:
__________________ Das Board unterstützen Datenrettung -->HIER! Zitat der Woche: Die Gefahr, dass der Computer so wird wie der Mensch, ist nicht so groß wie die Gefahr, dass der Mensch so wird wie der Computer. |
![]() | #5 | |
| ![]() BUNDESTROJANER eingefangen! Was nun?Zitat:
im grunde verstehe ich was du meinst. Davon hab ich ehrlich gesagt nichts gewusst, da mein Ex mir die Programme für PS und Microsoft Office 2010 Professionell Plus drauf machte. Was er weiter angestellt hatte, wusste ich nicht, erst jetzt wo du es mir zeigst. Ich hatte ja heute mit ihm telefoniert, aber am Telefon sagte er nichts von. Was soll ich jetzt machen? Ich hab auf dem Laptop sehr wichtige Design-Daten und Photographie drauf, möchte das alles nicht verlieren. ![]() ![]() Queeny |
![]() | #6 |
/// Helfer-Team ![]() ![]() | ![]() BUNDESTROJANER eingefangen! Was nun? Nun, nachdem Du eine Systemwiederherstellung mit einer Kopie gemacht hast, die vor der Infektion lag und ESET auch nichts mehr findet (ich hoffe ESET ist aktuell), kannst Du nochmal einen Scan mit Malwarebytes machen. Außerdem sichere vorsichtshalber alle Deine Daten. Volker
__________________ --> BUNDESTROJANER eingefangen! Was nun? |
![]() | #7 | |
| ![]() BUNDESTROJANER eingefangen! Was nun?Zitat:
Ok, dann sichere ich die Daten erstmal, aber im agesicherten Modus? Dann lass ich den anderen scan drüber laufen. Ich melde mich, soweit ich des habe. Muss ich vom Scan dann was posten? Liebe Grüße und danke für die Hilfe Queeny Edit: achso.. die originelle Systemwiederherstellungs-Disk hab ich. Ja, die wurde ganz am Anfang beim einrichten des Laptops gemacht. Edit 2: Wichtige Daten im abgesichteren Modus auf externe Festplatte gesichert. Malwarebytes durchlaufen lassen. Ergebnis Code:
ATTFilter Malwarebytes Anti-Malware (Test) www.malwarebytes.org Datenbank Version: v2012.08.07.09 Windows Vista Service Pack 2 x86 NTFS (Abgesichertenmodus/Netzwerkfähig) Internet Explorer 9.0.8112.16421 Jodi Jean :: BEBI-PC [Administrator] Schutz: Deaktiviert 08.08.2012 01:11:49 mbam-log-2012-08-08 (01-11-49).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|G:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 472250 Laufzeit: 1 Stunde(n), 8 Minute(n), 9 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 1 C:\Users\Jodi Jean\AppData\Roaming\msconfig.dat (Trojan.Dropper) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) |
![]() | #8 |
/// Helfer-Team ![]() ![]() | ![]() BUNDESTROJANER eingefangen! Was nun? moin moin, das sieht doch garnicht schlecht aus. Deine Daten hast Du gesichert. Starte den Rechner mal normal, mal sehen ob er noch Auffälligkeiten zeigt. Mache nochmal einen Scan mit OTL und poste das Logfile. Volker
__________________ Das Board unterstützen Datenrettung -->HIER! Zitat der Woche: Die Gefahr, dass der Computer so wird wie der Mensch, ist nicht so groß wie die Gefahr, dass der Mensch so wird wie der Computer. |
![]() | #9 | |
| ![]() BUNDESTROJANER eingefangen! Was nun?Zitat:
Hallo Volker, hier das Logfile von OTL (ich hoffe, dass ich es richtig gemacht habe?): Code:
ATTFilter OTL logfile created on: 08.08.2012 17:25:38 - Run 3 OTL by OldTimer - Version Folder = C:\Users\Jodi Jean\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 1,78 Gb Available Physical Memory | 59,26% Memory free 6,20 Gb Paging File | 4,85 Gb Available in Paging File | 78,26% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 287,71 Gb Total Space | 175,11 Gb Free Space | 60,86% Space Free | Partition Type: NTFS Drive G: | 465,76 Gb Total Space | 442,95 Gb Free Space | 95,10% Space Free | Partition Type: NTFS Computer Name: BEBI-PC | User Name: Jodi Jean | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.08.08 16:53:26 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Jodi Jean\Desktop\OTL.exe PRC - [2012.07.03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012.07.03 13:46:44 | 000,462,920 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2012.04.04 07:53:56 | 000,815,512 | ---- | M] (Adobe Systems Inc.) -- C:\Programme\Adobe\Acrobat 10.0\Acrobat\acrotray.exe PRC - [2012.01.17 11:36:08 | 001,015,912 | ---- | M] (Sony Corporation) -- C:\Programme\sony\VAIO Update 5\VAIOUpdt.exe PRC - [2012.01.13 10:53:48 | 000,939,624 | ---- | M] (Sony Corporation) -- C:\Programme\sony\VAIO Update Common\VUAgent.exe PRC - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2011.09.27 05:45:40 | 000,646,232 | ---- | M] () -- C:\Programme\Bamboo Dock\BambooCore.exe PRC - [2011.09.22 13:03:30 | 000,974,944 | ---- | M] (ESET) -- C:\Programme\ESET\ESET NOD32 Antivirus\ekrn.exe PRC - [2011.09.22 13:03:02 | 003,080,264 | ---- | M] (ESET) -- C:\Programme\ESET\ESET NOD32 Antivirus\egui.exe PRC - [2011.09.08 17:48:34 | 005,554,552 | ---- | M] (Wacom Technology, Corp.) -- C:\Programme\Tablet\Pen\Pen_Tablet.exe PRC - [2011.09.08 17:48:34 | 003,281,272 | ---- | M] (Wacom Technology, Corp.) -- C:\Programme\Tablet\Pen\Pen_TouchUser.exe PRC - [2011.09.08 17:48:34 | 001,485,176 | ---- | M] (Wacom Technology, Corp.) -- C:\Programme\Tablet\Pen\Pen_TabletUser.exe PRC - [2011.09.08 17:48:34 | 000,451,960 | ---- | M] (Wacom Technology, Corp.) -- C:\Programme\Tablet\Pen\Pen_TouchService.exe PRC - [2011.05.21 07:01:00 | 002,214,504 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe PRC - [2011.04.22 14:21:10 | 000,092,592 | ---- | M] (TomTom) -- C:\Programme\TomTom HOME 2\TomTomHOMEService.exe PRC - [2011.03.28 21:31:16 | 000,193,920 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE PRC - [2011.03.28 21:31:14 | 001,713,536 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE PRC - [2009.09.11 12:33:54 | 000,009,216 | ---- | M] (Vodafone) -- C:\Programme\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe PRC - [2009.07.21 15:49:00 | 000,239,648 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe PRC - [2009.05.21 15:28:38 | 000,874,768 | ---- | M] (Intel(R) Corporation) -- C:\Programme\Intel\WiFi\bin\EvtEng.exe PRC - [2009.05.21 14:04:14 | 000,473,360 | ---- | M] (Intel(R) Corporation) -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009.03.05 19:47:40 | 000,313,264 | ---- | M] (Sony Corporation) -- C:\Programme\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe PRC - [2009.03.05 19:47:40 | 000,192,512 | ---- | M] (Sony Corporation) -- C:\Programme\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe PRC - [2009.03.05 19:41:58 | 005,189,992 | ---- | M] (Sony Corporation) -- C:\Programme\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe PRC - [2009.01.24 10:31:26 | 000,559,656 | ---- | M] (Broadcom Corporation.) -- C:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe PRC - [2009.01.19 13:49:20 | 000,203,624 | ---- | M] (Sony Corporation) -- C:\Programme\sony\VAIO Event Service\VESMgr.exe PRC - [2009.01.19 13:49:20 | 000,112,488 | ---- | M] (Sony Corporation) -- C:\Programme\sony\VAIO Event Service\VESMgrSub.exe PRC - [2008.12.22 00:30:32 | 000,274,432 | ---- | M] (Sony Corporation) -- C:\Programme\sony\Network Utility\LANUtil.exe PRC - [2008.12.21 22:55:06 | 000,303,104 | ---- | M] (Sony Corporation) -- C:\Programme\sony\Network Utility\NSUService.exe PRC - [2008.12.19 14:02:08 | 001,771,368 | ---- | M] (Sony Corporation) -- C:\Programme\sony\VAIO Power Management\SPMgr.exe PRC - [2008.12.19 14:02:08 | 000,415,592 | ---- | M] (Sony Corporation) -- C:\Programme\sony\VAIO Power Management\SPMService.exe PRC - [2008.12.18 11:53:50 | 000,317,288 | ---- | M] (Sony Corporation) -- C:\Programme\sony\ISB Utility\ISBMgr.exe PRC - [2008.09.18 11:59:10 | 000,104,960 | ---- | M] (ArcSoft, Inc.) -- C:\Programme\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe PRC - [2008.01.21 04:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe PRC - [2008.01.21 04:25:33 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe PRC - [2008.01.21 04:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Defender\MSASCui.exe PRC - [2007.01.04 20:48:50 | 000,112,152 | ---- | M] (InterVideo) -- c:\Programme\Common Files\InterVideo\RegMgr\iviRegMgr.exe ========== Modules (No Company Name) ========== MOD - [2012.06.18 12:26:16 | 011,820,032 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\508b444db523c5cf20ff12c7f440837b\System.Web.ni.dll MOD - [2012.06.15 23:27:29 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\f2691cfa7671cdc58179e56ba9227591\System.Windows.Forms.ni.dll MOD - [2012.06.15 23:27:20 | 001,592,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\18f9789aa214c657113e676b3a9015aa\System.Drawing.ni.dll MOD - [2012.05.12 16:57:44 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\75df548d77c2833a48c5da51424c93f1\System.IdentityModel.Selectors.ni.dll MOD - [2012.05.12 16:57:43 | 001,070,080 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\32983e3f4c5c20053e6673f37a58a874\System.IdentityModel.ni.dll MOD - [2012.05.12 16:57:40 | 002,346,496 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\1619144e1a9eaca847e53b952b21820b\System.Runtime.Serialization.ni.dll MOD - [2012.05.12 16:57:36 | 000,256,000 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\521fb04fdfbb0039a34cc91111d11804\SMDiagnostics.ni.dll MOD - [2012.05.12 16:57:35 | 017,404,416 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\7d5061292d80e6d0856b4d6fd4e88b64\System.ServiceModel.ni.dll MOD - [2012.05.12 16:13:45 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\bd76aaaa03ddc15d1840207b5a480644\System.Configuration.ni.dll MOD - [2012.05.12 16:11:15 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d2630342a066a7cb9056d9eb6157687a\System.Xml.ni.dll MOD - [2012.05.12 16:09:36 | 007,953,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\28d633338fc8d29f8af31935ef7d001b\System.ni.dll MOD - [2012.05.12 16:09:20 | 011,492,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\af9c9e9d7e0523cd444f8b551baa9cbf\mscorlib.ni.dll MOD - [2012.01.08 15:41:12 | 000,093,696 | ---- | M] () -- C:\Programme\FileZilla FTP Client\fzshellext.dll MOD - [2011.09.27 05:45:40 | 000,646,232 | ---- | M] () -- C:\Programme\Bamboo Dock\BambooCore.exe MOD - [2011.09.08 17:48:36 | 000,962,936 | ---- | M] () -- C:\Programme\Tablet\Pen\libxml2.dll MOD - [2011.05.28 23:04:56 | 000,140,288 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll MOD - [2011.03.17 01:11:16 | 004,297,568 | ---- | M] () -- C:\Programme\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF MOD - [2009.12.09 08:54:50 | 000,495,616 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.ServiceModel.resources\\System.ServiceModel.resources.dll MOD - [2009.04.02 12:13:46 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\SPMDam\\SPMDam.dll MOD - [2009.04.02 12:13:44 | 000,086,016 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\SPMCommon\\SPMCommon.dll MOD - [2009.03.30 06:42:11 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\\mscorlib.resources.dll ========== Win32 Services (SafeList) ========== SRV - [2012.08.07 04:40:07 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.07.18 21:21:55 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.07.03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012.03.06 17:29:06 | 000,392,344 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Sony Shared\SOHLib\SOHDms.exe -- (SOHDms) SRV - [2012.03.06 17:29:06 | 000,093,336 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe -- (SOHPlMgr) SRV - [2012.03.06 17:29:06 | 000,076,952 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Sony Shared\SOHLib\SOHDs.exe -- (SOHDs) SRV - [2012.03.06 17:29:04 | 000,122,008 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Sony Shared\SOHLib\SOHCImp.exe -- (SOHCImp) SRV - [2012.03.06 17:29:04 | 000,072,856 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe -- (SOHDBSvr) SRV - [2012.01.13 10:53:48 | 000,939,624 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Programme\sony\VAIO Update Common\VUAgent.exe -- (VUAgent) SRV - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2011.09.22 13:03:30 | 000,974,944 | ---- | M] (ESET) [Auto | Running] -- C:\Programme\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn) SRV - [2011.09.08 17:48:34 | 005,554,552 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Programme\Tablet\Pen\Pen_Tablet.exe -- (TabletServicePen) SRV - [2011.09.08 17:48:34 | 000,451,960 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Programme\Tablet\Pen\Pen_TouchService.exe -- (TouchServicePen) SRV - [2011.06.12 12:15:00 | 031,125,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service) SRV - [2011.05.21 07:01:00 | 002,214,504 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Programme\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService) SRV - [2011.04.22 14:21:10 | 000,092,592 | ---- | M] (TomTom) [Auto | Running] -- C:\Programme\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService) SRV - [2011.03.28 21:31:14 | 001,713,536 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2010.03.18 12:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon) SRV - [2010.02.19 14:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Programme\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard) SRV - [2010.01.09 22:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc) SRV - [2010.01.09 22:18:00 | 000,149,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose) SRV - [2009.09.16 14:27:12 | 000,480,624 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe -- (VcmIAlzMgr) SRV - [2009.09.11 12:33:54 | 000,009,216 | ---- | M] (Vodafone) [Auto | Running] -- C:\Programme\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe -- (VMCService) SRV - [2009.09.08 19:09:14 | 000,083,312 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe -- (VcmXmlIfHelper) SRV - [2009.07.21 15:49:00 | 000,239,648 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2009.05.21 15:28:38 | 000,874,768 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) SRV - [2009.05.21 14:04:14 | 000,473,360 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) SRV - [2009.04.02 01:15:30 | 000,114,688 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR) SRV - [2009.03.05 19:47:40 | 000,313,264 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Programme\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe -- (Vcsw) SRV - [2009.03.05 19:47:40 | 000,192,512 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Programme\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe -- (VzCdbSvc) SRV - [2009.03.05 19:47:40 | 000,069,632 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe -- (VAIO Entertainment TV Device Arbitration Service) SRV - [2009.03.05 19:41:58 | 005,189,992 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Programme\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe -- (VCFw) SRV - [2009.01.24 10:31:26 | 000,559,656 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins) SRV - [2009.01.19 13:49:20 | 000,203,624 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Programme\sony\VAIO Event Service\VESMgr.exe -- (VAIO Event Service) SRV - [2008.12.21 22:55:06 | 000,303,104 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Programme\sony\Network Utility\NSUService.exe -- (NSUService) SRV - [2008.12.19 14:02:08 | 000,415,592 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Programme\sony\VAIO Power Management\SPMService.exe -- (VAIO Power Management) SRV - [2008.09.18 11:59:10 | 000,104,960 | ---- | M] (ArcSoft, Inc.) [Auto | Running] -- C:\Programme\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe -- (uCamMonitor) SRV - [2008.01.21 04:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2007.01.04 20:48:50 | 000,112,152 | ---- | M] (InterVideo) [Auto | Running] -- c:\Programme\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp) DRV - [2012.07.03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector) DRV - [2011.09.08 17:49:26 | 000,011,312 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wacommousefilter.sys -- (wacommousefilter) DRV - [2011.09.08 17:49:24 | 000,014,120 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wacomvhid.sys -- (wacomvhid) DRV - [2011.08.09 15:24:52 | 000,163,424 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\Windows\System32\drivers\eamonm.sys -- (eamonm) DRV - [2011.08.04 10:20:38 | 000,103,112 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\epfwwfpr.sys -- (epfwwfpr) DRV - [2011.08.04 10:20:36 | 000,118,104 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\System32\drivers\ehdrv.sys -- (ehdrv) DRV - [2009.07.21 19:16:00 | 009,558,080 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2009.06.29 18:59:02 | 000,112,128 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbnet.sys -- (ewusbnet) DRV - [2009.06.29 18:59:02 | 000,102,912 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbfake.sys -- (hwusbfake) DRV - [2009.05.28 23:41:28 | 004,233,728 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) DRV - [2009.04.09 14:38:26 | 000,102,784 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard) DRV - [2009.01.07 22:17:28 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio) DRV - [2008.11.24 23:41:52 | 000,010,216 | ---- | M] (Sony Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\DMICall.sys -- (DMICall) DRV - [2008.11.19 02:08:46 | 000,009,344 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SFEP.sys -- (SFEP) DRV - [2008.10.23 02:02:26 | 000,046,592 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\risdptsk.sys -- (risdptsk) DRV - [2008.10.23 02:02:05 | 000,068,608 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk) DRV - [2008.06.07 02:02:55 | 000,131,000 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\WimFltr.sys -- (WimFltr) DRV - [2008.04.24 15:06:40 | 000,017,920 | ---- | M] (ArcSoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ArcSoftKsUFilter.sys -- (ArcSoftKsUFilter) DRV - [2007.04.17 21:09:28 | 000,011,032 | ---- | M] (InterVideo) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\regi.sys -- (regi) DRV - [2004.04.01 17:30:46 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\pfc.sys -- (pfc) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=SNYT&bmod=EU01 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=SNYT&bmod=SNYT IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64} IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SNYT IE - HKLM\..\SearchScopes\{FEF36E3B-F768-4A7E-A590-DF7B1E9380CA}: "URL" = hxxp://www.google.de/search?hl=de&q={searchTerms}&meta= IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=SNYT&bmod=EU01 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=SNYT&bmod=EU01 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\SearchScopes,DefaultScope = {9AAA0826-24E7-4DCA-BFCB-F57B8961C97E} IE - HKCU\..\SearchScopes\{9AAA0826-24E7-4DCA-BFCB-F57B8961C97E}: "URL" = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8&rlz=1I7SNYK_de IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_270.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\@wacom.com/wacom-plugin,version= C:\Program Files\TabletPlugins\npwacom.dll (Wacom, Inc.) FF - HKLM\Software\MozillaPlugins\@wacom.com/wtPlugin,version= C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom) FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\wacom.com/WacomTabletPlugin: C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2012.04.14 02:01:55 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}: C:\Program Files\Adobe\Adobe Contribute CS5.1\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} [2012.02.08 16:34:36 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.07.18 21:21:56 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 13.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012.07.28 13:48:55 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2011.12.29 03:06:04 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.07.18 21:21:56 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.01.28 18:43:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jodi Jean\AppData\Roaming\mozilla\Extensions [2012.01.28 18:43:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jodi Jean\AppData\Roaming\mozilla\Extensions\home2@tomtom.com [2012.08.06 13:11:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jodi Jean\AppData\Roaming\mozilla\Firefox\Profiles\rdhpyawi.default\extensions [2012.05.18 21:35:55 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\Jodi Jean\AppData\Roaming\mozilla\Firefox\Profiles\rdhpyawi.default\extensions\ich@maltegoetz.de [2011.12.21 20:07:55 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2012.07.18 21:21:56 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2011.04.14 15:01:38 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files\mozilla firefox\components\Scriptff.dll [2011.11.05 05:38:54 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2011.11.05 05:32:18 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2011.11.05 05:38:54 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2011.11.05 05:38:54 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2011.11.05 05:38:54 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2011.11.05 05:38:54 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2011.11.28 15:19:39 | 000,000,859 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: localhost O1 - Hosts: ::1 localhost O1 - Hosts: activate.adobe.com O1 - Hosts: practivate.adobe.com O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Programme\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.) O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - Reg Error: Value error. File not found O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\Office14\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Programme\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.) O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found O4 - HKLM..\Run: [BambooCore] C:\Programme\Bamboo Dock\BambooCore.exe () O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\Office14\BCSSync.exe (Microsoft Corporation) O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET) O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe (Sony Corporation) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [MobileConnect] C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe (Vodafone) O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [SwitchBoard] C:\Programme\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [AdobeBridge] File not found O4 - HKCU..\Run: [NSUFloatingUI] C:\Program Files\Sony\Network Utility\LANUtil.exe (Sony Corporation) O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105 File not found O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Programme\ICQ7.7\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Programme\ICQ7.7\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0DD30EF4-3D03-4B91-B3D1-BFEDBAE01B50}: DhcpNameServer = O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{400A0307-6EF0-4B69-96D8-4BE8BD574F68}: DhcpNameServer = O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A2E27893-A70E-43A1-B92D-33895DB60DE1}: DhcpNameServer = O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AB0F77C7-90D8-4930-A204-89945BF863BC}: DhcpNameServer = O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F8C57B21-055C-4100-B24B-AB84EE0BFB4B}: DhcpNameServer = O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\VESWinlogon: DllName - (VESWinlogon.dll) - C:\Windows\System32\VESWinlogon.dll (Sony Corporation) O24 - Desktop WallPaper: O24 - Desktop BackupWallPaper: O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\Office14\GROOVEEX.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2011.09.15 13:12:14 | 000,000,080 | -H-- | M] () - G:\autorun.inf -- [ NTFS ] O33 - MountPoints2\{08f22909-299f-11e1-b1b5-001e101f79c9}\Shell - "" = AutoRun O33 - MountPoints2\{08f22909-299f-11e1-b1b5-001e101f79c9}\Shell\AutoRun\command - "" = G:\setup_vmc_lite.exe /checkApplicationPresence O33 - MountPoints2\{63b86b71-0f06-11e1-a51a-001dba76ce7b}\Shell - "" = AutoRun O33 - MountPoints2\{63b86b71-0f06-11e1-a51a-001dba76ce7b}\Shell\AutoRun\command - "" = G:\setup_vmc_lite.exe /checkApplicationPresence O33 - MountPoints2\{63b86b81-0f06-11e1-a51a-001e101f2500}\Shell - "" = AutoRun O33 - MountPoints2\{63b86b81-0f06-11e1-a51a-001e101f2500}\Shell\AutoRun\command - "" = G:\setup_vmc_lite.exe /checkApplicationPresence O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012.08.08 16:53:22 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Jodi Jean\Desktop\OTL.exe [2012.08.08 01:08:36 | 000,000,000 | ---D | C] -- C:\Users\Jodi Jean\AppData\Roaming\Malwarebytes [2012.08.08 01:08:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.08.08 01:08:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.08.08 01:08:13 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012.08.08 01:08:13 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012.08.06 13:37:15 | 000,000,000 | ---D | C] -- C:\Windows\AutoKMS [2012.07.20 23:00:51 | 000,000,000 | ---D | C] -- C:\Users\Jodi Jean\AppData\Local\ESET [2012.07.12 21:21:01 | 000,000,000 | ---D | C] -- C:\Users\Jodi Jean\AppData\Local\{6379D574-0B30-4640-8F71-AE8446A624B8} [2012.07.12 21:20:39 | 000,000,000 | ---D | C] -- C:\Users\Jodi Jean\AppData\Local\{DBC834F1-EF45-4D31-953A-70061A2DC1C7} ========== Files - Modified Within 30 Days ========== [2012.08.08 16:54:28 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.08.08 16:54:28 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.08.08 16:54:28 | 000,126,454 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.08.08 16:54:28 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.08.08 16:53:26 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Jodi Jean\Desktop\OTL.exe [2012.08.08 16:49:30 | 000,246,032 | ---- | M] () -- C:\ProgramData\nvModes.dat [2012.08.08 16:49:30 | 000,246,032 | ---- | M] () -- C:\ProgramData\nvModes.001 [2012.08.08 16:46:52 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012.08.08 16:46:52 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012.08.08 16:46:45 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.08.08 16:46:42 | 3218,055,168 | -HS- | M] () -- C:\hiberfil.sys [2012.08.08 02:55:48 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat [2012.08.08 02:40:28 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.08.08 01:08:14 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.08.08 00:46:44 | 000,001,356 | ---- | M] () -- C:\Users\Jodi Jean\AppData\Local\d3d9caps.dat [2012.08.06 20:58:02 | 000,001,680 | ---- | M] () -- C:\Users\Jodi Jean\AppData\Local\Adobe Save for Web 12.0 Prefs [2012.08.02 02:20:24 | 000,000,161 | ---- | M] () -- C:\Windows\AutoKMS.ini [2012.08.01 21:25:19 | 000,034,304 | ---- | M] () -- C:\Users\Jodi Jean\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.07.21 20:47:21 | 000,000,132 | ---- | M] () -- C:\Users\Jodi Jean\AppData\Roaming\Adobe PNG Format CS5 Prefs [2012.07.11 16:14:00 | 003,767,944 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT ========== Files Created - No Company Name ========== [2012.08.08 02:36:57 | 3218,055,168 | -HS- | C] () -- C:\hiberfil.sys [2012.08.08 01:08:14 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.06.22 19:22:37 | 000,010,567 | R--- | C] () -- C:\Windows\hpwscr19.dat [2012.06.22 19:17:08 | 000,203,129 | ---- | C] () -- C:\Windows\hpwins19.dat [2012.06.08 00:58:25 | 000,000,132 | ---- | C] () -- C:\Users\Jodi Jean\AppData\Roaming\Adobe IllExport Filter CS5 Prefs [2012.01.23 22:36:44 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2012.01.15 10:06:40 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2011.12.27 22:49:10 | 000,001,680 | ---- | C] () -- C:\Users\Jodi Jean\AppData\Local\Adobe Save for Web 12.0 Prefs [2011.12.12 22:43:58 | 000,246,032 | ---- | C] () -- C:\ProgramData\nvModes.dat [2011.12.12 22:43:58 | 000,246,032 | ---- | C] () -- C:\ProgramData\nvModes.001 [2011.12.02 19:52:55 | 000,000,132 | ---- | C] () -- C:\Users\Jodi Jean\AppData\Roaming\Adobe PNG Format CS5 Prefs [2011.12.01 00:31:58 | 000,034,304 | ---- | C] () -- C:\Users\Jodi Jean\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.11.20 21:10:51 | 000,001,356 | ---- | C] () -- C:\Users\Jodi Jean\AppData\Local\d3d9caps.dat [2011.11.19 20:12:48 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2011.11.19 20:12:47 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2011.11.16 01:36:02 | 000,000,161 | ---- | C] () -- C:\Windows\AutoKMS.ini [2011.11.14 23:08:02 | 000,000,000 | ---- | C] () -- C:\Windows\VAIOUpdt.INI [2009.06.16 13:25:02 | 000,121,512 | R--- | C] () -- C:\ProgramData\DeviceManager.xml.rc4 ========== LOP Check ========== [2011.11.15 00:39:30 | 000,000,000 | ---D | M] -- C:\Users\Jodi Jean\AppData\Roaming\Bytemobile [2012.03.26 16:38:39 | 000,000,000 | ---D | M] -- C:\Users\Jodi Jean\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 [2011.11.29 23:46:40 | 000,000,000 | ---D | M] -- C:\Users\Jodi Jean\AppData\Roaming\com.adobe.WidgetBrowser.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1 [2012.08.01 03:00:19 | 000,000,000 | ---D | M] -- C:\Users\Jodi Jean\AppData\Roaming\FileZilla [2012.08.07 00:34:37 | 000,000,000 | ---D | M] -- C:\Users\Jodi Jean\AppData\Roaming\ICQ [2012.02.05 03:22:12 | 000,000,000 | ---D | M] -- C:\Users\Jodi Jean\AppData\Roaming\Image-Line [2011.12.02 18:20:01 | 000,000,000 | ---D | M] -- C:\Users\Jodi Jean\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1 [2011.11.15 23:02:40 | 000,000,000 | ---D | M] -- C:\Users\Jodi Jean\AppData\Roaming\Thunderbird [2012.01.28 18:43:28 | 000,000,000 | ---D | M] -- C:\Users\Jodi Jean\AppData\Roaming\TomTom [2011.11.15 00:39:30 | 000,000,000 | ---D | M] -- C:\Users\Jodi Jean\AppData\Roaming\Vodafone [2011.11.15 00:45:29 | 000,000,000 | ---D | M] -- C:\Users\Jodi Jean\AppData\Roaming\Vodafone Mobile Connect [2012.06.29 20:28:03 | 000,000,000 | ---D | M] -- C:\Users\Jodi Jean\AppData\Roaming\Wacom [2012.06.29 20:30:15 | 000,000,000 | ---D | M] -- C:\Users\Jodi Jean\AppData\Roaming\wacomid-desktop-launcher.DCFD4B89A63EE70BC162777F06D4B93B6397AEC7.1 [2012.08.08 02:55:48 | 000,032,510 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:D3A96964 < End of report > |
![]() | #10 |
| ![]() BUNDESTROJANER eingefangen! Was nun? Hallo Volker, bearbeitest du meinen Beitrag nicht mehr weiter oder wie soll ich das nun verstehen? Der Trojaner ist noch nicht weg :-/ wenn ich Email versende, dann bekommen die Leute es als "SPAM" zugeordnet, obwohl es davor so nicht war. Was nun?? Lg Queeny |
![]() |
Themen zu BUNDESTROJANER eingefangen! Was nun? |
32 bit, abgesichterten, autokms, bundes, bundestrojaner, bundestrojaner eingefangen, canon, daten, document, eingefangen, eset nod32, gefangen, gen, gesperrt, install.exe, ip-adresse, jdownloader, laptop, laptop gesperrt, modus, msiinstaller, nvidia update, nvstor.sys, officejet, plug-in, required, runterladen, schritte, tablet, visual studio, vodafone, wichtige, wichtige daten |