| |
| |||||||
Log-Analyse und Auswertung: Emails (mail delivery failed) hundertfach in meinem Postfach bei web.de!Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
03.11.2012, 21:34
| #1 |
| |  Emails (mail delivery failed) hundertfach in meinem Postfach bei web.de! Hallo allerseits, ich bin neu hier. Habe ein, wie ich hier festgestellt habe, momentan geläufiges Problem. Ich bekomme ständig (vor ein paar Tagen waren es 279!!!!!!!) Mail delivery failed Emails in meinem Unbekannt-(nicht Spam-!) Ordner bei web.de. Bevor ich Euch den Inhalt eine dieser Mails poste erst einmal meine OTL- Editor Inhalte: OTL Extras logfile created on: 03.11.2012 21:03:03 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\lostinmusic\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,86 Gb Total Physical Memory | 2,38 Gb Available Physical Memory | 61,75% Memory free 7,71 Gb Paging File | 5,99 Gb Available in Paging File | 77,71% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 64,43 Gb Total Space | 19,03 Gb Free Space | 29,53% Space Free | Partition Type: NTFS Drive I: | 390,20 Gb Total Space | 380,28 Gb Free Space | 97,46% Space Free | Partition Type: NTFS Computer Name: SONY | User Name: lostinmusic | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .html[@ = ChromeHTML] -- Reg Error: Key error. File not found .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) .html [@ = ChromeHTML] -- Reg Error: Key error. File not found [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. http [open] -- Reg Error: Key error. https [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [Browse with &IrfanView] -- "C:\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan) Directory [BUDNI Fotowelt] -- "C:\Program Files (x86)\BUDNI Fotowelt\BUDNI Fotowelt\BUDNI Fotowelt.exe" "%1" () Directory [CEWE FOTOSCHAU] -- "C:\Program Files (x86)\BUDNI Fotowelt\BUDNI Fotowelt\CEWE FOTOSCHAU.exe" -d "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [foobar2000.enqueue] -- "C:\Foobar\foobar2000.exe" /add "%1" () Directory [foobar2000.play] -- "C:\Foobar\foobar2000.exe" "%1" () Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. http [open] -- Reg Error: Key error. https [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [Browse with &IrfanView] -- "C:\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan) Directory [BUDNI Fotowelt] -- "C:\Program Files (x86)\BUDNI Fotowelt\BUDNI Fotowelt\BUDNI Fotowelt.exe" "%1" () Directory [CEWE FOTOSCHAU] -- "C:\Program Files (x86)\BUDNI Fotowelt\BUDNI Fotowelt\CEWE FOTOSCHAU.exe" -d "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [foobar2000.enqueue] -- "C:\Foobar\foobar2000.exe" /add "%1" () Directory [foobar2000.play] -- "C:\Foobar\foobar2000.exe" "%1" () Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0AF6AF2C-A77F-4BA9-A4CE-D9DFBA985137}" = lport=139 | protocol=6 | dir=in | app=system | "{0D063275-EAF5-403B-AC57-041DA75B3805}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{10B2A5E7-C1CF-4AF3-A9E1-5E4A2FDAA472}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{221BD85C-E18C-4EEB-8968-DDB8FA42F947}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{2B5AD791-2FB1-4067-9F9E-6D9EE8BC3FB3}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{2D2E1651-29AA-4082-8497-ADC4BA29B01D}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{33B7AF5B-1080-4843-BCC4-9A4CD033B37F}" = rport=138 | protocol=17 | dir=out | app=system | "{3CDD5C37-4728-46B6-B241-4C65D88AA2F9}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{3D04DC17-5C68-4DE2-BF32-DC34BBF74257}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe | "{46B10BCB-1C77-4930-AC1A-9B44C204E4C3}" = rport=10243 | protocol=6 | dir=out | app=system | "{543D3FAC-2A9E-4CD9-9A99-5BFC68F1F85B}" = lport=137 | protocol=17 | dir=in | app=system | "{6034C6A4-1AC6-40E6-AA11-2E23CB0E878C}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{63BCFA0F-4ABA-47E0-A8D0-52FC39A9725A}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{6E7EB799-3FBA-484D-813A-F7971E11D3BE}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{7120C5FF-7464-4598-864C-037EDDB5BF78}" = lport=445 | protocol=6 | dir=in | app=system | "{8DB1D16B-5D59-4DFD-81EB-E53062821FCF}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | "{8F11F3A9-B47E-4870-A214-793D234E04E2}" = lport=2869 | protocol=6 | dir=in | app=system | "{959142BA-C02E-471F-BC7D-74F008E6A24E}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{9E887EB0-8724-466D-A2A7-E7BE4EF4931D}" = rport=137 | protocol=17 | dir=out | app=system | "{B090556E-D9D8-4CA2-B9E1-560745EE06BF}" = rport=445 | protocol=6 | dir=out | app=system | "{BC4BF9D1-229D-4070-A123-92781DD65B72}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{C2373D68-DFC0-4E69-BD47-FCFEB8DBEB5C}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{C25C6235-44E8-4E69-954F-12313D6B6069}" = rport=139 | protocol=6 | dir=out | app=system | "{C44488A8-12DF-41AD-860F-2B4F03575D49}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{C46A7B07-169D-4A62-AFB9-CFD99A31BBF2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{C538E5BD-BE6D-4E07-89C0-165E95C1283C}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{C82314B7-BF08-43B0-9AD4-225438B8A46C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{CA03B4C2-2F87-42F9-9A03-7C7181D8BD1D}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{CBEFD642-CDD7-4686-B640-83B8DD9F76B4}" = lport=138 | protocol=17 | dir=in | app=system | "{D3D6D13F-25B4-429E-B2AF-EF1AB8C2917D}" = lport=2869 | protocol=6 | dir=in | app=system | "{D4A01AA5-79FA-46E1-80D0-E2A828C25041}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{EDC53626-2352-434C-84D2-2712C7F58CEB}" = lport=10243 | protocol=6 | dir=in | app=system | "{EFFB0496-B189-4F5C-B042-376C9B53C623}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{F9C3AA5B-9730-438B-850E-061430E7063A}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{01CE87EA-8E09-4557-8307-ECA49E843779}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{13DBD5DE-DCB9-4863-8335-FA7A05319A96}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{1674B41E-5E3F-48CA-955B-9B058730C42E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{2035AD42-A7C4-46C4-BFF5-CE9F9B6C3C42}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe | "{2DEC7F54-1F8E-4098-9DF0-9A9CFB5DE53A}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{30F4CC26-88FF-4432-9FAE-4B94C21CE65A}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe | "{3485C689-0F1D-49E3-86FD-7E75ABAECC8E}" = protocol=6 | dir=in | app=c:\program files (x86)\kabel deutschland\installations-software\kdi.exe | "{34F8CAD8-AECF-442C-A635-244357CCF07D}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{37B9AE8A-82A7-4931-A1DF-274527DEB56C}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{4009ED1F-4A45-4118-8030-17E72BC20849}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{40D0D57F-B024-4EA1-9DA8-0E013B9CCC95}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe | "{434F4E96-B288-4864-BCB1-607C00C4129B}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe | "{444C8C5A-93E9-462C-8CC1-2C4EDD0B076E}" = protocol=17 | dir=in | app=c:\program files (x86)\kabel deutschland\installations-software\kdi.exe | "{4C119829-F545-4020-A793-37C08838F2D4}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{4D404A52-1A4D-4A2D-A2EF-F58107E43264}" = protocol=6 | dir=in | app=c:\program files (x86)\kabel deutschland\installations-software\kdi.exe | "{4D55C147-846A-4FC8-A1D2-31BF49F48782}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{4D8D93CA-503E-4053-9850-3004FC1F692F}" = protocol=17 | dir=in | app=c:\program files (x86)\kabel deutschland\installations-software\kdi.exe | "{5B76ABA8-ACCE-4F6E-8F02-3C74FA20E663}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{673E328A-C22D-4B0F-8C68-2715A8BB3338}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | "{6983D4CC-8925-40D0-9E64-EB5F6AFEC43C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{6C54AB5D-C014-4F77-BB10-A43509DC5044}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe | "{70C2A02F-B96C-4AE1-B3A5-D61DC64A72C4}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe | "{80F4DA53-9963-4C08-AB8F-7A8F0B76CD78}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{9CEB505F-B2DC-43E3-9D64-FDE9B2DB86F2}" = protocol=6 | dir=out | app=system | "{A0E4E55D-9D17-41D4-B5C1-3E6730EEAE25}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{A2C44D2F-36B3-4A83-9D78-D0935DD92733}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{A2FB5EDA-A693-419A-82A0-0097B980B273}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{A68D3DD4-9113-44FC-AE03-6D9A4F2D7E14}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{BB08CE56-0C8E-4C24-8DF9-85E2ADB9E8AE}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{CA4FC591-7D37-4892-989F-E5ADD498BCD8}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{F996804C-256C-49BB-8A12-1696A7706914}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "TCP Query User{057D32FA-0F5C-4CDE-8881-EE6C0A6DB0F8}C:\program files (x86)\soulseekns\slsk.exe" = protocol=6 | dir=in | app=c:\program files (x86)\soulseekns\slsk.exe | "TCP Query User{080B1F89-AF31-4911-8DB0-49CBE7A0430A}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe | "TCP Query User{13FAAB15-62FC-4B13-81B9-61B135C5E45B}C:\program files (x86)\soulseekns\slsk.exe" = protocol=6 | dir=in | app=c:\program files (x86)\soulseekns\slsk.exe | "TCP Query User{1BF58912-C023-4987-849A-2CB6E475D8AA}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe | "TCP Query User{66D42141-5368-45A8-A5E5-DAC6D3D7E0F9}C:\program files (x86)\spyware terminator\spywareterminatorupdate.exe" = protocol=6 | dir=in | app=c:\program files (x86)\spyware terminator\spywareterminatorupdate.exe | "TCP Query User{82102EEA-C7C4-4171-939F-69A9D75FEC0C}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | "TCP Query User{B93870ED-04BE-4537-B318-077252B786AB}C:\program files (x86)\dradio-recorder\phonostar.exe" = protocol=6 | dir=in | app=c:\program files (x86)\dradio-recorder\phonostar.exe | "UDP Query User{45A15800-8E90-469A-B827-CD73A1B2A392}C:\program files (x86)\dradio-recorder\phonostar.exe" = protocol=17 | dir=in | app=c:\program files (x86)\dradio-recorder\phonostar.exe | "UDP Query User{6F67DBDE-96BC-4B05-80C4-FC1B7A11D636}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe | "UDP Query User{C9C30112-42C3-4F39-83C4-9FD372C4F635}C:\program files (x86)\spyware terminator\spywareterminatorupdate.exe" = protocol=17 | dir=in | app=c:\program files (x86)\spyware terminator\spywareterminatorupdate.exe | "UDP Query User{CF7396FC-6E08-48C1-BB17-E872EEE40C5C}C:\program files (x86)\soulseekns\slsk.exe" = protocol=17 | dir=in | app=c:\program files (x86)\soulseekns\slsk.exe | "UDP Query User{D19F606D-ABA8-4769-A04D-E579EB6DE0CD}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | "UDP Query User{D435D445-2932-4667-9C21-6FCC8A48795E}C:\program files (x86)\soulseekns\slsk.exe" = protocol=17 | dir=in | app=c:\program files (x86)\soulseekns\slsk.exe | "UDP Query User{FC896D9C-44E1-4083-B38D-B953994BBB52}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64) "{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP4800_series" = Canon iP4800 series Printer Driver "{11D25EF7-85FC-4B58-8278-485939C8637F}" = VAIO Update Merge Module x64 "{23170F69-40C1-2702-0465-000001000000}" = 7-Zip 4.65 (x64 edition) "{259FD439-13B0-0136-D0A0-FA89BB05831D}" = ccc-utility64 "{26A24AE4-039D-4CA4-87B4-2F86416016FF}" = Java(TM) 6 Update 16 (64-bit) "{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 "{46261E1C-5E0D-484E-8CCC-7F770375FBA2}" = VU5x64 "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 "{5BC83141-83DD-07BE-C940-04B385540F04}" = ATI Catalyst Install Manager "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{7C3AC18F-F19B-4082-8D13-7D603848E06C}" = VAIO Update Merge Module x64 "{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended "{90140000-006D-0407-1000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010 "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = WIDCOMM Bluetooth Software "{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Alps Pointing-device for VAIO "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64) "{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 "{E743BA71-5955-420B-AA52-67508054AD66}" = VAIO Update Merge Module x64 "{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 "{F0A36649-873E-4832-A5F1-BF5DF8600BDB}" = Windows Live Family Safety "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "{F83779DF-E1F5-43A2-A7BE-732F856FADB7}" = Microsoft SQL Server Compact 3.5 SP1 x64 English "3BA80AB4C7E9F8497C115C844953A3D4BEB84D21" = Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800) "930E4792BDAEAFB62A9514EE7578775658A5D07C" = Windows Driver Package - Broadcom Bluetooth (09/09/2009 6.2.0.9405) "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{00B03993-F5A1-47B1-9C54-EC8FBDDDE17E}" = VAIO Care "{0138F525-6C8A-333F-A105-14AE030B9A54}" = Visual C++ 9.0 CRT (x86) WinSXS MSM "{07B7598E-1FB8-1A95-7A30-F534A55726B4}" = CCC Help Czech "{0899D75A-C2FC-42EA-A702-5B9A5F24EAD5}" = VAIO Smart Network "{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Central Data "{12D0BE8D-538C-4AB1-86DE-C540308F50DA}" = VAIO Content Metadata Manager Settings "{13EC74A6-4707-4D26-B9B9-E173403F3B08}" = Quick Web Access "{159E5135-4BEA-52B7-8CDC-823F1ED6D8A5}" = CCC Help Spanish "{1873FFC1-FDCB-47E1-B7C7-F418211E3530}" = PMB VAIO Edition plug-in (VAIO Image Optimizer) "{1E450972-E996-4EC1-A4C3-1518A46928D0}" = VAIO Content Metadata Intelligent Network Service Manager "{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Central Tools "{1FD416D0-CC16-41D1-A25C-C9986CD8BBAB}" = VAIO Content Metadata Intelligent Analyzing Manager "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool "{208345BE-27BB-4367-B245-A5B6E764FDD0}" = VAIO Content Metadata Intelligent Analyzing Manager "{2110ECBD-BF15-4673-8852-8C68DDEB26AC}" = Media Gallery "{22B0E143-2B0B-435B-9F56-136A3D16065F}" = No23 Recorder "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{23825B69-36DF-4DAD-9CFD-118D11D80F16}" = Einstellungen für VAIO-Inhaltsüberwachung "{265F0D95-A883-7162-0458-B78085B6B693}" = Catalyst Control Center Graphics Light "{26A24AE4-039D-4CA4-87B4-2F83216034FF}" = Java(TM) 6 Update 37 "{291FB4BF-EEC7-4CF9-8469-F39ED1DBC4D8}" = VAIO Content Metadata XML Interface Library "{2B11BA9C-7F97-4C16-970F-1491FD77969B}_is1" = shopping-preise.de - AddOn für Firefox "{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie "{339F9B4D-00CB-4C1C-BED8-EC86A9AB602A}" = PMB VAIO Edition Guide "{34DC654E-6E43-4BFA-9E00-6C16CFA7B9F0}" = VAIO Data Restore Tool "{35111E7A-03B9-25EC-F434-A1CD976907FC}" = CCC Help Chinese Traditional "{36C5BBF0-E5BF-4DE1-B684-7E90B0C93FB5}" = VAIO Care "{37531547-B1F4-45E6-98FC-8AF5F2F0EAA4}" = VAIO Content Metadata Manager Settings "{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform "{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology "{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger "{427E8AD0-A4B1-D225-836E-CCB6068B490A}" = CCC Help French "{4427F384-B5BE-4769-B7D0-C784FC321EB1}" = VAIO Content Metadata Intelligent Network Service Manager "{44D25B45-5C0E-2187-6739-E2FA0E8AFE1D}" = CCC Help Portuguese "{4882EBF5-CA37-4EF4-BCB8-9B0E78B907D0}" = VAIO Content Metadata Intelligent Analyzing Manager "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4DCEA9C1-4D6E-41BF-A854-28CFA8B56DBF}" = PMB VAIO Edition plug-in (Click to Disc) "{4E6DF745-C99E-909F-BCF0-B7C24A51E56E}" = CCC Help Japanese "{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent "{537BF16E-7412-448C-95D8-846E85A1D817}" = Roxio Easy Media Creator 10 LJ "{5449FB4F-1802-4D5B-A6D8-087DB1142147}" = Realtek HDMI Audio Driver for ATI "{5736590B-36C7-4881-5EBE-F9B390F00774}" = Catalyst Control Center Core Implementation "{57B955CE-B5D3-495D-AF1B-FAEE0540BFEF}" = VAIO Data Restore Tool "{596BED91-A1D8-4DF1-8CD1-1C777F7588AC}" = VAIO DVD Menu Data "{5BEE8F1F-BD32-4553-8107-500439E43BD7}" = VAIO Update "{5C1F18D2-F6B7-4242-B803-B5A78648185D}" = Corel WinDVD "{5DDAFB4B-C52E-468A-9E23-3B0CEEB671BF}" = VAIO-Support für Übertragungen "{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call "{61F569A3-1647-B6F4-08C8-40A011831827}" = CCC Help English "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components "{6A3F204B-323C-7E32-F890-A7308768728D}" = CCC Help Russian "{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 "{6D8ED20E-E792-4DAC-BB66-009836CBD80B}" = VAIO Content Monitoring Settings "{7002773F-2A53-E9F2-E161-DB3DDA0F05BE}" = CCC Help Hungarian "{70991E0A-1108-437E-BA7D-085702C670C0}" = "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{72042FA6-5609-489F-A8EA-3C2DD650F667}" = VAIO Control Center "{7392AA60-133D-4761-94DB-8FBC9B6CD5EA}" = VAIO Content Metadata Intelligent Network Service Manager "{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Central Audio "{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync "{76DECE17-BCF5-9640-2854-3CA049834A40}" = CCC Help Chinese Standard "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{7A63F0C4-6B2B-694C-ED72-D0670612BC29}" = CCC Help Swedish "{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP "{803E4FA5-A940-4420-B89D-A8BC2E160247}" = VAIO Energie Verwaltung "{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar "{88001121-87E2-2104-F9F5-ECC15DFCA1E0}" = Catalyst Control Center Graphics Full Existing "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8DE50158-80AA-4FF2-9E9F-0A7C46F71FCD}" = VAIO Media plus "{8EB34C0B-AF54-F265-844C-3E6FA9AE2FCD}" = CCC Help German "{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch "{90850407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003 "{9238E8A4-BEBA-43A3-B926-769BDBF194C5}" = VAIO Media plus Opening Movie "{935B5086-C002-0FBC-0723-5741D2478EE7}" = Catalyst Control Center InstallProxy "{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010 "{96D0B6C6-5A72-4B47-8583-A87E55F5FE81}" = "{976EA7B1-7562-483D-88DA-4323D263B7CD}" = DiMAGE Viewer "{9B163B82-3B46-4CE5-BF01-A53E550A8E58}" = Sony Home Network Library "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9C73041C-AB71-995D-EEC7-B4E940F93F36}" = CCC Help Finnish "{9DA53D22-D922-494C-B1D7-51CD9BCB9E4A}" = VAIO Hardware Diagnostics "{A3563827-B0DB-44DC-B037-15CC4E5E692F}" = VAIO Content Metadata XML Interface Library "{A63E7492-A0BC-4BB9-89A7-352965222380}" = VAIO Original Funktion Einstellungen "{A7C30414-2382-4086-B0D6-01A88ABA21C3}" = VAIO Gate "{A7DA438C-2E43-4C20-BFDA-C1F4A6208558}" = Setting Utility Series "{A8D53A4E-77A1-E23E-A396-6D9C86A2F273}" = Catalyst Control Center Graphics Full New "{A95187EF-BCF4-4468-B501-C0BAB976ADD1}" = VAIO Personalization Manager "{AC050677-EAFC-4B57-8F83-8205F65134D2}" = VAIO Content Metadata XML Interface Library "{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch "{AFA42FE1-A5C3-485F-9180-BFCF5BF1F1C3}" = AAVUpdateManager "{B1DADBEB-7F82-4B29-84D6-5F14A020F0A0}" = VAIO Content Metadata Intelligent Analyzing Manager "{B25563A0-41F4-4A81-A6C1-6DBC0911B1F3}" = PMB VAIO Edition plug-in (VAIO Movie Story) "{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Central Copy "{B6A98E5F-D6A7-46FB-9E9D-1F7BF443491C}" = PMB "{B7546697-2A80-4256-A24B-1C33163F535B}" = VAIO Gate Default "{BCA907B6-5A0F-473E-8C63-0FF0CFAEB7B7}" = VAIO Personalization Manager "{BFF37C6E-D735-4487-390C-271E030AA62C}" = CCC Help Italian "{C2E171F6-9B58-4CE1-7B8B-B69FA04EBAB8}" = Catalyst Control Center Graphics Previews Vista "{C459D829-0FF0-C210-B2BF-83DB63FC1D61}" = CCC Help Korean "{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail "{C5529BC1-C2BF-44E8-B62A-01913D70081C}" = Catalyst Control Center - Branding "{C7477742-DDB4-43E5-AC8D-0259E1E661B1}" = VAIO Event Service "{C83B7CBB-C736-BF46-9832-7A9D07E9D94C}" = CCC Help Polish "{CCD2BAD2-0919-40CB-80CC-E9538B0E4C2E}" = Steuer-Spar-Erklärung 2012 "{D03D02D8-AB64-4785-A48E-5AA8B0FB8C14}" = Sony Home Network Library "{D2D23D08-D10E-43D6-883C-78E0B2AC9CC6}" = VU5x86 "{D49989B0-7BC2-F7F1-8017-3257F617347A}" = Catalyst Control Center Graphics Previews Common "{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}" = Intel(R) Turbo Boost Technology Driver "{D6DEC295-88A0-5CFA-0B29-C8FDF091FFD3}" = CCC Help Dutch "{DD88F979-FA58-41AC-980C-A6E1A82B61D9}" = Media Gallery "{DF693121-40C0-3020-D655-612E51616423}" = CCC Help Danish "{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics Disk Defrag "{DFFC0648-BC4B-47D1-93D2-6CA6B9457641}" = OpenOffice.org 3.2 "{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer "{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update "{E3DC1111-5D32-40F9-BB81-64E31294C1A4}" = VAIO Personalization Manager "{E59113EB-0285-4BFD-A37A-B79EAC6B8F4B}" = Microsoft SQL Server Compact 3.5 SP1 English "{EAC2DDAB-5035-44EE-AA13-65D40CF46FF1}" = Kabel Deutschland Installations-Software "{EBDDC3CC-343A-C0DD-79BA-8A12D0A2CA10}" = CCC Help Turkish "{ECF0D151-BCA0-8E6D-62DB-5D44DB4A3836}" = CCC Help Thai "{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Central Core "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F1432614-6183-49E6-98E8-674485463CFE}" = VAIO Original Function Settings "{F1B95046-E9DA-CFEC-42A8-C8224646AA32}" = ccc-core-static "{F30FE437-0E45-D409-F629-5D86960A6591}" = CCC Help Norwegian "{F5CC9A13-6C57-4948-75A8-3A2C92A3183B}" = Catalyst Control Center Localization All "{F67C14C0-D73E-C55B-E132-B1904A1A709C}" = CCC Help Greek "{F761359C-9CED-45AE-9A51-9D6605CD55C4}" = Evernote "{F7E8DD1D-9BFD-38BB-86A5-BEF313B00C51}" = Catalyst Control Center InstallProxy "{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center "{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials "{FB77DB0C-6951-47B6-9D80-A0FDBEE0334C}" = "{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR "{FE51662F-D8F6-43B5-99D9-D4894AF00F83}" = Roxio Easy Media Creator Home "ABC Amber Audio Converter" = ABC Amber Audio Converter "Adobe AIR" = Adobe AIR "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Album Art Downloader XUI" = Album Art Downloader XUI 0.42.1 "Anki" = Anki "AudibleDownloadManager" = Audible Download Manager "AutoHotkey" = AutoHotkey 1.0.48.05 "Avira AntiVir Desktop" = Avira Free Antivirus "AVMFBox" = AVM FRITZ!Box Dokumentation "AVMFBoxPrinter" = AVM FRITZ!Box Druckeranschluss "Biet-O-Matic v2.14.8" = Biet-O-Matic v2.14.8 "BUDNI Fotowelt" = BUDNI Fotowelt "Canon iP4800 series Benutzerregistrierung" = Canon iP4800 series Benutzerregistrierung "CANONIJPLM100" = Canon Inkjet Printer/Scanner/Fax Extended Survey Program "CanonMyPrinter" = Canon My Printer "CanonSolutionMenuEX" = Canon Solution Menu EX "dradio-Recorder_is1" = dradio-Recorder Version 3.02.2 "DVD Shrink_is1" = DVD Shrink 3.2 "Easy-PhotoPrint EX" = Canon Easy-PhotoPrint EX "Easy-WebPrint EX" = Canon Easy-WebPrint EX "FileZilla Client" = FileZilla Client 3.5.1 "Freemake Video Converter_is1" = Freemake Video Converter Version 2.4.0 "HD Tune_is1" = HD Tune 2.55 "InstallShield_{1873FFC1-FDCB-47E1-B7C7-F418211E3530}" = PMB VAIO Edition plug-in (VAIO Image Optimizer) "InstallShield_{339F9B4D-00CB-4C1C-BED8-EC86A9AB602A}" = VAIO - PMB VAIO Edition Guide "InstallShield_{4DCEA9C1-4D6E-41BF-A854-28CFA8B56DBF}" = PMB VAIO Edition plug-in (Click to Disc) "InstallShield_{B25563A0-41F4-4A81-A6C1-6DBC0911B1F3}" = PMB VAIO Edition plug-in (VAIO Movie Story) "IrfanView" = IrfanView (remove only) "JDownloader" = JDownloader "Kabel Deutschland Installations-Software" = Kabel Deutschland Installations-Software "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000 "MediaNavigation.CDLabelPrint" = CD-LabelPrint "Mozilla Firefox 16.0.2 (x86 de)" = Mozilla Firefox 16.0.2 (x86 de) "Mozilla Thunderbird (3.1.5)" = Mozilla Thunderbird (3.1.5) "MozillaMaintenanceService" = Mozilla Maintenance Service "Mp3tag" = Mp3tag v2.49a "Notepad++" = Notepad++ "Office14.Click2Run" = Microsoft Office Klick-und-Los 2010 "SFT_de3 Toolbar" = SFT_de3 Toolbar "Some Text to PDF Converter_is1" = Some Text to PDF Converter 1.5 "Soulseek2" = SoulSeek 157 NS 13e "splashtop" = Quick Web Access "Taschenrechner_is1" = Taschenrechner 1.2 "TeamViewer 7" = TeamViewer 7 "TreeSize Free_is1" = TreeSize Free V2.4 "VAIO Help and Support" = "VAIO Premium Partners" = VAIO Premium Partners "VAIO screensaver" = VAIO screensaver "VLC media player" = VLC media player 2.0.1 "WinLiveSuite_Wave3" = Windows Live Essentials "Winload Toolbar" = Winload Toolbar ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{79A765E1-C399-405B-85AF-466F52E918B0}" = Avira SearchFree Toolbar plus Web Protection Updater "Four Pillars & Feng Shui" = Four Pillars & Feng Shui "TwistedBrush Open Studio" = TwistedBrush Open Studio ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 31.10.2012 03:37:16 | Computer Name = sony | Source = Windows Search Service | ID = 7040 Description = Error - 31.10.2012 03:37:16 | Computer Name = sony | Source = Windows Search Service | ID = 7042 Description = Error - 31.10.2012 03:37:16 | Computer Name = sony | Source = Windows Search Service | ID = 9002 Description = Error - 31.10.2012 03:37:16 | Computer Name = sony | Source = Windows Search Service | ID = 3029 Description = Error - 31.10.2012 03:37:16 | Computer Name = sony | Source = Windows Search Service | ID = 3029 Description = Error - 31.10.2012 03:37:16 | Computer Name = sony | Source = Windows Search Service | ID = 3028 Description = Error - 31.10.2012 03:37:16 | Computer Name = sony | Source = Windows Search Service | ID = 3058 Description = Error - 31.10.2012 03:37:16 | Computer Name = sony | Source = Windows Search Service | ID = 7010 Description = Error - 31.10.2012 05:21:45 | Computer Name = sony | Source = SideBySide | ID = 16842832 Description = Fehler beim Generieren des Aktivierungskontexts für "c:\program files (x86)\dradio-recorder\phonostar.exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Komponente 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Error - 01.11.2012 06:06:40 | Computer Name = sony | Source = SideBySide | ID = 16842832 Description = Fehler beim Generieren des Aktivierungskontexts für "c:\program files (x86)\dradio-recorder\phonostar.exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Komponente 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. [ Media Center Events ] Error - 21.11.2010 14:17:31 | Computer Name = sony | Source = MCUpdate | ID = 0 Description = 19:17:31 - Fehler beim Herstellen der Internetverbindung. 19:17:31 - Serververbindung konnte nicht hergestellt werden.. Error - 21.11.2010 14:17:44 | Computer Name = sony | Source = MCUpdate | ID = 0 Description = 19:17:40 - Fehler beim Herstellen der Internetverbindung. 19:17:40 - Serververbindung konnte nicht hergestellt werden.. Error - 21.11.2010 15:18:05 | Computer Name = sony | Source = MCUpdate | ID = 0 Description = 20:18:05 - Fehler beim Herstellen der Internetverbindung. 20:18:05 - Serververbindung konnte nicht hergestellt werden.. Error - 21.11.2010 15:18:11 | Computer Name = sony | Source = MCUpdate | ID = 0 Description = 20:18:10 - Fehler beim Herstellen der Internetverbindung. 20:18:10 - Serververbindung konnte nicht hergestellt werden.. Error - 21.11.2010 16:18:18 | Computer Name = sony | Source = MCUpdate | ID = 0 Description = 21:18:18 - Fehler beim Herstellen der Internetverbindung. 21:18:18 - Serververbindung konnte nicht hergestellt werden.. Error - 21.11.2010 16:18:24 | Computer Name = sony | Source = MCUpdate | ID = 0 Description = 21:18:23 - Fehler beim Herstellen der Internetverbindung. 21:18:23 - Serververbindung konnte nicht hergestellt werden.. Error - 21.11.2010 17:18:47 | Computer Name = sony | Source = MCUpdate | ID = 0 Description = 22:18:47 - Fehler beim Herstellen der Internetverbindung. 22:18:47 - Serververbindung konnte nicht hergestellt werden.. Error - 21.11.2010 17:18:53 | Computer Name = sony | Source = MCUpdate | ID = 0 Description = 22:18:52 - Fehler beim Herstellen der Internetverbindung. 22:18:52 - Serververbindung konnte nicht hergestellt werden.. Error - 22.11.2010 13:57:14 | Computer Name = sony | Source = MCUpdate | ID = 0 Description = 18:57:14 - Fehler beim Herstellen der Internetverbindung. 18:57:14 - Serververbindung konnte nicht hergestellt werden.. Error - 22.11.2010 13:57:23 | Computer Name = sony | Source = MCUpdate | ID = 0 Description = 18:57:20 - Fehler beim Herstellen der Internetverbindung. 18:57:20 - Serververbindung konnte nicht hergestellt werden.. [ System Events ] Error - 01.10.2012 11:26:53 | Computer Name = sony | Source = WMPNetworkSvc | ID = 866300 Description = Error - 14.10.2012 17:26:20 | Computer Name = sony | Source = Disk | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk3\DR3 gefunden. Error - 15.10.2012 03:24:54 | Computer Name = sony | Source = DCOM | ID = 10010 Description = Error - 16.10.2012 14:53:23 | Computer Name = sony | Source = Disk | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk3\DR3 gefunden. Error - 16.10.2012 15:13:25 | Computer Name = sony | Source = Disk | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk3\DR3 gefunden. Error - 19.10.2012 03:36:12 | Computer Name = sony | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20 Description = Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80070643 fehlgeschlagen: Definition Update for Windows Defender - KB915597 (Definition 1.139.124.0) Error - 28.10.2012 04:20:01 | Computer Name = sony | Source = WMPNetworkSvc | ID = 866300 Description = Error - 31.10.2012 03:37:16 | Computer Name = sony | Source = Service Control Manager | ID = 7024 Description = Der Dienst "Windows Search" wurde mit folgendem dienstspezifischem Fehler beendet: %%-1073473535. Error - 31.10.2012 03:37:16 | Computer Name = sony | Source = Service Control Manager | ID = 7031 Description = Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts. Error - 31.10.2012 04:09:48 | Computer Name = sony | Source = Service Control Manager | ID = 7030 Description = Der Dienst "VirusKeeper antivirus/antispyware" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren. < End of report > OTL logfile created on: 03.11.2012 21:03:03 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\lostinmusic\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,86 Gb Total Physical Memory | 2,38 Gb Available Physical Memory | 61,75% Memory free 7,71 Gb Paging File | 5,99 Gb Available in Paging File | 77,71% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 64,43 Gb Total Space | 19,03 Gb Free Space | 29,53% Space Free | Partition Type: NTFS Drive I: | 390,20 Gb Total Space | 380,28 Gb Free Space | 97,46% Space Free | Partition Type: NTFS Computer Name: SONY | User Name: lostinmusic | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.11.03 21:02:06 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\lostinmusic\Desktop\OTL.exe PRC - [2012.10.26 23:32:29 | 000,917,984 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe PRC - [2012.09.29 19:54:26 | 000,766,536 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2012.09.29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012.09.29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe PRC - [2012.08.14 13:24:00 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.07.27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012.06.20 12:18:08 | 001,568,976 | ---- | M] (Ask) -- C:\Program Files (x86)\Ask.com\Updater\Updater.exe PRC - [2012.05.08 08:56:31 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE PRC - [2012.05.08 08:56:31 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2012.05.08 08:56:31 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2011.11.29 10:50:03 | 002,916,736 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe PRC - [2011.10.01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe PRC - [2011.10.01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe PRC - [2010.05.20 23:52:06 | 011,312,128 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin PRC - [2010.05.20 23:52:04 | 011,318,784 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe PRC - [2010.04.05 20:55:01 | 000,116,104 | ---- | M] () -- C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE PRC - [2010.04.02 10:18:54 | 001,185,112 | ---- | M] (CANON INC.) -- C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE PRC - [2009.12.14 21:06:24 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe PRC - [2009.12.14 21:06:08 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe PRC - [2009.11.20 23:25:22 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe PRC - [2008.10.24 15:35:44 | 000,128,296 | ---- | M] () -- C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe ========== Modules (No Company Name) ========== MOD - [2012.10.26 23:32:29 | 002,295,264 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll MOD - [2012.06.13 16:59:35 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll MOD - [2012.06.13 16:43:55 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll MOD - [2012.05.11 19:51:17 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll MOD - [2012.05.11 07:32:44 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll MOD - [2012.05.11 07:32:41 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll MOD - [2012.05.11 07:32:40 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll MOD - [2012.05.11 07:32:32 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll MOD - [2010.11.13 01:08:41 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2010.06.18 04:41:49 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll MOD - [2010.05.04 14:36:28 | 000,970,752 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll ========== Services (SafeList) ========== SRV:64bit: - [2011.01.29 05:36:18 | 000,259,192 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files\Sony\VAIO Care\VCPerfService.exe -- (SampleCollector) SRV:64bit: - [2010.10.08 07:55:08 | 000,202,752 | ---- | M] (AMD) [Disabled | Stopped] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV - [2012.10.26 23:32:29 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.10.09 19:47:20 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.09.29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012.09.29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler) SRV - [2012.07.27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012.05.08 08:56:31 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService) SRV - [2012.05.08 08:56:31 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012.05.08 08:56:31 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.01.13 09:55:10 | 001,256,040 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Programme\Sony\VAIO Update Common\VUAgent.exe -- (VUAgent) SRV - [2011.11.29 10:50:03 | 002,916,736 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7) SRV - [2011.10.01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa) SRV - [2011.10.01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist) SRV - [2011.02.14 13:23:50 | 000,044,736 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Programme\Sony\VAIO Care\VCService.exe -- (VCService) SRV - [2010.08.11 08:46:06 | 000,845,312 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Programme\Sony\VAIO Smart Network\VSNService.exe -- (VSNService) SRV - [2010.05.28 11:14:24 | 000,205,168 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\SONY\VAIO Event Service\VESMgr.exe -- (VAIO Event Service) SRV - [2010.04.05 20:55:01 | 000,116,104 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE -- (IJPLMSVC) SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.01.09 20:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc) SRV - [2009.12.14 21:06:24 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) SRV - [2009.12.14 21:06:08 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) SRV - [2009.11.30 18:51:18 | 000,571,248 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Programme\Sony\VAIO Power Management\SPMService.exe -- (VAIO Power Management) SRV - [2009.11.20 23:25:24 | 000,013,336 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) SRV - [2009.10.24 02:18:54 | 000,360,224 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider) SRV - [2009.10.15 15:34:36 | 000,427,304 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe -- (SOHDms) SRV - [2009.10.15 15:34:36 | 000,091,432 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe -- (SOHPlMgr) SRV - [2009.10.15 15:34:36 | 000,075,048 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe -- (SOHDs) SRV - [2009.10.15 15:34:34 | 000,120,104 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe -- (SOHCImp) SRV - [2009.10.15 15:34:34 | 000,070,952 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe -- (SOHDBSvr) SRV - [2009.09.16 12:27:12 | 000,480,624 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Programme\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe -- (VcmIAlzMgr) SRV - [2009.09.08 17:09:20 | 000,110,960 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe -- (VcmXmlIfHelper) SRV - [2009.09.04 21:35:12 | 000,873,248 | ---- | M] (Broadcom Corporation.) [Disabled | Stopped] -- C:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins) SRV - [2009.09.01 20:42:00 | 000,361,840 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Programme\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe -- (VcmINSMgr) SRV - [2009.08.31 00:59:30 | 000,362,992 | ---- | M] (Sonic Solutions) [Disabled | Stopped] -- C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe -- (Roxio Upnp Server 10) SRV - [2009.08.31 00:59:18 | 000,313,840 | ---- | M] (Sonic Solutions) [Disabled | Stopped] -- C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe -- (Roxio UPnP Renderer 10) SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2008.10.24 15:35:44 | 000,128,296 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe -- (AAV UpdateService) SRV - [2007.07.24 10:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2) SRV - [2007.01.04 18:48:50 | 000,112,152 | ---- | M] (InterVideo) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.09.29 19:54:26 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2012.08.23 15:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:64bit: - [2012.08.23 15:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2012.05.08 08:56:31 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2012.05.08 08:56:31 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011.12.15 15:00:35 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2011.10.01 08:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol) DRV:64bit: - [2011.10.01 08:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay) DRV:64bit: - [2011.10.01 08:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir) DRV:64bit: - [2011.10.01 08:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs) DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.11.20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.20 10:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus) DRV:64bit: - [2010.10.08 07:55:08 | 006,661,120 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag) DRV:64bit: - [2010.10.08 07:55:08 | 006,661,120 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2010.10.08 07:55:08 | 000,195,584 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2009.12.16 21:03:59 | 000,244,736 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) DRV:64bit: - [2009.12.16 21:03:04 | 007,778,176 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2009.12.16 03:49:48 | 000,213,280 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService) DRV:64bit: - [2009.12.14 21:06:07 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) DRV:64bit: - [2009.11.20 23:09:48 | 000,537,112 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2009.11.18 05:30:44 | 000,021,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid) DRV:64bit: - [2009.11.18 05:30:32 | 000,132,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt) DRV:64bit: - [2009.11.18 05:30:32 | 000,098,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio) DRV:64bit: - [2009.11.18 05:30:21 | 000,052,264 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btusbflt.sys -- (btusbflt) DRV:64bit: - [2009.11.18 05:23:46 | 000,035,104 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap) DRV:64bit: - [2009.11.13 21:08:21 | 000,151,936 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd) DRV:64bit: - [2009.11.12 21:16:19 | 000,395,264 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7) DRV:64bit: - [2009.11.12 21:06:44 | 001,542,656 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr) DRV:64bit: - [2009.11.06 21:27:30 | 000,093,696 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimssne64.sys -- (rimspci) DRV:64bit: - [2009.11.04 10:59:59 | 000,253,488 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService) DRV:64bit: - [2009.09.15 21:09:08 | 000,075,776 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\risdsne64.sys -- (risdsnpe) DRV:64bit: - [2009.08.19 21:09:21 | 000,011,392 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SFEP.sys -- (SFEP) DRV:64bit: - [2009.08.05 22:24:16 | 000,061,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr) DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.05.20 11:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64) DRV:64bit: - [2007.04.17 10:51:50 | 000,014,112 | ---- | M] (InterVideo) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\regi.sys -- (regi) DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files (x86)\Winload\tbWinl.dll (Conduit Ltd.) IE - HKLM\..\URLSearchHook: {ff88a983-649d-4207-9336-9b999280b436} - C:\Program Files (x86)\SFT_de3\prxtbSFT_.dll (Conduit Ltd.) IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2736476 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=SVEC&bmod=EU01 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.crawler.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=60747 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://search.conduit.com?SearchSo [Binary data over 200 bytes] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.avira.com/?l=dis&o=APN10395&gct=hp&dc=EU&locale=de_DE IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) IE - HKCU\..\URLSearchHook: {40C3CC16-7269-4B32-9531-17F2950FB06F} - C:\Program Files (x86)\Winload\tbWinl.dll (Conduit Ltd.) IE - HKCU\..\URLSearchHook: {FF88A983-649D-4207-9336-9B999280B436} - C:\Program Files (x86)\SFT_de3\prxtbSFT_.dll (Conduit Ltd.) IE - HKCU\..\SearchScopes,DefaultScope = {F380B665-1FC4-48F9-B38C-C7496DEB5601} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}: "URL" = hxxp://www.crawler.com/search/dispatcher.aspx?tp=bs&qkw={searchTerms}&tbid=60747 IE - HKCU\..\SearchScopes\{4A6CF1B5-3004-49B0-AB23-1F2C500FCC13}: "URL" = hxxp://rover.ebay.com/rover/1/707-37276-16609-0/4?satitle={searchTerms} IE - HKCU\..\SearchScopes\{61CD8DED-4C5B-48EE-8E06-B08AF2559311}: "URL" = hxxp://de.shopping.com/?linkin_id=8056363 IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\..\SearchScopes\{92830975-6F50-4D9A-AC39-2612869FE5E1}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-3&o=APN10395&src=crm&q={searchTerms}&locale=de_DE&apn_ptnrs=^ABT&apn_dtid=^YYYYYY^YY^DE&apn_uid=8799ece6-6bbf-4113-b618-b587a9f1df21&apn_sauid=0F89D229-1E09-445D-9B53-10D4B677D4A1 IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2736476 IE - HKCU\..\SearchScopes\{E4766602-A5B1-40FE-A5CC-E8CC1A624B18}: "URL" = hxxp://www.zinio.com/search/index.jsp?s={searchTerms}&rf=sonyie8search IE - HKCU\..\SearchScopes\{F380B665-1FC4-48F9-B38C-C7496DEB5601}: "URL" = hxxp://www.google.de/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SVEC_deDE396 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "Ask.com" FF - prefs.js..browser.search.defaultenginename: "Ask.com" FF - prefs.js..browser.search.order.1: "Ask.com" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://search.avira.com/?l=dis&o=APN10395&gct=hp&dc=EU&locale=de_DE" FF - prefs.js..extensions.enabledAddons: fb_add_on@avm.de:1.6.3 FF - prefs.js..extensions.enabledAddons: {53A03D43-5363-4669-8190-99061B2DEBA5}:1.5.5 FF - prefs.js..extensions.enabledAddons: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.6 FF - prefs.js..extensions.enabledAddons: {e001c731-5e37-4538-a5cb-8168736a2360}:0.9.9.119 FF - prefs.js..keyword.URL: "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=AVR-3&o=APN10395&locale=de_DE&apn_uid=8799ece6-6bbf-4113-b618-b587a9f1df21&apn_ptnrs=%5EABT&apn_sauid=0F89D229-1E09-445D-9B53-10D4B677D4A1&apn_dtid=%5EYYYYYY%5EYY%5EDE&&q=" FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll () FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.10.26 23:32:29 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.11.03 17:32:20 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.5\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2010.10.23 16:18:16 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.5\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\mail@shopping-preise.de: C:\Users\lostinmusic\AppData\Roaming\Mozilla\Firefox\Profiles\p6mwqnuu.default\extensions\mail@shopping-preise.de FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.10.26 23:32:29 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.11.03 17:32:20 | 000,000,000 | ---D | M] [2012.04.22 14:21:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\lostinmusic\AppData\Roaming\mozilla\Extensions [2012.04.22 14:21:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\lostinmusic\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2012.11.03 17:05:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\lostinmusic\AppData\Roaming\mozilla\Firefox\Profiles\qkzm1u07.default\extensions [2012.11.03 17:05:49 | 000,000,000 | ---D | M] (Bitdefender QuickScan) -- C:\Users\lostinmusic\AppData\Roaming\mozilla\Firefox\Profiles\qkzm1u07.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360} [2012.08.13 15:21:15 | 000,000,000 | ---D | M] ("FRITZ!Box AddOn") -- C:\Users\lostinmusic\AppData\Roaming\mozilla\Firefox\Profiles\qkzm1u07.default\extensions\fb_add_on@avm.de [2012.08.23 22:13:23 | 000,000,000 | ---D | M] (Avira SearchFree Toolbar plus Web Protection) -- C:\Users\lostinmusic\AppData\Roaming\mozilla\Firefox\Profiles\qkzm1u07.default\extensions\toolbar@ask.com [2012.08.27 20:00:41 | 000,399,504 | ---- | M] () (No name found) -- C:\Users\lostinmusic\AppData\Roaming\mozilla\firefox\profiles\qkzm1u07.default\extensions\{53A03D43-5363-4669-8190-99061B2DEBA5}.xpi [2012.11.03 17:05:48 | 000,530,388 | ---- | M] () (No name found) -- C:\Users\lostinmusic\AppData\Roaming\mozilla\firefox\profiles\qkzm1u07.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2012.08.23 22:13:23 | 000,002,344 | ---- | M] () -- C:\Users\lostinmusic\AppData\Roaming\mozilla\firefox\profiles\qkzm1u07.default\searchplugins\askcom.xml [2012.08.17 16:01:59 | 000,001,998 | ---- | M] () -- C:\Users\lostinmusic\AppData\Roaming\mozilla\firefox\profiles\qkzm1u07.default\searchplugins\discogs.xml [2012.10.28 15:03:36 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.10.26 23:32:26 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA} [2012.10.26 23:32:26 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2012.10.28 15:03:36 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2012.10.26 23:32:29 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.06.22 22:43:08 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.08.31 08:46:37 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2007.07.26 13:05:16 | 000,001,329 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\crawlersrch.xml [2012.06.22 22:43:08 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2010.09.24 21:11:23 | 000,000,143 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\foxsearch.src [2012.06.22 22:43:08 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.06.22 22:43:08 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.06.22 22:43:08 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Windows Live Family Safety Browser Helper Class) - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Programme\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation) O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.) O2 - BHO: (Winload Toolbar) - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files (x86)\Winload\tbWinl.dll (Conduit Ltd.) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O2 - BHO: (SFT_de3 Toolbar) - {ff88a983-649d-4207-9336-9b999280b436} - C:\Program Files (x86)\SFT_de3\prxtbSFT_.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Winload Toolbar) - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files (x86)\Winload\tbWinl.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.) O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKLM\..\Toolbar: (SFT_de3 Toolbar) - {ff88a983-649d-4207-9336-9b999280b436} - C:\Program Files (x86)\SFT_de3\prxtbSFT_.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {37483B40-C254-4A72-BDA4-22EE90182C1E} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (Winload Toolbar) - {40C3CC16-7269-4B32-9531-17F2950FB06F} - C:\Program Files (x86)\Winload\tbWinl.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.) O3 - HKCU\..\Toolbar\WebBrowser: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKCU\..\Toolbar\WebBrowser: (SFT_de3 Toolbar) - {FF88A983-649D-4207-9336-9B999280B436} - C:\Program Files (x86)\SFT_de3\prxtbSFT_.dll (Conduit Ltd.) O4:64bit: - HKLM..\Run: [Apoint] C:\Programme\Apoint\Apoint.exe (Alps Electric Co., Ltd.) O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [SpywareTerminatorShield] C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe File not found O4:64bit: - HKLM..\Run: [SpywareTerminatorUpdater] C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe File not found O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.) O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKCU..\Run: [ttunmxgv] "C:\Users\lostinmusic\AppData\Local\ieqdkdco.exe" File not found O4 - HKCU..\Run: [ukrwjqqt] "C:\Users\lostinmusic\AppData\Local\dxhcjccf.exe" File not found O4 - HKCU..\Run: [uoesjubn] "C:\Users\lostinmusic\AppData\Local\nnirijah.exe" File not found O4 - Startup: C:\Users\lostinmusic\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BBC iPlayer Desktop.lnk = File not found O4 - Startup: C:\Users\lostinmusic\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8:64bit: - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - C:\Program Files (x86)\Evernote\Evernote3.5\enbar.dll (Evernote Corporation) O9 - Extra 'Tools' menuitem : Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - C:\Program Files (x86)\Evernote\Evernote3.5\enbar.dll (Evernote Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000020 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: fritz.box ([]* in Local intranet) O15 - HKCU\..Trusted Ranges: Range1 ([*] in Local intranet) O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16) O16:64bit: - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16) O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37) O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1EFB8A60-ADE3-4852-AA62-C8616E1EABDA}: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{927587AB-1894-493E-8E72-6063314BF69A}: DhcpNameServer = 192.168.178.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O20 - Winlogon\Notify\VESWinlogon: DllName - (VESWinlogon.dll) - C:\Windows\SysWow64\VESWinlogon.dll (Sony Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.11.03 21:02:04 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\lostinmusic\Desktop\OTL.exe [2012.11.03 20:08:29 | 000,000,000 | ---D | C] -- C:\Users\lostinmusic\AppData\Local\AskToolbar [2012.11.03 17:25:03 | 000,000,000 | ---D | C] -- C:\Users\lostinmusic\AppData\Roaming\Malwarebytes [2012.11.03 17:24:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.11.03 17:24:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.11.03 17:24:57 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.11.03 17:24:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012.11.03 17:05:53 | 000,000,000 | ---D | C] -- C:\Users\lostinmusic\AppData\Roaming\QuickScan [2012.10.30 23:12:23 | 000,051,496 | ---- | C] (Windows (R) Win 7 DDK provider) -- C:\Windows\SysNative\drivers\stflt.sys [2012.10.30 23:11:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spyware Terminator [2012.10.28 15:03:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2012.10.26 23:32:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2007.08.13 16:46:00 | 000,102,912 | ---- | C] (Albert L Faber) -- C:\Users\lostinmusic\AppData\Local\CDRip.dll [2007.01.18 20:09:54 | 000,623,616 | ---- | C] (Ivan Bischof ©2003 - 2005) -- C:\Users\lostinmusic\AppData\Local\No23 Recorder.exe [2006.12.11 18:13:14 | 000,013,872 | ---- | C] (Un4seen Developments) -- C:\Users\lostinmusic\AppData\Local\basscd.dll [2006.12.11 18:13:12 | 000,097,336 | ---- | C] (Un4seen Developments) -- C:\Users\lostinmusic\AppData\Local\bass.dll [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.11.03 21:02:06 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\lostinmusic\Desktop\OTL.exe [2012.11.03 21:01:02 | 000,013,936 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.11.03 21:01:02 | 000,013,936 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.11.03 20:58:54 | 000,000,000 | ---- | M] () -- C:\Users\lostinmusic\defogger_reenable [2012.11.03 20:57:57 | 001,614,892 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.11.03 20:57:57 | 000,697,534 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.11.03 20:57:57 | 000,652,812 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.11.03 20:57:57 | 000,148,540 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.11.03 20:57:57 | 000,121,486 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.11.03 20:57:28 | 000,050,477 | ---- | M] () -- C:\Users\lostinmusic\Desktop\Defogger.exe [2012.11.03 20:53:01 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.11.03 20:52:52 | 3106,480,128 | -HS- | M] () -- C:\hiberfil.sys [2012.11.03 20:50:03 | 000,072,822 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf [2012.11.03 20:50:00 | 000,072,822 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf [2012.11.03 20:47:02 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.11.03 17:24:59 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.10.30 23:12:23 | 000,051,496 | ---- | M] (Windows (R) Win 7 DDK provider) -- C:\Windows\SysNative\drivers\stflt.sys [2012.10.22 20:11:56 | 000,019,216 | ---- | M] () -- C:\Users\lostinmusic\Desktop\Schreiben an Frau Niehus 20.10.2012.sxw [2012.10.22 08:13:05 | 000,245,521 | ---- | M] () -- C:\Users\lostinmusic\Desktop\Vor_Rückseite_Flyer_Mit Seitenzahlen.odt [2012.10.14 21:13:15 | 000,021,006 | ---- | M] () -- C:\Users\lostinmusic\Desktop\Want List.sxw [2012.10.08 19:43:30 | 000,513,639 | ---- | M] () -- C:\Users\lostinmusic\Desktop\Abschlussarbeit Deckblatt.odt [2012.10.05 08:33:57 | 000,059,392 | ---- | M] () -- C:\Users\lostinmusic\AppData\Local\peljeahv [2012.10.05 08:33:22 | 000,000,000 | ---- | M] () -- C:\Users\lostinmusic\AppData\Roaming\SharedSettings.ccs [2012.10.05 08:32:50 | 000,118,506 | ---- | M] () -- C:\Users\lostinmusic\AppData\Local\secklgwo.exe [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.11.03 20:58:54 | 000,000,000 | ---- | C] () -- C:\Users\lostinmusic\defogger_reenable [2012.11.03 20:57:24 | 000,050,477 | ---- | C] () -- C:\Users\lostinmusic\Desktop\Defogger.exe [2012.11.03 20:50:03 | 000,072,822 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf [2012.11.03 20:50:00 | 000,072,822 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf [2012.11.03 17:24:59 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.10.22 08:13:05 | 000,245,521 | ---- | C] () -- C:\Users\lostinmusic\Desktop\Vor_Rückseite_Flyer_Mit Seitenzahlen.odt [2012.10.08 19:43:28 | 000,513,639 | ---- | C] () -- C:\Users\lostinmusic\Desktop\Abschlussarbeit Deckblatt.odt [2012.10.05 08:33:57 | 000,059,392 | ---- | C] () -- C:\Users\lostinmusic\AppData\Local\peljeahv [2012.10.05 08:33:22 | 000,000,000 | ---- | C] () -- C:\Users\lostinmusic\AppData\Roaming\SharedSettings.ccs [2012.10.05 08:32:50 | 000,118,506 | ---- | C] () -- C:\Users\lostinmusic\AppData\Local\secklgwo.exe [2012.09.27 09:20:05 | 000,070,144 | ---- | C] () -- C:\Users\lostinmusic\PICT0228.JPG [2012.04.06 06:41:53 | 000,338,432 | ---- | C] () -- C:\Windows\SysWow64\sqlite36_engine.dll [2012.01.23 18:05:04 | 000,015,873 | ---- | C] () -- C:\Windows\SysWow64\Inetde.dll [2011.04.26 22:54:57 | 000,001,483 | ---- | C] () -- C:\Users\lostinmusic\AppData\Local\RecConfig.xml [2011.01.04 17:04:53 | 000,004,608 | ---- | C] () -- C:\Windows\SysWow64\pcomaomi.dll [2010.09.20 00:52:13 | 000,007,604 | ---- | C] () -- C:\Users\lostinmusic\AppData\Local\Resmon.ResmonCfg [2007.08.13 16:46:00 | 000,155,136 | ---- | C] () -- C:\Users\lostinmusic\AppData\Local\lame_enc.dll [2006.10.26 00:06:48 | 000,064,000 | ---- | C] () -- C:\Users\lostinmusic\AppData\Local\vorbisenc.dll [2006.10.26 00:06:48 | 000,019,456 | ---- | C] () -- C:\Users\lostinmusic\AppData\Local\vorbisfile.dll [2006.10.26 00:06:46 | 000,143,872 | ---- | C] () -- C:\Users\lostinmusic\AppData\Local\vorbis.dll [2006.10.26 00:06:36 | 000,015,872 | ---- | C] () -- C:\Users\lostinmusic\AppData\Local\ogg.dll [2005.08.23 21:34:06 | 000,029,184 | ---- | C] () -- C:\Users\lostinmusic\AppData\Local\no23xwrapper.dll ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2010.09.22 21:52:15 | 000,000,000 | -HSD | M] -- C:\Users\lostinmusic\AppData\Roaming\.# [2012.09.25 10:18:29 | 000,000,000 | ---D | M] -- C:\Users\lostinmusic\AppData\Roaming\.anki [2012.03.12 22:13:21 | 000,000,000 | ---D | M] -- C:\Users\lostinmusic\AppData\Roaming\Auslogics [2012.01.13 18:01:49 | 000,000,000 | ---D | M] -- C:\Users\lostinmusic\AppData\Roaming\BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1 [2012.10.28 19:59:40 | 000,000,000 | ---D | M] -- C:\Users\lostinmusic\AppData\Roaming\BOM [2012.01.06 11:15:58 | 000,000,000 | ---D | M] -- C:\Users\lostinmusic\AppData\Roaming\Canneverbe Limited [2012.02.10 22:01:46 | 000,000,000 | ---D | M] -- C:\Users\lostinmusic\AppData\Roaming\CD Art Display [2010.09.13 11:19:59 | 000,000,000 | ---D | M] -- C:\Users\lostinmusic\AppData\Roaming\DIMAGE [2012.04.06 06:43:05 | 000,000,000 | ---D | M] -- C:\Users\lostinmusic\AppData\Roaming\DVDVideoSoft [2011.09.09 17:52:24 | 000,000,000 | ---D | M] -- C:\Users\lostinmusic\AppData\Roaming\FileZilla [2010.10.04 16:19:00 | 000,000,000 | ---D | M] -- C:\Users\lostinmusic\AppData\Roaming\foobar2000 [2010.10.04 18:09:31 | 000,000,000 | ---D | M] -- C:\Users\lostinmusic\AppData\Roaming\Gutscheinmieze [2010.09.22 21:38:58 | 000,000,000 | ---D | M] -- C:\Users\lostinmusic\AppData\Roaming\JAM Software [2011.11.26 17:50:30 | 000,000,000 | ---D | M] -- C:\Users\lostinmusic\AppData\Roaming\Mp3tag [2011.02.03 21:56:48 | 000,000,000 | ---D | M] -- C:\Users\lostinmusic\AppData\Roaming\NCH Swift Sound [2010.12.08 13:55:15 | 000,000,000 | ---D | M] -- C:\Users\lostinmusic\AppData\Roaming\Notepad++ [2010.09.11 10:57:17 | 000,000,000 | ---D | M] -- C:\Users\lostinmusic\AppData\Roaming\OpenOffice.org [2010.09.12 08:20:38 | 000,000,000 | ---D | M] -- C:\Users\lostinmusic\AppData\Roaming\Opera [2011.10.19 13:06:37 | 000,000,000 | ---D | M] -- C:\Users\lostinmusic\AppData\Roaming\phonostar GmbH [2012.11.03 17:05:58 | 000,000,000 | ---D | M] -- C:\Users\lostinmusic\AppData\Roaming\QuickScan [2012.10.22 22:59:52 | 000,000,000 | ---D | M] -- C:\Users\lostinmusic\AppData\Roaming\SoftGrid Client [2010.09.21 18:01:01 | 000,000,000 | ---D | M] -- C:\Users\lostinmusic\AppData\Roaming\TeamViewer [2010.10.23 16:18:16 | 000,000,000 | ---D | M] -- C:\Users\lostinmusic\AppData\Roaming\Thunderbird [2010.10.13 19:37:14 | 000,000,000 | ---D | M] -- C:\Users\lostinmusic\AppData\Roaming\TP [2010.10.23 23:05:56 | 000,000,000 | ---D | M] -- C:\Users\lostinmusic\AppData\Roaming\Uniblue ========== Purity Check ========== < End of report > Hier jetzt der Inhalt einer der angesprochenen Mails: This message was created automatically by mail delivery software. A message that you sent could not be delivered to one or more of its recipients. This is a permanent error. The following address failed: <hayjay3@yahoom.com> --- The header of the original message is following. --- Received: from SUPERSTAR11 ([194.17.45.20]) by smtp.web.de (mrweb002) with ESMTPSA (Nemesis) id 0LopMx-1SsnsS17ZD-00gJxX for <hayjay3@yahoom.com>; Tue, 30 Oct 2012 19:16:31 +0100 Date: 30 Oct 2012 19:10:9 From: UPS 557 <norbertennen@web.de> X-Mailer: Microsoft Outlook Express 6.00.2900.2180 X-Priority: 3 (Normal) To: <hayjay3@yahoom.com> Subject: Delivery problem # Error ID6041 MIME-Version: 1.0 Content-Type: text/html; charset="utf-8" Content-Transfer-Encoding: 7bit Message-ID: <0MAdb9-1Tf77U25k3-00BMv9@smtp.web.de> X-Provags-ID: V02:K0:cK/l0auTIW+E1ha60S4LnUlcIpqCLKApKHjWSp0bZS9 LgdTPTcNDP9ZxhmLs/sZJRgKbcvgmNSofm35TnrZnUw/VAopv4 87BswOvcDnyona5qCcGVGP4y0zxOw40aZqK2BvTN0lxoRbArPe g1GQjxKHkFvAYwG6DKNtrevNmwEpGQyNK0XxJmwujIRmrI1im/ KiAYXpcXFjhu1lU9U+//A== Ich hoffe, Ihr wisst Rat. Schon mal vielen Dank im Voraus. Beste Grüße Norbert |
|
03.11.2012, 21:46
| #2 |
| /// Malware-holic   | Emails (mail delivery failed) hundertfach in meinem Postfach bei web.de! hi
__________________nutzt du den pc für onlinebanking zum einkaufen, für sonstige zahlungsabwicklungen, oder ähnlich wichtigem, wie beruflichem?
__________________ |
|
03.11.2012, 22:38
| #3 |
| | Emails (mail delivery failed) hundertfach in meinem Postfach bei web.de! hi markus, ich nutze den pc für onlinebanking und bin auch bei paypal aktiv.
__________________gruß norbert soeben neue email bekommen: This message was created automatically by mail delivery software. A message that you sent could not be delivered to one or more of its recipients. This is a permanent error. The following address failed: <sammyxd@tnx.com> --- The header of the original message is following. --- Received: from SUPERSTAR11 ([194.17.45.20]) by smtp.web.de (mrweb002) with ESMTPSA (Nemesis) id 0MaJc8-1Tn7dT0ddw-00KPau for <sammyxd@tnx.com>; Tue, 30 Oct 2012 19:16:59 +0100 Date: 30 Oct 2012 19:10:37 From: UPS 557 <norbertennen@web.de> X-Mailer: Microsoft Outlook Express 6.00.2900.2180 X-Priority: 3 (Normal) To: <sammyxd@tnx.com> Subject: Delivery problem # Error ID6041 MIME-Version: 1.0 Content-Type: text/html; charset="utf-8" Content-Transfer-Encoding: 7bit Message-ID: <0LfRiT-1T15IA1c4n-00pdcD@smtp.web.de> X-Provags-ID: V02:K0:LoMpWY8MydvMTFze3LvDlSqduI702Bijk6x5Wv9GIgv axEAwK7PbcKAUv1BYr7wEnWj1cwx2d9CEEYVwi3zbS/aFy9CAp SALY8xV5QVbKHuc+sTF4G9jmbIrEbWzLM4nUUY2mI/wYgqBvTU m0WfIDrsaq51GhLLWJJp2QPYq5LtcF6sFHYNnkxqgJpvdrtNV6 iiBruKJCUIMpEc1ePRFkQ== |
|
03.11.2012, 22:40
| #4 |
| /// Malware-holic | Emails (mail delivery failed) hundertfach in meinem Postfach bei web.de! ok, ich sehe zumindest überreste alter malware. bitte rufe deine bank an, notfall nummer: 116 116 und lasse es sperren und dir neue daten senden. da du mit dem pc sensible dinge durchführst setzen wir ihn neu auf der pc muss neu aufgesetzt und dann abgesichert werden 1. Datenrettung:
ich werde außerdem noch weitere punkte dazu posten. 4. alle Passwörter ändern! 5. nach PC Absicherung, die gesicherten Daten prüfen und falls sauber: zurückspielen. 6. werde ich dann noch was zum absichern von Onlinebanking mit Chip Card Reader + Star Money sagen.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
03.11.2012, 23:16
| #5 |
| | Emails (mail delivery failed) hundertfach in meinem Postfach bei web.de! Online banking gestoppt, Visa-Karte gesperrt. Was mache ich mit paypal? |
|
03.11.2012, 23:27
| #6 |
| /// Malware-holic | Emails (mail delivery failed) hundertfach in meinem Postfach bei web.de! auf jeden fall, wenn der pc neu aufgesetzt ist, passwort endern, gilt für alle dienste, die du online nutzt. auch die passwort vergessen abfrage endern. konto bewegungen im auge behalten, aber das ist ja sowieso immer ratsam. und nu, daten sichern
__________________ --> Emails (mail delivery failed) hundertfach in meinem Postfach bei web.de! |
|
03.11.2012, 23:32
| #7 |
| | Emails (mail delivery failed) hundertfach in meinem Postfach bei web.de! pc neu aufsetzen mache ich lieber morgen mit einem freund, der ahnung hat. das ist mir definitiv zu tricky. |
|
04.11.2012, 00:37
| #8 |
| /// Malware-holic | Emails (mail delivery failed) hundertfach in meinem Postfach bei web.de! auf jeden fall melden, wegen der absicherung, und, beim neu aufsetzen, zugicken, denn nur so lehrnt man was und ist nicht auf andere angewiesen
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
10.12.2012, 18:02
| #9 |
| | Emails (mail delivery failed) hundertfach in meinem Postfach bei web.de! Hallo, da bin ich nach langer Zeit wieder. System wurde noch nicht neu aufgesetzt, weil Kumpel zu busy. Habe aber nach unserer letzten Korespondenz keine besagten Emails mehr bekommen. Online-Banking habe ich seitdem trotzdem gelassen. Lt mailwarebytes ist der Rechner sauber. Schicke Dir die kompletten Scans hier: Gruß Norbert Malwarebytes Anti-Malware 1.65.1.1000 www.malwarebytes.org Datenbank Version: v2012.12.10.04 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 lostinmusic :: SONY [Administrator] 10.12.2012 14:52:40 mbam-log-2012-12-10 (14-52-40).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|E:\|F:\|G:\|I:\|J:\|Q:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 404414 Laufzeit: 1 Stunde(n), 31 Minute(n), 44 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) OTL Logfile: Code:
ATTFilter OTL logfile created on: 10.12.2012 17:14:02 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\lostinmusic\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,86 Gb Total Physical Memory | 2,06 Gb Available Physical Memory | 53,48% Memory free 7,71 Gb Paging File | 5,78 Gb Available in Paging File | 74,98% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 64,43 Gb Total Space | 15,29 Gb Free Space | 23,74% Space Free | Partition Type: NTFS Drive I: | 390,20 Gb Total Space | 380,31 Gb Free Space | 97,47% Space Free | Partition Type: NTFS Computer Name: SONY | User Name: lostinmusic | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.12.06 16:28:22 | 000,916,960 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe PRC - [2012.11.03 21:02:06 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\lostinmusic\Desktop\OTL.exe PRC - [2012.10.09 19:47:20 | 001,807,800 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe PRC - [2012.08.14 13:24:00 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.07.27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012.06.20 12:18:08 | 001,568,976 | ---- | M] (Ask) -- C:\Program Files (x86)\Ask.com\Updater\Updater.exe PRC - [2012.05.08 08:56:31 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE PRC - [2012.05.08 08:56:31 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2012.05.08 08:56:31 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2011.11.29 10:50:03 | 002,916,736 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe PRC - [2011.10.01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe PRC - [2011.10.01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe PRC - [2010.05.20 23:52:06 | 011,312,128 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin PRC - [2010.05.20 23:52:04 | 011,318,784 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe PRC - [2010.04.05 20:55:01 | 000,116,104 | ---- | M] () -- C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE PRC - [2010.04.02 10:18:54 | 001,185,112 | ---- | M] (CANON INC.) -- C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE PRC - [2009.12.14 21:06:24 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe PRC - [2009.12.14 21:06:08 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe PRC - [2009.11.20 23:25:22 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe PRC - [2009.11.20 07:58:20 | 002,557,296 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\Setting Utility Series\WBCBatteryCare.exe PRC - [2008.10.24 15:35:44 | 000,128,296 | ---- | M] () -- C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe ========== Modules (No Company Name) ========== MOD - [2012.12.06 16:28:22 | 002,397,152 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll MOD - [2012.11.16 19:07:48 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\413288993ff690e8251d2dbe32bee01f\System.Runtime.Remoting.ni.dll MOD - [2012.11.16 19:07:22 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d040079bc7148afeca03c5abb6fc3c61\System.Windows.Forms.ni.dll MOD - [2012.11.16 19:07:15 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\4e80768a2d88c7a333e43cbb7a6c0705\System.Drawing.ni.dll MOD - [2012.11.16 19:06:56 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\25e672ea505e50ab058258ac72a54f02\System.Xml.ni.dll MOD - [2012.11.16 19:06:53 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c64ca3678261c8ffcd9e7efd1af6ed54\System.Configuration.ni.dll MOD - [2012.11.16 19:06:52 | 007,988,736 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9dd758ac0bf7358ac6e4720610fcc63c\System.ni.dll MOD - [2012.11.16 19:06:46 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\187d7c66735c533de851c76384f86912\mscorlib.ni.dll MOD - [2012.10.09 19:47:20 | 009,814,968 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll MOD - [2010.11.13 01:08:41 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2010.06.18 04:41:49 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll MOD - [2010.05.04 14:36:28 | 000,970,752 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll ========== Services (SafeList) ========== SRV:64bit: - [2011.01.29 05:36:18 | 000,259,192 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files\Sony\VAIO Care\VCPerfService.exe -- (SampleCollector) SRV:64bit: - [2010.10.08 07:55:08 | 000,202,752 | ---- | M] (AMD) [Disabled | Stopped] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV - [2012.12.06 16:28:22 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.10.09 19:47:20 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.07.27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012.05.08 08:56:31 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService) SRV - [2012.05.08 08:56:31 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012.05.08 08:56:31 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.01.13 09:55:10 | 001,256,040 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Programme\Sony\VAIO Update Common\VUAgent.exe -- (VUAgent) SRV - [2011.11.29 10:50:03 | 002,916,736 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7) SRV - [2011.10.01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa) SRV - [2011.10.01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist) SRV - [2011.02.14 13:23:50 | 000,044,736 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Programme\Sony\VAIO Care\VCService.exe -- (VCService) SRV - [2010.08.11 08:46:06 | 000,845,312 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Programme\Sony\VAIO Smart Network\VSNService.exe -- (VSNService) SRV - [2010.05.28 11:14:24 | 000,205,168 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\SONY\VAIO Event Service\VESMgr.exe -- (VAIO Event Service) SRV - [2010.04.05 20:55:01 | 000,116,104 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE -- (IJPLMSVC) SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.01.09 20:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc) SRV - [2009.12.14 21:06:24 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) SRV - [2009.12.14 21:06:08 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) SRV - [2009.11.30 18:51:18 | 000,571,248 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Programme\Sony\VAIO Power Management\SPMService.exe -- (VAIO Power Management) SRV - [2009.11.20 23:25:24 | 000,013,336 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) SRV - [2009.10.24 02:18:54 | 000,360,224 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider) SRV - [2009.10.15 15:34:36 | 000,427,304 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe -- (SOHDms) SRV - [2009.10.15 15:34:36 | 000,091,432 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe -- (SOHPlMgr) SRV - [2009.10.15 15:34:36 | 000,075,048 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe -- (SOHDs) SRV - [2009.10.15 15:34:34 | 000,120,104 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe -- (SOHCImp) SRV - [2009.10.15 15:34:34 | 000,070,952 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe -- (SOHDBSvr) SRV - [2009.09.16 12:27:12 | 000,480,624 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Programme\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe -- (VcmIAlzMgr) SRV - [2009.09.08 17:09:20 | 000,110,960 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe -- (VcmXmlIfHelper) SRV - [2009.09.04 21:35:12 | 000,873,248 | ---- | M] (Broadcom Corporation.) [Disabled | Stopped] -- C:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins) SRV - [2009.09.01 20:42:00 | 000,361,840 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Programme\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe -- (VcmINSMgr) SRV - [2009.08.31 00:59:30 | 000,362,992 | ---- | M] (Sonic Solutions) [Disabled | Stopped] -- C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe -- (Roxio Upnp Server 10) SRV - [2009.08.31 00:59:18 | 000,313,840 | ---- | M] (Sonic Solutions) [Disabled | Stopped] -- C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe -- (Roxio UPnP Renderer 10) SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2008.10.24 15:35:44 | 000,128,296 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe -- (AAV UpdateService) SRV - [2007.07.24 10:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2) SRV - [2007.01.04 18:48:50 | 000,112,152 | ---- | M] (InterVideo) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.08.23 15:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:64bit: - [2012.08.23 15:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2012.05.08 08:56:31 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2012.05.08 08:56:31 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011.12.15 15:00:35 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2011.10.01 08:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol) DRV:64bit: - [2011.10.01 08:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay) DRV:64bit: - [2011.10.01 08:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir) DRV:64bit: - [2011.10.01 08:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs) DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.11.20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.20 10:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus) DRV:64bit: - [2010.10.08 07:55:08 | 006,661,120 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag) DRV:64bit: - [2010.10.08 07:55:08 | 006,661,120 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2010.10.08 07:55:08 | 000,195,584 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2009.12.16 21:03:59 | 000,244,736 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) DRV:64bit: - [2009.12.16 21:03:04 | 007,778,176 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2009.12.16 03:49:48 | 000,213,280 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService) DRV:64bit: - [2009.12.14 21:06:07 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) DRV:64bit: - [2009.11.20 23:09:48 | 000,537,112 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2009.11.18 05:30:44 | 000,021,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid) DRV:64bit: - [2009.11.18 05:30:32 | 000,132,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt) DRV:64bit: - [2009.11.18 05:30:32 | 000,098,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio) DRV:64bit: - [2009.11.18 05:30:21 | 000,052,264 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btusbflt.sys -- (btusbflt) DRV:64bit: - [2009.11.18 05:23:46 | 000,035,104 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap) DRV:64bit: - [2009.11.13 21:08:21 | 000,151,936 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd) DRV:64bit: - [2009.11.12 21:16:19 | 000,395,264 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7) DRV:64bit: - [2009.11.12 21:06:44 | 001,542,656 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr) DRV:64bit: - [2009.11.06 21:27:30 | 000,093,696 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimssne64.sys -- (rimspci) DRV:64bit: - [2009.11.04 10:59:59 | 000,253,488 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService) DRV:64bit: - [2009.09.15 21:09:08 | 000,075,776 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\risdsne64.sys -- (risdsnpe) DRV:64bit: - [2009.08.19 21:09:21 | 000,011,392 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SFEP.sys -- (SFEP) DRV:64bit: - [2009.08.05 22:24:16 | 000,061,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr) DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.05.20 11:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64) DRV:64bit: - [2007.04.17 10:51:50 | 000,014,112 | ---- | M] (InterVideo) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\regi.sys -- (regi) DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files (x86)\Winload\tbWinl.dll (Conduit Ltd.) IE - HKLM\..\URLSearchHook: {ff88a983-649d-4207-9336-9b999280b436} - C:\Program Files (x86)\SFT_de3\prxtbSFT_.dll (Conduit Ltd.) IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2736476 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=SVEC&bmod=EU01 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.crawler.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=60747 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://search.conduit.com?SearchSo [Binary data over 200 bytes] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.avira.com/?l=dis&o=APN10395&gct=hp&dc=EU&locale=de_DE IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) IE - HKCU\..\URLSearchHook: {40C3CC16-7269-4B32-9531-17F2950FB06F} - C:\Program Files (x86)\Winload\tbWinl.dll (Conduit Ltd.) IE - HKCU\..\URLSearchHook: {FF88A983-649D-4207-9336-9B999280B436} - C:\Program Files (x86)\SFT_de3\prxtbSFT_.dll (Conduit Ltd.) IE - HKCU\..\SearchScopes,DefaultScope = {F380B665-1FC4-48F9-B38C-C7496DEB5601} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}: "URL" = hxxp://www.crawler.com/search/dispatcher.aspx?tp=bs&qkw={searchTerms}&tbid=60747 IE - HKCU\..\SearchScopes\{4A6CF1B5-3004-49B0-AB23-1F2C500FCC13}: "URL" = hxxp://rover.ebay.com/rover/1/707-37276-16609-0/4?satitle={searchTerms} IE - HKCU\..\SearchScopes\{61CD8DED-4C5B-48EE-8E06-B08AF2559311}: "URL" = hxxp://de.shopping.com/?linkin_id=8056363 IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\..\SearchScopes\{92830975-6F50-4D9A-AC39-2612869FE5E1}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-3&o=APN10395&src=crm&q={searchTerms}&locale=de_DE&apn_ptnrs=^ABT&apn_dtid=^YYYYYY^YY^DE&apn_uid=8799ece6-6bbf-4113-b618-b587a9f1df21&apn_sauid=0F89D229-1E09-445D-9B53-10D4B677D4A1 IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2736476 IE - HKCU\..\SearchScopes\{E4766602-A5B1-40FE-A5CC-E8CC1A624B18}: "URL" = hxxp://www.zinio.com/search/index.jsp?s={searchTerms}&rf=sonyie8search IE - HKCU\..\SearchScopes\{F380B665-1FC4-48F9-B38C-C7496DEB5601}: "URL" = hxxp://www.google.de/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SVEC_deDE396 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "Ask.com" FF - prefs.js..browser.search.defaultenginename: "Ask.com" FF - prefs.js..browser.search.order.1: "Ask.com" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://search.avira.com/?l=dis&o=APN10395&gct=hp&dc=EU&locale=de_DE" FF - prefs.js..extensions.enabledAddons: fb_add_on%40avm.de:1.6.3 FF - prefs.js..extensions.enabledAddons: %7B53A03D43-5363-4669-8190-99061B2DEBA5%7D:1.5.5 FF - prefs.js..extensions.enabledAddons: %7B73a6fe31-595d-460b-a920-fcc0f8843232%7D:2.6.3 FF - prefs.js..extensions.enabledAddons: %7Be001c731-5e37-4538-a5cb-8168736a2360%7D:0.9.9.119 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1 FF - prefs.js..keyword.URL: "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=AVR-3&o=APN10395&locale=de_DE&apn_uid=8799ece6-6bbf-4113-b618-b587a9f1df21&apn_ptnrs=%5EABT&apn_sauid=0F89D229-1E09-445D-9B53-10D4B677D4A1&apn_dtid=%5EYYYYYY%5EYY%5EDE&&q=" FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll () FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101753.dll (Amazon.com, Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.12.06 16:28:22 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.12.06 16:28:19 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.5\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2010.10.23 16:18:16 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.5\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\mail@shopping-preise.de: C:\Users\lostinmusic\AppData\Roaming\Mozilla\Firefox\Profiles\p6mwqnuu.default\extensions\mail@shopping-preise.de FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.12.06 16:28:22 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.12.06 16:28:19 | 000,000,000 | ---D | M] [2012.04.22 14:21:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\lostinmusic\AppData\Roaming\mozilla\Extensions [2012.04.22 14:21:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\lostinmusic\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2012.12.05 13:02:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\lostinmusic\AppData\Roaming\mozilla\Firefox\Profiles\qkzm1u07.default\extensions [2012.11.03 17:05:49 | 000,000,000 | ---D | M] (Bitdefender QuickScan) -- C:\Users\lostinmusic\AppData\Roaming\mozilla\Firefox\Profiles\qkzm1u07.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360} [2012.08.13 15:21:15 | 000,000,000 | ---D | M] ("FRITZ!Box AddOn") -- C:\Users\lostinmusic\AppData\Roaming\mozilla\Firefox\Profiles\qkzm1u07.default\extensions\fb_add_on@avm.de [2012.08.23 22:13:23 | 000,000,000 | ---D | M] (Avira SearchFree Toolbar plus Web Protection) -- C:\Users\lostinmusic\AppData\Roaming\mozilla\Firefox\Profiles\qkzm1u07.default\extensions\toolbar@ask.com [2012.08.27 20:00:41 | 000,399,504 | ---- | M] () (No name found) -- C:\Users\lostinmusic\AppData\Roaming\mozilla\firefox\profiles\qkzm1u07.default\extensions\{53A03D43-5363-4669-8190-99061B2DEBA5}.xpi [2012.12.05 13:02:00 | 000,531,070 | ---- | M] () (No name found) -- C:\Users\lostinmusic\AppData\Roaming\mozilla\firefox\profiles\qkzm1u07.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2012.08.23 22:13:23 | 000,002,344 | ---- | M] () -- C:\Users\lostinmusic\AppData\Roaming\mozilla\firefox\profiles\qkzm1u07.default\searchplugins\askcom.xml [2012.08.17 16:01:59 | 000,001,998 | ---- | M] () -- C:\Users\lostinmusic\AppData\Roaming\mozilla\firefox\profiles\qkzm1u07.default\searchplugins\discogs.xml [2012.12.06 16:28:18 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.12.06 16:28:18 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA} [2012.12.06 16:28:18 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2012.12.06 16:28:18 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2012.12.06 16:28:22 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.06.22 22:43:08 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.08.31 08:46:37 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2007.07.26 13:05:16 | 000,001,329 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\crawlersrch.xml [2012.06.22 22:43:08 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2010.09.24 21:11:23 | 000,000,143 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\foxsearch.src [2012.06.22 22:43:08 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.06.22 22:43:08 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.06.22 22:43:08 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Windows Live Family Safety Browser Helper Class) - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Programme\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation) O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.) O2 - BHO: (Winload Toolbar) - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files (x86)\Winload\tbWinl.dll (Conduit Ltd.) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O2 - BHO: (SFT_de3 Toolbar) - {ff88a983-649d-4207-9336-9b999280b436} - C:\Program Files (x86)\SFT_de3\prxtbSFT_.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Winload Toolbar) - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files (x86)\Winload\tbWinl.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.) O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKLM\..\Toolbar: (SFT_de3 Toolbar) - {ff88a983-649d-4207-9336-9b999280b436} - C:\Program Files (x86)\SFT_de3\prxtbSFT_.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {37483B40-C254-4A72-BDA4-22EE90182C1E} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (Winload Toolbar) - {40C3CC16-7269-4B32-9531-17F2950FB06F} - C:\Program Files (x86)\Winload\tbWinl.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.) O3 - HKCU\..\Toolbar\WebBrowser: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKCU\..\Toolbar\WebBrowser: (SFT_de3 Toolbar) - {FF88A983-649D-4207-9336-9B999280B436} - C:\Program Files (x86)\SFT_de3\prxtbSFT_.dll (Conduit Ltd.) O4:64bit: - HKLM..\Run: [Apoint] C:\Programme\Apoint\Apoint.exe (Alps Electric Co., Ltd.) O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [SpywareTerminatorShield] C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe File not found O4:64bit: - HKLM..\Run: [SpywareTerminatorUpdater] C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe File not found O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.) O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKCU..\Run: [ttunmxgv] "C:\Users\lostinmusic\AppData\Local\ieqdkdco.exe" File not found O4 - HKCU..\Run: [ukrwjqqt] "C:\Users\lostinmusic\AppData\Local\dxhcjccf.exe" File not found O4 - HKCU..\Run: [uoesjubn] "C:\Users\lostinmusic\AppData\Local\nnirijah.exe" File not found O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - Startup: C:\Users\lostinmusic\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BBC iPlayer Desktop.lnk = File not found O4 - Startup: C:\Users\lostinmusic\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8:64bit: - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - C:\Program Files (x86)\Evernote\Evernote3.5\enbar.dll (Evernote Corporation) O9 - Extra 'Tools' menuitem : Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - C:\Program Files (x86)\Evernote\Evernote3.5\enbar.dll (Evernote Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000020 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: fritz.box ([]* in Local intranet) O15 - HKCU\..Trusted Ranges: Range1 ([*] in Local intranet) O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16) O16:64bit: - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16) O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37) O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1EFB8A60-ADE3-4852-AA62-C8616E1EABDA}: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{927587AB-1894-493E-8E72-6063314BF69A}: DhcpNameServer = 192.168.178.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O20 - Winlogon\Notify\VESWinlogon: DllName - (VESWinlogon.dll) - C:\Windows\SysWow64\VESWinlogon.dll (Sony Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.12.10 14:51:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.12.10 14:51:55 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.12.10 14:51:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012.12.07 10:49:40 | 000,000,000 | ---D | C] -- C:\Users\lostinmusic\Documents\Amazon MP3 [2012.12.07 10:49:40 | 000,000,000 | ---D | C] -- C:\Users\lostinmusic\AppData\Roaming\Amazon [2012.12.07 10:48:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Amazon [2012.12.07 10:48:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Amazon [2012.12.06 16:28:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2007.08.13 16:46:00 | 000,102,912 | ---- | C] (Albert L Faber) -- C:\Users\lostinmusic\AppData\Local\CDRip.dll [2007.01.18 20:09:54 | 000,623,616 | ---- | C] (Ivan Bischof ©2003 - 2005) -- C:\Users\lostinmusic\AppData\Local\No23 Recorder.exe [2006.12.11 18:13:14 | 000,013,872 | ---- | C] (Un4seen Developments) -- C:\Users\lostinmusic\AppData\Local\basscd.dll [2006.12.11 18:13:12 | 000,097,336 | ---- | C] (Un4seen Developments) -- C:\Users\lostinmusic\AppData\Local\bass.dll [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.12.10 16:47:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.12.10 14:51:56 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.12.10 14:30:41 | 001,614,892 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.12.10 14:30:41 | 000,697,534 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.12.10 14:30:41 | 000,652,812 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.12.10 14:30:41 | 000,148,540 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.12.10 14:30:41 | 000,121,486 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.12.10 13:36:05 | 000,013,936 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.12.10 13:36:05 | 000,013,936 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.12.10 13:27:19 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.12.10 13:27:13 | 3106,480,128 | -HS- | M] () -- C:\hiberfil.sys [2012.12.09 20:51:06 | 000,459,371 | ---- | M] () -- C:\Users\lostinmusic\Desktop\dating cafe 3 brille.JPG [2012.12.09 20:47:07 | 000,543,207 | ---- | M] () -- C:\Users\lostinmusic\Desktop\dating cafe 2.JPG [2012.12.09 20:46:06 | 000,502,453 | ---- | M] () -- C:\Users\lostinmusic\Desktop\dating cafe 1.JPG [2012.12.07 17:44:45 | 000,001,949 | ---- | M] () -- C:\Users\Public\Desktop\CDBurnerXP.lnk [2012.12.05 13:01:24 | 000,021,152 | ---- | M] () -- C:\Users\lostinmusic\Desktop\Want List.sxw [2012.11.19 15:21:22 | 000,001,483 | ---- | M] () -- C:\Users\lostinmusic\AppData\Local\RecConfig.xml [2012.11.16 19:01:11 | 000,326,032 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.12.10 14:51:56 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.12.09 20:51:05 | 000,459,371 | ---- | C] () -- C:\Users\lostinmusic\Desktop\dating cafe 3 brille.JPG [2012.12.09 20:47:06 | 000,543,207 | ---- | C] () -- C:\Users\lostinmusic\Desktop\dating cafe 2.JPG [2012.12.09 20:46:06 | 000,502,453 | ---- | C] () -- C:\Users\lostinmusic\Desktop\dating cafe 1.JPG [2012.11.16 11:59:47 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf [2012.11.16 11:52:34 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf [2012.11.03 20:58:54 | 000,000,000 | ---- | C] () -- C:\Users\lostinmusic\defogger_reenable [2012.10.05 08:33:57 | 000,059,392 | ---- | C] () -- C:\Users\lostinmusic\AppData\Local\peljeahv [2012.10.05 08:33:22 | 000,000,000 | ---- | C] () -- C:\Users\lostinmusic\AppData\Roaming\SharedSettings.ccs [2012.10.05 08:32:50 | 000,118,506 | ---- | C] () -- C:\Users\lostinmusic\AppData\Local\secklgwo.exe [2012.04.06 06:41:53 | 000,338,432 | ---- | C] () -- C:\Windows\SysWow64\sqlite36_engine.dll [2012.01.23 18:05:04 | 000,015,873 | ---- | C] () -- C:\Windows\SysWow64\Inetde.dll [2011.04.26 22:54:57 | 000,001,483 | ---- | C] () -- C:\Users\lostinmusic\AppData\Local\RecConfig.xml [2011.01.04 17:04:53 | 000,004,608 | ---- | C] () -- C:\Windows\SysWow64\pcomaomi.dll [2010.09.20 00:52:13 | 000,007,604 | ---- | C] () -- C:\Users\lostinmusic\AppData\Local\Resmon.ResmonCfg [2007.08.13 16:46:00 | 000,155,136 | ---- | C] () -- C:\Users\lostinmusic\AppData\Local\lame_enc.dll [2006.10.26 00:06:48 | 000,064,000 | ---- | C] () -- C:\Users\lostinmusic\AppData\Local\vorbisenc.dll [2006.10.26 00:06:48 | 000,019,456 | ---- | C] () -- C:\Users\lostinmusic\AppData\Local\vorbisfile.dll [2006.10.26 00:06:46 | 000,143,872 | ---- | C] () -- C:\Users\lostinmusic\AppData\Local\vorbis.dll [2006.10.26 00:06:36 | 000,015,872 | ---- | C] () -- C:\Users\lostinmusic\AppData\Local\ogg.dll [2005.08.23 21:34:06 | 000,029,184 | ---- | C] () -- C:\Users\lostinmusic\AppData\Local\no23xwrapper.dll ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2010.09.22 21:52:15 | 000,000,000 | -HSD | M] -- C:\Users\lostinmusic\AppData\Roaming\.# [2012.09.25 10:18:29 | 000,000,000 | ---D | M] -- C:\Users\lostinmusic\AppData\Roaming\.anki [2012.12.07 10:49:40 | 000,000,000 | ---D | M] -- C:\Users\lostinmusic\AppData\Roaming\Amazon [2012.03.12 22:13:21 | 000,000,000 | ---D | M] -- C:\Users\lostinmusic\AppData\Roaming\Auslogics [2012.01.13 18:01:49 | 000,000,000 | ---D | M] -- C:\Users\lostinmusic\AppData\Roaming\BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1 [2012.12.06 18:33:07 | 000,000,000 | ---D | M] -- C:\Users\lostinmusic\AppData\Roaming\BOM [2012.01.06 11:15:58 | 000,000,000 | ---D | M] -- C:\Users\lostinmusic\AppData\Roaming\Canneverbe Limited [2012.02.10 22:01:46 | 000,000,000 | ---D | M] -- C:\Users\lostinmusic\AppData\Roaming\CD Art Display [2010.09.13 11:19:59 | 000,000,000 | ---D | M] -- C:\Users\lostinmusic\AppData\Roaming\DIMAGE [2012.04.06 06:43:05 | 000,000,000 | ---D | M] -- C:\Users\lostinmusic\AppData\Roaming\DVDVideoSoft [2011.09.09 17:52:24 | 000,000,000 | ---D | M] -- C:\Users\lostinmusic\AppData\Roaming\FileZilla [2010.10.04 16:19:00 | 000,000,000 | ---D | M] -- C:\Users\lostinmusic\AppData\Roaming\foobar2000 [2010.10.04 18:09:31 | 000,000,000 | ---D | M] -- C:\Users\lostinmusic\AppData\Roaming\Gutscheinmieze [2010.09.22 21:38:58 | 000,000,000 | ---D | M] -- C:\Users\lostinmusic\AppData\Roaming\JAM Software [2011.11.26 17:50:30 | 000,000,000 | ---D | M] -- C:\Users\lostinmusic\AppData\Roaming\Mp3tag [2011.02.03 21:56:48 | 000,000,000 | ---D | M] -- C:\Users\lostinmusic\AppData\Roaming\NCH Swift Sound [2010.12.08 13:55:15 | 000,000,000 | ---D | M] -- C:\Users\lostinmusic\AppData\Roaming\Notepad++ [2010.09.11 10:57:17 | 000,000,000 | ---D | M] -- C:\Users\lostinmusic\AppData\Roaming\OpenOffice.org [2010.09.12 08:20:38 | 000,000,000 | ---D | M] -- C:\Users\lostinmusic\AppData\Roaming\Opera [2011.10.19 13:06:37 | 000,000,000 | ---D | M] -- C:\Users\lostinmusic\AppData\Roaming\phonostar GmbH [2012.12.02 09:49:04 | 000,000,000 | ---D | M] -- C:\Users\lostinmusic\AppData\Roaming\QuickScan [2012.11.29 18:35:33 | 000,000,000 | ---D | M] -- C:\Users\lostinmusic\AppData\Roaming\SoftGrid Client [2010.09.21 18:01:01 | 000,000,000 | ---D | M] -- C:\Users\lostinmusic\AppData\Roaming\TeamViewer [2010.10.23 16:18:16 | 000,000,000 | ---D | M] -- C:\Users\lostinmusic\AppData\Roaming\Thunderbird [2010.10.13 19:37:14 | 000,000,000 | ---D | M] -- C:\Users\lostinmusic\AppData\Roaming\TP [2010.10.23 23:05:56 | 000,000,000 | ---D | M] -- C:\Users\lostinmusic\AppData\Roaming\Uniblue ========== Purity Check ========== < End of report > |
|
13.12.2012, 15:24
| #10 |
| /// Malware-holic | Emails (mail delivery failed) hundertfach in meinem Postfach bei web.de! Wie gesagt, den betroffenen PC auf jeden fall formatieren. da brauchst du keine neuen Logs mehr erstellen, lieber die Zeit sinnvoll nutzen :-)
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
| Themen zu Emails (mail delivery failed) hundertfach in meinem Postfach bei web.de! |
| 7-zip, autorun, avira, avira searchfree toolbar, bho, canon, converter, downloader, error, failed, fehler, flash player, format, home, install.exe, intranet, jdownloader, logfile, mail delivery, mail delivery failed, malware, microsoft office starter 2010, mozilla, mp3, nemesis, nicht möglich, plug-in, realtek, registry, richtlinie, rundll, scan, security, server, software, spam-emails, svchost.exe, udp, updates, version., windows, winload toolbar |
Linear-Darstellung
