|
Plagegeister aller Art und deren Bekämpfung: Auch mich aht der GVU Trojaner erwischtWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
03.01.2013, 11:57 | #1 |
| Auch mich aht der GVU Trojaner erwischt Hallo Leute! Ich brauche dringend eure Hilfe! Da dies mein erster Board-Kontakt ist, versuche ich natürlich mich den Regeln entsprechend zu verhalten. Falls das (unabsichtlich!) nicht der Fall sein sollte, bitte ich um entsprechende Nachricht. Was ist passiert: Bin auf Blogs unterwegs gewesen um mir ein Tutorial für ein Kunstprojekt zu suchen. Plötzlich fordert mich mein PC auf, Win32 (oder sowas wars) erneut auszuführen. Da sonst nix mehr gegangen wäre, habe ich das gemacht. Danach war mein Desktop erst mal leer und nach einiger Zeit habe ich nur noch dieses GVU Fenster gesehen mit der Aufforderung 100€ zu zahlen, da ich anscheinend gegen Urheberrechte verstoßen habe. Oben rechts geben die dann ja immer IP und Standort und sowas an, da das allerdings falsch war habe ich gewusst, dass es nicht stimmen kann und hab mit meinem Iphone das Internet durchsucht. Was habe ich danach gemacht: Ich habe sofort mit meinem Iphone im Internet nach Lösungen gesucht. Habe bei meinem Lappi das Internet gekappt und erst mal neu gestartet. Hat nicht funktioniert. Habe den Lappi wieder runtergefahren und dann lediglich im abgesicherten Modus wieder hochgefahren, hat auch nicht funktioniert. Danach habe ich wieder neu gestartet und im abgesicherten Modus mit Eingabeaufforderung neu gestartet. Danach rstrui.exe eingegeben und den Systemwiederherstellungspunkt von gestern angegeben. Danach habe ich von einem anderen PC Malwarebytes Anti Malware runtergeladen, auf meinen Lappi geschmissen und ausgeführt. Die gefundenen Dateien habe ich via Malwarebytes entfernt. Ich habe von meinem PC selbst nichts gelöscht. Habe allerdings Internet kurz aktiviert um Malwarebytes zu aktualisieren. Danach wieder Internet gekappt. Habe meine Daten vorsichtshalber auf eine externe Festplatte gezogen und nun brauch ich eure Hilfe!!! Ist der Trojaner nun weg oder was muss ich tun, damit das Ding verschwindet und nicht mehr wieder kommt? Welches Free-Antivirus Programm soll ich mir installieren? Ich trau Avast nicht mehr Muss/Soll ich meinen Lappi jetzt formatieren? HELP! Hier mal das, was Anti Malware mir gegeben hat: Code:
ATTFilter Malwarebytes Anti-Malware 1.70.0.1100 www.malwarebytes.org Datenbank Version: v2013.01.02.09 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 9.0.8112.16421 Jassi :: JASSI-PC [Administrator] 02.01.2013 23:54:07 mbam-log-2013-01-02 (23-54-07).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 392921 Laufzeit: 1 Stunde(n), 29 Minute(n), 20 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 2 C:\Users\Jassi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50\ab12932-23aad4aa (Trojan.FakeMS) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\dsgsdgdsgdsgw.pad (Exploit.Drop.GSA) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Und hier die Datei OTL.txt: Code:
ATTFilter OTL logfile created on: 03.01.2013 11:33:18 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Jassi\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,97 Gb Total Physical Memory | 1,73 Gb Available Physical Memory | 58,15% Memory free 6,14 Gb Paging File | 4,84 Gb Available in Paging File | 78,77% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 288,22 Gb Total Space | 191,53 Gb Free Space | 66,45% Space Free | Partition Type: NTFS Computer Name: JASSI-PC | User Name: Jassi | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Jassi\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software) PRC - C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software) PRC - C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.) PRC - C:\Program Files\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.) PRC - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) PRC - C:\Program Files\CDBurnerXP\NMSAccessU.exe () PRC - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG) PRC - C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe () PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe (Sony Corporation) PRC - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe (Sony Corporation) PRC - C:\Program Files\sony\VAIO Event Service\VESMgr.exe (Sony Corporation) PRC - C:\Program Files\sony\VAIO Event Service\VESMgrSub.exe (Sony Corporation) PRC - C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe (Sony Corporation) PRC - C:\Program Files\sony\Network Utility\NSUService.exe (Sony Corporation) PRC - C:\Program Files\sony\VAIO Power Management\SPMgr.exe (Sony Corporation) PRC - C:\Program Files\sony\VAIO Power Management\SPMService.exe (Sony Corporation) PRC - C:\Program Files\sony\VAIO Update 4\VAIOUpdt.exe (Sony Corporation) PRC - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.) PRC - C:\Program Files\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe (ArcSoft, Inc.) PRC - C:\Program Files\avmwlanstick\WLanNetService.exe (AVM Berlin) ========== Modules (No Company Name) ========== MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\eca677743544906340bc26d89c2538e4\System.IdentityModel.Selectors.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\6be544795f68114304a2efdd502a52f0\System.IdentityModel.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\68c89abe0ec8381863d6bb18539504f9\System.Runtime.Serialization.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\949339bed597380b8fb6dd2dc97d8006\SMDiagnostics.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\2d737eebab3321e31bf20296d04a0e1a\System.ServiceModel.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\ac05afefb5b28893d44ec451da0e6d4e\System.Web.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\7f15d0cb7e4f87f86e425d5ffe7e8280\System.Configuration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\fb3f7dcfc0e32eb2db9d481ae090714c\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\22e554f2c4da53c07e4815a24e2d50e2\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\2c6cd37f29fc76d6c2ed6bbed202d82c\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\b2052acbbbba4f98585196872195e009\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7ad9c44df3b85848590e63f13fc59804\mscorlib.ni.dll () MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll () MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll () MOD - C:\Program Files\Google\Google Desktop Search\gzlib.dll () MOD - C:\Windows\assembly\GAC_MSIL\System.ServiceModel.resources\3.0.0.0_de_b77a5c561934e089\System.ServiceModel.resources.dll () MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll () MOD - C:\Windows\assembly\GAC_MSIL\SPMDam\3.1.0.6020__1b3c579b6925895f\SPMDam.dll () MOD - C:\Windows\assembly\GAC_MSIL\SPMCommon\3.1.0.6020__e3c7096ba83f9295\SPMCommon.dll () MOD - C:\Windows\System32\atitmmxx.dll () ========== Services (SafeList) ========== SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies) SRV - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software) SRV - (Sony Ericsson PCCompanion) -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe (Avanquest Software) SRV - (ACDaemon) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.) SRV - (NMSAccess) -- C:\Program Files\CDBurnerXP\NMSAccessU.exe () SRV - (Nero BackItUp Scheduler 4.0) -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG) SRV - (OMSI download service) -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe () SRV - (VAIO Entertainment TV Device Arbitration Service) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe (Sony Corporation) SRV - (Vcsw) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe (Sony Corporation) SRV - (VzCdbSvc) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe (Sony Corporation) SRV - (SOHCImp) -- C:\Program Files\Common Files\Sony Shared\SOHLib\SOHCImp.exe (Sony Corporation) SRV - (SOHPlMgr) -- C:\Program Files\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe (Sony Corporation) SRV - (SOHDs) -- C:\Program Files\Common Files\Sony Shared\SOHLib\SOHDs.exe (Sony Corporation) SRV - (SOHDms) -- C:\Program Files\Common Files\Sony Shared\SOHLib\SOHDms.exe (Sony Corporation) SRV - (SOHDBSvr) -- C:\Program Files\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe (Sony Corporation) SRV - (VcmIAlzMgr) -- C:\Program Files\sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe (Sony Corporation) SRV - (VAIO Event Service) -- C:\Program Files\sony\VAIO Event Service\VESMgr.exe (Sony Corporation) SRV - (VcmXmlIfHelper) -- C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe (Sony Corporation) SRV - (VCFw) -- C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe (Sony Corporation) SRV - (PACSPTISVR) -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe (Sony Corporation) SRV - (NSUService) -- C:\Program Files\sony\Network Utility\NSUService.exe (Sony Corporation) SRV - (VAIO Power Management) -- C:\Program Files\sony\VAIO Power Management\SPMService.exe (Sony Corporation) SRV - (YahooAUService) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.) SRV - (uCamMonitor) -- C:\Program Files\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe (ArcSoft, Inc.) SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (AVM WLAN Connection Service) -- C:\Program Files\avmwlanstick\WLanNetService.exe (AVM Berlin) ========== Driver Services (SafeList) ========== DRV - (ZTEusbser6k) -- system32\DRIVERS\ZTEusbser6k.sys File not found DRV - (ZTEusbnmea) -- system32\DRIVERS\ZTEusbnmea.sys File not found DRV - (ZTEusbmdm6k) -- system32\DRIVERS\ZTEusbmdm6k.sys File not found DRV - (UIUSys) -- system32\DRIVERS\UIUSYS.SYS File not found DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found DRV - (massfilter_hs) -- system32\drivers\massfilter_hs.sys File not found DRV - (massfilter) -- system32\drivers\massfilter.sys File not found DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found DRV - (CoachVid) -- system32\DRIVERS\CoachVid.sys File not found DRV - (CoachUsb) -- system32\DRIVERS\CoachUsb.sys File not found DRV - (CoachAud) -- system32\DRIVERS\CoachAud.sys File not found DRV - (aswTdi) -- C:\Windows\System32\drivers\aswTdi.sys (AVAST Software) DRV - (aswSnx) -- C:\Windows\System32\drivers\aswSnx.sys (AVAST Software) DRV - (aswSP) -- C:\Windows\System32\drivers\aswSP.sys (AVAST Software) DRV - (aswMonFlt) -- C:\Windows\System32\drivers\aswMonFlt.sys (AVAST Software) DRV - (AswRdr) -- C:\Windows\System32\drivers\aswRdr.sys (AVAST Software) DRV - (aswFsBlk) -- C:\Windows\System32\drivers\aswFsBlk.sys (AVAST Software) DRV - (AFS) -- C:\Windows\System32\drivers\AFS.SYS (Oak Technology Inc.) DRV - (StarOpen) -- C:\Windows\System32\drivers\StarOpen.sys () DRV - (s1018mdm) -- C:\Windows\System32\drivers\s1018mdm.sys (MCCI Corporation) DRV - (s1018unic) -- C:\Windows\System32\drivers\s1018unic.sys (MCCI Corporation) DRV - (s1018mgmt) -- C:\Windows\System32\drivers\s1018mgmt.sys (MCCI Corporation) DRV - (s1018obex) -- C:\Windows\System32\drivers\s1018obex.sys (MCCI Corporation) DRV - (s1018bus) -- C:\Windows\System32\drivers\s1018bus.sys (MCCI Corporation) DRV - (s1018nd5) -- C:\Windows\System32\drivers\s1018nd5.sys (MCCI Corporation) DRV - (s1018mdfl) -- C:\Windows\System32\drivers\s1018mdfl.sys (MCCI Corporation) DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.) DRV - (DMICall) -- C:\Windows\System32\drivers\DMICall.sys (Sony Corporation) DRV - (SFEP) -- C:\Windows\System32\drivers\SFEP.sys (Sony Corporation) DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.) DRV - (risdptsk) -- C:\Windows\System32\drivers\risdptsk.sys (REDC) DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC) DRV - (WimFltr) -- C:\Windows\System32\drivers\WimFltr.sys (Microsoft Corporation) DRV - (ArcSoftKsUFilter) -- C:\Windows\System32\drivers\ArcSoftKsUFilter.sys (ArcSoft, Inc.) DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.) DRV - (seehcri) -- C:\Windows\System32\drivers\seehcri.sys (Sony Ericsson Mobile Communications) DRV - (FWLANUSB) -- C:\Windows\System32\drivers\fwlanusb.sys (AVM GmbH) DRV - (ASPI) -- C:\Windows\System32\drivers\ASPI32.SYS (Adaptec) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=SNYT&bmod=EU01 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=SNYT&bmod=SNYT IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64} IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SNYT IE - HKLM\..\SearchScopes\{697394D2-244D-45CF-A7E5-3EAFEDC4E0F1}: "URL" = hxxp://www.google.de/search?hl=de&q={searchTerms}&meta= IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2657909668-988653911-2728934829-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=SNYT&bmod=EU01 IE - HKU\S-1-5-21-2657909668-988653911-2728934829-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie IE - HKU\S-1-5-21-2657909668-988653911-2728934829-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com IE - HKU\S-1-5-21-2657909668-988653911-2728934829-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google IE - HKU\S-1-5-21-2657909668-988653911-2728934829-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 IE - HKU\S-1-5-21-2657909668-988653911-2728934829-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://hotmail.com/ IE - HKU\S-1-5-21-2657909668-988653911-2728934829-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKU\S-1-5-21-2657909668-988653911-2728934829-1000\..\SearchScopes,DefaultScope = {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} IE - HKU\S-1-5-21-2657909668-988653911-2728934829-1000\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=CDS&o=16225&src=crm&q={searchTerms}&locale=en_US&apn_ptnrs=QQ&apn_dtid=YYYYYYYYDE&apn_uid=6505DA5D-0574-413F-951A-17FB3A8AF4DA&apn_sauid=18D1F705-861B-49EC-B64E-856198D5291F IE - HKU\S-1-5-21-2657909668-988653911-2728934829-1000\..\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}: "URL" = hxxp://127.0.0.1:4664/search&s=KaBFHy7CxTRl9cydEjH9wkw83bU?q={searchTerms} IE - HKU\S-1-5-21-2657909668-988653911-2728934829-1000\..\SearchScopes\{B696C65C-3685-49DC-892C-00E33EEF6056}: "URL" = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8&rlz=1I7SNYK_de IE - HKU\S-1-5-21-2657909668-988653911-2728934829-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2657909668-988653911-2728934829-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "Ask.com" FF - prefs.js..browser.search.defaultenginename: "Ask.com" FF - prefs.js..browser.search.order.1: "Ask.com" FF - prefs.js..browser.search.param.yahoo-fr: "chrf-ytbm" FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-ytbm" FF - prefs.js..browser.search.param.yahoo-type: "${8}" FF - prefs.js..browser.search.selectedEngine: "LEO Eng-Deu" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "google.de" FF - prefs.js..extensions.enabledAddons: personas%40christopher.beard:1.6.2 FF - prefs.js..extensions.enabledAddons: runtime%40panda3d.org:1.0.2 FF - prefs.js..extensions.enabledAddons: %7B46551EC9-40F0-4e47-8E18-8E5CF550CFB8%7D:1.2.6 FF - prefs.js..extensions.enabledAddons: %7B64161300-e22b-11db-8314-0800200c9a66%7D:0.9.6.8 FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.9 FF - prefs.js..extensions.enabledAddons: %7Bdf4e4df5-5cb7-46b0-9aef-6c784c3249f8%7D:1.2.0 FF - prefs.js..extensions.enabledAddons: wrc%40avast.com:7.0.1456 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1 FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.7 FF - prefs.js..extensions.enabledItems: {df4e4df5-5cb7-46b0-9aef-6c784c3249f8}:1.2.0 FF - prefs.js..extensions.enabledItems: runtime@panda3d.org:1.0.2 FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.6.2 FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:2.0.1 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.2.126 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_135.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.3: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Jassi\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google) FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Jassi\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll () FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Jassi\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Jassi\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8: C:\Users\Jassi\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011.07.15 22:40:16 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012.07.22 16:04:43 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.12.07 18:18:32 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.12.22 11:48:57 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.12.07 18:18:32 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.12.22 11:48:57 | 000,000,000 | ---D | M] [2010.04.22 21:53:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jassi\AppData\Roaming\mozilla\Extensions [2010.04.22 21:53:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jassi\AppData\Roaming\mozilla\Extensions\mozswing@mozswing.org [2012.10.23 05:49:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jassi\AppData\Roaming\mozilla\Firefox\Profiles\az0usrro.default\extensions [2010.07.22 14:34:04 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Jassi\AppData\Roaming\mozilla\Firefox\Profiles\az0usrro.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2012.03.29 17:22:56 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Jassi\AppData\Roaming\mozilla\Firefox\Profiles\az0usrro.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2011.01.11 17:58:19 | 000,000,000 | ---D | M] (Fox!Box) -- C:\Users\Jassi\AppData\Roaming\mozilla\Firefox\Profiles\az0usrro.default\extensions\{df4e4df5-5cb7-46b0-9aef-6c784c3249f8} [2011.04.07 18:17:56 | 000,000,000 | ---D | M] (Personas) -- C:\Users\Jassi\AppData\Roaming\mozilla\Firefox\Profiles\az0usrro.default\extensions\personas@christopher.beard [2010.12.04 14:47:26 | 000,000,000 | ---D | M] (Panda3D Game Engine Plug-In) -- C:\Users\Jassi\AppData\Roaming\mozilla\Firefox\Profiles\az0usrro.default\extensions\runtime@panda3d.org [2012.07.14 11:08:49 | 000,258,567 | ---- | M] () (No name found) -- C:\Users\Jassi\AppData\Roaming\mozilla\firefox\profiles\az0usrro.default\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}.xpi [2012.07.25 19:15:18 | 000,276,167 | ---- | M] () (No name found) -- C:\Users\Jassi\AppData\Roaming\mozilla\firefox\profiles\az0usrro.default\extensions\{64161300-e22b-11db-8314-0800200c9a66}.xpi [2012.07.25 17:24:55 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\Jassi\AppData\Roaming\mozilla\firefox\profiles\az0usrro.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012.12.07 18:18:25 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2012.12.07 18:18:25 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{FD2FD708-1F6F-4B68-B141-C5778F0C19BB} [2012.07.22 16:04:43 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF [2012.12.07 18:18:32 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2011.04.27 11:38:18 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2012.04.28 21:54:08 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.08.29 16:14:17 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.04.28 21:54:08 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.04.28 21:54:08 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.04.28 21:54:08 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.04.28 21:54:08 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - homepage: hxxp://www.google.com/ CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms} CHR - homepage: hxxp://www.google.com/ CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\Jassi\AppData\Local\Google\Chrome\Application\23.0.1271.97\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Jassi\AppData\Local\Google\Chrome\Application\23.0.1271.97\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Jassi\AppData\Local\Google\Chrome\Application\23.0.1271.97\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll CHR - plugin: Java Deployment Toolkit 6.0.240.7 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U24 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\Jassi\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\Jassi\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: Google Update (Enabled) = C:\Users\Jassi\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll CHR - plugin: BrowserPlus (from Yahoo!) v2.9.8 (Enabled) = C:\Users\Jassi\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll CHR - plugin: Default Plug-in (Enabled) = default_plugin CHR - Extension: Adblock Plus (Beta) = C:\Users\Jassi\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.2_0\ CHR - Extension: Google-Suche = C:\Users\Jassi\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\ CHR - Extension: Cr!Box = C:\Users\Jassi\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjodchcocbnbhfkjeapbdoflbiibnapp\2.3_0\ CHR - Extension: avast! WebRep = C:\Users\Jassi\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1456_0\ CHR - Extension: Cath Kidston = C:\Users\Jassi\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndlpkmaeinmnbiadacenijnhlolneopm\3_0\ CHR - Extension: Mehr Leistung und Videoformate f\u00FCr dein HTML5 \u003Cvideo\u003E = C:\Users\Jassi\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.126_0\ CHR - Extension: Google Mail = C:\Users\Jassi\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\ O1 HOSTS File: ([2011.07.16 17:45:02 | 000,001,079 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O1 - Hosts: 127.0.0.1 activate.adobe.com O1 - Hosts: 127.0.0.1 practivate.adobe.com O1 - Hosts: 127.0.0.1 adobeereg.com O1 - Hosts: 127.0.0.1 hxxp://www.adobeereg.com O1 - Hosts: 127.0.0.1 activate.adobe.com O1 - Hosts: 127.0.0.1 activate-sea.adobe.com O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com O1 - Hosts: 127.0.0.1 192.150.18.108 O1 - Hosts: 127.0.0.1 activate.adobe.com:443 O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O3 - HKU\S-1-5-21-2657909668-988653911-2728934829-1000\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found. O3 - HKU\S-1-5-21-2657909668-988653911-2728934829-1000\..\Toolbar\WebBrowser: (no name) - {FD2FD708-1F6F-4B68-B141-C5778F0C19BB} - No CLSID value found. O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software) O4 - HKLM..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-21-2657909668-988653911-2728934829-1000..\Run: [ApplePhotoStreams] C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.) O4 - HKU\S-1-5-21-2657909668-988653911-2728934829-1000..\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.) O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found O9 - Extra Button: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files\ICQ7.1\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files\ICQ7.1\ICQ.exe (ICQ, LLC.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O15 - HKU\S-1-5-21-2657909668-988653911-2728934829-1000\..Trusted Domains: fritz.repeater ([]* in Local intranet) O15 - HKU\S-1-5-21-2657909668-988653911-2728934829-1000\..Trusted Domains: localhost ([]http in Local intranet) O15 - HKU\S-1-5-21-2657909668-988653911-2728934829-1000\..Trusted Ranges: GD ([http] in Local intranet) O15 - HKU\S-1-5-21-2657909668-988653911-2728934829-1000\..Trusted Ranges: Range1 ([*] in Local intranet) O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/de/uno1/GAME_UNO1.cab (UnoCtrl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class) O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} hxxp://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/VistaMSNPUpldde-de.cab (Windows Live Hotmail Photo Upload Tool) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E1EC8ABF-FA11-4324-8D15-4E7AA4EAC517}: DhcpNameServer = 20.20.20.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FFB88951-945D-4CFC-B9DA-725BBC986932}: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\VESWinlogon: DllName - (VESWinlogon.dll) - C:\Windows\System32\VESWinlogon.dll (Sony Corporation) O24 - Desktop WallPaper: C:\Users\Jassi\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\Jassi\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{25739117-062f-11df-a959-00040ec71fa3}\Shell - "" = AutoRun O33 - MountPoints2\{25739117-062f-11df-a959-00040ec71fa3}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKU\S-1-5-21-2657909668-988653911-2728934829-1000\...exe [@ = exefile] -- Reg Error: Key error. File not found O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2013.01.03 11:27:40 | 000,000,000 | ---D | C] -- C:\Users\Jassi\AppData\Local\{4ADD37CE-9D48-4EFE-A409-5EEF9D71FC8C} [2013.01.02 23:37:21 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Jassi\Desktop\OTL.exe [2013.01.02 21:41:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013.01.02 21:41:14 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2013.01.02 21:40:42 | 000,000,000 | ---D | C] -- C:\Users\Jassi\AppData\Local\{8AC7B44D-7A1D-4BF9-815A-199D24788057} [2013.01.02 16:48:06 | 000,000,000 | ---D | C] -- C:\Users\Jassi\AppData\Local\{18115577-CB1A-426E-B170-411CD188DF0C} [2013.01.01 12:53:01 | 000,000,000 | ---D | C] -- C:\Users\Jassi\AppData\Local\{F86D58C0-DBB8-4071-92A1-28242F06B8C2} [2012.12.31 11:51:15 | 000,000,000 | ---D | C] -- C:\Users\Jassi\AppData\Local\{C5043F0C-BE3C-4D35-B280-1074755358A5} [2012.12.30 12:34:29 | 000,000,000 | ---D | C] -- C:\Users\Jassi\AppData\Local\{F825691F-DF37-4C43-9F08-A9434BF02D5F} [2012.12.29 23:05:03 | 000,000,000 | ---D | C] -- C:\Users\Jassi\AppData\Local\{EB07E7CC-08C2-473F-A5CF-03A6016064A7} [2012.12.29 11:04:39 | 000,000,000 | ---D | C] -- C:\Users\Jassi\AppData\Local\{9C2612F3-5EAC-4AB1-AA4B-16086E5DF86A} [2012.12.28 17:49:27 | 000,000,000 | ---D | C] -- C:\Users\Jassi\AppData\Local\{37C921FB-EFF8-47C8-912B-1F1A8C03D396} [2012.12.27 11:30:54 | 000,000,000 | ---D | C] -- C:\Users\Jassi\AppData\Local\{3E2351D5-0B71-445C-A643-8DC79BA82CF1} [2012.12.26 12:19:13 | 000,000,000 | ---D | C] -- C:\Users\Jassi\AppData\Local\{E2FD5D47-DC88-4B10-B441-CB04700EE69C} [2012.12.25 09:42:13 | 000,000,000 | ---D | C] -- C:\Users\Jassi\AppData\Local\{73B844DF-A765-4391-8281-2E335704E59C} [2012.12.24 13:58:16 | 000,000,000 | ---D | C] -- C:\Users\Jassi\AppData\Local\{E8A418DA-D31B-4DC7-B203-6B86976D6742} [2012.12.23 11:42:06 | 000,000,000 | ---D | C] -- C:\Users\Jassi\AppData\Local\{3E9F6A46-8FA0-4EBA-89B5-25232EDD5D2F} [2012.12.22 11:40:22 | 000,000,000 | ---D | C] -- C:\Users\Jassi\AppData\Local\{EA6B6CB1-2D80-4730-8588-3E726C00D48A} [2012.12.22 11:20:41 | 000,293,376 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll [2012.12.22 11:20:41 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll [2012.12.21 18:05:07 | 000,000,000 | ---D | C] -- C:\Users\Jassi\AppData\Local\{35BFD100-C64D-49C7-9B3E-9FCAF9007229} [2012.12.20 12:43:48 | 000,000,000 | ---D | C] -- C:\Users\Jassi\AppData\Local\{48FAEABD-5922-4296-B73A-B45BFC328554} [2012.12.19 18:30:31 | 000,000,000 | ---D | C] -- C:\Users\Jassi\AppData\Local\{789241A1-ACD9-4C48-ABAC-1613957B82AD} [2012.12.18 18:42:10 | 000,000,000 | ---D | C] -- C:\Users\Jassi\AppData\Local\{C5743928-084C-4EB2-B2B9-156210BC2994} [2012.12.18 06:41:43 | 000,000,000 | ---D | C] -- C:\Users\Jassi\AppData\Local\{040A1771-E749-45C2-9E68-DE5EA45DA29C} [2012.12.17 18:43:51 | 000,000,000 | ---D | C] -- C:\Users\Jassi\AppData\Local\{BB159D44-574C-4C7E-BB7E-613641934E01} [2012.12.16 11:17:59 | 000,000,000 | ---D | C] -- C:\Users\Jassi\AppData\Local\{7A6722B2-5E9E-4AA1-A588-DD96B072C67B} [2012.12.15 23:24:34 | 000,000,000 | ---D | C] -- C:\Users\Jassi\AppData\Local\{E34B2814-9BBC-4C51-99EB-FD124AE9E8BA} [2012.12.15 11:23:57 | 000,000,000 | ---D | C] -- C:\Users\Jassi\AppData\Local\{DF2AB196-29EF-44A7-8308-1770CD00C4CA} [2012.12.14 17:42:58 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2012.12.14 17:42:57 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2012.12.14 17:42:56 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2012.12.14 17:42:55 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2012.12.14 17:42:55 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2012.12.14 17:42:53 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2012.12.14 17:42:53 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2012.12.14 17:42:48 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2012.12.14 17:38:34 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Wdfres.dll [2012.12.14 17:38:11 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winusb.dll [2012.12.14 17:38:10 | 000,172,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WUDFPlatform.dll [2012.12.14 17:38:08 | 000,047,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\WdfLdr.sys [2012.12.14 17:38:00 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WUDFCoinstaller.dll [2012.12.14 17:37:56 | 000,613,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WUDFx.dll [2012.12.14 17:35:30 | 000,000,000 | ---D | C] -- C:\Users\Jassi\AppData\Local\{F61C7145-275D-4627-96C8-BBE1046FCD0F} [2012.12.13 19:10:47 | 002,048,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2012.12.13 19:10:43 | 000,376,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dpnet.dll [2012.12.13 19:10:43 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dpnsvr.exe [2012.12.13 19:10:11 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll [2012.12.13 19:09:27 | 000,000,000 | ---D | C] -- C:\Users\Jassi\AppData\Local\{44F8777A-47CF-41F3-8325-B61FAB3D866F} [2012.12.12 20:52:24 | 000,000,000 | ---D | C] -- C:\Users\Jassi\AppData\Local\{339C75D5-EC92-4947-84EB-730AB737A63E} [2012.12.11 17:32:13 | 000,000,000 | ---D | C] -- C:\Users\Jassi\AppData\Local\{EEB7BB48-9DDD-431A-9C4F-4F34D80A15DA} [2012.12.10 17:23:14 | 000,000,000 | ---D | C] -- C:\Users\Jassi\AppData\Local\{BBECD7DA-BB0B-4F7B-A590-F9BB798FBB6A} [2012.12.09 12:14:48 | 000,000,000 | ---D | C] -- C:\Users\Jassi\AppData\Local\{7FC2DB1E-E94C-468C-BDFB-E86CB05C747A} [2012.12.08 11:43:31 | 000,000,000 | ---D | C] -- C:\Users\Jassi\AppData\Local\{C81355EF-C366-4310-919F-CB8316D310D4} [2012.12.07 18:18:24 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox [2012.12.07 17:59:53 | 000,000,000 | ---D | C] -- C:\Users\Jassi\AppData\Local\{34FE5110-C356-4B27-BC71-A6A41BA0C65E} [2012.12.06 18:11:50 | 000,000,000 | ---D | C] -- C:\Users\Jassi\AppData\Local\{92B7C7EB-1823-4A68-99C6-028F2E77FC71} [2012.12.05 17:19:25 | 000,000,000 | ---D | C] -- C:\Users\Jassi\AppData\Local\{36C92F7E-133C-4DD6-9363-DFA18985BF1A} [2012.12.04 18:39:28 | 000,000,000 | ---D | C] -- C:\Users\Jassi\AppData\Local\{01733B56-7B08-4E40-93FC-238B0F1A6F52} [2012.03.04 12:10:18 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\Jassi\AppData\Roaming\pcouffin.sys [2009.12.03 18:37:58 | 000,148,736 | ---- | C] (Avanquest Software) -- C:\ProgramData\hpeBDAB.dll [2009.12.03 12:05:02 | 000,148,736 | ---- | C] (Avanquest Software) -- C:\ProgramData\hpeFD91.dll ========== Files - Modified Within 30 Days ========== [2013.01.03 11:28:13 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2657909668-988653911-2728934829-1000UA.job [2013.01.03 11:26:13 | 000,000,374 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.ics [2013.01.03 11:25:02 | 000,003,616 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2013.01.03 11:25:02 | 000,003,616 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2013.01.03 11:24:52 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.01.03 11:24:47 | 3186,659,328 | -HS- | M] () -- C:\hiberfil.sys [2013.01.03 01:24:02 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.01.03 00:19:21 | 000,628,914 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2013.01.03 00:19:21 | 000,596,168 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2013.01.03 00:19:21 | 000,126,626 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2013.01.03 00:19:21 | 000,104,242 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2013.01.02 21:48:56 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Jassi\Desktop\OTL.exe [2013.01.02 21:41:18 | 000,000,866 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.01.02 21:10:16 | 000,166,400 | ---- | M] () -- C:\Users\Jassi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2013.01.02 20:56:37 | 000,000,039 | ---- | M] () -- C:\Windows\Irremote.ini [2013.01.02 20:28:00 | 000,001,068 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2657909668-988653911-2728934829-1000Core.job [2013.01.02 18:28:30 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt [2012.12.22 11:26:54 | 002,383,736 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012.12.16 14:12:54 | 000,034,304 | ---- | M] (Adobe Systems) -- C:\Windows\System32\atmlib.dll [2012.12.16 11:50:29 | 000,293,376 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll [2012.12.14 16:49:28 | 000,021,104 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012.12.12 19:26:04 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe [2012.12.12 19:26:04 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl ========== Files Created - No Company Name ========== [2013.01.02 21:41:18 | 000,000,866 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.01.02 18:27:08 | 3186,659,328 | -HS- | C] () -- C:\hiberfil.sys [2012.12.22 11:48:57 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk [2012.12.14 17:38:54 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf [2012.12.14 17:38:54 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf [2012.07.03 19:20:50 | 000,238,853 | ---- | C] () -- C:\Windows\hpwins26.dat [2012.03.04 12:10:18 | 000,087,608 | ---- | C] () -- C:\Users\Jassi\AppData\Roaming\inst.exe [2012.03.04 12:10:18 | 000,007,887 | ---- | C] () -- C:\Users\Jassi\AppData\Roaming\pcouffin.cat [2012.03.04 12:10:18 | 000,001,144 | ---- | C] () -- C:\Users\Jassi\AppData\Roaming\pcouffin.inf [2011.07.06 22:42:19 | 000,001,471 | ---- | C] () -- C:\Users\Jassi\.recently-used.xbel [2010.08.30 17:35:01 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2010.06.18 12:31:09 | 000,017,408 | ---- | C] () -- C:\Users\Jassi\AppData\Local\WebpageIcons.db [2010.04.24 00:30:05 | 000,012,590 | -HS- | C] () -- C:\Users\Jassi\AppData\Local\26KuBWr6C [2010.04.24 00:30:05 | 000,012,590 | -HS- | C] () -- C:\ProgramData\26KuBWr6C [2010.04.04 11:34:06 | 000,012,416 | -HS- | C] () -- C:\ProgramData\7VJ5 [2010.04.03 21:17:08 | 000,001,012 | -HS- | C] () -- C:\ProgramData\1717900296 [2010.04.03 20:31:48 | 000,012,416 | -HS- | C] () -- C:\Users\Jassi\AppData\Local\7VJ5 [2010.03.06 21:06:42 | 000,010,288 | -HS- | C] () -- C:\Users\Jassi\AppData\Local\nO4L [2010.01.15 12:34:52 | 000,000,235 | ---- | C] () -- C:\Users\Jassi\AppData\Roaming\devices.xml [2010.01.15 12:34:52 | 000,000,012 | ---- | C] () -- C:\Users\Jassi\AppData\Roaming\settings.xml [2009.12.31 13:48:24 | 000,000,371 | -H-- | C] () -- C:\Users\Jassi\Dokumente - Verknüpfung.lnk [2009.12.17 13:41:29 | 000,000,680 | ---- | C] () -- C:\Users\Jassi\AppData\Local\d3d9caps.dat [2009.12.09 13:55:20 | 000,000,085 | -HS- | C] () -- C:\ProgramData\.zreglib [2009.12.06 19:39:12 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2009.12.01 21:38:58 | 000,166,400 | ---- | C] () -- C:\Users\Jassi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ========== ZeroAccess Check ========== [2006.11.02 13:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 07:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 07:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2010.01.09 19:03:54 | 000,000,000 | ---D | M] -- C:\Users\Jassi\AppData\Roaming\1&1 [2010.04.04 13:23:25 | 000,000,000 | ---D | M] -- C:\Users\Jassi\AppData\Roaming\Canneverbe Limited [2010.10.28 23:19:27 | 000,000,000 | ---D | M] -- C:\Users\Jassi\AppData\Roaming\Charles [2011.07.15 23:06:29 | 000,000,000 | ---D | M] -- C:\Users\Jassi\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant [2010.10.08 15:54:11 | 000,000,000 | ---D | M] -- C:\Users\Jassi\AppData\Roaming\DarkParablesBriarRose_BFG [2010.08.11 21:40:23 | 000,000,000 | ---D | M] -- C:\Users\Jassi\AppData\Roaming\DVDVideoSoftIEHelpers [2010.10.08 21:41:15 | 000,000,000 | ---D | M] -- C:\Users\Jassi\AppData\Roaming\ERS G-Studio [2011.11.13 21:43:43 | 000,000,000 | ---D | M] -- C:\Users\Jassi\AppData\Roaming\Europa [2010.09.22 13:31:06 | 000,000,000 | ---D | M] -- C:\Users\Jassi\AppData\Roaming\FreeFLVConverter [2010.01.31 23:29:15 | 000,000,000 | ---D | M] -- C:\Users\Jassi\AppData\Roaming\GetRightToGo [2010.04.22 11:59:03 | 000,000,000 | ---D | M] -- C:\Users\Jassi\AppData\Roaming\GrabPro [2011.07.06 22:42:19 | 000,000,000 | ---D | M] -- C:\Users\Jassi\AppData\Roaming\gtk-2.0 [2012.08.26 21:44:38 | 000,000,000 | ---D | M] -- C:\Users\Jassi\AppData\Roaming\ICQ [2009.12.01 22:57:46 | 000,000,000 | ---D | M] -- C:\Users\Jassi\AppData\Roaming\IrfanView [2011.07.22 20:56:32 | 000,000,000 | ---D | M] -- C:\Users\Jassi\AppData\Roaming\MAGIX [2009.12.01 23:29:58 | 000,000,000 | ---D | M] -- C:\Users\Jassi\AppData\Roaming\OpenOffice.org [2010.05.03 16:48:04 | 000,000,000 | ---D | M] -- C:\Users\Jassi\AppData\Roaming\Orbit [2010.06.13 00:14:54 | 000,000,000 | ---D | M] -- C:\Users\Jassi\AppData\Roaming\Pegasys Inc [2010.06.12 17:24:16 | 000,000,000 | ---D | M] -- C:\Users\Jassi\AppData\Roaming\SharePod [2011.08.26 13:36:45 | 000,000,000 | ---D | M] -- C:\Users\Jassi\AppData\Roaming\Telefónica [2012.03.04 11:34:17 | 000,000,000 | ---D | M] -- C:\Users\Jassi\AppData\Roaming\Thunderbird [2009.12.01 23:00:34 | 000,000,000 | ---D | M] -- C:\Users\Jassi\AppData\Roaming\TuneUp Software [2012.03.04 12:10:18 | 000,000,000 | ---D | M] -- C:\Users\Jassi\AppData\Roaming\Vso [2012.03.05 22:14:57 | 000,000,000 | ---D | M] -- C:\Users\Jassi\AppData\Roaming\Windows Live Writer ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 98 bytes -> C:\ProgramData\Temp:57B2B96C @Alternate Data Stream - 48 bytes -> C:\Windows:04841817F0C078E9 < End of report > Und hier die Extras.txt: Code:
ATTFilter OTL Extras logfile created on: 03.01.2013 11:33:18 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Jassi\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,97 Gb Total Physical Memory | 1,73 Gb Available Physical Memory | 58,15% Memory free 6,14 Gb Paging File | 4,84 Gb Available in Paging File | 78,77% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 288,22 Gb Total Space | 191,53 Gb Free Space | 66,45% Space Free | Partition Type: NTFS Computer Name: JASSI-PC | User Name: Jassi | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) [HKEY_USERS\S-1-5-21-2657909668-988653911-2728934829-1000\SOFTWARE\Classes\<extension>] .exe [@ = exefile] -- Reg Error: Key error. File not found .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = Reg Error: Unknown registry data type -- File not found "VistaSp2" = Reg Error: Unknown registry data type -- File not found [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{15E3831E-17EB-471F-BF0A-DFEAFC067B37}" = lport=4000 | protocol=6 | dir=out | app=c:\program files\dll-files.com fixer\dllfixer.exe | "{1CDD28E8-CBF6-4176-91D2-E3136F2515D9}" = rport=2869 | protocol=6 | dir=out | app=system | "{1F7010B3-1A0C-4C53-8D0C-F95F72D5E506}" = lport=2869 | protocol=6 | dir=in | app=system | "{3ACC355A-C530-44EB-A192-79D13CBD7941}" = lport=4000 | protocol=6 | dir=out | app=c:\program files\dll-files.com fixer\dllfixer.exe | "{5A3FC31E-345E-4B19-9588-594C43A22F2A}" = lport=4000 | protocol=6 | dir=out | app=c:\program files\dll-files.com fixer\dllfixer.exe | "{628D3DD3-F9B1-4E00-9E99-9F66CD60DF0D}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | "{7859E8BF-735D-43BA-B5EF-DD88788B2C25}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | "{7DD933C8-5E4E-48B7-AD42-2CA032C1D666}" = lport=4000 | protocol=6 | dir=out | app=c:\users\jassi\saved games\downloads\dll-files fixer 2.7.72.2072 mit crack\dll-files fixer 2.7.72.2072 crack\dllfixer.exe | "{7E9726F9-4A0C-49F2-82F3-C4CBB6139E18}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | "{990B80E2-BB6F-476E-A4E2-4146AF47D58B}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | "{99D9F41E-DFA3-44FA-A6D9-2677620DCD8A}" = lport=2869 | protocol=6 | dir=in | app=system | "{9B98D838-922C-4552-A753-128F1DD18DDA}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | "{A0188F5C-E59B-4E79-B6AA-4E65231D2BF1}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{B79019EA-1A00-4194-84A3-E24572367305}" = lport=4000 | protocol=6 | dir=out | app=c:\users\jassi\saved games\downloads\dll-files fixer 2.7.72.2072 mit crack\dll-files fixer 2.7.72.2072 crack\dllfixer.exe | "{BB4077D6-C1AC-4BCD-ADE1-895594995A7E}" = lport=4000 | protocol=6 | dir=out | app=c:\users\jassi\saved games\downloads\dll-files fixer 2.7.72.2072 mit crack\dll-files fixer 2.7.72.2072 crack\dllfixer.exe | "{BB46D0B8-5073-4EEF-B048-B59075EBC2A3}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | "{BC9E8DC1-7427-4567-9BA6-83199B6E1FA7}" = lport=4000 | protocol=6 | dir=out | app=c:\program files\dll-files.com fixer\dllfixer.exe | "{C4830859-8900-405A-9A68-B0A71EA888DA}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{C66B0369-6568-4B06-B434-72101E8FD397}" = lport=4000 | protocol=6 | dir=out | app=c:\users\jassi\saved games\downloads\dll-files fixer 2.7.72.2072 mit crack\dll-files fixer 2.7.72.2072 crack\dllfixer.exe | "{D2541B87-DF54-4125-9ACF-1492BCCF5241}" = lport=4000 | protocol=6 | dir=out | app=c:\program files\dll-files.com fixer\dllfixer.exe | "{E50B87E2-8F8C-46D8-86A6-EDEAA669BA64}" = lport=4000 | protocol=6 | dir=out | app=c:\users\jassi\saved games\downloads\dll-files fixer 2.7.72.2072 mit crack\dll-files fixer 2.7.72.2072 crack\dllfixer.exe | "{EAFBDD10-54F1-45CE-8C37-6B6C4966401A}" = lport=4000 | protocol=6 | dir=out | app=c:\program files\dll-files.com fixer\dllfixer.exe | "{F35CF264-7B1C-40CF-BFE1-11982A41A989}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{069AC864-5FA6-49D7-B43A-6FA8EBC157CE}" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | "{07C38799-5C3A-4F89-BE54-0AF83A4C0509}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{0F91BD81-CC21-4D53-AE3F-C0133C255F63}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpfccopy.exe | "{14785A3A-DDAD-402B-9043-8DFC24FC9839}" = protocol=17 | dir=in | app=c:\program files\icq7.1\aolload.exe | "{16A725C7-F80B-4511-ABB4-37C9D3B90D10}" = protocol=6 | dir=in | app=c:\program files\icq7.1\icq.exe | "{1829D6F2-D717-4D9C-9C90-195961243D49}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe | "{201365FF-54FF-4F6B-BCE2-4DACCD69A5E2}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe | "{2394F39D-513D-4F4E-A87B-EED53C356C20}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | "{2D0364A1-AE83-46C0-A1B3-0465BDC93AB0}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{2FC886A5-D3FB-439D-8637-7B3A6FA4EC9A}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{310F4F49-E0E0-4480-B98B-550868909687}" = protocol=6 | dir=in | app=c:\program files\icq7.1\aolload.exe | "{37D94A5F-4EA5-43CB-9B20-7E8C5D7F3D92}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe | "{49854C57-3CA3-4EED-ACB6-EDAE8A57DFDD}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{4CC78EBA-67D3-4BA2-BEFC-46388BFCBAEB}" = dir=in | app=c:\program files\itunes\itunes.exe | "{52284EEB-498C-4AC1-89E3-B7630B12D146}" = protocol=17 | dir=in | app=c:\program files\icq7.1\icq.exe | "{535BF9E4-0154-482B-8726-0E5843DAFD8A}" = protocol=17 | dir=in | app=c:\program files\icq7.1\aolload.exe | "{565A7B17-EC72-4250-B20B-75430DC56831}" = protocol=6 | dir=in | app=c:\program files\icq7.1\aolload.exe | "{57370CE2-E7E2-40AA-A5DE-9F7627E738FC}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpiscnapp.exe | "{5F50168F-3174-41E7-95F8-59BD17903C6B}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe | "{6723DD5A-FE5B-4564-80AD-42C6497125AA}" = protocol=6 | dir=in | app=c:\program files\icq7.1\icq.exe | "{87B83555-66D7-4EB6-BF08-C30025EEE233}" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | "{88818221-F1DE-41C1-A2C1-497C72744D14}" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | "{8FA127F5-CFB8-4EFD-8242-A44B4FE4C91B}" = dir=in | app=c:\program files\hp\hp software update\hpwucli.exe | "{92FF56D6-1DB7-45C5-B41C-1BBC11992A80}" = dir=in | app=c:\program files\cyberlink\powerdvd10\powerdvd9.exe | "{94E0C6BC-6B71-468C-A428-0897BC6A6C49}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpoews01.exe | "{9FE4936A-A7A4-4D0C-B865-590ADD2225B5}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{A5FDC256-F572-4454-A175-719C165ED08E}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | "{A71F1379-6D4B-4546-9B72-C440E690B8D7}" = dir=in | app=c:\program files\cyberlink\powerdvd10\powerdvd cinema\powerdvdcinema10.exe | "{AEBC80C8-3F3B-4232-843B-91705A44D6F9}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe | "{B686FE0C-63EE-4207-BE94-D524E99483AC}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{C3A52AE0-3446-4ED3-BC9E-0C89A1B1DC78}" = protocol=17 | dir=in | app=c:\program files\icq7.1\icq.exe | "{D298BDCF-42EA-4107-84D6-F7E78CEF167A}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 | "{D660D91D-C052-48F8-AF2E-007713BE8B81}" = protocol=6 | dir=in | app=c:\program files\icq7.1\aolload.exe | "{D8A93257-54EC-4110-808B-E531621DA8CF}" = protocol=17 | dir=in | app=c:\program files\icq7.1\icq.exe | "{D9EAD249-B395-4998-8892-6A99DB75C3C1}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | "{DAC4DA74-B1E5-4588-9099-55E971302610}" = protocol=17 | dir=in | app=c:\program files\icq7.1\aolload.exe | "{F95827E7-4B98-426B-A448-62F37A37DF37}" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | "{FB1858E8-D53B-4123-9914-220F679A7016}" = protocol=6 | dir=in | app=c:\program files\icq7.1\icq.exe | "TCP Query User{02743AF0-0F3D-4231-9CA8-C2350EB85AB7}C:\program files\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\sopcast.exe | "TCP Query User{13DC0083-D561-4E02-969B-2F080B4CC61B}C:\program files\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe | "TCP Query User{22DC4133-385B-4CB1-896B-2ECAE83C96DB}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | "TCP Query User{8E63987B-4CC2-4B3D-AAB6-CC81C236CEF2}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe | "TCP Query User{A13A0EE9-A1DF-40E8-B4AD-E8A6DE0B0B55}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | "TCP Query User{B0DA95C9-A028-499E-83F5-F79ADD097EC1}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | "UDP Query User{222BE7DF-0BC7-4DFB-A1A2-D13A0B3BAA09}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | "UDP Query User{2347850A-8104-4A17-AE97-602DD182CBEC}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | "UDP Query User{4135CEB2-136A-434C-845B-430869E9A1E4}C:\program files\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe | "UDP Query User{785A450A-48C5-415C-98FA-AB13CC4259DD}C:\program files\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\sopcast.exe | "UDP Query User{D0A185D8-0C0C-4FF5-84A3-3FE478E365BB}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe | "UDP Query User{F4A656AF-2BFF-4239-A8E8-CB8527DE68A9}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{018F8F57-B46B-B9B9-C452-DE8F5618434F}" = Catalyst Control Center Graphics Full Existing "{01FDC9FC-4D4F-4DB0-ACD1-D3E8E1D52902}" = Sony Video Shared Library "{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu "{068F037B-2723-48E3-85F1-4D7D93A29D2A}" = VAIO Content Metadata Intelligent Analyzing Manager "{07C93E59-2DE3-1565-28A9-8C848B26D0F5}" = CCC Help German "{0A6F9244-8C79-1296-3A43-097F67EB666A}" = Catalyst Control Center Localization Dutch "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer "{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan "{14291118-0C19-45EA-A4FA-5C1C0F5FDE09}" = Primo "{15D5C238-4C2E-4AEA-A66D-D6989A4C586B}" = VAIO Launcher "{1790FDA2-938F-C886-8988-1ECB74E45517}" = Catalyst Control Center Localization Norwegian "{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger "{1C815731-19F3-0770-8776-D78D6BEBC291}" = Catalyst Control Center Localization Hungarian "{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources "{1EC06E70-BE43-DAAA-A217-E5C98869B1F8}" = Catalyst Control Center Localization Greek "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions "{2018C019-30D9-4240-8C01-0865C10DCF5A}" = Unterstützung für VAIO-Präsentation "{23825B69-36DF-4DAD-9CFD-118D11D80F16}" = VAIO Content Folder Setting "{252E50FD-F27C-C8DD-C9E2-D2845A2DC399}" = ATI Catalyst Install Manager "{25BA8D5A-228A-7192-6FA1-890D9F1C679F}" = CCC Help Korean "{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java(TM) 6 Update 24 "{28379381-B56A-43e1-B505-3098D82B1C30}" = 4500G510gm_Software_Min "{2878C3C9-9D91-430F-8F50-885BB23DB001}" = VAIO Content Folder Watcher "{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component "{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm "{3127F76D-5335-4AC7-BD1E-2F5247A23C24}" = iTunes "{327B75F0-92AF-420A-988F-FA596A218E0B}" = VAIO Content Folder Watcher "{33cf58f5-48d8-4575-83d6-96f574e4d83a}" = Nero DriveSpeed "{359cfc0a-beb1-440d-95ba-cf63a86da34f}" = Nero Recode "{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack "{3B311FB9-5B6A-328C-D7AE-2445D639D886}" = CCC Help Norwegian "{3B659FAD-E772-44A3-B7E7-560FF084669F}" = VAIO Smart Network "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{3D333C7C-102B-F474-9524-72AAA3F292B8}" = Catalyst Control Center Localization Danish "{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg "{43D16DA8-BF42-3C62-89D3-3AD47829DC2E}" = Google Talk Plugin "{43e39830-1826-415d-8bae-86845787b54b}" = Nero Vision "{4529BC6B-16AE-6829-4946-36C33DBF8DD1}" = Catalyst Control Center Localization French "{46D7A7FB-305B-F77D-60F8-8FAE1C432374}" = Catalyst Control Center InstallProxy "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{527EB2A4-BF51-B1B6-3F09-2032A861548E}" = Catalyst Control Center Graphics Light "{55C0F7C1-8B6D-CBBD-2B88-EE7261A87254}" = CCC Help Greek "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml "{57B955CE-B5D3-495D-AF1B-FAEE0540BFEF}" = VAIO Data Restore Tool "{595a3116-40bb-4e0f-a2e8-d7951da56270}" = NeroExpress "{596BED91-A1D8-4DF1-8CD1-1C777F7588AC}" = VAIO DVD Menu Data Basic "{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI "{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053 "{5F5867F0-2D23-4338-A206-01A76C823924}" = VAIO Energie Verwaltung "{629FD96D-5877-0832-2D31-0EFE781F870D}" = CCC Help Portuguese "{62ac81f6-bdd3-4110-9d36-3e9eaab40999}" = Nero CoverDesigner "{64DBE9FE-A07D-41A0-B81A-8D416D9647FF}" = VAIO Content Folder Watcher "{652C5DED-9B9F-93D0-5E94-931B8C38EF0E}" = Catalyst Control Center Localization Thai "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE "{69C8B1E3-2665-4A0F-B049-67746E5C4CE3}" = Software Info for Me&My VAIO "{6A54CB6A-59D1-6A3A-08F3-E34ECF8905A9}" = Catalyst Control Center Graphics Previews Vista "{6AA6EEA5-BF09-932B-AC25-0E9CCA4B709A}" = CCC Help Danish "{6B1F20F2-6321-4669-A58C-33DF8E7517FF}" = VAIO Entertainment Platform "{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox "{6C4EF0CA-A9DD-96CF-B722-CCDEB589DD26}" = Catalyst Control Center Localization Chinese Traditional "{6EB6A82E-4918-481F-9AF8-3129E6D29B7E}" = Sony Home Network Library "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{711D43D7-24FE-A2B7-CC52-A48BCAAF3926}" = Catalyst Control Center Graphics Previews Common "{71BFC818-0CED-42D6-9C87-5142918957EE}" = ICQ7.1 "{72042FA6-5609-489F-A8EA-3C2DD650F667}" = VAIO Control Center "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{73496381-83C9-7BE6-6EB6-4CF97C00E5FD}" = CCC Help Polish "{76D7CCD6-8369-405C-B494-5F34FAE67249}" = Me&My VAIO "{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{7748ac8c-18e3-43bb-959b-088faea16fb2}" = Nero StartSmart "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour "{79BBD55C-9FF6-D496-8AE6-E2EC2829F974}" = Catalyst Control Center Localization Czech "{7BB90344-0647-468E-925A-7F69F7983421}" = ArcSoft Magic-i Visual Effects 2 "{7CC28423-465C-F4B9-9379-343DF715BE62}" = CCC Help Swedish "{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP "{80828DF5-270E-F8E6-6274-55ACA4C7E229}" = Catalyst Control Center Localization Japanese "{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform "{83CDA18E-0BF3-4ACA-872C-B4CDABF2360E}" = VAIO Update 4 "{84037798-D63A-F5CA-9FB2-829B362BF712}" = CCC Help Finnish "{8470A1D9-536E-C7C1-AE2D-24B739B1665A}" = Catalyst Control Center Localization Russian "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 "{882683C6-8B60-5CBC-38A8-55ED185FD975}" = CCC Help Turkish "{8843C5E1-51E5-DFA6-1AD8-757C8DCA7E37}" = CCC Help Russian "{88C596E4-6882-8E76-EBEF-AB739F5A3B69}" = Catalyst Control Center Localization Italian "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8C467DE1-6E04-0888-B281-172909C96F37}" = Skins "{8C7FB08D-7A84-22E0-F553-F6B827023E17}" = CCC Help Chinese Traditional "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{8DE50158-80AA-4FF2-9E9F-0A7C46F71FCD}" = VAIO Media plus "{92127AF5-FDD8-4ADF-BC40-C356C9EE0B7D}" = 32 Bit HP CIO Components Installer "{9238E8A4-BEBA-43A3-B926-769BDBF194C5}" = VAIO Media plus Opening Movie "{93F32124-BB54-C599-CF55-E1E57565BCE3}" = CCC Help Czech "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{96C951BB-47C8-8497-78F0-7D8D328B58E3}" = Catalyst Control Center Localization Portuguese "{96D0B6C6-5A72-4B47-8583-A87E55F5FE81}" = "{9973498D-EA29-4A68-BE0B-C88D6E03E928}" = ArcSoft WebCam Companion 2 "{99D8CD4E-A5D2-A9DF-A152-B28EB5A71F85}" = Catalyst Control Center Localization German "{99E862CC-6F69-4D39-99AA-DBF71BF3B585}" = OpenOffice.org 3.1 "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail "{9e82b934-9a25-445b-b8df-8012808074ac}" = Nero PhotoSnap "{9EAC0E21-510E-4259-A9C6-F5D5B8969036}" = Catalyst Control Center - Branding "{a209525b-3377-43f4-b886-32f6b6e7356f}" = Nero WaveEditor "{A63E7492-A0BC-4BB9-89A7-352965222380}" = VAIO Original Function Setting "{A7DA438C-2E43-4C20-BFDA-C1F4A6208558}" = Setting Utility Series "{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress "{A939F952-1C7E-CBF8-EE77-CFBD9C6A4ECC}" = ccc-core-static "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common "{A9D3D707-4A1A-4227-BE6E-F16448B4CB63}" = VAIO Entertainment Platform "{AA75988E-9EC1-EECE-CE00-D5D935974528}" = CCC Help Dutch "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer "{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch "{ACB5FD4A-6C58-972C-180C-9677C037E71D}" = Catalyst Control Center Localization Chinese Standard "{ADBDB038-FF77-C672-04A1-7A0E67E8C73C}" = Catalyst Control Center Core Implementation "{ADECE95F-585D-8B33-BF50-53C2BDA1E241}" = Catalyst Control Center Localization Korean "{AE0FBCB5-3193-4583-C6CB-AA96F307EA70}" = ccc-utility "{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter "{AFF10119-F154-4888-77F3-B149DE987976}" = Catalyst Control Center Localization Polish "{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}" = HP Update "{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail "{B2455727-ED8F-4643-8A6E-F4AB8DE3633D}" = Network "{b2ec4a38-b545-4a00-8214-13fe0e915e6d}" = Advertising Center "{B376402D-58EA-45EA-BD50-DD924EB67A70}" = HP Speicher-Disc "{BE0D4271-69C9-4f28-AD9B-BB33D126A30E}" = 4500G510gm "{BFD85D24-D4F3-4CCC-B518-D7C4FC29C76D}" = VAIO Content Metadata Intelligent Analyzing Manager "{C1555BC5-88B1-466B-BC79-062B5715DF92}" = VAIO Content Metadata XML Interface Library "{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common "{c5a7cb6c-e76d-408f-ba0e-85605420fe9d}" = SoundTrax "{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant "{C62AEA0E-90B0-4049-9780-8499A18A34D7}" = VAIO Content Metadata Manager Setting "{C7477742-DDB4-43E5-AC8D-0259E1E661B1}" = VAIO Event Service "{C767EE67-9AA4-1CBF-8FD4-87F52CBB041D}" = CCC Help Italian "{C8E57F8C-64FE-28D7-0F65-7BE87AF49745}" = Catalyst Control Center Graphics Full New "{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime "{CAE07D54-A400-DAF9-912B-306DD941B61C}" = Catalyst Control Center Localization Finnish "{CB6CF566-E06F-2556-55EF-EE149FC6EE7F}" = CCC Help French "{CD7E6232-D41D-4E5B-ABE1-0264B6260309}" = VAIO Content Metadata Intelligent Analyzing Manager "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform "{d025a639-b9c9-417d-8531-208859000af8}" = NeroBurningROM "{D03D02D8-AB64-4785-A48E-5AA8B0FB8C14}" = Sony Home Network Library "{D355ECA7-DBF5-F22E-4E1A-BF69CFC5CED8}" = CCC Help Japanese "{D44DF260-2D5A-3277-97D6-C97D1A806CF5}" = CCC Help Thai "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform "{D5068583-D569-468B-9755-5FBF5848F46F}" = Sony Picture Utility "{D7019E24-BF07-3690-18C7-3D0DE87D09AB}" = CCC Help Chinese Standard "{D7FFE7EB-1A15-864C-B335-E768BF623B84}" = Catalyst Control Center Localization Swedish "{d9dcf92e-72eb-412d-ac71-3b01276e5f8b}" = Nero ShowTime "{DA7DF8E2-4B8F-4286-97FE-DE3FFFE9B728}" = iCloud "{DABF43D9-1104-4764-927B-5BED1274A3B0}" = Runtime "{DDDFCC77-7F9C-45E9-B38E-721BA599BA0C}" = HP Deskjet 1000 J110 series Hilfe "{DE1F799A-0A02-FF3B-8786-195E91D0DE94}" = CCC Help Spanish "{DEF97A70-C67D-41E1-837C-6462C97A6F65}" = OpenMG Secure Module 5.3.00 "{DF0B357C-5874-47D0-81E7-79AA890B0CE0}" = 4500_G510gm_Help "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E31010F6-DE18-0E9F-E028-FC709306C6F1}" = Catalyst Control Center Localization Turkish "{E3453B1B-C91B-4C48-B046-8DF635DD46F2}" = VAIO Content Metadata XML Interface Library "{E5083D57-D93F-404C-A91F-1C50D67C2BEB}" = HP Officejet 4500 G510g-m "{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant "{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger "{E5BD6683-301D-B224-FB7C-320299CD51F9}" = CCC Help Hungarian "{e8a80433-302b-4ff1-815d-fcc8eac482ff}" = Nero Installer "{E9730C7A-E5DA-8222-45FE-2D71E810BE46}" = Catalyst Control Center Localization Spanish "{EA39F1F5-D4A1-C02A-0865-7F6A95A33A56}" = CCC Help English "{EADE97A7-E7AA-43FD-A042-92A68E0187A6}" = VAIO Content Metadata Manager Setting "{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10 "{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}" = Sony Ericsson PC Companion 2.01.217 "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials "{fbcdfd61-7dcf-4e71-9226-873ba0053139}" = Nero InfoTool "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Audacity_is1" = Audacity 1.2.6 "avast" = avast! Free Antivirus "AVMWLANCLI" = AVM FRITZ!WLAN "CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_104D0200" = HDAUDIO SoftV92 Data Fax Modem with SmartCP "DivX Setup.divx.com" = DivX-Setup "dt icon module" = "FormatFactory" = FormatFactory 2.60 "Google Desktop" = Google Desktop "InstallShield_{DEF97A70-C67D-41E1-837C-6462C97A6F65}" = OpenMG Secure Module 5.3.00 "IrfanView" = IrfanView (remove only) "IsoBuster_is1" = IsoBuster 2.6 "JDownloader" = JDownloader "LameACM" = Lame ACM MP3 Codec "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100 "MarketingTools" = VAIO Marketing Tools "MFU Module" = "Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "Mozilla Firefox 17.0.1 (x86 de)" = Mozilla Firefox 17.0.1 (x86 de) "MozillaMaintenanceService" = Mozilla Maintenance Service "NosTale(DE)_is1" = Nostale(DE) "SubtitleWorkshop" = Subtitle Workshop 2.51 "SynTPDeinstKey" = Synaptics Pointing Device Driver "VAIO Help and Support" = "VLC media player" = VLC media player 2.0.3 "VobSub" = VobSub v2.23 (Remove Only) "WinLiveSuite" = Windows Live Essentials "WinRAR archiver" = WinRAR "Xvid_is1" = Xvid 1.2.2 final uninstall "Yahoo! Messenger" = Yahoo! Messenger "Yahoo! Software Update" = Yahoo! Software Update ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-2657909668-988653911-2728934829-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Google Chrome" = Google Chrome "Yahoo! BrowserPlus" = Yahoo! BrowserPlus 2.9.8 ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 02.01.2013 16:38:40 | Computer Name = Jassi-PC | Source = VzCdbSvc | ID = 7 Description = Das Plug-In-Modul konnte nicht geladen werden. (GUID = {56F9312C-C989-4E04-8C23-299DEE3A36F5}) (Fehlercode = 0x80042019) Error - 02.01.2013 16:39:16 | Computer Name = Jassi-PC | Source = WinMgmt | ID = 10 Description = Error - 02.01.2013 16:39:52 | Computer Name = Jassi-PC | Source = Perflib | ID = 1008 Description = Error - 02.01.2013 18:34:24 | Computer Name = Jassi-PC | Source = VzCdbSvc | ID = 7 Description = Das Plug-In-Modul konnte nicht geladen werden. (GUID = {56F9312C-C989-4E04-8C23-299DEE3A36F5}) (Fehlercode = 0x80042019) Error - 02.01.2013 18:35:00 | Computer Name = Jassi-PC | Source = WinMgmt | ID = 10 Description = Error - 02.01.2013 18:48:20 | Computer Name = Jassi-PC | Source = Application Hang | ID = 1002 Description = Programm OTL.exe, Version 3.2.69.0 arbeitet nicht mehr mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem zu suchen. Prozess-ID: 1568 Anfangszeit: 01cde939bf485adf Zeitpunkt der Beendigung: 0 Error - 02.01.2013 20:26:54 | Computer Name = Jassi-PC | Source = VzCdbSvc | ID = 7 Description = Das Plug-In-Modul konnte nicht geladen werden. (GUID = {56F9312C-C989-4E04-8C23-299DEE3A36F5}) (Fehlercode = 0x80042019) Error - 02.01.2013 20:27:01 | Computer Name = Jassi-PC | Source = WinMgmt | ID = 10 Description = Error - 03.01.2013 06:26:12 | Computer Name = Jassi-PC | Source = VzCdbSvc | ID = 7 Description = Das Plug-In-Modul konnte nicht geladen werden. (GUID = {56F9312C-C989-4E04-8C23-299DEE3A36F5}) (Fehlercode = 0x80042019) Error - 03.01.2013 06:26:25 | Computer Name = Jassi-PC | Source = WinMgmt | ID = 10 Description = [ System Events ] Error - 02.01.2013 16:41:55 | Computer Name = Jassi-PC | Source = ipnathlp | ID = 31004 Description = 0 Bytes Speicher konnten durch den DNS-Proxy-Agenten nicht zugeordnet werden. Möglicherweise ist nicht genügend Speicher vorhanden oder ein interner Fehler ist im Speicher-Manager aufgetreten. Error - 02.01.2013 16:41:55 | Computer Name = Jassi-PC | Source = ipnathlp | ID = 31004 Description = 0 Bytes Speicher konnten durch den DNS-Proxy-Agenten nicht zugeordnet werden. Möglicherweise ist nicht genügend Speicher vorhanden oder ein interner Fehler ist im Speicher-Manager aufgetreten. Error - 02.01.2013 16:42:04 | Computer Name = Jassi-PC | Source = ipnathlp | ID = 31004 Description = 0 Bytes Speicher konnten durch den DNS-Proxy-Agenten nicht zugeordnet werden. Möglicherweise ist nicht genügend Speicher vorhanden oder ein interner Fehler ist im Speicher-Manager aufgetreten. Error - 02.01.2013 18:33:09 | Computer Name = Jassi-PC | Source = volmgr | ID = 262189 Description = Das System konnte den Treiber für das Speicherabbild nicht laden. Error - 02.01.2013 18:35:00 | Computer Name = Jassi-PC | Source = Service Control Manager | ID = 7000 Description = Error - 02.01.2013 20:25:14 | Computer Name = Jassi-PC | Source = volmgr | ID = 262189 Description = Das System konnte den Treiber für das Speicherabbild nicht laden. Error - 02.01.2013 20:27:02 | Computer Name = Jassi-PC | Source = Service Control Manager | ID = 7000 Description = Error - 03.01.2013 06:24:36 | Computer Name = Jassi-PC | Source = volmgr | ID = 262189 Description = Das System konnte den Treiber für das Speicherabbild nicht laden. Error - 03.01.2013 06:26:25 | Computer Name = Jassi-PC | Source = Service Control Manager | ID = 7000 Description = Error - 03.01.2013 06:28:40 | Computer Name = Jassi-PC | Source = ipnathlp | ID = 31004 Description = 0 Bytes Speicher konnten durch den DNS-Proxy-Agenten nicht zugeordnet werden. Möglicherweise ist nicht genügend Speicher vorhanden oder ein interner Fehler ist im Speicher-Manager aufgetreten. < End of report > |
03.01.2013, 12:21 | #2 | |
/// Malwareteam | Auch mich aht der GVU Trojaner erwischtZitat:
Alleine der Besuch auf Seiten, welche diese Dateien zum Download anbieten, beinhaltet ein hohes Risiko sich zu infizieren. Wenn Du den Crack startest, startest du eine ausführbare Datei aus einer sehr dubiosen Quelle. Im Quellcode der Datei kann alles mögliche stehen. ( z.B downloaden und ausführen von Malwaredateien ) Dies ist einer der Hauptursachen für Infektionen. Ausserdem sind Cracks, Keygens, usw. illegal und das ist genauso Diebstahl wie in einem Laden. Darum haben wir uns darauf geeinigt: Falls wir Hinweise auf illegal erworbene Software finden, werden wir den Support ohne jegliche Diskussion beenden. Deshalb beschränkt sich unsere Hilfe für dich auf eine Anleitung zur Neuinstallation und Absicherung des Systems
__________________ |
03.01.2013, 12:28 | #3 |
| Auch mich aht der GVU Trojaner erwischt Ich nutze das Programm gar nicht?
__________________Aber gut zu wissen, mein Freund hat den Lappi mit mir zusammen benutzt bevor er ihn mir gegeben hat. Ich werde das Zeug natürlich gleich runterlöschen!!! Aber ich weiß nicht wie ich das weg bekomme. Wie ihr sicherlich schon gemerkt habt, bin ich nicht só der Profi in solchen Dingen.. Hab grade mal nachgeschaut, das einzige was ich von Adobe auf dem Laptop habe ist der Reader, soll ich den löschen? Geändert von JJ300710 (03.01.2013 um 12:35 Uhr) |
Themen zu Auch mich aht der GVU Trojaner erwischt |
32 bit, adblock, audacity, bho, bonjour, cdburnerxp, desktop, dringend, error, festplatte, firefox, flash player, google, home, iexplore.exe, install.exe, internet, intranet, jdownloader, logfile, mp3, officejet, plug-in, programm, realtek, registry, scan, security, software, stick, svchost.exe, trojaner, vista |