|
Plagegeister aller Art und deren Bekämpfung: GVU-Trojaner erkannt und z. T. gelöschtWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
11.01.2013, 00:04 | #16 |
/// Winkelfunktion /// TB-Süch-Tiger™ | GVU-Trojaner erkannt und z. T. gelöscht adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen
Danach eine Kontrolle mit OTL bitte:
__________________ Logfiles bitte immer in CODE-Tags posten |
11.01.2013, 01:06 | #17 |
| GVU-Trojaner erkannt und z. T. gelöscht Hallo Cosinus,
__________________zunächst habe ich -alle offenen Programme und Browser geschlossen um dann -die adwcleaner.exe mit einem Doppelklick zu starten. -Anschließend habe ich den "Löschen"-Knopf betätigt und die folgenden Fragen mit "OK" beantwortet. -Der Rechner wurde neu gestartet und es öffnete sich eine Textdatei, deren Inhalt ich nun poste (anbei). Danach die Kontrolle mit OTL -Doppelklick auf die OTL.exe und mittig den Haken bei scanne alle Benutzer setzen. -Minimalen Output und Use SafeList wählen. -Auf Run Scan links oben klicken. -Wenn der Scan beendet ist, sind die beiden Logfiles, die erstellt wurden in CODE-Tags in den Thread zu posten. (Anbei) Vielen Dank für Hilfen, Hinweise und Vorgehensweisen. wolfk Code:
ATTFilter # AdwCleaner v2.105 - Datei am 11/01/2013 um 00:14:37 erstellt # Aktualisiert am 08/01/2013 von Xplode # Betriebssystem : Microsoft Windows XP Service Pack 3 (32 bits) # Benutzer : Wolfgang - LAPTOP-PC # Bootmodus : Normal # Ausgeführt unter : C:\Dokumente und Einstellungen\Wolfgang\Desktop\adwcleaner.exe # Option [Löschen] **** [Dienste] **** ***** [Dateien / Ordner] ***** Datei Gelöscht : C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job Ordner Gelöscht : C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\boost_interprocess Ordner Gelöscht : C:\Programme\Ask.com Ordner Gelöscht : C:\WINDOWS\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE} ***** [Registrierungsdatenbank] ***** Schlüssel Gelöscht : HKCU\Software\APN Schlüssel Gelöscht : HKCU\Software\Ask.com Schlüssel Gelöscht : HKCU\Software\AskToolbar Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0} Schlüssel Gelöscht : HKLM\Software\APN Schlüssel Gelöscht : HKLM\Software\AskToolbar Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC} Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E} Schlüssel Gelöscht : HKLM\Software\Description Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE} Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0CFE535C35F99574E8340BFA75BF92C2 Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\120DFADEB50841F408F04D2A278F9509 Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6 Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\261F213D1F55267499B1F87D0CC3BCF7 Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852 Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0 Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96 Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8 Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01 Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59 Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472 Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296 Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888 Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE} Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{00000000-6E41-4FD3-8538-502F5495E5FC}] Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater] ***** [Internet Browser] ***** -\\ Internet Explorer v8.0.6001.18702 Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://de.ask.com/?l=dis&o=100000013&gct=hp --> hxxp://www.google.com ************************* AdwCleaner[R1].txt - [6833 octets] - [04/01/2013 17:52:17] AdwCleaner[R2].txt - [6172 octets] - [10/01/2013 21:49:37] AdwCleaner[S2].txt - [6141 octets] - [11/01/2013 00:14:37] ########## EOF - C:\AdwCleaner[S2].txt - [6201 octets] ########## Code:
ATTFilter OTL logfile created on: 11.01.2013 00:41:23 - Run 4 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Dokumente und Einstellungen\Wolfgang\Desktop Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,14 Gb Available Physical Memory | 56,91% Memory free 3,85 Gb Paging File | 2,99 Gb Available in Paging File | 77,63% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 48,83 Gb Total Space | 25,70 Gb Free Space | 52,63% Space Free | Partition Type: NTFS Drive D: | 140,58 Gb Total Space | 125,16 Gb Free Space | 89,03% Space Free | Partition Type: FAT32 Drive F: | 48,83 Gb Total Space | 35,30 Gb Free Space | 72,30% Space Free | Partition Type: NTFS Drive G: | 75,89 Gb Total Space | 68,84 Gb Free Space | 90,71% Space Free | Partition Type: NTFS Drive J: | 50,27 Gb Total Space | 50,27 Gb Free Space | 100,00% Space Free | Partition Type: FAT32 Drive N: | 465,73 Gb Total Space | 115,08 Gb Free Space | 24,71% Space Free | Partition Type: NTFS Computer Name: LAPTOP-PC | User Name: Wolfgang | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - G:\Programme\mozilla firefox\firefox.exe (Mozilla Corporation) PRC - G:\Eigene Programme\F-Secure\Anti-Virus\fsav32.exe (F-Secure Corporation) PRC - G:\Eigene Programme\F-Secure\Anti-Virus\fssm32.exe (F-Secure Corporation) PRC - G:\Eigene Programme\F-Secure\Anti-Virus\fsgk32.exe (F-Secure Corporation) PRC - C:\Dokumente und Einstellungen\Wolfgang\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\Box Sync\BoxSyncHelper.exe (Box, Inc.) PRC - C:\Programme\Box Sync\BoxSync.exe (Box, Inc.) PRC - C:\Programme\ubuntuone\dist\ubuntu-sso-login.exe () PRC - C:\Programme\ubuntuone\dist\ubuntuone-syncdaemon.exe () PRC - C:\Programme\ubuntuone\dist\ubuntuone-proxy-tunnel.exe () PRC - C:\Programme\ubuntuone\dist\ubuntuone-control-panel-qt.exe () PRC - C:\Programme\Twonky\TwonkyServer\twonkyproxy.exe () PRC - C:\Programme\Twonky\TwonkyServer\twonkywebdav.exe () PRC - C:\Programme\Twonky\TwonkyServer\twonkytray.exe (PacketVideo) PRC - C:\Programme\Java\jre7\bin\jqs.exe (Oracle Corporation) PRC - G:\Programme\PDF24\pdf24.exe (Geek Software GmbH) PRC - G:\Programme\Notepad++\notepad++.exe (Don HO don.h@free.fr) PRC - C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) PRC - G:\Eigene Programme\F-Secure\ORSP Client\fsorsp.exe (F-Secure Corporation) PRC - G:\hardcopy\hardcopy.exe (sw4you, Siegfried Weckmann) PRC - C:\Programme\Sony\VAIO Update 5\VAIOUpdt.exe (Sony Corporation) PRC - C:\Programme\Sony\VAIO Update Common\VUAgent.exe (Sony Corporation) PRC - G:\Programme\STRATO AG\STRATO HiDrive\STRATO HiDrive Service.exe (STRATO) PRC - C:\Programme\Software Informer\softinfo.exe (Informer Technologies, Inc.) PRC - C:\Programme\Nero\Update\NASvc.exe (Nero AG) PRC - G:\Eigene Programme\F-Secure\Common\FSM32.EXE (F-Secure Corporation) PRC - G:\Eigene Programme\F-Secure\Common\FSMA32.EXE (F-Secure Corporation) PRC - G:\Eigene Programme\F-Secure\Common\FSHDLL32.EXE (F-Secure Corporation) PRC - G:\Eigene Programme\F-Secure\FWES\program\fsdfwd.exe (F-Secure Corporation) PRC - G:\Eigene Programme\F-Secure\Anti-Virus\fsgk32st.exe (F-Secure Corporation) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Gemeinsame Dateien\Ulead Systems\AutoDetector\Monitor.exe (Ulead Systems, Inc.) PRC - C:\Programme\Sony\VAIO Camera Utility\VCUServe.exe (Sony Corporation) PRC - C:\Programme\Sony\VAIO Power Management\SPMgr.exe (Sony Corporation) PRC - C:\Programme\Sony\Wireless Switch Setting Utility\Switcher.exe (Sony Corporation) PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.) PRC - C:\Programme\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe () PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe (TOSHIBA CORPORATION.) PRC - C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe (Sony Corporation) PRC - C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe (Sony Corporation) PRC - C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe (Sony Corporation) PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe (TOSHIBA CORPORATION.) PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe (TOSHIBA CORPORATION.) PRC - C:\Programme\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation) PRC - C:\Programme\Adobe\Acrobat 7.0\Distillr\acrotray.exe (Adobe Systems Inc.) PRC - C:\Programme\Apoint\Apoint.exe (Alps Electric Co., Ltd.) PRC - C:\Programme\Apoint\ApntEx.exe (Alps Electric Co., Ltd.) PRC - C:\Programme\Sony\ISB Utility\ISBMgr.exe (Sony Corporation) PRC - C:\WINDOWS\system32\ico.exe (Primax Electronics Ltd.) ========== Modules (No Company Name) ========== MOD - G:\Programme\mozilla firefox\mozjs.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\BoxSyncHelper\69a33ca4d86dd204a06bebc087d60b26\BoxSyncHelper.ni.exe () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Newtonsoft.Json.Net#\ad7f1ab6eb4d4760d6a44da93a726174\Newtonsoft.Json.Net20.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Python.Runtime\e504461905e60c71e7b15698bca2b340\Python.Runtime.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Management\1a6f9e23985e3159e6dd9827fd81c2fd\System.Management.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\ZetaLongPaths\79a6c14accd5a637a81f08525630c90e\ZetaLongPaths.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\BoxUtils\8fcb0e3bc42873044d8bb5ba01a4fd68\BoxUtils.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\BoxSync\a3b01b2b9821350be75712b900bf5589\BoxSync.ni.exe () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\5f287bf8e66e3b9bfc5562ad7e3c7857\System.Configuration.Install.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\d8e6b9c70a9456677c5d746fa603013f\System.Web.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\d7a2248a76f0e94d56c92c5bf96f5175\System.Runtime.Remoting.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Transactions\ad737988d5bde126a3b7770eacc51e5b\System.Transactions.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data\8462c03b4f10c4624feb95790d6d1e30\System.Data.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Accessibility\cbee94ec6a0fe649e3b4643cea6e1259\Accessibility.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\4c91371e83d124ecb39664613e7e0417\System.Windows.Forms.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\7782f356a838c403b4a8e9c80df5a577\System.Drawing.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Security\203f25ba39b45027d2d0c8f849a471db\System.Security.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\d8f621506aee1c8eb8fdb948d4640dca\System.Data.SqlXml.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\fe025743210c22bea2f009e1612c38bf\System.Xml.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\96b7a0136e9e72e8f4eb0230c20766d2\System.Configuration.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\aeac298c43c77d8860db8e7634d9f2eb\System.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\eab2340ead8e1a84bdf1a87868659979\mscorlib.ni.dll () MOD - C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll () MOD - C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll () MOD - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.DEU () MOD - C:\Programme\ubuntuone\dist\ubuntu-sso-login.exe () MOD - C:\Programme\ubuntuone\dist\ubuntuone-syncdaemon.exe () MOD - C:\Programme\ubuntuone\dist\ubuntuone-proxy-tunnel.exe () MOD - C:\Programme\ubuntuone\dist\ubuntuone-control-panel-qt.exe () MOD - C:\Programme\Twonky\TwonkyServer\twonkyproxy.exe () MOD - C:\Programme\Twonky\TwonkyServer\twonkywebdav.exe () MOD - C:\Programme\ubuntuone\dist\zope.interface._zope_interface_coptimizations.pyd () MOD - C:\Programme\ubuntuone\dist\OpenSSL.crypto.pyd () MOD - C:\Programme\ubuntuone\dist\OpenSSL.SSL.pyd () MOD - C:\Programme\ubuntuone\dist\OpenSSL.rand.pyd () MOD - C:\Programme\ubuntuone\dist\Crypto.Cipher.AES.pyd () MOD - C:\Programme\ubuntuone\dist\twisted.python._initgroups.pyd () MOD - C:\Programme\Box Sync\_ssl.pyd () MOD - C:\Programme\Box Sync\unicodedata.pyd () MOD - C:\Programme\Box Sync\sqlite3.dll () MOD - C:\Programme\Box Sync\_hashlib.pyd () MOD - C:\Programme\Box Sync\pyexpat.pyd () MOD - C:\Programme\Box Sync\win32file.pyd () MOD - C:\Programme\Box Sync\pywintypes27.dll () MOD - C:\Programme\Box Sync\win32security.pyd () MOD - C:\Programme\Box Sync\win32api.pyd () MOD - C:\Programme\Box Sync\_elementtree.pyd () MOD - C:\Programme\Box Sync\_ctypes.pyd () MOD - C:\Programme\Box Sync\_sqlite3.pyd () MOD - C:\Programme\Box Sync\_socket.pyd () MOD - C:\Programme\Box Sync\_testcapi.pyd () MOD - C:\Programme\Box Sync\_win32sysloader.pyd () MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Core\a2b1103ad3d9f329e0c9164994137c81\System.Core.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml\21071fcc838660d96f10920c4c3cd206\System.Xml.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Configuration\363b05dd092178671e56531a9c4999b6\System.Configuration.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System\3ff4657a86a0e14b4be577969e0ec762\System.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\mscorlib\52f4f785f7cf45a64606a8e13c8cf04c\mscorlib.ni.dll () MOD - C:\Programme\ubuntuone\dist\PyQt4.QtNetwork.pyd () MOD - C:\Programme\ubuntuone\dist\PyQt4.QtGui.pyd () MOD - C:\Programme\ubuntuone\dist\PyQt4.QtCore.pyd () MOD - C:\Programme\ubuntuone\dist\sip.pyd () MOD - G:\Eigene Programme\F-Secure\Anti-Virus\minifilter\hashlib_x86.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll () MOD - G:\hardcopy\HcDllS.dll () MOD - C:\Programme\ubuntuone\dist\_ssl.pyd () MOD - C:\Programme\ubuntuone\dist\_hashlib.pyd () MOD - C:\Programme\ubuntuone\dist\_ctypes.pyd () MOD - C:\Programme\ubuntuone\dist\select.pyd () MOD - C:\Programme\ubuntuone\dist\unicodedata.pyd () MOD - C:\Programme\ubuntuone\dist\_socket.pyd () MOD - G:\hardcopy\HcDLL2_36_Win32.dll () MOD - C:\Programme\ubuntuone\dist\win32com.shell.shell.pyd () MOD - C:\Programme\ubuntuone\dist\pythoncom27.dll () MOD - C:\Programme\ubuntuone\dist\win32gui.pyd () MOD - C:\Programme\ubuntuone\dist\win32api.pyd () MOD - C:\Programme\ubuntuone\dist\win32trace.pyd () MOD - C:\Programme\ubuntuone\dist\win32security.pyd () MOD - C:\Programme\ubuntuone\dist\win32process.pyd () MOD - C:\Programme\ubuntuone\dist\win32pipe.pyd () MOD - C:\Programme\ubuntuone\dist\win32event.pyd () MOD - C:\Programme\ubuntuone\dist\win32file.pyd () MOD - C:\Programme\ubuntuone\dist\pywintypes27.dll () MOD - G:\hardcopy\hardcopy_04.dll () MOD - G:\Programme\Notepad++\plugins\NppFTP.dll () MOD - G:\Programme\Notepad++\plugins\NppExport.dll () MOD - C:\WINDOWS\system32\sbe.dll () MOD - G:\Eigene Programme\F-Secure\Spam Control\fsas.dll () MOD - \\?\g:\eigene programme\f-secure\hips\fsumi.dll () MOD - G:\Eigene Programme\F-Secure\FSGUI\strres.eng () MOD - G:\Eigene Programme\F-Secure\FSGUI\gres.dll () MOD - G:\Eigene Programme\F-Secure\FSGUI\fsavures.eng () MOD - G:\Eigene Programme\F-Secure\FSGUI\flyerres.eng () MOD - G:\Eigene Programme\F-Secure\FSGUI\about.dll () MOD - G:\Eigene Programme\F-Secure\FSGUI\aboutres.dll () MOD - G:\Eigene Programme\F-Secure\Anti-Virus\fsavhres.eng () MOD - g:\Eigene Programme\F-Secure\DAAS2\daas2.dll () MOD - C:\WINDOWS\system32\msdmo.dll () MOD - C:\Programme\Gemeinsame Dateien\Ulead Systems\AutoDetector\DetMethod.dll () MOD - C:\WINDOWS\system32\msjetoledb40.dll () MOD - C:\Programme\Sony\VAIO Camera Utility\VCULib.dll () MOD - C:\Programme\Intel\Wireless\Bin\Libeay32.dll () MOD - C:\Programme\Intel\Wireless\Bin\iWMSProv.dll () MOD - C:\Programme\Intel\Wireless\Bin\IntStngs.dll () MOD - C:\Programme\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe () MOD - C:\WINDOWS\system32\TosCommAPI.dll () MOD - C:\Programme\Sony\VAIO Event Service\VESBasePS.dll () MOD - C:\Programme\Adobe\Acrobat 7.0\Distillr\AdistRes.DEU () MOD - C:\WINDOWS\system32\TosBtHcrpAPI.dll () ========== Services (SafeList) ========== SRV - (HidServ) -- %SystemRoot%\System32\hidserv.dll File not found SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (TwonkyProxy) -- C:\Programme\Twonky\TwonkyServer\twonkyproxy.exe () SRV - (TwonkyWebDav) -- C:\Programme\Twonky\TwonkyServer\twonkywebdav.exe () SRV - (JavaQuickStarterService) -- C:\Programme\Java\jre7\bin\jqs.exe (Oracle Corporation) SRV - (FSORSPClient) -- G:\Eigene Programme\F-Secure\ORSP Client\fsorsp.exe (F-Secure Corporation) SRV - (VUAgent) -- C:\Programme\Sony\VAIO Update Common\VUAgent.exe (Sony Corporation) SRV - (STRATO HiDrive Service) -- G:\Programme\STRATO AG\STRATO HiDrive\STRATO HiDrive Service.exe (STRATO) SRV - (NAUpdate) -- C:\Programme\Nero\Update\NASvc.exe (Nero AG) SRV - (FSMA) -- G:\Eigene Programme\F-Secure\Common\FSMA32.EXE (F-Secure Corporation) SRV - (FSDFWD) -- G:\Eigene Programme\F-Secure\FWES\program\fsdfwd.exe (F-Secure Corporation) SRV - (F-Secure Gatekeeper Handler Starter) -- G:\Eigene Programme\F-Secure\Anti-Virus\fsgk32st.exe (F-Secure Corporation) SRV - (VAIOMediaPlatform-IntegratedServer-AppServer) -- C:\Programme\Sony\VAIO Media Integrated Server\VMISrv.exe (Sony Corporation) SRV - (VAIOMediaPlatform-IntegratedServer-UPnP) -- C:\Programme\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe (Sony Corporation) SRV - (VAIOMediaPlatform-IntegratedServer-HTTP) -- C:\Programme\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe (Sony Corporation) SRV - (VAIOMediaPlatform-Mobile-Gateway) -- C:\Programme\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe (Sony Corporation) SRV - (VAIO Entertainment TV Device Arbitration Service) -- C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe (Sony Corporation) SRV - (SSScsiSV) -- C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\SSScsiSV.exe (Sony Corporation) SRV - (AdobeActiveFileMonitor4.0) -- C:\Programme\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe () SRV - (VzCdbSvc) -- C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe (Sony Corporation) SRV - (VzFw) -- C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe (Sony Corporation) SRV - (Vcsw) -- C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe (Sony Corporation) SRV - (MSCSPTISRV) -- C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\MSCSPTISRV.exe (Sony Corporation) SRV - (PACSPTISVR) -- C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\PACSPTISVR.exe (Sony Corporation) SRV - (SPTISRV) -- C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\SPTISRV.exe (Sony Corporation) SRV - (Image Converter video recording monitor for VAIO Entertainment) -- C:\Programme\Sony\Image Converter 2\IcVzMon.exe (Sony Corporation) SRV - (VAIO Event Service) -- C:\Programme\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation) SRV - (VCI) -- C:\Programme\Sony\VAIO Cooperated Initialisation\VCI_svc.exe (Sony Corporation) ========== Driver Services (SafeList) ========== DRV - (WDICA) -- File not found DRV - (PDRFRAME) -- File not found DRV - (PDRELI) -- File not found DRV - (PDFRAME) -- File not found DRV - (PDCOMP) -- File not found DRV - (PCIDump) -- File not found DRV - (lbrtfdc) -- File not found DRV - (i2omgmt) -- File not found DRV - (esihdrv) -- C:\DOKUME~1\Wolfgang\LOKALE~1\Temp\esihdrv.sys File not found DRV - (Changer) -- File not found DRV - (catchme) -- C:\DOKUME~1\Wolfgang\LOKALE~1\Temp\catchme.sys File not found DRV - (F-Secure Gatekeeper) -- G:\Eigene Programme\F-Secure\Anti-Virus\minifilter\fsgk.sys () DRV - (fsbts) -- C:\WINDOWS\system32\drivers\fsbts.sys () DRV - (NBVol) -- C:\WINDOWS\system32\drivers\NBVol.sys (Nero AG) DRV - (NBVolUp) -- C:\WINDOWS\system32\drivers\NBVolUp.sys (Nero AG) DRV - (tap0901) -- C:\WINDOWS\system32\drivers\tap0901.sys (The OpenVPN Project) DRV - (F-Secure HIPS) -- G:\Eigene Programme\F-Secure\HIPS\drivers\fshs.sys (F-Secure Corporation) DRV - (FSFW) -- C:\WINDOWS\system32\drivers\fsdfw.sys (F-Secure Corporation) DRV - (F-Secure Filter) -- G:\Eigene Programme\F-Secure\Anti-Virus\win2k\fsfilter.sys () DRV - (F-Secure Recognizer) -- G:\Eigene Programme\F-Secure\Anti-Virus\win2k\fsrec.sys () DRV - (WDC_SAM) -- C:\WINDOWS\system32\drivers\wdcsam.sys (Western Digital Technologies) DRV - (SonyImgF) -- C:\WINDOWS\system32\drivers\SonyImgF.sys (Sony Corporation) DRV - (s24trans) -- C:\WINDOWS\system32\drivers\s24trans.sys (Intel Corporation) DRV - (w39n51) -- C:\WINDOWS\system32\drivers\w39n51.sys (Intel® Corporation) DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (SigmaTel, Inc.) DRV - (Tosrfusb) -- C:\WINDOWS\system32\drivers\tosrfusb.sys (TOSHIBA CORPORATION) DRV - (TosRfSnd) -- C:\WINDOWS\system32\drivers\tosrfsnd.sys (TOSHIBA Corporation) DRV - (usbvm321) -- C:\WINDOWS\system32\drivers\usbvm321.sys (Vimicro Corporation) DRV - (HSF_DPV) -- C:\WINDOWS\system32\drivers\HSF_DPV.sys (Conexant Systems, Inc.) DRV - (HSFHWAZL) -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys (Conexant Systems, Inc.) DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.) DRV - (Tosrfbd) -- C:\WINDOWS\system32\drivers\tosrfbd.sys (TOSHIBA CORPORATION) DRV - (Tosrfhid) -- C:\WINDOWS\system32\drivers\tosrfhid.sys (TOSHIBA Corporation.) DRV - (ti21sony) -- C:\WINDOWS\system32\drivers\ti21sony.sys (Texas Instruments) DRV - (SI3132) -- C:\WINDOWS\system32\drivers\SI3132.sys (Silicon Image, Inc.) DRV - (SiRemFil) -- C:\WINDOWS\system32\drivers\SiRemFil.sys (Silicon Image, Inc.) DRV - (tosporte) -- C:\WINDOWS\system32\drivers\tosporte.sys (TOSHIBA Corporation) DRV - (Tosrfbnp) -- C:\WINDOWS\system32\drivers\tosrfbnp.sys (TOSHIBA Corporation) DRV - (Tosrfcom) -- C:\WINDOWS\system32\drivers\tosrfcom.sys (TOSHIBA Corporation) DRV - (toshidpt) -- C:\WINDOWS\system32\drivers\toshidpt.sys (TOSHIBA Corporation.) DRV - (tosrfnds) -- C:\WINDOWS\system32\drivers\tosrfnds.sys (TOSHIBA Corporation.) DRV - (ApfiltrService) -- C:\WINDOWS\system32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.) DRV - (SiFilter) -- C:\WINDOWS\system32\drivers\SiWinAcc.sys (Silicon Image, Inc.) DRV - (DMICall) -- C:\WINDOWS\system32\drivers\DMICall.sys (Sony Corporation) DRV - (SNC) -- C:\WINDOWS\system32\drivers\SonyNC.sys (Sony Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.club-vaio.com/de/ IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.club-vaio.com/de/ IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-2067509887-573568312-3817669188-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKU\S-1-5-21-2067509887-573568312-3817669188-1006\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-2067509887-573568312-3817669188-1006\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-2067509887-573568312-3817669188-1006\..\SearchScopes\{0F9E37E5-7094-4B2A-BA63-45728792B28B}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=FKR&o=100000013&src=crm&q={searchTerms}&locale=&apn_ptnrs=2T&apn_dtid=YYYYYYYYDE&apn_uid=20f87da0-8a57-4582-a7cf-f83df4dd67e0&apn_sauid=E6103EC5-827E-45F3-9103-1CA704EF6625 IE - HKU\S-1-5-21-2067509887-573568312-3817669188-1006\..\SearchScopes\{AF0B3699-313C-47CE-B187-97C181997C92}: "URL" = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 IE - HKU\S-1-5-21-2067509887-573568312-3817669188-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "Ask.com" FF - prefs.js..browser.search.defaultenginename: "Ask.com" FF - prefs.js..browser.search.order.1: "Ask.com" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.startup.homepage: "hxxp://www.kottowski.de" FF - prefs.js..extensions.enabledAddons: spam%40trashmail.net:2.6.2 FF - prefs.js..extensions.enabledAddons: litmus-ff%40f-secure.com:1.10 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0 FF - prefs.js..keyword.URL: "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=FKR&o=100000013&locale=de_DE&apn_uid=20f87da0-8a57-4582-a7cf-f83df4dd67e0&apn_ptnrs=2T&apn_sauid=E6103EC5-827E-45F3-9103-1CA704EF6625&apn_dtid=YYYYYYYYDE&&q=" FF - prefs.js..network.proxy.type: 0 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Programme\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@Nero.com/KM: C:\PROGRA~1\GEMEIN~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.4: G:\Programme\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: G:\Programme\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101753.dll (Amazon.com, Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\litmus-ff@f-secure.com: G:\Eigene Programme\F-Secure\NRS\litmus-ff@f-secure.com [2013.01.03 20:18:32 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0\extensions\\Components: g:\programme\mozilla firefox\components [2013.01.10 20:43:04 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0\extensions\\Plugins: g:\programme\mozilla firefox\plugins [2012.06.10 19:48:52 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Wolfgang\Anwendungsdaten\Mozilla\Extensions [2012.12.02 20:03:37 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Wolfgang\Anwendungsdaten\Mozilla\Firefox\Profiles\jp8vstay.default\extensions [2012.10.24 21:55:03 | 000,000,000 | ---D | M] (Fotosketcher Toolbar) -- C:\Dokumente und Einstellungen\Wolfgang\Anwendungsdaten\Mozilla\Firefox\Profiles\jp8vstay.default\extensions\toolbar@ask.com [2012.12.02 20:03:37 | 000,217,069 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\Wolfgang\Anwendungsdaten\Mozilla\Firefox\Profiles\jp8vstay.default\extensions\spam@trashmail.net.xpi [2012.10.24 21:55:04 | 000,002,331 | ---- | M] () -- C:\Dokumente und Einstellungen\Wolfgang\Anwendungsdaten\Mozilla\Firefox\Profiles\jp8vstay.default\searchplugins\askcom.xml [2013.01.03 20:18:32 | 000,000,000 | ---D | M] ("urn:mozilla:install-manifest" em:creator="(c) 2007 by F-Secure" em:description="Browsing Protection Toolbar" em:homepageURL="hxxp://www.f-secure.com/" em:iconURL="chrome://litmus-ff/skin/logo.png" em:id="litmus-ff@f-secure.com" em:name="Browsing Protection" em:updateURL="https://10.70.0.25/fireup/update.rdf" em:version="1.10">) -- G:\EIGENE PROGRAMME\F-SECURE\NRS\LITMUS-FF@F-SECURE.COM O1 HOSTS File: ([2013.01.09 21:56:43 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Programme\Google\GoogleToolbar1.dll (Google Inc.) O2 - BHO: (Browsing Protection Class) - {C6867EB7-8350-4856-877F-93CF8AE3DC9C} - G:\Eigene Programme\F-Secure\NRS\iescript\baselitmus.dll (F-Secure Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Programme\Google\GoogleToolbar1.dll (Google Inc.) O3 - HKLM\..\Toolbar: (Browsing Protection Toolbar) - {265EEE8E-3228-44D3-AEA5-F7FDF5860049} - G:\Eigene Programme\F-Secure\NRS\iescript\baselitmus.dll (F-Secure Corporation) O3 - HKU\S-1-5-21-2067509887-573568312-3817669188-1006\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found. O3 - HKU\S-1-5-21-2067509887-573568312-3817669188-1006\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found. O3 - HKU\S-1-5-21-2067509887-573568312-3817669188-1006\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Programme\Google\GoogleToolbar1.dll (Google Inc.) O4 - HKLM..\Run: [Acrobat Assistant 7.0] C:\Programme\Adobe\Acrobat 7.0\Distillr\Acrotray.exe (Adobe Systems Inc.) O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [Apoint] C:\Programme\Apoint\Apoint.exe (Alps Electric Co., Ltd.) O4 - HKLM..\Run: [BoxSyncHelper] C:\Programme\Box Sync\BoxSyncHelper.exe (Box, Inc.) O4 - HKLM..\Run: [F-Secure Manager] G:\Eigene Programme\F-Secure\Common\FSM32.EXE (F-Secure Corporation) O4 - HKLM..\Run: [F-Secure TNB] G:\Eigene Programme\F-Secure\FSGUI\TNBUtil.exe (F-Secure Corporation) O4 - HKLM..\Run: [ISBMgr.exe] C:\Programme\Sony\ISB Utility\ISBMgr.exe (Sony Corporation) O4 - HKLM..\Run: [Mouse Suite 98 Daemon] C:\WINDOWS\System32\ico.exe (Primax Electronics Ltd.) O4 - HKLM..\Run: [NBAgent] C:\Programme\Nero\Nero 11\Nero BackItUp\NBAgent.exe (Nero AG) O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [PDFPrint] G:\Programme\PDF24\pdf24.exe (Geek Software GmbH) O4 - HKLM..\Run: [SonyPowerCfg] C:\Programme\Sony\VAIO Power Management\SPMgr.exe (Sony Corporation) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) O4 - HKLM..\Run: [Switcher.exe] C:\Programme\Sony\Wireless Switch Setting Utility\Switcher.exe (Sony Corporation) O4 - HKLM..\Run: [Ulead AutoDetector v2] C:\Programme\Gemeinsame Dateien\Ulead Systems\AutoDetector\Monitor.exe (Ulead Systems, Inc.) O4 - HKLM..\Run: [VAIO Update 5] C:\Programme\Sony\VAIO Update 5\VAIOUpdt.exe (Sony Corporation) O4 - HKLM..\Run: [VAIOCameraUtility] C:\Programme\Sony\VAIO Camera Utility\VCUServe.exe (Sony Corporation) O4 - HKU\S-1-5-21-2067509887-573568312-3817669188-1006..\Run: [Software Informer] C:\Programme\Software Informer\softinfo.exe (Informer Technologies, Inc.) O4 - HKU\S-1-5-21-2067509887-573568312-3817669188-1006..\Run: [Ubuntu One] C:\Programme\ubuntuone\dist\ubuntuone-syncdaemon.exe () O4 - HKU\S-1-5-21-2067509887-573568312-3817669188-1006..\Run: [Ubuntu One Icon] C:\Programme\ubuntuone\dist\ubuntuone-control-panel-qt.exe () O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Bluetooth Manager.lnk = C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe () O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Box Sync.lnk = C:\Programme\Box Sync\BoxSync.exe (Box, Inc.) O4 - Startup: C:\Dokumente und Einstellungen\Wolfgang\Startmenü\Programme\Autostart\Hardcopy.LNK = G:\hardcopy\hardcopy.exe (sw4you, Siegfried Weckmann) O4 - Startup: C:\Dokumente und Einstellungen\Wolfgang\Startmenü\Programme\Autostart\Twonky 7.1.lnk = C:\Programme\Twonky\TwonkyServer\twonkytray.exe (PacketVideo) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-2067509887-573568312-3817669188-1006\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-2067509887-573568312-3817669188-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\S-1-5-21-2067509887-573568312-3817669188-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-21-2067509887-573568312-3817669188-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: &Google-Suche - C:\Programme\Google\GoogleToolbar1.dll (Google Inc.) O8 - Extra context menu item: &Ins Deutsche übersetzen - C:\Programme\Google\GoogleToolbar1.dll (Google Inc.) O8 - Extra context menu item: Ähnliche Seiten - C:\Programme\Google\GoogleToolbar1.dll (Google Inc.) O8 - Extra context menu item: Im Cache gespeicherte Seite - C:\Programme\Google\GoogleToolbar1.dll (Google Inc.) O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Verweisseiten - C:\Programme\Google\GoogleToolbar1.dll (Google Inc.) O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_05\bin\NPJPI150_05.dll (Sun Microsystems, Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - G:\Eigene Programme\F-Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - G:\Eigene Programme\F-Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - G:\Eigene Programme\F-Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - G:\Eigene Programme\F-Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation) O15 - HKU\.DEFAULT\..Trusted Domains: sony-europe.com ([] in Lokales Intranet) O15 - HKU\.DEFAULT\..Trusted Domains: sony-europe.com ([]* in Vertrauenswürdige Sites) O15 - HKU\.DEFAULT\..Trusted Domains: sonystyle-europe.com ([] in Lokales Intranet) O15 - HKU\.DEFAULT\..Trusted Domains: sonystyle-europe.com ([]* in Vertrauenswürdige Sites) O15 - HKU\.DEFAULT\..Trusted Domains: vaio-link.com ([] in Lokales Intranet) O15 - HKU\.DEFAULT\..Trusted Domains: vaio-link.com ([]* in Vertrauenswürdige Sites) O15 - HKU\S-1-5-18\..Trusted Domains: sony-europe.com ([] in Lokales Intranet) O15 - HKU\S-1-5-18\..Trusted Domains: sony-europe.com ([]* in Vertrauenswürdige Sites) O15 - HKU\S-1-5-18\..Trusted Domains: sonystyle-europe.com ([] in Lokales Intranet) O15 - HKU\S-1-5-18\..Trusted Domains: sonystyle-europe.com ([]* in Vertrauenswürdige Sites) O15 - HKU\S-1-5-18\..Trusted Domains: vaio-link.com ([] in Lokales Intranet) O15 - HKU\S-1-5-18\..Trusted Domains: vaio-link.com ([]* in Vertrauenswürdige Sites) O15 - HKU\S-1-5-21-2067509887-573568312-3817669188-1006\..Trusted Domains: sony-europe.com ([]* in Trusted sites) O15 - HKU\S-1-5-21-2067509887-573568312-3817669188-1006\..Trusted Domains: sonystyle-europe.com ([]* in Trusted sites) O15 - HKU\S-1-5-21-2067509887-573568312-3817669188-1006\..Trusted Domains: vaio-link.com ([]* in Trusted sites) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab (Reg Error: Value error.) O16 - DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab (Java Plug-in 1.5.0_05) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D736588D-959B-4DE4-8835-3D3DDD703445}: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\VESWinlogon: DllName - (VESWinlogon.dll) - C:\WINDOWS\System32\VESWinlogon.dll (Sony Corporation) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: C:\WINDOWS\VAIO Sea Wallpaper TrueColor 1280x800.bmp O24 - Desktop BackupWallPaper: C:\WINDOWS\VAIO Sea Wallpaper TrueColor 1280x800.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2005.12.12 17:40:12 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - F:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2013.01.10 19:53:32 | 000,000,000 | -HSD | C] -- C:\RECYCLER [2013.01.10 01:04:17 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\mbar-1.01.0.1011 [2013.01.09 21:40:45 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Wolfgang\Anwendungsdaten\Opera [2013.01.09 21:31:25 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Wolfgang\Lokale Einstellungen\Anwendungsdaten\PCHealth [2013.01.08 22:49:57 | 000,000,000 | RHSD | C] -- C:\cmdcons [2013.01.08 22:46:23 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe [2013.01.08 22:46:23 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe [2013.01.08 22:46:22 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe [2013.01.08 22:46:22 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe [2013.01.08 22:45:53 | 000,000,000 | ---D | C] -- C:\Qoobox [2013.01.08 22:45:50 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\Wolfgang\Startmenü\Programme\Verwaltung [2013.01.08 22:45:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt [2013.01.08 22:41:04 | 005,019,950 | R--- | C] (Swearware) -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\ComboFix.exe [2013.01.06 17:50:24 | 002,213,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\tdsskiller.exe [2013.01.06 17:02:38 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\aswMBR.exe [2013.01.06 00:57:18 | 002,841,344 | ---- | C] (ESET) -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\SysInspector.exe [2013.01.04 18:58:43 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\OTL.exe [2013.01.03 21:53:20 | 000,000,000 | ---D | C] -- C:\Programme\ESET [2013.01.03 00:30:55 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Wolfgang\Anwendungsdaten\Malwarebytes [2013.01.03 00:30:32 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware [2013.01.03 00:30:29 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes [2013.01.03 00:30:25 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2013.01.03 00:30:25 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2013.01.02 22:16:19 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Wolfgang\Anwendungsdaten\F-Secure [2012.12.22 19:33:58 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Wolfgang\Startmenü\Programme\The GodFather [2012.12.22 01:54:27 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Wolfgang\Pictures - GT-P5100 [2012.12.22 00:34:45 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Wolfgang\Ubuntu One [2012.12.22 00:34:43 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Wolfgang\Lokale Einstellungen\Anwendungsdaten\ubuntuone [2012.12.22 00:34:31 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Wolfgang\Lokale Einstellungen\Anwendungsdaten\xdg [2012.12.22 00:34:31 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ubuntuone-storageprotocol [2012.12.22 00:34:31 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ubuntuone [2012.12.22 00:34:22 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Ubuntu One [2012.12.22 00:34:10 | 000,000,000 | ---D | C] -- C:\Programme\ubuntuone [2012.12.21 20:51:21 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Box Sync [2012.12.21 01:26:56 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen\Wolfgang\IECompatCache [2012.12.20 23:59:17 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Wolfgang\Lokale Einstellungen\Anwendungsdaten\IsolatedStorage [2012.12.20 23:57:37 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Western Digital [2012.12.20 23:37:20 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\WD Link [2012.12.20 21:16:52 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Wolfgang\Anwendungsdaten\TwonkyServer [2012.12.20 21:15:50 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\twonkyserver [2012.12.20 21:15:45 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Wolfgang\Startmenü\Programme\Twonky 7.1 [2012.12.20 21:15:32 | 000,000,000 | ---D | C] -- C:\Programme\Twonky [2012.12.20 20:39:37 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Wolfgang\Anwendungsdaten\MioNetApplet [2012.12.17 00:56:12 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\VideoLAN [2012.12.15 22:17:44 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Wolfgang\Anwendungsdaten\Try2 [2012.12.15 22:17:44 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Try2 [2012.12.15 22:15:51 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\rondomedia [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.01.11 00:38:15 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job [2013.01.11 00:17:24 | 000,041,156 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml [2013.01.11 00:17:07 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2013.01.11 00:17:04 | 2145,570,816 | -HS- | M] () -- C:\hiberfil.sys [2013.01.10 21:33:42 | 000,554,087 | ---- | M] () -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\adwcleaner.exe [2013.01.10 01:02:20 | 013,485,902 | ---- | M] () -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\mbar-1.01.0.1011.zip [2013.01.09 22:39:06 | 000,697,864 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe [2013.01.09 22:39:06 | 000,074,248 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl [2013.01.09 21:56:43 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts [2013.01.09 01:20:56 | 000,532,878 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat [2013.01.09 01:20:56 | 000,506,794 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2013.01.09 01:20:56 | 000,108,784 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat [2013.01.09 01:20:56 | 000,090,702 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2013.01.09 01:12:59 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2013.01.08 22:50:01 | 000,000,498 | RHS- | M] () -- C:\boot.ini [2013.01.08 22:40:54 | 005,019,950 | R--- | M] (Swearware) -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\ComboFix.exe [2013.01.07 23:24:51 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2013.01.06 17:50:28 | 002,213,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\tdsskiller.exe [2013.01.06 17:32:30 | 000,000,512 | ---- | M] () -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\MBR.dat [2013.01.06 17:03:30 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\aswMBR.exe [2013.01.06 00:57:24 | 002,841,344 | ---- | M] (ESET) -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\SysInspector.exe [2013.01.05 23:17:40 | 000,000,315 | ---- | M] () -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\F-Secure Health Check.url [2013.01.04 18:49:59 | 000,000,000 | ---- | M] () -- C:\Dokumente und Einstellungen\Wolfgang\defogger_reenable [2013.01.04 18:41:40 | 000,050,477 | ---- | M] () -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\Defogger.exe [2013.01.04 18:08:40 | 000,381,632 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2013.01.03 16:25:54 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\OTL.exe [2013.01.03 00:30:32 | 000,000,763 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk [2012.12.23 00:00:41 | 000,003,027 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\dsgsdgdsgdsgw.js [2012.12.22 23:57:40 | 000,000,000 | ---- | M] () -- C:\1.htm [2012.12.22 23:39:23 | 000,007,026 | ---- | M] () -- C:\WINDOWS\cdplayer.ini [2012.12.22 19:40:20 | 000,000,609 | ---- | M] () -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\TheGodFather.lnk [2012.12.22 00:34:23 | 000,001,743 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Ubuntu One.lnk [2012.12.21 20:52:03 | 000,001,333 | ---- | M] () -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\My Box Files.lnk [2012.12.21 20:51:21 | 000,001,616 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Box Sync.lnk [2012.12.20 23:57:37 | 000,001,807 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\My Net View.lnk [2012.12.20 23:37:20 | 000,001,001 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\WD Link.lnk [2012.12.20 21:16:10 | 000,000,804 | ---- | M] () -- C:\Dokumente und Einstellungen\Wolfgang\Startmenü\Programme\Autostart\Twonky 7.1.lnk [2012.12.20 21:15:52 | 000,000,792 | ---- | M] () -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\Twonky 7.1.lnk [2012.12.17 00:56:12 | 000,000,603 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\VLC media player.lnk [2012.12.16 13:23:59 | 000,290,560 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\dllcache\atmfd.dll [2012.12.16 13:23:59 | 000,290,560 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\atmfd.dll [2012.12.15 22:15:51 | 000,000,926 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Jewel Empire - Hidden Secrets.lnk [2012.12.14 16:49:28 | 000,021,104 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.01.10 21:33:45 | 000,554,087 | ---- | C] () -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\adwcleaner.exe [2013.01.10 01:01:49 | 013,485,902 | ---- | C] () -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\mbar-1.01.0.1011.zip [2013.01.08 22:49:59 | 000,262,448 | RHS- | C] () -- C:\cmldr [2013.01.08 22:46:23 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe [2013.01.08 22:46:23 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe [2013.01.08 22:46:23 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe [2013.01.08 22:46:22 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe [2013.01.08 22:46:22 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe [2013.01.06 17:32:30 | 000,000,512 | ---- | C] () -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\MBR.dat [2013.01.05 23:17:40 | 000,000,315 | ---- | C] () -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\F-Secure Health Check.url [2013.01.04 20:02:56 | 000,357,376 | ---- | C] () -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\wd4c1uoj.exe [2013.01.04 18:49:59 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\Wolfgang\defogger_reenable [2013.01.04 18:41:44 | 000,050,477 | ---- | C] () -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\Defogger.exe [2013.01.03 00:30:32 | 000,000,763 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk [2012.12.23 00:00:41 | 000,003,027 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\dsgsdgdsgdsgw.js [2012.12.22 23:57:05 | 000,000,000 | ---- | C] () -- C:\1.htm [2012.12.22 19:40:20 | 000,000,609 | ---- | C] () -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\TheGodFather.lnk [2012.12.22 00:34:23 | 000,001,743 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Ubuntu One.lnk [2012.12.21 20:51:21 | 000,001,616 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Box Sync.lnk [2012.12.20 23:57:37 | 000,001,807 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\My Net View.lnk [2012.12.20 23:37:20 | 000,001,001 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\WD Link.lnk [2012.12.20 21:16:10 | 000,000,804 | ---- | C] () -- C:\Dokumente und Einstellungen\Wolfgang\Startmenü\Programme\Autostart\Twonky 7.1.lnk [2012.12.20 21:15:52 | 000,000,792 | ---- | C] () -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\Twonky 7.1.lnk [2012.12.17 00:56:12 | 000,000,603 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\VLC media player.lnk [2012.12.15 22:15:51 | 000,000,926 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Jewel Empire - Hidden Secrets.lnk [2012.11.07 22:23:10 | 000,003,396 | ---- | C] () -- C:\Dokumente und Einstellungen\Wolfgang\Lokale Einstellungen\Anwendungsdaten\recently-used.xbel [2012.10.10 21:11:33 | 000,001,158 | ---- | C] () -- C:\Dokumente und Einstellungen\Wolfgang\Anwendungsdaten\ShiftN.ini [2012.10.01 23:04:30 | 000,345,366 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\WPFFontCache_v0400-S-1-5-21-2067509887-573568312-3817669188-1007-0.dat [2012.07.23 22:16:08 | 013,476,602 | ---- | C] () -- C:\Dokumente und Einstellungen\Wolfgang\ZDFneo-Der_Adler_-_Codename__Sisyphus-120705_adler_sisyphus_neo.asx.asf [2012.07.22 20:14:51 | 000,000,030 | ---- | C] () -- C:\WINDOWS\Iedit_.INI [2012.07.22 19:51:26 | 000,120,200 | ---- | C] () -- C:\WINDOWS\System32\DLLDEV32i.dll [2012.07.22 19:46:39 | 000,007,119 | ---- | C] () -- C:\WINDOWS\mgxoschk.ini [2012.06.28 15:06:13 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll [2012.06.28 01:39:10 | 000,891,902 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\WPFFontCache_v0400-S-1-5-21-2067509887-573568312-3817669188-1006-0.dat [2012.06.28 01:39:08 | 000,345,366 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\WPFFontCache_v0400-System.dat [2012.06.26 21:04:22 | 000,007,026 | ---- | C] () -- C:\WINDOWS\cdplayer.ini [2012.06.26 20:09:31 | 000,044,240 | ---- | C] () -- C:\WINDOWS\System32\drivers\fsbts.sys [2012.06.10 20:11:28 | 000,000,166 | ---- | C] () -- C:\Dokumente und Einstellungen\Wolfgang\Anwendungsdaten\wklnhst.dat [2012.06.10 16:58:38 | 000,004,608 | ---- | C] () -- C:\Dokumente und Einstellungen\Wolfgang\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.06.10 16:36:14 | 000,000,272 | ---- | C] () -- C:\Dokumente und Einstellungen\Wolfgang\Anwendungsdaten\.backup.dm [2012.06.09 21:25:28 | 000,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2012.06.09 21:16:26 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\Cpuinf32.dll [2012.06.09 21:12:07 | 000,000,059 | ---- | C] () -- C:\WINDOWS\WININIT.INI [2012.06.09 21:05:27 | 000,000,146 | ---- | C] () -- C:\Dokumente und Einstellungen\Wolfgang\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat ========== ZeroAccess Check ========== [2005.12.12 17:36:51 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shdocvw.dll -- [2012.04.20 20:29:44 | 001,510,400 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.02.09 11:51:44 | 000,473,600 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2008.04.14 03:22:32 | 000,273,920 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both < End of report > Code:
ATTFilter OTL Extras logfile created on: 11.01.2013 00:41:23 - Run 4 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Dokumente und Einstellungen\Wolfgang\Desktop Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,14 Gb Available Physical Memory | 56,91% Memory free 3,85 Gb Paging File | 2,99 Gb Available in Paging File | 77,63% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 48,83 Gb Total Space | 25,70 Gb Free Space | 52,63% Space Free | Partition Type: NTFS Drive D: | 140,58 Gb Total Space | 125,16 Gb Free Space | 89,03% Space Free | Partition Type: FAT32 Drive F: | 48,83 Gb Total Space | 35,30 Gb Free Space | 72,30% Space Free | Partition Type: NTFS Drive G: | 75,89 Gb Total Space | 68,84 Gb Free Space | 90,71% Space Free | Partition Type: NTFS Drive J: | 50,27 Gb Total Space | 50,27 Gb Free Space | 100,00% Space Free | Partition Type: FAT32 Drive N: | 465,73 Gb Total Space | 115,08 Gb Free Space | 24,71% Space Free | Partition Type: NTFS Computer Name: LAPTOP-PC | User Name: Wolfgang | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* .url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l [HKEY_USERS\S-1-5-21-2067509887-573568312-3817669188-1006\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- g:\programme\mozilla firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* exefile [open] -- "%1" %* htmlfile [edit] -- Reg Error: Key error. InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "G:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN) Directory [CEWE FOTOSCHAU] -- "G:\Programme\CEWE COLOR\Mein CEWE FOTOBUCH\CEWE FOTOSCHAU.exe" -d "%1" () Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [Mein CEWE FOTOBUCH] -- "G:\Programme\CEWE COLOR\Mein CEWE FOTOBUCH\Mein CEWE FOTOBUCH.exe" "%1" () Directory [PlayWithVLC] -- "G:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr] "Start" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService] "Start" = 2 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List] "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation) "%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation) "C:\Programme\Adobe\Photoshop Elements 4.0\AdobePhotoshopElementsMediaServer.exe" = C:\Programme\Adobe\Photoshop Elements 4.0\AdobePhotoshopElementsMediaServer.exe:*:Disabled:Adobe Photoshop Elements Media Server -- () "%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation) "C:\Programme\Twonky\TwonkyServer\twonkystarter.exe" = C:\Programme\Twonky\TwonkyServer\twonkystarter.exe:*:Enabled:TwonkyServer -- (PacketVideo) "C:\Programme\Twonky\TwonkyServer\twonkyserver.exe" = C:\Programme\Twonky\TwonkyServer\twonkyserver.exe:*:Enabled:TwonkyServer -- () "C:\Programme\ubuntuone\dist\ubuntuone-syncdaemon.exe" = C:\Programme\ubuntuone\dist\ubuntuone-syncdaemon.exe:*:Enabled:Ubuntu One -- () ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{00F8608F-BA6A-4B32-843A-1A568ACD1198}" = VAIO Sea Wallpaper "{013E1BA8-C815-4E27-BCB9-D6B1B2E24094}" = SonicStage Mastering Studio Audio Filter Custom Preset "{01E9B2FF-DAF4-4529-9CC9-2101625517C7}" = nero.prerequisites.msi "{01FDC9FC-4D4F-4DB0-ACD1-D3E8E1D52902}" = Sony MP4 Shared Library "{034DCAF9-96E7-4936-9A07-712F80B5181E}" = Nero RescueAgent 11 "{0673654C-5296-453B-9798-B61CD7E03FEB}" = SES Driver "{0713D1F9-DD77-42C1-8C7D-54D479E2E743}" = Nero SoundTrax 11 "{075473F5-846A-448B-BCB3-104AA1760205}" = Roxio DigitalMedia Data "{0D7A4289-99CF-4B8D-B812-86BE50A54552}" = Nero Video 11 "{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1 "{11C98E1A-EC91-4B38-B44C-C562292D8453}" = Adobe Premiere Elements 2.0 "{11D3EF85-63E1-4AE4-A7C1-9241BDB16B51}" = Nero ControlCenter 11 "{1417F599-1DBD-4499-9375-B2813E9F890C}" = VAIO Camera Utility "{14DC0059-00F1-4F62-BD1A-AB23CD51A95E}" = Adobe AIR "{15803703-25FA-4C01-A062-3F4A59937E87}" = Ulead PhotoImpact X3 "{1BEF9285-5530-426B-A5F1-5836B95C7EB1}" = VAIO Original Screen Saver "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{2063C2E8-3812-4BBD-9998-6610F80C1DD4}" = VAIO Media AC3 Decoder 1.0 "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe "{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 9 "{27337663-2619-11D4-99DC-0000F49094C7}" = Memory Stick Formatter "{28C70D19-6DE9-43EF-BFA3-342F4A11B727}" = LibreOffice 3.5 "{2A0F3EF9-68EE-49E9-A05B-ED5B82DF63E5}" = Wireless Switch Setting Utility "{2AEDC172-479F-47AE-8A48-A0524D4AED5B}_is1" = Inpaint 4.7 "{2CA7225D-CB12-462A-9DD1-50319E158BA5}" = Nero 11 PiP Effects Basic "{3248F0A8-6813-11D6-A77B-00B0D0150050}" = J2SE Runtime Environment 5.0 Update 5 "{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{390757AA-8830-43DC-AEE0-4E5B6F8439EB}" = Nero SoundTrax 11 Help (CHM) "{3966711E-1F98-4C9F-AE0B-6AD28137FE64}" = Multiple Image Resizer .NET 4 "{3B418709-D688-4E3A-BE0E-7D71FA84C948}" = Nero 11 PiP Effects 1 "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{4382FC76-8100-4951-8658-31834E625E88}" = Nero 11 Video Transitions 1 "{498A4E3D-562E-4129-8722-6DCAB12384AE}" = Windows Communication Foundation Language Pack - DEU "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{529125EF-E3AC-4B74-97E6-F688A7C0F1BF}" = Paint.NET v3.5.10 "{53F7746A-96AA-49A5-86B8-59989680DAC5}" = Nero Burning ROM 11 Help (CHM) "{55C2143E-FBA5-442F-9AFA-726FF068F39D}" = Nero CoverDesigner 11 Help (CHM) "{560F6B2E-F0DF-44E5-8190-A4A161F0E205}" = VAIO Media 5.0 "{57F80ECF-E27C-4EEE-AB58-E971BACE2639}" = Nero Recode 11 Help (CHM) "{5855C127-1F20-404D-B7FB-1FD84D7EAB5E}" = VAIO Media Redistribution 5.0 "{59452470-A902-477F-9338-9B88101681BD}" = Setting Utility Series "{5958CAC6-373E-402F-84FE-0A699AA920B9}" = LAN Setting Utility "{5A212B2D-140D-46F4-B625-2D1CA5A00594}" = Nero 11 Kwik Themes Basic "{5BEE8F1F-BD32-4553-8107-500439E43BD7}" = VAIO Update "{5E940FC7-90C4-8583-3DCB-A2C86224B726}" = Shrink O’Matic "{5E98FDD6-3672-4DBE-AB8B-2C9A0BED1382}" = Nero 11 Disc Menus 3 "{60356853-8141-8377-6786-288431479053}" = Jewel Empire-Hidden Secrets "{61D6E4FB-1A62-4EB1-BE56-929B00C155CF}" = Wireless LAN Starter "{63B8FB69-A1B6-425D-B67D-5257B7A1F663}" = Image Converter 2 Plus "{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update "{668B1BD6-4593-4959-970E-249AFFE6F35C}" = VOR "{685BCC47-B8EC-45EC-BBCE-77DF2451502C}" = DVgate Plus "{6AB2427E-A18F-4809-9A12-29F5EBABBB3A}" = Nero BackItUp 11 Help (CHM) "{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 "{6B1F20F2-6321-4669-A58C-33DF8E7517FF}" = VAIO Entertainment Platform "{7228FD8C-3B9E-4204-AE36-8A466107685B}" = Windows Workflow Foundation DE Language Pack "{785EB1D4-ECEC-4195-99B4-73C47E187721}" = VAIO Media Integrated Server 5.0 "{7DF2B5EE-2C16-4E86-9C71-8678068AD805}" = Nero 11 Disc Menus 2 "{7F9C9908-69E3-4474-A081-256F27995A18}" = My Net View "{8014FACB-1D1D-48C2-94AA-E29EE2E6B9CE}" = Nero WaveEditor 11 "{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 4.9.0 "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{8937FCB2-2FC6-4FC3-9FB5-DE2C92DB9C38}" = Microsoft .NET Framework 2.0 Language Pack - DEU "{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr "{8EDBA74D-0686-4C99-BFDD-F894678E5102}" = Adobe Common File Installer "{8FFC924C-ED06-44CB-8867-3CA778ECE903}" = Adobe Help Center 2.0 "{9080C5D2-82FA-452A-87FA-CBB4B05D67A5}" = VPS "{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD for VAIO "{9193490D-5229-4FC4-9BB9-A6D63C09574A}" = High-Definition Video Playback "{92DF2F1B-F63C-4D9A-B3E1-B2D11AE29790}" = Windows Presentation Foundation Language Pack (DEU) "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9CC89556-3578-48DD-8408-04E66EBEF401}" = mXML "{9E319E96-ED8E-4B01-9775-C521A1869A25}" = VAIO Power Management "{9E407618-D9CD-4F39-9490-9ED45294073D}" = Click to DVD 2.0.03 Menu Data "{9FC86590-AC98-4845-80D4-3EB37B51947B}" = Nero 11 "{A0EB195B-5876-48E6-879D-33D4B2102610}" = SonicStage 3.3 "{A0F34849-D9AB-46DD-B1BE-BB0DB60B1FE8}" = Nero 11 Disc Menus 1 "{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}" = mDriver "{A2CDC001-F8B3-4C64-9E74-2E3FA0FAC9D9}" = Nero 11 Video Samples "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{A3810BEE-967B-41DC-9662-F941A3F7D689}" = calibre "{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio "{A4F6BE36-4826-45BA-A396-04F265A3B61D}" = Nero 11 Kwik Themes 2 "{A7A0BF2E-31CC-49E3-9913-52C503EB969D}" = Nero Audio Pack 1 "{AB2BBC64-8AC8-4E66-BBF3-E22D5EACEECA}" = Nero BackItUp 11 "{AB467B85-4F52-48C2-AEED-0673D00417B0}" = SonicStage Mastering Studio Audio Filter "{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Roxio DigitalMedia Audio "{ABBD2A2E-2424-4078-966F-F319A88D5F21}" = VAIO Starfish Wallpaper "{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.5) - Deutsch "{ACD6B383-EC5B-4000-A455-CCB308B447FE}" = Nero 11 Kwik Themes 4 "{AF9A04EB-7D8E-41DE-9EDE-4AB9BB2B71B6}" = VAIO Media Registration Tool 5.0 "{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Roxio DigitalMedia Copy "{B160A672-F326-4414-9BB0-A056C61B357C}" = Nero 11 Cliparts "{B1846721-A8E6-46C7-83B6-0DCF7ADB4267}" = Nero Burning ROM 11 "{B1F69AF3-B5B5-4CA5-ADC5-8A738EB6E574}" = Nero 11 Kwik Themes 1 "{B26E3B0D-C2FA-4370-B068-7C476766F029}" = Microsoft Works "{B3F1E526-180B-4480-9FEC-3E2DCB8EA9CE}" = F-Secure PSC Prerequisites "{B7C03E84-AF46-42F4-809D-D4127D9086D0}" = VAIO Edit Components 6.0 "{B9B1BA7F-7E07-49DD-A713-5B397A5BB66B}" = Nero Kwik Media Help (CHM) "{BA499CC0-12C0-4BA5-9007-76844B721158}" = Nero 11 Kwik Themes 3 "{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation "{BE56FEF0-1A0F-4719-B3AD-34B5087AFA6D}" = Sony Video Shared Library "{BE814218-3919-4EA3-868A-2F60BC135CB4}" = Nero Kwik Media "{BEBEE34D-84A2-4EDD-8BEA-96CC54371263}" = Nero Core Components 11 "{BF3B304B-8A18-452D-A19F-6012CA8418D7}" = SonicStage Mastering Studio 2.1 "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{C27BF761-C499-488D-A964-A3718BC6EC3E}" = DSD Direct "{C89EB8CD-675F-44F4-9729-4C9A8FAC2D4F}" = DSD Playback Plug-In 1.0 "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CCE210DF-7EEF-4A76-A63C-3EB091FDB992}" = welcome "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{CE518445-0054-44F8-8315-2AD45BF3701E}" = Raw Therapee V4.0.9.50 x86 "{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba "{D010EBB6-6CDB-4360-90ED-743156F3E11F}" = LibreOffice 3.5 Help Pack (German) "{D01CE99A-8802-483C-A79F-298B691EB432}" = Nero RescueAgent 11 Help (CHM) "{D2CBEFA4-F2D3-4E97-A171-8BFD6A31A5EC}" = Nero Express 11 Help (CHM) "{D2D23D08-D10E-43D6-883C-78E0B2AC9CC6}" = VU5x86 "{D4D66270-9147-4BDF-9946-FCA2B303AA8F}" = Nero ControlCenter 11 Help (CHM) "{E09B48B5-E141-427A-AB0C-D3605127224A}" = Microsoft SQL Server Desktop Engine (VAIO_VEDB) "{E10AAE4A-98B8-420A-BD93-E0520C23D624}" = Nero Express 11 "{E4715C25-7114-4F40-A915-C1951D4D7520}" = VAIO Update Merge Module x86 "{E51BC4B0-EA5E-49CC-AF3B-93B5C627EC22}" = Nero 11 Effects Basic "{E5E6E687-1031-0000-0000-000000000002}" = Adobe Acrobat 7.0 Elements - Deutsch "{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack "{E809063C-51A3-4269-8984-D1EB742F2151}" = Click to DVD 2.5.00 "{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore "{EB8DED20-A887-4A9C-BB5A-F3E7523DFB44}" = Nero WaveEditor 11 Help (CHM) "{EBB7C1C1-D439-4D9B-9FDC-954C10F266B0}" = Adobe Photoshop Elements 4.0 "{EE7EB179-5AA2-4B28-AC92-5CBAAF82BA7F}" = SonicStage Mastering Studio Plugins "{EF3D45BB-2260-4008-88EA-492E7744A9DF}" = Sony Utilities DLL "{F0AC2E59-2AD8-4D4C-8677-4EFE8F8AFC37}" = Box Sync "{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F0D85ADD-DD61-4B43-87A0-6DA52A211A8B}" = VAIO Event Service "{F2A7F421-1679-48D5-B918-96999014ED53}" = Microsoft .NET Framework 3.0 German Language Pack "{F3743A2C-5D5F-4456-8F98-5DF36A954C50}" = Nero 11 Image Samples "{F49EF443-B2BD-4F10-8A46-87AFCDB90EDD}" = Nero 11 Disc Menus Basic "{F5E4C38C-73BC-4D44-8BFC-969C2B4DABCA}" = OpenMG Secure Module 4.3.00 "{F69FB940-5031-4FE8-AFAD-085802D0BF63}" = Nero Recode 11 "{F8EF9B71-53E7-41F5-8E54-47B4C979CB38}" = Nero Backup Drivers "{FAC3C37E-EDAB-4F3A-A173-A7C70CC88F09}" = Nero Video 11 Help (CHM) "{FB714F13-10C9-48DB-91C9-DDBCCCBF9370}" = VAIO Original Screen Saver VAIO Cozy Screen SD Wide Contents "{FC37C108-821D-4EDE-8F40-D5B497586805}" = VAIO Control Center "{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe "{FF44BCE5-5A18-4051-85F0-BC172D7B4695}" = Nero CoverDesigner 11 "7-Zip" = 7-Zip 9.20 "Adobe Acrobat 7.0 Elements - Deutsch" = Adobe Acrobat 7.0 Elements - Deutsch "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Adobe Photoshop Elements 4" = Adobe Photoshop Elements 4.0 "Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.17 "CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_20030003" = HDAUDIO SoftV92 Data Fax Modem with SmartCP "Digital Editions" = Adobe Digital Editions "ESET Online Scanner" = ESET Online Scanner v3 "Exact Audio Copy" = Exact Audio Copy 1.0beta3 "Exif-Viewer" = Exif-Viewer 2.51 "FastStone Photo Resizer" = FastStone Photo Resizer 3.1 "F-Secure Product 444" = F-Secure Internet Security 2009 "GIMP-2_is1" = GIMP 2.8.0 "Hardcopy(G__hardcopy)" = Hardcopy (G:\hardcopy) "HxD Hex Editor_is1" = HxD Hex Editor Version 1.7.7.0 "ie8" = Windows Internet Explorer 8 "Inkscape" = Inkscape 0.48.2 "InstallShield_{15803703-25FA-4C01-A062-3F4A59937E87}" = Ulead PhotoImpact X3 "InstallShield_{668B1BD6-4593-4959-970E-249AFFE6F35C}" = VAIO-Online-Registrierung (Deutsch) "InstallShield_{9080C5D2-82FA-452A-87FA-CBB4B05D67A5}" = VAIO Product Survey "InstallShield_{F5E4C38C-73BC-4D44-8BFC-969C2B4DABCA}" = OpenMG Secure Module 4.3.00 "MAGIX Xtreme Druck Center D" = MAGIX Xtreme Druck Center 5.0.0.7399 (D) "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100 "Mein CEWE FOTOBUCH" = Mein CEWE FOTOBUCH "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "Microsoft .NET Framework 2.0 Language Pack - DEU" = Microsoft .NET Framework 2.0 Language Pack - DEU "Microsoft .NET Framework 3.0 German Language Pack" = Microsoft .NET Framework 3.0 German Language Pack "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "MouseSuite98" = Sony USB Mouse "Mozilla Firefox 18.0 (x86 de)" = Mozilla Firefox 18.0 (x86 de) "MozillaMaintenanceService" = Mozilla Maintenance Service "MP4 To MP3 Converter_is1" = MP4 To MP3 Converter V3.0.4 "Multiple Image Resizer .NET 4" = Multiple Image Resizer .NET 4 "My Club VAIO Media Center Edition_is1" = My Club VAIO MCE (German) 1.0.1 "net.tw.air.ShrinkOMatic.7C34F9BA9FAD6689FAABBE85F1F5B46BA5A32DE5.1" = Shrink O’Matic "Notepad++" = Notepad++ "NVIDIA Drivers" = NVIDIA Drivers "OpenMG HotFix4.3-05-09-14-01" = OpenMG Limited Patch 4.3-05-10-05-01 "PremElem20" = Adobe Premiere Elements 2.0 "ProInst" = Intel(R) PROSet/Wireless Software "PROSet" = Intel(R) PRO Network Connections Drivers "ShiftN_is1" = ShiftN 3.6.1 "Software Informer_is1" = Software Informer 1.1 "STRATO HiDrive" = STRATO HiDrive (remove only) "The GodFather" = The GodFather "Ubuntu One 4.0.0" = Ubuntu One "UnderCoverXP_is1" = UnderCoverXP 1.23 "VLC media player" = VLC media player 2.0.4 "WD Link" = WD Link "WIC" = Windows Imaging Component "Windows Media Format Runtime" = Windows Media Format Runtime "Windows XP Service Pack" = Windows XP Service Pack 3 "XpsEPSC" = XML Paper Specification Shared Components Pack 1.0 "XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0 ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-2067509887-573568312-3817669188-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "TwonkyServer" = Twonky 7 ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 10.01.2013 14:35:55 | Computer Name = LAPTOP-PC | Source = Application Error | ID = 1000 Description = Fehlgeschlagene Anwendung fsm32.exe, Version 8.10.30091.0, fehlgeschlagenes Modul gdiplus.dll, Version 5.2.6002.22791, Fehleradresse 0x000445f4. Error - 10.01.2013 14:35:58 | Computer Name = LAPTOP-PC | Source = F-Secure Anti-Virus | ID = 103 Description = 1 2013-01-10 19:35:36+02:00 LAPTOP-PC LAPTOP-PC\Wolfgang F-Secure Anti-Virus An error occurred while scanning \DEVICE\HARDDISKVOLUME13\DOKUMENTE UND EINSTELLUNGEN\WOLFGANG\ANWENDUNGSDATEN\SOFTWARE INFORMER\CACHE\ICONS\SIC4.TMP. Error - 10.01.2013 14:37:55 | Computer Name = LAPTOP-PC | Source = F-Secure Anti-Virus | ID = 103 Description = 2 2013-01-10 19:37:55+02:00 LAPTOP-PC LAPTOP-PC\Wolfgang F-Secure Anti-Virus An error occurred while scanning \DEVICE\HARDDISKVOLUME13\PROGRAMME\SONY\WLANSET\WLANSET.EXE. Error - 10.01.2013 14:38:54 | Computer Name = LAPTOP-PC | Source = MsiInstaller | ID = 11706 Description = Produkt: Microsoft .NET Framework 1.1 -- Fehler 1706.Für das Produkt "Microsoft .NET Framework 1.1" wurde kein gültiger Quellcode gefunden. Windows Installer kann nicht fortfahren. Error - 10.01.2013 14:38:56 | Computer Name = LAPTOP-PC | Source = MsiInstaller | ID = 1023 Description = Produkt: Microsoft .NET Framework 1.1 - Update "{6C298884-91FD-408C-9D90-5A59D2C29FD1}" konnte nicht installiert werden. Fehlercode 1603. Weitere Informationen sind in der Protokolldatei C:\WINDOWS\TEMP\NDP1.1sp1-KB2742597-X86\NDP1.1sp1-KB2742597-X86-msi.0.log enthalten. Error - 10.01.2013 14:38:57 | Computer Name = LAPTOP-PC | Source = NativeWrapper | ID = 5000 Description = Error - 10.01.2013 14:52:55 | Computer Name = LAPTOP-PC | Source = MsiInstaller | ID = 11706 Description = Produkt: Microsoft .NET Framework 1.1 -- Fehler 1706.Für das Produkt "Microsoft .NET Framework 1.1" wurde kein gültiger Quellcode gefunden. Windows Installer kann nicht fortfahren. Error - 10.01.2013 14:52:58 | Computer Name = LAPTOP-PC | Source = MsiInstaller | ID = 1023 Description = Produkt: Microsoft .NET Framework 1.1 - Update "{6C298884-91FD-408C-9D90-5A59D2C29FD1}" konnte nicht installiert werden. Fehlercode 1603. Weitere Informationen sind in der Protokolldatei C:\DOKUME~1\Wolfgang\LOKALE~1\Temp\NDP1.1sp1-KB2742597-X86\NDP1.1sp1-KB2742597-X86-msi.0.log enthalten. Error - 10.01.2013 14:52:58 | Computer Name = LAPTOP-PC | Source = NativeWrapper | ID = 5000 Description = Error - 10.01.2013 19:50:27 | Computer Name = LAPTOP-PC | Source = F-Secure Anti-Virus | ID = 103 Description = 1 2013-01-11 00:50:26+02:00 LAPTOP-PC LAPTOP-PC\Wolfgang F-Secure Anti-Virus Malicious code found in file C:\Dokumente und Einstellungen\Wolfgang\Desktop\wd4c1uoj.exe. Infection: Trojan.Generic.8544936 Action: The file was quarantined. [ System Events ] Error - 10.01.2013 16:54:36 | Computer Name = LAPTOP-PC | Source = DCOM | ID = 10010 Description = Der Server "{4B635ECB-0887-4015-8CA6-D621362F98D1}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden. Error - 10.01.2013 17:25:06 | Computer Name = LAPTOP-PC | Source = DCOM | ID = 10010 Description = Der Server "{4B635ECB-0887-4015-8CA6-D621362F98D1}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden. Error - 10.01.2013 17:55:36 | Computer Name = LAPTOP-PC | Source = DCOM | ID = 10010 Description = Der Server "{4B635ECB-0887-4015-8CA6-D621362F98D1}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden. Error - 10.01.2013 18:26:06 | Computer Name = LAPTOP-PC | Source = DCOM | ID = 10010 Description = Der Server "{4B635ECB-0887-4015-8CA6-D621362F98D1}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden. Error - 10.01.2013 18:56:36 | Computer Name = LAPTOP-PC | Source = DCOM | ID = 10010 Description = Der Server "{4B635ECB-0887-4015-8CA6-D621362F98D1}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden. Error - 10.01.2013 19:18:41 | Computer Name = LAPTOP-PC | Source = DCOM | ID = 10010 Description = Der Server "{4B635ECB-0887-4015-8CA6-D621362F98D1}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden. Error - 10.01.2013 19:20:12 | Computer Name = LAPTOP-PC | Source = DCOM | ID = 10010 Description = Der Server "{4B635ECB-0887-4015-8CA6-D621362F98D1}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden. Error - 10.01.2013 19:21:42 | Computer Name = LAPTOP-PC | Source = DCOM | ID = 10010 Description = Der Server "{4B635ECB-0887-4015-8CA6-D621362F98D1}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden. Error - 10.01.2013 19:23:12 | Computer Name = LAPTOP-PC | Source = DCOM | ID = 10010 Description = Der Server "{4B635ECB-0887-4015-8CA6-D621362F98D1}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden. Error - 10.01.2013 19:24:42 | Computer Name = LAPTOP-PC | Source = DCOM | ID = 10010 Description = Der Server "{4B635ECB-0887-4015-8CA6-D621362F98D1}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden. < End of report > |
11.01.2013, 01:08 | #18 |
| GVU-Trojaner erkannt und z. T. gelöscht Hallo Cosinus,
__________________zunächst habe ich -alle offenen Programme und Browser geschlossen um dann -die adwcleaner.exe mit einem Doppelklick zu starten. -Anschließend habe ich den "Löschen"-Knopf betätigt und die folgenden Fragen mit "OK" beantwortet. -Der Rechner wurde neu gestartet und es öffnete sich eine Textdatei, deren Inhalt ich nun poste (anbei). Danach die Kontrolle mit OTL -Doppelklick auf die OTL.exe und mittig den Haken bei scanne alle Benutzer setzen. -Minimalen Output und Use SafeList wählen. -Auf Run Scan links oben klicken. -Wenn der Scan beendet ist, sind die beiden Logfiles, die erstellt wurden in CODE-Tags in den Thread zu posten. (Anbei) Unter Heute 00.50 meldet mein Antivirenprogramm "Trojan.Generic.8544936" entfernt. Vielen Dank für Hilfen, Hinweise und Vorgehensweisen. wolfk Code:
ATTFilter # AdwCleaner v2.105 - Datei am 11/01/2013 um 00:14:37 erstellt # Aktualisiert am 08/01/2013 von Xplode # Betriebssystem : Microsoft Windows XP Service Pack 3 (32 bits) # Benutzer : Wolfgang - LAPTOP-PC # Bootmodus : Normal # Ausgeführt unter : C:\Dokumente und Einstellungen\Wolfgang\Desktop\adwcleaner.exe # Option [Löschen] **** [Dienste] **** ***** [Dateien / Ordner] ***** Datei Gelöscht : C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job Ordner Gelöscht : C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\boost_interprocess Ordner Gelöscht : C:\Programme\Ask.com Ordner Gelöscht : C:\WINDOWS\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE} ***** [Registrierungsdatenbank] ***** Schlüssel Gelöscht : HKCU\Software\APN Schlüssel Gelöscht : HKCU\Software\Ask.com Schlüssel Gelöscht : HKCU\Software\AskToolbar Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0} Schlüssel Gelöscht : HKLM\Software\APN Schlüssel Gelöscht : HKLM\Software\AskToolbar Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC} Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E} Schlüssel Gelöscht : HKLM\Software\Description Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE} Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0CFE535C35F99574E8340BFA75BF92C2 Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\120DFADEB50841F408F04D2A278F9509 Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6 Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\261F213D1F55267499B1F87D0CC3BCF7 Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852 Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0 Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96 Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8 Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01 Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59 Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472 Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296 Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888 Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE} Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{00000000-6E41-4FD3-8538-502F5495E5FC}] Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater] ***** [Internet Browser] ***** -\\ Internet Explorer v8.0.6001.18702 Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://de.ask.com/?l=dis&o=100000013&gct=hp --> hxxp://www.google.com ************************* AdwCleaner[R1].txt - [6833 octets] - [04/01/2013 17:52:17] AdwCleaner[R2].txt - [6172 octets] - [10/01/2013 21:49:37] AdwCleaner[S2].txt - [6141 octets] - [11/01/2013 00:14:37] ########## EOF - C:\AdwCleaner[S2].txt - [6201 octets] ########## Code:
ATTFilter OTL logfile created on: 11.01.2013 00:41:23 - Run 4 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Dokumente und Einstellungen\Wolfgang\Desktop Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,14 Gb Available Physical Memory | 56,91% Memory free 3,85 Gb Paging File | 2,99 Gb Available in Paging File | 77,63% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 48,83 Gb Total Space | 25,70 Gb Free Space | 52,63% Space Free | Partition Type: NTFS Drive D: | 140,58 Gb Total Space | 125,16 Gb Free Space | 89,03% Space Free | Partition Type: FAT32 Drive F: | 48,83 Gb Total Space | 35,30 Gb Free Space | 72,30% Space Free | Partition Type: NTFS Drive G: | 75,89 Gb Total Space | 68,84 Gb Free Space | 90,71% Space Free | Partition Type: NTFS Drive J: | 50,27 Gb Total Space | 50,27 Gb Free Space | 100,00% Space Free | Partition Type: FAT32 Drive N: | 465,73 Gb Total Space | 115,08 Gb Free Space | 24,71% Space Free | Partition Type: NTFS Computer Name: LAPTOP-PC | User Name: Wolfgang | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - G:\Programme\mozilla firefox\firefox.exe (Mozilla Corporation) PRC - G:\Eigene Programme\F-Secure\Anti-Virus\fsav32.exe (F-Secure Corporation) PRC - G:\Eigene Programme\F-Secure\Anti-Virus\fssm32.exe (F-Secure Corporation) PRC - G:\Eigene Programme\F-Secure\Anti-Virus\fsgk32.exe (F-Secure Corporation) PRC - C:\Dokumente und Einstellungen\Wolfgang\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\Box Sync\BoxSyncHelper.exe (Box, Inc.) PRC - C:\Programme\Box Sync\BoxSync.exe (Box, Inc.) PRC - C:\Programme\ubuntuone\dist\ubuntu-sso-login.exe () PRC - C:\Programme\ubuntuone\dist\ubuntuone-syncdaemon.exe () PRC - C:\Programme\ubuntuone\dist\ubuntuone-proxy-tunnel.exe () PRC - C:\Programme\ubuntuone\dist\ubuntuone-control-panel-qt.exe () PRC - C:\Programme\Twonky\TwonkyServer\twonkyproxy.exe () PRC - C:\Programme\Twonky\TwonkyServer\twonkywebdav.exe () PRC - C:\Programme\Twonky\TwonkyServer\twonkytray.exe (PacketVideo) PRC - C:\Programme\Java\jre7\bin\jqs.exe (Oracle Corporation) PRC - G:\Programme\PDF24\pdf24.exe (Geek Software GmbH) PRC - G:\Programme\Notepad++\notepad++.exe (Don HO don.h@free.fr) PRC - C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) PRC - G:\Eigene Programme\F-Secure\ORSP Client\fsorsp.exe (F-Secure Corporation) PRC - G:\hardcopy\hardcopy.exe (sw4you, Siegfried Weckmann) PRC - C:\Programme\Sony\VAIO Update 5\VAIOUpdt.exe (Sony Corporation) PRC - C:\Programme\Sony\VAIO Update Common\VUAgent.exe (Sony Corporation) PRC - G:\Programme\STRATO AG\STRATO HiDrive\STRATO HiDrive Service.exe (STRATO) PRC - C:\Programme\Software Informer\softinfo.exe (Informer Technologies, Inc.) PRC - C:\Programme\Nero\Update\NASvc.exe (Nero AG) PRC - G:\Eigene Programme\F-Secure\Common\FSM32.EXE (F-Secure Corporation) PRC - G:\Eigene Programme\F-Secure\Common\FSMA32.EXE (F-Secure Corporation) PRC - G:\Eigene Programme\F-Secure\Common\FSHDLL32.EXE (F-Secure Corporation) PRC - G:\Eigene Programme\F-Secure\FWES\program\fsdfwd.exe (F-Secure Corporation) PRC - G:\Eigene Programme\F-Secure\Anti-Virus\fsgk32st.exe (F-Secure Corporation) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Gemeinsame Dateien\Ulead Systems\AutoDetector\Monitor.exe (Ulead Systems, Inc.) PRC - C:\Programme\Sony\VAIO Camera Utility\VCUServe.exe (Sony Corporation) PRC - C:\Programme\Sony\VAIO Power Management\SPMgr.exe (Sony Corporation) PRC - C:\Programme\Sony\Wireless Switch Setting Utility\Switcher.exe (Sony Corporation) PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.) PRC - C:\Programme\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe () PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe (TOSHIBA CORPORATION.) PRC - C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe (Sony Corporation) PRC - C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe (Sony Corporation) PRC - C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe (Sony Corporation) PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe (TOSHIBA CORPORATION.) PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe (TOSHIBA CORPORATION.) PRC - C:\Programme\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation) PRC - C:\Programme\Adobe\Acrobat 7.0\Distillr\acrotray.exe (Adobe Systems Inc.) PRC - C:\Programme\Apoint\Apoint.exe (Alps Electric Co., Ltd.) PRC - C:\Programme\Apoint\ApntEx.exe (Alps Electric Co., Ltd.) PRC - C:\Programme\Sony\ISB Utility\ISBMgr.exe (Sony Corporation) PRC - C:\WINDOWS\system32\ico.exe (Primax Electronics Ltd.) ========== Modules (No Company Name) ========== MOD - G:\Programme\mozilla firefox\mozjs.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\BoxSyncHelper\69a33ca4d86dd204a06bebc087d60b26\BoxSyncHelper.ni.exe () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Newtonsoft.Json.Net#\ad7f1ab6eb4d4760d6a44da93a726174\Newtonsoft.Json.Net20.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Python.Runtime\e504461905e60c71e7b15698bca2b340\Python.Runtime.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Management\1a6f9e23985e3159e6dd9827fd81c2fd\System.Management.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\ZetaLongPaths\79a6c14accd5a637a81f08525630c90e\ZetaLongPaths.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\BoxUtils\8fcb0e3bc42873044d8bb5ba01a4fd68\BoxUtils.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\BoxSync\a3b01b2b9821350be75712b900bf5589\BoxSync.ni.exe () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\5f287bf8e66e3b9bfc5562ad7e3c7857\System.Configuration.Install.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\d8e6b9c70a9456677c5d746fa603013f\System.Web.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\d7a2248a76f0e94d56c92c5bf96f5175\System.Runtime.Remoting.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Transactions\ad737988d5bde126a3b7770eacc51e5b\System.Transactions.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data\8462c03b4f10c4624feb95790d6d1e30\System.Data.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Accessibility\cbee94ec6a0fe649e3b4643cea6e1259\Accessibility.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\4c91371e83d124ecb39664613e7e0417\System.Windows.Forms.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\7782f356a838c403b4a8e9c80df5a577\System.Drawing.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Security\203f25ba39b45027d2d0c8f849a471db\System.Security.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\d8f621506aee1c8eb8fdb948d4640dca\System.Data.SqlXml.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\fe025743210c22bea2f009e1612c38bf\System.Xml.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\96b7a0136e9e72e8f4eb0230c20766d2\System.Configuration.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\aeac298c43c77d8860db8e7634d9f2eb\System.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\eab2340ead8e1a84bdf1a87868659979\mscorlib.ni.dll () MOD - C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll () MOD - C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll () MOD - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.DEU () MOD - C:\Programme\ubuntuone\dist\ubuntu-sso-login.exe () MOD - C:\Programme\ubuntuone\dist\ubuntuone-syncdaemon.exe () MOD - C:\Programme\ubuntuone\dist\ubuntuone-proxy-tunnel.exe () MOD - C:\Programme\ubuntuone\dist\ubuntuone-control-panel-qt.exe () MOD - C:\Programme\Twonky\TwonkyServer\twonkyproxy.exe () MOD - C:\Programme\Twonky\TwonkyServer\twonkywebdav.exe () MOD - C:\Programme\ubuntuone\dist\zope.interface._zope_interface_coptimizations.pyd () MOD - C:\Programme\ubuntuone\dist\OpenSSL.crypto.pyd () MOD - C:\Programme\ubuntuone\dist\OpenSSL.SSL.pyd () MOD - C:\Programme\ubuntuone\dist\OpenSSL.rand.pyd () MOD - C:\Programme\ubuntuone\dist\Crypto.Cipher.AES.pyd () MOD - C:\Programme\ubuntuone\dist\twisted.python._initgroups.pyd () MOD - C:\Programme\Box Sync\_ssl.pyd () MOD - C:\Programme\Box Sync\unicodedata.pyd () MOD - C:\Programme\Box Sync\sqlite3.dll () MOD - C:\Programme\Box Sync\_hashlib.pyd () MOD - C:\Programme\Box Sync\pyexpat.pyd () MOD - C:\Programme\Box Sync\win32file.pyd () MOD - C:\Programme\Box Sync\pywintypes27.dll () MOD - C:\Programme\Box Sync\win32security.pyd () MOD - C:\Programme\Box Sync\win32api.pyd () MOD - C:\Programme\Box Sync\_elementtree.pyd () MOD - C:\Programme\Box Sync\_ctypes.pyd () MOD - C:\Programme\Box Sync\_sqlite3.pyd () MOD - C:\Programme\Box Sync\_socket.pyd () MOD - C:\Programme\Box Sync\_testcapi.pyd () MOD - C:\Programme\Box Sync\_win32sysloader.pyd () MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Core\a2b1103ad3d9f329e0c9164994137c81\System.Core.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml\21071fcc838660d96f10920c4c3cd206\System.Xml.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Configuration\363b05dd092178671e56531a9c4999b6\System.Configuration.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System\3ff4657a86a0e14b4be577969e0ec762\System.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\mscorlib\52f4f785f7cf45a64606a8e13c8cf04c\mscorlib.ni.dll () MOD - C:\Programme\ubuntuone\dist\PyQt4.QtNetwork.pyd () MOD - C:\Programme\ubuntuone\dist\PyQt4.QtGui.pyd () MOD - C:\Programme\ubuntuone\dist\PyQt4.QtCore.pyd () MOD - C:\Programme\ubuntuone\dist\sip.pyd () MOD - G:\Eigene Programme\F-Secure\Anti-Virus\minifilter\hashlib_x86.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll () MOD - G:\hardcopy\HcDllS.dll () MOD - C:\Programme\ubuntuone\dist\_ssl.pyd () MOD - C:\Programme\ubuntuone\dist\_hashlib.pyd () MOD - C:\Programme\ubuntuone\dist\_ctypes.pyd () MOD - C:\Programme\ubuntuone\dist\select.pyd () MOD - C:\Programme\ubuntuone\dist\unicodedata.pyd () MOD - C:\Programme\ubuntuone\dist\_socket.pyd () MOD - G:\hardcopy\HcDLL2_36_Win32.dll () MOD - C:\Programme\ubuntuone\dist\win32com.shell.shell.pyd () MOD - C:\Programme\ubuntuone\dist\pythoncom27.dll () MOD - C:\Programme\ubuntuone\dist\win32gui.pyd () MOD - C:\Programme\ubuntuone\dist\win32api.pyd () MOD - C:\Programme\ubuntuone\dist\win32trace.pyd () MOD - C:\Programme\ubuntuone\dist\win32security.pyd () MOD - C:\Programme\ubuntuone\dist\win32process.pyd () MOD - C:\Programme\ubuntuone\dist\win32pipe.pyd () MOD - C:\Programme\ubuntuone\dist\win32event.pyd () MOD - C:\Programme\ubuntuone\dist\win32file.pyd () MOD - C:\Programme\ubuntuone\dist\pywintypes27.dll () MOD - G:\hardcopy\hardcopy_04.dll () MOD - G:\Programme\Notepad++\plugins\NppFTP.dll () MOD - G:\Programme\Notepad++\plugins\NppExport.dll () MOD - C:\WINDOWS\system32\sbe.dll () MOD - G:\Eigene Programme\F-Secure\Spam Control\fsas.dll () MOD - \\?\g:\eigene programme\f-secure\hips\fsumi.dll () MOD - G:\Eigene Programme\F-Secure\FSGUI\strres.eng () MOD - G:\Eigene Programme\F-Secure\FSGUI\gres.dll () MOD - G:\Eigene Programme\F-Secure\FSGUI\fsavures.eng () MOD - G:\Eigene Programme\F-Secure\FSGUI\flyerres.eng () MOD - G:\Eigene Programme\F-Secure\FSGUI\about.dll () MOD - G:\Eigene Programme\F-Secure\FSGUI\aboutres.dll () MOD - G:\Eigene Programme\F-Secure\Anti-Virus\fsavhres.eng () MOD - g:\Eigene Programme\F-Secure\DAAS2\daas2.dll () MOD - C:\WINDOWS\system32\msdmo.dll () MOD - C:\Programme\Gemeinsame Dateien\Ulead Systems\AutoDetector\DetMethod.dll () MOD - C:\WINDOWS\system32\msjetoledb40.dll () MOD - C:\Programme\Sony\VAIO Camera Utility\VCULib.dll () MOD - C:\Programme\Intel\Wireless\Bin\Libeay32.dll () MOD - C:\Programme\Intel\Wireless\Bin\iWMSProv.dll () MOD - C:\Programme\Intel\Wireless\Bin\IntStngs.dll () MOD - C:\Programme\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe () MOD - C:\WINDOWS\system32\TosCommAPI.dll () MOD - C:\Programme\Sony\VAIO Event Service\VESBasePS.dll () MOD - C:\Programme\Adobe\Acrobat 7.0\Distillr\AdistRes.DEU () MOD - C:\WINDOWS\system32\TosBtHcrpAPI.dll () ========== Services (SafeList) ========== SRV - (HidServ) -- %SystemRoot%\System32\hidserv.dll File not found SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (TwonkyProxy) -- C:\Programme\Twonky\TwonkyServer\twonkyproxy.exe () SRV - (TwonkyWebDav) -- C:\Programme\Twonky\TwonkyServer\twonkywebdav.exe () SRV - (JavaQuickStarterService) -- C:\Programme\Java\jre7\bin\jqs.exe (Oracle Corporation) SRV - (FSORSPClient) -- G:\Eigene Programme\F-Secure\ORSP Client\fsorsp.exe (F-Secure Corporation) SRV - (VUAgent) -- C:\Programme\Sony\VAIO Update Common\VUAgent.exe (Sony Corporation) SRV - (STRATO HiDrive Service) -- G:\Programme\STRATO AG\STRATO HiDrive\STRATO HiDrive Service.exe (STRATO) SRV - (NAUpdate) -- C:\Programme\Nero\Update\NASvc.exe (Nero AG) SRV - (FSMA) -- G:\Eigene Programme\F-Secure\Common\FSMA32.EXE (F-Secure Corporation) SRV - (FSDFWD) -- G:\Eigene Programme\F-Secure\FWES\program\fsdfwd.exe (F-Secure Corporation) SRV - (F-Secure Gatekeeper Handler Starter) -- G:\Eigene Programme\F-Secure\Anti-Virus\fsgk32st.exe (F-Secure Corporation) SRV - (VAIOMediaPlatform-IntegratedServer-AppServer) -- C:\Programme\Sony\VAIO Media Integrated Server\VMISrv.exe (Sony Corporation) SRV - (VAIOMediaPlatform-IntegratedServer-UPnP) -- C:\Programme\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe (Sony Corporation) SRV - (VAIOMediaPlatform-IntegratedServer-HTTP) -- C:\Programme\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe (Sony Corporation) SRV - (VAIOMediaPlatform-Mobile-Gateway) -- C:\Programme\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe (Sony Corporation) SRV - (VAIO Entertainment TV Device Arbitration Service) -- C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe (Sony Corporation) SRV - (SSScsiSV) -- C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\SSScsiSV.exe (Sony Corporation) SRV - (AdobeActiveFileMonitor4.0) -- C:\Programme\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe () SRV - (VzCdbSvc) -- C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe (Sony Corporation) SRV - (VzFw) -- C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe (Sony Corporation) SRV - (Vcsw) -- C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe (Sony Corporation) SRV - (MSCSPTISRV) -- C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\MSCSPTISRV.exe (Sony Corporation) SRV - (PACSPTISVR) -- C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\PACSPTISVR.exe (Sony Corporation) SRV - (SPTISRV) -- C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\SPTISRV.exe (Sony Corporation) SRV - (Image Converter video recording monitor for VAIO Entertainment) -- C:\Programme\Sony\Image Converter 2\IcVzMon.exe (Sony Corporation) SRV - (VAIO Event Service) -- C:\Programme\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation) SRV - (VCI) -- C:\Programme\Sony\VAIO Cooperated Initialisation\VCI_svc.exe (Sony Corporation) ========== Driver Services (SafeList) ========== DRV - (WDICA) -- File not found DRV - (PDRFRAME) -- File not found DRV - (PDRELI) -- File not found DRV - (PDFRAME) -- File not found DRV - (PDCOMP) -- File not found DRV - (PCIDump) -- File not found DRV - (lbrtfdc) -- File not found DRV - (i2omgmt) -- File not found DRV - (esihdrv) -- C:\DOKUME~1\Wolfgang\LOKALE~1\Temp\esihdrv.sys File not found DRV - (Changer) -- File not found DRV - (catchme) -- C:\DOKUME~1\Wolfgang\LOKALE~1\Temp\catchme.sys File not found DRV - (F-Secure Gatekeeper) -- G:\Eigene Programme\F-Secure\Anti-Virus\minifilter\fsgk.sys () DRV - (fsbts) -- C:\WINDOWS\system32\drivers\fsbts.sys () DRV - (NBVol) -- C:\WINDOWS\system32\drivers\NBVol.sys (Nero AG) DRV - (NBVolUp) -- C:\WINDOWS\system32\drivers\NBVolUp.sys (Nero AG) DRV - (tap0901) -- C:\WINDOWS\system32\drivers\tap0901.sys (The OpenVPN Project) DRV - (F-Secure HIPS) -- G:\Eigene Programme\F-Secure\HIPS\drivers\fshs.sys (F-Secure Corporation) DRV - (FSFW) -- C:\WINDOWS\system32\drivers\fsdfw.sys (F-Secure Corporation) DRV - (F-Secure Filter) -- G:\Eigene Programme\F-Secure\Anti-Virus\win2k\fsfilter.sys () DRV - (F-Secure Recognizer) -- G:\Eigene Programme\F-Secure\Anti-Virus\win2k\fsrec.sys () DRV - (WDC_SAM) -- C:\WINDOWS\system32\drivers\wdcsam.sys (Western Digital Technologies) DRV - (SonyImgF) -- C:\WINDOWS\system32\drivers\SonyImgF.sys (Sony Corporation) DRV - (s24trans) -- C:\WINDOWS\system32\drivers\s24trans.sys (Intel Corporation) DRV - (w39n51) -- C:\WINDOWS\system32\drivers\w39n51.sys (Intel® Corporation) DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (SigmaTel, Inc.) DRV - (Tosrfusb) -- C:\WINDOWS\system32\drivers\tosrfusb.sys (TOSHIBA CORPORATION) DRV - (TosRfSnd) -- C:\WINDOWS\system32\drivers\tosrfsnd.sys (TOSHIBA Corporation) DRV - (usbvm321) -- C:\WINDOWS\system32\drivers\usbvm321.sys (Vimicro Corporation) DRV - (HSF_DPV) -- C:\WINDOWS\system32\drivers\HSF_DPV.sys (Conexant Systems, Inc.) DRV - (HSFHWAZL) -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys (Conexant Systems, Inc.) DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.) DRV - (Tosrfbd) -- C:\WINDOWS\system32\drivers\tosrfbd.sys (TOSHIBA CORPORATION) DRV - (Tosrfhid) -- C:\WINDOWS\system32\drivers\tosrfhid.sys (TOSHIBA Corporation.) DRV - (ti21sony) -- C:\WINDOWS\system32\drivers\ti21sony.sys (Texas Instruments) DRV - (SI3132) -- C:\WINDOWS\system32\drivers\SI3132.sys (Silicon Image, Inc.) DRV - (SiRemFil) -- C:\WINDOWS\system32\drivers\SiRemFil.sys (Silicon Image, Inc.) DRV - (tosporte) -- C:\WINDOWS\system32\drivers\tosporte.sys (TOSHIBA Corporation) DRV - (Tosrfbnp) -- C:\WINDOWS\system32\drivers\tosrfbnp.sys (TOSHIBA Corporation) DRV - (Tosrfcom) -- C:\WINDOWS\system32\drivers\tosrfcom.sys (TOSHIBA Corporation) DRV - (toshidpt) -- C:\WINDOWS\system32\drivers\toshidpt.sys (TOSHIBA Corporation.) DRV - (tosrfnds) -- C:\WINDOWS\system32\drivers\tosrfnds.sys (TOSHIBA Corporation.) DRV - (ApfiltrService) -- C:\WINDOWS\system32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.) DRV - (SiFilter) -- C:\WINDOWS\system32\drivers\SiWinAcc.sys (Silicon Image, Inc.) DRV - (DMICall) -- C:\WINDOWS\system32\drivers\DMICall.sys (Sony Corporation) DRV - (SNC) -- C:\WINDOWS\system32\drivers\SonyNC.sys (Sony Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.club-vaio.com/de/ IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.club-vaio.com/de/ IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-2067509887-573568312-3817669188-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKU\S-1-5-21-2067509887-573568312-3817669188-1006\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-2067509887-573568312-3817669188-1006\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-2067509887-573568312-3817669188-1006\..\SearchScopes\{0F9E37E5-7094-4B2A-BA63-45728792B28B}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=FKR&o=100000013&src=crm&q={searchTerms}&locale=&apn_ptnrs=2T&apn_dtid=YYYYYYYYDE&apn_uid=20f87da0-8a57-4582-a7cf-f83df4dd67e0&apn_sauid=E6103EC5-827E-45F3-9103-1CA704EF6625 IE - HKU\S-1-5-21-2067509887-573568312-3817669188-1006\..\SearchScopes\{AF0B3699-313C-47CE-B187-97C181997C92}: "URL" = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 IE - HKU\S-1-5-21-2067509887-573568312-3817669188-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "Ask.com" FF - prefs.js..browser.search.defaultenginename: "Ask.com" FF - prefs.js..browser.search.order.1: "Ask.com" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.startup.homepage: "hxxp://www.kottowski.de" FF - prefs.js..extensions.enabledAddons: spam%40trashmail.net:2.6.2 FF - prefs.js..extensions.enabledAddons: litmus-ff%40f-secure.com:1.10 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0 FF - prefs.js..keyword.URL: "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=FKR&o=100000013&locale=de_DE&apn_uid=20f87da0-8a57-4582-a7cf-f83df4dd67e0&apn_ptnrs=2T&apn_sauid=E6103EC5-827E-45F3-9103-1CA704EF6625&apn_dtid=YYYYYYYYDE&&q=" FF - prefs.js..network.proxy.type: 0 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Programme\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@Nero.com/KM: C:\PROGRA~1\GEMEIN~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.4: G:\Programme\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: G:\Programme\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101753.dll (Amazon.com, Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\litmus-ff@f-secure.com: G:\Eigene Programme\F-Secure\NRS\litmus-ff@f-secure.com [2013.01.03 20:18:32 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0\extensions\\Components: g:\programme\mozilla firefox\components [2013.01.10 20:43:04 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0\extensions\\Plugins: g:\programme\mozilla firefox\plugins [2012.06.10 19:48:52 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Wolfgang\Anwendungsdaten\Mozilla\Extensions [2012.12.02 20:03:37 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Wolfgang\Anwendungsdaten\Mozilla\Firefox\Profiles\jp8vstay.default\extensions [2012.10.24 21:55:03 | 000,000,000 | ---D | M] (Fotosketcher Toolbar) -- C:\Dokumente und Einstellungen\Wolfgang\Anwendungsdaten\Mozilla\Firefox\Profiles\jp8vstay.default\extensions\toolbar@ask.com [2012.12.02 20:03:37 | 000,217,069 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\Wolfgang\Anwendungsdaten\Mozilla\Firefox\Profiles\jp8vstay.default\extensions\spam@trashmail.net.xpi [2012.10.24 21:55:04 | 000,002,331 | ---- | M] () -- C:\Dokumente und Einstellungen\Wolfgang\Anwendungsdaten\Mozilla\Firefox\Profiles\jp8vstay.default\searchplugins\askcom.xml [2013.01.03 20:18:32 | 000,000,000 | ---D | M] ("urn:mozilla:install-manifest" em:creator="(c) 2007 by F-Secure" em:description="Browsing Protection Toolbar" em:homepageURL="hxxp://www.f-secure.com/" em:iconURL="chrome://litmus-ff/skin/logo.png" em:id="litmus-ff@f-secure.com" em:name="Browsing Protection" em:updateURL="https://10.70.0.25/fireup/update.rdf" em:version="1.10">) -- G:\EIGENE PROGRAMME\F-SECURE\NRS\LITMUS-FF@F-SECURE.COM O1 HOSTS File: ([2013.01.09 21:56:43 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Programme\Google\GoogleToolbar1.dll (Google Inc.) O2 - BHO: (Browsing Protection Class) - {C6867EB7-8350-4856-877F-93CF8AE3DC9C} - G:\Eigene Programme\F-Secure\NRS\iescript\baselitmus.dll (F-Secure Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Programme\Google\GoogleToolbar1.dll (Google Inc.) O3 - HKLM\..\Toolbar: (Browsing Protection Toolbar) - {265EEE8E-3228-44D3-AEA5-F7FDF5860049} - G:\Eigene Programme\F-Secure\NRS\iescript\baselitmus.dll (F-Secure Corporation) O3 - HKU\S-1-5-21-2067509887-573568312-3817669188-1006\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found. O3 - HKU\S-1-5-21-2067509887-573568312-3817669188-1006\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found. O3 - HKU\S-1-5-21-2067509887-573568312-3817669188-1006\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Programme\Google\GoogleToolbar1.dll (Google Inc.) O4 - HKLM..\Run: [Acrobat Assistant 7.0] C:\Programme\Adobe\Acrobat 7.0\Distillr\Acrotray.exe (Adobe Systems Inc.) O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [Apoint] C:\Programme\Apoint\Apoint.exe (Alps Electric Co., Ltd.) O4 - HKLM..\Run: [BoxSyncHelper] C:\Programme\Box Sync\BoxSyncHelper.exe (Box, Inc.) O4 - HKLM..\Run: [F-Secure Manager] G:\Eigene Programme\F-Secure\Common\FSM32.EXE (F-Secure Corporation) O4 - HKLM..\Run: [F-Secure TNB] G:\Eigene Programme\F-Secure\FSGUI\TNBUtil.exe (F-Secure Corporation) O4 - HKLM..\Run: [ISBMgr.exe] C:\Programme\Sony\ISB Utility\ISBMgr.exe (Sony Corporation) O4 - HKLM..\Run: [Mouse Suite 98 Daemon] C:\WINDOWS\System32\ico.exe (Primax Electronics Ltd.) O4 - HKLM..\Run: [NBAgent] C:\Programme\Nero\Nero 11\Nero BackItUp\NBAgent.exe (Nero AG) O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [PDFPrint] G:\Programme\PDF24\pdf24.exe (Geek Software GmbH) O4 - HKLM..\Run: [SonyPowerCfg] C:\Programme\Sony\VAIO Power Management\SPMgr.exe (Sony Corporation) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) O4 - HKLM..\Run: [Switcher.exe] C:\Programme\Sony\Wireless Switch Setting Utility\Switcher.exe (Sony Corporation) O4 - HKLM..\Run: [Ulead AutoDetector v2] C:\Programme\Gemeinsame Dateien\Ulead Systems\AutoDetector\Monitor.exe (Ulead Systems, Inc.) O4 - HKLM..\Run: [VAIO Update 5] C:\Programme\Sony\VAIO Update 5\VAIOUpdt.exe (Sony Corporation) O4 - HKLM..\Run: [VAIOCameraUtility] C:\Programme\Sony\VAIO Camera Utility\VCUServe.exe (Sony Corporation) O4 - HKU\S-1-5-21-2067509887-573568312-3817669188-1006..\Run: [Software Informer] C:\Programme\Software Informer\softinfo.exe (Informer Technologies, Inc.) O4 - HKU\S-1-5-21-2067509887-573568312-3817669188-1006..\Run: [Ubuntu One] C:\Programme\ubuntuone\dist\ubuntuone-syncdaemon.exe () O4 - HKU\S-1-5-21-2067509887-573568312-3817669188-1006..\Run: [Ubuntu One Icon] C:\Programme\ubuntuone\dist\ubuntuone-control-panel-qt.exe () O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Bluetooth Manager.lnk = C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe () O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Box Sync.lnk = C:\Programme\Box Sync\BoxSync.exe (Box, Inc.) O4 - Startup: C:\Dokumente und Einstellungen\Wolfgang\Startmenü\Programme\Autostart\Hardcopy.LNK = G:\hardcopy\hardcopy.exe (sw4you, Siegfried Weckmann) O4 - Startup: C:\Dokumente und Einstellungen\Wolfgang\Startmenü\Programme\Autostart\Twonky 7.1.lnk = C:\Programme\Twonky\TwonkyServer\twonkytray.exe (PacketVideo) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-2067509887-573568312-3817669188-1006\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-2067509887-573568312-3817669188-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\S-1-5-21-2067509887-573568312-3817669188-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-21-2067509887-573568312-3817669188-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: &Google-Suche - C:\Programme\Google\GoogleToolbar1.dll (Google Inc.) O8 - Extra context menu item: &Ins Deutsche übersetzen - C:\Programme\Google\GoogleToolbar1.dll (Google Inc.) O8 - Extra context menu item: Ähnliche Seiten - C:\Programme\Google\GoogleToolbar1.dll (Google Inc.) O8 - Extra context menu item: Im Cache gespeicherte Seite - C:\Programme\Google\GoogleToolbar1.dll (Google Inc.) O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Verweisseiten - C:\Programme\Google\GoogleToolbar1.dll (Google Inc.) O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_05\bin\NPJPI150_05.dll (Sun Microsystems, Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - G:\Eigene Programme\F-Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - G:\Eigene Programme\F-Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - G:\Eigene Programme\F-Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - G:\Eigene Programme\F-Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation) O15 - HKU\.DEFAULT\..Trusted Domains: sony-europe.com ([] in Lokales Intranet) O15 - HKU\.DEFAULT\..Trusted Domains: sony-europe.com ([]* in Vertrauenswürdige Sites) O15 - HKU\.DEFAULT\..Trusted Domains: sonystyle-europe.com ([] in Lokales Intranet) O15 - HKU\.DEFAULT\..Trusted Domains: sonystyle-europe.com ([]* in Vertrauenswürdige Sites) O15 - HKU\.DEFAULT\..Trusted Domains: vaio-link.com ([] in Lokales Intranet) O15 - HKU\.DEFAULT\..Trusted Domains: vaio-link.com ([]* in Vertrauenswürdige Sites) O15 - HKU\S-1-5-18\..Trusted Domains: sony-europe.com ([] in Lokales Intranet) O15 - HKU\S-1-5-18\..Trusted Domains: sony-europe.com ([]* in Vertrauenswürdige Sites) O15 - HKU\S-1-5-18\..Trusted Domains: sonystyle-europe.com ([] in Lokales Intranet) O15 - HKU\S-1-5-18\..Trusted Domains: sonystyle-europe.com ([]* in Vertrauenswürdige Sites) O15 - HKU\S-1-5-18\..Trusted Domains: vaio-link.com ([] in Lokales Intranet) O15 - HKU\S-1-5-18\..Trusted Domains: vaio-link.com ([]* in Vertrauenswürdige Sites) O15 - HKU\S-1-5-21-2067509887-573568312-3817669188-1006\..Trusted Domains: sony-europe.com ([]* in Trusted sites) O15 - HKU\S-1-5-21-2067509887-573568312-3817669188-1006\..Trusted Domains: sonystyle-europe.com ([]* in Trusted sites) O15 - HKU\S-1-5-21-2067509887-573568312-3817669188-1006\..Trusted Domains: vaio-link.com ([]* in Trusted sites) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab (Reg Error: Value error.) O16 - DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab (Java Plug-in 1.5.0_05) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D736588D-959B-4DE4-8835-3D3DDD703445}: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\VESWinlogon: DllName - (VESWinlogon.dll) - C:\WINDOWS\System32\VESWinlogon.dll (Sony Corporation) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: C:\WINDOWS\VAIO Sea Wallpaper TrueColor 1280x800.bmp O24 - Desktop BackupWallPaper: C:\WINDOWS\VAIO Sea Wallpaper TrueColor 1280x800.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2005.12.12 17:40:12 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - F:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2013.01.10 19:53:32 | 000,000,000 | -HSD | C] -- C:\RECYCLER [2013.01.10 01:04:17 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\mbar-1.01.0.1011 [2013.01.09 21:40:45 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Wolfgang\Anwendungsdaten\Opera [2013.01.09 21:31:25 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Wolfgang\Lokale Einstellungen\Anwendungsdaten\PCHealth [2013.01.08 22:49:57 | 000,000,000 | RHSD | C] -- C:\cmdcons [2013.01.08 22:46:23 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe [2013.01.08 22:46:23 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe [2013.01.08 22:46:22 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe [2013.01.08 22:46:22 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe [2013.01.08 22:45:53 | 000,000,000 | ---D | C] -- C:\Qoobox [2013.01.08 22:45:50 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\Wolfgang\Startmenü\Programme\Verwaltung [2013.01.08 22:45:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt [2013.01.08 22:41:04 | 005,019,950 | R--- | C] (Swearware) -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\ComboFix.exe [2013.01.06 17:50:24 | 002,213,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\tdsskiller.exe [2013.01.06 17:02:38 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\aswMBR.exe [2013.01.06 00:57:18 | 002,841,344 | ---- | C] (ESET) -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\SysInspector.exe [2013.01.04 18:58:43 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\OTL.exe [2013.01.03 21:53:20 | 000,000,000 | ---D | C] -- C:\Programme\ESET [2013.01.03 00:30:55 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Wolfgang\Anwendungsdaten\Malwarebytes [2013.01.03 00:30:32 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware [2013.01.03 00:30:29 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes [2013.01.03 00:30:25 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2013.01.03 00:30:25 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2013.01.02 22:16:19 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Wolfgang\Anwendungsdaten\F-Secure [2012.12.22 19:33:58 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Wolfgang\Startmenü\Programme\The GodFather [2012.12.22 01:54:27 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Wolfgang\Pictures - GT-P5100 [2012.12.22 00:34:45 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Wolfgang\Ubuntu One [2012.12.22 00:34:43 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Wolfgang\Lokale Einstellungen\Anwendungsdaten\ubuntuone [2012.12.22 00:34:31 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Wolfgang\Lokale Einstellungen\Anwendungsdaten\xdg [2012.12.22 00:34:31 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ubuntuone-storageprotocol [2012.12.22 00:34:31 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ubuntuone [2012.12.22 00:34:22 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Ubuntu One [2012.12.22 00:34:10 | 000,000,000 | ---D | C] -- C:\Programme\ubuntuone [2012.12.21 20:51:21 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Box Sync [2012.12.21 01:26:56 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen\Wolfgang\IECompatCache [2012.12.20 23:59:17 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Wolfgang\Lokale Einstellungen\Anwendungsdaten\IsolatedStorage [2012.12.20 23:57:37 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Western Digital [2012.12.20 23:37:20 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\WD Link [2012.12.20 21:16:52 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Wolfgang\Anwendungsdaten\TwonkyServer [2012.12.20 21:15:50 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\twonkyserver [2012.12.20 21:15:45 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Wolfgang\Startmenü\Programme\Twonky 7.1 [2012.12.20 21:15:32 | 000,000,000 | ---D | C] -- C:\Programme\Twonky [2012.12.20 20:39:37 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Wolfgang\Anwendungsdaten\MioNetApplet [2012.12.17 00:56:12 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\VideoLAN [2012.12.15 22:17:44 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Wolfgang\Anwendungsdaten\Try2 [2012.12.15 22:17:44 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Try2 [2012.12.15 22:15:51 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\rondomedia [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.01.11 00:38:15 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job [2013.01.11 00:17:24 | 000,041,156 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml [2013.01.11 00:17:07 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2013.01.11 00:17:04 | 2145,570,816 | -HS- | M] () -- C:\hiberfil.sys [2013.01.10 21:33:42 | 000,554,087 | ---- | M] () -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\adwcleaner.exe [2013.01.10 01:02:20 | 013,485,902 | ---- | M] () -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\mbar-1.01.0.1011.zip [2013.01.09 22:39:06 | 000,697,864 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe [2013.01.09 22:39:06 | 000,074,248 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl [2013.01.09 21:56:43 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts [2013.01.09 01:20:56 | 000,532,878 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat [2013.01.09 01:20:56 | 000,506,794 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2013.01.09 01:20:56 | 000,108,784 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat [2013.01.09 01:20:56 | 000,090,702 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2013.01.09 01:12:59 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2013.01.08 22:50:01 | 000,000,498 | RHS- | M] () -- C:\boot.ini [2013.01.08 22:40:54 | 005,019,950 | R--- | M] (Swearware) -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\ComboFix.exe [2013.01.07 23:24:51 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2013.01.06 17:50:28 | 002,213,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\tdsskiller.exe [2013.01.06 17:32:30 | 000,000,512 | ---- | M] () -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\MBR.dat [2013.01.06 17:03:30 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\aswMBR.exe [2013.01.06 00:57:24 | 002,841,344 | ---- | M] (ESET) -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\SysInspector.exe [2013.01.05 23:17:40 | 000,000,315 | ---- | M] () -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\F-Secure Health Check.url [2013.01.04 18:49:59 | 000,000,000 | ---- | M] () -- C:\Dokumente und Einstellungen\Wolfgang\defogger_reenable [2013.01.04 18:41:40 | 000,050,477 | ---- | M] () -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\Defogger.exe [2013.01.04 18:08:40 | 000,381,632 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2013.01.03 16:25:54 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\OTL.exe [2013.01.03 00:30:32 | 000,000,763 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk [2012.12.23 00:00:41 | 000,003,027 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\dsgsdgdsgdsgw.js [2012.12.22 23:57:40 | 000,000,000 | ---- | M] () -- C:\1.htm [2012.12.22 23:39:23 | 000,007,026 | ---- | M] () -- C:\WINDOWS\cdplayer.ini [2012.12.22 19:40:20 | 000,000,609 | ---- | M] () -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\TheGodFather.lnk [2012.12.22 00:34:23 | 000,001,743 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Ubuntu One.lnk [2012.12.21 20:52:03 | 000,001,333 | ---- | M] () -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\My Box Files.lnk [2012.12.21 20:51:21 | 000,001,616 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Box Sync.lnk [2012.12.20 23:57:37 | 000,001,807 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\My Net View.lnk [2012.12.20 23:37:20 | 000,001,001 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\WD Link.lnk [2012.12.20 21:16:10 | 000,000,804 | ---- | M] () -- C:\Dokumente und Einstellungen\Wolfgang\Startmenü\Programme\Autostart\Twonky 7.1.lnk [2012.12.20 21:15:52 | 000,000,792 | ---- | M] () -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\Twonky 7.1.lnk [2012.12.17 00:56:12 | 000,000,603 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\VLC media player.lnk [2012.12.16 13:23:59 | 000,290,560 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\dllcache\atmfd.dll [2012.12.16 13:23:59 | 000,290,560 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\atmfd.dll [2012.12.15 22:15:51 | 000,000,926 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Jewel Empire - Hidden Secrets.lnk [2012.12.14 16:49:28 | 000,021,104 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.01.10 21:33:45 | 000,554,087 | ---- | C] () -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\adwcleaner.exe [2013.01.10 01:01:49 | 013,485,902 | ---- | C] () -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\mbar-1.01.0.1011.zip [2013.01.08 22:49:59 | 000,262,448 | RHS- | C] () -- C:\cmldr [2013.01.08 22:46:23 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe [2013.01.08 22:46:23 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe [2013.01.08 22:46:23 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe [2013.01.08 22:46:22 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe [2013.01.08 22:46:22 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe [2013.01.06 17:32:30 | 000,000,512 | ---- | C] () -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\MBR.dat [2013.01.05 23:17:40 | 000,000,315 | ---- | C] () -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\F-Secure Health Check.url [2013.01.04 20:02:56 | 000,357,376 | ---- | C] () -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\wd4c1uoj.exe [2013.01.04 18:49:59 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\Wolfgang\defogger_reenable [2013.01.04 18:41:44 | 000,050,477 | ---- | C] () -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\Defogger.exe [2013.01.03 00:30:32 | 000,000,763 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk [2012.12.23 00:00:41 | 000,003,027 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\dsgsdgdsgdsgw.js [2012.12.22 23:57:05 | 000,000,000 | ---- | C] () -- C:\1.htm [2012.12.22 19:40:20 | 000,000,609 | ---- | C] () -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\TheGodFather.lnk [2012.12.22 00:34:23 | 000,001,743 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Ubuntu One.lnk [2012.12.21 20:51:21 | 000,001,616 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Box Sync.lnk [2012.12.20 23:57:37 | 000,001,807 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\My Net View.lnk [2012.12.20 23:37:20 | 000,001,001 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\WD Link.lnk [2012.12.20 21:16:10 | 000,000,804 | ---- | C] () -- C:\Dokumente und Einstellungen\Wolfgang\Startmenü\Programme\Autostart\Twonky 7.1.lnk [2012.12.20 21:15:52 | 000,000,792 | ---- | C] () -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\Twonky 7.1.lnk [2012.12.17 00:56:12 | 000,000,603 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\VLC media player.lnk [2012.12.15 22:15:51 | 000,000,926 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Jewel Empire - Hidden Secrets.lnk [2012.11.07 22:23:10 | 000,003,396 | ---- | C] () -- C:\Dokumente und Einstellungen\Wolfgang\Lokale Einstellungen\Anwendungsdaten\recently-used.xbel [2012.10.10 21:11:33 | 000,001,158 | ---- | C] () -- C:\Dokumente und Einstellungen\Wolfgang\Anwendungsdaten\ShiftN.ini [2012.10.01 23:04:30 | 000,345,366 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\WPFFontCache_v0400-S-1-5-21-2067509887-573568312-3817669188-1007-0.dat [2012.07.23 22:16:08 | 013,476,602 | ---- | C] () -- C:\Dokumente und Einstellungen\Wolfgang\ZDFneo-Der_Adler_-_Codename__Sisyphus-120705_adler_sisyphus_neo.asx.asf [2012.07.22 20:14:51 | 000,000,030 | ---- | C] () -- C:\WINDOWS\Iedit_.INI [2012.07.22 19:51:26 | 000,120,200 | ---- | C] () -- C:\WINDOWS\System32\DLLDEV32i.dll [2012.07.22 19:46:39 | 000,007,119 | ---- | C] () -- C:\WINDOWS\mgxoschk.ini [2012.06.28 15:06:13 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll [2012.06.28 01:39:10 | 000,891,902 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\WPFFontCache_v0400-S-1-5-21-2067509887-573568312-3817669188-1006-0.dat [2012.06.28 01:39:08 | 000,345,366 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\WPFFontCache_v0400-System.dat [2012.06.26 21:04:22 | 000,007,026 | ---- | C] () -- C:\WINDOWS\cdplayer.ini [2012.06.26 20:09:31 | 000,044,240 | ---- | C] () -- C:\WINDOWS\System32\drivers\fsbts.sys [2012.06.10 20:11:28 | 000,000,166 | ---- | C] () -- C:\Dokumente und Einstellungen\Wolfgang\Anwendungsdaten\wklnhst.dat [2012.06.10 16:58:38 | 000,004,608 | ---- | C] () -- C:\Dokumente und Einstellungen\Wolfgang\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.06.10 16:36:14 | 000,000,272 | ---- | C] () -- C:\Dokumente und Einstellungen\Wolfgang\Anwendungsdaten\.backup.dm [2012.06.09 21:25:28 | 000,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2012.06.09 21:16:26 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\Cpuinf32.dll [2012.06.09 21:12:07 | 000,000,059 | ---- | C] () -- C:\WINDOWS\WININIT.INI [2012.06.09 21:05:27 | 000,000,146 | ---- | C] () -- C:\Dokumente und Einstellungen\Wolfgang\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat ========== ZeroAccess Check ========== [2005.12.12 17:36:51 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shdocvw.dll -- [2012.04.20 20:29:44 | 001,510,400 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.02.09 11:51:44 | 000,473,600 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2008.04.14 03:22:32 | 000,273,920 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both < End of report > Code:
ATTFilter OTL Extras logfile created on: 11.01.2013 00:41:23 - Run 4 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Dokumente und Einstellungen\Wolfgang\Desktop Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,14 Gb Available Physical Memory | 56,91% Memory free 3,85 Gb Paging File | 2,99 Gb Available in Paging File | 77,63% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 48,83 Gb Total Space | 25,70 Gb Free Space | 52,63% Space Free | Partition Type: NTFS Drive D: | 140,58 Gb Total Space | 125,16 Gb Free Space | 89,03% Space Free | Partition Type: FAT32 Drive F: | 48,83 Gb Total Space | 35,30 Gb Free Space | 72,30% Space Free | Partition Type: NTFS Drive G: | 75,89 Gb Total Space | 68,84 Gb Free Space | 90,71% Space Free | Partition Type: NTFS Drive J: | 50,27 Gb Total Space | 50,27 Gb Free Space | 100,00% Space Free | Partition Type: FAT32 Drive N: | 465,73 Gb Total Space | 115,08 Gb Free Space | 24,71% Space Free | Partition Type: NTFS Computer Name: LAPTOP-PC | User Name: Wolfgang | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* .url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l [HKEY_USERS\S-1-5-21-2067509887-573568312-3817669188-1006\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- g:\programme\mozilla firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* exefile [open] -- "%1" %* htmlfile [edit] -- Reg Error: Key error. InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "G:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN) Directory [CEWE FOTOSCHAU] -- "G:\Programme\CEWE COLOR\Mein CEWE FOTOBUCH\CEWE FOTOSCHAU.exe" -d "%1" () Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [Mein CEWE FOTOBUCH] -- "G:\Programme\CEWE COLOR\Mein CEWE FOTOBUCH\Mein CEWE FOTOBUCH.exe" "%1" () Directory [PlayWithVLC] -- "G:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr] "Start" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService] "Start" = 2 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List] "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation) "%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation) "C:\Programme\Adobe\Photoshop Elements 4.0\AdobePhotoshopElementsMediaServer.exe" = C:\Programme\Adobe\Photoshop Elements 4.0\AdobePhotoshopElementsMediaServer.exe:*:Disabled:Adobe Photoshop Elements Media Server -- () "%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation) "C:\Programme\Twonky\TwonkyServer\twonkystarter.exe" = C:\Programme\Twonky\TwonkyServer\twonkystarter.exe:*:Enabled:TwonkyServer -- (PacketVideo) "C:\Programme\Twonky\TwonkyServer\twonkyserver.exe" = C:\Programme\Twonky\TwonkyServer\twonkyserver.exe:*:Enabled:TwonkyServer -- () "C:\Programme\ubuntuone\dist\ubuntuone-syncdaemon.exe" = C:\Programme\ubuntuone\dist\ubuntuone-syncdaemon.exe:*:Enabled:Ubuntu One -- () ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{00F8608F-BA6A-4B32-843A-1A568ACD1198}" = VAIO Sea Wallpaper "{013E1BA8-C815-4E27-BCB9-D6B1B2E24094}" = SonicStage Mastering Studio Audio Filter Custom Preset "{01E9B2FF-DAF4-4529-9CC9-2101625517C7}" = nero.prerequisites.msi "{01FDC9FC-4D4F-4DB0-ACD1-D3E8E1D52902}" = Sony MP4 Shared Library "{034DCAF9-96E7-4936-9A07-712F80B5181E}" = Nero RescueAgent 11 "{0673654C-5296-453B-9798-B61CD7E03FEB}" = SES Driver "{0713D1F9-DD77-42C1-8C7D-54D479E2E743}" = Nero SoundTrax 11 "{075473F5-846A-448B-BCB3-104AA1760205}" = Roxio DigitalMedia Data "{0D7A4289-99CF-4B8D-B812-86BE50A54552}" = Nero Video 11 "{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1 "{11C98E1A-EC91-4B38-B44C-C562292D8453}" = Adobe Premiere Elements 2.0 "{11D3EF85-63E1-4AE4-A7C1-9241BDB16B51}" = Nero ControlCenter 11 "{1417F599-1DBD-4499-9375-B2813E9F890C}" = VAIO Camera Utility "{14DC0059-00F1-4F62-BD1A-AB23CD51A95E}" = Adobe AIR "{15803703-25FA-4C01-A062-3F4A59937E87}" = Ulead PhotoImpact X3 "{1BEF9285-5530-426B-A5F1-5836B95C7EB1}" = VAIO Original Screen Saver "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{2063C2E8-3812-4BBD-9998-6610F80C1DD4}" = VAIO Media AC3 Decoder 1.0 "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe "{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 9 "{27337663-2619-11D4-99DC-0000F49094C7}" = Memory Stick Formatter "{28C70D19-6DE9-43EF-BFA3-342F4A11B727}" = LibreOffice 3.5 "{2A0F3EF9-68EE-49E9-A05B-ED5B82DF63E5}" = Wireless Switch Setting Utility "{2AEDC172-479F-47AE-8A48-A0524D4AED5B}_is1" = Inpaint 4.7 "{2CA7225D-CB12-462A-9DD1-50319E158BA5}" = Nero 11 PiP Effects Basic "{3248F0A8-6813-11D6-A77B-00B0D0150050}" = J2SE Runtime Environment 5.0 Update 5 "{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{390757AA-8830-43DC-AEE0-4E5B6F8439EB}" = Nero SoundTrax 11 Help (CHM) "{3966711E-1F98-4C9F-AE0B-6AD28137FE64}" = Multiple Image Resizer .NET 4 "{3B418709-D688-4E3A-BE0E-7D71FA84C948}" = Nero 11 PiP Effects 1 "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{4382FC76-8100-4951-8658-31834E625E88}" = Nero 11 Video Transitions 1 "{498A4E3D-562E-4129-8722-6DCAB12384AE}" = Windows Communication Foundation Language Pack - DEU "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{529125EF-E3AC-4B74-97E6-F688A7C0F1BF}" = Paint.NET v3.5.10 "{53F7746A-96AA-49A5-86B8-59989680DAC5}" = Nero Burning ROM 11 Help (CHM) "{55C2143E-FBA5-442F-9AFA-726FF068F39D}" = Nero CoverDesigner 11 Help (CHM) "{560F6B2E-F0DF-44E5-8190-A4A161F0E205}" = VAIO Media 5.0 "{57F80ECF-E27C-4EEE-AB58-E971BACE2639}" = Nero Recode 11 Help (CHM) "{5855C127-1F20-404D-B7FB-1FD84D7EAB5E}" = VAIO Media Redistribution 5.0 "{59452470-A902-477F-9338-9B88101681BD}" = Setting Utility Series "{5958CAC6-373E-402F-84FE-0A699AA920B9}" = LAN Setting Utility "{5A212B2D-140D-46F4-B625-2D1CA5A00594}" = Nero 11 Kwik Themes Basic "{5BEE8F1F-BD32-4553-8107-500439E43BD7}" = VAIO Update "{5E940FC7-90C4-8583-3DCB-A2C86224B726}" = Shrink O’Matic "{5E98FDD6-3672-4DBE-AB8B-2C9A0BED1382}" = Nero 11 Disc Menus 3 "{60356853-8141-8377-6786-288431479053}" = Jewel Empire-Hidden Secrets "{61D6E4FB-1A62-4EB1-BE56-929B00C155CF}" = Wireless LAN Starter "{63B8FB69-A1B6-425D-B67D-5257B7A1F663}" = Image Converter 2 Plus "{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update "{668B1BD6-4593-4959-970E-249AFFE6F35C}" = VOR "{685BCC47-B8EC-45EC-BBCE-77DF2451502C}" = DVgate Plus "{6AB2427E-A18F-4809-9A12-29F5EBABBB3A}" = Nero BackItUp 11 Help (CHM) "{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 "{6B1F20F2-6321-4669-A58C-33DF8E7517FF}" = VAIO Entertainment Platform "{7228FD8C-3B9E-4204-AE36-8A466107685B}" = Windows Workflow Foundation DE Language Pack "{785EB1D4-ECEC-4195-99B4-73C47E187721}" = VAIO Media Integrated Server 5.0 "{7DF2B5EE-2C16-4E86-9C71-8678068AD805}" = Nero 11 Disc Menus 2 "{7F9C9908-69E3-4474-A081-256F27995A18}" = My Net View "{8014FACB-1D1D-48C2-94AA-E29EE2E6B9CE}" = Nero WaveEditor 11 "{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 4.9.0 "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{8937FCB2-2FC6-4FC3-9FB5-DE2C92DB9C38}" = Microsoft .NET Framework 2.0 Language Pack - DEU "{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr "{8EDBA74D-0686-4C99-BFDD-F894678E5102}" = Adobe Common File Installer "{8FFC924C-ED06-44CB-8867-3CA778ECE903}" = Adobe Help Center 2.0 "{9080C5D2-82FA-452A-87FA-CBB4B05D67A5}" = VPS "{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD for VAIO "{9193490D-5229-4FC4-9BB9-A6D63C09574A}" = High-Definition Video Playback "{92DF2F1B-F63C-4D9A-B3E1-B2D11AE29790}" = Windows Presentation Foundation Language Pack (DEU) "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9CC89556-3578-48DD-8408-04E66EBEF401}" = mXML "{9E319E96-ED8E-4B01-9775-C521A1869A25}" = VAIO Power Management "{9E407618-D9CD-4F39-9490-9ED45294073D}" = Click to DVD 2.0.03 Menu Data "{9FC86590-AC98-4845-80D4-3EB37B51947B}" = Nero 11 "{A0EB195B-5876-48E6-879D-33D4B2102610}" = SonicStage 3.3 "{A0F34849-D9AB-46DD-B1BE-BB0DB60B1FE8}" = Nero 11 Disc Menus 1 "{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}" = mDriver "{A2CDC001-F8B3-4C64-9E74-2E3FA0FAC9D9}" = Nero 11 Video Samples "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{A3810BEE-967B-41DC-9662-F941A3F7D689}" = calibre "{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio "{A4F6BE36-4826-45BA-A396-04F265A3B61D}" = Nero 11 Kwik Themes 2 "{A7A0BF2E-31CC-49E3-9913-52C503EB969D}" = Nero Audio Pack 1 "{AB2BBC64-8AC8-4E66-BBF3-E22D5EACEECA}" = Nero BackItUp 11 "{AB467B85-4F52-48C2-AEED-0673D00417B0}" = SonicStage Mastering Studio Audio Filter "{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Roxio DigitalMedia Audio "{ABBD2A2E-2424-4078-966F-F319A88D5F21}" = VAIO Starfish Wallpaper "{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.5) - Deutsch "{ACD6B383-EC5B-4000-A455-CCB308B447FE}" = Nero 11 Kwik Themes 4 "{AF9A04EB-7D8E-41DE-9EDE-4AB9BB2B71B6}" = VAIO Media Registration Tool 5.0 "{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Roxio DigitalMedia Copy "{B160A672-F326-4414-9BB0-A056C61B357C}" = Nero 11 Cliparts "{B1846721-A8E6-46C7-83B6-0DCF7ADB4267}" = Nero Burning ROM 11 "{B1F69AF3-B5B5-4CA5-ADC5-8A738EB6E574}" = Nero 11 Kwik Themes 1 "{B26E3B0D-C2FA-4370-B068-7C476766F029}" = Microsoft Works "{B3F1E526-180B-4480-9FEC-3E2DCB8EA9CE}" = F-Secure PSC Prerequisites "{B7C03E84-AF46-42F4-809D-D4127D9086D0}" = VAIO Edit Components 6.0 "{B9B1BA7F-7E07-49DD-A713-5B397A5BB66B}" = Nero Kwik Media Help (CHM) "{BA499CC0-12C0-4BA5-9007-76844B721158}" = Nero 11 Kwik Themes 3 "{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation "{BE56FEF0-1A0F-4719-B3AD-34B5087AFA6D}" = Sony Video Shared Library "{BE814218-3919-4EA3-868A-2F60BC135CB4}" = Nero Kwik Media "{BEBEE34D-84A2-4EDD-8BEA-96CC54371263}" = Nero Core Components 11 "{BF3B304B-8A18-452D-A19F-6012CA8418D7}" = SonicStage Mastering Studio 2.1 "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{C27BF761-C499-488D-A964-A3718BC6EC3E}" = DSD Direct "{C89EB8CD-675F-44F4-9729-4C9A8FAC2D4F}" = DSD Playback Plug-In 1.0 "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CCE210DF-7EEF-4A76-A63C-3EB091FDB992}" = welcome "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{CE518445-0054-44F8-8315-2AD45BF3701E}" = Raw Therapee V4.0.9.50 x86 "{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba "{D010EBB6-6CDB-4360-90ED-743156F3E11F}" = LibreOffice 3.5 Help Pack (German) "{D01CE99A-8802-483C-A79F-298B691EB432}" = Nero RescueAgent 11 Help (CHM) "{D2CBEFA4-F2D3-4E97-A171-8BFD6A31A5EC}" = Nero Express 11 Help (CHM) "{D2D23D08-D10E-43D6-883C-78E0B2AC9CC6}" = VU5x86 "{D4D66270-9147-4BDF-9946-FCA2B303AA8F}" = Nero ControlCenter 11 Help (CHM) "{E09B48B5-E141-427A-AB0C-D3605127224A}" = Microsoft SQL Server Desktop Engine (VAIO_VEDB) "{E10AAE4A-98B8-420A-BD93-E0520C23D624}" = Nero Express 11 "{E4715C25-7114-4F40-A915-C1951D4D7520}" = VAIO Update Merge Module x86 "{E51BC4B0-EA5E-49CC-AF3B-93B5C627EC22}" = Nero 11 Effects Basic "{E5E6E687-1031-0000-0000-000000000002}" = Adobe Acrobat 7.0 Elements - Deutsch "{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack "{E809063C-51A3-4269-8984-D1EB742F2151}" = Click to DVD 2.5.00 "{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore "{EB8DED20-A887-4A9C-BB5A-F3E7523DFB44}" = Nero WaveEditor 11 Help (CHM) "{EBB7C1C1-D439-4D9B-9FDC-954C10F266B0}" = Adobe Photoshop Elements 4.0 "{EE7EB179-5AA2-4B28-AC92-5CBAAF82BA7F}" = SonicStage Mastering Studio Plugins "{EF3D45BB-2260-4008-88EA-492E7744A9DF}" = Sony Utilities DLL "{F0AC2E59-2AD8-4D4C-8677-4EFE8F8AFC37}" = Box Sync "{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F0D85ADD-DD61-4B43-87A0-6DA52A211A8B}" = VAIO Event Service "{F2A7F421-1679-48D5-B918-96999014ED53}" = Microsoft .NET Framework 3.0 German Language Pack "{F3743A2C-5D5F-4456-8F98-5DF36A954C50}" = Nero 11 Image Samples "{F49EF443-B2BD-4F10-8A46-87AFCDB90EDD}" = Nero 11 Disc Menus Basic "{F5E4C38C-73BC-4D44-8BFC-969C2B4DABCA}" = OpenMG Secure Module 4.3.00 "{F69FB940-5031-4FE8-AFAD-085802D0BF63}" = Nero Recode 11 "{F8EF9B71-53E7-41F5-8E54-47B4C979CB38}" = Nero Backup Drivers "{FAC3C37E-EDAB-4F3A-A173-A7C70CC88F09}" = Nero Video 11 Help (CHM) "{FB714F13-10C9-48DB-91C9-DDBCCCBF9370}" = VAIO Original Screen Saver VAIO Cozy Screen SD Wide Contents "{FC37C108-821D-4EDE-8F40-D5B497586805}" = VAIO Control Center "{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe "{FF44BCE5-5A18-4051-85F0-BC172D7B4695}" = Nero CoverDesigner 11 "7-Zip" = 7-Zip 9.20 "Adobe Acrobat 7.0 Elements - Deutsch" = Adobe Acrobat 7.0 Elements - Deutsch "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Adobe Photoshop Elements 4" = Adobe Photoshop Elements 4.0 "Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.17 "CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_20030003" = HDAUDIO SoftV92 Data Fax Modem with SmartCP "Digital Editions" = Adobe Digital Editions "ESET Online Scanner" = ESET Online Scanner v3 "Exact Audio Copy" = Exact Audio Copy 1.0beta3 "Exif-Viewer" = Exif-Viewer 2.51 "FastStone Photo Resizer" = FastStone Photo Resizer 3.1 "F-Secure Product 444" = F-Secure Internet Security 2009 "GIMP-2_is1" = GIMP 2.8.0 "Hardcopy(G__hardcopy)" = Hardcopy (G:\hardcopy) "HxD Hex Editor_is1" = HxD Hex Editor Version 1.7.7.0 "ie8" = Windows Internet Explorer 8 "Inkscape" = Inkscape 0.48.2 "InstallShield_{15803703-25FA-4C01-A062-3F4A59937E87}" = Ulead PhotoImpact X3 "InstallShield_{668B1BD6-4593-4959-970E-249AFFE6F35C}" = VAIO-Online-Registrierung (Deutsch) "InstallShield_{9080C5D2-82FA-452A-87FA-CBB4B05D67A5}" = VAIO Product Survey "InstallShield_{F5E4C38C-73BC-4D44-8BFC-969C2B4DABCA}" = OpenMG Secure Module 4.3.00 "MAGIX Xtreme Druck Center D" = MAGIX Xtreme Druck Center 5.0.0.7399 (D) "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100 "Mein CEWE FOTOBUCH" = Mein CEWE FOTOBUCH "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "Microsoft .NET Framework 2.0 Language Pack - DEU" = Microsoft .NET Framework 2.0 Language Pack - DEU "Microsoft .NET Framework 3.0 German Language Pack" = Microsoft .NET Framework 3.0 German Language Pack "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "MouseSuite98" = Sony USB Mouse "Mozilla Firefox 18.0 (x86 de)" = Mozilla Firefox 18.0 (x86 de) "MozillaMaintenanceService" = Mozilla Maintenance Service "MP4 To MP3 Converter_is1" = MP4 To MP3 Converter V3.0.4 "Multiple Image Resizer .NET 4" = Multiple Image Resizer .NET 4 "My Club VAIO Media Center Edition_is1" = My Club VAIO MCE (German) 1.0.1 "net.tw.air.ShrinkOMatic.7C34F9BA9FAD6689FAABBE85F1F5B46BA5A32DE5.1" = Shrink O’Matic "Notepad++" = Notepad++ "NVIDIA Drivers" = NVIDIA Drivers "OpenMG HotFix4.3-05-09-14-01" = OpenMG Limited Patch 4.3-05-10-05-01 "PremElem20" = Adobe Premiere Elements 2.0 "ProInst" = Intel(R) PROSet/Wireless Software "PROSet" = Intel(R) PRO Network Connections Drivers "ShiftN_is1" = ShiftN 3.6.1 "Software Informer_is1" = Software Informer 1.1 "STRATO HiDrive" = STRATO HiDrive (remove only) "The GodFather" = The GodFather "Ubuntu One 4.0.0" = Ubuntu One "UnderCoverXP_is1" = UnderCoverXP 1.23 "VLC media player" = VLC media player 2.0.4 "WD Link" = WD Link "WIC" = Windows Imaging Component "Windows Media Format Runtime" = Windows Media Format Runtime "Windows XP Service Pack" = Windows XP Service Pack 3 "XpsEPSC" = XML Paper Specification Shared Components Pack 1.0 "XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0 ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-2067509887-573568312-3817669188-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "TwonkyServer" = Twonky 7 ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 10.01.2013 14:35:55 | Computer Name = LAPTOP-PC | Source = Application Error | ID = 1000 Description = Fehlgeschlagene Anwendung fsm32.exe, Version 8.10.30091.0, fehlgeschlagenes Modul gdiplus.dll, Version 5.2.6002.22791, Fehleradresse 0x000445f4. Error - 10.01.2013 14:35:58 | Computer Name = LAPTOP-PC | Source = F-Secure Anti-Virus | ID = 103 Description = 1 2013-01-10 19:35:36+02:00 LAPTOP-PC LAPTOP-PC\Wolfgang F-Secure Anti-Virus An error occurred while scanning \DEVICE\HARDDISKVOLUME13\DOKUMENTE UND EINSTELLUNGEN\WOLFGANG\ANWENDUNGSDATEN\SOFTWARE INFORMER\CACHE\ICONS\SIC4.TMP. Error - 10.01.2013 14:37:55 | Computer Name = LAPTOP-PC | Source = F-Secure Anti-Virus | ID = 103 Description = 2 2013-01-10 19:37:55+02:00 LAPTOP-PC LAPTOP-PC\Wolfgang F-Secure Anti-Virus An error occurred while scanning \DEVICE\HARDDISKVOLUME13\PROGRAMME\SONY\WLANSET\WLANSET.EXE. Error - 10.01.2013 14:38:54 | Computer Name = LAPTOP-PC | Source = MsiInstaller | ID = 11706 Description = Produkt: Microsoft .NET Framework 1.1 -- Fehler 1706.Für das Produkt "Microsoft .NET Framework 1.1" wurde kein gültiger Quellcode gefunden. Windows Installer kann nicht fortfahren. Error - 10.01.2013 14:38:56 | Computer Name = LAPTOP-PC | Source = MsiInstaller | ID = 1023 Description = Produkt: Microsoft .NET Framework 1.1 - Update "{6C298884-91FD-408C-9D90-5A59D2C29FD1}" konnte nicht installiert werden. Fehlercode 1603. Weitere Informationen sind in der Protokolldatei C:\WINDOWS\TEMP\NDP1.1sp1-KB2742597-X86\NDP1.1sp1-KB2742597-X86-msi.0.log enthalten. Error - 10.01.2013 14:38:57 | Computer Name = LAPTOP-PC | Source = NativeWrapper | ID = 5000 Description = Error - 10.01.2013 14:52:55 | Computer Name = LAPTOP-PC | Source = MsiInstaller | ID = 11706 Description = Produkt: Microsoft .NET Framework 1.1 -- Fehler 1706.Für das Produkt "Microsoft .NET Framework 1.1" wurde kein gültiger Quellcode gefunden. Windows Installer kann nicht fortfahren. Error - 10.01.2013 14:52:58 | Computer Name = LAPTOP-PC | Source = MsiInstaller | ID = 1023 Description = Produkt: Microsoft .NET Framework 1.1 - Update "{6C298884-91FD-408C-9D90-5A59D2C29FD1}" konnte nicht installiert werden. Fehlercode 1603. Weitere Informationen sind in der Protokolldatei C:\DOKUME~1\Wolfgang\LOKALE~1\Temp\NDP1.1sp1-KB2742597-X86\NDP1.1sp1-KB2742597-X86-msi.0.log enthalten. Error - 10.01.2013 14:52:58 | Computer Name = LAPTOP-PC | Source = NativeWrapper | ID = 5000 Description = Error - 10.01.2013 19:50:27 | Computer Name = LAPTOP-PC | Source = F-Secure Anti-Virus | ID = 103 Description = 1 2013-01-11 00:50:26+02:00 LAPTOP-PC LAPTOP-PC\Wolfgang F-Secure Anti-Virus Malicious code found in file C:\Dokumente und Einstellungen\Wolfgang\Desktop\wd4c1uoj.exe. Infection: Trojan.Generic.8544936 Action: The file was quarantined. [ System Events ] Error - 10.01.2013 16:54:36 | Computer Name = LAPTOP-PC | Source = DCOM | ID = 10010 Description = Der Server "{4B635ECB-0887-4015-8CA6-D621362F98D1}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden. Error - 10.01.2013 17:25:06 | Computer Name = LAPTOP-PC | Source = DCOM | ID = 10010 Description = Der Server "{4B635ECB-0887-4015-8CA6-D621362F98D1}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden. Error - 10.01.2013 17:55:36 | Computer Name = LAPTOP-PC | Source = DCOM | ID = 10010 Description = Der Server "{4B635ECB-0887-4015-8CA6-D621362F98D1}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden. Error - 10.01.2013 18:26:06 | Computer Name = LAPTOP-PC | Source = DCOM | ID = 10010 Description = Der Server "{4B635ECB-0887-4015-8CA6-D621362F98D1}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden. Error - 10.01.2013 18:56:36 | Computer Name = LAPTOP-PC | Source = DCOM | ID = 10010 Description = Der Server "{4B635ECB-0887-4015-8CA6-D621362F98D1}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden. Error - 10.01.2013 19:18:41 | Computer Name = LAPTOP-PC | Source = DCOM | ID = 10010 Description = Der Server "{4B635ECB-0887-4015-8CA6-D621362F98D1}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden. Error - 10.01.2013 19:20:12 | Computer Name = LAPTOP-PC | Source = DCOM | ID = 10010 Description = Der Server "{4B635ECB-0887-4015-8CA6-D621362F98D1}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden. Error - 10.01.2013 19:21:42 | Computer Name = LAPTOP-PC | Source = DCOM | ID = 10010 Description = Der Server "{4B635ECB-0887-4015-8CA6-D621362F98D1}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden. Error - 10.01.2013 19:23:12 | Computer Name = LAPTOP-PC | Source = DCOM | ID = 10010 Description = Der Server "{4B635ECB-0887-4015-8CA6-D621362F98D1}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden. Error - 10.01.2013 19:24:42 | Computer Name = LAPTOP-PC | Source = DCOM | ID = 10010 Description = Der Server "{4B635ECB-0887-4015-8CA6-D621362F98D1}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden. < End of report > Geändert von wolfk (11.01.2013 um 01:19 Uhr) |
15.01.2013, 15:23 | #19 |
| GVU-Trojaner erkannt und z. T. gelöscht Erinnerung an meinen Thread Hallo Cosinus, ich hoffe, die Freizeit war angenehm. Nun geht es sicher wie immer mit voller Kraft weiter. Gruß Wolfk |
15.01.2013, 16:44 | #20 |
/// Winkelfunktion /// TB-Süch-Tiger™ | GVU-Trojaner erkannt und z. T. gelöscht Hm, da ist immer noch Toolbar-Müll drin Bitte mal den aktuellen adwCleaner runterladen, also die alte adwcleaner löschen und neu runterladen adwCleaner - Toolbars und ungewollte Start-/Suchseiten aufspüren Downloade Dir bitte AdwCleaner auf deinen Desktop. Falls der adwCleaner schon mal in der runtergeladen wurde, bitte die alte adwcleaner.exe löschen und neu runterladen!!
__________________ Logfiles bitte immer in CODE-Tags posten |
15.01.2013, 18:20 | #21 |
| GVU-Trojaner erkannt und z. T. gelöscht Hallo Cosinus, habe die alte adwcleaner gelöscht und die Datei noch einmal neu heruntergeladen und auf "Suche" geklickt. Anbei die entstandene Logdatei. Ich habe per Zufall eine Removal.log-Editor-Datei meines Virenwächters gefunden. Sie wird ebenfalls gepostet. Vielen Dank für Deine Bemühungen und einen guten Start in die Woche. Wolfk Code:
ATTFilter # AdwCleaner v2.105 - Datei am 15/01/2013 um 17:22:16 erstellt # Aktualisiert am 08/01/2013 von Xplode # Betriebssystem : Microsoft Windows XP Service Pack 3 (32 bits) # Benutzer : Wolfgang - LAPTOP-PC # Bootmodus : Normal # Ausgeführt unter : C:\Dokumente und Einstellungen\Wolfgang\Desktop\adwcleaner.exe # Option [Suche] **** [Dienste] **** ***** [Dateien / Ordner] ***** ***** [Registrierungsdatenbank] ***** Schlüssel Gefunden : HKLM\Software\Description ***** [Internet Browser] ***** -\\ Internet Explorer v8.0.6001.18702 [OK] Die Registrierungsdatenbank ist sauber. ************************* AdwCleaner[R1].txt - [6833 octets] - [04/01/2013 17:52:17] AdwCleaner[R2].txt - [6172 octets] - [10/01/2013 21:49:37] AdwCleaner[R3].txt - [759 octets] - [15/01/2013 17:22:16] AdwCleaner[S2].txt - [6270 octets] - [11/01/2013 00:14:37] ########## EOF - C:\AdwCleaner[R3].txt - [878 octets] ########## Code:
ATTFilter 23.12.2012 00:00:17 Exploit:W32/CVE-2011-3402.A BEGIN ; ;Log created by USS version 5.1.18250 ; 23.12.2012 00:00:17 Exploit:W32/CVE-2011-3402.A file "C:\Dokumente und Einstellungen\Wolfgang\Lokale Einstellungen\Temporary Internet Files\Content.IE5\5RLGOV1T\dissolve.culture[1].htm" quarantined success 23.12.2012 00:00:17 Exploit:W32/CVE-2011-3402.A file "C:\Dokumente und Einstellungen\Wolfgang\Lokale Einstellungen\Temporary Internet Files\Content.IE5\5RLGOV1T\dissolve.culture[1].htm" deleted success reboot 23.12.2012 00:00:17 Exploit:W32/CVE-2011-3402.A END 23.12.2012 16:08:52 Trojan.Generic.KD BEGIN ; ;Log created by USS version 5.1.18250 ; 23.12.2012 16:08:53 Trojan.Generic.KD process "3172|c:\dokumente und einstellungen\wolfgang\wgsdgsdgdsgsd.dll" terminated success 23.12.2012 16:08:53 Trojan.Generic.KD process "3908|c:\dokumente und einstellungen\wolfgang\wgsdgsdgdsgsd.dll" terminated success 23.12.2012 16:08:54 Trojan.Generic.KD file "c:\dokumente und einstellungen\wolfgang\wgsdgsdgdsgsd.dll" quarantined success 23.12.2012 16:08:54 Trojan.Generic.KD registry "HKEY_LOCAL_MACHINE\System\ControlSet001\Services\winmgmt" quarantined success 23.12.2012 16:08:54 Trojan.Generic.KD registry "HKEY_LOCAL_MACHINE\System\ControlSet002\Services\winmgmt" quarantined success 23.12.2012 16:08:54 Trojan.Generic.KD registry "HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\winmgmt" quarantined success 23.12.2012 16:08:54 Trojan.Generic.KD registry "HKEY_USERS\S-1-5-21-2067509887-573568312-3817669188-1007\Software\Microsoft\Internet Explorer\Main|Search Page" quarantined failed 23.12.2012 16:08:54 Trojan.Generic.KD registry "HKEY_USERS\S-1-5-21-2067509887-573568312-3817669188-500\Software\Microsoft\Internet Explorer\Main|Search Page" quarantined failed 23.12.2012 16:08:54 Trojan.Generic.KD registry "HKEY_USERS\S-1-5-21-2067509887-573568312-3817669188-500\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced|ShowSuperHidden" quarantined failed 23.12.2012 16:08:55 Trojan.Generic.KD registry "HKEY_USERS\S-1-5-21-2067509887-573568312-3817669188-500\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced|ShowSuperHidden" restored failed 23.12.2012 16:08:55 Trojan.Generic.KD registry "HKEY_LOCAL_MACHINE\System\ControlSet001\Services\winmgmt" deleted success 23.12.2012 16:08:55 Trojan.Generic.KD registry "HKEY_LOCAL_MACHINE\System\ControlSet002\Services\winmgmt" deleted success 23.12.2012 16:08:55 Trojan.Generic.KD registry "HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\winmgmt" deleted success 23.12.2012 16:08:55 Trojan.Generic.KD registry "HKEY_USERS\S-1-5-21-2067509887-573568312-3817669188-1007\Software\Microsoft\Internet Explorer\Main|Search Page" deleted failed 23.12.2012 16:08:55 Trojan.Generic.KD registry "HKEY_USERS\S-1-5-21-2067509887-573568312-3817669188-500\Software\Microsoft\Internet Explorer\Main|Search Page" deleted failed 23.12.2012 16:08:55 Trojan.Generic.KD file "c:\dokumente und einstellungen\wolfgang\wgsdgsdgdsgsd.dll" deleted success reboot 23.12.2012 16:08:55 Trojan.Generic.KD END 23.12.2012 16:08:55 Trojan.Generic.KD.815879 BEGIN ; ;Log created by USS version 5.1.18250 ; 23.12.2012 16:08:55 Trojan.Generic.KD.815879 file "C:\DOKUMENTE UND EINSTELLUNGEN\WOLFGANG\WGSDGSDGDSGSD.DLL" quarantined success 23.12.2012 16:08:55 Trojan.Generic.KD.815879 file "C:\DOKUMENTE UND EINSTELLUNGEN\WOLFGANG\WGSDGSDGDSGSD.DLL" deleted failed reboot 23.12.2012 16:08:55 Trojan.Generic.KD.815879 END 03.01.2013 01:17:55 Trojan.Generic.KD.815879 BEGIN ; ;Log created by USS version 5.1.18250 ; 03.01.2013 01:17:55 Trojan.Generic.KD.815879 file "C:\System Volume Information\_restore{2C76FB69-9053-4B39-942F-CBA82E44F704}\RP102\A0020447.dll.vir" quarantined success 03.01.2013 01:17:55 Trojan.Generic.KD.815879 file "C:\System Volume Information\_restore{2C76FB69-9053-4B39-942F-CBA82E44F704}\RP102\A0020447.dll.vir" deleted success 03.01.2013 01:17:55 Trojan.Generic.KD.815879 END 11.01.2013 00:50:26 Trojan.Generic.8544936 BEGIN ; ;Log created by USS version 5.1.18250 ; 11.01.2013 00:50:26 Trojan.Generic.8544936 file "C:\Dokumente und Einstellungen\Wolfgang\Desktop\wd4c1uoj.exe" quarantined success 11.01.2013 00:50:26 Trojan.Generic.8544936 file "C:\Dokumente und Einstellungen\Wolfgang\Desktop\wd4c1uoj.exe" deleted success 11.01.2013 00:50:26 Trojan.Generic.8544936 END 11.01.2013 04:39:14 Trojan.Generic.8544936 BEGIN ; ;Log created by USS version 5.1.18250 ; 11.01.2013 04:39:14 Trojan.Generic.8544936 file "C:\System Volume Information\_restore{2C76FB69-9053-4B39-942F-CBA82E44F704}\RP109\A0024070.exe" quarantined success 11.01.2013 04:39:14 Trojan.Generic.8544936 file "C:\System Volume Information\_restore{2C76FB69-9053-4B39-942F-CBA82E44F704}\RP109\A0024070.exe" deleted success 11.01.2013 04:39:14 Trojan.Generic.8544936 END 12.01.2013 17:14:56 Trojan.Script.480412 BEGIN ; ;Log created by USS version 5.1.18250 ; 12.01.2013 17:15:24 Trojan.Script.480412 file "C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\dsgsdgdsgdsgw.js" quarantined success 12.01.2013 17:15:24 Trojan.Script.480412 registry "HKEY_USERS\S-1-5-21-2067509887-573568312-3817669188-1007\Software\Microsoft\Internet Explorer\Main|Search Page" quarantined failed 12.01.2013 17:15:24 Trojan.Script.480412 registry "HKEY_USERS\S-1-5-21-2067509887-573568312-3817669188-500\Software\Microsoft\Internet Explorer\Main|Search Page" quarantined failed 12.01.2013 17:15:25 Trojan.Script.480412 registry "HKEY_USERS\S-1-5-21-2067509887-573568312-3817669188-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Hidden" quarantined success 12.01.2013 17:15:25 Trojan.Script.480412 registry "HKEY_USERS\S-1-5-21-2067509887-573568312-3817669188-500\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced|ShowSuperHidden" quarantined failed 12.01.2013 17:15:25 Trojan.Script.480412 registry "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path|Debugger" quarantined success 12.01.2013 17:15:26 Trojan.Script.480412 registry "HKEY_USERS\S-1-5-21-2067509887-573568312-3817669188-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Hidden" restored success 12.01.2013 17:15:26 Trojan.Script.480412 registry "HKEY_USERS\S-1-5-21-2067509887-573568312-3817669188-500\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced|ShowSuperHidden" restored failed 12.01.2013 17:15:26 Trojan.Script.480412 registry "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path|Debugger" restored success 12.01.2013 17:15:26 Trojan.Script.480412 registry "HKEY_USERS\S-1-5-21-2067509887-573568312-3817669188-1007\Software\Microsoft\Internet Explorer\Main|Search Page" deleted failed 12.01.2013 17:15:26 Trojan.Script.480412 registry "HKEY_USERS\S-1-5-21-2067509887-573568312-3817669188-500\Software\Microsoft\Internet Explorer\Main|Search Page" deleted failed 12.01.2013 17:15:26 Trojan.Script.480412 file "C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\dsgsdgdsgdsgw.js" deleted success 12.01.2013 17:15:26 Trojan.Script.480412 END |
16.01.2013, 12:18 | #22 |
/// Winkelfunktion /// TB-Süch-Tiger™ | GVU-Trojaner erkannt und z. T. gelöscht adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen
Danach eine Kontrolle mit OTL bitte:
__________________ Logfiles bitte immer in CODE-Tags posten |
16.01.2013, 13:47 | #23 |
| GVU-Trojaner erkannt und z. T. gelöscht Hallo Cosinus, zuerst habe ich alle offenen Programme und Browser geschlossen und dann mit einem Doppelklick die adwcleaner.exe gestartet. Nach einem Klick auf "Löschen" und Bestätigung jeweils mit "OK" startete der Rechner neu und es öffnete sich die beigefügte Textdatei. Danach war eine Kontrolle mit OTL durchzuführen mittels Doppelklick auf die OTL.exe. Vorab war ein Haken bei "Scanne alle Benutzer" zu setzen, minimaler Output und unter Extra Registry "Use Safelist" zu wählen. Der Scan wurde durch Klick auf Run gestartet. Die nach Beendigung des Scans erstellten 2 Logfiles sind in CODE-Tags in den Thread zu posten. Vielen Dank für Deine Bemühungen wolfk Logdatei AdwCleaner[Sx].txt Code:
ATTFilter # AdwCleaner v2.105 - Datei am 16/01/2013 um 13:05:39 erstellt # Aktualisiert am 08/01/2013 von Xplode # Betriebssystem : Microsoft Windows XP Service Pack 3 (32 bits) # Benutzer : Wolfgang - LAPTOP-PC # Bootmodus : Normal # Ausgeführt unter : C:\Dokumente und Einstellungen\Wolfgang\Desktop\adwcleaner.exe # Option [Löschen] **** [Dienste] **** ***** [Dateien / Ordner] ***** ***** [Registrierungsdatenbank] ***** Schlüssel Gelöscht : HKLM\Software\Description ***** [Internet Browser] ***** -\\ Internet Explorer v8.0.6001.18702 [OK] Die Registrierungsdatenbank ist sauber. ************************* AdwCleaner[R1].txt - [6833 octets] - [04/01/2013 17:52:17] AdwCleaner[R2].txt - [6172 octets] - [10/01/2013 21:49:37] AdwCleaner[R3].txt - [946 octets] - [15/01/2013 17:22:16] AdwCleaner[S2].txt - [6270 octets] - [11/01/2013 00:14:37] AdwCleaner[S3].txt - [880 octets] - [16/01/2013 13:05:39] ########## EOF - C:\AdwCleaner[S3].txt - [939 octets] ########## Code:
ATTFilter OTL logfile created on: 16.01.2013 13:31:37 - Run 5 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Dokumente und Einstellungen\Wolfgang\Desktop Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,10 Gb Available Physical Memory | 55,19% Memory free 3,85 Gb Paging File | 2,96 Gb Available in Paging File | 76,85% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 48,83 Gb Total Space | 25,39 Gb Free Space | 51,99% Space Free | Partition Type: NTFS Drive D: | 140,58 Gb Total Space | 125,15 Gb Free Space | 89,03% Space Free | Partition Type: FAT32 Drive F: | 48,83 Gb Total Space | 35,30 Gb Free Space | 72,30% Space Free | Partition Type: NTFS Drive G: | 75,89 Gb Total Space | 68,83 Gb Free Space | 90,70% Space Free | Partition Type: NTFS Drive J: | 50,27 Gb Total Space | 50,26 Gb Free Space | 100,00% Space Free | Partition Type: FAT32 Drive N: | 465,73 Gb Total Space | 115,08 Gb Free Space | 24,71% Space Free | Partition Type: NTFS Computer Name: LAPTOP-PC | User Name: Wolfgang | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - G:\Programme\mozilla firefox\firefox.exe (Mozilla Corporation) PRC - G:\Eigene Programme\F-Secure\Anti-Virus\fsav32.exe (F-Secure Corporation) PRC - G:\Eigene Programme\F-Secure\Anti-Virus\fssm32.exe (F-Secure Corporation) PRC - G:\Eigene Programme\F-Secure\Anti-Virus\fsgk32.exe (F-Secure Corporation) PRC - C:\Dokumente und Einstellungen\Wolfgang\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\Box Sync\BoxSyncHelper.exe (Box, Inc.) PRC - C:\Programme\Box Sync\BoxSync.exe (Box, Inc.) PRC - C:\Programme\ubuntuone\dist\ubuntu-sso-login.exe () PRC - C:\Programme\ubuntuone\dist\ubuntuone-syncdaemon.exe () PRC - C:\Programme\ubuntuone\dist\ubuntuone-proxy-tunnel.exe () PRC - C:\Programme\ubuntuone\dist\ubuntuone-control-panel-qt.exe () PRC - C:\Programme\Twonky\TwonkyServer\twonkyproxy.exe () PRC - C:\Programme\Twonky\TwonkyServer\twonkywebdav.exe () PRC - C:\Programme\Twonky\TwonkyServer\twonkytray.exe (PacketVideo) PRC - C:\Programme\Java\jre7\bin\jqs.exe (Oracle Corporation) PRC - G:\Programme\PDF24\pdf24.exe (Geek Software GmbH) PRC - G:\Programme\Notepad++\notepad++.exe (Don HO don.h@free.fr) PRC - C:\Programme\Gemeinsame Dateien\Java\Java Update\jucheck.exe (Sun Microsystems, Inc.) PRC - C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) PRC - G:\Eigene Programme\F-Secure\ORSP Client\fsorsp.exe (F-Secure Corporation) PRC - G:\hardcopy\hardcopy.exe (sw4you, Siegfried Weckmann) PRC - C:\Programme\Sony\VAIO Update 5\VAIOUpdt.exe (Sony Corporation) PRC - C:\Programme\Sony\VAIO Update Common\VUAgent.exe (Sony Corporation) PRC - G:\Programme\STRATO AG\STRATO HiDrive\STRATO HiDrive Service.exe (STRATO) PRC - C:\Programme\Software Informer\softinfo.exe (Informer Technologies, Inc.) PRC - C:\Programme\Nero\Update\NASvc.exe (Nero AG) PRC - G:\Eigene Programme\F-Secure\Common\FSM32.EXE (F-Secure Corporation) PRC - G:\Eigene Programme\F-Secure\Common\FSMA32.EXE (F-Secure Corporation) PRC - G:\Eigene Programme\F-Secure\Common\FSHDLL32.EXE (F-Secure Corporation) PRC - G:\Eigene Programme\F-Secure\FWES\program\fsdfwd.exe (F-Secure Corporation) PRC - G:\Eigene Programme\F-Secure\Anti-Virus\fsgk32st.exe (F-Secure Corporation) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Gemeinsame Dateien\Ulead Systems\AutoDetector\Monitor.exe (Ulead Systems, Inc.) PRC - C:\Programme\Sony\VAIO Camera Utility\VCUServe.exe (Sony Corporation) PRC - C:\Programme\Sony\VAIO Power Management\SPMgr.exe (Sony Corporation) PRC - C:\Programme\Sony\Wireless Switch Setting Utility\Switcher.exe (Sony Corporation) PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.) PRC - C:\Programme\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe () PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe (TOSHIBA CORPORATION.) PRC - C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe (Sony Corporation) PRC - C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe (Sony Corporation) PRC - C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe (Sony Corporation) PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe (TOSHIBA CORPORATION.) PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe (TOSHIBA CORPORATION.) PRC - C:\Programme\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation) PRC - C:\Programme\Adobe\Acrobat 7.0\Distillr\acrotray.exe (Adobe Systems Inc.) PRC - C:\Programme\Apoint\Apoint.exe (Alps Electric Co., Ltd.) PRC - C:\Programme\Apoint\ApntEx.exe (Alps Electric Co., Ltd.) PRC - C:\Programme\Sony\ISB Utility\ISBMgr.exe (Sony Corporation) PRC - C:\WINDOWS\system32\ico.exe (Primax Electronics Ltd.) ========== Modules (No Company Name) ========== MOD - G:\Programme\mozilla firefox\mozjs.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\BoxSyncHelper\69a33ca4d86dd204a06bebc087d60b26\BoxSyncHelper.ni.exe () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Newtonsoft.Json.Net#\ad7f1ab6eb4d4760d6a44da93a726174\Newtonsoft.Json.Net20.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Python.Runtime\e504461905e60c71e7b15698bca2b340\Python.Runtime.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Management\1a6f9e23985e3159e6dd9827fd81c2fd\System.Management.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\ZetaLongPaths\79a6c14accd5a637a81f08525630c90e\ZetaLongPaths.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\BoxUtils\8fcb0e3bc42873044d8bb5ba01a4fd68\BoxUtils.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\BoxSync\a3b01b2b9821350be75712b900bf5589\BoxSync.ni.exe () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\5f287bf8e66e3b9bfc5562ad7e3c7857\System.Configuration.Install.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\d8e6b9c70a9456677c5d746fa603013f\System.Web.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\d7a2248a76f0e94d56c92c5bf96f5175\System.Runtime.Remoting.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Transactions\ad737988d5bde126a3b7770eacc51e5b\System.Transactions.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data\8462c03b4f10c4624feb95790d6d1e30\System.Data.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Accessibility\cbee94ec6a0fe649e3b4643cea6e1259\Accessibility.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\4c91371e83d124ecb39664613e7e0417\System.Windows.Forms.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\7782f356a838c403b4a8e9c80df5a577\System.Drawing.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Security\203f25ba39b45027d2d0c8f849a471db\System.Security.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\d8f621506aee1c8eb8fdb948d4640dca\System.Data.SqlXml.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\fe025743210c22bea2f009e1612c38bf\System.Xml.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\96b7a0136e9e72e8f4eb0230c20766d2\System.Configuration.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\aeac298c43c77d8860db8e7634d9f2eb\System.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\eab2340ead8e1a84bdf1a87868659979\mscorlib.ni.dll () MOD - C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll () MOD - C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll () MOD - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.DEU () MOD - C:\Programme\ubuntuone\dist\ubuntu-sso-login.exe () MOD - C:\Programme\ubuntuone\dist\ubuntuone-syncdaemon.exe () MOD - C:\Programme\ubuntuone\dist\ubuntuone-proxy-tunnel.exe () MOD - C:\Programme\ubuntuone\dist\ubuntuone-control-panel-qt.exe () MOD - C:\Programme\Twonky\TwonkyServer\twonkyproxy.exe () MOD - C:\Programme\Twonky\TwonkyServer\twonkywebdav.exe () MOD - C:\Programme\ubuntuone\dist\zope.interface._zope_interface_coptimizations.pyd () MOD - C:\Programme\ubuntuone\dist\OpenSSL.crypto.pyd () MOD - C:\Programme\ubuntuone\dist\OpenSSL.SSL.pyd () MOD - C:\Programme\ubuntuone\dist\OpenSSL.rand.pyd () MOD - C:\Programme\ubuntuone\dist\Crypto.Cipher.AES.pyd () MOD - C:\Programme\ubuntuone\dist\twisted.python._initgroups.pyd () MOD - C:\Programme\Box Sync\_ssl.pyd () MOD - C:\Programme\Box Sync\unicodedata.pyd () MOD - C:\Programme\Box Sync\sqlite3.dll () MOD - C:\Programme\Box Sync\_hashlib.pyd () MOD - C:\Programme\Box Sync\pyexpat.pyd () MOD - C:\Programme\Box Sync\win32file.pyd () MOD - C:\Programme\Box Sync\pywintypes27.dll () MOD - C:\Programme\Box Sync\win32security.pyd () MOD - C:\Programme\Box Sync\win32api.pyd () MOD - C:\Programme\Box Sync\_elementtree.pyd () MOD - C:\Programme\Box Sync\_ctypes.pyd () MOD - C:\Programme\Box Sync\_sqlite3.pyd () MOD - C:\Programme\Box Sync\_socket.pyd () MOD - C:\Programme\Box Sync\_testcapi.pyd () MOD - C:\Programme\Box Sync\_win32sysloader.pyd () MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Core\a2b1103ad3d9f329e0c9164994137c81\System.Core.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml\21071fcc838660d96f10920c4c3cd206\System.Xml.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Configuration\363b05dd092178671e56531a9c4999b6\System.Configuration.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System\3ff4657a86a0e14b4be577969e0ec762\System.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\mscorlib\52f4f785f7cf45a64606a8e13c8cf04c\mscorlib.ni.dll () MOD - C:\Programme\ubuntuone\dist\PyQt4.QtNetwork.pyd () MOD - C:\Programme\ubuntuone\dist\PyQt4.QtGui.pyd () MOD - C:\Programme\ubuntuone\dist\PyQt4.QtCore.pyd () MOD - C:\Programme\ubuntuone\dist\sip.pyd () MOD - G:\Eigene Programme\F-Secure\Anti-Virus\minifilter\hashlib_x86.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll () MOD - G:\hardcopy\HcDllS.dll () MOD - C:\Programme\ubuntuone\dist\_ssl.pyd () MOD - C:\Programme\ubuntuone\dist\_hashlib.pyd () MOD - C:\Programme\ubuntuone\dist\_ctypes.pyd () MOD - C:\Programme\ubuntuone\dist\select.pyd () MOD - C:\Programme\ubuntuone\dist\unicodedata.pyd () MOD - C:\Programme\ubuntuone\dist\_socket.pyd () MOD - G:\hardcopy\HcDLL2_36_Win32.dll () MOD - C:\Programme\ubuntuone\dist\win32com.shell.shell.pyd () MOD - C:\Programme\ubuntuone\dist\pythoncom27.dll () MOD - C:\Programme\ubuntuone\dist\win32gui.pyd () MOD - C:\Programme\ubuntuone\dist\win32api.pyd () MOD - C:\Programme\ubuntuone\dist\win32trace.pyd () MOD - C:\Programme\ubuntuone\dist\win32security.pyd () MOD - C:\Programme\ubuntuone\dist\win32process.pyd () MOD - C:\Programme\ubuntuone\dist\win32pipe.pyd () MOD - C:\Programme\ubuntuone\dist\win32event.pyd () MOD - C:\Programme\ubuntuone\dist\win32file.pyd () MOD - C:\Programme\ubuntuone\dist\pywintypes27.dll () MOD - G:\hardcopy\hardcopy_04.dll () MOD - G:\Programme\Notepad++\plugins\NppFTP.dll () MOD - G:\Programme\Notepad++\plugins\NppExport.dll () MOD - C:\WINDOWS\system32\sbe.dll () MOD - G:\Eigene Programme\F-Secure\Spam Control\fsas.dll () MOD - \\?\g:\eigene programme\f-secure\hips\fsumi.dll () MOD - G:\Eigene Programme\F-Secure\FSGUI\strres.eng () MOD - G:\Eigene Programme\F-Secure\FSGUI\gres.dll () MOD - G:\Eigene Programme\F-Secure\FSGUI\fsavures.eng () MOD - G:\Eigene Programme\F-Secure\FSGUI\flyerres.eng () MOD - G:\Eigene Programme\F-Secure\FSGUI\about.dll () MOD - G:\Eigene Programme\F-Secure\FSGUI\aboutres.dll () MOD - G:\Eigene Programme\F-Secure\Anti-Virus\fsavhres.eng () MOD - g:\Eigene Programme\F-Secure\DAAS2\daas2.dll () MOD - C:\WINDOWS\system32\msdmo.dll () MOD - C:\Programme\Gemeinsame Dateien\Ulead Systems\AutoDetector\DetMethod.dll () MOD - C:\WINDOWS\system32\msjetoledb40.dll () MOD - C:\Programme\Sony\VAIO Camera Utility\VCULib.dll () MOD - C:\Programme\Intel\Wireless\Bin\Libeay32.dll () MOD - C:\Programme\Intel\Wireless\Bin\iWMSProv.dll () MOD - C:\Programme\Intel\Wireless\Bin\IntStngs.dll () MOD - C:\Programme\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe () MOD - C:\WINDOWS\system32\TosCommAPI.dll () MOD - C:\Programme\Sony\VAIO Event Service\VESBasePS.dll () MOD - C:\Programme\Adobe\Acrobat 7.0\Distillr\AdistRes.DEU () MOD - C:\WINDOWS\system32\TosBtHcrpAPI.dll () ========== Services (SafeList) ========== SRV - (HidServ) -- %SystemRoot%\System32\hidserv.dll File not found SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (TwonkyProxy) -- C:\Programme\Twonky\TwonkyServer\twonkyproxy.exe () SRV - (TwonkyWebDav) -- C:\Programme\Twonky\TwonkyServer\twonkywebdav.exe () SRV - (JavaQuickStarterService) -- C:\Programme\Java\jre7\bin\jqs.exe (Oracle Corporation) SRV - (FSORSPClient) -- G:\Eigene Programme\F-Secure\ORSP Client\fsorsp.exe (F-Secure Corporation) SRV - (VUAgent) -- C:\Programme\Sony\VAIO Update Common\VUAgent.exe (Sony Corporation) SRV - (STRATO HiDrive Service) -- G:\Programme\STRATO AG\STRATO HiDrive\STRATO HiDrive Service.exe (STRATO) SRV - (NAUpdate) -- C:\Programme\Nero\Update\NASvc.exe (Nero AG) SRV - (FSMA) -- G:\Eigene Programme\F-Secure\Common\FSMA32.EXE (F-Secure Corporation) SRV - (FSDFWD) -- G:\Eigene Programme\F-Secure\FWES\program\fsdfwd.exe (F-Secure Corporation) SRV - (F-Secure Gatekeeper Handler Starter) -- G:\Eigene Programme\F-Secure\Anti-Virus\fsgk32st.exe (F-Secure Corporation) SRV - (VAIOMediaPlatform-IntegratedServer-AppServer) -- C:\Programme\Sony\VAIO Media Integrated Server\VMISrv.exe (Sony Corporation) SRV - (VAIOMediaPlatform-IntegratedServer-UPnP) -- C:\Programme\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe (Sony Corporation) SRV - (VAIOMediaPlatform-IntegratedServer-HTTP) -- C:\Programme\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe (Sony Corporation) SRV - (VAIOMediaPlatform-Mobile-Gateway) -- C:\Programme\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe (Sony Corporation) SRV - (VAIO Entertainment TV Device Arbitration Service) -- C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe (Sony Corporation) SRV - (SSScsiSV) -- C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\SSScsiSV.exe (Sony Corporation) SRV - (AdobeActiveFileMonitor4.0) -- C:\Programme\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe () SRV - (VzCdbSvc) -- C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe (Sony Corporation) SRV - (VzFw) -- C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe (Sony Corporation) SRV - (Vcsw) -- C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe (Sony Corporation) SRV - (MSCSPTISRV) -- C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\MSCSPTISRV.exe (Sony Corporation) SRV - (PACSPTISVR) -- C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\PACSPTISVR.exe (Sony Corporation) SRV - (SPTISRV) -- C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\SPTISRV.exe (Sony Corporation) SRV - (Image Converter video recording monitor for VAIO Entertainment) -- C:\Programme\Sony\Image Converter 2\IcVzMon.exe (Sony Corporation) SRV - (VAIO Event Service) -- C:\Programme\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation) SRV - (VCI) -- C:\Programme\Sony\VAIO Cooperated Initialisation\VCI_svc.exe (Sony Corporation) ========== Driver Services (SafeList) ========== DRV - (WDICA) -- File not found DRV - (PDRFRAME) -- File not found DRV - (PDRELI) -- File not found DRV - (PDFRAME) -- File not found DRV - (PDCOMP) -- File not found DRV - (PCIDump) -- File not found DRV - (lbrtfdc) -- File not found DRV - (i2omgmt) -- File not found DRV - (esihdrv) -- C:\DOKUME~1\Wolfgang\LOKALE~1\Temp\esihdrv.sys File not found DRV - (Changer) -- File not found DRV - (catchme) -- C:\DOKUME~1\Wolfgang\LOKALE~1\Temp\catchme.sys File not found DRV - (F-Secure Gatekeeper) -- G:\Eigene Programme\F-Secure\Anti-Virus\minifilter\fsgk.sys () DRV - (fsbts) -- C:\WINDOWS\system32\drivers\fsbts.sys () DRV - (NBVol) -- C:\WINDOWS\system32\drivers\NBVol.sys (Nero AG) DRV - (NBVolUp) -- C:\WINDOWS\system32\drivers\NBVolUp.sys (Nero AG) DRV - (tap0901) -- C:\WINDOWS\system32\drivers\tap0901.sys (The OpenVPN Project) DRV - (F-Secure HIPS) -- G:\Eigene Programme\F-Secure\HIPS\drivers\fshs.sys (F-Secure Corporation) DRV - (FSFW) -- C:\WINDOWS\system32\drivers\fsdfw.sys (F-Secure Corporation) DRV - (F-Secure Filter) -- G:\Eigene Programme\F-Secure\Anti-Virus\win2k\fsfilter.sys () DRV - (F-Secure Recognizer) -- G:\Eigene Programme\F-Secure\Anti-Virus\win2k\fsrec.sys () DRV - (WDC_SAM) -- C:\WINDOWS\system32\drivers\wdcsam.sys (Western Digital Technologies) DRV - (SonyImgF) -- C:\WINDOWS\system32\drivers\SonyImgF.sys (Sony Corporation) DRV - (s24trans) -- C:\WINDOWS\system32\drivers\s24trans.sys (Intel Corporation) DRV - (w39n51) -- C:\WINDOWS\system32\drivers\w39n51.sys (Intel® Corporation) DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (SigmaTel, Inc.) DRV - (Tosrfusb) -- C:\WINDOWS\system32\drivers\tosrfusb.sys (TOSHIBA CORPORATION) DRV - (TosRfSnd) -- C:\WINDOWS\system32\drivers\tosrfsnd.sys (TOSHIBA Corporation) DRV - (usbvm321) -- C:\WINDOWS\system32\drivers\usbvm321.sys (Vimicro Corporation) DRV - (HSF_DPV) -- C:\WINDOWS\system32\drivers\HSF_DPV.sys (Conexant Systems, Inc.) DRV - (HSFHWAZL) -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys (Conexant Systems, Inc.) DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.) DRV - (Tosrfbd) -- C:\WINDOWS\system32\drivers\tosrfbd.sys (TOSHIBA CORPORATION) DRV - (Tosrfhid) -- C:\WINDOWS\system32\drivers\tosrfhid.sys (TOSHIBA Corporation.) DRV - (ti21sony) -- C:\WINDOWS\system32\drivers\ti21sony.sys (Texas Instruments) DRV - (SI3132) -- C:\WINDOWS\system32\drivers\SI3132.sys (Silicon Image, Inc.) DRV - (SiRemFil) -- C:\WINDOWS\system32\drivers\SiRemFil.sys (Silicon Image, Inc.) DRV - (tosporte) -- C:\WINDOWS\system32\drivers\tosporte.sys (TOSHIBA Corporation) DRV - (Tosrfbnp) -- C:\WINDOWS\system32\drivers\tosrfbnp.sys (TOSHIBA Corporation) DRV - (Tosrfcom) -- C:\WINDOWS\system32\drivers\tosrfcom.sys (TOSHIBA Corporation) DRV - (toshidpt) -- C:\WINDOWS\system32\drivers\toshidpt.sys (TOSHIBA Corporation.) DRV - (tosrfnds) -- C:\WINDOWS\system32\drivers\tosrfnds.sys (TOSHIBA Corporation.) DRV - (ApfiltrService) -- C:\WINDOWS\system32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.) DRV - (SiFilter) -- C:\WINDOWS\system32\drivers\SiWinAcc.sys (Silicon Image, Inc.) DRV - (DMICall) -- C:\WINDOWS\system32\drivers\DMICall.sys (Sony Corporation) DRV - (SNC) -- C:\WINDOWS\system32\drivers\SonyNC.sys (Sony Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.club-vaio.com/de/ IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.club-vaio.com/de/ IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-2067509887-573568312-3817669188-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKU\S-1-5-21-2067509887-573568312-3817669188-1006\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-2067509887-573568312-3817669188-1006\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-2067509887-573568312-3817669188-1006\..\SearchScopes\{0F9E37E5-7094-4B2A-BA63-45728792B28B}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=FKR&o=100000013&src=crm&q={searchTerms}&locale=&apn_ptnrs=2T&apn_dtid=YYYYYYYYDE&apn_uid=20f87da0-8a57-4582-a7cf-f83df4dd67e0&apn_sauid=E6103EC5-827E-45F3-9103-1CA704EF6625 IE - HKU\S-1-5-21-2067509887-573568312-3817669188-1006\..\SearchScopes\{AF0B3699-313C-47CE-B187-97C181997C92}: "URL" = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 IE - HKU\S-1-5-21-2067509887-573568312-3817669188-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "Ask.com" FF - prefs.js..browser.search.defaultenginename: "Ask.com" FF - prefs.js..browser.search.order.1: "Ask.com" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.startup.homepage: "hxxp://www.kottowski.de" FF - prefs.js..extensions.enabledAddons: spam%40trashmail.net:2.6.2 FF - prefs.js..extensions.enabledAddons: litmus-ff%40f-secure.com:1.10 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0 FF - prefs.js..keyword.URL: "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=FKR&o=100000013&locale=de_DE&apn_uid=20f87da0-8a57-4582-a7cf-f83df4dd67e0&apn_ptnrs=2T&apn_sauid=E6103EC5-827E-45F3-9103-1CA704EF6625&apn_dtid=YYYYYYYYDE&&q=" FF - prefs.js..network.proxy.type: 0 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Programme\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@Nero.com/KM: C:\PROGRA~1\GEMEIN~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.4: G:\Programme\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: G:\Programme\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101753.dll (Amazon.com, Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\litmus-ff@f-secure.com: G:\Eigene Programme\F-Secure\NRS\litmus-ff@f-secure.com [2013.01.03 20:18:32 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0\extensions\\Components: g:\programme\mozilla firefox\components [2013.01.10 20:43:04 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0\extensions\\Plugins: g:\programme\mozilla firefox\plugins [2012.06.10 19:48:52 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Wolfgang\Anwendungsdaten\Mozilla\Extensions [2012.12.02 20:03:37 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Wolfgang\Anwendungsdaten\Mozilla\Firefox\Profiles\jp8vstay.default\extensions [2012.10.24 21:55:03 | 000,000,000 | ---D | M] (Fotosketcher Toolbar) -- C:\Dokumente und Einstellungen\Wolfgang\Anwendungsdaten\Mozilla\Firefox\Profiles\jp8vstay.default\extensions\toolbar@ask.com [2012.12.02 20:03:37 | 000,217,069 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\Wolfgang\Anwendungsdaten\Mozilla\Firefox\Profiles\jp8vstay.default\extensions\spam@trashmail.net.xpi [2012.10.24 21:55:04 | 000,002,331 | ---- | M] () -- C:\Dokumente und Einstellungen\Wolfgang\Anwendungsdaten\Mozilla\Firefox\Profiles\jp8vstay.default\searchplugins\askcom.xml [2013.01.03 20:18:32 | 000,000,000 | ---D | M] ("urn:mozilla:install-manifest" em:creator="(c) 2007 by F-Secure" em:description="Browsing Protection Toolbar" em:homepageURL="hxxp://www.f-secure.com/" em:iconURL="chrome://litmus-ff/skin/logo.png" em:id="litmus-ff@f-secure.com" em:name="Browsing Protection" em:updateURL="https://10.70.0.25/fireup/update.rdf" em:version="1.10">) -- G:\EIGENE PROGRAMME\F-SECURE\NRS\LITMUS-FF@F-SECURE.COM O1 HOSTS File: ([2013.01.09 21:56:43 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Programme\Google\GoogleToolbar1.dll (Google Inc.) O2 - BHO: (Browsing Protection Class) - {C6867EB7-8350-4856-877F-93CF8AE3DC9C} - G:\Eigene Programme\F-Secure\NRS\iescript\baselitmus.dll (F-Secure Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Programme\Google\GoogleToolbar1.dll (Google Inc.) O3 - HKLM\..\Toolbar: (Browsing Protection Toolbar) - {265EEE8E-3228-44D3-AEA5-F7FDF5860049} - G:\Eigene Programme\F-Secure\NRS\iescript\baselitmus.dll (F-Secure Corporation) O3 - HKU\S-1-5-21-2067509887-573568312-3817669188-1006\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found. O3 - HKU\S-1-5-21-2067509887-573568312-3817669188-1006\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found. O3 - HKU\S-1-5-21-2067509887-573568312-3817669188-1006\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Programme\Google\GoogleToolbar1.dll (Google Inc.) O4 - HKLM..\Run: [Acrobat Assistant 7.0] C:\Programme\Adobe\Acrobat 7.0\Distillr\Acrotray.exe (Adobe Systems Inc.) O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [Apoint] C:\Programme\Apoint\Apoint.exe (Alps Electric Co., Ltd.) O4 - HKLM..\Run: [BoxSyncHelper] C:\Programme\Box Sync\BoxSyncHelper.exe (Box, Inc.) O4 - HKLM..\Run: [F-Secure Manager] G:\Eigene Programme\F-Secure\Common\FSM32.EXE (F-Secure Corporation) O4 - HKLM..\Run: [F-Secure TNB] G:\Eigene Programme\F-Secure\FSGUI\TNBUtil.exe (F-Secure Corporation) O4 - HKLM..\Run: [ISBMgr.exe] C:\Programme\Sony\ISB Utility\ISBMgr.exe (Sony Corporation) O4 - HKLM..\Run: [Mouse Suite 98 Daemon] C:\WINDOWS\System32\ico.exe (Primax Electronics Ltd.) O4 - HKLM..\Run: [NBAgent] C:\Programme\Nero\Nero 11\Nero BackItUp\NBAgent.exe (Nero AG) O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [PDFPrint] G:\Programme\PDF24\pdf24.exe (Geek Software GmbH) O4 - HKLM..\Run: [SonyPowerCfg] C:\Programme\Sony\VAIO Power Management\SPMgr.exe (Sony Corporation) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) O4 - HKLM..\Run: [Switcher.exe] C:\Programme\Sony\Wireless Switch Setting Utility\Switcher.exe (Sony Corporation) O4 - HKLM..\Run: [Ulead AutoDetector v2] C:\Programme\Gemeinsame Dateien\Ulead Systems\AutoDetector\Monitor.exe (Ulead Systems, Inc.) O4 - HKLM..\Run: [VAIO Update 5] C:\Programme\Sony\VAIO Update 5\VAIOUpdt.exe (Sony Corporation) O4 - HKLM..\Run: [VAIOCameraUtility] C:\Programme\Sony\VAIO Camera Utility\VCUServe.exe (Sony Corporation) O4 - HKU\S-1-5-21-2067509887-573568312-3817669188-1006..\Run: [Software Informer] C:\Programme\Software Informer\softinfo.exe (Informer Technologies, Inc.) O4 - HKU\S-1-5-21-2067509887-573568312-3817669188-1006..\Run: [Ubuntu One] C:\Programme\ubuntuone\dist\ubuntuone-syncdaemon.exe () O4 - HKU\S-1-5-21-2067509887-573568312-3817669188-1006..\Run: [Ubuntu One Icon] C:\Programme\ubuntuone\dist\ubuntuone-control-panel-qt.exe () O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Bluetooth Manager.lnk = C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe () O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Box Sync.lnk = C:\Programme\Box Sync\BoxSync.exe (Box, Inc.) O4 - Startup: C:\Dokumente und Einstellungen\Wolfgang\Startmenü\Programme\Autostart\Hardcopy.LNK = G:\hardcopy\hardcopy.exe (sw4you, Siegfried Weckmann) O4 - Startup: C:\Dokumente und Einstellungen\Wolfgang\Startmenü\Programme\Autostart\Twonky 7.1.lnk = C:\Programme\Twonky\TwonkyServer\twonkytray.exe (PacketVideo) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-2067509887-573568312-3817669188-1006\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-2067509887-573568312-3817669188-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\S-1-5-21-2067509887-573568312-3817669188-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-21-2067509887-573568312-3817669188-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: &Google-Suche - C:\Programme\Google\GoogleToolbar1.dll (Google Inc.) O8 - Extra context menu item: &Ins Deutsche übersetzen - C:\Programme\Google\GoogleToolbar1.dll (Google Inc.) O8 - Extra context menu item: Ähnliche Seiten - C:\Programme\Google\GoogleToolbar1.dll (Google Inc.) O8 - Extra context menu item: Im Cache gespeicherte Seite - C:\Programme\Google\GoogleToolbar1.dll (Google Inc.) O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Verweisseiten - C:\Programme\Google\GoogleToolbar1.dll (Google Inc.) O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_05\bin\NPJPI150_05.dll (Sun Microsystems, Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - G:\Eigene Programme\F-Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - G:\Eigene Programme\F-Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - G:\Eigene Programme\F-Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - G:\Eigene Programme\F-Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation) O15 - HKU\.DEFAULT\..Trusted Domains: sony-europe.com ([] in Lokales Intranet) O15 - HKU\.DEFAULT\..Trusted Domains: sony-europe.com ([]* in Vertrauenswürdige Sites) O15 - HKU\.DEFAULT\..Trusted Domains: sonystyle-europe.com ([] in Lokales Intranet) O15 - HKU\.DEFAULT\..Trusted Domains: sonystyle-europe.com ([]* in Vertrauenswürdige Sites) O15 - HKU\.DEFAULT\..Trusted Domains: vaio-link.com ([] in Lokales Intranet) O15 - HKU\.DEFAULT\..Trusted Domains: vaio-link.com ([]* in Vertrauenswürdige Sites) O15 - HKU\S-1-5-18\..Trusted Domains: sony-europe.com ([] in Lokales Intranet) O15 - HKU\S-1-5-18\..Trusted Domains: sony-europe.com ([]* in Vertrauenswürdige Sites) O15 - HKU\S-1-5-18\..Trusted Domains: sonystyle-europe.com ([] in Lokales Intranet) O15 - HKU\S-1-5-18\..Trusted Domains: sonystyle-europe.com ([]* in Vertrauenswürdige Sites) O15 - HKU\S-1-5-18\..Trusted Domains: vaio-link.com ([] in Lokales Intranet) O15 - HKU\S-1-5-18\..Trusted Domains: vaio-link.com ([]* in Vertrauenswürdige Sites) O15 - HKU\S-1-5-21-2067509887-573568312-3817669188-1006\..Trusted Domains: sony-europe.com ([]* in Trusted sites) O15 - HKU\S-1-5-21-2067509887-573568312-3817669188-1006\..Trusted Domains: sonystyle-europe.com ([]* in Trusted sites) O15 - HKU\S-1-5-21-2067509887-573568312-3817669188-1006\..Trusted Domains: vaio-link.com ([]* in Trusted sites) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab (Reg Error: Value error.) O16 - DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab (Java Plug-in 1.5.0_05) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D736588D-959B-4DE4-8835-3D3DDD703445}: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\VESWinlogon: DllName - (VESWinlogon.dll) - C:\WINDOWS\System32\VESWinlogon.dll (Sony Corporation) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: C:\WINDOWS\VAIO Sea Wallpaper TrueColor 1280x800.bmp O24 - Desktop BackupWallPaper: C:\WINDOWS\VAIO Sea Wallpaper TrueColor 1280x800.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2005.12.12 17:40:12 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - F:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2013.01.10 19:53:32 | 000,000,000 | -HSD | C] -- C:\RECYCLER [2013.01.10 01:04:17 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\mbar-1.01.0.1011 [2013.01.09 21:40:45 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Wolfgang\Anwendungsdaten\Opera [2013.01.09 21:31:25 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Wolfgang\Lokale Einstellungen\Anwendungsdaten\PCHealth [2013.01.08 22:49:57 | 000,000,000 | RHSD | C] -- C:\cmdcons [2013.01.08 22:46:23 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe [2013.01.08 22:46:23 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe [2013.01.08 22:46:22 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe [2013.01.08 22:46:22 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe [2013.01.08 22:45:53 | 000,000,000 | ---D | C] -- C:\Qoobox [2013.01.08 22:45:50 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\Wolfgang\Startmenü\Programme\Verwaltung [2013.01.08 22:45:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt [2013.01.08 22:41:04 | 005,019,950 | R--- | C] (Swearware) -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\ComboFix.exe [2013.01.06 17:50:24 | 002,213,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\tdsskiller.exe [2013.01.06 17:02:38 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\aswMBR.exe [2013.01.06 00:57:18 | 002,841,344 | ---- | C] (ESET) -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\SysInspector.exe [2013.01.04 18:58:43 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\OTL.exe [2013.01.03 21:53:20 | 000,000,000 | ---D | C] -- C:\Programme\ESET [2013.01.03 00:30:55 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Wolfgang\Anwendungsdaten\Malwarebytes [2013.01.03 00:30:32 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware [2013.01.03 00:30:29 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes [2013.01.03 00:30:25 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2013.01.03 00:30:25 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2013.01.02 22:16:19 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Wolfgang\Anwendungsdaten\F-Secure [2012.12.22 19:33:58 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Wolfgang\Startmenü\Programme\The GodFather [2012.12.22 01:54:27 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Wolfgang\Pictures - GT-P5100 [2012.12.22 00:34:45 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Wolfgang\Ubuntu One [2012.12.22 00:34:43 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Wolfgang\Lokale Einstellungen\Anwendungsdaten\ubuntuone [2012.12.22 00:34:31 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Wolfgang\Lokale Einstellungen\Anwendungsdaten\xdg [2012.12.22 00:34:31 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ubuntuone-storageprotocol [2012.12.22 00:34:31 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ubuntuone [2012.12.22 00:34:22 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Ubuntu One [2012.12.22 00:34:10 | 000,000,000 | ---D | C] -- C:\Programme\ubuntuone [2012.12.21 20:51:21 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Box Sync [2012.12.21 01:26:56 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen\Wolfgang\IECompatCache [2012.12.20 23:59:17 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Wolfgang\Lokale Einstellungen\Anwendungsdaten\IsolatedStorage [2012.12.20 23:57:37 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Western Digital [2012.12.20 23:37:20 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\WD Link [2012.12.20 21:16:52 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Wolfgang\Anwendungsdaten\TwonkyServer [2012.12.20 21:15:50 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\twonkyserver [2012.12.20 21:15:45 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Wolfgang\Startmenü\Programme\Twonky 7.1 [2012.12.20 21:15:32 | 000,000,000 | ---D | C] -- C:\Programme\Twonky [2012.12.20 20:39:37 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Wolfgang\Anwendungsdaten\MioNetApplet [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.01.16 13:38:15 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job [2013.01.16 13:08:00 | 000,041,156 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml [2013.01.16 13:07:39 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2013.01.16 13:07:37 | 2145,570,816 | -HS- | M] () -- C:\hiberfil.sys [2013.01.15 17:20:34 | 000,554,087 | ---- | M] () -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\adwcleaner.exe [2013.01.10 01:02:20 | 013,485,902 | ---- | M] () -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\mbar-1.01.0.1011.zip [2013.01.09 22:39:06 | 000,697,864 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe [2013.01.09 22:39:06 | 000,074,248 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl [2013.01.09 21:56:43 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts [2013.01.09 01:20:56 | 000,532,878 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat [2013.01.09 01:20:56 | 000,506,794 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2013.01.09 01:20:56 | 000,108,784 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat [2013.01.09 01:20:56 | 000,090,702 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2013.01.09 01:14:02 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2013.01.08 22:50:01 | 000,000,498 | RHS- | M] () -- C:\boot.ini [2013.01.08 22:40:54 | 005,019,950 | R--- | M] (Swearware) -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\ComboFix.exe [2013.01.07 23:24:51 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2013.01.06 17:50:28 | 002,213,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\tdsskiller.exe [2013.01.06 17:32:30 | 000,000,512 | ---- | M] () -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\MBR.dat [2013.01.06 17:03:30 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\aswMBR.exe [2013.01.06 06:33:34 | 006,009,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll [2013.01.06 00:57:24 | 002,841,344 | ---- | M] (ESET) -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\SysInspector.exe [2013.01.05 23:17:40 | 000,000,315 | ---- | M] () -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\F-Secure Health Check.url [2013.01.04 18:49:59 | 000,000,000 | ---- | M] () -- C:\Dokumente und Einstellungen\Wolfgang\defogger_reenable [2013.01.04 18:41:40 | 000,050,477 | ---- | M] () -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\Defogger.exe [2013.01.04 18:08:40 | 000,381,632 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2013.01.03 16:25:54 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\OTL.exe [2013.01.03 00:30:32 | 000,000,763 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk [2012.12.22 23:57:40 | 000,000,000 | ---- | M] () -- C:\1.htm [2012.12.22 23:39:23 | 000,007,026 | ---- | M] () -- C:\WINDOWS\cdplayer.ini [2012.12.22 19:40:20 | 000,000,609 | ---- | M] () -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\TheGodFather.lnk [2012.12.22 00:34:23 | 000,001,743 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Ubuntu One.lnk [2012.12.21 20:52:03 | 000,001,333 | ---- | M] () -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\My Box Files.lnk [2012.12.21 20:51:21 | 000,001,616 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Box Sync.lnk [2012.12.20 23:57:37 | 000,001,807 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\My Net View.lnk [2012.12.20 23:37:20 | 000,001,001 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\WD Link.lnk [2012.12.20 21:16:10 | 000,000,804 | ---- | M] () -- C:\Dokumente und Einstellungen\Wolfgang\Startmenü\Programme\Autostart\Twonky 7.1.lnk [2012.12.20 21:15:52 | 000,000,792 | ---- | M] () -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\Twonky 7.1.lnk [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.01.15 17:20:35 | 000,554,087 | ---- | C] () -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\adwcleaner.exe [2013.01.10 01:01:49 | 013,485,902 | ---- | C] () -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\mbar-1.01.0.1011.zip [2013.01.08 22:49:59 | 000,262,448 | RHS- | C] () -- C:\cmldr [2013.01.08 22:46:23 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe [2013.01.08 22:46:23 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe [2013.01.08 22:46:23 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe [2013.01.08 22:46:22 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe [2013.01.08 22:46:22 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe [2013.01.06 17:32:30 | 000,000,512 | ---- | C] () -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\MBR.dat [2013.01.05 23:17:40 | 000,000,315 | ---- | C] () -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\F-Secure Health Check.url [2013.01.04 18:49:59 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\Wolfgang\defogger_reenable [2013.01.04 18:41:44 | 000,050,477 | ---- | C] () -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\Defogger.exe [2013.01.03 00:30:32 | 000,000,763 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk [2012.12.22 23:57:05 | 000,000,000 | ---- | C] () -- C:\1.htm [2012.12.22 19:40:20 | 000,000,609 | ---- | C] () -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\TheGodFather.lnk [2012.12.22 00:34:23 | 000,001,743 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Ubuntu One.lnk [2012.12.21 20:51:21 | 000,001,616 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Box Sync.lnk [2012.12.20 23:57:37 | 000,001,807 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\My Net View.lnk [2012.12.20 23:37:20 | 000,001,001 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\WD Link.lnk [2012.12.20 21:16:10 | 000,000,804 | ---- | C] () -- C:\Dokumente und Einstellungen\Wolfgang\Startmenü\Programme\Autostart\Twonky 7.1.lnk [2012.12.20 21:15:52 | 000,000,792 | ---- | C] () -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\Twonky 7.1.lnk [2012.11.07 22:23:10 | 000,003,396 | ---- | C] () -- C:\Dokumente und Einstellungen\Wolfgang\Lokale Einstellungen\Anwendungsdaten\recently-used.xbel [2012.10.10 21:11:33 | 000,001,158 | ---- | C] () -- C:\Dokumente und Einstellungen\Wolfgang\Anwendungsdaten\ShiftN.ini [2012.10.01 23:04:30 | 000,345,366 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\WPFFontCache_v0400-S-1-5-21-2067509887-573568312-3817669188-1007-0.dat [2012.07.23 22:16:08 | 013,476,602 | ---- | C] () -- C:\Dokumente und Einstellungen\Wolfgang\ZDFneo-Der_Adler_-_Codename__Sisyphus-120705_adler_sisyphus_neo.asx.asf [2012.07.22 20:14:51 | 000,000,030 | ---- | C] () -- C:\WINDOWS\Iedit_.INI [2012.07.22 19:51:26 | 000,120,200 | ---- | C] () -- C:\WINDOWS\System32\DLLDEV32i.dll [2012.07.22 19:46:39 | 000,007,119 | ---- | C] () -- C:\WINDOWS\mgxoschk.ini [2012.06.28 15:06:13 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll [2012.06.28 01:39:10 | 000,891,902 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\WPFFontCache_v0400-S-1-5-21-2067509887-573568312-3817669188-1006-0.dat [2012.06.28 01:39:08 | 000,345,366 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\WPFFontCache_v0400-System.dat [2012.06.26 21:04:22 | 000,007,026 | ---- | C] () -- C:\WINDOWS\cdplayer.ini [2012.06.26 20:09:31 | 000,044,240 | ---- | C] () -- C:\WINDOWS\System32\drivers\fsbts.sys [2012.06.10 20:11:28 | 000,000,166 | ---- | C] () -- C:\Dokumente und Einstellungen\Wolfgang\Anwendungsdaten\wklnhst.dat [2012.06.10 16:58:38 | 000,004,608 | ---- | C] () -- C:\Dokumente und Einstellungen\Wolfgang\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.06.10 16:36:14 | 000,000,272 | ---- | C] () -- C:\Dokumente und Einstellungen\Wolfgang\Anwendungsdaten\.backup.dm [2012.06.09 21:25:28 | 000,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2012.06.09 21:16:26 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\Cpuinf32.dll [2012.06.09 21:12:07 | 000,000,059 | ---- | C] () -- C:\WINDOWS\WININIT.INI [2012.06.09 21:05:27 | 000,000,146 | ---- | C] () -- C:\Dokumente und Einstellungen\Wolfgang\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat ========== ZeroAccess Check ========== [2005.12.12 17:36:51 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shdocvw.dll -- [2012.04.20 20:29:44 | 001,510,400 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.02.09 11:51:44 | 000,473,600 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2008.04.14 03:22:32 | 000,273,920 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both < End of report > Code:
ATTFilter OTL Extras logfile created on: 16.01.2013 13:31:37 - Run 5 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Dokumente und Einstellungen\Wolfgang\Desktop Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,10 Gb Available Physical Memory | 55,19% Memory free 3,85 Gb Paging File | 2,96 Gb Available in Paging File | 76,85% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 48,83 Gb Total Space | 25,39 Gb Free Space | 51,99% Space Free | Partition Type: NTFS Drive D: | 140,58 Gb Total Space | 125,15 Gb Free Space | 89,03% Space Free | Partition Type: FAT32 Drive F: | 48,83 Gb Total Space | 35,30 Gb Free Space | 72,30% Space Free | Partition Type: NTFS Drive G: | 75,89 Gb Total Space | 68,83 Gb Free Space | 90,70% Space Free | Partition Type: NTFS Drive J: | 50,27 Gb Total Space | 50,26 Gb Free Space | 100,00% Space Free | Partition Type: FAT32 Drive N: | 465,73 Gb Total Space | 115,08 Gb Free Space | 24,71% Space Free | Partition Type: NTFS Computer Name: LAPTOP-PC | User Name: Wolfgang | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* .url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l [HKEY_USERS\S-1-5-21-2067509887-573568312-3817669188-1006\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- g:\programme\mozilla firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* exefile [open] -- "%1" %* htmlfile [edit] -- Reg Error: Key error. InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "G:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN) Directory [CEWE FOTOSCHAU] -- "G:\Programme\CEWE COLOR\Mein CEWE FOTOBUCH\CEWE FOTOSCHAU.exe" -d "%1" () Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [Mein CEWE FOTOBUCH] -- "G:\Programme\CEWE COLOR\Mein CEWE FOTOBUCH\Mein CEWE FOTOBUCH.exe" "%1" () Directory [PlayWithVLC] -- "G:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr] "Start" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService] "Start" = 2 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List] "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation) "%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation) "C:\Programme\Adobe\Photoshop Elements 4.0\AdobePhotoshopElementsMediaServer.exe" = C:\Programme\Adobe\Photoshop Elements 4.0\AdobePhotoshopElementsMediaServer.exe:*:Disabled:Adobe Photoshop Elements Media Server -- () "%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation) "C:\Programme\Twonky\TwonkyServer\twonkystarter.exe" = C:\Programme\Twonky\TwonkyServer\twonkystarter.exe:*:Enabled:TwonkyServer -- (PacketVideo) "C:\Programme\Twonky\TwonkyServer\twonkyserver.exe" = C:\Programme\Twonky\TwonkyServer\twonkyserver.exe:*:Enabled:TwonkyServer -- () "C:\Programme\ubuntuone\dist\ubuntuone-syncdaemon.exe" = C:\Programme\ubuntuone\dist\ubuntuone-syncdaemon.exe:*:Enabled:Ubuntu One -- () ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{00F8608F-BA6A-4B32-843A-1A568ACD1198}" = VAIO Sea Wallpaper "{013E1BA8-C815-4E27-BCB9-D6B1B2E24094}" = SonicStage Mastering Studio Audio Filter Custom Preset "{01E9B2FF-DAF4-4529-9CC9-2101625517C7}" = nero.prerequisites.msi "{01FDC9FC-4D4F-4DB0-ACD1-D3E8E1D52902}" = Sony MP4 Shared Library "{034DCAF9-96E7-4936-9A07-712F80B5181E}" = Nero RescueAgent 11 "{0673654C-5296-453B-9798-B61CD7E03FEB}" = SES Driver "{0713D1F9-DD77-42C1-8C7D-54D479E2E743}" = Nero SoundTrax 11 "{075473F5-846A-448B-BCB3-104AA1760205}" = Roxio DigitalMedia Data "{0D7A4289-99CF-4B8D-B812-86BE50A54552}" = Nero Video 11 "{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1 "{11C98E1A-EC91-4B38-B44C-C562292D8453}" = Adobe Premiere Elements 2.0 "{11D3EF85-63E1-4AE4-A7C1-9241BDB16B51}" = Nero ControlCenter 11 "{1417F599-1DBD-4499-9375-B2813E9F890C}" = VAIO Camera Utility "{14DC0059-00F1-4F62-BD1A-AB23CD51A95E}" = Adobe AIR "{15803703-25FA-4C01-A062-3F4A59937E87}" = Ulead PhotoImpact X3 "{1BEF9285-5530-426B-A5F1-5836B95C7EB1}" = VAIO Original Screen Saver "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{2063C2E8-3812-4BBD-9998-6610F80C1DD4}" = VAIO Media AC3 Decoder 1.0 "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe "{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 9 "{27337663-2619-11D4-99DC-0000F49094C7}" = Memory Stick Formatter "{28C70D19-6DE9-43EF-BFA3-342F4A11B727}" = LibreOffice 3.5 "{2A0F3EF9-68EE-49E9-A05B-ED5B82DF63E5}" = Wireless Switch Setting Utility "{2AEDC172-479F-47AE-8A48-A0524D4AED5B}_is1" = Inpaint 4.7 "{2CA7225D-CB12-462A-9DD1-50319E158BA5}" = Nero 11 PiP Effects Basic "{3248F0A8-6813-11D6-A77B-00B0D0150050}" = J2SE Runtime Environment 5.0 Update 5 "{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{390757AA-8830-43DC-AEE0-4E5B6F8439EB}" = Nero SoundTrax 11 Help (CHM) "{3966711E-1F98-4C9F-AE0B-6AD28137FE64}" = Multiple Image Resizer .NET 4 "{3B418709-D688-4E3A-BE0E-7D71FA84C948}" = Nero 11 PiP Effects 1 "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{4382FC76-8100-4951-8658-31834E625E88}" = Nero 11 Video Transitions 1 "{498A4E3D-562E-4129-8722-6DCAB12384AE}" = Windows Communication Foundation Language Pack - DEU "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{529125EF-E3AC-4B74-97E6-F688A7C0F1BF}" = Paint.NET v3.5.10 "{53F7746A-96AA-49A5-86B8-59989680DAC5}" = Nero Burning ROM 11 Help (CHM) "{55C2143E-FBA5-442F-9AFA-726FF068F39D}" = Nero CoverDesigner 11 Help (CHM) "{560F6B2E-F0DF-44E5-8190-A4A161F0E205}" = VAIO Media 5.0 "{57F80ECF-E27C-4EEE-AB58-E971BACE2639}" = Nero Recode 11 Help (CHM) "{5855C127-1F20-404D-B7FB-1FD84D7EAB5E}" = VAIO Media Redistribution 5.0 "{59452470-A902-477F-9338-9B88101681BD}" = Setting Utility Series "{5958CAC6-373E-402F-84FE-0A699AA920B9}" = LAN Setting Utility "{5A212B2D-140D-46F4-B625-2D1CA5A00594}" = Nero 11 Kwik Themes Basic "{5BEE8F1F-BD32-4553-8107-500439E43BD7}" = VAIO Update "{5E940FC7-90C4-8583-3DCB-A2C86224B726}" = Shrink O’Matic "{5E98FDD6-3672-4DBE-AB8B-2C9A0BED1382}" = Nero 11 Disc Menus 3 "{60356853-8141-8377-6786-288431479053}" = Jewel Empire-Hidden Secrets "{61D6E4FB-1A62-4EB1-BE56-929B00C155CF}" = Wireless LAN Starter "{63B8FB69-A1B6-425D-B67D-5257B7A1F663}" = Image Converter 2 Plus "{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update "{668B1BD6-4593-4959-970E-249AFFE6F35C}" = VOR "{685BCC47-B8EC-45EC-BBCE-77DF2451502C}" = DVgate Plus "{6AB2427E-A18F-4809-9A12-29F5EBABBB3A}" = Nero BackItUp 11 Help (CHM) "{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 "{6B1F20F2-6321-4669-A58C-33DF8E7517FF}" = VAIO Entertainment Platform "{7228FD8C-3B9E-4204-AE36-8A466107685B}" = Windows Workflow Foundation DE Language Pack "{785EB1D4-ECEC-4195-99B4-73C47E187721}" = VAIO Media Integrated Server 5.0 "{7DF2B5EE-2C16-4E86-9C71-8678068AD805}" = Nero 11 Disc Menus 2 "{7F9C9908-69E3-4474-A081-256F27995A18}" = My Net View "{8014FACB-1D1D-48C2-94AA-E29EE2E6B9CE}" = Nero WaveEditor 11 "{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 4.9.0 "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{8937FCB2-2FC6-4FC3-9FB5-DE2C92DB9C38}" = Microsoft .NET Framework 2.0 Language Pack - DEU "{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr "{8EDBA74D-0686-4C99-BFDD-F894678E5102}" = Adobe Common File Installer "{8FFC924C-ED06-44CB-8867-3CA778ECE903}" = Adobe Help Center 2.0 "{9080C5D2-82FA-452A-87FA-CBB4B05D67A5}" = VPS "{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD for VAIO "{9193490D-5229-4FC4-9BB9-A6D63C09574A}" = High-Definition Video Playback "{92DF2F1B-F63C-4D9A-B3E1-B2D11AE29790}" = Windows Presentation Foundation Language Pack (DEU) "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9CC89556-3578-48DD-8408-04E66EBEF401}" = mXML "{9E319E96-ED8E-4B01-9775-C521A1869A25}" = VAIO Power Management "{9E407618-D9CD-4F39-9490-9ED45294073D}" = Click to DVD 2.0.03 Menu Data "{9FC86590-AC98-4845-80D4-3EB37B51947B}" = Nero 11 "{A0EB195B-5876-48E6-879D-33D4B2102610}" = SonicStage 3.3 "{A0F34849-D9AB-46DD-B1BE-BB0DB60B1FE8}" = Nero 11 Disc Menus 1 "{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}" = mDriver "{A2CDC001-F8B3-4C64-9E74-2E3FA0FAC9D9}" = Nero 11 Video Samples "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{A3810BEE-967B-41DC-9662-F941A3F7D689}" = calibre "{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio "{A4F6BE36-4826-45BA-A396-04F265A3B61D}" = Nero 11 Kwik Themes 2 "{A7A0BF2E-31CC-49E3-9913-52C503EB969D}" = Nero Audio Pack 1 "{AB2BBC64-8AC8-4E66-BBF3-E22D5EACEECA}" = Nero BackItUp 11 "{AB467B85-4F52-48C2-AEED-0673D00417B0}" = SonicStage Mastering Studio Audio Filter "{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Roxio DigitalMedia Audio "{ABBD2A2E-2424-4078-966F-F319A88D5F21}" = VAIO Starfish Wallpaper "{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.5) - Deutsch "{ACD6B383-EC5B-4000-A455-CCB308B447FE}" = Nero 11 Kwik Themes 4 "{AF9A04EB-7D8E-41DE-9EDE-4AB9BB2B71B6}" = VAIO Media Registration Tool 5.0 "{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Roxio DigitalMedia Copy "{B160A672-F326-4414-9BB0-A056C61B357C}" = Nero 11 Cliparts "{B1846721-A8E6-46C7-83B6-0DCF7ADB4267}" = Nero Burning ROM 11 "{B1F69AF3-B5B5-4CA5-ADC5-8A738EB6E574}" = Nero 11 Kwik Themes 1 "{B26E3B0D-C2FA-4370-B068-7C476766F029}" = Microsoft Works "{B3F1E526-180B-4480-9FEC-3E2DCB8EA9CE}" = F-Secure PSC Prerequisites "{B7C03E84-AF46-42F4-809D-D4127D9086D0}" = VAIO Edit Components 6.0 "{B9B1BA7F-7E07-49DD-A713-5B397A5BB66B}" = Nero Kwik Media Help (CHM) "{BA499CC0-12C0-4BA5-9007-76844B721158}" = Nero 11 Kwik Themes 3 "{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation "{BE56FEF0-1A0F-4719-B3AD-34B5087AFA6D}" = Sony Video Shared Library "{BE814218-3919-4EA3-868A-2F60BC135CB4}" = Nero Kwik Media "{BEBEE34D-84A2-4EDD-8BEA-96CC54371263}" = Nero Core Components 11 "{BF3B304B-8A18-452D-A19F-6012CA8418D7}" = SonicStage Mastering Studio 2.1 "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{C27BF761-C499-488D-A964-A3718BC6EC3E}" = DSD Direct "{C89EB8CD-675F-44F4-9729-4C9A8FAC2D4F}" = DSD Playback Plug-In 1.0 "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CCE210DF-7EEF-4A76-A63C-3EB091FDB992}" = welcome "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{CE518445-0054-44F8-8315-2AD45BF3701E}" = Raw Therapee V4.0.9.50 x86 "{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba "{D010EBB6-6CDB-4360-90ED-743156F3E11F}" = LibreOffice 3.5 Help Pack (German) "{D01CE99A-8802-483C-A79F-298B691EB432}" = Nero RescueAgent 11 Help (CHM) "{D2CBEFA4-F2D3-4E97-A171-8BFD6A31A5EC}" = Nero Express 11 Help (CHM) "{D2D23D08-D10E-43D6-883C-78E0B2AC9CC6}" = VU5x86 "{D4D66270-9147-4BDF-9946-FCA2B303AA8F}" = Nero ControlCenter 11 Help (CHM) "{E09B48B5-E141-427A-AB0C-D3605127224A}" = Microsoft SQL Server Desktop Engine (VAIO_VEDB) "{E10AAE4A-98B8-420A-BD93-E0520C23D624}" = Nero Express 11 "{E4715C25-7114-4F40-A915-C1951D4D7520}" = VAIO Update Merge Module x86 "{E51BC4B0-EA5E-49CC-AF3B-93B5C627EC22}" = Nero 11 Effects Basic "{E5E6E687-1031-0000-0000-000000000002}" = Adobe Acrobat 7.0 Elements - Deutsch "{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack "{E809063C-51A3-4269-8984-D1EB742F2151}" = Click to DVD 2.5.00 "{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore "{EB8DED20-A887-4A9C-BB5A-F3E7523DFB44}" = Nero WaveEditor 11 Help (CHM) "{EBB7C1C1-D439-4D9B-9FDC-954C10F266B0}" = Adobe Photoshop Elements 4.0 "{EE7EB179-5AA2-4B28-AC92-5CBAAF82BA7F}" = SonicStage Mastering Studio Plugins "{EF3D45BB-2260-4008-88EA-492E7744A9DF}" = Sony Utilities DLL "{F0AC2E59-2AD8-4D4C-8677-4EFE8F8AFC37}" = Box Sync "{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F0D85ADD-DD61-4B43-87A0-6DA52A211A8B}" = VAIO Event Service "{F2A7F421-1679-48D5-B918-96999014ED53}" = Microsoft .NET Framework 3.0 German Language Pack "{F3743A2C-5D5F-4456-8F98-5DF36A954C50}" = Nero 11 Image Samples "{F49EF443-B2BD-4F10-8A46-87AFCDB90EDD}" = Nero 11 Disc Menus Basic "{F5E4C38C-73BC-4D44-8BFC-969C2B4DABCA}" = OpenMG Secure Module 4.3.00 "{F69FB940-5031-4FE8-AFAD-085802D0BF63}" = Nero Recode 11 "{F8EF9B71-53E7-41F5-8E54-47B4C979CB38}" = Nero Backup Drivers "{FAC3C37E-EDAB-4F3A-A173-A7C70CC88F09}" = Nero Video 11 Help (CHM) "{FB714F13-10C9-48DB-91C9-DDBCCCBF9370}" = VAIO Original Screen Saver VAIO Cozy Screen SD Wide Contents "{FC37C108-821D-4EDE-8F40-D5B497586805}" = VAIO Control Center "{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe "{FF44BCE5-5A18-4051-85F0-BC172D7B4695}" = Nero CoverDesigner 11 "7-Zip" = 7-Zip 9.20 "Adobe Acrobat 7.0 Elements - Deutsch" = Adobe Acrobat 7.0 Elements - Deutsch "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Adobe Photoshop Elements 4" = Adobe Photoshop Elements 4.0 "Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.17 "CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_20030003" = HDAUDIO SoftV92 Data Fax Modem with SmartCP "Digital Editions" = Adobe Digital Editions "ESET Online Scanner" = ESET Online Scanner v3 "Exact Audio Copy" = Exact Audio Copy 1.0beta3 "Exif-Viewer" = Exif-Viewer 2.51 "FastStone Photo Resizer" = FastStone Photo Resizer 3.1 "F-Secure Product 444" = F-Secure Internet Security 2009 "GIMP-2_is1" = GIMP 2.8.0 "Hardcopy(G__hardcopy)" = Hardcopy (G:\hardcopy) "HxD Hex Editor_is1" = HxD Hex Editor Version 1.7.7.0 "ie8" = Windows Internet Explorer 8 "Inkscape" = Inkscape 0.48.2 "InstallShield_{15803703-25FA-4C01-A062-3F4A59937E87}" = Ulead PhotoImpact X3 "InstallShield_{668B1BD6-4593-4959-970E-249AFFE6F35C}" = VAIO-Online-Registrierung (Deutsch) "InstallShield_{9080C5D2-82FA-452A-87FA-CBB4B05D67A5}" = VAIO Product Survey "InstallShield_{F5E4C38C-73BC-4D44-8BFC-969C2B4DABCA}" = OpenMG Secure Module 4.3.00 "MAGIX Xtreme Druck Center D" = MAGIX Xtreme Druck Center 5.0.0.7399 (D) "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100 "Mein CEWE FOTOBUCH" = Mein CEWE FOTOBUCH "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "Microsoft .NET Framework 2.0 Language Pack - DEU" = Microsoft .NET Framework 2.0 Language Pack - DEU "Microsoft .NET Framework 3.0 German Language Pack" = Microsoft .NET Framework 3.0 German Language Pack "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "MouseSuite98" = Sony USB Mouse "Mozilla Firefox 18.0 (x86 de)" = Mozilla Firefox 18.0 (x86 de) "MozillaMaintenanceService" = Mozilla Maintenance Service "MP4 To MP3 Converter_is1" = MP4 To MP3 Converter V3.0.4 "Multiple Image Resizer .NET 4" = Multiple Image Resizer .NET 4 "My Club VAIO Media Center Edition_is1" = My Club VAIO MCE (German) 1.0.1 "net.tw.air.ShrinkOMatic.7C34F9BA9FAD6689FAABBE85F1F5B46BA5A32DE5.1" = Shrink O’Matic "Notepad++" = Notepad++ "NVIDIA Drivers" = NVIDIA Drivers "OpenMG HotFix4.3-05-09-14-01" = OpenMG Limited Patch 4.3-05-10-05-01 "PremElem20" = Adobe Premiere Elements 2.0 "ProInst" = Intel(R) PROSet/Wireless Software "PROSet" = Intel(R) PRO Network Connections Drivers "ShiftN_is1" = ShiftN 3.6.1 "Software Informer_is1" = Software Informer 1.1 "STRATO HiDrive" = STRATO HiDrive (remove only) "The GodFather" = The GodFather "Ubuntu One 4.0.0" = Ubuntu One "UnderCoverXP_is1" = UnderCoverXP 1.23 "VLC media player" = VLC media player 2.0.4 "WD Link" = WD Link "WIC" = Windows Imaging Component "Windows Media Format Runtime" = Windows Media Format Runtime "Windows XP Service Pack" = Windows XP Service Pack 3 "XpsEPSC" = XML Paper Specification Shared Components Pack 1.0 "XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0 ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-2067509887-573568312-3817669188-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "TwonkyServer" = Twonky 7 ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 21.07.2012 16:55:28 | Computer Name = LAPTOP-PC | Source = Application Hang | ID = 1002 Description = Stillstehende Anwendung firefox.exe, Version 13.0.1.4548, Stillstandmodul hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000. Error - 21.07.2012 18:22:07 | Computer Name = LAPTOP-PC | Source = Application Hang | ID = 1002 Description = Stillstehende Anwendung firefox.exe, Version 13.0.1.4548, Stillstandmodul hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000. Error - 21.07.2012 18:27:20 | Computer Name = LAPTOP-PC | Source = Application Hang | ID = 1002 Description = Stillstehende Anwendung firefox.exe, Version 13.0.1.4548, Stillstandmodul hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000. Error - 23.07.2012 14:08:02 | Computer Name = LAPTOP-PC | Source = Application Error | ID = 1000 Description = Fehlgeschlagene Anwendung FlashPlayerUpdateService.exe, Version 11.3.300.265, fehlgeschlagenes Modul ntdll.dll, Version 5.1.2600.6055, Fehleradresse 0x000113c0. Error - 31.07.2012 16:08:18 | Computer Name = LAPTOP-PC | Source = Application Error | ID = 1000 Description = Fehlgeschlagene Anwendung FlashPlayerUpdateService.exe, Version 11.3.300.268, fehlgeschlagenes Modul ntdll.dll, Version 5.1.2600.6055, Fehleradresse 0x000113c0. [ System Events ] Error - 16.01.2013 07:57:17 | Computer Name = LAPTOP-PC | Source = DCOM | ID = 10010 Description = Der Server "{4B635ECB-0887-4015-8CA6-D621362F98D1}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden. Error - 16.01.2013 07:58:53 | Computer Name = LAPTOP-PC | Source = DCOM | ID = 10010 Description = Der Server "{4B635ECB-0887-4015-8CA6-D621362F98D1}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden. Error - 16.01.2013 08:00:23 | Computer Name = LAPTOP-PC | Source = DCOM | ID = 10010 Description = Der Server "{4B635ECB-0887-4015-8CA6-D621362F98D1}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden. Error - 16.01.2013 08:01:53 | Computer Name = LAPTOP-PC | Source = DCOM | ID = 10010 Description = Der Server "{4B635ECB-0887-4015-8CA6-D621362F98D1}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden. Error - 16.01.2013 08:03:23 | Computer Name = LAPTOP-PC | Source = DCOM | ID = 10010 Description = Der Server "{4B635ECB-0887-4015-8CA6-D621362F98D1}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden. Error - 16.01.2013 08:09:02 | Computer Name = LAPTOP-PC | Source = DCOM | ID = 10010 Description = Der Server "{4B635ECB-0887-4015-8CA6-D621362F98D1}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden. Error - 16.01.2013 08:10:32 | Computer Name = LAPTOP-PC | Source = DCOM | ID = 10010 Description = Der Server "{4B635ECB-0887-4015-8CA6-D621362F98D1}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden. Error - 16.01.2013 08:12:02 | Computer Name = LAPTOP-PC | Source = DCOM | ID = 10010 Description = Der Server "{4B635ECB-0887-4015-8CA6-D621362F98D1}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden. Error - 16.01.2013 08:13:32 | Computer Name = LAPTOP-PC | Source = DCOM | ID = 10010 Description = Der Server "{4B635ECB-0887-4015-8CA6-D621362F98D1}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden. Error - 16.01.2013 08:15:02 | Computer Name = LAPTOP-PC | Source = DCOM | ID = 10010 Description = Der Server "{4B635ECB-0887-4015-8CA6-D621362F98D1}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden. < End of report > |
16.01.2013, 13:51 | #24 |
| GVU-Trojaner erkannt und z. T. gelöscht Hallo Cosinus, zuerst habe ich alle offenen Programme und Browser geschlossen und dann mit einem Doppelklick die adwcleaner.exe gestartet. Nach einem Klick auf "Löschen" und Bestätigung jeweils mit "OK" startete der Rechner neu und es öffnete sich die beigefügte Textdatei. Danach war eine Kontrolle mit OTL durchzuführen mittels Doppelklick auf die OTL.exe. Vorab war ein Haken bei "Scanne alle Benutzer" zu setzen, minimaler Output und unter Extra Registry "Use Safelist" zu wählen. Der Scan wurde durch Klick auf Run gestartet. Die nach Beendigung des Scans erstellten 2 Logfiles sind in CODE-Tags in den Thread zu posten. Vielen Dank für Deine Bemühungen wolfk Logdatei AdwCleaner[Sx].txt Code:
ATTFilter # AdwCleaner v2.105 - Datei am 16/01/2013 um 13:05:39 erstellt # Aktualisiert am 08/01/2013 von Xplode # Betriebssystem : Microsoft Windows XP Service Pack 3 (32 bits) # Benutzer : Wolfgang - LAPTOP-PC # Bootmodus : Normal # Ausgeführt unter : C:\Dokumente und Einstellungen\Wolfgang\Desktop\adwcleaner.exe # Option [Löschen] **** [Dienste] **** ***** [Dateien / Ordner] ***** ***** [Registrierungsdatenbank] ***** Schlüssel Gelöscht : HKLM\Software\Description ***** [Internet Browser] ***** -\\ Internet Explorer v8.0.6001.18702 [OK] Die Registrierungsdatenbank ist sauber. ************************* AdwCleaner[R1].txt - [6833 octets] - [04/01/2013 17:52:17] AdwCleaner[R2].txt - [6172 octets] - [10/01/2013 21:49:37] AdwCleaner[R3].txt - [946 octets] - [15/01/2013 17:22:16] AdwCleaner[S2].txt - [6270 octets] - [11/01/2013 00:14:37] AdwCleaner[S3].txt - [880 octets] - [16/01/2013 13:05:39] ########## EOF - C:\AdwCleaner[S3].txt - [939 octets] ########## Code:
ATTFilter OTL logfile created on: 16.01.2013 13:31:37 - Run 5 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Dokumente und Einstellungen\Wolfgang\Desktop Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,10 Gb Available Physical Memory | 55,19% Memory free 3,85 Gb Paging File | 2,96 Gb Available in Paging File | 76,85% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 48,83 Gb Total Space | 25,39 Gb Free Space | 51,99% Space Free | Partition Type: NTFS Drive D: | 140,58 Gb Total Space | 125,15 Gb Free Space | 89,03% Space Free | Partition Type: FAT32 Drive F: | 48,83 Gb Total Space | 35,30 Gb Free Space | 72,30% Space Free | Partition Type: NTFS Drive G: | 75,89 Gb Total Space | 68,83 Gb Free Space | 90,70% Space Free | Partition Type: NTFS Drive J: | 50,27 Gb Total Space | 50,26 Gb Free Space | 100,00% Space Free | Partition Type: FAT32 Drive N: | 465,73 Gb Total Space | 115,08 Gb Free Space | 24,71% Space Free | Partition Type: NTFS Computer Name: LAPTOP-PC | User Name: Wolfgang | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - G:\Programme\mozilla firefox\firefox.exe (Mozilla Corporation) PRC - G:\Eigene Programme\F-Secure\Anti-Virus\fsav32.exe (F-Secure Corporation) PRC - G:\Eigene Programme\F-Secure\Anti-Virus\fssm32.exe (F-Secure Corporation) PRC - G:\Eigene Programme\F-Secure\Anti-Virus\fsgk32.exe (F-Secure Corporation) PRC - C:\Dokumente und Einstellungen\Wolfgang\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\Box Sync\BoxSyncHelper.exe (Box, Inc.) PRC - C:\Programme\Box Sync\BoxSync.exe (Box, Inc.) PRC - C:\Programme\ubuntuone\dist\ubuntu-sso-login.exe () PRC - C:\Programme\ubuntuone\dist\ubuntuone-syncdaemon.exe () PRC - C:\Programme\ubuntuone\dist\ubuntuone-proxy-tunnel.exe () PRC - C:\Programme\ubuntuone\dist\ubuntuone-control-panel-qt.exe () PRC - C:\Programme\Twonky\TwonkyServer\twonkyproxy.exe () PRC - C:\Programme\Twonky\TwonkyServer\twonkywebdav.exe () PRC - C:\Programme\Twonky\TwonkyServer\twonkytray.exe (PacketVideo) PRC - C:\Programme\Java\jre7\bin\jqs.exe (Oracle Corporation) PRC - G:\Programme\PDF24\pdf24.exe (Geek Software GmbH) PRC - G:\Programme\Notepad++\notepad++.exe (Don HO don.h@free.fr) PRC - C:\Programme\Gemeinsame Dateien\Java\Java Update\jucheck.exe (Sun Microsystems, Inc.) PRC - C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) PRC - G:\Eigene Programme\F-Secure\ORSP Client\fsorsp.exe (F-Secure Corporation) PRC - G:\hardcopy\hardcopy.exe (sw4you, Siegfried Weckmann) PRC - C:\Programme\Sony\VAIO Update 5\VAIOUpdt.exe (Sony Corporation) PRC - C:\Programme\Sony\VAIO Update Common\VUAgent.exe (Sony Corporation) PRC - G:\Programme\STRATO AG\STRATO HiDrive\STRATO HiDrive Service.exe (STRATO) PRC - C:\Programme\Software Informer\softinfo.exe (Informer Technologies, Inc.) PRC - C:\Programme\Nero\Update\NASvc.exe (Nero AG) PRC - G:\Eigene Programme\F-Secure\Common\FSM32.EXE (F-Secure Corporation) PRC - G:\Eigene Programme\F-Secure\Common\FSMA32.EXE (F-Secure Corporation) PRC - G:\Eigene Programme\F-Secure\Common\FSHDLL32.EXE (F-Secure Corporation) PRC - G:\Eigene Programme\F-Secure\FWES\program\fsdfwd.exe (F-Secure Corporation) PRC - G:\Eigene Programme\F-Secure\Anti-Virus\fsgk32st.exe (F-Secure Corporation) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Gemeinsame Dateien\Ulead Systems\AutoDetector\Monitor.exe (Ulead Systems, Inc.) PRC - C:\Programme\Sony\VAIO Camera Utility\VCUServe.exe (Sony Corporation) PRC - C:\Programme\Sony\VAIO Power Management\SPMgr.exe (Sony Corporation) PRC - C:\Programme\Sony\Wireless Switch Setting Utility\Switcher.exe (Sony Corporation) PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.) PRC - C:\Programme\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe () PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe (TOSHIBA CORPORATION.) PRC - C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe (Sony Corporation) PRC - C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe (Sony Corporation) PRC - C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe (Sony Corporation) PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe (TOSHIBA CORPORATION.) PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe (TOSHIBA CORPORATION.) PRC - C:\Programme\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation) PRC - C:\Programme\Adobe\Acrobat 7.0\Distillr\acrotray.exe (Adobe Systems Inc.) PRC - C:\Programme\Apoint\Apoint.exe (Alps Electric Co., Ltd.) PRC - C:\Programme\Apoint\ApntEx.exe (Alps Electric Co., Ltd.) PRC - C:\Programme\Sony\ISB Utility\ISBMgr.exe (Sony Corporation) PRC - C:\WINDOWS\system32\ico.exe (Primax Electronics Ltd.) ========== Modules (No Company Name) ========== MOD - G:\Programme\mozilla firefox\mozjs.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\BoxSyncHelper\69a33ca4d86dd204a06bebc087d60b26\BoxSyncHelper.ni.exe () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Newtonsoft.Json.Net#\ad7f1ab6eb4d4760d6a44da93a726174\Newtonsoft.Json.Net20.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Python.Runtime\e504461905e60c71e7b15698bca2b340\Python.Runtime.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Management\1a6f9e23985e3159e6dd9827fd81c2fd\System.Management.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\ZetaLongPaths\79a6c14accd5a637a81f08525630c90e\ZetaLongPaths.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\BoxUtils\8fcb0e3bc42873044d8bb5ba01a4fd68\BoxUtils.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\BoxSync\a3b01b2b9821350be75712b900bf5589\BoxSync.ni.exe () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\5f287bf8e66e3b9bfc5562ad7e3c7857\System.Configuration.Install.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\d8e6b9c70a9456677c5d746fa603013f\System.Web.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\d7a2248a76f0e94d56c92c5bf96f5175\System.Runtime.Remoting.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Transactions\ad737988d5bde126a3b7770eacc51e5b\System.Transactions.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data\8462c03b4f10c4624feb95790d6d1e30\System.Data.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Accessibility\cbee94ec6a0fe649e3b4643cea6e1259\Accessibility.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\4c91371e83d124ecb39664613e7e0417\System.Windows.Forms.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\7782f356a838c403b4a8e9c80df5a577\System.Drawing.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Security\203f25ba39b45027d2d0c8f849a471db\System.Security.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\d8f621506aee1c8eb8fdb948d4640dca\System.Data.SqlXml.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\fe025743210c22bea2f009e1612c38bf\System.Xml.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\96b7a0136e9e72e8f4eb0230c20766d2\System.Configuration.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\aeac298c43c77d8860db8e7634d9f2eb\System.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\eab2340ead8e1a84bdf1a87868659979\mscorlib.ni.dll () MOD - C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll () MOD - C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll () MOD - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.DEU () MOD - C:\Programme\ubuntuone\dist\ubuntu-sso-login.exe () MOD - C:\Programme\ubuntuone\dist\ubuntuone-syncdaemon.exe () MOD - C:\Programme\ubuntuone\dist\ubuntuone-proxy-tunnel.exe () MOD - C:\Programme\ubuntuone\dist\ubuntuone-control-panel-qt.exe () MOD - C:\Programme\Twonky\TwonkyServer\twonkyproxy.exe () MOD - C:\Programme\Twonky\TwonkyServer\twonkywebdav.exe () MOD - C:\Programme\ubuntuone\dist\zope.interface._zope_interface_coptimizations.pyd () MOD - C:\Programme\ubuntuone\dist\OpenSSL.crypto.pyd () MOD - C:\Programme\ubuntuone\dist\OpenSSL.SSL.pyd () MOD - C:\Programme\ubuntuone\dist\OpenSSL.rand.pyd () MOD - C:\Programme\ubuntuone\dist\Crypto.Cipher.AES.pyd () MOD - C:\Programme\ubuntuone\dist\twisted.python._initgroups.pyd () MOD - C:\Programme\Box Sync\_ssl.pyd () MOD - C:\Programme\Box Sync\unicodedata.pyd () MOD - C:\Programme\Box Sync\sqlite3.dll () MOD - C:\Programme\Box Sync\_hashlib.pyd () MOD - C:\Programme\Box Sync\pyexpat.pyd () MOD - C:\Programme\Box Sync\win32file.pyd () MOD - C:\Programme\Box Sync\pywintypes27.dll () MOD - C:\Programme\Box Sync\win32security.pyd () MOD - C:\Programme\Box Sync\win32api.pyd () MOD - C:\Programme\Box Sync\_elementtree.pyd () MOD - C:\Programme\Box Sync\_ctypes.pyd () MOD - C:\Programme\Box Sync\_sqlite3.pyd () MOD - C:\Programme\Box Sync\_socket.pyd () MOD - C:\Programme\Box Sync\_testcapi.pyd () MOD - C:\Programme\Box Sync\_win32sysloader.pyd () MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Core\a2b1103ad3d9f329e0c9164994137c81\System.Core.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml\21071fcc838660d96f10920c4c3cd206\System.Xml.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Configuration\363b05dd092178671e56531a9c4999b6\System.Configuration.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System\3ff4657a86a0e14b4be577969e0ec762\System.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\mscorlib\52f4f785f7cf45a64606a8e13c8cf04c\mscorlib.ni.dll () MOD - C:\Programme\ubuntuone\dist\PyQt4.QtNetwork.pyd () MOD - C:\Programme\ubuntuone\dist\PyQt4.QtGui.pyd () MOD - C:\Programme\ubuntuone\dist\PyQt4.QtCore.pyd () MOD - C:\Programme\ubuntuone\dist\sip.pyd () MOD - G:\Eigene Programme\F-Secure\Anti-Virus\minifilter\hashlib_x86.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll () MOD - G:\hardcopy\HcDllS.dll () MOD - C:\Programme\ubuntuone\dist\_ssl.pyd () MOD - C:\Programme\ubuntuone\dist\_hashlib.pyd () MOD - C:\Programme\ubuntuone\dist\_ctypes.pyd () MOD - C:\Programme\ubuntuone\dist\select.pyd () MOD - C:\Programme\ubuntuone\dist\unicodedata.pyd () MOD - C:\Programme\ubuntuone\dist\_socket.pyd () MOD - G:\hardcopy\HcDLL2_36_Win32.dll () MOD - C:\Programme\ubuntuone\dist\win32com.shell.shell.pyd () MOD - C:\Programme\ubuntuone\dist\pythoncom27.dll () MOD - C:\Programme\ubuntuone\dist\win32gui.pyd () MOD - C:\Programme\ubuntuone\dist\win32api.pyd () MOD - C:\Programme\ubuntuone\dist\win32trace.pyd () MOD - C:\Programme\ubuntuone\dist\win32security.pyd () MOD - C:\Programme\ubuntuone\dist\win32process.pyd () MOD - C:\Programme\ubuntuone\dist\win32pipe.pyd () MOD - C:\Programme\ubuntuone\dist\win32event.pyd () MOD - C:\Programme\ubuntuone\dist\win32file.pyd () MOD - C:\Programme\ubuntuone\dist\pywintypes27.dll () MOD - G:\hardcopy\hardcopy_04.dll () MOD - G:\Programme\Notepad++\plugins\NppFTP.dll () MOD - G:\Programme\Notepad++\plugins\NppExport.dll () MOD - C:\WINDOWS\system32\sbe.dll () MOD - G:\Eigene Programme\F-Secure\Spam Control\fsas.dll () MOD - \\?\g:\eigene programme\f-secure\hips\fsumi.dll () MOD - G:\Eigene Programme\F-Secure\FSGUI\strres.eng () MOD - G:\Eigene Programme\F-Secure\FSGUI\gres.dll () MOD - G:\Eigene Programme\F-Secure\FSGUI\fsavures.eng () MOD - G:\Eigene Programme\F-Secure\FSGUI\flyerres.eng () MOD - G:\Eigene Programme\F-Secure\FSGUI\about.dll () MOD - G:\Eigene Programme\F-Secure\FSGUI\aboutres.dll () MOD - G:\Eigene Programme\F-Secure\Anti-Virus\fsavhres.eng () MOD - g:\Eigene Programme\F-Secure\DAAS2\daas2.dll () MOD - C:\WINDOWS\system32\msdmo.dll () MOD - C:\Programme\Gemeinsame Dateien\Ulead Systems\AutoDetector\DetMethod.dll () MOD - C:\WINDOWS\system32\msjetoledb40.dll () MOD - C:\Programme\Sony\VAIO Camera Utility\VCULib.dll () MOD - C:\Programme\Intel\Wireless\Bin\Libeay32.dll () MOD - C:\Programme\Intel\Wireless\Bin\iWMSProv.dll () MOD - C:\Programme\Intel\Wireless\Bin\IntStngs.dll () MOD - C:\Programme\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe () MOD - C:\WINDOWS\system32\TosCommAPI.dll () MOD - C:\Programme\Sony\VAIO Event Service\VESBasePS.dll () MOD - C:\Programme\Adobe\Acrobat 7.0\Distillr\AdistRes.DEU () MOD - C:\WINDOWS\system32\TosBtHcrpAPI.dll () ========== Services (SafeList) ========== SRV - (HidServ) -- %SystemRoot%\System32\hidserv.dll File not found SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (TwonkyProxy) -- C:\Programme\Twonky\TwonkyServer\twonkyproxy.exe () SRV - (TwonkyWebDav) -- C:\Programme\Twonky\TwonkyServer\twonkywebdav.exe () SRV - (JavaQuickStarterService) -- C:\Programme\Java\jre7\bin\jqs.exe (Oracle Corporation) SRV - (FSORSPClient) -- G:\Eigene Programme\F-Secure\ORSP Client\fsorsp.exe (F-Secure Corporation) SRV - (VUAgent) -- C:\Programme\Sony\VAIO Update Common\VUAgent.exe (Sony Corporation) SRV - (STRATO HiDrive Service) -- G:\Programme\STRATO AG\STRATO HiDrive\STRATO HiDrive Service.exe (STRATO) SRV - (NAUpdate) -- C:\Programme\Nero\Update\NASvc.exe (Nero AG) SRV - (FSMA) -- G:\Eigene Programme\F-Secure\Common\FSMA32.EXE (F-Secure Corporation) SRV - (FSDFWD) -- G:\Eigene Programme\F-Secure\FWES\program\fsdfwd.exe (F-Secure Corporation) SRV - (F-Secure Gatekeeper Handler Starter) -- G:\Eigene Programme\F-Secure\Anti-Virus\fsgk32st.exe (F-Secure Corporation) SRV - (VAIOMediaPlatform-IntegratedServer-AppServer) -- C:\Programme\Sony\VAIO Media Integrated Server\VMISrv.exe (Sony Corporation) SRV - (VAIOMediaPlatform-IntegratedServer-UPnP) -- C:\Programme\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe (Sony Corporation) SRV - (VAIOMediaPlatform-IntegratedServer-HTTP) -- C:\Programme\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe (Sony Corporation) SRV - (VAIOMediaPlatform-Mobile-Gateway) -- C:\Programme\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe (Sony Corporation) SRV - (VAIO Entertainment TV Device Arbitration Service) -- C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe (Sony Corporation) SRV - (SSScsiSV) -- C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\SSScsiSV.exe (Sony Corporation) SRV - (AdobeActiveFileMonitor4.0) -- C:\Programme\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe () SRV - (VzCdbSvc) -- C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe (Sony Corporation) SRV - (VzFw) -- C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe (Sony Corporation) SRV - (Vcsw) -- C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe (Sony Corporation) SRV - (MSCSPTISRV) -- C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\MSCSPTISRV.exe (Sony Corporation) SRV - (PACSPTISVR) -- C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\PACSPTISVR.exe (Sony Corporation) SRV - (SPTISRV) -- C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\SPTISRV.exe (Sony Corporation) SRV - (Image Converter video recording monitor for VAIO Entertainment) -- C:\Programme\Sony\Image Converter 2\IcVzMon.exe (Sony Corporation) SRV - (VAIO Event Service) -- C:\Programme\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation) SRV - (VCI) -- C:\Programme\Sony\VAIO Cooperated Initialisation\VCI_svc.exe (Sony Corporation) ========== Driver Services (SafeList) ========== DRV - (WDICA) -- File not found DRV - (PDRFRAME) -- File not found DRV - (PDRELI) -- File not found DRV - (PDFRAME) -- File not found DRV - (PDCOMP) -- File not found DRV - (PCIDump) -- File not found DRV - (lbrtfdc) -- File not found DRV - (i2omgmt) -- File not found DRV - (esihdrv) -- C:\DOKUME~1\Wolfgang\LOKALE~1\Temp\esihdrv.sys File not found DRV - (Changer) -- File not found DRV - (catchme) -- C:\DOKUME~1\Wolfgang\LOKALE~1\Temp\catchme.sys File not found DRV - (F-Secure Gatekeeper) -- G:\Eigene Programme\F-Secure\Anti-Virus\minifilter\fsgk.sys () DRV - (fsbts) -- C:\WINDOWS\system32\drivers\fsbts.sys () DRV - (NBVol) -- C:\WINDOWS\system32\drivers\NBVol.sys (Nero AG) DRV - (NBVolUp) -- C:\WINDOWS\system32\drivers\NBVolUp.sys (Nero AG) DRV - (tap0901) -- C:\WINDOWS\system32\drivers\tap0901.sys (The OpenVPN Project) DRV - (F-Secure HIPS) -- G:\Eigene Programme\F-Secure\HIPS\drivers\fshs.sys (F-Secure Corporation) DRV - (FSFW) -- C:\WINDOWS\system32\drivers\fsdfw.sys (F-Secure Corporation) DRV - (F-Secure Filter) -- G:\Eigene Programme\F-Secure\Anti-Virus\win2k\fsfilter.sys () DRV - (F-Secure Recognizer) -- G:\Eigene Programme\F-Secure\Anti-Virus\win2k\fsrec.sys () DRV - (WDC_SAM) -- C:\WINDOWS\system32\drivers\wdcsam.sys (Western Digital Technologies) DRV - (SonyImgF) -- C:\WINDOWS\system32\drivers\SonyImgF.sys (Sony Corporation) DRV - (s24trans) -- C:\WINDOWS\system32\drivers\s24trans.sys (Intel Corporation) DRV - (w39n51) -- C:\WINDOWS\system32\drivers\w39n51.sys (Intel® Corporation) DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (SigmaTel, Inc.) DRV - (Tosrfusb) -- C:\WINDOWS\system32\drivers\tosrfusb.sys (TOSHIBA CORPORATION) DRV - (TosRfSnd) -- C:\WINDOWS\system32\drivers\tosrfsnd.sys (TOSHIBA Corporation) DRV - (usbvm321) -- C:\WINDOWS\system32\drivers\usbvm321.sys (Vimicro Corporation) DRV - (HSF_DPV) -- C:\WINDOWS\system32\drivers\HSF_DPV.sys (Conexant Systems, Inc.) DRV - (HSFHWAZL) -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys (Conexant Systems, Inc.) DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.) DRV - (Tosrfbd) -- C:\WINDOWS\system32\drivers\tosrfbd.sys (TOSHIBA CORPORATION) DRV - (Tosrfhid) -- C:\WINDOWS\system32\drivers\tosrfhid.sys (TOSHIBA Corporation.) DRV - (ti21sony) -- C:\WINDOWS\system32\drivers\ti21sony.sys (Texas Instruments) DRV - (SI3132) -- C:\WINDOWS\system32\drivers\SI3132.sys (Silicon Image, Inc.) DRV - (SiRemFil) -- C:\WINDOWS\system32\drivers\SiRemFil.sys (Silicon Image, Inc.) DRV - (tosporte) -- C:\WINDOWS\system32\drivers\tosporte.sys (TOSHIBA Corporation) DRV - (Tosrfbnp) -- C:\WINDOWS\system32\drivers\tosrfbnp.sys (TOSHIBA Corporation) DRV - (Tosrfcom) -- C:\WINDOWS\system32\drivers\tosrfcom.sys (TOSHIBA Corporation) DRV - (toshidpt) -- C:\WINDOWS\system32\drivers\toshidpt.sys (TOSHIBA Corporation.) DRV - (tosrfnds) -- C:\WINDOWS\system32\drivers\tosrfnds.sys (TOSHIBA Corporation.) DRV - (ApfiltrService) -- C:\WINDOWS\system32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.) DRV - (SiFilter) -- C:\WINDOWS\system32\drivers\SiWinAcc.sys (Silicon Image, Inc.) DRV - (DMICall) -- C:\WINDOWS\system32\drivers\DMICall.sys (Sony Corporation) DRV - (SNC) -- C:\WINDOWS\system32\drivers\SonyNC.sys (Sony Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.club-vaio.com/de/ IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.club-vaio.com/de/ IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-2067509887-573568312-3817669188-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKU\S-1-5-21-2067509887-573568312-3817669188-1006\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-2067509887-573568312-3817669188-1006\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-2067509887-573568312-3817669188-1006\..\SearchScopes\{0F9E37E5-7094-4B2A-BA63-45728792B28B}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=FKR&o=100000013&src=crm&q={searchTerms}&locale=&apn_ptnrs=2T&apn_dtid=YYYYYYYYDE&apn_uid=20f87da0-8a57-4582-a7cf-f83df4dd67e0&apn_sauid=E6103EC5-827E-45F3-9103-1CA704EF6625 IE - HKU\S-1-5-21-2067509887-573568312-3817669188-1006\..\SearchScopes\{AF0B3699-313C-47CE-B187-97C181997C92}: "URL" = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 IE - HKU\S-1-5-21-2067509887-573568312-3817669188-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "Ask.com" FF - prefs.js..browser.search.defaultenginename: "Ask.com" FF - prefs.js..browser.search.order.1: "Ask.com" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.startup.homepage: "hxxp://www.kottowski.de" FF - prefs.js..extensions.enabledAddons: spam%40trashmail.net:2.6.2 FF - prefs.js..extensions.enabledAddons: litmus-ff%40f-secure.com:1.10 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0 FF - prefs.js..keyword.URL: "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=FKR&o=100000013&locale=de_DE&apn_uid=20f87da0-8a57-4582-a7cf-f83df4dd67e0&apn_ptnrs=2T&apn_sauid=E6103EC5-827E-45F3-9103-1CA704EF6625&apn_dtid=YYYYYYYYDE&&q=" FF - prefs.js..network.proxy.type: 0 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Programme\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@Nero.com/KM: C:\PROGRA~1\GEMEIN~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.4: G:\Programme\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: G:\Programme\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101753.dll (Amazon.com, Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\litmus-ff@f-secure.com: G:\Eigene Programme\F-Secure\NRS\litmus-ff@f-secure.com [2013.01.03 20:18:32 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0\extensions\\Components: g:\programme\mozilla firefox\components [2013.01.10 20:43:04 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0\extensions\\Plugins: g:\programme\mozilla firefox\plugins [2012.06.10 19:48:52 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Wolfgang\Anwendungsdaten\Mozilla\Extensions [2012.12.02 20:03:37 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Wolfgang\Anwendungsdaten\Mozilla\Firefox\Profiles\jp8vstay.default\extensions [2012.10.24 21:55:03 | 000,000,000 | ---D | M] (Fotosketcher Toolbar) -- C:\Dokumente und Einstellungen\Wolfgang\Anwendungsdaten\Mozilla\Firefox\Profiles\jp8vstay.default\extensions\toolbar@ask.com [2012.12.02 20:03:37 | 000,217,069 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\Wolfgang\Anwendungsdaten\Mozilla\Firefox\Profiles\jp8vstay.default\extensions\spam@trashmail.net.xpi [2012.10.24 21:55:04 | 000,002,331 | ---- | M] () -- C:\Dokumente und Einstellungen\Wolfgang\Anwendungsdaten\Mozilla\Firefox\Profiles\jp8vstay.default\searchplugins\askcom.xml [2013.01.03 20:18:32 | 000,000,000 | ---D | M] ("urn:mozilla:install-manifest" em:creator="(c) 2007 by F-Secure" em:description="Browsing Protection Toolbar" em:homepageURL="hxxp://www.f-secure.com/" em:iconURL="chrome://litmus-ff/skin/logo.png" em:id="litmus-ff@f-secure.com" em:name="Browsing Protection" em:updateURL="https://10.70.0.25/fireup/update.rdf" em:version="1.10">) -- G:\EIGENE PROGRAMME\F-SECURE\NRS\LITMUS-FF@F-SECURE.COM O1 HOSTS File: ([2013.01.09 21:56:43 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Programme\Google\GoogleToolbar1.dll (Google Inc.) O2 - BHO: (Browsing Protection Class) - {C6867EB7-8350-4856-877F-93CF8AE3DC9C} - G:\Eigene Programme\F-Secure\NRS\iescript\baselitmus.dll (F-Secure Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Programme\Google\GoogleToolbar1.dll (Google Inc.) O3 - HKLM\..\Toolbar: (Browsing Protection Toolbar) - {265EEE8E-3228-44D3-AEA5-F7FDF5860049} - G:\Eigene Programme\F-Secure\NRS\iescript\baselitmus.dll (F-Secure Corporation) O3 - HKU\S-1-5-21-2067509887-573568312-3817669188-1006\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found. O3 - HKU\S-1-5-21-2067509887-573568312-3817669188-1006\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found. O3 - HKU\S-1-5-21-2067509887-573568312-3817669188-1006\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Programme\Google\GoogleToolbar1.dll (Google Inc.) O4 - HKLM..\Run: [Acrobat Assistant 7.0] C:\Programme\Adobe\Acrobat 7.0\Distillr\Acrotray.exe (Adobe Systems Inc.) O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [Apoint] C:\Programme\Apoint\Apoint.exe (Alps Electric Co., Ltd.) O4 - HKLM..\Run: [BoxSyncHelper] C:\Programme\Box Sync\BoxSyncHelper.exe (Box, Inc.) O4 - HKLM..\Run: [F-Secure Manager] G:\Eigene Programme\F-Secure\Common\FSM32.EXE (F-Secure Corporation) O4 - HKLM..\Run: [F-Secure TNB] G:\Eigene Programme\F-Secure\FSGUI\TNBUtil.exe (F-Secure Corporation) O4 - HKLM..\Run: [ISBMgr.exe] C:\Programme\Sony\ISB Utility\ISBMgr.exe (Sony Corporation) O4 - HKLM..\Run: [Mouse Suite 98 Daemon] C:\WINDOWS\System32\ico.exe (Primax Electronics Ltd.) O4 - HKLM..\Run: [NBAgent] C:\Programme\Nero\Nero 11\Nero BackItUp\NBAgent.exe (Nero AG) O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [PDFPrint] G:\Programme\PDF24\pdf24.exe (Geek Software GmbH) O4 - HKLM..\Run: [SonyPowerCfg] C:\Programme\Sony\VAIO Power Management\SPMgr.exe (Sony Corporation) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) O4 - HKLM..\Run: [Switcher.exe] C:\Programme\Sony\Wireless Switch Setting Utility\Switcher.exe (Sony Corporation) O4 - HKLM..\Run: [Ulead AutoDetector v2] C:\Programme\Gemeinsame Dateien\Ulead Systems\AutoDetector\Monitor.exe (Ulead Systems, Inc.) O4 - HKLM..\Run: [VAIO Update 5] C:\Programme\Sony\VAIO Update 5\VAIOUpdt.exe (Sony Corporation) O4 - HKLM..\Run: [VAIOCameraUtility] C:\Programme\Sony\VAIO Camera Utility\VCUServe.exe (Sony Corporation) O4 - HKU\S-1-5-21-2067509887-573568312-3817669188-1006..\Run: [Software Informer] C:\Programme\Software Informer\softinfo.exe (Informer Technologies, Inc.) O4 - HKU\S-1-5-21-2067509887-573568312-3817669188-1006..\Run: [Ubuntu One] C:\Programme\ubuntuone\dist\ubuntuone-syncdaemon.exe () O4 - HKU\S-1-5-21-2067509887-573568312-3817669188-1006..\Run: [Ubuntu One Icon] C:\Programme\ubuntuone\dist\ubuntuone-control-panel-qt.exe () O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Bluetooth Manager.lnk = C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe () O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Box Sync.lnk = C:\Programme\Box Sync\BoxSync.exe (Box, Inc.) O4 - Startup: C:\Dokumente und Einstellungen\Wolfgang\Startmenü\Programme\Autostart\Hardcopy.LNK = G:\hardcopy\hardcopy.exe (sw4you, Siegfried Weckmann) O4 - Startup: C:\Dokumente und Einstellungen\Wolfgang\Startmenü\Programme\Autostart\Twonky 7.1.lnk = C:\Programme\Twonky\TwonkyServer\twonkytray.exe (PacketVideo) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-2067509887-573568312-3817669188-1006\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-2067509887-573568312-3817669188-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\S-1-5-21-2067509887-573568312-3817669188-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-21-2067509887-573568312-3817669188-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: &Google-Suche - C:\Programme\Google\GoogleToolbar1.dll (Google Inc.) O8 - Extra context menu item: &Ins Deutsche übersetzen - C:\Programme\Google\GoogleToolbar1.dll (Google Inc.) O8 - Extra context menu item: Ähnliche Seiten - C:\Programme\Google\GoogleToolbar1.dll (Google Inc.) O8 - Extra context menu item: Im Cache gespeicherte Seite - C:\Programme\Google\GoogleToolbar1.dll (Google Inc.) O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Verweisseiten - C:\Programme\Google\GoogleToolbar1.dll (Google Inc.) O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_05\bin\NPJPI150_05.dll (Sun Microsystems, Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - G:\Eigene Programme\F-Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - G:\Eigene Programme\F-Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - G:\Eigene Programme\F-Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - G:\Eigene Programme\F-Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation) O15 - HKU\.DEFAULT\..Trusted Domains: sony-europe.com ([] in Lokales Intranet) O15 - HKU\.DEFAULT\..Trusted Domains: sony-europe.com ([]* in Vertrauenswürdige Sites) O15 - HKU\.DEFAULT\..Trusted Domains: sonystyle-europe.com ([] in Lokales Intranet) O15 - HKU\.DEFAULT\..Trusted Domains: sonystyle-europe.com ([]* in Vertrauenswürdige Sites) O15 - HKU\.DEFAULT\..Trusted Domains: vaio-link.com ([] in Lokales Intranet) O15 - HKU\.DEFAULT\..Trusted Domains: vaio-link.com ([]* in Vertrauenswürdige Sites) O15 - HKU\S-1-5-18\..Trusted Domains: sony-europe.com ([] in Lokales Intranet) O15 - HKU\S-1-5-18\..Trusted Domains: sony-europe.com ([]* in Vertrauenswürdige Sites) O15 - HKU\S-1-5-18\..Trusted Domains: sonystyle-europe.com ([] in Lokales Intranet) O15 - HKU\S-1-5-18\..Trusted Domains: sonystyle-europe.com ([]* in Vertrauenswürdige Sites) O15 - HKU\S-1-5-18\..Trusted Domains: vaio-link.com ([] in Lokales Intranet) O15 - HKU\S-1-5-18\..Trusted Domains: vaio-link.com ([]* in Vertrauenswürdige Sites) O15 - HKU\S-1-5-21-2067509887-573568312-3817669188-1006\..Trusted Domains: sony-europe.com ([]* in Trusted sites) O15 - HKU\S-1-5-21-2067509887-573568312-3817669188-1006\..Trusted Domains: sonystyle-europe.com ([]* in Trusted sites) O15 - HKU\S-1-5-21-2067509887-573568312-3817669188-1006\..Trusted Domains: vaio-link.com ([]* in Trusted sites) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab (Reg Error: Value error.) O16 - DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab (Java Plug-in 1.5.0_05) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D736588D-959B-4DE4-8835-3D3DDD703445}: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\VESWinlogon: DllName - (VESWinlogon.dll) - C:\WINDOWS\System32\VESWinlogon.dll (Sony Corporation) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: C:\WINDOWS\VAIO Sea Wallpaper TrueColor 1280x800.bmp O24 - Desktop BackupWallPaper: C:\WINDOWS\VAIO Sea Wallpaper TrueColor 1280x800.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2005.12.12 17:40:12 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - F:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2013.01.10 19:53:32 | 000,000,000 | -HSD | C] -- C:\RECYCLER [2013.01.10 01:04:17 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\mbar-1.01.0.1011 [2013.01.09 21:40:45 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Wolfgang\Anwendungsdaten\Opera [2013.01.09 21:31:25 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Wolfgang\Lokale Einstellungen\Anwendungsdaten\PCHealth [2013.01.08 22:49:57 | 000,000,000 | RHSD | C] -- C:\cmdcons [2013.01.08 22:46:23 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe [2013.01.08 22:46:23 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe [2013.01.08 22:46:22 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe [2013.01.08 22:46:22 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe [2013.01.08 22:45:53 | 000,000,000 | ---D | C] -- C:\Qoobox [2013.01.08 22:45:50 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\Wolfgang\Startmenü\Programme\Verwaltung [2013.01.08 22:45:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt [2013.01.08 22:41:04 | 005,019,950 | R--- | C] (Swearware) -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\ComboFix.exe [2013.01.06 17:50:24 | 002,213,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\tdsskiller.exe [2013.01.06 17:02:38 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\aswMBR.exe [2013.01.06 00:57:18 | 002,841,344 | ---- | C] (ESET) -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\SysInspector.exe [2013.01.04 18:58:43 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\OTL.exe [2013.01.03 21:53:20 | 000,000,000 | ---D | C] -- C:\Programme\ESET [2013.01.03 00:30:55 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Wolfgang\Anwendungsdaten\Malwarebytes [2013.01.03 00:30:32 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware [2013.01.03 00:30:29 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes [2013.01.03 00:30:25 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2013.01.03 00:30:25 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2013.01.02 22:16:19 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Wolfgang\Anwendungsdaten\F-Secure [2012.12.22 19:33:58 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Wolfgang\Startmenü\Programme\The GodFather [2012.12.22 01:54:27 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Wolfgang\Pictures - GT-P5100 [2012.12.22 00:34:45 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Wolfgang\Ubuntu One [2012.12.22 00:34:43 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Wolfgang\Lokale Einstellungen\Anwendungsdaten\ubuntuone [2012.12.22 00:34:31 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Wolfgang\Lokale Einstellungen\Anwendungsdaten\xdg [2012.12.22 00:34:31 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ubuntuone-storageprotocol [2012.12.22 00:34:31 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ubuntuone [2012.12.22 00:34:22 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Ubuntu One [2012.12.22 00:34:10 | 000,000,000 | ---D | C] -- C:\Programme\ubuntuone [2012.12.21 20:51:21 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Box Sync [2012.12.21 01:26:56 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen\Wolfgang\IECompatCache [2012.12.20 23:59:17 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Wolfgang\Lokale Einstellungen\Anwendungsdaten\IsolatedStorage [2012.12.20 23:57:37 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Western Digital [2012.12.20 23:37:20 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\WD Link [2012.12.20 21:16:52 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Wolfgang\Anwendungsdaten\TwonkyServer [2012.12.20 21:15:50 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\twonkyserver [2012.12.20 21:15:45 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Wolfgang\Startmenü\Programme\Twonky 7.1 [2012.12.20 21:15:32 | 000,000,000 | ---D | C] -- C:\Programme\Twonky [2012.12.20 20:39:37 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Wolfgang\Anwendungsdaten\MioNetApplet [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.01.16 13:38:15 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job [2013.01.16 13:08:00 | 000,041,156 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml [2013.01.16 13:07:39 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2013.01.16 13:07:37 | 2145,570,816 | -HS- | M] () -- C:\hiberfil.sys [2013.01.15 17:20:34 | 000,554,087 | ---- | M] () -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\adwcleaner.exe [2013.01.10 01:02:20 | 013,485,902 | ---- | M] () -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\mbar-1.01.0.1011.zip [2013.01.09 22:39:06 | 000,697,864 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe [2013.01.09 22:39:06 | 000,074,248 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl [2013.01.09 21:56:43 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts [2013.01.09 01:20:56 | 000,532,878 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat [2013.01.09 01:20:56 | 000,506,794 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2013.01.09 01:20:56 | 000,108,784 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat [2013.01.09 01:20:56 | 000,090,702 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2013.01.09 01:14:02 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2013.01.08 22:50:01 | 000,000,498 | RHS- | M] () -- C:\boot.ini [2013.01.08 22:40:54 | 005,019,950 | R--- | M] (Swearware) -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\ComboFix.exe [2013.01.07 23:24:51 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2013.01.06 17:50:28 | 002,213,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\tdsskiller.exe [2013.01.06 17:32:30 | 000,000,512 | ---- | M] () -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\MBR.dat [2013.01.06 17:03:30 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\aswMBR.exe [2013.01.06 06:33:34 | 006,009,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll [2013.01.06 00:57:24 | 002,841,344 | ---- | M] (ESET) -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\SysInspector.exe [2013.01.05 23:17:40 | 000,000,315 | ---- | M] () -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\F-Secure Health Check.url [2013.01.04 18:49:59 | 000,000,000 | ---- | M] () -- C:\Dokumente und Einstellungen\Wolfgang\defogger_reenable [2013.01.04 18:41:40 | 000,050,477 | ---- | M] () -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\Defogger.exe [2013.01.04 18:08:40 | 000,381,632 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2013.01.03 16:25:54 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\OTL.exe [2013.01.03 00:30:32 | 000,000,763 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk [2012.12.22 23:57:40 | 000,000,000 | ---- | M] () -- C:\1.htm [2012.12.22 23:39:23 | 000,007,026 | ---- | M] () -- C:\WINDOWS\cdplayer.ini [2012.12.22 19:40:20 | 000,000,609 | ---- | M] () -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\TheGodFather.lnk [2012.12.22 00:34:23 | 000,001,743 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Ubuntu One.lnk [2012.12.21 20:52:03 | 000,001,333 | ---- | M] () -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\My Box Files.lnk [2012.12.21 20:51:21 | 000,001,616 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Box Sync.lnk [2012.12.20 23:57:37 | 000,001,807 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\My Net View.lnk [2012.12.20 23:37:20 | 000,001,001 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\WD Link.lnk [2012.12.20 21:16:10 | 000,000,804 | ---- | M] () -- C:\Dokumente und Einstellungen\Wolfgang\Startmenü\Programme\Autostart\Twonky 7.1.lnk [2012.12.20 21:15:52 | 000,000,792 | ---- | M] () -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\Twonky 7.1.lnk [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.01.15 17:20:35 | 000,554,087 | ---- | C] () -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\adwcleaner.exe [2013.01.10 01:01:49 | 013,485,902 | ---- | C] () -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\mbar-1.01.0.1011.zip [2013.01.08 22:49:59 | 000,262,448 | RHS- | C] () -- C:\cmldr [2013.01.08 22:46:23 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe [2013.01.08 22:46:23 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe [2013.01.08 22:46:23 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe [2013.01.08 22:46:22 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe [2013.01.08 22:46:22 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe [2013.01.06 17:32:30 | 000,000,512 | ---- | C] () -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\MBR.dat [2013.01.05 23:17:40 | 000,000,315 | ---- | C] () -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\F-Secure Health Check.url [2013.01.04 18:49:59 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\Wolfgang\defogger_reenable [2013.01.04 18:41:44 | 000,050,477 | ---- | C] () -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\Defogger.exe [2013.01.03 00:30:32 | 000,000,763 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk [2012.12.22 23:57:05 | 000,000,000 | ---- | C] () -- C:\1.htm [2012.12.22 19:40:20 | 000,000,609 | ---- | C] () -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\TheGodFather.lnk [2012.12.22 00:34:23 | 000,001,743 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Ubuntu One.lnk [2012.12.21 20:51:21 | 000,001,616 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Box Sync.lnk [2012.12.20 23:57:37 | 000,001,807 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\My Net View.lnk [2012.12.20 23:37:20 | 000,001,001 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\WD Link.lnk [2012.12.20 21:16:10 | 000,000,804 | ---- | C] () -- C:\Dokumente und Einstellungen\Wolfgang\Startmenü\Programme\Autostart\Twonky 7.1.lnk [2012.12.20 21:15:52 | 000,000,792 | ---- | C] () -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\Twonky 7.1.lnk [2012.11.07 22:23:10 | 000,003,396 | ---- | C] () -- C:\Dokumente und Einstellungen\Wolfgang\Lokale Einstellungen\Anwendungsdaten\recently-used.xbel [2012.10.10 21:11:33 | 000,001,158 | ---- | C] () -- C:\Dokumente und Einstellungen\Wolfgang\Anwendungsdaten\ShiftN.ini [2012.10.01 23:04:30 | 000,345,366 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\WPFFontCache_v0400-S-1-5-21-2067509887-573568312-3817669188-1007-0.dat [2012.07.23 22:16:08 | 013,476,602 | ---- | C] () -- C:\Dokumente und Einstellungen\Wolfgang\ZDFneo-Der_Adler_-_Codename__Sisyphus-120705_adler_sisyphus_neo.asx.asf [2012.07.22 20:14:51 | 000,000,030 | ---- | C] () -- C:\WINDOWS\Iedit_.INI [2012.07.22 19:51:26 | 000,120,200 | ---- | C] () -- C:\WINDOWS\System32\DLLDEV32i.dll [2012.07.22 19:46:39 | 000,007,119 | ---- | C] () -- C:\WINDOWS\mgxoschk.ini [2012.06.28 15:06:13 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll [2012.06.28 01:39:10 | 000,891,902 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\WPFFontCache_v0400-S-1-5-21-2067509887-573568312-3817669188-1006-0.dat [2012.06.28 01:39:08 | 000,345,366 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\WPFFontCache_v0400-System.dat [2012.06.26 21:04:22 | 000,007,026 | ---- | C] () -- C:\WINDOWS\cdplayer.ini [2012.06.26 20:09:31 | 000,044,240 | ---- | C] () -- C:\WINDOWS\System32\drivers\fsbts.sys [2012.06.10 20:11:28 | 000,000,166 | ---- | C] () -- C:\Dokumente und Einstellungen\Wolfgang\Anwendungsdaten\wklnhst.dat [2012.06.10 16:58:38 | 000,004,608 | ---- | C] () -- C:\Dokumente und Einstellungen\Wolfgang\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.06.10 16:36:14 | 000,000,272 | ---- | C] () -- C:\Dokumente und Einstellungen\Wolfgang\Anwendungsdaten\.backup.dm [2012.06.09 21:25:28 | 000,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2012.06.09 21:16:26 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\Cpuinf32.dll [2012.06.09 21:12:07 | 000,000,059 | ---- | C] () -- C:\WINDOWS\WININIT.INI [2012.06.09 21:05:27 | 000,000,146 | ---- | C] () -- C:\Dokumente und Einstellungen\Wolfgang\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat ========== ZeroAccess Check ========== [2005.12.12 17:36:51 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shdocvw.dll -- [2012.04.20 20:29:44 | 001,510,400 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.02.09 11:51:44 | 000,473,600 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2008.04.14 03:22:32 | 000,273,920 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both < End of report > Code:
ATTFilter OTL Extras logfile created on: 16.01.2013 13:31:37 - Run 5 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Dokumente und Einstellungen\Wolfgang\Desktop Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,10 Gb Available Physical Memory | 55,19% Memory free 3,85 Gb Paging File | 2,96 Gb Available in Paging File | 76,85% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 48,83 Gb Total Space | 25,39 Gb Free Space | 51,99% Space Free | Partition Type: NTFS Drive D: | 140,58 Gb Total Space | 125,15 Gb Free Space | 89,03% Space Free | Partition Type: FAT32 Drive F: | 48,83 Gb Total Space | 35,30 Gb Free Space | 72,30% Space Free | Partition Type: NTFS Drive G: | 75,89 Gb Total Space | 68,83 Gb Free Space | 90,70% Space Free | Partition Type: NTFS Drive J: | 50,27 Gb Total Space | 50,26 Gb Free Space | 100,00% Space Free | Partition Type: FAT32 Drive N: | 465,73 Gb Total Space | 115,08 Gb Free Space | 24,71% Space Free | Partition Type: NTFS Computer Name: LAPTOP-PC | User Name: Wolfgang | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* .url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l [HKEY_USERS\S-1-5-21-2067509887-573568312-3817669188-1006\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- g:\programme\mozilla firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* exefile [open] -- "%1" %* htmlfile [edit] -- Reg Error: Key error. InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "G:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN) Directory [CEWE FOTOSCHAU] -- "G:\Programme\CEWE COLOR\Mein CEWE FOTOBUCH\CEWE FOTOSCHAU.exe" -d "%1" () Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [Mein CEWE FOTOBUCH] -- "G:\Programme\CEWE COLOR\Mein CEWE FOTOBUCH\Mein CEWE FOTOBUCH.exe" "%1" () Directory [PlayWithVLC] -- "G:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr] "Start" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService] "Start" = 2 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List] "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation) "%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation) "C:\Programme\Adobe\Photoshop Elements 4.0\AdobePhotoshopElementsMediaServer.exe" = C:\Programme\Adobe\Photoshop Elements 4.0\AdobePhotoshopElementsMediaServer.exe:*:Disabled:Adobe Photoshop Elements Media Server -- () "%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation) "C:\Programme\Twonky\TwonkyServer\twonkystarter.exe" = C:\Programme\Twonky\TwonkyServer\twonkystarter.exe:*:Enabled:TwonkyServer -- (PacketVideo) "C:\Programme\Twonky\TwonkyServer\twonkyserver.exe" = C:\Programme\Twonky\TwonkyServer\twonkyserver.exe:*:Enabled:TwonkyServer -- () "C:\Programme\ubuntuone\dist\ubuntuone-syncdaemon.exe" = C:\Programme\ubuntuone\dist\ubuntuone-syncdaemon.exe:*:Enabled:Ubuntu One -- () ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{00F8608F-BA6A-4B32-843A-1A568ACD1198}" = VAIO Sea Wallpaper "{013E1BA8-C815-4E27-BCB9-D6B1B2E24094}" = SonicStage Mastering Studio Audio Filter Custom Preset "{01E9B2FF-DAF4-4529-9CC9-2101625517C7}" = nero.prerequisites.msi "{01FDC9FC-4D4F-4DB0-ACD1-D3E8E1D52902}" = Sony MP4 Shared Library "{034DCAF9-96E7-4936-9A07-712F80B5181E}" = Nero RescueAgent 11 "{0673654C-5296-453B-9798-B61CD7E03FEB}" = SES Driver "{0713D1F9-DD77-42C1-8C7D-54D479E2E743}" = Nero SoundTrax 11 "{075473F5-846A-448B-BCB3-104AA1760205}" = Roxio DigitalMedia Data "{0D7A4289-99CF-4B8D-B812-86BE50A54552}" = Nero Video 11 "{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1 "{11C98E1A-EC91-4B38-B44C-C562292D8453}" = Adobe Premiere Elements 2.0 "{11D3EF85-63E1-4AE4-A7C1-9241BDB16B51}" = Nero ControlCenter 11 "{1417F599-1DBD-4499-9375-B2813E9F890C}" = VAIO Camera Utility "{14DC0059-00F1-4F62-BD1A-AB23CD51A95E}" = Adobe AIR "{15803703-25FA-4C01-A062-3F4A59937E87}" = Ulead PhotoImpact X3 "{1BEF9285-5530-426B-A5F1-5836B95C7EB1}" = VAIO Original Screen Saver "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{2063C2E8-3812-4BBD-9998-6610F80C1DD4}" = VAIO Media AC3 Decoder 1.0 "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe "{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 9 "{27337663-2619-11D4-99DC-0000F49094C7}" = Memory Stick Formatter "{28C70D19-6DE9-43EF-BFA3-342F4A11B727}" = LibreOffice 3.5 "{2A0F3EF9-68EE-49E9-A05B-ED5B82DF63E5}" = Wireless Switch Setting Utility "{2AEDC172-479F-47AE-8A48-A0524D4AED5B}_is1" = Inpaint 4.7 "{2CA7225D-CB12-462A-9DD1-50319E158BA5}" = Nero 11 PiP Effects Basic "{3248F0A8-6813-11D6-A77B-00B0D0150050}" = J2SE Runtime Environment 5.0 Update 5 "{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{390757AA-8830-43DC-AEE0-4E5B6F8439EB}" = Nero SoundTrax 11 Help (CHM) "{3966711E-1F98-4C9F-AE0B-6AD28137FE64}" = Multiple Image Resizer .NET 4 "{3B418709-D688-4E3A-BE0E-7D71FA84C948}" = Nero 11 PiP Effects 1 "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{4382FC76-8100-4951-8658-31834E625E88}" = Nero 11 Video Transitions 1 "{498A4E3D-562E-4129-8722-6DCAB12384AE}" = Windows Communication Foundation Language Pack - DEU "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{529125EF-E3AC-4B74-97E6-F688A7C0F1BF}" = Paint.NET v3.5.10 "{53F7746A-96AA-49A5-86B8-59989680DAC5}" = Nero Burning ROM 11 Help (CHM) "{55C2143E-FBA5-442F-9AFA-726FF068F39D}" = Nero CoverDesigner 11 Help (CHM) "{560F6B2E-F0DF-44E5-8190-A4A161F0E205}" = VAIO Media 5.0 "{57F80ECF-E27C-4EEE-AB58-E971BACE2639}" = Nero Recode 11 Help (CHM) "{5855C127-1F20-404D-B7FB-1FD84D7EAB5E}" = VAIO Media Redistribution 5.0 "{59452470-A902-477F-9338-9B88101681BD}" = Setting Utility Series "{5958CAC6-373E-402F-84FE-0A699AA920B9}" = LAN Setting Utility "{5A212B2D-140D-46F4-B625-2D1CA5A00594}" = Nero 11 Kwik Themes Basic "{5BEE8F1F-BD32-4553-8107-500439E43BD7}" = VAIO Update "{5E940FC7-90C4-8583-3DCB-A2C86224B726}" = Shrink O’Matic "{5E98FDD6-3672-4DBE-AB8B-2C9A0BED1382}" = Nero 11 Disc Menus 3 "{60356853-8141-8377-6786-288431479053}" = Jewel Empire-Hidden Secrets "{61D6E4FB-1A62-4EB1-BE56-929B00C155CF}" = Wireless LAN Starter "{63B8FB69-A1B6-425D-B67D-5257B7A1F663}" = Image Converter 2 Plus "{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update "{668B1BD6-4593-4959-970E-249AFFE6F35C}" = VOR "{685BCC47-B8EC-45EC-BBCE-77DF2451502C}" = DVgate Plus "{6AB2427E-A18F-4809-9A12-29F5EBABBB3A}" = Nero BackItUp 11 Help (CHM) "{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 "{6B1F20F2-6321-4669-A58C-33DF8E7517FF}" = VAIO Entertainment Platform "{7228FD8C-3B9E-4204-AE36-8A466107685B}" = Windows Workflow Foundation DE Language Pack "{785EB1D4-ECEC-4195-99B4-73C47E187721}" = VAIO Media Integrated Server 5.0 "{7DF2B5EE-2C16-4E86-9C71-8678068AD805}" = Nero 11 Disc Menus 2 "{7F9C9908-69E3-4474-A081-256F27995A18}" = My Net View "{8014FACB-1D1D-48C2-94AA-E29EE2E6B9CE}" = Nero WaveEditor 11 "{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 4.9.0 "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{8937FCB2-2FC6-4FC3-9FB5-DE2C92DB9C38}" = Microsoft .NET Framework 2.0 Language Pack - DEU "{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr "{8EDBA74D-0686-4C99-BFDD-F894678E5102}" = Adobe Common File Installer "{8FFC924C-ED06-44CB-8867-3CA778ECE903}" = Adobe Help Center 2.0 "{9080C5D2-82FA-452A-87FA-CBB4B05D67A5}" = VPS "{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD for VAIO "{9193490D-5229-4FC4-9BB9-A6D63C09574A}" = High-Definition Video Playback "{92DF2F1B-F63C-4D9A-B3E1-B2D11AE29790}" = Windows Presentation Foundation Language Pack (DEU) "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9CC89556-3578-48DD-8408-04E66EBEF401}" = mXML "{9E319E96-ED8E-4B01-9775-C521A1869A25}" = VAIO Power Management "{9E407618-D9CD-4F39-9490-9ED45294073D}" = Click to DVD 2.0.03 Menu Data "{9FC86590-AC98-4845-80D4-3EB37B51947B}" = Nero 11 "{A0EB195B-5876-48E6-879D-33D4B2102610}" = SonicStage 3.3 "{A0F34849-D9AB-46DD-B1BE-BB0DB60B1FE8}" = Nero 11 Disc Menus 1 "{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}" = mDriver "{A2CDC001-F8B3-4C64-9E74-2E3FA0FAC9D9}" = Nero 11 Video Samples "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{A3810BEE-967B-41DC-9662-F941A3F7D689}" = calibre "{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio "{A4F6BE36-4826-45BA-A396-04F265A3B61D}" = Nero 11 Kwik Themes 2 "{A7A0BF2E-31CC-49E3-9913-52C503EB969D}" = Nero Audio Pack 1 "{AB2BBC64-8AC8-4E66-BBF3-E22D5EACEECA}" = Nero BackItUp 11 "{AB467B85-4F52-48C2-AEED-0673D00417B0}" = SonicStage Mastering Studio Audio Filter "{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Roxio DigitalMedia Audio "{ABBD2A2E-2424-4078-966F-F319A88D5F21}" = VAIO Starfish Wallpaper "{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.5) - Deutsch "{ACD6B383-EC5B-4000-A455-CCB308B447FE}" = Nero 11 Kwik Themes 4 "{AF9A04EB-7D8E-41DE-9EDE-4AB9BB2B71B6}" = VAIO Media Registration Tool 5.0 "{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Roxio DigitalMedia Copy "{B160A672-F326-4414-9BB0-A056C61B357C}" = Nero 11 Cliparts "{B1846721-A8E6-46C7-83B6-0DCF7ADB4267}" = Nero Burning ROM 11 "{B1F69AF3-B5B5-4CA5-ADC5-8A738EB6E574}" = Nero 11 Kwik Themes 1 "{B26E3B0D-C2FA-4370-B068-7C476766F029}" = Microsoft Works "{B3F1E526-180B-4480-9FEC-3E2DCB8EA9CE}" = F-Secure PSC Prerequisites "{B7C03E84-AF46-42F4-809D-D4127D9086D0}" = VAIO Edit Components 6.0 "{B9B1BA7F-7E07-49DD-A713-5B397A5BB66B}" = Nero Kwik Media Help (CHM) "{BA499CC0-12C0-4BA5-9007-76844B721158}" = Nero 11 Kwik Themes 3 "{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation "{BE56FEF0-1A0F-4719-B3AD-34B5087AFA6D}" = Sony Video Shared Library "{BE814218-3919-4EA3-868A-2F60BC135CB4}" = Nero Kwik Media "{BEBEE34D-84A2-4EDD-8BEA-96CC54371263}" = Nero Core Components 11 "{BF3B304B-8A18-452D-A19F-6012CA8418D7}" = SonicStage Mastering Studio 2.1 "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{C27BF761-C499-488D-A964-A3718BC6EC3E}" = DSD Direct "{C89EB8CD-675F-44F4-9729-4C9A8FAC2D4F}" = DSD Playback Plug-In 1.0 "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CCE210DF-7EEF-4A76-A63C-3EB091FDB992}" = welcome "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{CE518445-0054-44F8-8315-2AD45BF3701E}" = Raw Therapee V4.0.9.50 x86 "{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba "{D010EBB6-6CDB-4360-90ED-743156F3E11F}" = LibreOffice 3.5 Help Pack (German) "{D01CE99A-8802-483C-A79F-298B691EB432}" = Nero RescueAgent 11 Help (CHM) "{D2CBEFA4-F2D3-4E97-A171-8BFD6A31A5EC}" = Nero Express 11 Help (CHM) "{D2D23D08-D10E-43D6-883C-78E0B2AC9CC6}" = VU5x86 "{D4D66270-9147-4BDF-9946-FCA2B303AA8F}" = Nero ControlCenter 11 Help (CHM) "{E09B48B5-E141-427A-AB0C-D3605127224A}" = Microsoft SQL Server Desktop Engine (VAIO_VEDB) "{E10AAE4A-98B8-420A-BD93-E0520C23D624}" = Nero Express 11 "{E4715C25-7114-4F40-A915-C1951D4D7520}" = VAIO Update Merge Module x86 "{E51BC4B0-EA5E-49CC-AF3B-93B5C627EC22}" = Nero 11 Effects Basic "{E5E6E687-1031-0000-0000-000000000002}" = Adobe Acrobat 7.0 Elements - Deutsch "{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack "{E809063C-51A3-4269-8984-D1EB742F2151}" = Click to DVD 2.5.00 "{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore "{EB8DED20-A887-4A9C-BB5A-F3E7523DFB44}" = Nero WaveEditor 11 Help (CHM) "{EBB7C1C1-D439-4D9B-9FDC-954C10F266B0}" = Adobe Photoshop Elements 4.0 "{EE7EB179-5AA2-4B28-AC92-5CBAAF82BA7F}" = SonicStage Mastering Studio Plugins "{EF3D45BB-2260-4008-88EA-492E7744A9DF}" = Sony Utilities DLL "{F0AC2E59-2AD8-4D4C-8677-4EFE8F8AFC37}" = Box Sync "{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F0D85ADD-DD61-4B43-87A0-6DA52A211A8B}" = VAIO Event Service "{F2A7F421-1679-48D5-B918-96999014ED53}" = Microsoft .NET Framework 3.0 German Language Pack "{F3743A2C-5D5F-4456-8F98-5DF36A954C50}" = Nero 11 Image Samples "{F49EF443-B2BD-4F10-8A46-87AFCDB90EDD}" = Nero 11 Disc Menus Basic "{F5E4C38C-73BC-4D44-8BFC-969C2B4DABCA}" = OpenMG Secure Module 4.3.00 "{F69FB940-5031-4FE8-AFAD-085802D0BF63}" = Nero Recode 11 "{F8EF9B71-53E7-41F5-8E54-47B4C979CB38}" = Nero Backup Drivers "{FAC3C37E-EDAB-4F3A-A173-A7C70CC88F09}" = Nero Video 11 Help (CHM) "{FB714F13-10C9-48DB-91C9-DDBCCCBF9370}" = VAIO Original Screen Saver VAIO Cozy Screen SD Wide Contents "{FC37C108-821D-4EDE-8F40-D5B497586805}" = VAIO Control Center "{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe "{FF44BCE5-5A18-4051-85F0-BC172D7B4695}" = Nero CoverDesigner 11 "7-Zip" = 7-Zip 9.20 "Adobe Acrobat 7.0 Elements - Deutsch" = Adobe Acrobat 7.0 Elements - Deutsch "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Adobe Photoshop Elements 4" = Adobe Photoshop Elements 4.0 "Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.17 "CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_20030003" = HDAUDIO SoftV92 Data Fax Modem with SmartCP "Digital Editions" = Adobe Digital Editions "ESET Online Scanner" = ESET Online Scanner v3 "Exact Audio Copy" = Exact Audio Copy 1.0beta3 "Exif-Viewer" = Exif-Viewer 2.51 "FastStone Photo Resizer" = FastStone Photo Resizer 3.1 "F-Secure Product 444" = F-Secure Internet Security 2009 "GIMP-2_is1" = GIMP 2.8.0 "Hardcopy(G__hardcopy)" = Hardcopy (G:\hardcopy) "HxD Hex Editor_is1" = HxD Hex Editor Version 1.7.7.0 "ie8" = Windows Internet Explorer 8 "Inkscape" = Inkscape 0.48.2 "InstallShield_{15803703-25FA-4C01-A062-3F4A59937E87}" = Ulead PhotoImpact X3 "InstallShield_{668B1BD6-4593-4959-970E-249AFFE6F35C}" = VAIO-Online-Registrierung (Deutsch) "InstallShield_{9080C5D2-82FA-452A-87FA-CBB4B05D67A5}" = VAIO Product Survey "InstallShield_{F5E4C38C-73BC-4D44-8BFC-969C2B4DABCA}" = OpenMG Secure Module 4.3.00 "MAGIX Xtreme Druck Center D" = MAGIX Xtreme Druck Center 5.0.0.7399 (D) "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100 "Mein CEWE FOTOBUCH" = Mein CEWE FOTOBUCH "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "Microsoft .NET Framework 2.0 Language Pack - DEU" = Microsoft .NET Framework 2.0 Language Pack - DEU "Microsoft .NET Framework 3.0 German Language Pack" = Microsoft .NET Framework 3.0 German Language Pack "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "MouseSuite98" = Sony USB Mouse "Mozilla Firefox 18.0 (x86 de)" = Mozilla Firefox 18.0 (x86 de) "MozillaMaintenanceService" = Mozilla Maintenance Service "MP4 To MP3 Converter_is1" = MP4 To MP3 Converter V3.0.4 "Multiple Image Resizer .NET 4" = Multiple Image Resizer .NET 4 "My Club VAIO Media Center Edition_is1" = My Club VAIO MCE (German) 1.0.1 "net.tw.air.ShrinkOMatic.7C34F9BA9FAD6689FAABBE85F1F5B46BA5A32DE5.1" = Shrink O’Matic "Notepad++" = Notepad++ "NVIDIA Drivers" = NVIDIA Drivers "OpenMG HotFix4.3-05-09-14-01" = OpenMG Limited Patch 4.3-05-10-05-01 "PremElem20" = Adobe Premiere Elements 2.0 "ProInst" = Intel(R) PROSet/Wireless Software "PROSet" = Intel(R) PRO Network Connections Drivers "ShiftN_is1" = ShiftN 3.6.1 "Software Informer_is1" = Software Informer 1.1 "STRATO HiDrive" = STRATO HiDrive (remove only) "The GodFather" = The GodFather "Ubuntu One 4.0.0" = Ubuntu One "UnderCoverXP_is1" = UnderCoverXP 1.23 "VLC media player" = VLC media player 2.0.4 "WD Link" = WD Link "WIC" = Windows Imaging Component "Windows Media Format Runtime" = Windows Media Format Runtime "Windows XP Service Pack" = Windows XP Service Pack 3 "XpsEPSC" = XML Paper Specification Shared Components Pack 1.0 "XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0 ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-2067509887-573568312-3817669188-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "TwonkyServer" = Twonky 7 ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 21.07.2012 16:55:28 | Computer Name = LAPTOP-PC | Source = Application Hang | ID = 1002 Description = Stillstehende Anwendung firefox.exe, Version 13.0.1.4548, Stillstandmodul hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000. Error - 21.07.2012 18:22:07 | Computer Name = LAPTOP-PC | Source = Application Hang | ID = 1002 Description = Stillstehende Anwendung firefox.exe, Version 13.0.1.4548, Stillstandmodul hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000. Error - 21.07.2012 18:27:20 | Computer Name = LAPTOP-PC | Source = Application Hang | ID = 1002 Description = Stillstehende Anwendung firefox.exe, Version 13.0.1.4548, Stillstandmodul hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000. Error - 23.07.2012 14:08:02 | Computer Name = LAPTOP-PC | Source = Application Error | ID = 1000 Description = Fehlgeschlagene Anwendung FlashPlayerUpdateService.exe, Version 11.3.300.265, fehlgeschlagenes Modul ntdll.dll, Version 5.1.2600.6055, Fehleradresse 0x000113c0. Error - 31.07.2012 16:08:18 | Computer Name = LAPTOP-PC | Source = Application Error | ID = 1000 Description = Fehlgeschlagene Anwendung FlashPlayerUpdateService.exe, Version 11.3.300.268, fehlgeschlagenes Modul ntdll.dll, Version 5.1.2600.6055, Fehleradresse 0x000113c0. [ System Events ] Error - 16.01.2013 07:57:17 | Computer Name = LAPTOP-PC | Source = DCOM | ID = 10010 Description = Der Server "{4B635ECB-0887-4015-8CA6-D621362F98D1}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden. Error - 16.01.2013 07:58:53 | Computer Name = LAPTOP-PC | Source = DCOM | ID = 10010 Description = Der Server "{4B635ECB-0887-4015-8CA6-D621362F98D1}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden. Error - 16.01.2013 08:00:23 | Computer Name = LAPTOP-PC | Source = DCOM | ID = 10010 Description = Der Server "{4B635ECB-0887-4015-8CA6-D621362F98D1}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden. Error - 16.01.2013 08:01:53 | Computer Name = LAPTOP-PC | Source = DCOM | ID = 10010 Description = Der Server "{4B635ECB-0887-4015-8CA6-D621362F98D1}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden. Error - 16.01.2013 08:03:23 | Computer Name = LAPTOP-PC | Source = DCOM | ID = 10010 Description = Der Server "{4B635ECB-0887-4015-8CA6-D621362F98D1}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden. Error - 16.01.2013 08:09:02 | Computer Name = LAPTOP-PC | Source = DCOM | ID = 10010 Description = Der Server "{4B635ECB-0887-4015-8CA6-D621362F98D1}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden. Error - 16.01.2013 08:10:32 | Computer Name = LAPTOP-PC | Source = DCOM | ID = 10010 Description = Der Server "{4B635ECB-0887-4015-8CA6-D621362F98D1}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden. Error - 16.01.2013 08:12:02 | Computer Name = LAPTOP-PC | Source = DCOM | ID = 10010 Description = Der Server "{4B635ECB-0887-4015-8CA6-D621362F98D1}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden. Error - 16.01.2013 08:13:32 | Computer Name = LAPTOP-PC | Source = DCOM | ID = 10010 Description = Der Server "{4B635ECB-0887-4015-8CA6-D621362F98D1}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden. Error - 16.01.2013 08:15:02 | Computer Name = LAPTOP-PC | Source = DCOM | ID = 10010 Description = Der Server "{4B635ECB-0887-4015-8CA6-D621362F98D1}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden. < End of report > |
16.01.2013, 15:52 | #25 |
/// Winkelfunktion /// TB-Süch-Tiger™ | GVU-Trojaner erkannt und z. T. gelöschtFixen mit OTL
Code:
ATTFilter :OTL MOD - C:\Programme\vShare\vshare_toolbar.dll () MOD - C:\Programme\Windows iLivid Toolbar\ToolBar\searchqudtx.dll () SRV - (Winmgmt) -- C:\Users\User\wgsdgsdgdsgsd.exe File not found SRV - (SDWSCService) -- C:\Program Files\Spybot File not found SRV - (SDUpdateService) -- C:\Program Files\Spybot File not found SRV - (SDScannerService) -- C:\Program Files\Spybot File not found IE - HKLM\..\SearchScopes\{8A96AF9E-4074-43b7-BEA3-87217BDA7406}: "URL" = http://www.searchqu.com/web?src=ieb&systemid=406&q={searchTerms} IE - HKU\S-1-5-21-3015292610-3859147213-2815788766-1000\..\SearchScopes\{043C5167-00BB-4324-AF7E-62013FAEDACF}: "URL" = http://vshare.toolbarhome.com.anonymize-me.de/?anonymto=687474703A2F2F7673686172652E746F6F6C626172686F6D652E636F6D2F7365617263682E617370783F713D7B7365617263685465726D737D26737263683D647370&st={searchTerms}&clid=1d34d434-b538-4954-8725-2e21a19c401b&pid=winsoftware&k=0 IE - HKU\S-1-5-21-3015292610-3859147213-2815788766-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com.anonymize-me.de/?anonymto=687474703A2F2F7777772E62696E672E636F6D2F7365617263683F713D7B7365617263685465726D737D267372633D49452D536561726368426F7826464F524D3D494538535243&st={searchTerms}&clid=1d34d434-b538-4954-8725-2e21a19c401b&pid=winsoftware&k=0 IE - HKU\S-1-5-21-3015292610-3859147213-2815788766-1000\..\SearchScopes\{8A96AF9E-4074-43b7-BEA3-87217BDA7406}: "URL" = http://www.searchqu.com.anonymize-me.de/?anonymto=687474703A2F2F7777772E73656172636871752E636F6D2F7765623F7372633D6965622673797374656D69643D34303626713D7B7365617263685465726D737D&st={searchTerms}&clid=1d34d434-b538-4954-8725-2e21a19c401b&pid=winsoftware&k=0 IE - HKU\S-1-5-21-3015292610-3859147213-2815788766-1000\..\SearchScopes\{8C3FFAEA-8D30-45DC-8130-ACCC3EAFE8C5}: "URL" = http://www.myvideo.de.anonymize-me.de/?to=6D79766964656F2E6465&st={searchTerms}&clid=1d34d434-b538-4954-8725-2e21a19c401b&pid=winsoftware&mode=bounce&k=0 IE - HKU\S-1-5-21-3015292610-3859147213-2815788766-1000\..\SearchScopes\{A41F9BD5-8099-4C95-A6BD-5F29BC9EDE9E}: "URL" = http://search.ebay.de.anonymize-me.de/?to=656261792E6465&st={searchTerms}&clid=1d34d434-b538-4954-8725-2e21a19c401b&pid=winsoftware&mode=bounce&k=0 IE - HKU\S-1-5-21-3015292610-3859147213-2815788766-1000\..\SearchScopes\{BBC2C47B-A90A-49A1-B872-03D9EF581AAA}: "URL" = http://www.pricerunner.de.anonymize-me.de/?to=707269636572756E6E65722E6465&st={searchTerms}&clid=1d34d434-b538-4954-8725-2e21a19c401b&pid=winsoftware&mode=bounce&k=0 IE - HKU\S-1-5-21-3015292610-3859147213-2815788766-1000\..\SearchScopes\{C241842D-C18B-4927-962C-6E030D14110B}: "URL" = http://www.otto.de.anonymize-me.de/?to=6F74746F2E6465&st={searchTerms}&clid=1d34d434-b538-4954-8725-2e21a19c401b&pid=winsoftware&mode=bounce&k=0 IE - HKU\S-1-5-21-3015292610-3859147213-2815788766-1000\..\SearchScopes\{D1969390-1B2E-4274-8C03-3CA34A894085}: "URL" = http://de.wikipedia.org.anonymize-me.de/?to=64652E77696B6970656469612E6F7267&st={searchTerms}&clid=1d34d434-b538-4954-8725-2e21a19c401b&pid=winsoftware&mode=bounce&k=0 IE - HKU\S-1-5-21-3015292610-3859147213-2815788766-1000\..\SearchScopes\{F0A98150-2135-4DCF-AEA5-9C15D5E26FD6}: "URL" = http://www.amazon.de.anonymize-me.de/?to=616D617A6F6E2E6465&st={searchTerms}&clid=1d34d434-b538-4954-8725-2e21a19c401b&pid=winsoftware&mode=bounce&k=0 FF - prefs.js..extensions.enabledAddons: software%40loadtubes.com:1.01 [2012.05.03 19:12:04 | 000,000,000 | ---D | M] (loadtbs) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\wpp3pji7.default\extensions\software@loadtubes.com [2012.02.15 15:48:02 | 000,378,880 | ---- | M] (InfiniAd GmbH) -- C:\Program Files\mozilla firefox\plugins\npmieze.dll O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Programme\Windows iLivid Toolbar\ToolBar\searchqudtx.dll ()O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Programme\Windows iLivid Toolbar\ToolBar\searchqudtx.dll () O3 - HKLM\..\Toolbar: (loadtbs) - {DFEFCDEE-CF1A-4FC8-88AD-129872198372} - C:\Users\User\AppData\Roaming\loadtbs\toolbar.dll (InfiniAd GmbH) O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found. O3 - HKLM\..\Toolbar: (vShare Toolbar) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Programme\vShare\vshare_toolbar.dll () O3 - HKLM\..\Toolbar: (VShareToolBar) - {7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} - C:\Programme\vShare.tv plugin\BarLcher.dll (VShare Inc.) O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Programme\Windows iLivid Toolbar\ToolBar\searchqudtx.dll () O3 - HKLM\..\Toolbar: (loadtbs) - {DFEFCDEE-CF1A-4FC8-88AD-129872198372} - C:\Users\User\AppData\Roaming\loadtbs\toolbar.dll (InfiniAd GmbH) O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found. O3 - HKU\S-1-5-21-3015292610-3859147213-2815788766-1000\..\Toolbar\WebBrowser: (vShare Toolbar) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Programme\vShare\vshare_toolbar.dll () O3 - HKU\S-1-5-21-3015292610-3859147213-2815788766-1003\..\Toolbar\WebBrowser: (vShare Toolbar) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Programme\vShare\vshare_toolbar.dll () O3 - HKU\S-1-5-21-3015292610-3859147213-2815788766-1003\..\Toolbar\WebBrowser: (VShareToolBar) - {7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} - C:\Programme\vShare.tv plugin\BarLcher.dll (VShare Inc.) O18 - Protocol\Handler\vsharechrome {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - C:\Programme\vShare\vshare_toolbar.dll () O20 - AppInit_DLLs: (C:\PROGRA~1\WI3C8A~1\Datamngr\datamngr.dll) - C:\Programme\Windows iLivid Toolbar\Datamngr\datamngr.dll (Discordia, LTD) O20 - AppInit_DLLs: (C:\PROGRA~1\WI3C8A~1\Datamngr\IEBHO.dll) - C:\Programme\Windows iLivid Toolbar\Datamngr\IEBHO.dll (Discordia, LTD) O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found @Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:C64BF02A :Files C:\ProgramData\dsgsdgdsgdsgw.pad C:\Programme\Windows iLivid Toolbar C:\ProgramData\dsgsdgdsgdsgw.js :Files ipconfig /flushdns /c :Commands [purity] [emptytemp] [resethosts]
__________________ Logfiles bitte immer in CODE-Tags posten |
16.01.2013, 17:37 | #26 |
| GVU-Trojaner erkannt und z. T. gelöscht Hallo Cosinus, habe die OTL.exe gestartet und den Inhalt aus der Codebox in OTL in die Benutzerdefinierte Scans/Fixes Textbox kopiert. Benutzernamen waren nicht zu ändern. Der Fix Button wurde angeklickt, nach dem alle Programme und Fenster geschlossen waren. Nach erfolgtem Neustart befand sich das folgende Log auf dem Desktop (anbei). Vielen Dank für Deine enorm umfangreiche Arbeit. wolfk Code:
ATTFilter All processes killed ========== OTL ========== Error: Unable to stop service Winmgmt! Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Winmgmt deleted successfully. File C:\Users\User\wgsdgsdgdsgsd.exe File not found not found. Error: No service named SDWSCService was found to stop! Service\Driver key SDWSCService not found. File C:\Program Files\Spybot File not found not found. Error: No service named SDUpdateService was found to stop! Service\Driver key SDUpdateService not found. File C:\Program Files\Spybot File not found not found. Error: No service named SDScannerService was found to stop! Service\Driver key SDScannerService not found. File C:\Program Files\Spybot File not found not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{8A96AF9E-4074-43b7-BEA3-87217BDA7406}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8A96AF9E-4074-43b7-BEA3-87217BDA7406}\ not found. Registry key HKEY_USERS\S-1-5-21-3015292610-3859147213-2815788766-1000\Software\Microsoft\Internet Explorer\SearchScopes\{043C5167-00BB-4324-AF7E-62013FAEDACF}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{043C5167-00BB-4324-AF7E-62013FAEDACF}\ not found. Registry key HKEY_USERS\S-1-5-21-3015292610-3859147213-2815788766-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found. Registry key HKEY_USERS\S-1-5-21-3015292610-3859147213-2815788766-1000\Software\Microsoft\Internet Explorer\SearchScopes\{8A96AF9E-4074-43b7-BEA3-87217BDA7406}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8A96AF9E-4074-43b7-BEA3-87217BDA7406}\ not found. Registry key HKEY_USERS\S-1-5-21-3015292610-3859147213-2815788766-1000\Software\Microsoft\Internet Explorer\SearchScopes\{8C3FFAEA-8D30-45DC-8130-ACCC3EAFE8C5}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8C3FFAEA-8D30-45DC-8130-ACCC3EAFE8C5}\ not found. Registry key HKEY_USERS\S-1-5-21-3015292610-3859147213-2815788766-1000\Software\Microsoft\Internet Explorer\SearchScopes\{A41F9BD5-8099-4C95-A6BD-5F29BC9EDE9E}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A41F9BD5-8099-4C95-A6BD-5F29BC9EDE9E}\ not found. Registry key HKEY_USERS\S-1-5-21-3015292610-3859147213-2815788766-1000\Software\Microsoft\Internet Explorer\SearchScopes\{BBC2C47B-A90A-49A1-B872-03D9EF581AAA}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BBC2C47B-A90A-49A1-B872-03D9EF581AAA}\ not found. Registry key HKEY_USERS\S-1-5-21-3015292610-3859147213-2815788766-1000\Software\Microsoft\Internet Explorer\SearchScopes\{C241842D-C18B-4927-962C-6E030D14110B}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C241842D-C18B-4927-962C-6E030D14110B}\ not found. Registry key HKEY_USERS\S-1-5-21-3015292610-3859147213-2815788766-1000\Software\Microsoft\Internet Explorer\SearchScopes\{D1969390-1B2E-4274-8C03-3CA34A894085}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D1969390-1B2E-4274-8C03-3CA34A894085}\ not found. Registry key HKEY_USERS\S-1-5-21-3015292610-3859147213-2815788766-1000\Software\Microsoft\Internet Explorer\SearchScopes\{F0A98150-2135-4DCF-AEA5-9C15D5E26FD6}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F0A98150-2135-4DCF-AEA5-9C15D5E26FD6}\ not found. Prefs.js: software%40loadtubes.com:1.01 removed from extensions.enabledAddons Folder C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\wpp3pji7.default\extensions\software@loadtubes.com\ not found. File C:\Program Files\mozilla firefox\plugins\npmieze.dll not found. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99079a25-328f-4bd4-be04-00955acaa0a7}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\ not found. File C:\Programme\Windows iLivid Toolbar\ToolBar\searchqudtx.dll ()O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Programme\Windows iLivid Toolbar\ToolBar\searchqudtx.dll not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{DFEFCDEE-CF1A-4FC8-88AD-129872198372} not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DFEFCDEE-CF1A-4FC8-88AD-129872198372}\ not found. File C:\Users\User\AppData\Roaming\loadtbs\toolbar.dll not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{043C5167-00BB-4324-AF7E-62013FAEDACF} not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{043C5167-00BB-4324-AF7E-62013FAEDACF}\ not found. File C:\Programme\vShare\vshare_toolbar.dll not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5}\ not found. File C:\Programme\vShare.tv plugin\BarLcher.dll not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{99079a25-328f-4bd4-be04-00955acaa0a7} not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\ not found. File C:\Programme\Windows iLivid Toolbar\ToolBar\searchqudtx.dll not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{DFEFCDEE-CF1A-4FC8-88AD-129872198372} not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DFEFCDEE-CF1A-4FC8-88AD-129872198372}\ not found. File C:\Users\User\AppData\Roaming\loadtbs\toolbar.dll not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 not found. Registry key HKEY_USERS\S-1-5-21-3015292610-3859147213-2815788766-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{043C5167-00BB-4324-AF7E-62013FAEDACF}\ not found. File C:\Programme\vShare\vshare_toolbar.dll not found. Registry key HKEY_USERS\S-1-5-21-3015292610-3859147213-2815788766-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{043C5167-00BB-4324-AF7E-62013FAEDACF}\ not found. File C:\Programme\vShare\vshare_toolbar.dll not found. Registry key HKEY_USERS\S-1-5-21-3015292610-3859147213-2815788766-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5}\ not found. File C:\Programme\vShare.tv plugin\BarLcher.dll not found. File C:\Programme\vShare\vshare_toolbar.dll not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\vsharechrome\ not found. File C:\Programme\vShare\vshare_toolbar.dll not found. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls not found. File C:\Programme\Windows iLivid Toolbar\Datamngr\datamngr.dll not found. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls not found. File C:\Programme\Windows iLivid Toolbar\Datamngr\IEBHO.dll not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SDWinLogon\ not found. Unable to delete ADS C:\ProgramData\TEMP:C64BF02A . ========== FILES ========== File\Folder C:\ProgramData\dsgsdgdsgdsgw.pad not found. File\Folder C:\Programme\Windows iLivid Toolbar not found. File\Folder C:\ProgramData\dsgsdgdsgdsgw.js not found. ========== FILES ========== < ipconfig /flushdns /c > Windows-IP-Konfiguration Der DNS-Auflösungscache wurde geleert. C:\Dokumente und Einstellungen\Wolfgang\Desktop\cmd.bat deleted successfully. C:\Dokumente und Einstellungen\Wolfgang\Desktop\cmd.txt deleted successfully. ========== COMMANDS ========== [EMPTYTEMP] User: Administrator ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 67 bytes ->Flash cache emptied: 302 bytes User: All Users User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 32902 bytes ->Flash cache emptied: 56806 bytes User: LocalService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 32902 bytes ->Flash cache emptied: 492 bytes User: NetworkService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 32902 bytes User: Petra ->Temp folder emptied: 1569483009 bytes ->Temporary Internet Files folder emptied: 851111 bytes ->FireFox cache emptied: 447710438 bytes ->Flash cache emptied: 3624 bytes User: Wolfgang ->Temp folder emptied: 5181326 bytes ->Temporary Internet Files folder emptied: 909314 bytes ->FireFox cache emptied: 140551316 bytes ->Flash cache emptied: 188341 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 19569 bytes %systemroot%\System32 .tmp files removed: 2951 bytes %systemroot%\System32\dllcache .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 3914951 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 2.068,00 mb C:\WINDOWS\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully OTL by OldTimer - Version 3.2.69.0 log created on 01162013_172201 Files\Folders moved on Reboot... File\Folder C:\WINDOWS\temp\Perflib_Perfdata_6b0.dat not found! PendingFileRenameOperations files... Registry entries deleted on Reboot... |
17.01.2013, 09:33 | #27 |
/// Winkelfunktion /// TB-Süch-Tiger™ | GVU-Trojaner erkannt und z. T. gelöscht Eine Kontrolle mit OTL bitte:
__________________ Logfiles bitte immer in CODE-Tags posten |
17.01.2013, 14:00 | #28 |
| GVU-Trojaner erkannt und z. T. gelöscht Hallo Cosinus, hier nun die Kontrolle mit OTL: Gestartet wurde mit Doppelklick auf die OTL.exe., vorab war mittig der Haken bei "Scanne alle Benutzer" zu setzen. Ferner war minimaler Output und unter "Extra Registry" "Use SafeList" zu wählen. Das Programm startete, in dem links oben auf "Run Scan" geklickt wurde. Die nach Programmbeendigung erstellten 2 Logfiles sind in CODE-TAGS in den Thread zu posten (anbei). Vielen Dank für Deine Bemühungen. wolfk Code:
ATTFilter OTL logfile created on: 17.01.2013 13:49:18 - Run 6 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Dokumente und Einstellungen\Wolfgang\Desktop Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,10 Gb Available Physical Memory | 55,08% Memory free 3,85 Gb Paging File | 2,93 Gb Available in Paging File | 76,24% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 48,83 Gb Total Space | 27,39 Gb Free Space | 56,09% Space Free | Partition Type: NTFS Drive D: | 140,58 Gb Total Space | 125,15 Gb Free Space | 89,03% Space Free | Partition Type: FAT32 Drive F: | 48,83 Gb Total Space | 35,30 Gb Free Space | 72,30% Space Free | Partition Type: NTFS Drive G: | 75,89 Gb Total Space | 68,82 Gb Free Space | 90,68% Space Free | Partition Type: NTFS Drive J: | 50,27 Gb Total Space | 50,26 Gb Free Space | 100,00% Space Free | Partition Type: FAT32 Drive N: | 465,73 Gb Total Space | 115,08 Gb Free Space | 24,71% Space Free | Partition Type: NTFS Computer Name: LAPTOP-PC | User Name: Wolfgang | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - G:\Programme\mozilla firefox\firefox.exe (Mozilla Corporation) PRC - G:\Eigene Programme\F-Secure\Anti-Virus\fsav32.exe (F-Secure Corporation) PRC - G:\Eigene Programme\F-Secure\Anti-Virus\fssm32.exe (F-Secure Corporation) PRC - G:\Eigene Programme\F-Secure\Anti-Virus\fsgk32.exe (F-Secure Corporation) PRC - C:\Dokumente und Einstellungen\Wolfgang\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\Box Sync\BoxSyncHelper.exe (Box, Inc.) PRC - C:\Programme\Box Sync\BoxSync.exe (Box, Inc.) PRC - C:\Programme\ubuntuone\dist\ubuntu-sso-login.exe () PRC - C:\Programme\ubuntuone\dist\ubuntuone-syncdaemon.exe () PRC - C:\Programme\ubuntuone\dist\ubuntuone-proxy-tunnel.exe () PRC - C:\Programme\ubuntuone\dist\ubuntuone-control-panel-qt.exe () PRC - C:\Programme\Twonky\TwonkyServer\twonkyproxy.exe () PRC - C:\Programme\Twonky\TwonkyServer\twonkywebdav.exe () PRC - C:\Programme\Twonky\TwonkyServer\twonkytray.exe (PacketVideo) PRC - C:\Programme\Java\jre7\bin\jqs.exe (Oracle Corporation) PRC - G:\Programme\PDF24\pdf24.exe (Geek Software GmbH) PRC - G:\Programme\Notepad++\notepad++.exe (Don HO don.h@free.fr) PRC - C:\Programme\Gemeinsame Dateien\Java\Java Update\jucheck.exe (Sun Microsystems, Inc.) PRC - C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) PRC - G:\Eigene Programme\F-Secure\ORSP Client\fsorsp.exe (F-Secure Corporation) PRC - G:\hardcopy\hardcopy.exe (sw4you, Siegfried Weckmann) PRC - G:\Programme\STRATO AG\STRATO HiDrive\STRATO HiDrive Service.exe (STRATO) PRC - C:\Programme\Software Informer\softinfo.exe (Informer Technologies, Inc.) PRC - C:\Programme\Nero\Update\NASvc.exe (Nero AG) PRC - G:\Eigene Programme\F-Secure\Common\FSM32.EXE (F-Secure Corporation) PRC - G:\Eigene Programme\F-Secure\Common\FSMA32.EXE (F-Secure Corporation) PRC - G:\Eigene Programme\F-Secure\Common\FSHDLL32.EXE (F-Secure Corporation) PRC - G:\Eigene Programme\F-Secure\FWES\program\fsdfwd.exe (F-Secure Corporation) PRC - G:\Eigene Programme\F-Secure\Anti-Virus\fsgk32st.exe (F-Secure Corporation) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Gemeinsame Dateien\Ulead Systems\AutoDetector\Monitor.exe (Ulead Systems, Inc.) PRC - C:\Programme\Sony\VAIO Camera Utility\VCUServe.exe (Sony Corporation) PRC - C:\Programme\Sony\VAIO Power Management\SPMgr.exe (Sony Corporation) PRC - C:\Programme\Sony\Wireless Switch Setting Utility\Switcher.exe (Sony Corporation) PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.) PRC - C:\Programme\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe () PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe (TOSHIBA CORPORATION.) PRC - C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe (Sony Corporation) PRC - C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe (Sony Corporation) PRC - C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe (Sony Corporation) PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe (TOSHIBA CORPORATION.) PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe (TOSHIBA CORPORATION.) PRC - C:\Programme\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation) PRC - C:\Programme\Adobe\Acrobat 7.0\Distillr\acrotray.exe (Adobe Systems Inc.) PRC - C:\Programme\Apoint\Apoint.exe (Alps Electric Co., Ltd.) PRC - C:\Programme\Apoint\ApntEx.exe (Alps Electric Co., Ltd.) PRC - C:\Programme\Sony\ISB Utility\ISBMgr.exe (Sony Corporation) PRC - C:\WINDOWS\system32\ico.exe (Primax Electronics Ltd.) ========== Modules (No Company Name) ========== MOD - G:\Programme\mozilla firefox\mozjs.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\BoxSyncHelper\69a33ca4d86dd204a06bebc087d60b26\BoxSyncHelper.ni.exe () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Newtonsoft.Json.Net#\ad7f1ab6eb4d4760d6a44da93a726174\Newtonsoft.Json.Net20.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Python.Runtime\e504461905e60c71e7b15698bca2b340\Python.Runtime.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Management\1a6f9e23985e3159e6dd9827fd81c2fd\System.Management.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\ZetaLongPaths\79a6c14accd5a637a81f08525630c90e\ZetaLongPaths.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\BoxUtils\8fcb0e3bc42873044d8bb5ba01a4fd68\BoxUtils.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\BoxSync\a3b01b2b9821350be75712b900bf5589\BoxSync.ni.exe () MOD - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\5f287bf8e66e3b9bfc5562ad7e3c7857\System.Configuration.Install.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\d8e6b9c70a9456677c5d746fa603013f\System.Web.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\d7a2248a76f0e94d56c92c5bf96f5175\System.Runtime.Remoting.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Transactions\ad737988d5bde126a3b7770eacc51e5b\System.Transactions.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data\8462c03b4f10c4624feb95790d6d1e30\System.Data.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Accessibility\cbee94ec6a0fe649e3b4643cea6e1259\Accessibility.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\4c91371e83d124ecb39664613e7e0417\System.Windows.Forms.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\7782f356a838c403b4a8e9c80df5a577\System.Drawing.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Security\203f25ba39b45027d2d0c8f849a471db\System.Security.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\d8f621506aee1c8eb8fdb948d4640dca\System.Data.SqlXml.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\fe025743210c22bea2f009e1612c38bf\System.Xml.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\96b7a0136e9e72e8f4eb0230c20766d2\System.Configuration.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\aeac298c43c77d8860db8e7634d9f2eb\System.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\eab2340ead8e1a84bdf1a87868659979\mscorlib.ni.dll () MOD - C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll () MOD - C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll () MOD - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.DEU () MOD - C:\Programme\ubuntuone\dist\ubuntu-sso-login.exe () MOD - C:\Programme\ubuntuone\dist\ubuntuone-syncdaemon.exe () MOD - C:\Programme\ubuntuone\dist\ubuntuone-proxy-tunnel.exe () MOD - C:\Programme\ubuntuone\dist\ubuntuone-control-panel-qt.exe () MOD - C:\Programme\Twonky\TwonkyServer\twonkyproxy.exe () MOD - C:\Programme\Twonky\TwonkyServer\twonkywebdav.exe () MOD - C:\Programme\ubuntuone\dist\zope.interface._zope_interface_coptimizations.pyd () MOD - C:\Programme\ubuntuone\dist\OpenSSL.crypto.pyd () MOD - C:\Programme\ubuntuone\dist\OpenSSL.SSL.pyd () MOD - C:\Programme\ubuntuone\dist\OpenSSL.rand.pyd () MOD - C:\Programme\ubuntuone\dist\Crypto.Cipher.AES.pyd () MOD - C:\Programme\ubuntuone\dist\twisted.python._initgroups.pyd () MOD - C:\Programme\Box Sync\_ssl.pyd () MOD - C:\Programme\Box Sync\unicodedata.pyd () MOD - C:\Programme\Box Sync\sqlite3.dll () MOD - C:\Programme\Box Sync\_hashlib.pyd () MOD - C:\Programme\Box Sync\pyexpat.pyd () MOD - C:\Programme\Box Sync\win32file.pyd () MOD - C:\Programme\Box Sync\pywintypes27.dll () MOD - C:\Programme\Box Sync\win32security.pyd () MOD - C:\Programme\Box Sync\win32api.pyd () MOD - C:\Programme\Box Sync\_elementtree.pyd () MOD - C:\Programme\Box Sync\_ctypes.pyd () MOD - C:\Programme\Box Sync\_sqlite3.pyd () MOD - C:\Programme\Box Sync\_socket.pyd () MOD - C:\Programme\Box Sync\_testcapi.pyd () MOD - C:\Programme\Box Sync\_win32sysloader.pyd () MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Core\a2b1103ad3d9f329e0c9164994137c81\System.Core.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml\21071fcc838660d96f10920c4c3cd206\System.Xml.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Configuration\363b05dd092178671e56531a9c4999b6\System.Configuration.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System\3ff4657a86a0e14b4be577969e0ec762\System.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\mscorlib\52f4f785f7cf45a64606a8e13c8cf04c\mscorlib.ni.dll () MOD - C:\Programme\ubuntuone\dist\PyQt4.QtNetwork.pyd () MOD - C:\Programme\ubuntuone\dist\PyQt4.QtGui.pyd () MOD - C:\Programme\ubuntuone\dist\PyQt4.QtCore.pyd () MOD - C:\Programme\ubuntuone\dist\sip.pyd () MOD - G:\Eigene Programme\F-Secure\Anti-Virus\minifilter\hashlib_x86.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll () MOD - G:\hardcopy\HcDllS.dll () MOD - C:\Programme\ubuntuone\dist\_ssl.pyd () MOD - C:\Programme\ubuntuone\dist\_hashlib.pyd () MOD - C:\Programme\ubuntuone\dist\_ctypes.pyd () MOD - C:\Programme\ubuntuone\dist\select.pyd () MOD - C:\Programme\ubuntuone\dist\unicodedata.pyd () MOD - C:\Programme\ubuntuone\dist\_socket.pyd () MOD - G:\hardcopy\HcDLL2_36_Win32.dll () MOD - C:\Programme\ubuntuone\dist\win32com.shell.shell.pyd () MOD - C:\Programme\ubuntuone\dist\pythoncom27.dll () MOD - C:\Programme\ubuntuone\dist\win32gui.pyd () MOD - C:\Programme\ubuntuone\dist\win32api.pyd () MOD - C:\Programme\ubuntuone\dist\win32trace.pyd () MOD - C:\Programme\ubuntuone\dist\win32security.pyd () MOD - C:\Programme\ubuntuone\dist\win32process.pyd () MOD - C:\Programme\ubuntuone\dist\win32pipe.pyd () MOD - C:\Programme\ubuntuone\dist\win32event.pyd () MOD - C:\Programme\ubuntuone\dist\win32file.pyd () MOD - C:\Programme\ubuntuone\dist\pywintypes27.dll () MOD - G:\hardcopy\hardcopy_04.dll () MOD - G:\Programme\Notepad++\plugins\NppFTP.dll () MOD - G:\Programme\Notepad++\plugins\NppExport.dll () MOD - C:\WINDOWS\system32\sbe.dll () MOD - G:\Eigene Programme\F-Secure\Spam Control\fsas.dll () MOD - \\?\g:\eigene programme\f-secure\hips\fsumi.dll () MOD - G:\Eigene Programme\F-Secure\FSGUI\strres.eng () MOD - G:\Eigene Programme\F-Secure\FSGUI\gres.dll () MOD - G:\Eigene Programme\F-Secure\FSGUI\fsavures.eng () MOD - G:\Eigene Programme\F-Secure\FSGUI\flyerres.eng () MOD - G:\Eigene Programme\F-Secure\FSGUI\about.dll () MOD - G:\Eigene Programme\F-Secure\FSGUI\aboutres.dll () MOD - G:\Eigene Programme\F-Secure\Anti-Virus\fsavhres.eng () MOD - g:\Eigene Programme\F-Secure\DAAS2\daas2.dll () MOD - C:\WINDOWS\system32\msdmo.dll () MOD - C:\Programme\Gemeinsame Dateien\Ulead Systems\AutoDetector\DetMethod.dll () MOD - C:\WINDOWS\system32\msjetoledb40.dll () MOD - C:\Programme\Sony\VAIO Camera Utility\VCULib.dll () MOD - C:\Programme\Intel\Wireless\Bin\Libeay32.dll () MOD - C:\Programme\Intel\Wireless\Bin\iWMSProv.dll () MOD - C:\Programme\Intel\Wireless\Bin\IntStngs.dll () MOD - C:\Programme\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe () MOD - C:\WINDOWS\system32\TosCommAPI.dll () MOD - C:\Programme\Sony\VAIO Event Service\VESBasePS.dll () MOD - C:\Programme\Adobe\Acrobat 7.0\Distillr\AdistRes.DEU () MOD - C:\WINDOWS\system32\TosBtHcrpAPI.dll () ========== Services (SafeList) ========== SRV - (HidServ) -- %SystemRoot%\System32\hidserv.dll File not found SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (TwonkyProxy) -- C:\Programme\Twonky\TwonkyServer\twonkyproxy.exe () SRV - (TwonkyWebDav) -- C:\Programme\Twonky\TwonkyServer\twonkywebdav.exe () SRV - (JavaQuickStarterService) -- C:\Programme\Java\jre7\bin\jqs.exe (Oracle Corporation) SRV - (FSORSPClient) -- G:\Eigene Programme\F-Secure\ORSP Client\fsorsp.exe (F-Secure Corporation) SRV - (VUAgent) -- C:\Programme\Sony\VAIO Update Common\VUAgent.exe (Sony Corporation) SRV - (STRATO HiDrive Service) -- G:\Programme\STRATO AG\STRATO HiDrive\STRATO HiDrive Service.exe (STRATO) SRV - (NAUpdate) -- C:\Programme\Nero\Update\NASvc.exe (Nero AG) SRV - (FSMA) -- G:\Eigene Programme\F-Secure\Common\FSMA32.EXE (F-Secure Corporation) SRV - (FSDFWD) -- G:\Eigene Programme\F-Secure\FWES\program\fsdfwd.exe (F-Secure Corporation) SRV - (F-Secure Gatekeeper Handler Starter) -- G:\Eigene Programme\F-Secure\Anti-Virus\fsgk32st.exe (F-Secure Corporation) SRV - (VAIOMediaPlatform-IntegratedServer-AppServer) -- C:\Programme\Sony\VAIO Media Integrated Server\VMISrv.exe (Sony Corporation) SRV - (VAIOMediaPlatform-IntegratedServer-UPnP) -- C:\Programme\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe (Sony Corporation) SRV - (VAIOMediaPlatform-IntegratedServer-HTTP) -- C:\Programme\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe (Sony Corporation) SRV - (VAIOMediaPlatform-Mobile-Gateway) -- C:\Programme\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe (Sony Corporation) SRV - (VAIO Entertainment TV Device Arbitration Service) -- C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe (Sony Corporation) SRV - (SSScsiSV) -- C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\SSScsiSV.exe (Sony Corporation) SRV - (AdobeActiveFileMonitor4.0) -- C:\Programme\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe () SRV - (VzCdbSvc) -- C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe (Sony Corporation) SRV - (VzFw) -- C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe (Sony Corporation) SRV - (Vcsw) -- C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe (Sony Corporation) SRV - (MSCSPTISRV) -- C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\MSCSPTISRV.exe (Sony Corporation) SRV - (PACSPTISVR) -- C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\PACSPTISVR.exe (Sony Corporation) SRV - (SPTISRV) -- C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\SPTISRV.exe (Sony Corporation) SRV - (Image Converter video recording monitor for VAIO Entertainment) -- C:\Programme\Sony\Image Converter 2\IcVzMon.exe (Sony Corporation) SRV - (VAIO Event Service) -- C:\Programme\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation) SRV - (VCI) -- C:\Programme\Sony\VAIO Cooperated Initialisation\VCI_svc.exe (Sony Corporation) ========== Driver Services (SafeList) ========== DRV - (WDICA) -- File not found DRV - (PDRFRAME) -- File not found DRV - (PDRELI) -- File not found DRV - (PDFRAME) -- File not found DRV - (PDCOMP) -- File not found DRV - (PCIDump) -- File not found DRV - (lbrtfdc) -- File not found DRV - (i2omgmt) -- File not found DRV - (esihdrv) -- C:\DOKUME~1\Wolfgang\LOKALE~1\Temp\esihdrv.sys File not found DRV - (Changer) -- File not found DRV - (catchme) -- C:\DOKUME~1\Wolfgang\LOKALE~1\Temp\catchme.sys File not found DRV - (F-Secure Gatekeeper) -- G:\Eigene Programme\F-Secure\Anti-Virus\minifilter\fsgk.sys () DRV - (fsbts) -- C:\WINDOWS\system32\drivers\fsbts.sys () DRV - (NBVol) -- C:\WINDOWS\system32\drivers\NBVol.sys (Nero AG) DRV - (NBVolUp) -- C:\WINDOWS\system32\drivers\NBVolUp.sys (Nero AG) DRV - (tap0901) -- C:\WINDOWS\system32\drivers\tap0901.sys (The OpenVPN Project) DRV - (F-Secure HIPS) -- G:\Eigene Programme\F-Secure\HIPS\drivers\fshs.sys (F-Secure Corporation) DRV - (FSFW) -- C:\WINDOWS\system32\drivers\fsdfw.sys (F-Secure Corporation) DRV - (F-Secure Filter) -- G:\Eigene Programme\F-Secure\Anti-Virus\win2k\fsfilter.sys () DRV - (F-Secure Recognizer) -- G:\Eigene Programme\F-Secure\Anti-Virus\win2k\fsrec.sys () DRV - (WDC_SAM) -- C:\WINDOWS\system32\drivers\wdcsam.sys (Western Digital Technologies) DRV - (SonyImgF) -- C:\WINDOWS\system32\drivers\SonyImgF.sys (Sony Corporation) DRV - (s24trans) -- C:\WINDOWS\system32\drivers\s24trans.sys (Intel Corporation) DRV - (w39n51) -- C:\WINDOWS\system32\drivers\w39n51.sys (Intel® Corporation) DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (SigmaTel, Inc.) DRV - (Tosrfusb) -- C:\WINDOWS\system32\drivers\tosrfusb.sys (TOSHIBA CORPORATION) DRV - (TosRfSnd) -- C:\WINDOWS\system32\drivers\tosrfsnd.sys (TOSHIBA Corporation) DRV - (usbvm321) -- C:\WINDOWS\system32\drivers\usbvm321.sys (Vimicro Corporation) DRV - (HSF_DPV) -- C:\WINDOWS\system32\drivers\HSF_DPV.sys (Conexant Systems, Inc.) DRV - (HSFHWAZL) -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys (Conexant Systems, Inc.) DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.) DRV - (Tosrfbd) -- C:\WINDOWS\system32\drivers\tosrfbd.sys (TOSHIBA CORPORATION) DRV - (Tosrfhid) -- C:\WINDOWS\system32\drivers\tosrfhid.sys (TOSHIBA Corporation.) DRV - (ti21sony) -- C:\WINDOWS\system32\drivers\ti21sony.sys (Texas Instruments) DRV - (SI3132) -- C:\WINDOWS\system32\drivers\SI3132.sys (Silicon Image, Inc.) DRV - (SiRemFil) -- C:\WINDOWS\system32\drivers\SiRemFil.sys (Silicon Image, Inc.) DRV - (tosporte) -- C:\WINDOWS\system32\drivers\tosporte.sys (TOSHIBA Corporation) DRV - (Tosrfbnp) -- C:\WINDOWS\system32\drivers\tosrfbnp.sys (TOSHIBA Corporation) DRV - (Tosrfcom) -- C:\WINDOWS\system32\drivers\tosrfcom.sys (TOSHIBA Corporation) DRV - (toshidpt) -- C:\WINDOWS\system32\drivers\toshidpt.sys (TOSHIBA Corporation.) DRV - (tosrfnds) -- C:\WINDOWS\system32\drivers\tosrfnds.sys (TOSHIBA Corporation.) DRV - (ApfiltrService) -- C:\WINDOWS\system32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.) DRV - (SiFilter) -- C:\WINDOWS\system32\drivers\SiWinAcc.sys (Silicon Image, Inc.) DRV - (DMICall) -- C:\WINDOWS\system32\drivers\DMICall.sys (Sony Corporation) DRV - (SNC) -- C:\WINDOWS\system32\drivers\SonyNC.sys (Sony Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.club-vaio.com/de/ IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.club-vaio.com/de/ IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-2067509887-573568312-3817669188-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKU\S-1-5-21-2067509887-573568312-3817669188-1006\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-2067509887-573568312-3817669188-1006\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-2067509887-573568312-3817669188-1006\..\SearchScopes\{0F9E37E5-7094-4B2A-BA63-45728792B28B}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=FKR&o=100000013&src=crm&q={searchTerms}&locale=&apn_ptnrs=2T&apn_dtid=YYYYYYYYDE&apn_uid=20f87da0-8a57-4582-a7cf-f83df4dd67e0&apn_sauid=E6103EC5-827E-45F3-9103-1CA704EF6625 IE - HKU\S-1-5-21-2067509887-573568312-3817669188-1006\..\SearchScopes\{AF0B3699-313C-47CE-B187-97C181997C92}: "URL" = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 IE - HKU\S-1-5-21-2067509887-573568312-3817669188-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "Ask.com" FF - prefs.js..browser.search.defaultenginename: "Ask.com" FF - prefs.js..browser.search.order.1: "Ask.com" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.startup.homepage: "hxxp://www.kottowski.de" FF - prefs.js..extensions.enabledAddons: spam%40trashmail.net:2.6.2 FF - prefs.js..extensions.enabledAddons: litmus-ff%40f-secure.com:1.10 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0 FF - prefs.js..keyword.URL: "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=FKR&o=100000013&locale=de_DE&apn_uid=20f87da0-8a57-4582-a7cf-f83df4dd67e0&apn_ptnrs=2T&apn_sauid=E6103EC5-827E-45F3-9103-1CA704EF6625&apn_dtid=YYYYYYYYDE&&q=" FF - prefs.js..network.proxy.type: 0 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Programme\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@Nero.com/KM: C:\PROGRA~1\GEMEIN~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.4: G:\Programme\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: G:\Programme\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101753.dll (Amazon.com, Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\litmus-ff@f-secure.com: G:\Eigene Programme\F-Secure\NRS\litmus-ff@f-secure.com [2013.01.03 20:18:32 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0\extensions\\Components: g:\programme\mozilla firefox\components [2013.01.10 20:43:04 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0\extensions\\Plugins: g:\programme\mozilla firefox\plugins [2012.06.10 19:48:52 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Wolfgang\Anwendungsdaten\Mozilla\Extensions [2012.12.02 20:03:37 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Wolfgang\Anwendungsdaten\Mozilla\Firefox\Profiles\jp8vstay.default\extensions [2012.10.24 21:55:03 | 000,000,000 | ---D | M] (Fotosketcher Toolbar) -- C:\Dokumente und Einstellungen\Wolfgang\Anwendungsdaten\Mozilla\Firefox\Profiles\jp8vstay.default\extensions\toolbar@ask.com [2012.12.02 20:03:37 | 000,217,069 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\Wolfgang\Anwendungsdaten\Mozilla\Firefox\Profiles\jp8vstay.default\extensions\spam@trashmail.net.xpi [2012.10.24 21:55:04 | 000,002,331 | ---- | M] () -- C:\Dokumente und Einstellungen\Wolfgang\Anwendungsdaten\Mozilla\Firefox\Profiles\jp8vstay.default\searchplugins\askcom.xml [2013.01.03 20:18:32 | 000,000,000 | ---D | M] ("urn:mozilla:install-manifest" em:creator="(c) 2007 by F-Secure" em:description="Browsing Protection Toolbar" em:homepageURL="hxxp://www.f-secure.com/" em:iconURL="chrome://litmus-ff/skin/logo.png" em:id="litmus-ff@f-secure.com" em:name="Browsing Protection" em:updateURL="https://10.70.0.25/fireup/update.rdf" em:version="1.10">) -- G:\EIGENE PROGRAMME\F-SECURE\NRS\LITMUS-FF@F-SECURE.COM O1 HOSTS File: ([2013.01.16 17:25:42 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Programme\Google\GoogleToolbar1.dll (Google Inc.) O2 - BHO: (Browsing Protection Class) - {C6867EB7-8350-4856-877F-93CF8AE3DC9C} - G:\Eigene Programme\F-Secure\NRS\iescript\baselitmus.dll (F-Secure Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Programme\Google\GoogleToolbar1.dll (Google Inc.) O3 - HKLM\..\Toolbar: (Browsing Protection Toolbar) - {265EEE8E-3228-44D3-AEA5-F7FDF5860049} - G:\Eigene Programme\F-Secure\NRS\iescript\baselitmus.dll (F-Secure Corporation) O3 - HKU\S-1-5-21-2067509887-573568312-3817669188-1006\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found. O3 - HKU\S-1-5-21-2067509887-573568312-3817669188-1006\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found. O3 - HKU\S-1-5-21-2067509887-573568312-3817669188-1006\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Programme\Google\GoogleToolbar1.dll (Google Inc.) O4 - HKLM..\Run: [Acrobat Assistant 7.0] C:\Programme\Adobe\Acrobat 7.0\Distillr\Acrotray.exe (Adobe Systems Inc.) O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [Apoint] C:\Programme\Apoint\Apoint.exe (Alps Electric Co., Ltd.) O4 - HKLM..\Run: [BoxSyncHelper] C:\Programme\Box Sync\BoxSyncHelper.exe (Box, Inc.) O4 - HKLM..\Run: [F-Secure Manager] G:\Eigene Programme\F-Secure\Common\FSM32.EXE (F-Secure Corporation) O4 - HKLM..\Run: [F-Secure TNB] G:\Eigene Programme\F-Secure\FSGUI\TNBUtil.exe (F-Secure Corporation) O4 - HKLM..\Run: [ISBMgr.exe] C:\Programme\Sony\ISB Utility\ISBMgr.exe (Sony Corporation) O4 - HKLM..\Run: [Mouse Suite 98 Daemon] C:\WINDOWS\System32\ico.exe (Primax Electronics Ltd.) O4 - HKLM..\Run: [NBAgent] C:\Programme\Nero\Nero 11\Nero BackItUp\NBAgent.exe (Nero AG) O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [PDFPrint] G:\Programme\PDF24\pdf24.exe (Geek Software GmbH) O4 - HKLM..\Run: [SonyPowerCfg] C:\Programme\Sony\VAIO Power Management\SPMgr.exe (Sony Corporation) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) O4 - HKLM..\Run: [Switcher.exe] C:\Programme\Sony\Wireless Switch Setting Utility\Switcher.exe (Sony Corporation) O4 - HKLM..\Run: [Ulead AutoDetector v2] C:\Programme\Gemeinsame Dateien\Ulead Systems\AutoDetector\Monitor.exe (Ulead Systems, Inc.) O4 - HKLM..\Run: [VAIO Update 5] C:\Programme\Sony\VAIO Update 5\VAIOUpdt.exe (Sony Corporation) O4 - HKLM..\Run: [VAIOCameraUtility] C:\Programme\Sony\VAIO Camera Utility\VCUServe.exe (Sony Corporation) O4 - HKU\S-1-5-21-2067509887-573568312-3817669188-1006..\Run: [Software Informer] C:\Programme\Software Informer\softinfo.exe (Informer Technologies, Inc.) O4 - HKU\S-1-5-21-2067509887-573568312-3817669188-1006..\Run: [Ubuntu One] C:\Programme\ubuntuone\dist\ubuntuone-syncdaemon.exe () O4 - HKU\S-1-5-21-2067509887-573568312-3817669188-1006..\Run: [Ubuntu One Icon] C:\Programme\ubuntuone\dist\ubuntuone-control-panel-qt.exe () O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Bluetooth Manager.lnk = C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe () O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Box Sync.lnk = C:\Programme\Box Sync\BoxSync.exe (Box, Inc.) O4 - Startup: C:\Dokumente und Einstellungen\Wolfgang\Startmenü\Programme\Autostart\Hardcopy.LNK = G:\hardcopy\hardcopy.exe (sw4you, Siegfried Weckmann) O4 - Startup: C:\Dokumente und Einstellungen\Wolfgang\Startmenü\Programme\Autostart\Twonky 7.1.lnk = C:\Programme\Twonky\TwonkyServer\twonkytray.exe (PacketVideo) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-2067509887-573568312-3817669188-1006\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-2067509887-573568312-3817669188-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\S-1-5-21-2067509887-573568312-3817669188-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-21-2067509887-573568312-3817669188-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: &Google-Suche - C:\Programme\Google\GoogleToolbar1.dll (Google Inc.) O8 - Extra context menu item: &Ins Deutsche übersetzen - C:\Programme\Google\GoogleToolbar1.dll (Google Inc.) O8 - Extra context menu item: Ähnliche Seiten - C:\Programme\Google\GoogleToolbar1.dll (Google Inc.) O8 - Extra context menu item: Im Cache gespeicherte Seite - C:\Programme\Google\GoogleToolbar1.dll (Google Inc.) O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Verweisseiten - C:\Programme\Google\GoogleToolbar1.dll (Google Inc.) O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_05\bin\NPJPI150_05.dll (Sun Microsystems, Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - G:\Eigene Programme\F-Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - G:\Eigene Programme\F-Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - G:\Eigene Programme\F-Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - G:\Eigene Programme\F-Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation) O15 - HKU\.DEFAULT\..Trusted Domains: sony-europe.com ([] in Lokales Intranet) O15 - HKU\.DEFAULT\..Trusted Domains: sony-europe.com ([]* in Vertrauenswürdige Sites) O15 - HKU\.DEFAULT\..Trusted Domains: sonystyle-europe.com ([] in Lokales Intranet) O15 - HKU\.DEFAULT\..Trusted Domains: sonystyle-europe.com ([]* in Vertrauenswürdige Sites) O15 - HKU\.DEFAULT\..Trusted Domains: vaio-link.com ([] in Lokales Intranet) O15 - HKU\.DEFAULT\..Trusted Domains: vaio-link.com ([]* in Vertrauenswürdige Sites) O15 - HKU\S-1-5-18\..Trusted Domains: sony-europe.com ([] in Lokales Intranet) O15 - HKU\S-1-5-18\..Trusted Domains: sony-europe.com ([]* in Vertrauenswürdige Sites) O15 - HKU\S-1-5-18\..Trusted Domains: sonystyle-europe.com ([] in Lokales Intranet) O15 - HKU\S-1-5-18\..Trusted Domains: sonystyle-europe.com ([]* in Vertrauenswürdige Sites) O15 - HKU\S-1-5-18\..Trusted Domains: vaio-link.com ([] in Lokales Intranet) O15 - HKU\S-1-5-18\..Trusted Domains: vaio-link.com ([]* in Vertrauenswürdige Sites) O15 - HKU\S-1-5-21-2067509887-573568312-3817669188-1006\..Trusted Domains: sony-europe.com ([]* in Trusted sites) O15 - HKU\S-1-5-21-2067509887-573568312-3817669188-1006\..Trusted Domains: sonystyle-europe.com ([]* in Trusted sites) O15 - HKU\S-1-5-21-2067509887-573568312-3817669188-1006\..Trusted Domains: vaio-link.com ([]* in Trusted sites) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab (Reg Error: Value error.) O16 - DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab (Java Plug-in 1.5.0_05) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D736588D-959B-4DE4-8835-3D3DDD703445}: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\VESWinlogon: DllName - (VESWinlogon.dll) - C:\WINDOWS\System32\VESWinlogon.dll (Sony Corporation) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: C:\WINDOWS\VAIO Sea Wallpaper TrueColor 1280x800.bmp O24 - Desktop BackupWallPaper: C:\WINDOWS\VAIO Sea Wallpaper TrueColor 1280x800.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2005.12.12 17:40:12 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - F:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2013.01.16 17:22:01 | 000,000,000 | ---D | C] -- C:\_OTL [2013.01.10 19:53:32 | 000,000,000 | -HSD | C] -- C:\RECYCLER [2013.01.10 01:04:17 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\mbar-1.01.0.1011 [2013.01.09 21:40:45 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Wolfgang\Anwendungsdaten\Opera [2013.01.09 21:31:25 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Wolfgang\Lokale Einstellungen\Anwendungsdaten\PCHealth [2013.01.08 22:49:57 | 000,000,000 | RHSD | C] -- C:\cmdcons [2013.01.08 22:46:23 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe [2013.01.08 22:46:23 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe [2013.01.08 22:46:22 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe [2013.01.08 22:46:22 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe [2013.01.08 22:45:53 | 000,000,000 | ---D | C] -- C:\Qoobox [2013.01.08 22:45:50 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\Wolfgang\Startmenü\Programme\Verwaltung [2013.01.08 22:45:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt [2013.01.08 22:41:04 | 005,019,950 | R--- | C] (Swearware) -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\ComboFix.exe [2013.01.06 17:50:24 | 002,213,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\tdsskiller.exe [2013.01.06 17:02:38 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\aswMBR.exe [2013.01.06 00:57:18 | 002,841,344 | ---- | C] (ESET) -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\SysInspector.exe [2013.01.04 18:58:43 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\OTL.exe [2013.01.03 21:53:20 | 000,000,000 | ---D | C] -- C:\Programme\ESET [2013.01.03 00:30:55 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Wolfgang\Anwendungsdaten\Malwarebytes [2013.01.03 00:30:32 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware [2013.01.03 00:30:29 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes [2013.01.03 00:30:25 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2013.01.03 00:30:25 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2013.01.02 22:16:19 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Wolfgang\Anwendungsdaten\F-Secure [2012.12.22 19:33:58 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Wolfgang\Startmenü\Programme\The GodFather [2012.12.22 01:54:27 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Wolfgang\Pictures - GT-P5100 [2012.12.22 00:34:45 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Wolfgang\Ubuntu One [2012.12.22 00:34:43 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Wolfgang\Lokale Einstellungen\Anwendungsdaten\ubuntuone [2012.12.22 00:34:31 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Wolfgang\Lokale Einstellungen\Anwendungsdaten\xdg [2012.12.22 00:34:31 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ubuntuone-storageprotocol [2012.12.22 00:34:31 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ubuntuone [2012.12.22 00:34:22 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Ubuntu One [2012.12.22 00:34:10 | 000,000,000 | ---D | C] -- C:\Programme\ubuntuone [2012.12.21 20:51:21 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Box Sync [2012.12.21 01:26:56 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen\Wolfgang\IECompatCache [2012.12.20 23:59:17 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Wolfgang\Lokale Einstellungen\Anwendungsdaten\IsolatedStorage [2012.12.20 23:57:37 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Western Digital [2012.12.20 23:37:20 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\WD Link [2012.12.20 21:16:52 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Wolfgang\Anwendungsdaten\TwonkyServer [2012.12.20 21:15:50 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\twonkyserver [2012.12.20 21:15:45 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Wolfgang\Startmenü\Programme\Twonky 7.1 [2012.12.20 21:15:32 | 000,000,000 | ---D | C] -- C:\Programme\Twonky [2012.12.20 20:39:37 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Wolfgang\Anwendungsdaten\MioNetApplet ========== Files - Modified Within 30 Days ========== [2013.01.17 13:38:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job [2013.01.17 13:29:59 | 000,041,156 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml [2013.01.17 13:29:37 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2013.01.17 13:29:34 | 2145,570,816 | -HS- | M] () -- C:\hiberfil.sys [2013.01.16 17:25:42 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts [2013.01.15 17:20:34 | 000,554,087 | ---- | M] () -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\adwcleaner.exe [2013.01.10 01:02:20 | 013,485,902 | ---- | M] () -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\mbar-1.01.0.1011.zip [2013.01.09 22:39:06 | 000,697,864 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe [2013.01.09 22:39:06 | 000,074,248 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl [2013.01.09 01:20:56 | 000,532,878 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat [2013.01.09 01:20:56 | 000,506,794 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2013.01.09 01:20:56 | 000,108,784 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat [2013.01.09 01:20:56 | 000,090,702 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2013.01.09 01:14:02 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2013.01.08 22:50:01 | 000,000,498 | RHS- | M] () -- C:\boot.ini [2013.01.08 22:40:54 | 005,019,950 | R--- | M] (Swearware) -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\ComboFix.exe [2013.01.07 23:24:51 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2013.01.06 17:50:28 | 002,213,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\tdsskiller.exe [2013.01.06 17:32:30 | 000,000,512 | ---- | M] () -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\MBR.dat [2013.01.06 17:03:30 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\aswMBR.exe [2013.01.06 06:33:34 | 006,009,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll [2013.01.06 00:57:24 | 002,841,344 | ---- | M] (ESET) -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\SysInspector.exe [2013.01.05 23:17:40 | 000,000,315 | ---- | M] () -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\F-Secure Health Check.url [2013.01.04 18:49:59 | 000,000,000 | ---- | M] () -- C:\Dokumente und Einstellungen\Wolfgang\defogger_reenable [2013.01.04 18:41:40 | 000,050,477 | ---- | M] () -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\Defogger.exe [2013.01.04 18:08:40 | 000,381,632 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2013.01.03 16:25:54 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\OTL.exe [2013.01.03 00:30:32 | 000,000,763 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk [2012.12.22 23:57:40 | 000,000,000 | ---- | M] () -- C:\1.htm [2012.12.22 23:39:23 | 000,007,026 | ---- | M] () -- C:\WINDOWS\cdplayer.ini [2012.12.22 19:40:20 | 000,000,609 | ---- | M] () -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\TheGodFather.lnk [2012.12.22 00:34:23 | 000,001,743 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Ubuntu One.lnk [2012.12.21 20:52:03 | 000,001,333 | ---- | M] () -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\My Box Files.lnk [2012.12.21 20:51:21 | 000,001,616 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Box Sync.lnk [2012.12.20 23:57:37 | 000,001,807 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\My Net View.lnk [2012.12.20 23:37:20 | 000,001,001 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\WD Link.lnk [2012.12.20 21:16:10 | 000,000,804 | ---- | M] () -- C:\Dokumente und Einstellungen\Wolfgang\Startmenü\Programme\Autostart\Twonky 7.1.lnk [2012.12.20 21:15:52 | 000,000,792 | ---- | M] () -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\Twonky 7.1.lnk ========== Files Created - No Company Name ========== [2013.01.15 17:20:35 | 000,554,087 | ---- | C] () -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\adwcleaner.exe [2013.01.10 01:01:49 | 013,485,902 | ---- | C] () -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\mbar-1.01.0.1011.zip [2013.01.08 22:49:59 | 000,262,448 | RHS- | C] () -- C:\cmldr [2013.01.08 22:46:23 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe [2013.01.08 22:46:23 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe [2013.01.08 22:46:23 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe [2013.01.08 22:46:22 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe [2013.01.08 22:46:22 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe [2013.01.06 17:32:30 | 000,000,512 | ---- | C] () -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\MBR.dat [2013.01.05 23:17:40 | 000,000,315 | ---- | C] () -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\F-Secure Health Check.url [2013.01.04 18:49:59 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\Wolfgang\defogger_reenable [2013.01.04 18:41:44 | 000,050,477 | ---- | C] () -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\Defogger.exe [2013.01.03 00:30:32 | 000,000,763 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk [2012.12.22 23:57:05 | 000,000,000 | ---- | C] () -- C:\1.htm [2012.12.22 19:40:20 | 000,000,609 | ---- | C] () -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\TheGodFather.lnk [2012.12.22 00:34:23 | 000,001,743 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Ubuntu One.lnk [2012.12.21 20:51:21 | 000,001,616 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Box Sync.lnk [2012.12.20 23:57:37 | 000,001,807 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\My Net View.lnk [2012.12.20 23:37:20 | 000,001,001 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\WD Link.lnk [2012.12.20 21:16:10 | 000,000,804 | ---- | C] () -- C:\Dokumente und Einstellungen\Wolfgang\Startmenü\Programme\Autostart\Twonky 7.1.lnk [2012.12.20 21:15:52 | 000,000,792 | ---- | C] () -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\Twonky 7.1.lnk [2012.11.07 22:23:10 | 000,003,396 | ---- | C] () -- C:\Dokumente und Einstellungen\Wolfgang\Lokale Einstellungen\Anwendungsdaten\recently-used.xbel [2012.10.10 21:11:33 | 000,001,158 | ---- | C] () -- C:\Dokumente und Einstellungen\Wolfgang\Anwendungsdaten\ShiftN.ini [2012.10.01 23:04:30 | 000,345,366 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\WPFFontCache_v0400-S-1-5-21-2067509887-573568312-3817669188-1007-0.dat [2012.07.23 22:16:08 | 013,476,602 | ---- | C] () -- C:\Dokumente und Einstellungen\Wolfgang\ZDFneo-Der_Adler_-_Codename__Sisyphus-120705_adler_sisyphus_neo.asx.asf [2012.07.22 20:14:51 | 000,000,030 | ---- | C] () -- C:\WINDOWS\Iedit_.INI [2012.07.22 19:51:26 | 000,120,200 | ---- | C] () -- C:\WINDOWS\System32\DLLDEV32i.dll [2012.07.22 19:46:39 | 000,007,119 | ---- | C] () -- C:\WINDOWS\mgxoschk.ini [2012.06.28 15:06:13 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll [2012.06.28 01:39:10 | 000,891,902 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\WPFFontCache_v0400-S-1-5-21-2067509887-573568312-3817669188-1006-0.dat [2012.06.28 01:39:08 | 000,345,366 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\WPFFontCache_v0400-System.dat [2012.06.26 21:04:22 | 000,007,026 | ---- | C] () -- C:\WINDOWS\cdplayer.ini [2012.06.26 20:09:31 | 000,044,240 | ---- | C] () -- C:\WINDOWS\System32\drivers\fsbts.sys [2012.06.10 20:11:28 | 000,000,166 | ---- | C] () -- C:\Dokumente und Einstellungen\Wolfgang\Anwendungsdaten\wklnhst.dat [2012.06.10 16:58:38 | 000,004,608 | ---- | C] () -- C:\Dokumente und Einstellungen\Wolfgang\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.06.10 16:36:14 | 000,000,272 | ---- | C] () -- C:\Dokumente und Einstellungen\Wolfgang\Anwendungsdaten\.backup.dm [2012.06.09 21:25:28 | 000,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2012.06.09 21:16:26 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\Cpuinf32.dll [2012.06.09 21:12:07 | 000,000,059 | ---- | C] () -- C:\WINDOWS\WININIT.INI [2012.06.09 21:05:27 | 000,000,146 | ---- | C] () -- C:\Dokumente und Einstellungen\Wolfgang\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat ========== ZeroAccess Check ========== [2005.12.12 17:36:51 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shdocvw.dll -- [2012.04.20 20:29:44 | 001,510,400 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.02.09 11:51:44 | 000,473,600 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2008.04.14 03:22:32 | 000,273,920 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both < End of report > Code:
ATTFilter OTL Extras logfile created on: 17.01.2013 13:49:18 - Run 6 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Dokumente und Einstellungen\Wolfgang\Desktop Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,10 Gb Available Physical Memory | 55,08% Memory free 3,85 Gb Paging File | 2,93 Gb Available in Paging File | 76,24% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 48,83 Gb Total Space | 27,39 Gb Free Space | 56,09% Space Free | Partition Type: NTFS Drive D: | 140,58 Gb Total Space | 125,15 Gb Free Space | 89,03% Space Free | Partition Type: FAT32 Drive F: | 48,83 Gb Total Space | 35,30 Gb Free Space | 72,30% Space Free | Partition Type: NTFS Drive G: | 75,89 Gb Total Space | 68,82 Gb Free Space | 90,68% Space Free | Partition Type: NTFS Drive J: | 50,27 Gb Total Space | 50,26 Gb Free Space | 100,00% Space Free | Partition Type: FAT32 Drive N: | 465,73 Gb Total Space | 115,08 Gb Free Space | 24,71% Space Free | Partition Type: NTFS Computer Name: LAPTOP-PC | User Name: Wolfgang | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* .url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l [HKEY_USERS\S-1-5-21-2067509887-573568312-3817669188-1006\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- g:\programme\mozilla firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* exefile [open] -- "%1" %* htmlfile [edit] -- Reg Error: Key error. InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "G:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN) Directory [CEWE FOTOSCHAU] -- "G:\Programme\CEWE COLOR\Mein CEWE FOTOBUCH\CEWE FOTOSCHAU.exe" -d "%1" () Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [Mein CEWE FOTOBUCH] -- "G:\Programme\CEWE COLOR\Mein CEWE FOTOBUCH\Mein CEWE FOTOBUCH.exe" "%1" () Directory [PlayWithVLC] -- "G:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr] "Start" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService] "Start" = 2 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List] "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation) "%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation) "C:\Programme\Adobe\Photoshop Elements 4.0\AdobePhotoshopElementsMediaServer.exe" = C:\Programme\Adobe\Photoshop Elements 4.0\AdobePhotoshopElementsMediaServer.exe:*:Disabled:Adobe Photoshop Elements Media Server -- () "%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation) "C:\Programme\Twonky\TwonkyServer\twonkystarter.exe" = C:\Programme\Twonky\TwonkyServer\twonkystarter.exe:*:Enabled:TwonkyServer -- (PacketVideo) "C:\Programme\Twonky\TwonkyServer\twonkyserver.exe" = C:\Programme\Twonky\TwonkyServer\twonkyserver.exe:*:Enabled:TwonkyServer -- () "C:\Programme\ubuntuone\dist\ubuntuone-syncdaemon.exe" = C:\Programme\ubuntuone\dist\ubuntuone-syncdaemon.exe:*:Enabled:Ubuntu One -- () ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{00F8608F-BA6A-4B32-843A-1A568ACD1198}" = VAIO Sea Wallpaper "{013E1BA8-C815-4E27-BCB9-D6B1B2E24094}" = SonicStage Mastering Studio Audio Filter Custom Preset "{01E9B2FF-DAF4-4529-9CC9-2101625517C7}" = nero.prerequisites.msi "{01FDC9FC-4D4F-4DB0-ACD1-D3E8E1D52902}" = Sony MP4 Shared Library "{034DCAF9-96E7-4936-9A07-712F80B5181E}" = Nero RescueAgent 11 "{0673654C-5296-453B-9798-B61CD7E03FEB}" = SES Driver "{0713D1F9-DD77-42C1-8C7D-54D479E2E743}" = Nero SoundTrax 11 "{075473F5-846A-448B-BCB3-104AA1760205}" = Roxio DigitalMedia Data "{0D7A4289-99CF-4B8D-B812-86BE50A54552}" = Nero Video 11 "{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1 "{11C98E1A-EC91-4B38-B44C-C562292D8453}" = Adobe Premiere Elements 2.0 "{11D3EF85-63E1-4AE4-A7C1-9241BDB16B51}" = Nero ControlCenter 11 "{1417F599-1DBD-4499-9375-B2813E9F890C}" = VAIO Camera Utility "{14DC0059-00F1-4F62-BD1A-AB23CD51A95E}" = Adobe AIR "{15803703-25FA-4C01-A062-3F4A59937E87}" = Ulead PhotoImpact X3 "{1BEF9285-5530-426B-A5F1-5836B95C7EB1}" = VAIO Original Screen Saver "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{2063C2E8-3812-4BBD-9998-6610F80C1DD4}" = VAIO Media AC3 Decoder 1.0 "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe "{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 9 "{27337663-2619-11D4-99DC-0000F49094C7}" = Memory Stick Formatter "{28C70D19-6DE9-43EF-BFA3-342F4A11B727}" = LibreOffice 3.5 "{2A0F3EF9-68EE-49E9-A05B-ED5B82DF63E5}" = Wireless Switch Setting Utility "{2AEDC172-479F-47AE-8A48-A0524D4AED5B}_is1" = Inpaint 4.7 "{2CA7225D-CB12-462A-9DD1-50319E158BA5}" = Nero 11 PiP Effects Basic "{3248F0A8-6813-11D6-A77B-00B0D0150050}" = J2SE Runtime Environment 5.0 Update 5 "{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{390757AA-8830-43DC-AEE0-4E5B6F8439EB}" = Nero SoundTrax 11 Help (CHM) "{3966711E-1F98-4C9F-AE0B-6AD28137FE64}" = Multiple Image Resizer .NET 4 "{3B418709-D688-4E3A-BE0E-7D71FA84C948}" = Nero 11 PiP Effects 1 "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{4382FC76-8100-4951-8658-31834E625E88}" = Nero 11 Video Transitions 1 "{498A4E3D-562E-4129-8722-6DCAB12384AE}" = Windows Communication Foundation Language Pack - DEU "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{529125EF-E3AC-4B74-97E6-F688A7C0F1BF}" = Paint.NET v3.5.10 "{53F7746A-96AA-49A5-86B8-59989680DAC5}" = Nero Burning ROM 11 Help (CHM) "{55C2143E-FBA5-442F-9AFA-726FF068F39D}" = Nero CoverDesigner 11 Help (CHM) "{560F6B2E-F0DF-44E5-8190-A4A161F0E205}" = VAIO Media 5.0 "{57F80ECF-E27C-4EEE-AB58-E971BACE2639}" = Nero Recode 11 Help (CHM) "{5855C127-1F20-404D-B7FB-1FD84D7EAB5E}" = VAIO Media Redistribution 5.0 "{59452470-A902-477F-9338-9B88101681BD}" = Setting Utility Series "{5958CAC6-373E-402F-84FE-0A699AA920B9}" = LAN Setting Utility "{5A212B2D-140D-46F4-B625-2D1CA5A00594}" = Nero 11 Kwik Themes Basic "{5BEE8F1F-BD32-4553-8107-500439E43BD7}" = VAIO Update "{5E940FC7-90C4-8583-3DCB-A2C86224B726}" = Shrink O’Matic "{5E98FDD6-3672-4DBE-AB8B-2C9A0BED1382}" = Nero 11 Disc Menus 3 "{60356853-8141-8377-6786-288431479053}" = Jewel Empire-Hidden Secrets "{61D6E4FB-1A62-4EB1-BE56-929B00C155CF}" = Wireless LAN Starter "{63B8FB69-A1B6-425D-B67D-5257B7A1F663}" = Image Converter 2 Plus "{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update "{668B1BD6-4593-4959-970E-249AFFE6F35C}" = VOR "{685BCC47-B8EC-45EC-BBCE-77DF2451502C}" = DVgate Plus "{6AB2427E-A18F-4809-9A12-29F5EBABBB3A}" = Nero BackItUp 11 Help (CHM) "{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 "{6B1F20F2-6321-4669-A58C-33DF8E7517FF}" = VAIO Entertainment Platform "{7228FD8C-3B9E-4204-AE36-8A466107685B}" = Windows Workflow Foundation DE Language Pack "{785EB1D4-ECEC-4195-99B4-73C47E187721}" = VAIO Media Integrated Server 5.0 "{7DF2B5EE-2C16-4E86-9C71-8678068AD805}" = Nero 11 Disc Menus 2 "{7F9C9908-69E3-4474-A081-256F27995A18}" = My Net View "{8014FACB-1D1D-48C2-94AA-E29EE2E6B9CE}" = Nero WaveEditor 11 "{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 4.9.0 "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{8937FCB2-2FC6-4FC3-9FB5-DE2C92DB9C38}" = Microsoft .NET Framework 2.0 Language Pack - DEU "{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr "{8EDBA74D-0686-4C99-BFDD-F894678E5102}" = Adobe Common File Installer "{8FFC924C-ED06-44CB-8867-3CA778ECE903}" = Adobe Help Center 2.0 "{9080C5D2-82FA-452A-87FA-CBB4B05D67A5}" = VPS "{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD for VAIO "{9193490D-5229-4FC4-9BB9-A6D63C09574A}" = High-Definition Video Playback "{92DF2F1B-F63C-4D9A-B3E1-B2D11AE29790}" = Windows Presentation Foundation Language Pack (DEU) "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9CC89556-3578-48DD-8408-04E66EBEF401}" = mXML "{9E319E96-ED8E-4B01-9775-C521A1869A25}" = VAIO Power Management "{9E407618-D9CD-4F39-9490-9ED45294073D}" = Click to DVD 2.0.03 Menu Data "{9FC86590-AC98-4845-80D4-3EB37B51947B}" = Nero 11 "{A0EB195B-5876-48E6-879D-33D4B2102610}" = SonicStage 3.3 "{A0F34849-D9AB-46DD-B1BE-BB0DB60B1FE8}" = Nero 11 Disc Menus 1 "{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}" = mDriver "{A2CDC001-F8B3-4C64-9E74-2E3FA0FAC9D9}" = Nero 11 Video Samples "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{A3810BEE-967B-41DC-9662-F941A3F7D689}" = calibre "{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio "{A4F6BE36-4826-45BA-A396-04F265A3B61D}" = Nero 11 Kwik Themes 2 "{A7A0BF2E-31CC-49E3-9913-52C503EB969D}" = Nero Audio Pack 1 "{AB2BBC64-8AC8-4E66-BBF3-E22D5EACEECA}" = Nero BackItUp 11 "{AB467B85-4F52-48C2-AEED-0673D00417B0}" = SonicStage Mastering Studio Audio Filter "{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Roxio DigitalMedia Audio "{ABBD2A2E-2424-4078-966F-F319A88D5F21}" = VAIO Starfish Wallpaper "{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.5) - Deutsch "{ACD6B383-EC5B-4000-A455-CCB308B447FE}" = Nero 11 Kwik Themes 4 "{AF9A04EB-7D8E-41DE-9EDE-4AB9BB2B71B6}" = VAIO Media Registration Tool 5.0 "{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Roxio DigitalMedia Copy "{B160A672-F326-4414-9BB0-A056C61B357C}" = Nero 11 Cliparts "{B1846721-A8E6-46C7-83B6-0DCF7ADB4267}" = Nero Burning ROM 11 "{B1F69AF3-B5B5-4CA5-ADC5-8A738EB6E574}" = Nero 11 Kwik Themes 1 "{B26E3B0D-C2FA-4370-B068-7C476766F029}" = Microsoft Works "{B3F1E526-180B-4480-9FEC-3E2DCB8EA9CE}" = F-Secure PSC Prerequisites "{B7C03E84-AF46-42F4-809D-D4127D9086D0}" = VAIO Edit Components 6.0 "{B9B1BA7F-7E07-49DD-A713-5B397A5BB66B}" = Nero Kwik Media Help (CHM) "{BA499CC0-12C0-4BA5-9007-76844B721158}" = Nero 11 Kwik Themes 3 "{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation "{BE56FEF0-1A0F-4719-B3AD-34B5087AFA6D}" = Sony Video Shared Library "{BE814218-3919-4EA3-868A-2F60BC135CB4}" = Nero Kwik Media "{BEBEE34D-84A2-4EDD-8BEA-96CC54371263}" = Nero Core Components 11 "{BF3B304B-8A18-452D-A19F-6012CA8418D7}" = SonicStage Mastering Studio 2.1 "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{C27BF761-C499-488D-A964-A3718BC6EC3E}" = DSD Direct "{C89EB8CD-675F-44F4-9729-4C9A8FAC2D4F}" = DSD Playback Plug-In 1.0 "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CCE210DF-7EEF-4A76-A63C-3EB091FDB992}" = welcome "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{CE518445-0054-44F8-8315-2AD45BF3701E}" = Raw Therapee V4.0.9.50 x86 "{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba "{D010EBB6-6CDB-4360-90ED-743156F3E11F}" = LibreOffice 3.5 Help Pack (German) "{D01CE99A-8802-483C-A79F-298B691EB432}" = Nero RescueAgent 11 Help (CHM) "{D2CBEFA4-F2D3-4E97-A171-8BFD6A31A5EC}" = Nero Express 11 Help (CHM) "{D2D23D08-D10E-43D6-883C-78E0B2AC9CC6}" = VU5x86 "{D4D66270-9147-4BDF-9946-FCA2B303AA8F}" = Nero ControlCenter 11 Help (CHM) "{E09B48B5-E141-427A-AB0C-D3605127224A}" = Microsoft SQL Server Desktop Engine (VAIO_VEDB) "{E10AAE4A-98B8-420A-BD93-E0520C23D624}" = Nero Express 11 "{E4715C25-7114-4F40-A915-C1951D4D7520}" = VAIO Update Merge Module x86 "{E51BC4B0-EA5E-49CC-AF3B-93B5C627EC22}" = Nero 11 Effects Basic "{E5E6E687-1031-0000-0000-000000000002}" = Adobe Acrobat 7.0 Elements - Deutsch "{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack "{E809063C-51A3-4269-8984-D1EB742F2151}" = Click to DVD 2.5.00 "{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore "{EB8DED20-A887-4A9C-BB5A-F3E7523DFB44}" = Nero WaveEditor 11 Help (CHM) "{EBB7C1C1-D439-4D9B-9FDC-954C10F266B0}" = Adobe Photoshop Elements 4.0 "{EE7EB179-5AA2-4B28-AC92-5CBAAF82BA7F}" = SonicStage Mastering Studio Plugins "{EF3D45BB-2260-4008-88EA-492E7744A9DF}" = Sony Utilities DLL "{F0AC2E59-2AD8-4D4C-8677-4EFE8F8AFC37}" = Box Sync "{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F0D85ADD-DD61-4B43-87A0-6DA52A211A8B}" = VAIO Event Service "{F2A7F421-1679-48D5-B918-96999014ED53}" = Microsoft .NET Framework 3.0 German Language Pack "{F3743A2C-5D5F-4456-8F98-5DF36A954C50}" = Nero 11 Image Samples "{F49EF443-B2BD-4F10-8A46-87AFCDB90EDD}" = Nero 11 Disc Menus Basic "{F5E4C38C-73BC-4D44-8BFC-969C2B4DABCA}" = OpenMG Secure Module 4.3.00 "{F69FB940-5031-4FE8-AFAD-085802D0BF63}" = Nero Recode 11 "{F8EF9B71-53E7-41F5-8E54-47B4C979CB38}" = Nero Backup Drivers "{FAC3C37E-EDAB-4F3A-A173-A7C70CC88F09}" = Nero Video 11 Help (CHM) "{FB714F13-10C9-48DB-91C9-DDBCCCBF9370}" = VAIO Original Screen Saver VAIO Cozy Screen SD Wide Contents "{FC37C108-821D-4EDE-8F40-D5B497586805}" = VAIO Control Center "{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe "{FF44BCE5-5A18-4051-85F0-BC172D7B4695}" = Nero CoverDesigner 11 "7-Zip" = 7-Zip 9.20 "Adobe Acrobat 7.0 Elements - Deutsch" = Adobe Acrobat 7.0 Elements - Deutsch "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Adobe Photoshop Elements 4" = Adobe Photoshop Elements 4.0 "Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.17 "CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_20030003" = HDAUDIO SoftV92 Data Fax Modem with SmartCP "Digital Editions" = Adobe Digital Editions "ESET Online Scanner" = ESET Online Scanner v3 "Exact Audio Copy" = Exact Audio Copy 1.0beta3 "Exif-Viewer" = Exif-Viewer 2.51 "FastStone Photo Resizer" = FastStone Photo Resizer 3.1 "F-Secure Product 444" = F-Secure Internet Security 2009 "GIMP-2_is1" = GIMP 2.8.0 "Hardcopy(G__hardcopy)" = Hardcopy (G:\hardcopy) "HxD Hex Editor_is1" = HxD Hex Editor Version 1.7.7.0 "ie8" = Windows Internet Explorer 8 "Inkscape" = Inkscape 0.48.2 "InstallShield_{15803703-25FA-4C01-A062-3F4A59937E87}" = Ulead PhotoImpact X3 "InstallShield_{668B1BD6-4593-4959-970E-249AFFE6F35C}" = VAIO-Online-Registrierung (Deutsch) "InstallShield_{9080C5D2-82FA-452A-87FA-CBB4B05D67A5}" = VAIO Product Survey "InstallShield_{F5E4C38C-73BC-4D44-8BFC-969C2B4DABCA}" = OpenMG Secure Module 4.3.00 "MAGIX Xtreme Druck Center D" = MAGIX Xtreme Druck Center 5.0.0.7399 (D) "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100 "Mein CEWE FOTOBUCH" = Mein CEWE FOTOBUCH "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "Microsoft .NET Framework 2.0 Language Pack - DEU" = Microsoft .NET Framework 2.0 Language Pack - DEU "Microsoft .NET Framework 3.0 German Language Pack" = Microsoft .NET Framework 3.0 German Language Pack "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "MouseSuite98" = Sony USB Mouse "Mozilla Firefox 18.0 (x86 de)" = Mozilla Firefox 18.0 (x86 de) "MozillaMaintenanceService" = Mozilla Maintenance Service "MP4 To MP3 Converter_is1" = MP4 To MP3 Converter V3.0.4 "Multiple Image Resizer .NET 4" = Multiple Image Resizer .NET 4 "My Club VAIO Media Center Edition_is1" = My Club VAIO MCE (German) 1.0.1 "net.tw.air.ShrinkOMatic.7C34F9BA9FAD6689FAABBE85F1F5B46BA5A32DE5.1" = Shrink O’Matic "Notepad++" = Notepad++ "NVIDIA Drivers" = NVIDIA Drivers "OpenMG HotFix4.3-05-09-14-01" = OpenMG Limited Patch 4.3-05-10-05-01 "PremElem20" = Adobe Premiere Elements 2.0 "ProInst" = Intel(R) PROSet/Wireless Software "PROSet" = Intel(R) PRO Network Connections Drivers "ShiftN_is1" = ShiftN 3.6.1 "Software Informer_is1" = Software Informer 1.1 "STRATO HiDrive" = STRATO HiDrive (remove only) "The GodFather" = The GodFather "Ubuntu One 4.0.0" = Ubuntu One "UnderCoverXP_is1" = UnderCoverXP 1.23 "VLC media player" = VLC media player 2.0.4 "WD Link" = WD Link "WIC" = Windows Imaging Component "Windows Media Format Runtime" = Windows Media Format Runtime "Windows XP Service Pack" = Windows XP Service Pack 3 "XpsEPSC" = XML Paper Specification Shared Components Pack 1.0 "XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0 ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-2067509887-573568312-3817669188-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "TwonkyServer" = Twonky 7 ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 21.07.2012 16:55:28 | Computer Name = LAPTOP-PC | Source = Application Hang | ID = 1002 Description = Stillstehende Anwendung firefox.exe, Version 13.0.1.4548, Stillstandmodul hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000. Error - 21.07.2012 18:22:07 | Computer Name = LAPTOP-PC | Source = Application Hang | ID = 1002 Description = Stillstehende Anwendung firefox.exe, Version 13.0.1.4548, Stillstandmodul hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000. Error - 21.07.2012 18:27:20 | Computer Name = LAPTOP-PC | Source = Application Hang | ID = 1002 Description = Stillstehende Anwendung firefox.exe, Version 13.0.1.4548, Stillstandmodul hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000. Error - 23.07.2012 14:08:02 | Computer Name = LAPTOP-PC | Source = Application Error | ID = 1000 Description = Fehlgeschlagene Anwendung FlashPlayerUpdateService.exe, Version 11.3.300.265, fehlgeschlagenes Modul ntdll.dll, Version 5.1.2600.6055, Fehleradresse 0x000113c0. Error - 31.07.2012 16:08:18 | Computer Name = LAPTOP-PC | Source = Application Error | ID = 1000 Description = Fehlgeschlagene Anwendung FlashPlayerUpdateService.exe, Version 11.3.300.268, fehlgeschlagenes Modul ntdll.dll, Version 5.1.2600.6055, Fehleradresse 0x000113c0. Error - 07.08.2012 15:58:13 | Computer Name = LAPTOP-PC | Source = Application Hang | ID = 1002 Description = Stillstehende Anwendung pdf24-Editor.exe, Version 4.6.0.0, Stillstandmodul hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000. Error - 07.08.2012 16:03:45 | Computer Name = LAPTOP-PC | Source = Application Hang | ID = 1002 Description = Stillstehende Anwendung pdf24-Editor.exe, Version 4.6.0.0, Stillstandmodul hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000. Error - 07.08.2012 16:09:08 | Computer Name = LAPTOP-PC | Source = Application Hang | ID = 1002 Description = Stillstehende Anwendung pdf24-Editor.exe, Version 4.6.0.0, Stillstandmodul hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000. [ System Events ] Error - 16.01.2013 16:08:24 | Computer Name = LAPTOP-PC | Source = DCOM | ID = 10010 Description = Der Server "{4B635ECB-0887-4015-8CA6-D621362F98D1}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden. Error - 16.01.2013 16:38:55 | Computer Name = LAPTOP-PC | Source = DCOM | ID = 10010 Description = Der Server "{4B635ECB-0887-4015-8CA6-D621362F98D1}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden. Error - 16.01.2013 17:09:25 | Computer Name = LAPTOP-PC | Source = DCOM | ID = 10010 Description = Der Server "{4B635ECB-0887-4015-8CA6-D621362F98D1}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden. Error - 16.01.2013 17:38:53 | Computer Name = LAPTOP-PC | Source = DCOM | ID = 10010 Description = Der Server "{4B635ECB-0887-4015-8CA6-D621362F98D1}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden. Error - 16.01.2013 18:03:42 | Computer Name = LAPTOP-PC | Source = Windows Update Agent | ID = 20 Description = Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80070643 fehlgeschlagen: Sicherheitsupdate für Microsoft .NET Framework 1.1 SP1 unter Windows XP, Windows Vista und Windows Server 2008 x86 (KB2742597) Error - 17.01.2013 08:31:12 | Computer Name = LAPTOP-PC | Source = DCOM | ID = 10010 Description = Der Server "{4B635ECB-0887-4015-8CA6-D621362F98D1}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden. Error - 17.01.2013 08:32:43 | Computer Name = LAPTOP-PC | Source = DCOM | ID = 10010 Description = Der Server "{4B635ECB-0887-4015-8CA6-D621362F98D1}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden. Error - 17.01.2013 08:34:13 | Computer Name = LAPTOP-PC | Source = DCOM | ID = 10010 Description = Der Server "{4B635ECB-0887-4015-8CA6-D621362F98D1}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden. Error - 17.01.2013 08:35:43 | Computer Name = LAPTOP-PC | Source = DCOM | ID = 10010 Description = Der Server "{4B635ECB-0887-4015-8CA6-D621362F98D1}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden. Error - 17.01.2013 08:37:13 | Computer Name = LAPTOP-PC | Source = DCOM | ID = 10010 Description = Der Server "{4B635ECB-0887-4015-8CA6-D621362F98D1}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden. < End of report > |
17.01.2013, 14:02 | #29 |
| GVU-Trojaner erkannt und z. T. gelöscht Hallo Cosinus, hier nun die Kontrolle mit OTL: Gestartet wurde mit Doppelklick auf die OTL.exe., vorab war mittig der Haken bei "Scanne alle Benutzer" zu setzen. Ferner war minimaler Output und unter "Extra Registry" "Use SafeList" zu wählen. Das Programm startete, in dem links oben auf "Run Scan" geklickt wurde. Die nach Programmbeendigung erstellten 2 Logfiles sind in CODE-TAGS in den Thread zu posten (anbei). Vielen Dank für Deine Bemühungen. wolfk Code:
ATTFilter OTL logfile created on: 17.01.2013 13:49:18 - Run 6 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Dokumente und Einstellungen\Wolfgang\Desktop Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,10 Gb Available Physical Memory | 55,08% Memory free 3,85 Gb Paging File | 2,93 Gb Available in Paging File | 76,24% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 48,83 Gb Total Space | 27,39 Gb Free Space | 56,09% Space Free | Partition Type: NTFS Drive D: | 140,58 Gb Total Space | 125,15 Gb Free Space | 89,03% Space Free | Partition Type: FAT32 Drive F: | 48,83 Gb Total Space | 35,30 Gb Free Space | 72,30% Space Free | Partition Type: NTFS Drive G: | 75,89 Gb Total Space | 68,82 Gb Free Space | 90,68% Space Free | Partition Type: NTFS Drive J: | 50,27 Gb Total Space | 50,26 Gb Free Space | 100,00% Space Free | Partition Type: FAT32 Drive N: | 465,73 Gb Total Space | 115,08 Gb Free Space | 24,71% Space Free | Partition Type: NTFS Computer Name: LAPTOP-PC | User Name: Wolfgang | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - G:\Programme\mozilla firefox\firefox.exe (Mozilla Corporation) PRC - G:\Eigene Programme\F-Secure\Anti-Virus\fsav32.exe (F-Secure Corporation) PRC - G:\Eigene Programme\F-Secure\Anti-Virus\fssm32.exe (F-Secure Corporation) PRC - G:\Eigene Programme\F-Secure\Anti-Virus\fsgk32.exe (F-Secure Corporation) PRC - C:\Dokumente und Einstellungen\Wolfgang\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\Box Sync\BoxSyncHelper.exe (Box, Inc.) PRC - C:\Programme\Box Sync\BoxSync.exe (Box, Inc.) PRC - C:\Programme\ubuntuone\dist\ubuntu-sso-login.exe () PRC - C:\Programme\ubuntuone\dist\ubuntuone-syncdaemon.exe () PRC - C:\Programme\ubuntuone\dist\ubuntuone-proxy-tunnel.exe () PRC - C:\Programme\ubuntuone\dist\ubuntuone-control-panel-qt.exe () PRC - C:\Programme\Twonky\TwonkyServer\twonkyproxy.exe () PRC - C:\Programme\Twonky\TwonkyServer\twonkywebdav.exe () PRC - C:\Programme\Twonky\TwonkyServer\twonkytray.exe (PacketVideo) PRC - C:\Programme\Java\jre7\bin\jqs.exe (Oracle Corporation) PRC - G:\Programme\PDF24\pdf24.exe (Geek Software GmbH) PRC - G:\Programme\Notepad++\notepad++.exe (Don HO don.h@free.fr) PRC - C:\Programme\Gemeinsame Dateien\Java\Java Update\jucheck.exe (Sun Microsystems, Inc.) PRC - C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) PRC - G:\Eigene Programme\F-Secure\ORSP Client\fsorsp.exe (F-Secure Corporation) PRC - G:\hardcopy\hardcopy.exe (sw4you, Siegfried Weckmann) PRC - G:\Programme\STRATO AG\STRATO HiDrive\STRATO HiDrive Service.exe (STRATO) PRC - C:\Programme\Software Informer\softinfo.exe (Informer Technologies, Inc.) PRC - C:\Programme\Nero\Update\NASvc.exe (Nero AG) PRC - G:\Eigene Programme\F-Secure\Common\FSM32.EXE (F-Secure Corporation) PRC - G:\Eigene Programme\F-Secure\Common\FSMA32.EXE (F-Secure Corporation) PRC - G:\Eigene Programme\F-Secure\Common\FSHDLL32.EXE (F-Secure Corporation) PRC - G:\Eigene Programme\F-Secure\FWES\program\fsdfwd.exe (F-Secure Corporation) PRC - G:\Eigene Programme\F-Secure\Anti-Virus\fsgk32st.exe (F-Secure Corporation) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Gemeinsame Dateien\Ulead Systems\AutoDetector\Monitor.exe (Ulead Systems, Inc.) PRC - C:\Programme\Sony\VAIO Camera Utility\VCUServe.exe (Sony Corporation) PRC - C:\Programme\Sony\VAIO Power Management\SPMgr.exe (Sony Corporation) PRC - C:\Programme\Sony\Wireless Switch Setting Utility\Switcher.exe (Sony Corporation) PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.) PRC - C:\Programme\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe () PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe (TOSHIBA CORPORATION.) PRC - C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe (Sony Corporation) PRC - C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe (Sony Corporation) PRC - C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe (Sony Corporation) PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe (TOSHIBA CORPORATION.) PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe (TOSHIBA CORPORATION.) PRC - C:\Programme\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation) PRC - C:\Programme\Adobe\Acrobat 7.0\Distillr\acrotray.exe (Adobe Systems Inc.) PRC - C:\Programme\Apoint\Apoint.exe (Alps Electric Co., Ltd.) PRC - C:\Programme\Apoint\ApntEx.exe (Alps Electric Co., Ltd.) PRC - C:\Programme\Sony\ISB Utility\ISBMgr.exe (Sony Corporation) PRC - C:\WINDOWS\system32\ico.exe (Primax Electronics Ltd.) ========== Modules (No Company Name) ========== MOD - G:\Programme\mozilla firefox\mozjs.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\BoxSyncHelper\69a33ca4d86dd204a06bebc087d60b26\BoxSyncHelper.ni.exe () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Newtonsoft.Json.Net#\ad7f1ab6eb4d4760d6a44da93a726174\Newtonsoft.Json.Net20.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Python.Runtime\e504461905e60c71e7b15698bca2b340\Python.Runtime.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Management\1a6f9e23985e3159e6dd9827fd81c2fd\System.Management.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\ZetaLongPaths\79a6c14accd5a637a81f08525630c90e\ZetaLongPaths.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\BoxUtils\8fcb0e3bc42873044d8bb5ba01a4fd68\BoxUtils.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\BoxSync\a3b01b2b9821350be75712b900bf5589\BoxSync.ni.exe () MOD - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\5f287bf8e66e3b9bfc5562ad7e3c7857\System.Configuration.Install.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\d8e6b9c70a9456677c5d746fa603013f\System.Web.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\d7a2248a76f0e94d56c92c5bf96f5175\System.Runtime.Remoting.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Transactions\ad737988d5bde126a3b7770eacc51e5b\System.Transactions.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data\8462c03b4f10c4624feb95790d6d1e30\System.Data.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Accessibility\cbee94ec6a0fe649e3b4643cea6e1259\Accessibility.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\4c91371e83d124ecb39664613e7e0417\System.Windows.Forms.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\7782f356a838c403b4a8e9c80df5a577\System.Drawing.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Security\203f25ba39b45027d2d0c8f849a471db\System.Security.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\d8f621506aee1c8eb8fdb948d4640dca\System.Data.SqlXml.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\fe025743210c22bea2f009e1612c38bf\System.Xml.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\96b7a0136e9e72e8f4eb0230c20766d2\System.Configuration.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\aeac298c43c77d8860db8e7634d9f2eb\System.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\eab2340ead8e1a84bdf1a87868659979\mscorlib.ni.dll () MOD - C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll () MOD - C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll () MOD - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.DEU () MOD - C:\Programme\ubuntuone\dist\ubuntu-sso-login.exe () MOD - C:\Programme\ubuntuone\dist\ubuntuone-syncdaemon.exe () MOD - C:\Programme\ubuntuone\dist\ubuntuone-proxy-tunnel.exe () MOD - C:\Programme\ubuntuone\dist\ubuntuone-control-panel-qt.exe () MOD - C:\Programme\Twonky\TwonkyServer\twonkyproxy.exe () MOD - C:\Programme\Twonky\TwonkyServer\twonkywebdav.exe () MOD - C:\Programme\ubuntuone\dist\zope.interface._zope_interface_coptimizations.pyd () MOD - C:\Programme\ubuntuone\dist\OpenSSL.crypto.pyd () MOD - C:\Programme\ubuntuone\dist\OpenSSL.SSL.pyd () MOD - C:\Programme\ubuntuone\dist\OpenSSL.rand.pyd () MOD - C:\Programme\ubuntuone\dist\Crypto.Cipher.AES.pyd () MOD - C:\Programme\ubuntuone\dist\twisted.python._initgroups.pyd () MOD - C:\Programme\Box Sync\_ssl.pyd () MOD - C:\Programme\Box Sync\unicodedata.pyd () MOD - C:\Programme\Box Sync\sqlite3.dll () MOD - C:\Programme\Box Sync\_hashlib.pyd () MOD - C:\Programme\Box Sync\pyexpat.pyd () MOD - C:\Programme\Box Sync\win32file.pyd () MOD - C:\Programme\Box Sync\pywintypes27.dll () MOD - C:\Programme\Box Sync\win32security.pyd () MOD - C:\Programme\Box Sync\win32api.pyd () MOD - C:\Programme\Box Sync\_elementtree.pyd () MOD - C:\Programme\Box Sync\_ctypes.pyd () MOD - C:\Programme\Box Sync\_sqlite3.pyd () MOD - C:\Programme\Box Sync\_socket.pyd () MOD - C:\Programme\Box Sync\_testcapi.pyd () MOD - C:\Programme\Box Sync\_win32sysloader.pyd () MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Core\a2b1103ad3d9f329e0c9164994137c81\System.Core.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml\21071fcc838660d96f10920c4c3cd206\System.Xml.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Configuration\363b05dd092178671e56531a9c4999b6\System.Configuration.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System\3ff4657a86a0e14b4be577969e0ec762\System.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\mscorlib\52f4f785f7cf45a64606a8e13c8cf04c\mscorlib.ni.dll () MOD - C:\Programme\ubuntuone\dist\PyQt4.QtNetwork.pyd () MOD - C:\Programme\ubuntuone\dist\PyQt4.QtGui.pyd () MOD - C:\Programme\ubuntuone\dist\PyQt4.QtCore.pyd () MOD - C:\Programme\ubuntuone\dist\sip.pyd () MOD - G:\Eigene Programme\F-Secure\Anti-Virus\minifilter\hashlib_x86.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll () MOD - G:\hardcopy\HcDllS.dll () MOD - C:\Programme\ubuntuone\dist\_ssl.pyd () MOD - C:\Programme\ubuntuone\dist\_hashlib.pyd () MOD - C:\Programme\ubuntuone\dist\_ctypes.pyd () MOD - C:\Programme\ubuntuone\dist\select.pyd () MOD - C:\Programme\ubuntuone\dist\unicodedata.pyd () MOD - C:\Programme\ubuntuone\dist\_socket.pyd () MOD - G:\hardcopy\HcDLL2_36_Win32.dll () MOD - C:\Programme\ubuntuone\dist\win32com.shell.shell.pyd () MOD - C:\Programme\ubuntuone\dist\pythoncom27.dll () MOD - C:\Programme\ubuntuone\dist\win32gui.pyd () MOD - C:\Programme\ubuntuone\dist\win32api.pyd () MOD - C:\Programme\ubuntuone\dist\win32trace.pyd () MOD - C:\Programme\ubuntuone\dist\win32security.pyd () MOD - C:\Programme\ubuntuone\dist\win32process.pyd () MOD - C:\Programme\ubuntuone\dist\win32pipe.pyd () MOD - C:\Programme\ubuntuone\dist\win32event.pyd () MOD - C:\Programme\ubuntuone\dist\win32file.pyd () MOD - C:\Programme\ubuntuone\dist\pywintypes27.dll () MOD - G:\hardcopy\hardcopy_04.dll () MOD - G:\Programme\Notepad++\plugins\NppFTP.dll () MOD - G:\Programme\Notepad++\plugins\NppExport.dll () MOD - C:\WINDOWS\system32\sbe.dll () MOD - G:\Eigene Programme\F-Secure\Spam Control\fsas.dll () MOD - \\?\g:\eigene programme\f-secure\hips\fsumi.dll () MOD - G:\Eigene Programme\F-Secure\FSGUI\strres.eng () MOD - G:\Eigene Programme\F-Secure\FSGUI\gres.dll () MOD - G:\Eigene Programme\F-Secure\FSGUI\fsavures.eng () MOD - G:\Eigene Programme\F-Secure\FSGUI\flyerres.eng () MOD - G:\Eigene Programme\F-Secure\FSGUI\about.dll () MOD - G:\Eigene Programme\F-Secure\FSGUI\aboutres.dll () MOD - G:\Eigene Programme\F-Secure\Anti-Virus\fsavhres.eng () MOD - g:\Eigene Programme\F-Secure\DAAS2\daas2.dll () MOD - C:\WINDOWS\system32\msdmo.dll () MOD - C:\Programme\Gemeinsame Dateien\Ulead Systems\AutoDetector\DetMethod.dll () MOD - C:\WINDOWS\system32\msjetoledb40.dll () MOD - C:\Programme\Sony\VAIO Camera Utility\VCULib.dll () MOD - C:\Programme\Intel\Wireless\Bin\Libeay32.dll () MOD - C:\Programme\Intel\Wireless\Bin\iWMSProv.dll () MOD - C:\Programme\Intel\Wireless\Bin\IntStngs.dll () MOD - C:\Programme\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe () MOD - C:\WINDOWS\system32\TosCommAPI.dll () MOD - C:\Programme\Sony\VAIO Event Service\VESBasePS.dll () MOD - C:\Programme\Adobe\Acrobat 7.0\Distillr\AdistRes.DEU () MOD - C:\WINDOWS\system32\TosBtHcrpAPI.dll () ========== Services (SafeList) ========== SRV - (HidServ) -- %SystemRoot%\System32\hidserv.dll File not found SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (TwonkyProxy) -- C:\Programme\Twonky\TwonkyServer\twonkyproxy.exe () SRV - (TwonkyWebDav) -- C:\Programme\Twonky\TwonkyServer\twonkywebdav.exe () SRV - (JavaQuickStarterService) -- C:\Programme\Java\jre7\bin\jqs.exe (Oracle Corporation) SRV - (FSORSPClient) -- G:\Eigene Programme\F-Secure\ORSP Client\fsorsp.exe (F-Secure Corporation) SRV - (VUAgent) -- C:\Programme\Sony\VAIO Update Common\VUAgent.exe (Sony Corporation) SRV - (STRATO HiDrive Service) -- G:\Programme\STRATO AG\STRATO HiDrive\STRATO HiDrive Service.exe (STRATO) SRV - (NAUpdate) -- C:\Programme\Nero\Update\NASvc.exe (Nero AG) SRV - (FSMA) -- G:\Eigene Programme\F-Secure\Common\FSMA32.EXE (F-Secure Corporation) SRV - (FSDFWD) -- G:\Eigene Programme\F-Secure\FWES\program\fsdfwd.exe (F-Secure Corporation) SRV - (F-Secure Gatekeeper Handler Starter) -- G:\Eigene Programme\F-Secure\Anti-Virus\fsgk32st.exe (F-Secure Corporation) SRV - (VAIOMediaPlatform-IntegratedServer-AppServer) -- C:\Programme\Sony\VAIO Media Integrated Server\VMISrv.exe (Sony Corporation) SRV - (VAIOMediaPlatform-IntegratedServer-UPnP) -- C:\Programme\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe (Sony Corporation) SRV - (VAIOMediaPlatform-IntegratedServer-HTTP) -- C:\Programme\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe (Sony Corporation) SRV - (VAIOMediaPlatform-Mobile-Gateway) -- C:\Programme\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe (Sony Corporation) SRV - (VAIO Entertainment TV Device Arbitration Service) -- C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe (Sony Corporation) SRV - (SSScsiSV) -- C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\SSScsiSV.exe (Sony Corporation) SRV - (AdobeActiveFileMonitor4.0) -- C:\Programme\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe () SRV - (VzCdbSvc) -- C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe (Sony Corporation) SRV - (VzFw) -- C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe (Sony Corporation) SRV - (Vcsw) -- C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe (Sony Corporation) SRV - (MSCSPTISRV) -- C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\MSCSPTISRV.exe (Sony Corporation) SRV - (PACSPTISVR) -- C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\PACSPTISVR.exe (Sony Corporation) SRV - (SPTISRV) -- C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\SPTISRV.exe (Sony Corporation) SRV - (Image Converter video recording monitor for VAIO Entertainment) -- C:\Programme\Sony\Image Converter 2\IcVzMon.exe (Sony Corporation) SRV - (VAIO Event Service) -- C:\Programme\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation) SRV - (VCI) -- C:\Programme\Sony\VAIO Cooperated Initialisation\VCI_svc.exe (Sony Corporation) ========== Driver Services (SafeList) ========== DRV - (WDICA) -- File not found DRV - (PDRFRAME) -- File not found DRV - (PDRELI) -- File not found DRV - (PDFRAME) -- File not found DRV - (PDCOMP) -- File not found DRV - (PCIDump) -- File not found DRV - (lbrtfdc) -- File not found DRV - (i2omgmt) -- File not found DRV - (esihdrv) -- C:\DOKUME~1\Wolfgang\LOKALE~1\Temp\esihdrv.sys File not found DRV - (Changer) -- File not found DRV - (catchme) -- C:\DOKUME~1\Wolfgang\LOKALE~1\Temp\catchme.sys File not found DRV - (F-Secure Gatekeeper) -- G:\Eigene Programme\F-Secure\Anti-Virus\minifilter\fsgk.sys () DRV - (fsbts) -- C:\WINDOWS\system32\drivers\fsbts.sys () DRV - (NBVol) -- C:\WINDOWS\system32\drivers\NBVol.sys (Nero AG) DRV - (NBVolUp) -- C:\WINDOWS\system32\drivers\NBVolUp.sys (Nero AG) DRV - (tap0901) -- C:\WINDOWS\system32\drivers\tap0901.sys (The OpenVPN Project) DRV - (F-Secure HIPS) -- G:\Eigene Programme\F-Secure\HIPS\drivers\fshs.sys (F-Secure Corporation) DRV - (FSFW) -- C:\WINDOWS\system32\drivers\fsdfw.sys (F-Secure Corporation) DRV - (F-Secure Filter) -- G:\Eigene Programme\F-Secure\Anti-Virus\win2k\fsfilter.sys () DRV - (F-Secure Recognizer) -- G:\Eigene Programme\F-Secure\Anti-Virus\win2k\fsrec.sys () DRV - (WDC_SAM) -- C:\WINDOWS\system32\drivers\wdcsam.sys (Western Digital Technologies) DRV - (SonyImgF) -- C:\WINDOWS\system32\drivers\SonyImgF.sys (Sony Corporation) DRV - (s24trans) -- C:\WINDOWS\system32\drivers\s24trans.sys (Intel Corporation) DRV - (w39n51) -- C:\WINDOWS\system32\drivers\w39n51.sys (Intel® Corporation) DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (SigmaTel, Inc.) DRV - (Tosrfusb) -- C:\WINDOWS\system32\drivers\tosrfusb.sys (TOSHIBA CORPORATION) DRV - (TosRfSnd) -- C:\WINDOWS\system32\drivers\tosrfsnd.sys (TOSHIBA Corporation) DRV - (usbvm321) -- C:\WINDOWS\system32\drivers\usbvm321.sys (Vimicro Corporation) DRV - (HSF_DPV) -- C:\WINDOWS\system32\drivers\HSF_DPV.sys (Conexant Systems, Inc.) DRV - (HSFHWAZL) -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys (Conexant Systems, Inc.) DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.) DRV - (Tosrfbd) -- C:\WINDOWS\system32\drivers\tosrfbd.sys (TOSHIBA CORPORATION) DRV - (Tosrfhid) -- C:\WINDOWS\system32\drivers\tosrfhid.sys (TOSHIBA Corporation.) DRV - (ti21sony) -- C:\WINDOWS\system32\drivers\ti21sony.sys (Texas Instruments) DRV - (SI3132) -- C:\WINDOWS\system32\drivers\SI3132.sys (Silicon Image, Inc.) DRV - (SiRemFil) -- C:\WINDOWS\system32\drivers\SiRemFil.sys (Silicon Image, Inc.) DRV - (tosporte) -- C:\WINDOWS\system32\drivers\tosporte.sys (TOSHIBA Corporation) DRV - (Tosrfbnp) -- C:\WINDOWS\system32\drivers\tosrfbnp.sys (TOSHIBA Corporation) DRV - (Tosrfcom) -- C:\WINDOWS\system32\drivers\tosrfcom.sys (TOSHIBA Corporation) DRV - (toshidpt) -- C:\WINDOWS\system32\drivers\toshidpt.sys (TOSHIBA Corporation.) DRV - (tosrfnds) -- C:\WINDOWS\system32\drivers\tosrfnds.sys (TOSHIBA Corporation.) DRV - (ApfiltrService) -- C:\WINDOWS\system32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.) DRV - (SiFilter) -- C:\WINDOWS\system32\drivers\SiWinAcc.sys (Silicon Image, Inc.) DRV - (DMICall) -- C:\WINDOWS\system32\drivers\DMICall.sys (Sony Corporation) DRV - (SNC) -- C:\WINDOWS\system32\drivers\SonyNC.sys (Sony Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.club-vaio.com/de/ IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.club-vaio.com/de/ IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-2067509887-573568312-3817669188-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKU\S-1-5-21-2067509887-573568312-3817669188-1006\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-2067509887-573568312-3817669188-1006\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-2067509887-573568312-3817669188-1006\..\SearchScopes\{0F9E37E5-7094-4B2A-BA63-45728792B28B}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=FKR&o=100000013&src=crm&q={searchTerms}&locale=&apn_ptnrs=2T&apn_dtid=YYYYYYYYDE&apn_uid=20f87da0-8a57-4582-a7cf-f83df4dd67e0&apn_sauid=E6103EC5-827E-45F3-9103-1CA704EF6625 IE - HKU\S-1-5-21-2067509887-573568312-3817669188-1006\..\SearchScopes\{AF0B3699-313C-47CE-B187-97C181997C92}: "URL" = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 IE - HKU\S-1-5-21-2067509887-573568312-3817669188-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "Ask.com" FF - prefs.js..browser.search.defaultenginename: "Ask.com" FF - prefs.js..browser.search.order.1: "Ask.com" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.startup.homepage: "hxxp://www.kottowski.de" FF - prefs.js..extensions.enabledAddons: spam%40trashmail.net:2.6.2 FF - prefs.js..extensions.enabledAddons: litmus-ff%40f-secure.com:1.10 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0 FF - prefs.js..keyword.URL: "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=FKR&o=100000013&locale=de_DE&apn_uid=20f87da0-8a57-4582-a7cf-f83df4dd67e0&apn_ptnrs=2T&apn_sauid=E6103EC5-827E-45F3-9103-1CA704EF6625&apn_dtid=YYYYYYYYDE&&q=" FF - prefs.js..network.proxy.type: 0 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Programme\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@Nero.com/KM: C:\PROGRA~1\GEMEIN~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.4: G:\Programme\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: G:\Programme\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101753.dll (Amazon.com, Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\litmus-ff@f-secure.com: G:\Eigene Programme\F-Secure\NRS\litmus-ff@f-secure.com [2013.01.03 20:18:32 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0\extensions\\Components: g:\programme\mozilla firefox\components [2013.01.10 20:43:04 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0\extensions\\Plugins: g:\programme\mozilla firefox\plugins [2012.06.10 19:48:52 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Wolfgang\Anwendungsdaten\Mozilla\Extensions [2012.12.02 20:03:37 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Wolfgang\Anwendungsdaten\Mozilla\Firefox\Profiles\jp8vstay.default\extensions [2012.10.24 21:55:03 | 000,000,000 | ---D | M] (Fotosketcher Toolbar) -- C:\Dokumente und Einstellungen\Wolfgang\Anwendungsdaten\Mozilla\Firefox\Profiles\jp8vstay.default\extensions\toolbar@ask.com [2012.12.02 20:03:37 | 000,217,069 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\Wolfgang\Anwendungsdaten\Mozilla\Firefox\Profiles\jp8vstay.default\extensions\spam@trashmail.net.xpi [2012.10.24 21:55:04 | 000,002,331 | ---- | M] () -- C:\Dokumente und Einstellungen\Wolfgang\Anwendungsdaten\Mozilla\Firefox\Profiles\jp8vstay.default\searchplugins\askcom.xml [2013.01.03 20:18:32 | 000,000,000 | ---D | M] ("urn:mozilla:install-manifest" em:creator="(c) 2007 by F-Secure" em:description="Browsing Protection Toolbar" em:homepageURL="hxxp://www.f-secure.com/" em:iconURL="chrome://litmus-ff/skin/logo.png" em:id="litmus-ff@f-secure.com" em:name="Browsing Protection" em:updateURL="https://10.70.0.25/fireup/update.rdf" em:version="1.10">) -- G:\EIGENE PROGRAMME\F-SECURE\NRS\LITMUS-FF@F-SECURE.COM O1 HOSTS File: ([2013.01.16 17:25:42 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Programme\Google\GoogleToolbar1.dll (Google Inc.) O2 - BHO: (Browsing Protection Class) - {C6867EB7-8350-4856-877F-93CF8AE3DC9C} - G:\Eigene Programme\F-Secure\NRS\iescript\baselitmus.dll (F-Secure Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Programme\Google\GoogleToolbar1.dll (Google Inc.) O3 - HKLM\..\Toolbar: (Browsing Protection Toolbar) - {265EEE8E-3228-44D3-AEA5-F7FDF5860049} - G:\Eigene Programme\F-Secure\NRS\iescript\baselitmus.dll (F-Secure Corporation) O3 - HKU\S-1-5-21-2067509887-573568312-3817669188-1006\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found. O3 - HKU\S-1-5-21-2067509887-573568312-3817669188-1006\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found. O3 - HKU\S-1-5-21-2067509887-573568312-3817669188-1006\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Programme\Google\GoogleToolbar1.dll (Google Inc.) O4 - HKLM..\Run: [Acrobat Assistant 7.0] C:\Programme\Adobe\Acrobat 7.0\Distillr\Acrotray.exe (Adobe Systems Inc.) O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [Apoint] C:\Programme\Apoint\Apoint.exe (Alps Electric Co., Ltd.) O4 - HKLM..\Run: [BoxSyncHelper] C:\Programme\Box Sync\BoxSyncHelper.exe (Box, Inc.) O4 - HKLM..\Run: [F-Secure Manager] G:\Eigene Programme\F-Secure\Common\FSM32.EXE (F-Secure Corporation) O4 - HKLM..\Run: [F-Secure TNB] G:\Eigene Programme\F-Secure\FSGUI\TNBUtil.exe (F-Secure Corporation) O4 - HKLM..\Run: [ISBMgr.exe] C:\Programme\Sony\ISB Utility\ISBMgr.exe (Sony Corporation) O4 - HKLM..\Run: [Mouse Suite 98 Daemon] C:\WINDOWS\System32\ico.exe (Primax Electronics Ltd.) O4 - HKLM..\Run: [NBAgent] C:\Programme\Nero\Nero 11\Nero BackItUp\NBAgent.exe (Nero AG) O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [PDFPrint] G:\Programme\PDF24\pdf24.exe (Geek Software GmbH) O4 - HKLM..\Run: [SonyPowerCfg] C:\Programme\Sony\VAIO Power Management\SPMgr.exe (Sony Corporation) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) O4 - HKLM..\Run: [Switcher.exe] C:\Programme\Sony\Wireless Switch Setting Utility\Switcher.exe (Sony Corporation) O4 - HKLM..\Run: [Ulead AutoDetector v2] C:\Programme\Gemeinsame Dateien\Ulead Systems\AutoDetector\Monitor.exe (Ulead Systems, Inc.) O4 - HKLM..\Run: [VAIO Update 5] C:\Programme\Sony\VAIO Update 5\VAIOUpdt.exe (Sony Corporation) O4 - HKLM..\Run: [VAIOCameraUtility] C:\Programme\Sony\VAIO Camera Utility\VCUServe.exe (Sony Corporation) O4 - HKU\S-1-5-21-2067509887-573568312-3817669188-1006..\Run: [Software Informer] C:\Programme\Software Informer\softinfo.exe (Informer Technologies, Inc.) O4 - HKU\S-1-5-21-2067509887-573568312-3817669188-1006..\Run: [Ubuntu One] C:\Programme\ubuntuone\dist\ubuntuone-syncdaemon.exe () O4 - HKU\S-1-5-21-2067509887-573568312-3817669188-1006..\Run: [Ubuntu One Icon] C:\Programme\ubuntuone\dist\ubuntuone-control-panel-qt.exe () O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Bluetooth Manager.lnk = C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe () O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Box Sync.lnk = C:\Programme\Box Sync\BoxSync.exe (Box, Inc.) O4 - Startup: C:\Dokumente und Einstellungen\Wolfgang\Startmenü\Programme\Autostart\Hardcopy.LNK = G:\hardcopy\hardcopy.exe (sw4you, Siegfried Weckmann) O4 - Startup: C:\Dokumente und Einstellungen\Wolfgang\Startmenü\Programme\Autostart\Twonky 7.1.lnk = C:\Programme\Twonky\TwonkyServer\twonkytray.exe (PacketVideo) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-2067509887-573568312-3817669188-1006\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-2067509887-573568312-3817669188-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\S-1-5-21-2067509887-573568312-3817669188-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-21-2067509887-573568312-3817669188-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: &Google-Suche - C:\Programme\Google\GoogleToolbar1.dll (Google Inc.) O8 - Extra context menu item: &Ins Deutsche übersetzen - C:\Programme\Google\GoogleToolbar1.dll (Google Inc.) O8 - Extra context menu item: Ähnliche Seiten - C:\Programme\Google\GoogleToolbar1.dll (Google Inc.) O8 - Extra context menu item: Im Cache gespeicherte Seite - C:\Programme\Google\GoogleToolbar1.dll (Google Inc.) O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Verweisseiten - C:\Programme\Google\GoogleToolbar1.dll (Google Inc.) O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_05\bin\NPJPI150_05.dll (Sun Microsystems, Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - G:\Eigene Programme\F-Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - G:\Eigene Programme\F-Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - G:\Eigene Programme\F-Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - G:\Eigene Programme\F-Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation) O15 - HKU\.DEFAULT\..Trusted Domains: sony-europe.com ([] in Lokales Intranet) O15 - HKU\.DEFAULT\..Trusted Domains: sony-europe.com ([]* in Vertrauenswürdige Sites) O15 - HKU\.DEFAULT\..Trusted Domains: sonystyle-europe.com ([] in Lokales Intranet) O15 - HKU\.DEFAULT\..Trusted Domains: sonystyle-europe.com ([]* in Vertrauenswürdige Sites) O15 - HKU\.DEFAULT\..Trusted Domains: vaio-link.com ([] in Lokales Intranet) O15 - HKU\.DEFAULT\..Trusted Domains: vaio-link.com ([]* in Vertrauenswürdige Sites) O15 - HKU\S-1-5-18\..Trusted Domains: sony-europe.com ([] in Lokales Intranet) O15 - HKU\S-1-5-18\..Trusted Domains: sony-europe.com ([]* in Vertrauenswürdige Sites) O15 - HKU\S-1-5-18\..Trusted Domains: sonystyle-europe.com ([] in Lokales Intranet) O15 - HKU\S-1-5-18\..Trusted Domains: sonystyle-europe.com ([]* in Vertrauenswürdige Sites) O15 - HKU\S-1-5-18\..Trusted Domains: vaio-link.com ([] in Lokales Intranet) O15 - HKU\S-1-5-18\..Trusted Domains: vaio-link.com ([]* in Vertrauenswürdige Sites) O15 - HKU\S-1-5-21-2067509887-573568312-3817669188-1006\..Trusted Domains: sony-europe.com ([]* in Trusted sites) O15 - HKU\S-1-5-21-2067509887-573568312-3817669188-1006\..Trusted Domains: sonystyle-europe.com ([]* in Trusted sites) O15 - HKU\S-1-5-21-2067509887-573568312-3817669188-1006\..Trusted Domains: vaio-link.com ([]* in Trusted sites) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab (Reg Error: Value error.) O16 - DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab (Java Plug-in 1.5.0_05) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D736588D-959B-4DE4-8835-3D3DDD703445}: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\VESWinlogon: DllName - (VESWinlogon.dll) - C:\WINDOWS\System32\VESWinlogon.dll (Sony Corporation) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: C:\WINDOWS\VAIO Sea Wallpaper TrueColor 1280x800.bmp O24 - Desktop BackupWallPaper: C:\WINDOWS\VAIO Sea Wallpaper TrueColor 1280x800.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2005.12.12 17:40:12 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - F:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2013.01.16 17:22:01 | 000,000,000 | ---D | C] -- C:\_OTL [2013.01.10 19:53:32 | 000,000,000 | -HSD | C] -- C:\RECYCLER [2013.01.10 01:04:17 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\mbar-1.01.0.1011 [2013.01.09 21:40:45 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Wolfgang\Anwendungsdaten\Opera [2013.01.09 21:31:25 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Wolfgang\Lokale Einstellungen\Anwendungsdaten\PCHealth [2013.01.08 22:49:57 | 000,000,000 | RHSD | C] -- C:\cmdcons [2013.01.08 22:46:23 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe [2013.01.08 22:46:23 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe [2013.01.08 22:46:22 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe [2013.01.08 22:46:22 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe [2013.01.08 22:45:53 | 000,000,000 | ---D | C] -- C:\Qoobox [2013.01.08 22:45:50 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\Wolfgang\Startmenü\Programme\Verwaltung [2013.01.08 22:45:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt [2013.01.08 22:41:04 | 005,019,950 | R--- | C] (Swearware) -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\ComboFix.exe [2013.01.06 17:50:24 | 002,213,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\tdsskiller.exe [2013.01.06 17:02:38 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\aswMBR.exe [2013.01.06 00:57:18 | 002,841,344 | ---- | C] (ESET) -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\SysInspector.exe [2013.01.04 18:58:43 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\OTL.exe [2013.01.03 21:53:20 | 000,000,000 | ---D | C] -- C:\Programme\ESET [2013.01.03 00:30:55 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Wolfgang\Anwendungsdaten\Malwarebytes [2013.01.03 00:30:32 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware [2013.01.03 00:30:29 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes [2013.01.03 00:30:25 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2013.01.03 00:30:25 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2013.01.02 22:16:19 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Wolfgang\Anwendungsdaten\F-Secure [2012.12.22 19:33:58 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Wolfgang\Startmenü\Programme\The GodFather [2012.12.22 01:54:27 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Wolfgang\Pictures - GT-P5100 [2012.12.22 00:34:45 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Wolfgang\Ubuntu One [2012.12.22 00:34:43 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Wolfgang\Lokale Einstellungen\Anwendungsdaten\ubuntuone [2012.12.22 00:34:31 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Wolfgang\Lokale Einstellungen\Anwendungsdaten\xdg [2012.12.22 00:34:31 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ubuntuone-storageprotocol [2012.12.22 00:34:31 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ubuntuone [2012.12.22 00:34:22 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Ubuntu One [2012.12.22 00:34:10 | 000,000,000 | ---D | C] -- C:\Programme\ubuntuone [2012.12.21 20:51:21 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Box Sync [2012.12.21 01:26:56 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen\Wolfgang\IECompatCache [2012.12.20 23:59:17 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Wolfgang\Lokale Einstellungen\Anwendungsdaten\IsolatedStorage [2012.12.20 23:57:37 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Western Digital [2012.12.20 23:37:20 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\WD Link [2012.12.20 21:16:52 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Wolfgang\Anwendungsdaten\TwonkyServer [2012.12.20 21:15:50 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\twonkyserver [2012.12.20 21:15:45 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Wolfgang\Startmenü\Programme\Twonky 7.1 [2012.12.20 21:15:32 | 000,000,000 | ---D | C] -- C:\Programme\Twonky [2012.12.20 20:39:37 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Wolfgang\Anwendungsdaten\MioNetApplet ========== Files - Modified Within 30 Days ========== [2013.01.17 13:38:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job [2013.01.17 13:29:59 | 000,041,156 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml [2013.01.17 13:29:37 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2013.01.17 13:29:34 | 2145,570,816 | -HS- | M] () -- C:\hiberfil.sys [2013.01.16 17:25:42 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts [2013.01.15 17:20:34 | 000,554,087 | ---- | M] () -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\adwcleaner.exe [2013.01.10 01:02:20 | 013,485,902 | ---- | M] () -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\mbar-1.01.0.1011.zip [2013.01.09 22:39:06 | 000,697,864 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe [2013.01.09 22:39:06 | 000,074,248 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl [2013.01.09 01:20:56 | 000,532,878 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat [2013.01.09 01:20:56 | 000,506,794 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2013.01.09 01:20:56 | 000,108,784 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat [2013.01.09 01:20:56 | 000,090,702 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2013.01.09 01:14:02 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2013.01.08 22:50:01 | 000,000,498 | RHS- | M] () -- C:\boot.ini [2013.01.08 22:40:54 | 005,019,950 | R--- | M] (Swearware) -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\ComboFix.exe [2013.01.07 23:24:51 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2013.01.06 17:50:28 | 002,213,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\tdsskiller.exe [2013.01.06 17:32:30 | 000,000,512 | ---- | M] () -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\MBR.dat [2013.01.06 17:03:30 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\aswMBR.exe [2013.01.06 06:33:34 | 006,009,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll [2013.01.06 00:57:24 | 002,841,344 | ---- | M] (ESET) -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\SysInspector.exe [2013.01.05 23:17:40 | 000,000,315 | ---- | M] () -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\F-Secure Health Check.url [2013.01.04 18:49:59 | 000,000,000 | ---- | M] () -- C:\Dokumente und Einstellungen\Wolfgang\defogger_reenable [2013.01.04 18:41:40 | 000,050,477 | ---- | M] () -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\Defogger.exe [2013.01.04 18:08:40 | 000,381,632 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2013.01.03 16:25:54 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\OTL.exe [2013.01.03 00:30:32 | 000,000,763 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk [2012.12.22 23:57:40 | 000,000,000 | ---- | M] () -- C:\1.htm [2012.12.22 23:39:23 | 000,007,026 | ---- | M] () -- C:\WINDOWS\cdplayer.ini [2012.12.22 19:40:20 | 000,000,609 | ---- | M] () -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\TheGodFather.lnk [2012.12.22 00:34:23 | 000,001,743 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Ubuntu One.lnk [2012.12.21 20:52:03 | 000,001,333 | ---- | M] () -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\My Box Files.lnk [2012.12.21 20:51:21 | 000,001,616 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Box Sync.lnk [2012.12.20 23:57:37 | 000,001,807 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\My Net View.lnk [2012.12.20 23:37:20 | 000,001,001 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\WD Link.lnk [2012.12.20 21:16:10 | 000,000,804 | ---- | M] () -- C:\Dokumente und Einstellungen\Wolfgang\Startmenü\Programme\Autostart\Twonky 7.1.lnk [2012.12.20 21:15:52 | 000,000,792 | ---- | M] () -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\Twonky 7.1.lnk ========== Files Created - No Company Name ========== [2013.01.15 17:20:35 | 000,554,087 | ---- | C] () -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\adwcleaner.exe [2013.01.10 01:01:49 | 013,485,902 | ---- | C] () -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\mbar-1.01.0.1011.zip [2013.01.08 22:49:59 | 000,262,448 | RHS- | C] () -- C:\cmldr [2013.01.08 22:46:23 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe [2013.01.08 22:46:23 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe [2013.01.08 22:46:23 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe [2013.01.08 22:46:22 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe [2013.01.08 22:46:22 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe [2013.01.06 17:32:30 | 000,000,512 | ---- | C] () -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\MBR.dat [2013.01.05 23:17:40 | 000,000,315 | ---- | C] () -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\F-Secure Health Check.url [2013.01.04 18:49:59 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\Wolfgang\defogger_reenable [2013.01.04 18:41:44 | 000,050,477 | ---- | C] () -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\Defogger.exe [2013.01.03 00:30:32 | 000,000,763 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk [2012.12.22 23:57:05 | 000,000,000 | ---- | C] () -- C:\1.htm [2012.12.22 19:40:20 | 000,000,609 | ---- | C] () -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\TheGodFather.lnk [2012.12.22 00:34:23 | 000,001,743 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Ubuntu One.lnk [2012.12.21 20:51:21 | 000,001,616 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Box Sync.lnk [2012.12.20 23:57:37 | 000,001,807 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\My Net View.lnk [2012.12.20 23:37:20 | 000,001,001 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\WD Link.lnk [2012.12.20 21:16:10 | 000,000,804 | ---- | C] () -- C:\Dokumente und Einstellungen\Wolfgang\Startmenü\Programme\Autostart\Twonky 7.1.lnk [2012.12.20 21:15:52 | 000,000,792 | ---- | C] () -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\Twonky 7.1.lnk [2012.11.07 22:23:10 | 000,003,396 | ---- | C] () -- C:\Dokumente und Einstellungen\Wolfgang\Lokale Einstellungen\Anwendungsdaten\recently-used.xbel [2012.10.10 21:11:33 | 000,001,158 | ---- | C] () -- C:\Dokumente und Einstellungen\Wolfgang\Anwendungsdaten\ShiftN.ini [2012.10.01 23:04:30 | 000,345,366 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\WPFFontCache_v0400-S-1-5-21-2067509887-573568312-3817669188-1007-0.dat [2012.07.23 22:16:08 | 013,476,602 | ---- | C] () -- C:\Dokumente und Einstellungen\Wolfgang\ZDFneo-Der_Adler_-_Codename__Sisyphus-120705_adler_sisyphus_neo.asx.asf [2012.07.22 20:14:51 | 000,000,030 | ---- | C] () -- C:\WINDOWS\Iedit_.INI [2012.07.22 19:51:26 | 000,120,200 | ---- | C] () -- C:\WINDOWS\System32\DLLDEV32i.dll [2012.07.22 19:46:39 | 000,007,119 | ---- | C] () -- C:\WINDOWS\mgxoschk.ini [2012.06.28 15:06:13 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll [2012.06.28 01:39:10 | 000,891,902 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\WPFFontCache_v0400-S-1-5-21-2067509887-573568312-3817669188-1006-0.dat [2012.06.28 01:39:08 | 000,345,366 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\WPFFontCache_v0400-System.dat [2012.06.26 21:04:22 | 000,007,026 | ---- | C] () -- C:\WINDOWS\cdplayer.ini [2012.06.26 20:09:31 | 000,044,240 | ---- | C] () -- C:\WINDOWS\System32\drivers\fsbts.sys [2012.06.10 20:11:28 | 000,000,166 | ---- | C] () -- C:\Dokumente und Einstellungen\Wolfgang\Anwendungsdaten\wklnhst.dat [2012.06.10 16:58:38 | 000,004,608 | ---- | C] () -- C:\Dokumente und Einstellungen\Wolfgang\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.06.10 16:36:14 | 000,000,272 | ---- | C] () -- C:\Dokumente und Einstellungen\Wolfgang\Anwendungsdaten\.backup.dm [2012.06.09 21:25:28 | 000,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2012.06.09 21:16:26 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\Cpuinf32.dll [2012.06.09 21:12:07 | 000,000,059 | ---- | C] () -- C:\WINDOWS\WININIT.INI [2012.06.09 21:05:27 | 000,000,146 | ---- | C] () -- C:\Dokumente und Einstellungen\Wolfgang\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat ========== ZeroAccess Check ========== [2005.12.12 17:36:51 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shdocvw.dll -- [2012.04.20 20:29:44 | 001,510,400 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.02.09 11:51:44 | 000,473,600 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2008.04.14 03:22:32 | 000,273,920 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both < End of report > Code:
ATTFilter OTL Extras logfile created on: 17.01.2013 13:49:18 - Run 6 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Dokumente und Einstellungen\Wolfgang\Desktop Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,10 Gb Available Physical Memory | 55,08% Memory free 3,85 Gb Paging File | 2,93 Gb Available in Paging File | 76,24% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 48,83 Gb Total Space | 27,39 Gb Free Space | 56,09% Space Free | Partition Type: NTFS Drive D: | 140,58 Gb Total Space | 125,15 Gb Free Space | 89,03% Space Free | Partition Type: FAT32 Drive F: | 48,83 Gb Total Space | 35,30 Gb Free Space | 72,30% Space Free | Partition Type: NTFS Drive G: | 75,89 Gb Total Space | 68,82 Gb Free Space | 90,68% Space Free | Partition Type: NTFS Drive J: | 50,27 Gb Total Space | 50,26 Gb Free Space | 100,00% Space Free | Partition Type: FAT32 Drive N: | 465,73 Gb Total Space | 115,08 Gb Free Space | 24,71% Space Free | Partition Type: NTFS Computer Name: LAPTOP-PC | User Name: Wolfgang | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* .url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l [HKEY_USERS\S-1-5-21-2067509887-573568312-3817669188-1006\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- g:\programme\mozilla firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* exefile [open] -- "%1" %* htmlfile [edit] -- Reg Error: Key error. InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "G:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN) Directory [CEWE FOTOSCHAU] -- "G:\Programme\CEWE COLOR\Mein CEWE FOTOBUCH\CEWE FOTOSCHAU.exe" -d "%1" () Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [Mein CEWE FOTOBUCH] -- "G:\Programme\CEWE COLOR\Mein CEWE FOTOBUCH\Mein CEWE FOTOBUCH.exe" "%1" () Directory [PlayWithVLC] -- "G:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr] "Start" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService] "Start" = 2 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List] "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation) "%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation) "C:\Programme\Adobe\Photoshop Elements 4.0\AdobePhotoshopElementsMediaServer.exe" = C:\Programme\Adobe\Photoshop Elements 4.0\AdobePhotoshopElementsMediaServer.exe:*:Disabled:Adobe Photoshop Elements Media Server -- () "%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation) "C:\Programme\Twonky\TwonkyServer\twonkystarter.exe" = C:\Programme\Twonky\TwonkyServer\twonkystarter.exe:*:Enabled:TwonkyServer -- (PacketVideo) "C:\Programme\Twonky\TwonkyServer\twonkyserver.exe" = C:\Programme\Twonky\TwonkyServer\twonkyserver.exe:*:Enabled:TwonkyServer -- () "C:\Programme\ubuntuone\dist\ubuntuone-syncdaemon.exe" = C:\Programme\ubuntuone\dist\ubuntuone-syncdaemon.exe:*:Enabled:Ubuntu One -- () ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{00F8608F-BA6A-4B32-843A-1A568ACD1198}" = VAIO Sea Wallpaper "{013E1BA8-C815-4E27-BCB9-D6B1B2E24094}" = SonicStage Mastering Studio Audio Filter Custom Preset "{01E9B2FF-DAF4-4529-9CC9-2101625517C7}" = nero.prerequisites.msi "{01FDC9FC-4D4F-4DB0-ACD1-D3E8E1D52902}" = Sony MP4 Shared Library "{034DCAF9-96E7-4936-9A07-712F80B5181E}" = Nero RescueAgent 11 "{0673654C-5296-453B-9798-B61CD7E03FEB}" = SES Driver "{0713D1F9-DD77-42C1-8C7D-54D479E2E743}" = Nero SoundTrax 11 "{075473F5-846A-448B-BCB3-104AA1760205}" = Roxio DigitalMedia Data "{0D7A4289-99CF-4B8D-B812-86BE50A54552}" = Nero Video 11 "{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1 "{11C98E1A-EC91-4B38-B44C-C562292D8453}" = Adobe Premiere Elements 2.0 "{11D3EF85-63E1-4AE4-A7C1-9241BDB16B51}" = Nero ControlCenter 11 "{1417F599-1DBD-4499-9375-B2813E9F890C}" = VAIO Camera Utility "{14DC0059-00F1-4F62-BD1A-AB23CD51A95E}" = Adobe AIR "{15803703-25FA-4C01-A062-3F4A59937E87}" = Ulead PhotoImpact X3 "{1BEF9285-5530-426B-A5F1-5836B95C7EB1}" = VAIO Original Screen Saver "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{2063C2E8-3812-4BBD-9998-6610F80C1DD4}" = VAIO Media AC3 Decoder 1.0 "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe "{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 9 "{27337663-2619-11D4-99DC-0000F49094C7}" = Memory Stick Formatter "{28C70D19-6DE9-43EF-BFA3-342F4A11B727}" = LibreOffice 3.5 "{2A0F3EF9-68EE-49E9-A05B-ED5B82DF63E5}" = Wireless Switch Setting Utility "{2AEDC172-479F-47AE-8A48-A0524D4AED5B}_is1" = Inpaint 4.7 "{2CA7225D-CB12-462A-9DD1-50319E158BA5}" = Nero 11 PiP Effects Basic "{3248F0A8-6813-11D6-A77B-00B0D0150050}" = J2SE Runtime Environment 5.0 Update 5 "{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{390757AA-8830-43DC-AEE0-4E5B6F8439EB}" = Nero SoundTrax 11 Help (CHM) "{3966711E-1F98-4C9F-AE0B-6AD28137FE64}" = Multiple Image Resizer .NET 4 "{3B418709-D688-4E3A-BE0E-7D71FA84C948}" = Nero 11 PiP Effects 1 "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{4382FC76-8100-4951-8658-31834E625E88}" = Nero 11 Video Transitions 1 "{498A4E3D-562E-4129-8722-6DCAB12384AE}" = Windows Communication Foundation Language Pack - DEU "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{529125EF-E3AC-4B74-97E6-F688A7C0F1BF}" = Paint.NET v3.5.10 "{53F7746A-96AA-49A5-86B8-59989680DAC5}" = Nero Burning ROM 11 Help (CHM) "{55C2143E-FBA5-442F-9AFA-726FF068F39D}" = Nero CoverDesigner 11 Help (CHM) "{560F6B2E-F0DF-44E5-8190-A4A161F0E205}" = VAIO Media 5.0 "{57F80ECF-E27C-4EEE-AB58-E971BACE2639}" = Nero Recode 11 Help (CHM) "{5855C127-1F20-404D-B7FB-1FD84D7EAB5E}" = VAIO Media Redistribution 5.0 "{59452470-A902-477F-9338-9B88101681BD}" = Setting Utility Series "{5958CAC6-373E-402F-84FE-0A699AA920B9}" = LAN Setting Utility "{5A212B2D-140D-46F4-B625-2D1CA5A00594}" = Nero 11 Kwik Themes Basic "{5BEE8F1F-BD32-4553-8107-500439E43BD7}" = VAIO Update "{5E940FC7-90C4-8583-3DCB-A2C86224B726}" = Shrink O’Matic "{5E98FDD6-3672-4DBE-AB8B-2C9A0BED1382}" = Nero 11 Disc Menus 3 "{60356853-8141-8377-6786-288431479053}" = Jewel Empire-Hidden Secrets "{61D6E4FB-1A62-4EB1-BE56-929B00C155CF}" = Wireless LAN Starter "{63B8FB69-A1B6-425D-B67D-5257B7A1F663}" = Image Converter 2 Plus "{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update "{668B1BD6-4593-4959-970E-249AFFE6F35C}" = VOR "{685BCC47-B8EC-45EC-BBCE-77DF2451502C}" = DVgate Plus "{6AB2427E-A18F-4809-9A12-29F5EBABBB3A}" = Nero BackItUp 11 Help (CHM) "{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 "{6B1F20F2-6321-4669-A58C-33DF8E7517FF}" = VAIO Entertainment Platform "{7228FD8C-3B9E-4204-AE36-8A466107685B}" = Windows Workflow Foundation DE Language Pack "{785EB1D4-ECEC-4195-99B4-73C47E187721}" = VAIO Media Integrated Server 5.0 "{7DF2B5EE-2C16-4E86-9C71-8678068AD805}" = Nero 11 Disc Menus 2 "{7F9C9908-69E3-4474-A081-256F27995A18}" = My Net View "{8014FACB-1D1D-48C2-94AA-E29EE2E6B9CE}" = Nero WaveEditor 11 "{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 4.9.0 "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{8937FCB2-2FC6-4FC3-9FB5-DE2C92DB9C38}" = Microsoft .NET Framework 2.0 Language Pack - DEU "{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr "{8EDBA74D-0686-4C99-BFDD-F894678E5102}" = Adobe Common File Installer "{8FFC924C-ED06-44CB-8867-3CA778ECE903}" = Adobe Help Center 2.0 "{9080C5D2-82FA-452A-87FA-CBB4B05D67A5}" = VPS "{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD for VAIO "{9193490D-5229-4FC4-9BB9-A6D63C09574A}" = High-Definition Video Playback "{92DF2F1B-F63C-4D9A-B3E1-B2D11AE29790}" = Windows Presentation Foundation Language Pack (DEU) "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9CC89556-3578-48DD-8408-04E66EBEF401}" = mXML "{9E319E96-ED8E-4B01-9775-C521A1869A25}" = VAIO Power Management "{9E407618-D9CD-4F39-9490-9ED45294073D}" = Click to DVD 2.0.03 Menu Data "{9FC86590-AC98-4845-80D4-3EB37B51947B}" = Nero 11 "{A0EB195B-5876-48E6-879D-33D4B2102610}" = SonicStage 3.3 "{A0F34849-D9AB-46DD-B1BE-BB0DB60B1FE8}" = Nero 11 Disc Menus 1 "{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}" = mDriver "{A2CDC001-F8B3-4C64-9E74-2E3FA0FAC9D9}" = Nero 11 Video Samples "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{A3810BEE-967B-41DC-9662-F941A3F7D689}" = calibre "{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio "{A4F6BE36-4826-45BA-A396-04F265A3B61D}" = Nero 11 Kwik Themes 2 "{A7A0BF2E-31CC-49E3-9913-52C503EB969D}" = Nero Audio Pack 1 "{AB2BBC64-8AC8-4E66-BBF3-E22D5EACEECA}" = Nero BackItUp 11 "{AB467B85-4F52-48C2-AEED-0673D00417B0}" = SonicStage Mastering Studio Audio Filter "{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Roxio DigitalMedia Audio "{ABBD2A2E-2424-4078-966F-F319A88D5F21}" = VAIO Starfish Wallpaper "{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.5) - Deutsch "{ACD6B383-EC5B-4000-A455-CCB308B447FE}" = Nero 11 Kwik Themes 4 "{AF9A04EB-7D8E-41DE-9EDE-4AB9BB2B71B6}" = VAIO Media Registration Tool 5.0 "{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Roxio DigitalMedia Copy "{B160A672-F326-4414-9BB0-A056C61B357C}" = Nero 11 Cliparts "{B1846721-A8E6-46C7-83B6-0DCF7ADB4267}" = Nero Burning ROM 11 "{B1F69AF3-B5B5-4CA5-ADC5-8A738EB6E574}" = Nero 11 Kwik Themes 1 "{B26E3B0D-C2FA-4370-B068-7C476766F029}" = Microsoft Works "{B3F1E526-180B-4480-9FEC-3E2DCB8EA9CE}" = F-Secure PSC Prerequisites "{B7C03E84-AF46-42F4-809D-D4127D9086D0}" = VAIO Edit Components 6.0 "{B9B1BA7F-7E07-49DD-A713-5B397A5BB66B}" = Nero Kwik Media Help (CHM) "{BA499CC0-12C0-4BA5-9007-76844B721158}" = Nero 11 Kwik Themes 3 "{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation "{BE56FEF0-1A0F-4719-B3AD-34B5087AFA6D}" = Sony Video Shared Library "{BE814218-3919-4EA3-868A-2F60BC135CB4}" = Nero Kwik Media "{BEBEE34D-84A2-4EDD-8BEA-96CC54371263}" = Nero Core Components 11 "{BF3B304B-8A18-452D-A19F-6012CA8418D7}" = SonicStage Mastering Studio 2.1 "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{C27BF761-C499-488D-A964-A3718BC6EC3E}" = DSD Direct "{C89EB8CD-675F-44F4-9729-4C9A8FAC2D4F}" = DSD Playback Plug-In 1.0 "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CCE210DF-7EEF-4A76-A63C-3EB091FDB992}" = welcome "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{CE518445-0054-44F8-8315-2AD45BF3701E}" = Raw Therapee V4.0.9.50 x86 "{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba "{D010EBB6-6CDB-4360-90ED-743156F3E11F}" = LibreOffice 3.5 Help Pack (German) "{D01CE99A-8802-483C-A79F-298B691EB432}" = Nero RescueAgent 11 Help (CHM) "{D2CBEFA4-F2D3-4E97-A171-8BFD6A31A5EC}" = Nero Express 11 Help (CHM) "{D2D23D08-D10E-43D6-883C-78E0B2AC9CC6}" = VU5x86 "{D4D66270-9147-4BDF-9946-FCA2B303AA8F}" = Nero ControlCenter 11 Help (CHM) "{E09B48B5-E141-427A-AB0C-D3605127224A}" = Microsoft SQL Server Desktop Engine (VAIO_VEDB) "{E10AAE4A-98B8-420A-BD93-E0520C23D624}" = Nero Express 11 "{E4715C25-7114-4F40-A915-C1951D4D7520}" = VAIO Update Merge Module x86 "{E51BC4B0-EA5E-49CC-AF3B-93B5C627EC22}" = Nero 11 Effects Basic "{E5E6E687-1031-0000-0000-000000000002}" = Adobe Acrobat 7.0 Elements - Deutsch "{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack "{E809063C-51A3-4269-8984-D1EB742F2151}" = Click to DVD 2.5.00 "{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore "{EB8DED20-A887-4A9C-BB5A-F3E7523DFB44}" = Nero WaveEditor 11 Help (CHM) "{EBB7C1C1-D439-4D9B-9FDC-954C10F266B0}" = Adobe Photoshop Elements 4.0 "{EE7EB179-5AA2-4B28-AC92-5CBAAF82BA7F}" = SonicStage Mastering Studio Plugins "{EF3D45BB-2260-4008-88EA-492E7744A9DF}" = Sony Utilities DLL "{F0AC2E59-2AD8-4D4C-8677-4EFE8F8AFC37}" = Box Sync "{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F0D85ADD-DD61-4B43-87A0-6DA52A211A8B}" = VAIO Event Service "{F2A7F421-1679-48D5-B918-96999014ED53}" = Microsoft .NET Framework 3.0 German Language Pack "{F3743A2C-5D5F-4456-8F98-5DF36A954C50}" = Nero 11 Image Samples "{F49EF443-B2BD-4F10-8A46-87AFCDB90EDD}" = Nero 11 Disc Menus Basic "{F5E4C38C-73BC-4D44-8BFC-969C2B4DABCA}" = OpenMG Secure Module 4.3.00 "{F69FB940-5031-4FE8-AFAD-085802D0BF63}" = Nero Recode 11 "{F8EF9B71-53E7-41F5-8E54-47B4C979CB38}" = Nero Backup Drivers "{FAC3C37E-EDAB-4F3A-A173-A7C70CC88F09}" = Nero Video 11 Help (CHM) "{FB714F13-10C9-48DB-91C9-DDBCCCBF9370}" = VAIO Original Screen Saver VAIO Cozy Screen SD Wide Contents "{FC37C108-821D-4EDE-8F40-D5B497586805}" = VAIO Control Center "{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe "{FF44BCE5-5A18-4051-85F0-BC172D7B4695}" = Nero CoverDesigner 11 "7-Zip" = 7-Zip 9.20 "Adobe Acrobat 7.0 Elements - Deutsch" = Adobe Acrobat 7.0 Elements - Deutsch "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Adobe Photoshop Elements 4" = Adobe Photoshop Elements 4.0 "Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.17 "CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_20030003" = HDAUDIO SoftV92 Data Fax Modem with SmartCP "Digital Editions" = Adobe Digital Editions "ESET Online Scanner" = ESET Online Scanner v3 "Exact Audio Copy" = Exact Audio Copy 1.0beta3 "Exif-Viewer" = Exif-Viewer 2.51 "FastStone Photo Resizer" = FastStone Photo Resizer 3.1 "F-Secure Product 444" = F-Secure Internet Security 2009 "GIMP-2_is1" = GIMP 2.8.0 "Hardcopy(G__hardcopy)" = Hardcopy (G:\hardcopy) "HxD Hex Editor_is1" = HxD Hex Editor Version 1.7.7.0 "ie8" = Windows Internet Explorer 8 "Inkscape" = Inkscape 0.48.2 "InstallShield_{15803703-25FA-4C01-A062-3F4A59937E87}" = Ulead PhotoImpact X3 "InstallShield_{668B1BD6-4593-4959-970E-249AFFE6F35C}" = VAIO-Online-Registrierung (Deutsch) "InstallShield_{9080C5D2-82FA-452A-87FA-CBB4B05D67A5}" = VAIO Product Survey "InstallShield_{F5E4C38C-73BC-4D44-8BFC-969C2B4DABCA}" = OpenMG Secure Module 4.3.00 "MAGIX Xtreme Druck Center D" = MAGIX Xtreme Druck Center 5.0.0.7399 (D) "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100 "Mein CEWE FOTOBUCH" = Mein CEWE FOTOBUCH "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "Microsoft .NET Framework 2.0 Language Pack - DEU" = Microsoft .NET Framework 2.0 Language Pack - DEU "Microsoft .NET Framework 3.0 German Language Pack" = Microsoft .NET Framework 3.0 German Language Pack "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "MouseSuite98" = Sony USB Mouse "Mozilla Firefox 18.0 (x86 de)" = Mozilla Firefox 18.0 (x86 de) "MozillaMaintenanceService" = Mozilla Maintenance Service "MP4 To MP3 Converter_is1" = MP4 To MP3 Converter V3.0.4 "Multiple Image Resizer .NET 4" = Multiple Image Resizer .NET 4 "My Club VAIO Media Center Edition_is1" = My Club VAIO MCE (German) 1.0.1 "net.tw.air.ShrinkOMatic.7C34F9BA9FAD6689FAABBE85F1F5B46BA5A32DE5.1" = Shrink O’Matic "Notepad++" = Notepad++ "NVIDIA Drivers" = NVIDIA Drivers "OpenMG HotFix4.3-05-09-14-01" = OpenMG Limited Patch 4.3-05-10-05-01 "PremElem20" = Adobe Premiere Elements 2.0 "ProInst" = Intel(R) PROSet/Wireless Software "PROSet" = Intel(R) PRO Network Connections Drivers "ShiftN_is1" = ShiftN 3.6.1 "Software Informer_is1" = Software Informer 1.1 "STRATO HiDrive" = STRATO HiDrive (remove only) "The GodFather" = The GodFather "Ubuntu One 4.0.0" = Ubuntu One "UnderCoverXP_is1" = UnderCoverXP 1.23 "VLC media player" = VLC media player 2.0.4 "WD Link" = WD Link "WIC" = Windows Imaging Component "Windows Media Format Runtime" = Windows Media Format Runtime "Windows XP Service Pack" = Windows XP Service Pack 3 "XpsEPSC" = XML Paper Specification Shared Components Pack 1.0 "XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0 ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-2067509887-573568312-3817669188-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "TwonkyServer" = Twonky 7 ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 21.07.2012 16:55:28 | Computer Name = LAPTOP-PC | Source = Application Hang | ID = 1002 Description = Stillstehende Anwendung firefox.exe, Version 13.0.1.4548, Stillstandmodul hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000. Error - 21.07.2012 18:22:07 | Computer Name = LAPTOP-PC | Source = Application Hang | ID = 1002 Description = Stillstehende Anwendung firefox.exe, Version 13.0.1.4548, Stillstandmodul hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000. Error - 21.07.2012 18:27:20 | Computer Name = LAPTOP-PC | Source = Application Hang | ID = 1002 Description = Stillstehende Anwendung firefox.exe, Version 13.0.1.4548, Stillstandmodul hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000. Error - 23.07.2012 14:08:02 | Computer Name = LAPTOP-PC | Source = Application Error | ID = 1000 Description = Fehlgeschlagene Anwendung FlashPlayerUpdateService.exe, Version 11.3.300.265, fehlgeschlagenes Modul ntdll.dll, Version 5.1.2600.6055, Fehleradresse 0x000113c0. Error - 31.07.2012 16:08:18 | Computer Name = LAPTOP-PC | Source = Application Error | ID = 1000 Description = Fehlgeschlagene Anwendung FlashPlayerUpdateService.exe, Version 11.3.300.268, fehlgeschlagenes Modul ntdll.dll, Version 5.1.2600.6055, Fehleradresse 0x000113c0. Error - 07.08.2012 15:58:13 | Computer Name = LAPTOP-PC | Source = Application Hang | ID = 1002 Description = Stillstehende Anwendung pdf24-Editor.exe, Version 4.6.0.0, Stillstandmodul hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000. Error - 07.08.2012 16:03:45 | Computer Name = LAPTOP-PC | Source = Application Hang | ID = 1002 Description = Stillstehende Anwendung pdf24-Editor.exe, Version 4.6.0.0, Stillstandmodul hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000. Error - 07.08.2012 16:09:08 | Computer Name = LAPTOP-PC | Source = Application Hang | ID = 1002 Description = Stillstehende Anwendung pdf24-Editor.exe, Version 4.6.0.0, Stillstandmodul hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000. [ System Events ] Error - 16.01.2013 16:08:24 | Computer Name = LAPTOP-PC | Source = DCOM | ID = 10010 Description = Der Server "{4B635ECB-0887-4015-8CA6-D621362F98D1}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden. Error - 16.01.2013 16:38:55 | Computer Name = LAPTOP-PC | Source = DCOM | ID = 10010 Description = Der Server "{4B635ECB-0887-4015-8CA6-D621362F98D1}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden. Error - 16.01.2013 17:09:25 | Computer Name = LAPTOP-PC | Source = DCOM | ID = 10010 Description = Der Server "{4B635ECB-0887-4015-8CA6-D621362F98D1}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden. Error - 16.01.2013 17:38:53 | Computer Name = LAPTOP-PC | Source = DCOM | ID = 10010 Description = Der Server "{4B635ECB-0887-4015-8CA6-D621362F98D1}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden. Error - 16.01.2013 18:03:42 | Computer Name = LAPTOP-PC | Source = Windows Update Agent | ID = 20 Description = Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80070643 fehlgeschlagen: Sicherheitsupdate für Microsoft .NET Framework 1.1 SP1 unter Windows XP, Windows Vista und Windows Server 2008 x86 (KB2742597) Error - 17.01.2013 08:31:12 | Computer Name = LAPTOP-PC | Source = DCOM | ID = 10010 Description = Der Server "{4B635ECB-0887-4015-8CA6-D621362F98D1}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden. Error - 17.01.2013 08:32:43 | Computer Name = LAPTOP-PC | Source = DCOM | ID = 10010 Description = Der Server "{4B635ECB-0887-4015-8CA6-D621362F98D1}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden. Error - 17.01.2013 08:34:13 | Computer Name = LAPTOP-PC | Source = DCOM | ID = 10010 Description = Der Server "{4B635ECB-0887-4015-8CA6-D621362F98D1}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden. Error - 17.01.2013 08:35:43 | Computer Name = LAPTOP-PC | Source = DCOM | ID = 10010 Description = Der Server "{4B635ECB-0887-4015-8CA6-D621362F98D1}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden. Error - 17.01.2013 08:37:13 | Computer Name = LAPTOP-PC | Source = DCOM | ID = 10010 Description = Der Server "{4B635ECB-0887-4015-8CA6-D621362F98D1}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden. < End of report > |
17.01.2013, 16:09 | #30 |
/// Winkelfunktion /// TB-Süch-Tiger™ | GVU-Trojaner erkannt und z. T. gelöschtFixen mit OTL
Code:
ATTFilter :OTL IE - HKU\S-1-5-21-2067509887-573568312-3817669188-1006\..\SearchScopes\{0F9E37E5-7094-4B2A-BA63-45728792B28B}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=FKR&o=100000013&src=crm&q={searchTerms}&locale=&apn_ptnrs=2T&apn_dtid=YYYYYYYYDE&apn_uid=20f87da0-8a57-4582-a7cf-f83df4dd67e0&apn_sauid=E6103EC5-827E-45F3-9103-1CA704EF6625 FF - prefs.js..browser.search.defaultengine: "Ask.com" FF - prefs.js..browser.search.defaultenginename: "Ask.com" FF - prefs.js..browser.search.order.1: "Ask.com" FF - prefs.js..keyword.URL: "http://websearch.ask.com/redirect?client=ff&src=kw&tb=FKR&o=100000013&locale=de_DE&apn_uid=20f87da0-8a57-4582-a7cf-f83df4dd67e0&apn_ptnrs=2T&apn_sauid=E6103EC5-827E-45F3-9103-1CA704EF6625&apn_dtid=YYYYYYYYDE&&q=" FF - user.js - File not found [2012.10.24 21:55:03 | 000,000,000 | ---D | M] (Fotosketcher Toolbar) -- C:\Dokumente und Einstellungen\Wolfgang\Anwendungsdaten\Mozilla\Firefox\Profiles\jp8vstay.default\extensions\toolbar@ask.com [2012.10.24 21:55:04 | 000,002,331 | ---- | M] () -- C:\Dokumente und Einstellungen\Wolfgang\Anwendungsdaten\Mozilla\Firefox\Profiles\jp8vstay.default\searchplugins\askcom.xml O3 - HKU\S-1-5-21-2067509887-573568312-3817669188-1006\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found. O3 - HKU\S-1-5-21-2067509887-573568312-3817669188-1006\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found. :Files C:\Dokumente und Einstellungen\Wolfgang\Desktop\MBR.dat C:\1.htm ipconfig /flushdns /c :Commands [purity] [emptytemp] [resethosts]
__________________ Logfiles bitte immer in CODE-Tags posten |
Themen zu GVU-Trojaner erkannt und z. T. gelöscht |
abgesicherten, andere, eset, exploit.drop.gsa, gelöscht, gesperrt, gleichzeitig, gvu trojaner entfernen windows xp, gvu-trojaner mit webcam und ip-adresse, kurze, modul, nachricht, problem, programme, pup.wirelessnetworktool, sache, scanner, trojan.fakems, trojan.ransom.sugen, virenscan, virenscanner, wahrscheinlich, wgsdgsdgdsgsd.exe |