| |
| |||||||
Log-Analyse und Auswertung: Virenscanner deaktiviert, System ungeschütztWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
06.02.2013, 19:10
| #1 |
 |  Virenscanner deaktiviert, System ungeschützt Hallo! Ich habe ein Problem mit meinem Virenscanner und bin nach einer Google-Suchanfrage zu diesem Board gekommen. Es geht um folgendes: Als ich heute morgen ins Internet ging, schlief der Bildschirm bei den Startseiten für mehrere Minuten ein. Danach funktionierte alles normal. Ein Windows-Update wurde gemacht und ich glaube auch ein Firefox-Update. Heute Nachmittag zeigte mir mein PC dann nach dem Start an, dass Avast-Free deaktiviert sei. Das Problem ließ sich nicht durch eine Reparatur beheben. Normalerweise hätte ich Avast einfach deinstalliert und dann wieder neu aufgespielt, aber ich hatte das Problem früher schon häufiger, auch als ich noch Avira benutzt habe. Das kam mir mittlerweile seltsam vor und deshalb habe ich Malwarebytes ohne Befund laufen lassen, die Log-Datei hänge ich an. Möglicherweise hatte ich in der Vergangenheit (ich nutze den Rechner seit 5 Jahren) einen Trojaner, diesen aber nicht richtig, sprich nur mit Avira, entfernt. Daran kann ich mich jedoch leider nicht recht erinnern. Ich würde jetzt gerne zu meiner Beruhigung wissen, ob der Rechner sauber ist oder nicht und bitte deshalb Euch Experten um Hilfe. Sollte ich überreagiert haben, bitte ich dafür um Entschuldigung. Hier nun die Logs: 1. Malwarebytes Code:
ATTFilter Malwarebytes Anti-Malware 1.70.0.1100 www.malwarebytes.org Datenbank Version: v2013.02.06.06 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 9.0.8112.16421 *** :: BOSS [Administrator] 06.02.2013 15:35:16 mbam-log-2013-02-06 (15-35-16).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 388209 Laufzeit: 1 Stunde(n), 45 Minute(n), 7 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Code:
ATTFilter OTL logfile created on: 06.02.2013 17:38:50 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\***\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,08 Gb Available Physical Memory | 53,90% Memory free 4,23 Gb Paging File | 3,18 Gb Available in Paging File | 75,27% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 225,46 Gb Total Space | 32,01 Gb Free Space | 14,20% Space Free | Partition Type: NTFS Drive H: | 24,66 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Computer Name: BOSS | User Name: *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.02.06 17:33:45 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe PRC - [2012.12.18 15:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012.10.30 23:50:59 | 004,297,136 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastUI.exe PRC - [2012.10.30 23:50:59 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe PRC - [2011.10.13 17:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft\BingBar\SeaPort.EXE PRC - [2011.07.29 00:08:12 | 001,259,376 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdate.exe PRC - [2010.12.10 18:30:50 | 000,086,880 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe PRC - [2010.12.10 18:29:30 | 000,238,944 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe PRC - [2010.03.08 18:30:54 | 000,194,048 | ---- | M] (Telefónica I+D) -- C:\Programme\o2\Mobile Connection Manager\ImpWiFiSvc.exe PRC - [2009.08.23 21:41:16 | 001,528,624 | ---- | M] (Cisco Systems, Inc.) -- C:\Programme\Cisco Systems\VPN Client\cvpnd.exe PRC - [2009.08.18 10:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE PRC - [2009.08.18 10:29:22 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE PRC - [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009.04.11 07:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe PRC - [2008.11.05 08:32:40 | 000,262,144 | ---- | M] (Sony Corporation) -- C:\Programme\Sony\Network Utility\LANUtil.exe PRC - [2008.11.03 16:01:44 | 000,299,008 | ---- | M] (Sony Corporation) -- C:\Programme\Sony\Network Utility\NSUService.exe PRC - [2008.08.24 11:59:12 | 000,870,240 | ---- | M] (Sony Corporation) -- C:\Programme\Sony\VAIO Update 4\VAIOUpdt.exe PRC - [2008.02.15 10:56:56 | 000,147,456 | ---- | M] (Sony Corporation) -- C:\Programme\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe PRC - [2008.02.15 10:56:54 | 000,184,320 | ---- | M] (Sony Corporation) -- C:\Programme\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe PRC - [2008.02.15 10:56:50 | 000,274,432 | ---- | M] (Sony Corporation) -- C:\Programme\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe PRC - [2008.01.18 22:38:40 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Defender\MSASCui.exe PRC - [2008.01.18 22:33:40 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe PRC - [2008.01.18 22:33:40 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe PRC - [2008.01.16 08:51:44 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe PRC - [2007.11.22 11:13:56 | 000,036,864 | ---- | M] (Sony NSCE) -- C:\Programme\Sony\Marketing Tools\MarketingTools.exe PRC - [2007.10.31 13:13:44 | 000,921,600 | ---- | M] (Sony Corporation) -- C:\Programme\Sony\VAIO Power Management\SPMgr.exe PRC - [2007.10.23 15:19:06 | 001,410,344 | ---- | M] (Nero AG) -- C:\Programme\Common Files\Nero\Lib\NMIndexStoreSvr.exe PRC - [2007.10.23 15:18:46 | 000,202,024 | ---- | M] (Nero AG) -- C:\Programme\Common Files\Nero\Lib\NMBgMonitor.exe PRC - [2007.09.19 11:09:58 | 000,311,296 | ---- | M] (Sony Corporation) -- C:\Programme\Sony\ISB Utility\ISBMgr.exe PRC - [2007.08.14 20:05:18 | 000,182,392 | ---- | M] (Sony Corporation) -- C:\Programme\Sony\VAIO Event Service\VESMgr.exe PRC - [2007.08.14 20:05:18 | 000,100,472 | ---- | M] (Sony Corporation) -- C:\Programme\Sony\VAIO Event Service\VESMgrSub.exe PRC - [2007.06.10 01:12:18 | 000,118,784 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Programme\Apoint\Apoint.exe PRC - [2007.06.10 01:12:18 | 000,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Programme\Apoint\ApntEx.exe PRC - [2007.06.10 01:12:16 | 000,050,736 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Programme\Apoint\ApMsgFwd.exe PRC - [2007.01.04 19:48:52 | 000,112,152 | R--- | M] (InterVideo) -- C:\Programme\Common Files\InterVideo\RegMgr\iviRegMgr.exe ========== Modules (No Company Name) ========== MOD - [2013.01.11 10:45:17 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\56e40fa3c6d2f2a4200ee4e11fce57e7\System.ServiceProcess.ni.dll MOD - [2013.01.11 10:40:41 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\004bc6615f9c06df5c98859d35149fe6\System.Configuration.ni.dll MOD - [2013.01.11 10:40:22 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\b757806657fa5db2b1ed1a89b026b463\System.Xml.ni.dll MOD - [2013.01.11 10:39:24 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\0c3da9004b277959e24a9fd606d3dd05\System.Windows.Forms.ni.dll MOD - [2013.01.11 10:38:56 | 001,593,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\78157a494dc9a7e52be8840decfcd9cc\System.Drawing.ni.dll MOD - [2013.01.11 10:36:31 | 007,977,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\cc149d08e75f8c53cd28ac926b38c370\System.ni.dll MOD - [2013.01.11 10:35:59 | 011,492,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\2227d1559f87943255069398608d5c56\mscorlib.ni.dll MOD - [2011.07.29 00:09:42 | 000,096,112 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdateCheck.dll MOD - [2011.07.29 00:08:12 | 001,259,376 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdate.exe MOD - [2011.06.24 21:56:36 | 000,087,328 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2011.06.24 21:56:14 | 001,241,888 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2009.03.30 05:42:11 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ========== Services (SafeList) ========== SRV - [2013.02.06 11:18:23 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013.01.09 20:51:30 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.12.18 15:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012.10.30 23:50:59 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Programme\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus) SRV - [2011.10.21 15:23:42 | 000,196,176 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Programme\Microsoft\BingBar\BBSvc.EXE -- (BBSvc) SRV - [2011.10.13 17:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate) SRV - [2011.07.20 05:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv) SRV - [2010.12.10 18:30:50 | 000,086,880 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter) SRV - [2010.12.10 18:29:30 | 029,293,408 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$MSSMLBIZ) SRV - [2010.12.10 18:29:30 | 000,238,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser) SRV - [2010.12.10 18:29:30 | 000,044,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper) SRV - [2010.07.26 15:01:58 | 000,066,112 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Programme\NOS\bin\getPlus_Helper_3004.dll -- (nosGetPlusHelper) SRV - [2010.03.08 18:30:54 | 000,194,048 | ---- | M] (Telefónica I+D) [Auto | Running] -- C:\Programme\o2\Mobile Connection Manager\ImpWiFiSvc.exe -- (TGCM_ImportWiFiSvc) SRV - [2009.08.23 21:41:16 | 001,528,624 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Programme\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND) SRV - [2009.08.18 10:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2009.08.05 21:48:42 | 000,704,864 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Live\Family Safety\fsssvc.exe -- (fsssvc) SRV - [2008.11.03 16:01:44 | 000,299,008 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Programme\Sony\Network Utility\NSUService.exe -- (NSUService) SRV - [2008.03.17 10:06:04 | 000,087,328 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe -- (VcmXmlIfHelper) SRV - [2008.03.03 13:45:48 | 000,333,088 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe -- (VcmIAlzMgr) SRV - [2008.02.15 10:56:56 | 000,147,456 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Programme\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe -- (VzFw) SRV - [2008.02.15 10:56:56 | 000,073,728 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe -- (VAIO Entertainment TV Device Arbitration Service) SRV - [2008.02.15 10:56:54 | 000,184,320 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Programme\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe -- (VzCdbSvc) SRV - [2008.02.15 10:56:50 | 000,274,432 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Programme\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe -- (Vcsw) SRV - [2008.01.18 22:38:26 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2008.01.18 22:33:40 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) SRV - [2008.01.16 08:51:44 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc) SRV - [2007.08.14 20:05:18 | 000,182,392 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Programme\Sony\VAIO Event Service\VESMgr.exe -- (VAIO Event Service) SRV - [2007.06.20 15:35:06 | 002,523,136 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Sony\VAIO Media Integrated Server\VMISrv.exe -- (VAIOMediaPlatform-IntegratedServer-AppServer) SRV - [2007.06.20 15:34:52 | 000,499,712 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe -- (VAIOMediaPlatform-Mobile-Gateway) SRV - [2007.06.20 15:34:50 | 001,089,536 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe -- (VAIOMediaPlatform-UCLS-UPnP) SRV - [2007.06.20 15:34:50 | 001,089,536 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe -- (VAIOMediaPlatform-IntegratedServer-UPnP) SRV - [2007.06.20 15:34:50 | 000,397,312 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe -- (VAIOMediaPlatform-UCLS-HTTP) SRV - [2007.06.20 15:34:50 | 000,397,312 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe -- (VAIOMediaPlatform-IntegratedServer-HTTP) SRV - [2007.01.10 16:51:06 | 000,745,472 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Sony\VAIO Media Integrated Server\UCLS.exe -- (VAIOMediaPlatform-UCLS-AppServer) SRV - [2007.01.04 19:48:52 | 000,112,152 | R--- | M] (InterVideo) [Auto | Running] -- C:\Programme\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr) SRV - [2006.12.14 02:21:20 | 000,045,056 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV) SRV - [2006.12.14 02:02:08 | 000,069,632 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV) SRV - [2006.12.14 01:46:16 | 000,057,344 | ---- | M] () [On_Demand | Stopped] -- C:\Programme\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR) SRV - [2006.10.26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | Disabled | Stopped] -- system32\DRIVERS\UIUSYS.SYS -- (UIUSys) DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\PCASp50.sys -- (PCASp50) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp) DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive) DRV - [2012.10.30 23:51:58 | 000,738,504 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx) DRV - [2012.10.30 23:51:58 | 000,361,032 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP) DRV - [2012.10.30 23:51:58 | 000,054,232 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi) DRV - [2012.10.30 23:51:58 | 000,035,928 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (AswRdr) DRV - [2012.10.30 23:51:57 | 000,058,680 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt) DRV - [2012.10.30 23:51:56 | 000,021,256 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk) DRV - [2012.09.20 05:35:36 | 000,181,344 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudmdm.sys -- (ssudmdm) DRV - [2012.09.20 05:35:36 | 000,083,168 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudbus.sys -- (dg_ssudbus) DRV - [2010.06.17 14:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009.08.23 21:40:32 | 000,308,859 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\CVPNDRVA.sys -- (CVPNDRVA) DRV - [2009.04.11 05:42:52 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUSB) DRV - [2008.11.16 18:39:44 | 000,131,984 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dne2000.sys -- (DNE) DRV - [2008.10.09 15:42:42 | 000,017,408 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\KMWDFILTER.sys -- (KMWDFILTER) DRV - [2008.07.24 12:03:56 | 000,101,760 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard) DRV - [2008.01.09 12:28:34 | 000,027,632 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\seehcri.sys -- (seehcri) DRV - [2007.11.16 01:20:10 | 007,626,400 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2007.10.25 01:03:46 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio) DRV - [2007.09.26 12:12:22 | 002,251,776 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) DRV - [2007.09.19 13:38:18 | 000,010,216 | ---- | M] (Sony Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\DMICall.sys -- (DMICall) DRV - [2007.08.29 02:58:45 | 000,009,344 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SFEP.sys -- (SFEP) DRV - [2007.06.15 01:28:09 | 000,705,024 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\athr.sys -- (athr) DRV - [2007.06.10 01:12:18 | 000,140,800 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService) DRV - [2007.06.06 01:00:39 | 000,812,544 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ti21sony.sys -- (ti21sony) DRV - [2007.05.26 09:03:06 | 000,128,104 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\WimFltr.sys -- (WimFltr) DRV - [2007.04.19 10:09:42 | 000,194,048 | ---- | M] (Novatel Wireless Inc) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NWADIenum.sys -- (NWADI) DRV - [2007.04.17 20:09:28 | 000,011,032 | ---- | M] (InterVideo) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\regi.sys -- (regi) DRV - [2007.04.03 12:57:54 | 000,099,080 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s116unic.sys -- (s116unic) DRV - [2007.04.03 12:57:52 | 000,098,696 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s116obex.sys -- (s116obex) DRV - [2007.04.03 12:57:52 | 000,023,176 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s116nd5.sys -- (s116nd5) DRV - [2007.04.03 12:57:50 | 000,100,488 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s116mgmt.sys -- (s116mgmt) DRV - [2007.04.03 12:57:48 | 000,108,680 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s116mdm.sys -- (s116mdm) DRV - [2007.04.03 12:57:48 | 000,015,112 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s116mdfl.sys -- (s116mdfl) DRV - [2007.04.03 12:57:42 | 000,083,336 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s116bus.sys -- (s116bus) DRV - [2007.01.18 20:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CVirtA.sys -- (CVirtA) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.club-vaio.com IE - HKLM\..\SearchScopes,DefaultScope = {1B0442D8-BED4-4AD6-AB72-DCA5038A195C} IE - HKLM\..\SearchScopes\{1B0442D8-BED4-4AD6-AB72-DCA5038A195C}: "URL" = hxxp://www.google.de/search?hl=de&q={searchTerms}&meta= IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2613550 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://partnerpage.google.com/eu.s [Binary data over 200 bytes] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2613550 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: {c840e246-6b95-475e-9bd7-caa1c7eca9f2} - No CLSID value found IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found IE - HKCU\..\SearchScopes,DefaultScope = {1B0442D8-BED4-4AD6-AB72-DCA5038A195C} IE - HKCU\..\SearchScopes\{1B0442D8-BED4-4AD6-AB72-DCA5038A195C}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7SNYK_de IE - HKCU\..\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}: "URL" = hxxp://127.0.0.1:4664/search&s=BVbuKmt6eQAzy9FfwYd3dGHTNGY?q={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Good Search" FF - prefs.js..browser.search.suggest.enabled: false FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "https://www.facebook.com/|hxxp://www.bild.de/|hxxp://www.faz.net/|hxxp://www.kicker.de/|hxxp://www.nfl.com/|hxxp://www.spox.com/de/index.html|hxxp://www.perlentaucher.de/" FF - prefs.js..extensions.enabledAddons: personas%40christopher.beard:1.6.2 FF - prefs.js..extensions.enabledAddons: plugin%40apture.com:2.0.0 FF - prefs.js..extensions.enabledAddons: silvermelxt%40pardal.de:1.5.4 FF - prefs.js..extensions.enabledAddons: tabscope%40xuldev.org:1.1.7 FF - prefs.js..extensions.enabledAddons: %7B1A2D0EC4-75F5-4c91-89C4-3656F6E44B68%7D:0.4.6 FF - prefs.js..extensions.enabledAddons: %7B3d7eb24f-2740-49df-8937-200b1cc08f8a%7D:1.5.15.1 FF - prefs.js..extensions.enabledAddons: %7BD4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389%7D:0.9.10 FF - prefs.js..extensions.enabledAddons: %7B23fcfd51-4958-4f00-80a3-ae97e717ed8b%7D:2.1.2.145 FF - prefs.js..extensions.enabledAddons: wrc%40avast.com:7.0.1474 FF - prefs.js..extensions.enabledAddons: %7B0b457cAA-602d-484a-8fe7-c1d894a011ba%7D:0.98.28 FF - prefs.js..extensions.enabledAddons: firefox%40ghostery.com:2.8.4 FF - prefs.js..extensions.enabledAddons: %7B1018e4d6-728f-4b20-ad56-37578a4de76b%7D:4.2.5 FF - prefs.js..extensions.enabledAddons: %7BF8A55C97-3DB6-4961-A81D-0DE0080E53CB%7D:0.9.6 FF - prefs.js..extensions.enabledAddons: %7B73a6fe31-595d-460b-a920-fcc0f8843232%7D:2.6.4.4 FF - prefs.js..extensions.enabledAddons: %7Ba0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7%7D:20130129 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.2 FF - prefs.js..extensions.enabledItems: {F8A55C97-3DB6-4961-A81D-0DE0080E53CB}:0.9.5 FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.8 FF - prefs.js..extensions.enabledItems: {0b457cAA-602d-484a-8fe7-c1d894a011ba}:0.88 FF - prefs.js..extensions.enabledItems: {1018e4d6-728f-4b20-ad56-37578a4de76b}:4.1.1 FF - prefs.js..extensions.enabledItems: {3d7eb24f-2740-49df-8937-200b1cc08f8a}:1.5.14.2 FF - prefs.js..extensions.enabledItems: firefox@ghostery.com:2.5.2 FF - prefs.js..extensions.enabledItems: {7102aba3-045c-4ec2-b921-46d87636d84b}:2.10 FF - prefs.js..extensions.enabledItems: {1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}:0.4.6 FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.0.9.9 FF - prefs.js..extensions.enabledItems: silvermelxt@pardal.de:1.3.6 FF - prefs.js..extensions.enabledItems: tabscope@xuldev.org:1.1 FF - prefs.js..extensions.enabledItems: timetrack@usablehack.com:1.2.5 FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20100908 FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.6.2 FF - prefs.js..extensions.enabledItems: {8AA36F4F-6DC7-4c06-77AF-5035170634FE}:2010.01.21 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {FFB96CC1-7EB3-449D-B827-DB661701C6BB}:1.5.232.0 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..extensions.enabledItems: {3713a489-0634-4472-8456-dc7abd7eba00}:1.3.1 FF - prefs.js..extensions.enabledItems: {07b2a769-ed19-4483-87ce-c643914c9626}:1.6 FF - prefs.js..extensions.enabledItems: {d62e0de0-401b-11dd-ae16-0800200c9a66}:4.5.4 FF - prefs.js..extensions.enabledItems: {b41cb5f0-2e52-11de-8c30-0800200c9a66}:2.1 FF - prefs.js..extensions.enabledItems: camifox@altmusictv.com:3.6.5 FF - prefs.js..extensions.enabledItems: {961408A3-C970-4577-970A-D97C29839A67}:1.3.6 FF - prefs.js..extensions.enabledItems: {66871bd1-5ba2-4739-b485-2a15f5969bd8}:2.20100123 FF - prefs.js..extensions.enabledItems: silvermel@pardal.de:1.3.6 FF - prefs.js..keyword.URL: "hxxp://www.goodsearch.com/search.aspx?keywords=" FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll File not found FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKLM\Software\MozillaPlugins\yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1: C:\Program Files\Yahoo!\Common\npyaxmpb.dll (Yahoo! Inc.) FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101727.dll (Amazon.com, Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011.12.24 15:22:48 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012.11.07 15:48:38 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Components: C:\Program Files\Mozilla\components [2013.02.06 11:18:24 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Plugins: C:\Program Files\Mozilla\plugins [2013.02.06 11:18:09 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.2\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013.01.11 11:56:27 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.2\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2013.01.20 12:41:43 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Components: C:\Program Files\Mozilla\components [2013.02.06 11:18:24 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Plugins: C:\Program Files\Mozilla\plugins [2013.02.06 11:18:09 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.2\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013.01.11 11:56:27 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.2\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2013.01.20 12:41:43 | 000,000,000 | ---D | M] [2010.01.01 13:20:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions [2010.01.01 13:20:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2009.12.28 23:47:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions\mozswing@mozswing.org [2013.02.02 11:09:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\p6vdma5u.default\extensions [2009.07.01 14:22:33 | 000,000,000 | ---D | M] (Basics) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\p6vdma5u.default\extensions\{00BDD586-51FB-4b06-9C23-AF2FB7609BF3} [2009.11.04 11:40:07 | 000,000,000 | ---D | M] (ANTHEM) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\p6vdma5u.default\extensions\{07b2a769-ed19-4483-87ce-c643914c9626} [2013.01.06 16:52:42 | 000,000,000 | ---D | M] (FireShot) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\p6vdma5u.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba} [2013.01.09 17:15:51 | 000,000,000 | ---D | M] (Flagfox) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\p6vdma5u.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b} [2011.01.01 01:29:56 | 000,000,000 | ---D | M] (Image Zoom) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\p6vdma5u.default\extensions\{1A2D0EC4-75F5-4c91-89C4-3656F6E44B68} [2010.04.27 19:33:05 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\p6vdma5u.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2008.06.21 19:32:42 | 000,000,000 | ---D | M] (Abstract Classic) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\p6vdma5u.default\extensions\{2fbc1200-ad13-11db-abbd-0800200c9a66} [2010.03.28 22:09:00 | 000,000,000 | ---D | M] (History Submenus) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\p6vdma5u.default\extensions\{7102aba3-045c-4ec2-b921-46d87636d84b} [2008.08.20 16:39:01 | 000,000,000 | ---D | M] (NoScript) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\p6vdma5u.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}(47) [2013.01.31 16:17:27 | 000,000,000 | ---D | M] (WOT) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\p6vdma5u.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2011.03.23 19:10:31 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\p6vdma5u.default\extensions\engine@conduit.com [2013.01.09 17:16:18 | 000,000,000 | ---D | M] (Ghostery) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\p6vdma5u.default\extensions\firefox@ghostery.com [2011.03.14 08:55:06 | 000,000,000 | ---D | M] (Personas) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\p6vdma5u.default\extensions\personas@christopher.beard [2009.07.16 00:43:43 | 000,000,000 | ---D | M] (TimeTracker) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\p6vdma5u.default\extensions\timetrack@usablehack.com [2011.07.06 10:41:09 | 000,009,339 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\p6vdma5u.default\extensions\plugin@apture.com.xpi [2013.01.01 16:40:34 | 000,281,602 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\p6vdma5u.default\extensions\sharemenot@franziroesner.com.xpi [2012.10.03 21:56:34 | 003,352,320 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\p6vdma5u.default\extensions\silvermel@pardal.de.xpi [2012.10.04 00:44:51 | 000,055,163 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\p6vdma5u.default\extensions\silvermelxt@pardal.de.xpi [2012.07.24 21:52:58 | 000,057,698 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\p6vdma5u.default\extensions\tabscope@xuldev.org.xpi [2011.12.24 15:32:09 | 000,977,421 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\p6vdma5u.default\extensions\{20C3BDFF-DA68-468d-8D9A-F5A6C76B0F9E}.xpi [2011.07.18 13:54:53 | 000,097,169 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\p6vdma5u.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}.xpi [2013.01.31 16:17:27 | 000,533,536 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\p6vdma5u.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2012.10.03 21:56:30 | 003,420,076 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\p6vdma5u.default\extensions\{961408A3-C970-4577-970A-D97C29839A67}.xpi [2013.02.02 11:09:55 | 000,817,973 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\p6vdma5u.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012.01.21 17:07:02 | 000,138,614 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\p6vdma5u.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi [2011.10.29 15:35:09 | 000,434,392 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\p6vdma5u.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}.xpi [2011.11.17 10:53:23 | 000,210,366 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\p6vdma5u.default\extensions\{d62e0de0-401b-11dd-ae16-0800200c9a66}.xpi [2013.01.16 20:20:12 | 000,118,969 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\p6vdma5u.default\extensions\{F8A55C97-3DB6-4961-A81D-0DE0080E53CB}.xpi [2008.06.21 19:32:40 | 000,890,412 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\p6vdma5u.default\extensions\{2fbc1200-ad13-11db-abbd-0800200c9a66}\chrome\tmp.xpi [2012.11.07 15:48:38 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF [2011.12.24 15:22:48 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 <video>) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5 ========== Chrome ========== O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O2 - BHO: (Windows Live ID-Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Programme\Google BAE\BAE.dll (Your Company Name) O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C840E246-6B95-475E-9BD7-CAA1C7ECA9F2} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Apoint] C:\Programme\Apoint\Apoint.exe (Alps Electric Co., Ltd.) O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe (Sony Corporation) O4 - HKLM..\Run: [MarketingTools] C:\Programme\Sony\Marketing Tools\MarketingTools.exe (Sony NSCE) O4 - HKLM..\Run: [NeroFilterCheck] C:\Programme\Common Files\Nero\Lib\NeroCheck.exe (Nero AG) O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe (Nero AG) O4 - HKCU..\Run: [Duden Korrektor SysTray] C:\Programme\Duden\Duden Korrektor\DKTray.exe (Expert System S.p.A.) O4 - HKCU..\Run: [NSUFloatingUI] C:\Program Files\Sony\Network Utility\LANUtil.exe (Sony Corporation) O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet) O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet) O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\yinsthelper.dll (YInstStarter Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37) O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02) O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03) O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37) O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{17DC868A-C502-41EA-86C5-E329A33F206F}: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Programme\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\VESWinlogon: DllName - (VESWinlogon.dll) - C:\Windows\System32\VESWinlogon.dll (Sony Corporation) O24 - Desktop WallPaper: C:\Users\***\AppData\Roaming\IrfanView\IrfanView_Wallpaper.bmp O24 - Desktop BackupWallPaper: C:\Users\***\AppData\Roaming\IrfanView\IrfanView_Wallpaper.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2008.04.23 22:44:40 | 000,114,688 | R--- | M] (Huawei Technologies Co., Ltd.) - H:\AutoRun.exe -- [ CDFS ] O32 - AutoRun File - [2008.06.02 03:35:30 | 000,000,047 | R--- | M] () - H:\AUTORUN.INF -- [ CDFS ] O33 - MountPoints2\{1dd46c20-01e0-11de-8c71-001de08e12b5}\Shell - "" = AutoRun O33 - MountPoints2\{1dd46c20-01e0-11de-8c71-001de08e12b5}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\{8825d7b7-0120-11de-9c2e-028037120300}\Shell - "" = AutoRun O33 - MountPoints2\{8825d7b7-0120-11de-9c2e-028037120300}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\{8825d7d7-0120-11de-9c2e-028037120300}\Shell - "" = AutoRun O33 - MountPoints2\{8825d7d7-0120-11de-9c2e-028037120300}\Shell\AutoRun\command - "" = H:\AutoRun.exe -- [2008.04.23 22:44:40 | 000,114,688 | R--- | M] (Huawei Technologies Co., Ltd.) O33 - MountPoints2\{b9519534-08e2-11de-bb85-001de08e12b5}\Shell - "" = AutoRun O33 - MountPoints2\{b9519534-08e2-11de-bb85-001de08e12b5}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\{c8a8b8ea-6235-11dd-ace2-001a80b52f69}\Shell\AutoRun\command - "" = G:\System\Security\DriveGuard.exe -run O33 - MountPoints2\{c8a8b8ea-6235-11dd-ace2-001a80b52f69}\Shell\Explore\Command - "" = G:\System\Security\DriveGuard.exe -run O33 - MountPoints2\{c8a8b8ea-6235-11dd-ace2-001a80b52f69}\Shell\Open\Command - "" = G:\System\Security\DriveGuard.exe -run O33 - MountPoints2\H\Shell - "" = AutoRun O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\AutoRun.exe -- [2008.04.23 22:44:40 | 000,114,688 | R--- | M] (Huawei Technologies Co., Ltd.) O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2013.02.06 17:33:43 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2013.02.06 11:18:01 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla [2013.01.21 12:44:09 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Korea (M134) [2013.01.21 12:15:25 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\China (M92) [2013.01.21 10:47:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2013.01.21 10:46:11 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2013.01.21 10:46:08 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [2013.01.21 10:46:08 | 000,000,000 | ---D | C] -- C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1 [2013.01.11 11:56:26 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Thunderbird [15 C:\Users\***\Documents\*.tmp files -> C:\Users\***\Documents\*.tmp -> ] [1 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.02.06 17:37:42 | 000,000,000 | ---- | M] () -- C:\Users\***\defogger_reenable [2013.02.06 17:34:05 | 000,365,568 | ---- | M] () -- C:\Users\***\Desktop\gmer_2.0.18454.exe [2013.02.06 17:33:45 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2013.02.06 17:33:29 | 000,050,477 | ---- | M] () -- C:\Users\***\Desktop\Defogger.exe [2013.02.06 17:32:02 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.02.06 17:24:04 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2013.02.06 17:24:04 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2013.02.06 17:12:31 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.02.06 15:24:35 | 000,057,133 | ---- | M] () -- C:\Users\***\AppData\Roaming\nvModes.001 [2013.02.06 15:24:20 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.02.06 15:24:02 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.02.06 15:23:57 | 2143,768,576 | -HS- | M] () -- C:\hiberfil.sys [2013.02.02 18:07:55 | 000,686,500 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2013.02.02 18:07:55 | 000,643,492 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2013.02.02 18:07:55 | 000,122,380 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2013.02.02 18:07:53 | 000,150,574 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2013.01.21 10:47:24 | 000,001,664 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk [2013.01.20 12:50:29 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt [2013.01.20 12:32:03 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.01.11 10:31:47 | 000,417,088 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [15 C:\Users\***\Documents\*.tmp files -> C:\Users\***\Documents\*.tmp -> ] [1 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.02.06 17:37:42 | 000,000,000 | ---- | C] () -- C:\Users\***\defogger_reenable [2013.02.06 17:34:04 | 000,365,568 | ---- | C] () -- C:\Users\***\Desktop\gmer_2.0.18454.exe [2013.02.06 17:33:29 | 000,050,477 | ---- | C] () -- C:\Users\***\Desktop\Defogger.exe [2013.01.21 10:47:24 | 000,001,664 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk [2012.01.15 18:31:15 | 000,032,768 | ---- | C] () -- C:\Windows\System32\drivers\sp_rsdrv2.sys [2011.05.12 15:16:28 | 000,111,932 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat [2011.05.12 15:16:28 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat [2011.05.12 15:16:28 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat [2011.05.12 15:16:28 | 000,026,154 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat [2011.05.12 15:16:28 | 000,024,903 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat [2011.05.12 15:16:28 | 000,021,390 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat [2011.05.12 15:16:28 | 000,020,148 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat [2011.05.12 15:16:28 | 000,011,811 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat [2011.05.12 15:16:28 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat [2011.05.12 15:16:28 | 000,001,146 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_DU.dat [2011.05.12 15:16:28 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat [2011.05.12 15:16:28 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat [2011.05.12 15:16:28 | 000,001,136 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat [2011.05.12 15:16:28 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat [2011.05.12 15:16:28 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat [2011.05.12 15:16:28 | 000,001,120 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_IT.dat [2011.05.12 15:16:28 | 000,001,107 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_GE.dat [2011.05.12 15:16:28 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat [2011.05.12 15:16:28 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini [2011.04.27 13:19:32 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe [2011.04.27 13:19:30 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll [2011.04.27 13:19:30 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll [2011.04.27 13:19:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll [2011.04.27 13:19:30 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll [2010.09.22 14:56:51 | 000,110,292 | ---- | C] () -- C:\ProgramData\dudenbib.wav [2010.01.18 23:50:29 | 000,000,108 | ---- | C] () -- C:\Users\***\AppData\Roaming\default.pls [2008.09.27 22:19:09 | 000,001,024 | ---- | C] () -- C:\Users\***\.rnd [2008.05.10 10:32:42 | 000,189,952 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008.05.10 10:29:21 | 000,000,680 | ---- | C] () -- C:\Users\***\AppData\Local\d3d9caps.dat [2008.05.10 10:29:08 | 000,057,133 | ---- | C] () -- C:\Users\***\AppData\Roaming\nvModes.dat [2008.05.10 10:29:08 | 000,057,133 | ---- | C] () -- C:\Users\***\AppData\Roaming\nvModes.001 ========== ZeroAccess Check ========== [2006.11.02 13:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 07:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 07:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2010.03.25 17:27:48 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Academic Software Zurich [2010.01.30 16:12:25 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Amazon [2010.08.03 22:47:30 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\CheckPoint [2010.10.01 09:02:20 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Duden [2010.08.09 15:54:08 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FireShot [2009.12.29 14:49:14 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\InterVideo [2011.07.02 15:15:44 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\IrfanView [2009.12.14 10:05:15 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Opera [2009.12.05 19:53:13 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\phonostar GmbH [2008.07.15 16:11:49 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\RhinoSoft.com [2012.10.18 14:02:01 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Samsung [2012.09.01 19:47:26 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Sony [2010.05.12 17:41:46 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Telefónica [2012.06.27 13:28:24 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Temp [2010.01.01 13:20:08 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Thunderbird ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 164 bytes -> C:\ProgramData\TEMP:52DBE86F < End of report > Code:
ATTFilter OTL Extras logfile created on: 06.02.2013 17:38:50 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\***\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,00 Gb Total Physical Memory | 1,08 Gb Available Physical Memory | 53,90% Memory free
4,23 Gb Paging File | 3,18 Gb Available in Paging File | 75,27% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 225,46 Gb Total Space | 32,01 Gb Free Space | 14,20% Space Free | Partition Type: NTFS
Drive H: | 24,66 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Computer Name: BOSS | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Mozilla\firefox.exe" -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla\firefox.exe" -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [Browse with &IrfanView] -- "C:\Program Files\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Directory [tralih] -- "C:\Program Files\Trader's Little Helper\tralih.exe" /0 "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{035459F4-D587-4889-B084-E01EC6269CBE}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{4FC5CA85-A90C-4654-959D-8B4DD2D856FA}" = rport=139 | protocol=6 | dir=out | app=system |
"{662015AE-650E-4092-864A-195B2CE385BB}" = rport=445 | protocol=6 | dir=out | app=system |
"{6FE0F9A1-F18C-4C8C-A176-3D1FB11A479B}" = lport=138 | protocol=17 | dir=in | app=system |
"{799B81BA-96B0-4181-94A6-FB5ECF1D3BA6}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{905021DA-7600-4EF7-A072-F48A8513F66F}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{B081FA61-2058-4ACA-AFB5-7D8A27584B3E}" = lport=2869 | protocol=6 | dir=in | app=system |
"{B5878511-93DB-46BB-8FBE-ABD164908715}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{C28F1B4A-B613-47B8-874E-B4BAFD0AF367}" = lport=139 | protocol=6 | dir=in | app=system |
"{DB2A7CE1-106C-4B7E-926E-F1F91A30BB3B}" = rport=137 | protocol=17 | dir=out | app=system |
"{E6FD85C4-2931-41E5-BFEE-F4F8BFDE1A5A}" = lport=445 | protocol=6 | dir=in | app=system |
"{F661F20A-1E37-42AD-9BEC-46881BB46467}" = rport=138 | protocol=17 | dir=out | app=system |
"{FD587E6B-5337-4A3A-B435-A4D3987F77C4}" = lport=137 | protocol=17 | dir=in | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0A82F490-EB9F-4525-A2E6-F8A64923CD6A}" = protocol=6 | dir=in | app=c:\windows\system32\muzapp.exe |
"{25FB12F0-ABF7-46C9-BD7D-85FB59A8112B}" = protocol=6 | dir=in | app=c:\program files\google\google talk\googletalk.exe |
"{27E63398-625D-401A-882B-5852B3E01664}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{331BC3B4-E524-4148-B941-E6AA5F6E7000}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{33662B88-21CF-496B-80D1-66236F17065E}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{463331EB-0294-4828-9BEA-E5D51DA915C4}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{5436CF2C-0D34-4E1B-9C6D-2E55CD0721C0}" = protocol=17 | dir=in | app=c:\program files\google\google talk\googletalk.exe |
"{845DCC2A-720D-4F48-83FC-9DB6B2160731}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{89E0255A-030B-48F2-A1BB-A2C1013E7935}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{8AC07CD1-8EDD-4590-A2FC-112F447CA526}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{A5595E4E-B1CC-4FCE-9636-3AA55EA268E8}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{A6B20E57-3506-4E46-A9FE-C1B91B99FD4F}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{B22B33B3-497F-4CD1-BD91-165450BBC1A4}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{BB59A6E1-439D-4DA2-8FD3-2A656589C5A3}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{C175C489-9248-41F8-8A6F-1E87759D447F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{C7B0748A-AFEA-42A2-AB58-56A7A41BE894}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{C99E7C45-D86F-4309-99CC-87ADEECAC01B}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{E8547461-7311-4D77-9419-C14EB1E7C67A}" = protocol=17 | dir=in | app=c:\windows\system32\muzapp.exe |
"{FCDF4811-0081-42AB-8923-068D245DAD9D}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"TCP Query User{BCA86AE1-B09E-456C-AE28-436321D02051}C:\program files\mozilla\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files\mozilla\plugin-container.exe |
"UDP Query User{A069FF96-D606-4567-89EF-545D416A3FE7}C:\program files\mozilla\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files\mozilla\plugin-container.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0138F525-6C8A-333F-A105-14AE030B9A54}" = Visual C++ 9.0 CRT (x86) WinSXS MSM
"{01FDC9FC-4D4F-4DB0-ACD1-D3E8E1D52902}" = Sony Video Shared Library
"{028ED9C4-25EE-4DEE-9CF4-91034BC89B18}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{07159635-9DFE-4105-BFC0-2817DB540C68}" = Roxio Activation Module
"{07629207-FAA0-4F1A-8092-BF5085BE511F}" = Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID-Anmelde-Assistent
"{08B785C1-3893-4154-B53B-F5D341D0AAAA}" = Cisco Systems VPN Client 5.0.06.0110
"{133F46FF-B547-4462-AEAA-2322CA89CF67}" = VAIO Database Converter Ver 1.0
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{15D5C238-4C2E-4AEA-A66D-D6989A4C586B}" = VAIO Launcher
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{190D0C6E-C8A7-4019-8FB5-FD041EC1F2D2}" = Mobile Broadband Drivers
"{1E04F83B-2AB9-4301-9EF7-E86307F79C72}" = Google Earth
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = WinDVD for VAIO
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{2063C2E8-3812-4BBD-9998-6610F80C1DD4}" = VAIO Media AC3 Decoder 1.0
"{206FD69B-F9FE-4164-81BD-D52552BC9C23}" = GearDrvs
"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{23825B69-36DF-4DAD-9CFD-118D11D80F16}" = VAIO Content Folder Setting
"{26A24AE4-039D-4CA4-87B4-2F83216033FF}" = Java(TM) 6 Update 37
"{28549656-3CB3-44B6-9FAB-925A18DAC796}" = VAIO Movie Story
"{28AD24E2-BC9F-49B8-A20C-31C6C2D78428}" = VAIO Database Converter 1.0
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java(TM) 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3B659FAD-E772-44A3-B7E7-560FF084669F}" = VAIO Smart Network
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3EB47E4E-AEA2-4DCD-BC4C-7191D4E1B3EF}" = VAIO Content Metadata XML Interface Library
"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = Browser Address Error Redirector
"{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{459699C3-9430-4381-964B-4248D87B49F9}" = Apple Mobile Device Support
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AA0CF6F-2C23-4A29-9A3B-CF68207755B4}" = VAIO Content Metadata Intelligent Analyzing Manager
"{4cb9f93c-9edc-4be9-ae61-af128ddbecfa}" = Business Contact Manager für Outlook 2007 SP2
"{4DCEA9C1-4D6E-41BF-A854-28CFA8B56DBF}" = Click to Disc Editor
"{4EA55D20-27FB-45D7-8726-147E8A5F6C62}" = VAIO MusicBox
"{500162A0-4DD5-460A-BAFD-895AAE48C532}" = VAIO Media Content Collection 6.0
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{560F6B2E-F0DF-44E5-8190-A4A161F0E205}" = VAIO Media 6.0
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57B955CE-B5D3-495D-AF1B-FAEE0540BFEF}" = VAIO Data Restore Tool
"{5855C127-1F20-404D-B7FB-1FD84D7EAB5E}" = VAIO Media Redistribution 6.0
"{596BED91-A1D8-4DF1-8CD1-1C777F7588AC}" = VAIO DVD Menu Data Basic
"{5C81B189-5456-40C4-9313-7FE6FA6DD64C}" = Duden-Bibliothek
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{63A6E9A9-A190-46D4-9430-2DB28654AFD8}" = Norton 360
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{68A69CFF-130D-4CDE-AB0E-7374ECB144C8}" = Click to Disc
"{69351E9E-23ED-41D5-B146-EDBF83C63B66}" = VAIO Content Metadata Manager Setting
"{6B1F20F2-6321-4669-A58C-33DF8E7517FF}" = VAIO Entertainment Platform
"{6C1EC809-88C6-4111-A6E0-0C6E203B3818}" = VAIO Movie Story 1.3 Upgrade
"{6E554A6F-7BA1-4FCE-ABFA-430A24631111}" = Duden Korrektor Patch 022010
"{6FA8BA2C-052B-4072-B8E2-2302C268BE9E}" = VAIO Movie Story Template Data
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{72042FA6-5609-489F-A8EA-3C2DD650F667}" = VAIO Control Center
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{75A0EB9D-2D1E-4FB7-BF61-498E33C73EB4}" = Motorola Driver Installation
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{779DECD7-E072-4B56-9B6B-BEB5973EEEB5}" = MobileMe Control Panel
"{785EB1D4-ECEC-4195-99B4-73C47E187721}" = VAIO Media Integrated Server 6.1
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7B63B2922B174135AFC0E1377DD81EC2}" =
"{802889F8-6AF5-45A5-9764-CA5B999E50FC}" = VAIO Power Management
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115364873}" = Governor of Poker
"{83CDA18E-0BF3-4ACA-872C-B4CDABF2360E}" = VAIO Update 4
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}_PROHYBRIDR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}_PROHYBRIDR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}_PROHYBRIDR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90A40407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95120000-0122-0407-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{959282E3-55A9-49D8-B885-D27CF8A2FD82}" = PHOTOfunSTUDIO 5.0
"{98FC7A64-774B-49B5-B046-4B4EBC053FA9}" = VAIO MusicBox Sample Music
"{994223F3-A99B-4DDD-9E1D-0190A17C6860}" = Windows Live Family Safety
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B5D7FA6-9E73-426E-81C4-2C8FE5ACFBEF}" = Duden Korrektor
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Alps Pointing-device for VAIO
"{9FA8B5F5-4BDC-4CF4-9202-AA97FF79AE98}" = VAIO Media
"{A63E7492-A0BC-4BB9-89A7-352965222380}" = VAIO Original Function Setting
"{A7DA438C-2E43-4C20-BFDA-C1F4A6208558}" = Setting Utility Series
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{AA346790-8BF2-4826-9E30-18E9BB547663}" = VAIO Content Metadata Manager Setting
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.5) - Deutsch
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AEBB1D78-EB8C-4F8B-B57E-459958979C3B}" = VAIO Content Metadata XML Interface Library
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{AF9A04EB-7D8E-41DE-9EDE-4AB9BB2B71B6}" = VAIO Media Registration Tool 6.0
"{B0261E53-B6F1-474A-864B-E7C3CBF468E0}" = iTunes
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B25563A0-41F4-4A81-A6C1-6DBC0911B1F3}" = VAIO Movie Story
"{B4089055-D468-45A4-A6BA-5A138DD715FC}" = Bing Bar
"{B7FB0C86-41A4-4402-9A33-912C462042A0}" = Roxio Easy Media Creator Home
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C3F19A5F-35A8-4FDB-A6ED-0F4CE398DA48}" = Nokia Connectivity Cable Driver
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C7477742-DDB4-43E5-AC8D-0259E1E661B1}" = VAIO Event Service
"{CC85B598-5643-4FD0-9AD9-B7B551D2F435}" = VAIO Content Metadata Intelligent Analyzing Manager
"{CCD663AE-610D-4BDF-AAB0-E914B044527D}" = OpenMG Secure Module 4.7.00
"{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D06F5884-B439-440B-A58D-6C057C2FF8EB}" = Click to Disc
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D3AAAEA9-9A0C-4568-8E9D-073497291031}" = Nero 8
"{D60F97EC-EF06-4E1E-B0D1-C2CBABA62FA3}" = VAIO Wallpaper Contents
"{DEBA60A3-7CDE-48D7-993D-7C68663AEE68}" = VAIO Content Metadata Intelligent Analyzing Manager
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E59113EB-0285-4BFD-A37A-B79EAC6B8F4B}" = Microsoft SQL Server Compact 3.5 SP1 English
"{E89D31F3-7F6C-47A3-8669-0A8DDE27B664}" = VAIO Media Registration Tool
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F46E21DF-5BE1-48E2-8390-5EEA8B25E36A}" = Microsoft SQL Server Native Client
"{F570A6CC-53ED-4AA9-8B08-551CD3E38D8B}" =
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{FDE96E86-7780-431C-92F7-679C6A7CEC51}" = Microsoft SQL Server VSS Writer
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"7-Zip" = 7-Zip 9.20
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.17
"Atlantis - Sky Patrol" = Atlantis - Sky Patrol (remove only)
"avast" = avast! Free Antivirus
"Big Fish Games Center" = Big Fish Games Center
"Big Fish Games Sudoku" = Big Fish Games Sudoku (remove only)
"Business Contact Manager" = Business Contact Manager für Outlook 2007 SP2
"CCleaner" = CCleaner
"CdCoverCreator" = CdCoverCreator 2.5.3
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_104D0200" = HDAUDIO SoftV92 Data Fax Modem with SmartCP
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup" = DivX-Setup
"dt icon module" =
"Google Desktop" = Google Desktop
"gtfirstboot Setting Request" =
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = WinDVD for VAIO
"InstallShield_{4DCEA9C1-4D6E-41BF-A854-28CFA8B56DBF}" = Click to Disc Editor
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"InstallShield_{CCD663AE-610D-4BDF-AAB0-E914B044527D}" = OpenMG Secure Module 4.7.00
"IrfanView" = IrfanView (remove only)
"Mahjong Towers Eternity EU" = Mahjong Towers Eternity EU (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"MarketingTools" = Vaio Marketing Tools
"MFU Module" =
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Mobile Partner" = Mobile Partner
"Mozilla Firefox 18.0.2 (x86 de)" = Mozilla Firefox 18.0.2 (x86 de)
"Mozilla Thunderbird 17.0.2 (x86 de)" = Mozilla Thunderbird 17.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Mystery Case Files - Prime Suspects" = Mystery Case Files - Prime Suspects (remove only)
"NVIDIA Drivers" = NVIDIA Drivers
"o2DE" = Mobile Connection Manager
"OpenMG HotFix4.7-07-13-22-01" = OpenMG Limited Patch 4.7-07-15-19-01
"Picasa2" = Picasa 2
"PROHYBRIDR" = 2007 Microsoft Office system
"Teachmaster 4.3" = Teachmaster 4.3 (nur Entfernen)
"TradersLittleHelper_is1" = Trader's Little Helper 2.6.0
"UnderCoverXP_is1" = UnderCoverXP 1.23
"VAIO Help and Support" =
"VAIO_My Club VAIO" = My Club VAIO
"Virtual Villagers" = Virtual Villagers (remove only)
"VLC media player" = VLC media player 2.0.5
"WinLiveSuite_Wave3" = Windows Live Essentials
"YInstHelper" = Yahoo! Install Manager
"YTdetect" = Yahoo! Detect
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 29.01.2013 10:28:38 | Computer Name = Boss | Source = VzCdbSvc | ID = 7
Description = Das Plug-In-Modul konnte nicht geladen werden. (GUID = {56F9312C-C989-4E04-8C23-299DEE3A36F5})
(Fehlercode = 0x80042019)
Error - 29.01.2013 11:56:09 | Computer Name = Boss | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung CdCoverCreator.exe, Version 2.5.2.0, Zeitstempel
0x4b7c3f4e, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000,
Ausnahmecode 0xc0000005, Fehleroffset 0x00000100, Prozess-ID 0xc18, Anwendungsstartzeit
01cdfe38e2c27946.
Error - 29.01.2013 12:24:27 | Computer Name = Boss | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung CdCoverCreator.exe, Version 2.5.2.0, Zeitstempel
0x4b7c3f4e, fehlerhaftes Modul CdCoverCreator.exe, Version 2.5.2.0, Zeitstempel
0x4b7c3f4e, Ausnahmecode 0xc0000005, Fehleroffset 0x0001d798, Prozess-ID 0x7dc,
Anwendungsstartzeit 01cdfe3be78dadc6.
Error - 31.01.2013 10:31:19 | Computer Name = Boss | Source = VzCdbSvc | ID = 7
Description = Das Plug-In-Modul konnte nicht geladen werden. (GUID = {56F9312C-C989-4E04-8C23-299DEE3A36F5})
(Fehlercode = 0x80042019)
Error - 02.02.2013 05:58:17 | Computer Name = Boss | Source = VzCdbSvc | ID = 7
Description = Das Plug-In-Modul konnte nicht geladen werden. (GUID = {56F9312C-C989-4E04-8C23-299DEE3A36F5})
(Fehlercode = 0x80042019)
Error - 02.02.2013 11:56:57 | Computer Name = Boss | Source = VzCdbSvc | ID = 7
Description = Das Plug-In-Modul konnte nicht geladen werden. (GUID = {56F9312C-C989-4E04-8C23-299DEE3A36F5})
(Fehlercode = 0x80042019)
Error - 02.02.2013 13:15:11 | Computer Name = Boss | Source = ESENT | ID = 486
Description = Windows (3268) Windows: Versuch, Datei "C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS00F0D.log"
nach "C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSStmp.log" zu
verschieben, ist mit Systemfehler 2 (0x00000002): "Das System kann die angegebene
Datei nicht finden. " fehlgeschlagen. Fehler -1811 (0xfffff8ed) beim Verschieben
von Dateien.
Error - 06.02.2013 05:57:46 | Computer Name = Boss | Source = VzCdbSvc | ID = 7
Description = Das Plug-In-Modul konnte nicht geladen werden. (GUID = {56F9312C-C989-4E04-8C23-299DEE3A36F5})
(Fehlercode = 0x80042019)
Error - 06.02.2013 10:16:42 | Computer Name = Boss | Source = VzCdbSvc | ID = 7
Description = Das Plug-In-Modul konnte nicht geladen werden. (GUID = {56F9312C-C989-4E04-8C23-299DEE3A36F5})
(Fehlercode = 0x80042019)
Error - 06.02.2013 10:24:25 | Computer Name = Boss | Source = VzCdbSvc | ID = 7
Description = Das Plug-In-Modul konnte nicht geladen werden. (GUID = {56F9312C-C989-4E04-8C23-299DEE3A36F5})
(Fehlercode = 0x80042019)
[ OSession Events ]
Error - 04.08.2008 13:16:42 | Computer Name = Boss | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6300.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 2
seconds with 0 seconds of active time. This session ended with a crash.
Error - 17.08.2010 03:41:20 | Computer Name = Boss | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6535.5005, Microsoft Office Version: 12.0.6425.1000. This session lasted 13
seconds with 0 seconds of active time. This session ended with a crash.
Error - 10.02.2011 19:50:07 | Computer Name = Boss | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 8
seconds with 0 seconds of active time. This session ended with a crash.
Error - 19.09.2012 13:53:41 | Computer Name = Boss | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 89
seconds with 0 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 27.01.2013 18:49:48 | Computer Name = Boss | Source = Service Control Manager | ID = 7000
Description =
Error - 28.01.2013 16:39:56 | Computer Name = Boss | Source = Service Control Manager | ID = 7000
Description =
Error - 29.01.2013 06:29:20 | Computer Name = Boss | Source = Service Control Manager | ID = 7000
Description =
Error - 29.01.2013 10:29:32 | Computer Name = Boss | Source = Service Control Manager | ID = 7000
Description =
Error - 31.01.2013 10:32:24 | Computer Name = Boss | Source = Service Control Manager | ID = 7000
Description =
Error - 02.02.2013 05:59:08 | Computer Name = Boss | Source = Service Control Manager | ID = 7000
Description =
Error - 02.02.2013 11:57:49 | Computer Name = Boss | Source = Service Control Manager | ID = 7000
Description =
Error - 06.02.2013 05:58:34 | Computer Name = Boss | Source = Service Control Manager | ID = 7000
Description =
Error - 06.02.2013 10:17:54 | Computer Name = Boss | Source = Service Control Manager | ID = 7000
Description =
Error - 06.02.2013 10:25:35 | Computer Name = Boss | Source = Service Control Manager | ID = 7000
Description =
< End of report >
Code:
ATTFilter GMER 2.0.18454 - hxxp://www.gmer.net
Rootkit scan 2013-02-06 18:37:00
Windows 6.0.6002 Service Pack 2 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 Hitachi_ rev.BBFO 232,89GB
Running: gmer_2.0.18454.exe; Driver: C:\Users\MARTIN~1\AppData\Local\Temp\pxldqpoc.sys
---- System - GMER 2.0 ----
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0x900DF4BA]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0x90950C22]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAssignProcessToJobObject [0x900DFED6]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0x900EAFA8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0x900EAFF4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0x900EB176]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0x900EAF16]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateSection [0x90950FA6]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0x900EAF5E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateThread [0x900E011C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0x900EB130]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDebugActiveProcess [0x900E093E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0x900DF508]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0x90950CEA]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwLoadDriver [0x9094F3EC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0x900DF556]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0x900E4534]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0x900E13A6]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0x900EAFD2]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0x900EB016]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0x900EB19A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0x900EAF3C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0x900EB0BA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0x900EAF86]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0x900EB154]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0x90950E4A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0x900E1272]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueueApcThread [0x900E0DD4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0x900DF5A4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0x900DF5F2]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetContextThread [0x900E07BE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0x900DF1FA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0x900DF3AA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0x900DF350]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSuspendProcess [0x900E0AF8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSuspendThread [0x900E0C54]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0x900DF41A]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwTerminateProcess [0x90950EFE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwTerminateThread [0x900E0636]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwUnloadDriver [0x9094F41C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0x900DF640]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwWriteVirtualMemory [0x90950D96]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateThreadEx [0x900E02F4]
---- Kernel code sections - GMER 2.0 ----
.text ntkrnlpa.exe!KeSetEvent + 10D 82AC67D0 4 Bytes [BA, F4, 0D, 90]
.text ntkrnlpa.exe!KeSetEvent + 131 82AC67F4 4 Bytes [22, 0C, 95, 90]
.text ntkrnlpa.exe!KeSetEvent + 191 82AC6854 4 Bytes [D6, FE, 0D, 90]
.text ntkrnlpa.exe!KeSetEvent + 1D1 82AC6894 8 Bytes [A8, AF, 0E, 90, F4, AF, 0E, ...] {TEST AL, 0xaf; PUSH CS; NOP ; HLT ; SCASD ; PUSH CS; NOP }
.text ntkrnlpa.exe!KeSetEvent + 1DE 82AC68A1 3 Bytes [B1, 0E, 90] {MOV CL, 0xe; NOP }
.text ...
PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 110 82C53EB8 4 Bytes CALL 900E1A8D \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
PAGE ntkrnlpa.exe!ZwAlpcSendWaitReceivePort + 121 82C57B2C 4 Bytes CALL 900E1AA3 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text C:\Windows\system32\DRIVERS\nvlddmkm.sys section is writeable [0x8CE00360, 0x35B0A2, 0xE8000020]
.text win32k.sys!EngCreateRectRgn + 4537 9B670470 5 Bytes JMP 900E4FFE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngEraseSurface + FDC 9B680628 5 Bytes JMP 900E5090 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreatePalette + C20 9B689689 5 Bytes JMP 900E5CB6 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngTransparentBlt + 4A1 9B68A475 5 Bytes JMP 900E5E1C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngTransparentBlt + 8C4B 9B692C1F 5 Bytes JMP 900E456A \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XLATEOBJ_iXlate + 616 9B693B75 5 Bytes JMP 900E5A86 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XFORMOBJ_iGetXform + 30EF 9B69F2A7 5 Bytes JMP 900E4EB8 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XFORMOBJ_iGetXform + 4561 9B6A0719 5 Bytes JMP 900E47C4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XFORMOBJ_iGetXform + 46B0 9B6A0868 5 Bytes JMP 900E516A \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XFORMOBJ_iGetXform + 4C45 9B6A0DFD 5 Bytes JMP 900E5182 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XFORMOBJ_iGetXform + 522D 9B6A13E5 5 Bytes JMP 900E4CDE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngMapFontFileFD + 11A16 9B6BA295 5 Bytes JMP 900E4C1E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngMapFontFileFD + 11A6A 9B6BA2E9 5 Bytes JMP 900E4EE4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngGradientFill + 377F 9B6E1378 5 Bytes JMP 900E594C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngGradientFill + 60DC 9B6E3CD5 5 Bytes JMP 900E4670 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngMulDiv + 4D3F 9B6EA66E 5 Bytes JMP 900E4834 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngStretchBlt + 2B44 9B6F4B04 5 Bytes JMP 900E5EBE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngStrokePath + 5FF 9B6F79FC 5 Bytes JMP 900E4688 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngLpkInstalled + 1D73 9B701817 5 Bytes JMP 900E5A3C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngAlphaBlend + B990 9B711DBD 5 Bytes JMP 900E50A8 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngNineGrid + 8C4 9B715FAF 5 Bytes JMP 900E5BFE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngNineGrid + 6F70 9B71C65B 5 Bytes JMP 900E59F6 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCopyBits + B0F 9B71FDCA 5 Bytes JMP 900E5B4C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!STROBJ_vEnumStart + 4728 9B7276E9 5 Bytes JMP 900E4760 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngDeleteSemaphore + E80 9B745C8A 5 Bytes JMP 900E4A1C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!CLIPOBJ_bEnum + 248 9B74B532 5 Bytes JMP 900E48F0 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngPlgBlt + 26D9 9B74F06A 5 Bytes JMP 900E5D74 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngFillPath + 3765 9B767444 5 Bytes JMP 900E50C0 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngLineTo + A15 9B76D58D 5 Bytes JMP 900E4944 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngLineTo + D28F 9B779E07 5 Bytes JMP 900E4B48 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngLineTo + 10D00 9B77D878 5 Bytes JMP 900E4AB2 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
---- User code sections - GMER 2.0 ----
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[284] kernel32.dll!GetBinaryTypeW + 70 773D2447 1 Byte [62]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[304] kernel32.dll!GetBinaryTypeW + 70 773D2447 1 Byte [62]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[440] kernel32.dll!GetBinaryTypeW + 70 773D2447 1 Byte [62]
.text C:\Windows\system32\csrss.exe[604] KERNEL32.dll!GetBinaryTypeW + 70 773D2447 1 Byte [62]
.text C:\Program Files\Microsoft\BingBar\SeaPort.EXE[608] kernel32.dll!GetBinaryTypeW + 70 773D2447 1 Byte [62]
.text ...
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1748] kernel32.dll!SetUnhandledExceptionFilter 773AA8B5 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1748] kernel32.dll!GetBinaryTypeW + 70 773D2447 1 Byte [62]
.text C:\Program Files\Sony\Network Utility\NSUService.exe[1772] kernel32.dll!GetBinaryTypeW + 70 773D2447 1 Byte [62]
.text C:\Windows\System32\spoolsv.exe[1876] kernel32.dll!GetBinaryTypeW + 70 773D2447 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1904] kernel32.dll!GetBinaryTypeW + 70 773D2447 1 Byte [62]
.text C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2060] kernel32.dll!GetBinaryTypeW + 70 773D2447 1 Byte [62]
.text ...
---- EOF - GMER 2.0 ----
Martin |
| Themen zu Virenscanner deaktiviert, System ungeschützt |
| 7-zip, antivirus, avira, avira searchfree toolbar, bho, bildschirm, bingbar, bonjour, converter, entfernen, error, flash player, frage, home, install.exe, intranet, log-datei, logfile, microsoft office 2003, mozilla, office 2007, ohne befund, picasa, plug-in, problem, realtek, registry, scan, security, senden, server, software, svchost.exe, system, trojaner, vista, win32k.sys |
Baum-Darstellung