Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
GVU-windows funktioniert aber bin ich sauber?

GVU-windows funktioniert aber bin ich sauber?


Plagegeister aller Art und deren Bekämpfung: GVU-windows funktioniert aber bin ich sauber?

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

 
Vorheriger Beitrag Vorheriger Beitrag   Nächster Beitrag Nächster Beitrag
Alt 24.02.2013, 01:19   #1
katpan
 
GVU-windows funktioniert aber bin ich sauber? - Standard

GVU-windows funktioniert aber bin ich sauber?


Hallo,
hatte heute Vormittag den GVU-Trojaner erwischt.
Nach Flash Aktualisierung, Seite geöffnet im Internetexplorer, Polizeiseite mit "Lösegeldforderung" von 100€.
Habe daraufhin die Internetverbindung gekappt und wurde mit weissem Bildschirm bei dem nichts mehr ging belohnt.
Neustart im abgesicherten Modus ging nicht. Systemwiederherstellungspunkt gab es nicht.
Mit anderem Benutzer (Gast) konnte ich im abgesicherten Modus Dateien, die um diese Zeit geändert wurden von der Festplatte entfernen.
Danach ging der Start des Administrators normal, Gast ging normal, nur der verursachende Benutzer immer noch weisser Bildschirm.
Über Internet Bitdefender geladen und Antivir, alles geprüft und schliesslich geht alles wieder.

Aber bin ich den Virus los?
Habe die Anti-Malware Software prüfen lassen die fand noch was. Konnte diesen Report aber nicht kopieren, da der nach Entfernen der infizieren Dateien und dem dann folgenden Neustart weg war :-( (Sorry bin kein pc Held)
Die 3 anderen hab ich.

OTL.textOTL Logfile:
Code:
ATTFilter
OTL logfile created on: 24.02.2013 00:09:49 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\jensar\Desktop\ForumHelp
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,99 Gb Total Physical Memory | 1,20 Gb Available Physical Memory | 60,48% Memory free
4,21 Gb Paging File | 3,15 Gb Available in Paging File | 74,63% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 102,48 Gb Total Space | 0,86 Gb Free Space | 0,84% Space Free | Partition Type: NTFS
Drive I: | 1,91 Gb Total Space | 1,57 Gb Free Space | 81,97% Space Free | Partition Type: FAT
 
Computer Name: JENSAR-NOTEBOOK | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.02.23 22:50:23 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\jensar\Desktop\ForumHelp\OTL.exe
PRC - [2013.02.23 21:34:29 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2013.02.23 21:34:09 | 000,079,584 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2013.02.23 21:34:06 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2013.02.23 21:34:05 | 000,385,248 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2013.02.21 10:30:09 | 002,561,488 | ---- | M] () -- C:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe
PRC - [2012.12.14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.12.14 16:49:28 | 000,512,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012.12.14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012.09.19 11:29:44 | 001,869,152 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesApp32.exe
PRC - [2012.09.19 11:29:42 | 001,699,168 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesService32.exe
PRC - [2011.10.25 13:44:42 | 000,793,048 | ---- | M] (PC Tools) -- C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
PRC - [2011.10.25 13:44:42 | 000,103,896 | ---- | M] (PC Tools) -- C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe
PRC - [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008.08.24 10:59:12 | 000,870,240 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Update 4\VAIOUpdt.exe
PRC - [2008.01.18 22:33:28 | 000,151,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\schtasks.exe
PRC - [2007.02.13 15:19:48 | 000,182,392 | ---- | M] (Sony Corporation) -- C:\Program Files\sony\VAIO Event Service\VESMgr.exe
PRC - [2007.02.13 15:19:48 | 000,100,472 | ---- | M] (Sony Corporation) -- C:\Program Files\sony\VAIO Event Service\VESMgrSub.exe
PRC - [2007.02.09 10:54:42 | 000,923,768 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
PRC - [2007.01.12 06:52:25 | 000,118,784 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\Apoint.exe
PRC - [2007.01.12 06:52:23 | 000,042,544 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\ApMsgFwd.exe
PRC - [2006.11.28 19:27:46 | 000,274,432 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
PRC - [2006.11.28 19:09:58 | 000,135,168 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
PRC - [2006.11.28 19:09:46 | 000,172,032 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
PRC - [2006.11.02 00:46:00 | 000,215,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\WindowsMobile\wmdSync.exe
PRC - [2001.01.05 11:41:24 | 000,022,016 | ---- | M] (Inprise Corporation) -- C:\PROGRA~1\Borland\INTERB~1\Bin\IBGuard.EXE
PRC - [2001.01.05 11:40:58 | 001,701,888 | ---- | M] (Inprise Corporation) -- C:\PROGRA~1\Borland\INTERB~1\Bin\ibserver.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013.02.21 10:28:52 | 002,231,248 | ---- | M] () -- c:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.dll
MOD - [2011.08.28 22:19:12 | 000,093,696 | ---- | M] () -- C:\Program Files\FileZilla FTP Client\fzshellext.dll
MOD - [2008.09.16 19:18:06 | 000,132,608 | ---- | M] () -- C:\Program Files\WinRAR\rarext.dll
MOD - [2007.01.24 10:04:22 | 000,061,440 | ---- | M] () -- C:\Windows\System32\igfxTMM.dll
MOD - [2007.01.24 10:02:24 | 000,077,824 | ---- | M] () -- C:\Windows\System32\hccutils.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2013.02.23 21:34:29 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2013.02.23 21:34:06 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2013.02.22 19:06:16 | 000,251,248 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.02.21 10:30:09 | 002,561,488 | ---- | M] () [Auto | Running] -- C:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe -- (BrowserProtect)
SRV - [2012.12.18 20:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.12.14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.12.14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012.09.19 11:29:42 | 001,699,168 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc)
SRV - [2012.01.23 05:43:08 | 000,092,592 | ---- | M] (TomTom) [Disabled | Stopped] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2011.10.25 13:44:42 | 000,793,048 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe -- (PCToolsSSDMonitorSvc)
SRV - [2008.12.06 23:56:05 | 000,104,944 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2008.10.10 14:39:44 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008.01.18 22:38:26 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2008.01.18 22:36:50 | 000,365,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2008.01.18 22:36:16 | 000,167,936 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2007.02.13 15:19:48 | 000,182,392 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\sony\VAIO Event Service\VESMgr.exe -- (VAIO Event Service)
SRV - [2007.01.24 15:56:24 | 000,075,320 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AvLib\SSScsiSV.exe -- (SSScsiSV)
SRV - [2007.01.24 15:56:20 | 000,112,184 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AvLib\SsBeSvc.exe -- (SonicStage Back-End Service)
SRV - [2007.01.16 13:05:00 | 002,523,136 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\sony\VAIO Media Integrated Server\VMISrv.exe -- (VAIOMediaPlatform-IntegratedServer-AppServer)
SRV - [2007.01.16 13:05:00 | 001,089,536 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe -- (VAIOMediaPlatform-UCLS-UPnP)
SRV - [2007.01.16 13:05:00 | 001,089,536 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe -- (VAIOMediaPlatform-IntegratedServer-UPnP)
SRV - [2007.01.10 15:51:06 | 000,745,472 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\sony\VAIO Media Integrated Server\UCLS.exe -- (VAIOMediaPlatform-UCLS-AppServer)
SRV - [2007.01.10 10:43:24 | 000,073,728 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe -- (VAIO Entertainment TV Device Arbitration Service)
SRV - [2007.01.08 16:06:40 | 000,397,312 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe -- (VAIOMediaPlatform-UCLS-HTTP)
SRV - [2007.01.08 16:06:40 | 000,397,312 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe -- (VAIOMediaPlatform-IntegratedServer-HTTP)
SRV - [2007.01.08 16:01:34 | 000,491,520 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\sony\VAIO Media Integrated Server\Platform\VmGateway.exe -- (VAIOMediaPlatform-Mobile-Gateway)
SRV - [2006.12.14 01:21:20 | 000,045,056 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AvLib\MSCSPTISRV.exe -- (MSCSPTISRV)
SRV - [2006.12.14 01:02:08 | 000,069,632 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AvLib\SPTISRV.exe -- (SPTISRV)
SRV - [2006.12.14 00:46:16 | 000,057,344 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AvLib\PACSPTISVR.exe -- (PACSPTISVR)
SRV - [2006.11.28 19:27:46 | 000,274,432 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe -- (Vcsw)
SRV - [2006.11.28 19:09:58 | 000,135,168 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe -- (VzFw)
SRV - [2006.11.28 19:09:46 | 000,172,032 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe -- (VzCdbSvc)
SRV - [2001.01.05 11:41:24 | 000,022,016 | ---- | M] (Inprise Corporation) [Auto | Running] -- C:\PROGRA~1\Borland\INTERB~1\Bin\IBGuard.EXE -- (InterBaseGuardian)
SRV - [2001.01.05 11:40:58 | 001,701,888 | ---- | M] (Inprise Corporation) [On_Demand | Running] -- C:\PROGRA~1\Borland\INTERB~1\Bin\ibserver.exe -- (InterBaseServer)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\jensar\AppData\Local\Temp\musbehco.sys -- (musbehco)
DRV - File not found [Kernel | System | Unknown] -- C:\Windows\system32\drivers\kbdqtezq.sys -- (kbdqtezq)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2013.02.23 21:34:40 | 000,036,552 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2013.02.23 21:34:40 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2013.02.23 21:34:39 | 000,134,336 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2013.02.23 21:34:39 | 000,083,944 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2012.12.14 16:49:28 | 000,021,104 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012.09.19 10:50:50 | 000,010,088 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv)
DRV - [2011.03.24 09:57:54 | 000,014,216 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\epmntdrv.sys -- (epmntdrv)
DRV - [2011.03.24 09:57:54 | 000,008,456 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\EuGdiDrv.sys -- (EuGdiDrv)
DRV - [2009.09.29 15:29:47 | 000,721,904 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV - [2007.12.06 13:40:14 | 000,761,856 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2007.07.20 17:19:20 | 001,313,792 | ---- | M] (C-Media Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CM106.sys -- (USBMULCD)
DRV - [2007.04.23 12:29:00 | 000,812,544 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ti21sony.sys -- (ti21sony)
DRV - [2007.02.06 06:54:39 | 000,027,520 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SonyNC.sys -- (SNC)
DRV - [2007.01.24 11:28:35 | 001,786,880 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32)
DRV - [2007.01.12 06:52:24 | 000,140,800 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2007.01.10 12:09:12 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2006.10.18 11:56:30 | 000,010,216 | ---- | M] (Sony Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\DMICall.sys -- (DMICall)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.club-vaio.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope = {5CBCD265-7AE0-4E42-9AC6-82854476204F}
IE - HKLM\..\SearchScopes\{5CBCD265-7AE0-4E42-9AC6-82854476204F}: "URL" = hxxp://www.google.de/search?hl=de&q={searchTerms}&meta=
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.club-vaio.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://partnerpage.google.com/eu.s [Binary data over 200 bytes]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://partnerpage.google.com/eu.s [Binary data over 200 bytes]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.club-vaio.com
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7SNYK
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_168.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.01.07 10:26:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\Program Files\IB Updater\Firefox
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012.11.19 15:40:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2013.02.23 13:05:59 | 000,000,000 | ---D | M]
 
[2012.10.24 19:20:50 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions
 
O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O2 - BHO: (delta Helper Object) - {C1AF5FA5-852C-4C90-812E-A7F75E011D87} - C:\Program Files\Delta\delta\1.8.10.0\bh\delta.dll (Delta-search.com)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\PROGRA~1\GOOGLE~1\BAE.dll (Your Company Name)
O3 - HKLM\..\Toolbar: (Delta Toolbar) - {82E1477C-B154-48D3-9891-33D83C26BCD3} - C:\Program Files\Delta\delta\1.8.10.0\deltaTlbr.dll (Delta-search.com)
O3 - HKLM\..\Toolbar: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Windows\System32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SSDMonitor] C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe (PC Tools)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation)
O4 - HKCU..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware  (cleanup)] C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll (Malwarebytes Corporation)
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{63322D96-B808-49C1-BA74-E67EB9A64D31}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{75150A78-C350-47D0-A029-3EEC5D8DD586}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (c:\progra~2\browse~1\261095~1.52\{c16c1~1\browse~1.dll) - c:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.dll ()
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\VESWinlogon: DllName - (VESWinlogon.dll) - C:\Windows\System32\VESWinlogon.dll (Sony Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O27 - HKLM IFEO\paprport.exe: Debugger - C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\pppagevw.exe: Debugger - C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\tomtomhome.exe: Debugger - C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\uninstall tomtom home.exe: Debugger - C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe (TuneUp Software)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\Autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.02.23 22:57:15 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Malwarebytes
[2013.02.23 22:56:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.02.23 22:56:51 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013.02.23 22:56:51 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013.02.23 21:46:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2013.02.23 21:45:45 | 000,134,336 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avipbb.sys
[2013.02.23 21:45:45 | 000,083,944 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avgntflt.sys
[2013.02.23 21:45:45 | 000,036,552 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avkmgr.sys
[2013.02.23 21:45:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2013.02.23 21:45:32 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2013.02.23 19:42:12 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\TuneUp Software
[2013.02.23 19:38:29 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Apple Computer
[2013.02.23 19:37:48 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\PerformerSoft
[2013.02.23 18:59:11 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\Vorlagen
[2013.02.23 18:59:11 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\AppData\Local\Verlauf
[2013.02.23 18:59:11 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\AppData\Local\Temporary Internet Files
[2013.02.23 18:59:11 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\Startmenü
[2013.02.23 18:59:11 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\SendTo
[2013.02.23 18:59:11 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\Recent
[2013.02.23 18:59:11 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\Netzwerkumgebung
[2013.02.23 18:59:11 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\Lokale Einstellungen
[2013.02.23 18:59:11 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\Documents\Eigene Videos
[2013.02.23 18:59:11 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\Documents\Eigene Musik
[2013.02.23 18:59:11 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\Eigene Dateien
[2013.02.23 18:59:11 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\Documents\Eigene Bilder
[2013.02.23 18:59:11 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\Druckumgebung
[2013.02.23 18:59:11 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\Cookies
[2013.02.23 18:59:11 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\AppData\Local\Anwendungsdaten
[2013.02.23 18:59:11 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\Anwendungsdaten
[2013.02.23 18:58:58 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Google
[2013.02.23 18:58:58 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Adobe
[2013.02.23 18:58:57 | 000,000,000 | --SD | C] -- C:\Users\Administrator\AppData\Roaming\Microsoft
[2013.02.23 18:58:57 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Videos
[2013.02.23 18:58:57 | 000,000,000 | R--D | C] -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2013.02.23 18:58:57 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Searches
[2013.02.23 18:58:57 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Saved Games
[2013.02.23 18:58:57 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Pictures
[2013.02.23 18:58:57 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Music
[2013.02.23 18:58:57 | 000,000,000 | R--D | C] -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2013.02.23 18:58:57 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Links
[2013.02.23 18:58:57 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Favorites
[2013.02.23 18:58:57 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Downloads
[2013.02.23 18:58:57 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Documents
[2013.02.23 18:58:57 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Desktop
[2013.02.23 18:58:57 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Contacts
[2013.02.23 18:58:57 | 000,000,000 | R--D | C] -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2013.02.23 18:58:57 | 000,000,000 | R--D | C] -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2013.02.23 18:58:57 | 000,000,000 | -H-D | C] -- C:\Users\Administrator\AppData
[2013.02.23 18:58:57 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Temp
[2013.02.23 18:58:57 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Sony Corporation
[2013.02.23 18:58:57 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Seven Zip
[2013.02.23 18:58:57 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Documents\My Skype Wallpapers
[2013.02.23 18:58:57 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Documents\My Skype Pictures
[2013.02.23 18:58:57 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Microsoft Help
[2013.02.23 18:58:57 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Microsoft
[2013.02.23 18:58:57 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Media Center Programs
[2013.02.23 18:58:57 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Macromedia
[2013.02.23 18:58:57 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Identities
[2013.02.23 18:58:57 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Google
[2013.02.21 17:14:22 | 000,000,000 | ---D | C] -- C:\Program Files\JDownloader
[2013.02.21 16:50:36 | 000,000,000 | ---D | C] -- C:\Windows\System32\searchplugins
[2013.02.21 16:50:36 | 000,000,000 | ---D | C] -- C:\Windows\System32\Extensions
[2013.02.21 16:49:32 | 000,000,000 | ---D | C] -- C:\ProgramData\BrowserProtect
[2013.02.21 16:49:29 | 000,000,000 | ---D | C] -- C:\Program Files\Delta
[2013.02.21 16:48:23 | 000,018,096 | ---- | C] (PerformerSoft LLC) -- C:\Windows\System32\roboot.exe
[2013.02.21 16:48:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Tarma Installer
[2013.02.21 16:48:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Performer
[2013.02.21 16:48:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon
[2013.02.21 16:48:06 | 000,000,000 | ---D | C] -- C:\Program Files\PC Performer
[2013.02.21 16:47:58 | 000,000,000 | ---D | C] -- C:\Program Files\VideoPerformer
[2013.02.21 16:47:58 | 000,000,000 | ---D | C] -- C:\Program Files\File Scout
[2013.02.20 16:28:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PS3 Media Server
[2013.02.20 16:28:40 | 000,000,000 | ---D | C] -- C:\ProgramData\PMS
[2013.02.20 16:28:20 | 000,000,000 | ---D | C] -- C:\Program Files\PS3 Media Server
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.02.24 00:13:00 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-441438614-1551882760-1506043834-1003UA.job
[2013.02.24 00:13:00 | 000,000,420 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{CDACD1E6-389A-44F2-AA68-8C52B44D16E1}.job
[2013.02.24 00:06:15 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.02.24 00:02:28 | 000,000,334 | ---- | M] () -- C:\Windows\tasks\RegistryBooster.job
[2013.02.24 00:00:26 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.02.23 23:59:54 | 000,000,736 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013.02.23 23:59:54 | 000,000,736 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013.02.23 23:57:59 | 000,000,020 | ---- | M] () -- C:\Users\Administrator\defogger_reenable
[2013.02.23 23:28:09 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.02.23 21:46:25 | 000,001,847 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2013.02.23 21:34:40 | 000,036,552 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avkmgr.sys
[2013.02.23 21:34:40 | 000,028,520 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2013.02.23 21:34:39 | 000,134,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avipbb.sys
[2013.02.23 21:34:39 | 000,083,944 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avgntflt.sys
[2013.02.23 20:49:11 | 000,691,512 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.02.23 20:49:11 | 000,647,808 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.02.23 20:49:11 | 000,153,344 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.02.23 20:49:11 | 000,124,558 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.02.23 12:48:46 | 000,000,274 | ---- | M] () -- C:\Windows\tasks\PC Performer_UPDATES.job
[2013.02.23 12:43:19 | 000,000,974 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2013.02.23 04:54:07 | 000,000,438 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for jensar.job
[2013.02.22 17:13:19 | 000,001,072 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-441438614-1551882760-1506043834-1003Core.job
[2013.02.22 15:02:16 | 000,000,266 | ---- | M] () -- C:\Windows\tasks\PC Performer_DEFAULT.job
[2013.02.20 16:28:49 | 000,000,799 | ---- | M] () -- C:\Users\Public\Desktop\PS3 Media Server.lnk
[2013.02.14 03:37:07 | 001,673,680 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.02.23 23:57:43 | 000,000,020 | ---- | C] () -- C:\Users\Administrator\defogger_reenable
[2013.02.23 21:46:25 | 000,001,847 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2013.02.23 19:37:41 | 000,000,949 | ---- | C] () -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2013.02.23 19:30:20 | 000,000,736 | -H-- | C] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013.02.23 19:30:20 | 000,000,736 | -H-- | C] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013.02.23 18:59:00 | 000,001,759 | ---- | C] () -- C:\Users\Administrator\Desktop\eBay.lnk
[2013.02.23 18:59:00 | 000,001,553 | ---- | C] () -- C:\Users\Administrator\Desktop\Registrieren Sie Ihren VAIO.lnk
[2013.02.23 18:59:00 | 000,000,944 | ---- | C] () -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
[2013.02.23 18:59:00 | 000,000,915 | ---- | C] () -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk
[2013.02.23 18:58:59 | 000,001,729 | ---- | C] () -- C:\Users\Administrator\Desktop\VAIO-Benutzerhandbücher.lnk
[2013.02.23 12:23:32 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
[2013.02.22 19:04:10 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.02.21 17:16:12 | 000,001,786 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader.lnk
[2013.02.21 17:16:12 | 000,001,730 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader Deinstallationsprogramm.lnk
[2013.02.21 17:16:12 | 000,001,709 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader Update.lnk
[2013.02.21 16:50:33 | 000,000,266 | ---- | C] () -- C:\Windows\tasks\PC Performer_DEFAULT.job
[2013.02.21 16:49:49 | 000,000,274 | ---- | C] () -- C:\Windows\tasks\PC Performer_UPDATES.job
[2013.02.20 16:28:49 | 000,000,799 | ---- | C] () -- C:\Users\Public\Desktop\PS3 Media Server.lnk
[2013.01.12 10:19:50 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2012.01.07 13:22:05 | 000,037,336 | ---- | C] () -- C:\Windows\System32\CleanMFT32.exe
[2011.07.09 17:04:44 | 002,340,992 | ---- | C] () -- C:\Windows\System32\BootMan.exe
[2011.07.09 17:04:44 | 000,018,048 | ---- | C] () -- C:\Windows\System32\EuEpmGdi.dll
[2011.07.09 17:04:43 | 000,086,408 | ---- | C] () -- C:\Windows\System32\setupempdrv03.exe
[2011.07.09 17:04:43 | 000,014,216 | ---- | C] () -- C:\Windows\System32\epmntdrv.sys
[2011.07.09 17:04:43 | 000,008,456 | ---- | C] () -- C:\Windows\System32\EuGdiDrv.sys
[2010.08.21 14:35:42 | 000,000,268 | RH-- | C] () -- C:\ProgramData\User Pictures
[2010.08.21 14:35:42 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLev.DAT
[2010.08.21 14:35:41 | 000,000,268 | RH-- | C] () -- C:\ProgramData\User Loops
[2010.08.21 14:35:41 | 000,000,268 | RH-- | C] () -- C:\ProgramData\URLs
[2010.08.21 14:35:41 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLet.DAT
[2010.08.21 14:35:41 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLes.DAT
[2010.05.25 16:15:23 | 000,000,012 | RH-- | C] () -- C:\ProgramData\Horn Section
[2010.05.25 16:12:07 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLbx.DAT
[2010.05.25 14:26:44 | 000,000,000 | -H-- | C] () -- C:\ProgramData\PKP_DLdw.DAT
[2008.10.01 08:38:48 | 000,000,000 | ---- | C] () -- C:\ProgramData\PKP_DLdy.DAT
[2008.05.07 06:53:36 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2007.12.25 16:31:26 | 000,000,305 | ---- | C] () -- C:\ProgramData\addr_file.html
 
========== ZeroAccess Check ==========
 
[2006.11.02 13:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 07:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 07:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2013.02.23 19:37:48 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\PerformerSoft
[2013.02.23 19:42:12 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\TuneUp Software
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 99 bytes -> C:\ProgramData\TEMP:D1B5B4F1
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:861A898F

< End of report >
--- --- ---

Extras.txtOTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 24.02.2013 00:09:49 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\jensar\Desktop\ForumHelp
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,99 Gb Total Physical Memory | 1,20 Gb Available Physical Memory | 60,48% Memory free
4,21 Gb Paging File | 3,15 Gb Available in Paging File | 74,63% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 102,48 Gb Total Space | 0,86 Gb Free Space | 0,84% Space Free | Partition Type: NTFS
Drive I: | 1,91 Gb Total Space | 1,57 Gb Free Space | 81,97% Space Free | Partition Type: FAT
 
Computer Name: JENSAR-NOTEBOOK | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- "C:\Program Files\File Scout\filescout.exe" /open "%1" ()
Directory [ACDSee Pro 2.0.Browse] -- "C:\Program Files\ACD Systems\ACDSee Pro\2.0\ACDSeeQVPro2.exe" "%1" (ACD Systems)
Directory [ACDSee Pro 5.Manage] -- "C:\Program Files\ACD Systems\ACDSee Pro\5.0\ACDSeeQVPro5.exe" "%1" (ACD Systems International Inc.)
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1E3C0BE7-B94D-46D3-9913-A7B1EABE2981}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{209572C9-2CE6-454F-8FC8-C04EE628EC5B}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{22E93C0F-2A09-4842-A0B5-E255C130D280}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{2A491EEE-F425-4C01-9B63-E6C9C3618444}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{39F40096-4B0D-4904-A520-7081EAF50F10}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{4848FAD7-CF8B-4AA9-A53A-7C464B553A50}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{6930FE35-5459-46E2-86D2-DC7F7FEB2CDA}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{6A7B4E2D-3DDC-4828-B569-7A3E67F8C699}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{827A4D15-391E-43BB-89DB-5EEA5225DF86}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{B69246FB-FB85-49A8-BF92-1DFB4CB92558}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{CB14E1CD-E648-4937-893F-70553E597204}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{CF78B8C6-2FBE-480B-8593-E9B670BEB18C}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0140C11F-39FE-4752-875A-ED89FD50FC81}" = dir=in | app=c:\program files\hp\hp deskjet 1050 j410 series\bin\usbsetup.exe | 
"{05F2A00F-E936-43CF-878B-72465002204E}" = protocol=6 | dir=in | app=c:\program files\sweetim\communicator\sweetpacksupdatemanager.exe | 
"{1425FB25-1C81-471C-97F0-5A8E27D414BD}" = protocol=17 | dir=in | app=c:\program files\mozilla thunderbird\thunderbird.exe | 
"{156AB89F-D9D0-4DBE-B80D-2CC200307EB3}" = protocol=6 | dir=in | app=c:\windows\system32\msiexec.exe | 
"{1B07F153-3EE3-4EBE-8957-0FDCBA7F6633}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{2993B90D-FC76-40AF-9278-324162D2DDCF}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{3EDB5807-2F5C-4253-8A0E-A9ED4F5CE5CF}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{55A56908-44AD-4A0F-89C9-8CE8F0AB40E9}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{63E1792D-D0CB-4173-B276-50BBD14280BA}" = dir=in | app=c:\program files\itunes\itunes.exe | 
"{7328683B-CE4B-4B59-ADFC-FC5D6C802991}" = protocol=17 | dir=in | app=c:\program files\sweetim\communicator\sweetpacksupdatemanager.exe | 
"{7C9DDA84-39BD-489E-8948-69D834B8E77B}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{8B4EF6CA-F769-4277-8236-E3EC64928ED2}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{8DB790D7-2018-4A86-8A1E-BD9E3C91E403}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{8EBEB34A-B1FA-40CD-8105-F83E1D695B09}" = protocol=17 | dir=in | app=c:\windows\system32\msiexec.exe | 
"{964BC297-D334-4B39-9C85-DF63AAC52D97}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{A108FAF6-0218-47C3-AE1E-F817C531DC21}" = protocol=6 | dir=in | app=c:\program files\mozilla thunderbird\thunderbird.exe | 
"{B2B68BAD-7B85-4A16-B4D7-6C9EE7CA99EA}" = protocol=6 | dir=out | app=system | 
"{BFC99E2D-86DE-4301-98EB-58B7E60FC634}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{D033780C-BA65-4227-B797-D8EFDF027BC1}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | 
"{D84F9B45-DA15-4151-85B2-E649328EA555}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{DBDE2368-7194-4ECD-B1EC-F99C1C7386E4}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{E3C0B56C-5A0B-4458-B01D-C0618885D921}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{E6588858-D1C4-4AAA-89FF-1D9EF03151F2}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{E96B7D41-989F-4FAF-B9B3-E3CE5EAA0F0A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{EEA10732-F770-4C0C-97A8-12FEF0C7437C}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"TCP Query User{6BB080CB-AF93-4DF1-85A8-BF7F8EB314A2}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"TCP Query User{6C346841-0894-4560-93FB-475F97DF753F}C:\users\jensar\appdata\local\google\chrome\application\chrome.exe" = protocol=6 | dir=in | app=c:\users\jensar\appdata\local\google\chrome\application\chrome.exe | 
"TCP Query User{BB7DB0ED-981C-4AF9-84D0-7FDDC5D40A28}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"TCP Query User{BDAF1816-55C6-489B-AE45-69E930CE4A29}C:\program files\steam\steamapps\jensar\day of defeat source\hl2.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\jensar\day of defeat source\hl2.exe | 
"TCP Query User{BDC2283F-0569-47A0-B90C-3960697C168E}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | 
"TCP Query User{D8CD4D96-B8D1-4BF3-9AFD-E4F0776015CE}C:\program files\xfire\xfire.exe" = protocol=6 | dir=in | app=c:\program files\xfire\xfire.exe | 
"TCP Query User{E50703DB-8E18-45CE-9106-EF8B9C0AD86C}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | 
"UDP Query User{058CF363-A804-4359-80F9-D03B28B09C2B}C:\program files\steam\steamapps\jensar\day of defeat source\hl2.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\jensar\day of defeat source\hl2.exe | 
"UDP Query User{1515C76C-6766-475E-B2A3-1FE71C3BBB76}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | 
"UDP Query User{1D51B5E9-69F3-4629-B5C1-46D69143BFDA}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | 
"UDP Query User{9E6CDE42-A620-4311-A262-1B9E79FCA9B4}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"UDP Query User{A3A25AB0-A9D9-4D66-ABA1-7FEC1545C862}C:\program files\xfire\xfire.exe" = protocol=17 | dir=in | app=c:\program files\xfire\xfire.exe | 
"UDP Query User{BF01EEF4-E92F-4BF6-BA12-99789DD870A6}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"UDP Query User{C35F4416-335F-4A13-A628-2647E8C02F32}C:\users\jensar\appdata\local\google\chrome\application\chrome.exe" = protocol=17 | dir=in | app=c:\users\jensar\appdata\local\google\chrome\application\chrome.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{00D0200F-3B4D-4A2F-869E-533ED835A943}" = Hervorhebe-Funktion (Windows Live Toolbar)
"{01FDC9FC-4D4F-4DB0-ACD1-D3E8E1D52902}" = Sony Video Shared Library
"{028ED9C4-25EE-4DEE-9CF4-91034BC89B18}" = Microsoft SQL Server 2005 Express Edition (VAIO_VEDB)
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{04830D0F-F980-4EC0-89F1-594F2FD2A1B5}" = ElsterFormular 2008/2009
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{07629207-FAA0-4F1A-8092-BF5085BE511F}" = Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{09FF4DB8-7DE9-4D47-B7DB-915DB7D9A8CA}" = Uniblue RegistryBooster
"{0AC49543-9CE2-4434-AD42-5AA6E2967FA5}" = Windows Live Toolbar
"{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693}" = BrowserProtect
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{1B6C0E95-182C-48E0-9C4B-4F916308249C}" = iTunes
"{1BEF9285-5530-426B-A5F1-5836B95C7EB1}" = VAIO Original Screen Saver
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = WinDVD for VAIO
"{2063C2E8-3812-4BBD-9998-6610F80C1DD4}" = VAIO Media AC3 Decoder 1.0
"{218761F6-CBF6-4973-B910-A33E6563A1EA}" = Windows Live Toolbar-Erweiterung (Windows Live Toolbar)
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{237CD223-1B9D-47E8-A76C-E478B83CCEA2}" = File Uploader
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{29F05234-DCBB-4FE0-88DC-5160C9250312}" = Adobe Photoshop CS3
"{2A0F3EF9-68EE-49E9-A05B-ED5B82DF63E5}" = Wireless Switch Setting Utility
"{2A2FF7F5-6F0E-4A5D-A881-39365E718BD6}" = VAIO Cozy Orange Wallpaper
"{2DD6C198-FA9A-40B4-8DE5-CE5206E3EB34}" = Smart Menus (Windows Live Toolbar)
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java(TM) SE Runtime Environment 6
"{35E0BA9D-3AFE-402A-99CA-D94FE1E73D18}" = ACDSee Pro 5
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = Browser Address Error Redirector
"{459699C3-9430-4381-964B-4248D87B49F9}" = Apple Mobile Device Support
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AAC95F4-A30E-4EE5-A086-6F79581D0D70}" = ACDSee Pro 2
"{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works
"{500162A0-4DD5-460A-BAFD-895AAE48C532}" = VAIO Media Content Collection 6.0
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{55B781F0-060E-11D4-99D7-00C04FCCB775}" = 
"{560F6B2E-F0DF-44E5-8190-A4A161F0E205}" = VAIO Media 6.0
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57B955CE-B5D3-495D-AF1B-FAEE0540BFEF}" = VAIO Data Restore Tool
"{5855C127-1F20-404D-B7FB-1FD84D7EAB5E}" = VAIO Media Redistribution 6.0
"{59452470-A902-477F-9338-9B88101681BD}" = Setting Utility Series
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5E343EF6-D27C-4CFC-9FAE-9AAFB541BCEE}" = VAIO Photo 2007
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{68A69CFF-130D-4CDE-AB0E-7374ECB144C8}" = VAIO Video & Photo Suite
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6B1F20F2-6321-4669-A58C-33DF8E7517FF}" = VAIO Entertainment Platform
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{73627553-6974-7574-7469-6F6E735C5365}" = InterBase
"{73B5D990-04EA-4751-B10F-5534770B91F2}" = Adobe Color EU Recommended Settings
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{785EB1D4-ECEC-4195-99B4-73C47E187721}" = VAIO Media Integrated Server 6.0
"{786C4AD1-DCBA-49A6-B0EF-B317A344BD66}" = Windows Live Favorites für Windows Live Toolbar
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7A7B0BF3-2F00-4F03-8A9B-6ABCC07B90C6}" = Windows Live installer
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{83CDA18E-0BF3-4ACA-872C-B4CDABF2360E}" = VAIO Update 4
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{87441A59-5E64-4096-A170-14EFE67200C3}" = Picture Control Utility
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{90280407-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional mit FrontPage
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{934A3213-1CB6-4264-84A2-EE080C017BCA}" = VAIO Tender Green Wallpaper
"{953AA732-9AFB-49C9-84A4-7F96CA0A08DA}" = SweetPacks bundle uninstaller
"{97BCD719-6ECB-458F-97D6-F38D2E07375E}" = VAIO Aqua Breeze Wallpaper
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C31FFDC-E796-4884-B990-41B9A5B2A647}" = HP Deskjet 1050 J410 series - Grundlegende Software für das Gerät
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9E319E96-ED8E-4B01-9775-C521A1869A25}" = VAIO Power Management
"{9E407618-D9CD-4F39-9490-9ED45294073D}" = Click to DVD 2.0.05 Menu Data
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Alps Pointing-device for VAIO
"{9FA8B5F5-4BDC-4CF4-9202-AA97FF79AE98}" = VAIO Media
"{A0EB195B-5876-48E6-879D-33D4B2102610}" = SonicStage 4.3
"{A17EABB6-D0C6-44E5-820C-72DC7F495064}" = PaperPort
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A947C2B3-7445-42C4-9063-EE704CACCB22}" = VAIO Hardware Diagnostics
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.02)
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{AF9A04EB-7D8E-41DE-9EDE-4AB9BB2B71B6}" = VAIO Media Registration Tool 6.0
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B7FB0C86-41A4-4402-9A33-912C462042A0}" = Roxio Easy Media Creator Home
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{C183A21C-395A-490F-99D4-CCAB35E32859}" = 
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{C4674FEF-AC81-79B6-C6C9-1E13CD51B77C}" = myphotobook.de
"{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}" = TuneUp Utilities 2013
"{CCD663AE-610D-4BDF-AAB0-E914B044527D}" = OpenMG Secure Module 4.7.00
"{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE72437E-0C5F-4E26-8C07-42AB0C9F7B1D}" = VAIO Video & Photo  Suite
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D1E7142C-6BC3-49EB-A71A-E5D7ADAC7599}" = Nikon File Uploader 2
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}" = Nikon Message Center
"{D642E38E-0D24-486C-9A2D-E316DD696F4B}" = Microsoft XML Parser
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{DDD62492-32A7-412B-8AF1-2CF032AD42E3}" = ViewNX 2
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9-Reihe
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{E809063C-51A3-4269-8984-D1EB742F2151}" = Click to DVD 2.6.00
"{E89D31F3-7F6C-47A3-8669-0A8DDE27B664}" = VAIO Media Registration Tool
"{EA8FA6BE-29BE-4AF2-9352-841F83215EB0}" = Update Manager for SweetPacks 1.1
"{EF3D45BB-2260-4008-88EA-492E7744A9DF}" = Sony Utilities DLL
"{EFD0BFEB-980E-491B-833B-A8848E5E0F0F}" = Hyplay
"{F01F79AD-1F47-4685-AE4E-CCFA4EA9FF7C}" = Adobe Setup
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0D85ADD-DD61-4B43-87A0-6DA52A211A8B}" = VAIO Event Service
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F46E21DF-5BE1-48E2-8390-5EEA8B25E36A}" = Microsoft SQL Server Native Client
"{F4811919-F252-4B25-9AB2-8859A85810B5}" = TuneUp Utilities Language Pack (de-DE)
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FC37C108-821D-4EDE-8F40-D5B497586805}" = VAIO Control Center
"{FCCB0B43-7A6D-49A4-A5B3-B10F592F4EB6}" = LAN-Express AS IEEE 802.11 Wireless LAN
"{FDE96E86-7780-431C-92F7-679C6A7CEC51}" = Microsoft SQL Server VSS Writer
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"{FE58B892-3825-4610-A6A2-E6EFCA83BD97}" = Ulead PhotoImpact 10
"{FE96C49B-DB90-405E-A00E-09E38372F880}" = Camera Control Pro 2
"{FF29A7E2-FF40-4D07-B7E4-2093DE59E10A}" = Adobe Color NA Extra Settings
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"5513-1208-7298-9440" = JDownloader 0.9
"AC3Filter" = AC3Filter (remove only)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Adobe_5f143314a5d434c8511097393d17397" = Adobe Photoshop CS3
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.15
"Audiograbber" = Audiograbber 1.83 SE 
"Avira AntiVir Desktop" = Avira Free Antivirus
"BrothersInArms" = Brothers In Arms
"Capture NX 2" = Capture NX 2
"CCleaner" = CCleaner (remove only)
"Celtx (2.0.2)" = Celtx (2.0.2)
"C-Media CM106 Like Sound Driver" = SPEED-LINK Medusa 5.1 USB
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_104D0200" = HDAUDIO SoftV92 Data Fax Modem with SmartCP
"de.myphotobook.creator.001F9DF2D0BAABEB11F42CCEE43224607B61109C.1" = myphotobook.de
"delta" = Delta toolbar  
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup" = DivX-Setup
"doPDF 7 printer_is1" = doPDF 7.1 printer
"EASEUS Partition Master Home Edition_is1" = EASEUS Partition Master 8.0.1 Home Edition
"ElsterFormular für Privatanwender 12.1.1.6214p" = ElsterFormular für Privatanwender
"Exif-Viewer" = Exif-Viewer 2.50 
"FileZilla Client" = FileZilla Client 3.5.1
"Google Updater" = Google Updater
"Haushaltsbuch2" = Softwarenetz Haushaltsbuch2
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = WinDVD for VAIO
"InstallShield_{CCD663AE-610D-4BDF-AAB0-E914B044527D}" = OpenMG Secure Module 4.7.00
"Live Usb Helper" = Live Usb Helper 0.0.8
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Mirillis Splash Lite" = Splash Lite
"Mozilla Thunderbird (2.0.0.24)" = Mozilla Thunderbird (2.0.0.24)
"NSS" = Norton Security Scan
"OpenMG HotFix4.7-07-13-22-01" = OpenMG Limited Patch 4.7-07-13-24-01
"PC Performer_is1" = PC Performer
"PS3 Media Server" = PS3 Media Server
"Registry Mechanic_is1" = PC Tools Registry Mechanic 11.0
"TomTom HOME" = TomTom HOME 2.8.3.2499
"TuneUp Utilities 2013" = TuneUp Utilities 2013
"UseNeXT_is1" = UseNeXT
"Veetle TV" = Veetle TV 0.9.18
"Verbatim GREEN BUTTON_is1" = Verbatim GREEN BUTTON 1.38
"VideoPerformer" = VideoPerformer
"VLC media player" = VLC media player 2.0.3
"vShare.tv plugin" = vShare.tv plugin 1.3
"Windows Live Toolbar" = Windows Live Toolbar
"Windows Media Encoder 9" = Windows Media Encoder 9-Reihe
"WinRAR archiver" = WinRAR
"WMV9_VCM" = Microsoft Windows Media Video 9 VCM
"Xfire" = Xfire (remove only)
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 23.02.2013 14:30:20 | Computer Name = jensar-notebook | Source = Software Licensing Service | ID = 12291
Description = Fehler beim Starten des Schlüsselverwaltungsdienstes (Key Management
 Service, KMS).  Info:  hr=0xC004D301
 
Error - 23.02.2013 14:36:23 | Computer Name = jensar-notebook | Source = Winlogon | ID = 4103
Description = Fehler bei der Windows-Lizenzaktivierung. Fehler 0x00000000.
 
Error - 23.02.2013 14:36:31 | Computer Name = jensar-notebook | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung Explorer.EXE, Version 6.0.6002.18005, Zeitstempel
 0x49e01da5, fehlerhaftes Modul ntdll.dll, Version 6.0.6002.18541, Zeitstempel 0x4ec3e3d5,
 Ausnahmecode 0xc0000005, Fehleroffset 0x00065c28,  Prozess-ID 0x308, Anwendungsstartzeit
 01ce11f4ae86a090.
 
Error - 23.02.2013 14:37:29 | Computer Name = jensar-notebook | Source = ESENT | ID = 215
Description = WinMail (4508) WindowsMail0: Die Sicherung wurde abgebrochen, weil
 sie vom Client angehalten wurde, oder weil die Verbindung mit dem Client unterbrochen
 wurde.
 
Error - 23.02.2013 14:54:01 | Computer Name = jensar-notebook | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung Explorer.EXE, Version 6.0.6002.18005, Zeitstempel
 0x49e01da5, fehlerhaftes Modul ntdll.dll, Version 6.0.6002.18541, Zeitstempel 0x4ec3e3d5,
 Ausnahmecode 0xc0000005, Fehleroffset 0x000406e0,  Prozess-ID 0xb44, Anwendungsstartzeit
 01ce11f720b11032.
 
Error - 23.02.2013 15:01:54 | Computer Name = jensar-notebook | Source = Application Hang | ID = 1002
Description = Programm iexplore.exe, Version 9.0.8112.16464 arbeitet nicht mehr 
mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet
 "Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen 
über das Problem zu suchen.  Prozess-ID: 156c  Anfangszeit: 01ce11f7ecb28ec2  Zeitpunkt
 der Beendigung: 22
 
Error - 23.02.2013 17:00:00 | Computer Name = jensar-notebook | Source = EventSystem | ID = 4609
Description = 
 
Error - 23.02.2013 17:00:43 | Computer Name = jensar-notebook | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung ntvdm.exe, Version 6.0.6001.18000, Zeitstempel
 0x47918baf, fehlerhaftes Modul kernel32.dll, Version 6.0.6002.18704, Zeitstempel
 0x5065ccb6, Ausnahmecode 0xc0000005, Fehleroffset 0x0003fc16,  Prozess-ID 0x7c4, 
Anwendungsstartzeit 01ce1208d749ba5c.
 
Error - 23.02.2013 17:11:04 | Computer Name = jensar-notebook | Source = EventSystem | ID = 4609
Description = 
 
Error - 23.02.2013 17:13:30 | Computer Name = jensar-notebook | Source = EventSystem | ID = 4609
Description = 
 
[ Media Center Events ]
Error - 16.04.2008 04:04:27 | Computer Name = jensar-notebook | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: Download von Paket MCESpotlight
 gescheitert.
 
[ System Events ]
Error - 23.02.2013 17:13:30 | Computer Name = jensar-notebook | Source = DCOM | ID = 10005
Description = 
 
Error - 23.02.2013 17:13:31 | Computer Name = jensar-notebook | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 23.02.2013 17:13:31 | Computer Name = jensar-notebook | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 23.02.2013 17:14:04 | Computer Name = jensar-notebook | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 23.02.2013 17:14:04 | Computer Name = jensar-notebook | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 23.02.2013 17:15:46 | Computer Name = jensar-notebook | Source = DCOM | ID = 10005
Description = 
 
Error - 23.02.2013 17:18:50 | Computer Name = jensar-notebook | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 23.02.2013 18:20:49 | Computer Name = jensar-notebook | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 23.02.2013 18:58:14 | Computer Name = jensar-notebook | Source = DCOM | ID = 10010
Description = 
 
Error - 23.02.2013 19:01:33 | Computer Name = jensar-notebook | Source = Service Control Manager | ID = 7000
Description = 
 
 
< End of report >
--- --- ---
GMER.txtGMER Logfile:
Code:
ATTFilter
GMER 2.1.19081 - hxxp://www.gmer.net
Rootkit scan 2013-02-24 01:03:52
Windows 6.0.6002 Service Pack 2 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-3 Hitachi_HTS541612J9SA00 rev.SBDOC74P 111,79GB
Running: gmer_2.1.19081.exe; Driver: C:\Users\ADMINI~1\AppData\Local\Temp\kwpcipob.sys


---- System - GMER 2.1 ----

SSDT   8CD466D6                                                                                         ZwCreateSection
SSDT   8CD466E0                                                                                         ZwRequestWaitReplyPort
SSDT   8CD466DB                                                                                         ZwSetContextThread
SSDT   8CD466E5                                                                                         ZwSetSecurityObject
SSDT   8CD466EA                                                                                         ZwSystemDebugControl
SSDT   8CD46677                                                                                         ZwTerminateProcess

---- Kernel code sections - GMER 2.1 ----

.text  ntkrnlpa.exe!KeSetEvent + 215                                                                    84EEB8D8 4 Bytes  [D6, 66, D4, 8C] {SALC ; AAM 0x8c}
.text  ntkrnlpa.exe!KeSetEvent + 539                                                                    84EEBBFC 4 Bytes  [E0, 66, D4, 8C] {LOOPNZ 0x68; AAM 0x8c}
.text  ntkrnlpa.exe!KeSetEvent + 56D                                                                    84EEBC30 4 Bytes  [DB, 66, D4, 8C]
.text  ntkrnlpa.exe!KeSetEvent + 5D1                                                                    84EEBC94 4 Bytes  [E5, 66, D4, 8C] {IN EAX, 0x66; AAM 0x8c}
.text  ntkrnlpa.exe!KeSetEvent + 619                                                                    84EEBCDC 4 Bytes  [EA, 66, D4, 8C]
.text  ...                                                                                              

---- User code sections - GMER 2.1 ----

.text  C:\PROGRA~1\Borland\INTERB~1\Bin\IBGuard.EXE[256] USER32.dll!DialogBoxParamW                     75BF10B0 5 Bytes  JMP 74FE44C0 c:\progra~2\browse~1\261095~1.52\{c16c1~1\browse~1.dll
.text  C:\Windows\system32\schtasks.exe[344] USER32.dll!DialogBoxParamW                                 75BF10B0 5 Bytes  JMP 74FE44C0 c:\progra~2\browse~1\261095~1.52\{c16c1~1\browse~1.dll
.text  C:\Windows\system32\wininit.exe[520] USER32.dll!DialogBoxParamW                                  75BF10B0 5 Bytes  JMP 74FE44C0 c:\progra~2\browse~1\261095~1.52\{c16c1~1\browse~1.dll
.text  C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe[560] USER32.dll!DialogBoxParamW  75BF10B0 5 Bytes  JMP 74FE44C0 c:\progra~2\browse~1\261095~1.52\{c16c1~1\browse~1.dll
.text  C:\Windows\system32\services.exe[564] USER32.dll!DialogBoxParamW                                 75BF10B0 5 Bytes  JMP 74FE44C0 c:\progra~2\browse~1\261095~1.52\{c16c1~1\browse~1.dll
.text  ...                                                                                              

---- EOF - GMER 2.1 ----
--- --- ---
Hoffe so sehr auf Hilfe. Vielen Dank im voraus!

 

Themen zu GVU-windows funktioniert aber bin ich sauber?
antivir, audiograbber, avira, bho, bildschirm, bonjour, delta toolbar, desktop, error, excel, festplatte, filescout.exe, firefox, flash player, helper, home, iexplore.exe, install.exe, logfile, msiexec.exe, ntdll.dll, object, office 2007, plug-in, realtek, scan, security, senden, software, starten, svchost.exe, tarma, usenext, virus, vista, visual studio


« GVU-Trojaner (in Benutzerkonto) | Bundespolizei-Trojaner in Explorer.exe? »


Ähnliche Themen: GVU-windows funktioniert aber bin ich sauber?


  1. Windows 8, wlan ist verbunden aber funktioniert
    Log-Analyse und Auswertung - 15.09.2015 (21)
  2. Windows 7 Kein Internetzugriff in allen Browsern, aber Skype, IMAP usw. funktioniert
    Log-Analyse und Auswertung - 03.09.2015 (7)
  3. Windows 7: Computer bootet, aber funktioniert sonst nur im abgesicherten Modus
    Log-Analyse und Auswertung - 01.09.2015 (5)
  4. Windows 7 neu installieren, Toshiba HDD Recovery vorhanden, funktioniert aber nicht
    Alles rund um Windows - 26.08.2013 (2)
  5. GVU Trojaner? - Syptome behoben, aber PC wohl noch nicht sauber
    Plagegeister aller Art und deren Bekämpfung - 05.04.2013 (9)
  6. GVU Trojaner - geht wieder aber wahrscheinlich nicht sauber
    Plagegeister aller Art und deren Bekämpfung - 20.01.2013 (15)
  7. Notebook jetzt vom Plagegeister befreit - aber ist auch wirklich sauber?
    Log-Analyse und Auswertung - 11.01.2013 (24)
  8. GVU-Trojaner mit Avira gelöscht - Symptome weg - Aber PC sauber?
    Log-Analyse und Auswertung - 21.11.2012 (2)
  9. GVU Trojaner. Windows läuft, aber alles sauber?
    Log-Analyse und Auswertung - 27.09.2012 (6)
  10. Bundespolizei-Trojaner - Shell Datei ist aber sauber!
    Log-Analyse und Auswertung - 12.12.2011 (24)
  11. Security Shield - Runter ging ja, aber ist mein PC nun wieder sauber
    Plagegeister aller Art und deren Bekämpfung - 01.07.2011 (18)
  12. Antimalware Doctor und weitere entfernt, aber GMER hängt. Sauber?
    Plagegeister aller Art und deren Bekämpfung - 08.03.2011 (28)
  13. Antivir Solution Pro - entfernt, aber ist mein Rechner wirklich sauber?
    Plagegeister aller Art und deren Bekämpfung - 09.08.2010 (17)
  14. Mehrere Trojaner beseitigt, aber ist das System nun wirklich sauber?!?
    Plagegeister aller Art und deren Bekämpfung - 07.09.2008 (7)
  15. 7 Viren/ Trojaner gefunden, bringe den PC aber nicht sauber
    Mülltonne - 04.09.2008 (4)
  16. 4 Viren in Dateien, aber System sauber?
    Log-Analyse und Auswertung - 29.01.2008 (16)
  17. sauber, aber elend langsam
    Log-Analyse und Auswertung - 23.04.2005 (11)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema GVU-windows funktioniert aber bin ich sauber? - Hallo, hatte heute Vormittag den GVU-Trojaner erwischt. Nach Flash Aktualisierung, Seite geöffnet im Internetexplorer, Polizeiseite mit "Lösegeldforderung" von 100€. Habe daraufhin die Internetverbindung gekappt und wurde mit weissem Bildschirm bei - GVU-windows funktioniert aber bin ich sauber?...
Archiv
Du betrachtest: GVU-windows funktioniert aber bin ich sauber? auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55