| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: GVU-windows funktioniert aber bin ich sauber?Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
24.02.2013, 01:19
| #1 |
| |  GVU-windows funktioniert aber bin ich sauber? Hallo, hatte heute Vormittag den GVU-Trojaner erwischt. Nach Flash Aktualisierung, Seite geöffnet im Internetexplorer, Polizeiseite mit "Lösegeldforderung" von 100€. Habe daraufhin die Internetverbindung gekappt und wurde mit weissem Bildschirm bei dem nichts mehr ging belohnt. Neustart im abgesicherten Modus ging nicht. Systemwiederherstellungspunkt gab es nicht. Mit anderem Benutzer (Gast) konnte ich im abgesicherten Modus Dateien, die um diese Zeit geändert wurden von der Festplatte entfernen. Danach ging der Start des Administrators normal, Gast ging normal, nur der verursachende Benutzer immer noch weisser Bildschirm. Über Internet Bitdefender geladen und Antivir, alles geprüft und schliesslich geht alles wieder. Aber bin ich den Virus los? Habe die Anti-Malware Software prüfen lassen die fand noch was. Konnte diesen Report aber nicht kopieren, da der nach Entfernen der infizieren Dateien und dem dann folgenden Neustart weg war :-( (Sorry bin kein pc Held) Die 3 anderen hab ich. OTL.textOTL Logfile: Code:
ATTFilter OTL logfile created on: 24.02.2013 00:09:49 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\jensar\Desktop\ForumHelp Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1,99 Gb Total Physical Memory | 1,20 Gb Available Physical Memory | 60,48% Memory free 4,21 Gb Paging File | 3,15 Gb Available in Paging File | 74,63% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 102,48 Gb Total Space | 0,86 Gb Free Space | 0,84% Space Free | Partition Type: NTFS Drive I: | 1,91 Gb Total Space | 1,57 Gb Free Space | 81,97% Space Free | Partition Type: FAT Computer Name: JENSAR-NOTEBOOK | User Name: Administrator | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.02.23 22:50:23 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\jensar\Desktop\ForumHelp\OTL.exe PRC - [2013.02.23 21:34:29 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe PRC - [2013.02.23 21:34:09 | 000,079,584 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe PRC - [2013.02.23 21:34:06 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe PRC - [2013.02.23 21:34:05 | 000,385,248 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe PRC - [2013.02.21 10:30:09 | 002,561,488 | ---- | M] () -- C:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe PRC - [2012.12.14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012.12.14 16:49:28 | 000,512,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2012.12.14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe PRC - [2012.09.19 11:29:44 | 001,869,152 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesApp32.exe PRC - [2012.09.19 11:29:42 | 001,699,168 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesService32.exe PRC - [2011.10.25 13:44:42 | 000,793,048 | ---- | M] (PC Tools) -- C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe PRC - [2011.10.25 13:44:42 | 000,103,896 | ---- | M] (PC Tools) -- C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe PRC - [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2008.08.24 10:59:12 | 000,870,240 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Update 4\VAIOUpdt.exe PRC - [2008.01.18 22:33:28 | 000,151,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\schtasks.exe PRC - [2007.02.13 15:19:48 | 000,182,392 | ---- | M] (Sony Corporation) -- C:\Program Files\sony\VAIO Event Service\VESMgr.exe PRC - [2007.02.13 15:19:48 | 000,100,472 | ---- | M] (Sony Corporation) -- C:\Program Files\sony\VAIO Event Service\VESMgrSub.exe PRC - [2007.02.09 10:54:42 | 000,923,768 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Power Management\SPMgr.exe PRC - [2007.01.12 06:52:25 | 000,118,784 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\Apoint.exe PRC - [2007.01.12 06:52:23 | 000,042,544 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\ApMsgFwd.exe PRC - [2006.11.28 19:27:46 | 000,274,432 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe PRC - [2006.11.28 19:09:58 | 000,135,168 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe PRC - [2006.11.28 19:09:46 | 000,172,032 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe PRC - [2006.11.02 00:46:00 | 000,215,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\WindowsMobile\wmdSync.exe PRC - [2001.01.05 11:41:24 | 000,022,016 | ---- | M] (Inprise Corporation) -- C:\PROGRA~1\Borland\INTERB~1\Bin\IBGuard.EXE PRC - [2001.01.05 11:40:58 | 001,701,888 | ---- | M] (Inprise Corporation) -- C:\PROGRA~1\Borland\INTERB~1\Bin\ibserver.exe ========== Modules (No Company Name) ========== MOD - [2013.02.21 10:28:52 | 002,231,248 | ---- | M] () -- c:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.dll MOD - [2011.08.28 22:19:12 | 000,093,696 | ---- | M] () -- C:\Program Files\FileZilla FTP Client\fzshellext.dll MOD - [2008.09.16 19:18:06 | 000,132,608 | ---- | M] () -- C:\Program Files\WinRAR\rarext.dll MOD - [2007.01.24 10:04:22 | 000,061,440 | ---- | M] () -- C:\Windows\System32\igfxTMM.dll MOD - [2007.01.24 10:02:24 | 000,077,824 | ---- | M] () -- C:\Windows\System32\hccutils.dll ========== Services (SafeList) ========== SRV - [2013.02.23 21:34:29 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2013.02.23 21:34:06 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2013.02.22 19:06:16 | 000,251,248 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013.02.21 10:30:09 | 002,561,488 | ---- | M] () [Auto | Running] -- C:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe -- (BrowserProtect) SRV - [2012.12.18 20:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012.12.14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012.12.14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler) SRV - [2012.09.19 11:29:42 | 001,699,168 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc) SRV - [2012.01.23 05:43:08 | 000,092,592 | ---- | M] (TomTom) [Disabled | Stopped] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService) SRV - [2011.10.25 13:44:42 | 000,793,048 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe -- (PCToolsSSDMonitorSvc) SRV - [2008.12.06 23:56:05 | 000,104,944 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2008.10.10 14:39:44 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2008.01.18 22:38:26 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend) SRV - [2008.01.18 22:36:50 | 000,365,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm) SRV - [2008.01.18 22:36:16 | 000,167,936 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr) SRV - [2007.02.13 15:19:48 | 000,182,392 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\sony\VAIO Event Service\VESMgr.exe -- (VAIO Event Service) SRV - [2007.01.24 15:56:24 | 000,075,320 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AvLib\SSScsiSV.exe -- (SSScsiSV) SRV - [2007.01.24 15:56:20 | 000,112,184 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AvLib\SsBeSvc.exe -- (SonicStage Back-End Service) SRV - [2007.01.16 13:05:00 | 002,523,136 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\sony\VAIO Media Integrated Server\VMISrv.exe -- (VAIOMediaPlatform-IntegratedServer-AppServer) SRV - [2007.01.16 13:05:00 | 001,089,536 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe -- (VAIOMediaPlatform-UCLS-UPnP) SRV - [2007.01.16 13:05:00 | 001,089,536 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe -- (VAIOMediaPlatform-IntegratedServer-UPnP) SRV - [2007.01.10 15:51:06 | 000,745,472 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\sony\VAIO Media Integrated Server\UCLS.exe -- (VAIOMediaPlatform-UCLS-AppServer) SRV - [2007.01.10 10:43:24 | 000,073,728 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe -- (VAIO Entertainment TV Device Arbitration Service) SRV - [2007.01.08 16:06:40 | 000,397,312 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe -- (VAIOMediaPlatform-UCLS-HTTP) SRV - [2007.01.08 16:06:40 | 000,397,312 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe -- (VAIOMediaPlatform-IntegratedServer-HTTP) SRV - [2007.01.08 16:01:34 | 000,491,520 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\sony\VAIO Media Integrated Server\Platform\VmGateway.exe -- (VAIOMediaPlatform-Mobile-Gateway) SRV - [2006.12.14 01:21:20 | 000,045,056 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AvLib\MSCSPTISRV.exe -- (MSCSPTISRV) SRV - [2006.12.14 01:02:08 | 000,069,632 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AvLib\SPTISRV.exe -- (SPTISRV) SRV - [2006.12.14 00:46:16 | 000,057,344 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AvLib\PACSPTISVR.exe -- (PACSPTISVR) SRV - [2006.11.28 19:27:46 | 000,274,432 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe -- (Vcsw) SRV - [2006.11.28 19:09:58 | 000,135,168 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe -- (VzFw) SRV - [2006.11.28 19:09:46 | 000,172,032 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe -- (VzCdbSvc) SRV - [2001.01.05 11:41:24 | 000,022,016 | ---- | M] (Inprise Corporation) [Auto | Running] -- C:\PROGRA~1\Borland\INTERB~1\Bin\IBGuard.EXE -- (InterBaseGuardian) SRV - [2001.01.05 11:40:58 | 001,701,888 | ---- | M] (Inprise Corporation) [On_Demand | Running] -- C:\PROGRA~1\Borland\INTERB~1\Bin\ibserver.exe -- (InterBaseServer) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\jensar\AppData\Local\Temp\musbehco.sys -- (musbehco) DRV - File not found [Kernel | System | Unknown] -- C:\Windows\system32\drivers\kbdqtezq.sys -- (kbdqtezq) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp) DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive) DRV - [2013.02.23 21:34:40 | 000,036,552 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr) DRV - [2013.02.23 21:34:40 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2013.02.23 21:34:39 | 000,134,336 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2013.02.23 21:34:39 | 000,083,944 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2012.12.14 16:49:28 | 000,021,104 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector) DRV - [2012.09.19 10:50:50 | 000,010,088 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv) DRV - [2011.03.24 09:57:54 | 000,014,216 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\epmntdrv.sys -- (epmntdrv) DRV - [2011.03.24 09:57:54 | 000,008,456 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\EuGdiDrv.sys -- (EuGdiDrv) DRV - [2009.09.29 15:29:47 | 000,721,904 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sptd.sys -- (sptd) DRV - [2007.12.06 13:40:14 | 000,761,856 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr) DRV - [2007.07.20 17:19:20 | 001,313,792 | ---- | M] (C-Media Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CM106.sys -- (USBMULCD) DRV - [2007.04.23 12:29:00 | 000,812,544 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ti21sony.sys -- (ti21sony) DRV - [2007.02.06 06:54:39 | 000,027,520 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SonyNC.sys -- (SNC) DRV - [2007.01.24 11:28:35 | 001,786,880 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) DRV - [2007.01.12 06:52:24 | 000,140,800 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService) DRV - [2007.01.10 12:09:12 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio) DRV - [2006.10.18 11:56:30 | 000,010,216 | ---- | M] (Sony Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\DMICall.sys -- (DMICall) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.club-vaio.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKLM\..\SearchScopes,DefaultScope = {5CBCD265-7AE0-4E42-9AC6-82854476204F} IE - HKLM\..\SearchScopes\{5CBCD265-7AE0-4E42-9AC6-82854476204F}: "URL" = hxxp://www.google.de/search?hl=de&q={searchTerms}&meta= IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.club-vaio.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://partnerpage.google.com/eu.s [Binary data over 200 bytes] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://partnerpage.google.com/eu.s [Binary data over 200 bytes] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.club-vaio.com IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7SNYK IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_168.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc) FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.01.07 10:26:59 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\Program Files\IB Updater\Firefox FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012.11.19 15:40:36 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2013.02.23 13:05:59 | 000,000,000 | ---D | M] [2012.10.24 19:20:50 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Windows Live Toolbar Helper) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation) O2 - BHO: (delta Helper Object) - {C1AF5FA5-852C-4C90-812E-A7F75E011D87} - C:\Program Files\Delta\delta\1.8.10.0\bh\delta.dll (Delta-search.com) O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\PROGRA~1\GOOGLE~1\BAE.dll (Your Company Name) O3 - HKLM\..\Toolbar: (Delta Toolbar) - {82E1477C-B154-48D3-9891-33D83C26BCD3} - C:\Program Files\Delta\delta\1.8.10.0\deltaTlbr.dll (Delta-search.com) O3 - HKLM\..\Toolbar: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation) O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.) O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [NeroFilterCheck] C:\Windows\System32\NeroCheck.exe (Ahead Software Gmbh) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [SSDMonitor] C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe (PC Tools) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation) O4 - HKCU..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware (cleanup)] C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll (Malwarebytes Corporation) O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{63322D96-B808-49C1-BA74-E67EB9A64D31}: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{75150A78-C350-47D0-A029-3EEC5D8DD586}: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (c:\progra~2\browse~1\261095~1.52\{c16c1~1\browse~1.dll) - c:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.dll () O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\VESWinlogon: DllName - (VESWinlogon.dll) - C:\Windows\System32\VESWinlogon.dll (Sony Corporation) O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg O27 - HKLM IFEO\paprport.exe: Debugger - C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe (TuneUp Software) O27 - HKLM IFEO\pppagevw.exe: Debugger - C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe (TuneUp Software) O27 - HKLM IFEO\tomtomhome.exe: Debugger - C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe (TuneUp Software) O27 - HKLM IFEO\uninstall tomtom home.exe: Debugger - C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe (TuneUp Software) O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\Autorun.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2013.02.23 22:57:15 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Malwarebytes [2013.02.23 22:56:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.02.23 22:56:51 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2013.02.23 22:56:51 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2013.02.23 21:46:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [2013.02.23 21:45:45 | 000,134,336 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avipbb.sys [2013.02.23 21:45:45 | 000,083,944 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avgntflt.sys [2013.02.23 21:45:45 | 000,036,552 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avkmgr.sys [2013.02.23 21:45:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2013.02.23 21:45:32 | 000,000,000 | ---D | C] -- C:\Program Files\Avira [2013.02.23 19:42:12 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\TuneUp Software [2013.02.23 19:38:29 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Apple Computer [2013.02.23 19:37:48 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\PerformerSoft [2013.02.23 18:59:11 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\Vorlagen [2013.02.23 18:59:11 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\AppData\Local\Verlauf [2013.02.23 18:59:11 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\AppData\Local\Temporary Internet Files [2013.02.23 18:59:11 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\Startmenü [2013.02.23 18:59:11 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\SendTo [2013.02.23 18:59:11 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\Recent [2013.02.23 18:59:11 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\Netzwerkumgebung [2013.02.23 18:59:11 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\Lokale Einstellungen [2013.02.23 18:59:11 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\Documents\Eigene Videos [2013.02.23 18:59:11 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\Documents\Eigene Musik [2013.02.23 18:59:11 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\Eigene Dateien [2013.02.23 18:59:11 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\Documents\Eigene Bilder [2013.02.23 18:59:11 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\Druckumgebung [2013.02.23 18:59:11 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\Cookies [2013.02.23 18:59:11 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\AppData\Local\Anwendungsdaten [2013.02.23 18:59:11 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\Anwendungsdaten [2013.02.23 18:58:58 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Google [2013.02.23 18:58:58 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Adobe [2013.02.23 18:58:57 | 000,000,000 | --SD | C] -- C:\Users\Administrator\AppData\Roaming\Microsoft [2013.02.23 18:58:57 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Videos [2013.02.23 18:58:57 | 000,000,000 | R--D | C] -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup [2013.02.23 18:58:57 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Searches [2013.02.23 18:58:57 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Saved Games [2013.02.23 18:58:57 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Pictures [2013.02.23 18:58:57 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Music [2013.02.23 18:58:57 | 000,000,000 | R--D | C] -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance [2013.02.23 18:58:57 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Links [2013.02.23 18:58:57 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Favorites [2013.02.23 18:58:57 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Downloads [2013.02.23 18:58:57 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Documents [2013.02.23 18:58:57 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Desktop [2013.02.23 18:58:57 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Contacts [2013.02.23 18:58:57 | 000,000,000 | R--D | C] -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools [2013.02.23 18:58:57 | 000,000,000 | R--D | C] -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories [2013.02.23 18:58:57 | 000,000,000 | -H-D | C] -- C:\Users\Administrator\AppData [2013.02.23 18:58:57 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Temp [2013.02.23 18:58:57 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Sony Corporation [2013.02.23 18:58:57 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Seven Zip [2013.02.23 18:58:57 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Documents\My Skype Wallpapers [2013.02.23 18:58:57 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Documents\My Skype Pictures [2013.02.23 18:58:57 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Microsoft Help [2013.02.23 18:58:57 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Microsoft [2013.02.23 18:58:57 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Media Center Programs [2013.02.23 18:58:57 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Macromedia [2013.02.23 18:58:57 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Identities [2013.02.23 18:58:57 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Google [2013.02.21 17:14:22 | 000,000,000 | ---D | C] -- C:\Program Files\JDownloader [2013.02.21 16:50:36 | 000,000,000 | ---D | C] -- C:\Windows\System32\searchplugins [2013.02.21 16:50:36 | 000,000,000 | ---D | C] -- C:\Windows\System32\Extensions [2013.02.21 16:49:32 | 000,000,000 | ---D | C] -- C:\ProgramData\BrowserProtect [2013.02.21 16:49:29 | 000,000,000 | ---D | C] -- C:\Program Files\Delta [2013.02.21 16:48:23 | 000,018,096 | ---- | C] (PerformerSoft LLC) -- C:\Windows\System32\roboot.exe [2013.02.21 16:48:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Tarma Installer [2013.02.21 16:48:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Performer [2013.02.21 16:48:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon [2013.02.21 16:48:06 | 000,000,000 | ---D | C] -- C:\Program Files\PC Performer [2013.02.21 16:47:58 | 000,000,000 | ---D | C] -- C:\Program Files\VideoPerformer [2013.02.21 16:47:58 | 000,000,000 | ---D | C] -- C:\Program Files\File Scout [2013.02.20 16:28:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PS3 Media Server [2013.02.20 16:28:40 | 000,000,000 | ---D | C] -- C:\ProgramData\PMS [2013.02.20 16:28:20 | 000,000,000 | ---D | C] -- C:\Program Files\PS3 Media Server [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.02.24 00:13:00 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-441438614-1551882760-1506043834-1003UA.job [2013.02.24 00:13:00 | 000,000,420 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{CDACD1E6-389A-44F2-AA68-8C52B44D16E1}.job [2013.02.24 00:06:15 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.02.24 00:02:28 | 000,000,334 | ---- | M] () -- C:\Windows\tasks\RegistryBooster.job [2013.02.24 00:00:26 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.02.23 23:59:54 | 000,000,736 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2013.02.23 23:59:54 | 000,000,736 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2013.02.23 23:57:59 | 000,000,020 | ---- | M] () -- C:\Users\Administrator\defogger_reenable [2013.02.23 23:28:09 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.02.23 21:46:25 | 000,001,847 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2013.02.23 21:34:40 | 000,036,552 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avkmgr.sys [2013.02.23 21:34:40 | 000,028,520 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys [2013.02.23 21:34:39 | 000,134,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avipbb.sys [2013.02.23 21:34:39 | 000,083,944 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avgntflt.sys [2013.02.23 20:49:11 | 000,691,512 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2013.02.23 20:49:11 | 000,647,808 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2013.02.23 20:49:11 | 000,153,344 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2013.02.23 20:49:11 | 000,124,558 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2013.02.23 12:48:46 | 000,000,274 | ---- | M] () -- C:\Windows\tasks\PC Performer_UPDATES.job [2013.02.23 12:43:19 | 000,000,974 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job [2013.02.23 04:54:07 | 000,000,438 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for jensar.job [2013.02.22 17:13:19 | 000,001,072 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-441438614-1551882760-1506043834-1003Core.job [2013.02.22 15:02:16 | 000,000,266 | ---- | M] () -- C:\Windows\tasks\PC Performer_DEFAULT.job [2013.02.20 16:28:49 | 000,000,799 | ---- | M] () -- C:\Users\Public\Desktop\PS3 Media Server.lnk [2013.02.14 03:37:07 | 001,673,680 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.02.23 23:57:43 | 000,000,020 | ---- | C] () -- C:\Users\Administrator\defogger_reenable [2013.02.23 21:46:25 | 000,001,847 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2013.02.23 19:37:41 | 000,000,949 | ---- | C] () -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk [2013.02.23 19:30:20 | 000,000,736 | -H-- | C] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2013.02.23 19:30:20 | 000,000,736 | -H-- | C] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2013.02.23 18:59:00 | 000,001,759 | ---- | C] () -- C:\Users\Administrator\Desktop\eBay.lnk [2013.02.23 18:59:00 | 000,001,553 | ---- | C] () -- C:\Users\Administrator\Desktop\Registrieren Sie Ihren VAIO.lnk [2013.02.23 18:59:00 | 000,000,944 | ---- | C] () -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk [2013.02.23 18:59:00 | 000,000,915 | ---- | C] () -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk [2013.02.23 18:58:59 | 000,001,729 | ---- | C] () -- C:\Users\Administrator\Desktop\VAIO-Benutzerhandbücher.lnk [2013.02.23 12:23:32 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk [2013.02.22 19:04:10 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.02.21 17:16:12 | 000,001,786 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader.lnk [2013.02.21 17:16:12 | 000,001,730 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader Deinstallationsprogramm.lnk [2013.02.21 17:16:12 | 000,001,709 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader Update.lnk [2013.02.21 16:50:33 | 000,000,266 | ---- | C] () -- C:\Windows\tasks\PC Performer_DEFAULT.job [2013.02.21 16:49:49 | 000,000,274 | ---- | C] () -- C:\Windows\tasks\PC Performer_UPDATES.job [2013.02.20 16:28:49 | 000,000,799 | ---- | C] () -- C:\Users\Public\Desktop\PS3 Media Server.lnk [2013.01.12 10:19:50 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini [2012.01.07 13:22:05 | 000,037,336 | ---- | C] () -- C:\Windows\System32\CleanMFT32.exe [2011.07.09 17:04:44 | 002,340,992 | ---- | C] () -- C:\Windows\System32\BootMan.exe [2011.07.09 17:04:44 | 000,018,048 | ---- | C] () -- C:\Windows\System32\EuEpmGdi.dll [2011.07.09 17:04:43 | 000,086,408 | ---- | C] () -- C:\Windows\System32\setupempdrv03.exe [2011.07.09 17:04:43 | 000,014,216 | ---- | C] () -- C:\Windows\System32\epmntdrv.sys [2011.07.09 17:04:43 | 000,008,456 | ---- | C] () -- C:\Windows\System32\EuGdiDrv.sys [2010.08.21 14:35:42 | 000,000,268 | RH-- | C] () -- C:\ProgramData\User Pictures [2010.08.21 14:35:42 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLev.DAT [2010.08.21 14:35:41 | 000,000,268 | RH-- | C] () -- C:\ProgramData\User Loops [2010.08.21 14:35:41 | 000,000,268 | RH-- | C] () -- C:\ProgramData\URLs [2010.08.21 14:35:41 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLet.DAT [2010.08.21 14:35:41 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLes.DAT [2010.05.25 16:15:23 | 000,000,012 | RH-- | C] () -- C:\ProgramData\Horn Section [2010.05.25 16:12:07 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLbx.DAT [2010.05.25 14:26:44 | 000,000,000 | -H-- | C] () -- C:\ProgramData\PKP_DLdw.DAT [2008.10.01 08:38:48 | 000,000,000 | ---- | C] () -- C:\ProgramData\PKP_DLdy.DAT [2008.05.07 06:53:36 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2007.12.25 16:31:26 | 000,000,305 | ---- | C] () -- C:\ProgramData\addr_file.html ========== ZeroAccess Check ========== [2006.11.02 13:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 07:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 07:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2013.02.23 19:37:48 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\PerformerSoft [2013.02.23 19:42:12 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\TuneUp Software ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 99 bytes -> C:\ProgramData\TEMP:D1B5B4F1 @Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:861A898F < End of report > Extras.txtOTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 24.02.2013 00:09:49 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\jensar\Desktop\ForumHelp
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1,99 Gb Total Physical Memory | 1,20 Gb Available Physical Memory | 60,48% Memory free
4,21 Gb Paging File | 3,15 Gb Available in Paging File | 74,63% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 102,48 Gb Total Space | 0,86 Gb Free Space | 0,84% Space Free | Partition Type: NTFS
Drive I: | 1,91 Gb Total Space | 1,57 Gb Free Space | 81,97% Space Free | Partition Type: FAT
Computer Name: JENSAR-NOTEBOOK | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- "C:\Program Files\File Scout\filescout.exe" /open "%1" ()
Directory [ACDSee Pro 2.0.Browse] -- "C:\Program Files\ACD Systems\ACDSee Pro\2.0\ACDSeeQVPro2.exe" "%1" (ACD Systems)
Directory [ACDSee Pro 5.Manage] -- "C:\Program Files\ACD Systems\ACDSee Pro\5.0\ACDSeeQVPro5.exe" "%1" (ACD Systems International Inc.)
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1E3C0BE7-B94D-46D3-9913-A7B1EABE2981}" = rport=10243 | protocol=6 | dir=out | app=system |
"{209572C9-2CE6-454F-8FC8-C04EE628EC5B}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{22E93C0F-2A09-4842-A0B5-E255C130D280}" = lport=10243 | protocol=6 | dir=in | app=system |
"{2A491EEE-F425-4C01-9B63-E6C9C3618444}" = lport=2869 | protocol=6 | dir=in | app=system |
"{39F40096-4B0D-4904-A520-7081EAF50F10}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4848FAD7-CF8B-4AA9-A53A-7C464B553A50}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{6930FE35-5459-46E2-86D2-DC7F7FEB2CDA}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{6A7B4E2D-3DDC-4828-B569-7A3E67F8C699}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{827A4D15-391E-43BB-89DB-5EEA5225DF86}" = lport=2869 | protocol=6 | dir=in | app=system |
"{B69246FB-FB85-49A8-BF92-1DFB4CB92558}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{CB14E1CD-E648-4937-893F-70553E597204}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{CF78B8C6-2FBE-480B-8593-E9B670BEB18C}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0140C11F-39FE-4752-875A-ED89FD50FC81}" = dir=in | app=c:\program files\hp\hp deskjet 1050 j410 series\bin\usbsetup.exe |
"{05F2A00F-E936-43CF-878B-72465002204E}" = protocol=6 | dir=in | app=c:\program files\sweetim\communicator\sweetpacksupdatemanager.exe |
"{1425FB25-1C81-471C-97F0-5A8E27D414BD}" = protocol=17 | dir=in | app=c:\program files\mozilla thunderbird\thunderbird.exe |
"{156AB89F-D9D0-4DBE-B80D-2CC200307EB3}" = protocol=6 | dir=in | app=c:\windows\system32\msiexec.exe |
"{1B07F153-3EE3-4EBE-8957-0FDCBA7F6633}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{2993B90D-FC76-40AF-9278-324162D2DDCF}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{3EDB5807-2F5C-4253-8A0E-A9ED4F5CE5CF}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{55A56908-44AD-4A0F-89C9-8CE8F0AB40E9}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{63E1792D-D0CB-4173-B276-50BBD14280BA}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{7328683B-CE4B-4B59-ADFC-FC5D6C802991}" = protocol=17 | dir=in | app=c:\program files\sweetim\communicator\sweetpacksupdatemanager.exe |
"{7C9DDA84-39BD-489E-8948-69D834B8E77B}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{8B4EF6CA-F769-4277-8236-E3EC64928ED2}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{8DB790D7-2018-4A86-8A1E-BD9E3C91E403}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{8EBEB34A-B1FA-40CD-8105-F83E1D695B09}" = protocol=17 | dir=in | app=c:\windows\system32\msiexec.exe |
"{964BC297-D334-4B39-9C85-DF63AAC52D97}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{A108FAF6-0218-47C3-AE1E-F817C531DC21}" = protocol=6 | dir=in | app=c:\program files\mozilla thunderbird\thunderbird.exe |
"{B2B68BAD-7B85-4A16-B4D7-6C9EE7CA99EA}" = protocol=6 | dir=out | app=system |
"{BFC99E2D-86DE-4301-98EB-58B7E60FC634}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D033780C-BA65-4227-B797-D8EFDF027BC1}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{D84F9B45-DA15-4151-85B2-E649328EA555}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{DBDE2368-7194-4ECD-B1EC-F99C1C7386E4}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{E3C0B56C-5A0B-4458-B01D-C0618885D921}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{E6588858-D1C4-4AAA-89FF-1D9EF03151F2}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E96B7D41-989F-4FAF-B9B3-E3CE5EAA0F0A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{EEA10732-F770-4C0C-97A8-12FEF0C7437C}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"TCP Query User{6BB080CB-AF93-4DF1-85A8-BF7F8EB314A2}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{6C346841-0894-4560-93FB-475F97DF753F}C:\users\jensar\appdata\local\google\chrome\application\chrome.exe" = protocol=6 | dir=in | app=c:\users\jensar\appdata\local\google\chrome\application\chrome.exe |
"TCP Query User{BB7DB0ED-981C-4AF9-84D0-7FDDC5D40A28}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{BDAF1816-55C6-489B-AE45-69E930CE4A29}C:\program files\steam\steamapps\jensar\day of defeat source\hl2.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\jensar\day of defeat source\hl2.exe |
"TCP Query User{BDC2283F-0569-47A0-B90C-3960697C168E}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"TCP Query User{D8CD4D96-B8D1-4BF3-9AFD-E4F0776015CE}C:\program files\xfire\xfire.exe" = protocol=6 | dir=in | app=c:\program files\xfire\xfire.exe |
"TCP Query User{E50703DB-8E18-45CE-9106-EF8B9C0AD86C}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"UDP Query User{058CF363-A804-4359-80F9-D03B28B09C2B}C:\program files\steam\steamapps\jensar\day of defeat source\hl2.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\jensar\day of defeat source\hl2.exe |
"UDP Query User{1515C76C-6766-475E-B2A3-1FE71C3BBB76}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"UDP Query User{1D51B5E9-69F3-4629-B5C1-46D69143BFDA}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"UDP Query User{9E6CDE42-A620-4311-A262-1B9E79FCA9B4}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{A3A25AB0-A9D9-4D66-ABA1-7FEC1545C862}C:\program files\xfire\xfire.exe" = protocol=17 | dir=in | app=c:\program files\xfire\xfire.exe |
"UDP Query User{BF01EEF4-E92F-4BF6-BA12-99789DD870A6}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{C35F4416-335F-4A13-A628-2647E8C02F32}C:\users\jensar\appdata\local\google\chrome\application\chrome.exe" = protocol=17 | dir=in | app=c:\users\jensar\appdata\local\google\chrome\application\chrome.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{00D0200F-3B4D-4A2F-869E-533ED835A943}" = Hervorhebe-Funktion (Windows Live Toolbar)
"{01FDC9FC-4D4F-4DB0-ACD1-D3E8E1D52902}" = Sony Video Shared Library
"{028ED9C4-25EE-4DEE-9CF4-91034BC89B18}" = Microsoft SQL Server 2005 Express Edition (VAIO_VEDB)
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{04830D0F-F980-4EC0-89F1-594F2FD2A1B5}" = ElsterFormular 2008/2009
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{07629207-FAA0-4F1A-8092-BF5085BE511F}" = Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{09FF4DB8-7DE9-4D47-B7DB-915DB7D9A8CA}" = Uniblue RegistryBooster
"{0AC49543-9CE2-4434-AD42-5AA6E2967FA5}" = Windows Live Toolbar
"{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693}" = BrowserProtect
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{1B6C0E95-182C-48E0-9C4B-4F916308249C}" = iTunes
"{1BEF9285-5530-426B-A5F1-5836B95C7EB1}" = VAIO Original Screen Saver
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = WinDVD for VAIO
"{2063C2E8-3812-4BBD-9998-6610F80C1DD4}" = VAIO Media AC3 Decoder 1.0
"{218761F6-CBF6-4973-B910-A33E6563A1EA}" = Windows Live Toolbar-Erweiterung (Windows Live Toolbar)
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{237CD223-1B9D-47E8-A76C-E478B83CCEA2}" = File Uploader
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{29F05234-DCBB-4FE0-88DC-5160C9250312}" = Adobe Photoshop CS3
"{2A0F3EF9-68EE-49E9-A05B-ED5B82DF63E5}" = Wireless Switch Setting Utility
"{2A2FF7F5-6F0E-4A5D-A881-39365E718BD6}" = VAIO Cozy Orange Wallpaper
"{2DD6C198-FA9A-40B4-8DE5-CE5206E3EB34}" = Smart Menus (Windows Live Toolbar)
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java(TM) SE Runtime Environment 6
"{35E0BA9D-3AFE-402A-99CA-D94FE1E73D18}" = ACDSee Pro 5
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = Browser Address Error Redirector
"{459699C3-9430-4381-964B-4248D87B49F9}" = Apple Mobile Device Support
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AAC95F4-A30E-4EE5-A086-6F79581D0D70}" = ACDSee Pro 2
"{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works
"{500162A0-4DD5-460A-BAFD-895AAE48C532}" = VAIO Media Content Collection 6.0
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{55B781F0-060E-11D4-99D7-00C04FCCB775}" =
"{560F6B2E-F0DF-44E5-8190-A4A161F0E205}" = VAIO Media 6.0
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57B955CE-B5D3-495D-AF1B-FAEE0540BFEF}" = VAIO Data Restore Tool
"{5855C127-1F20-404D-B7FB-1FD84D7EAB5E}" = VAIO Media Redistribution 6.0
"{59452470-A902-477F-9338-9B88101681BD}" = Setting Utility Series
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5E343EF6-D27C-4CFC-9FAE-9AAFB541BCEE}" = VAIO Photo 2007
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{68A69CFF-130D-4CDE-AB0E-7374ECB144C8}" = VAIO Video & Photo Suite
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6B1F20F2-6321-4669-A58C-33DF8E7517FF}" = VAIO Entertainment Platform
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{73627553-6974-7574-7469-6F6E735C5365}" = InterBase
"{73B5D990-04EA-4751-B10F-5534770B91F2}" = Adobe Color EU Recommended Settings
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{785EB1D4-ECEC-4195-99B4-73C47E187721}" = VAIO Media Integrated Server 6.0
"{786C4AD1-DCBA-49A6-B0EF-B317A344BD66}" = Windows Live Favorites für Windows Live Toolbar
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7A7B0BF3-2F00-4F03-8A9B-6ABCC07B90C6}" = Windows Live installer
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{83CDA18E-0BF3-4ACA-872C-B4CDABF2360E}" = VAIO Update 4
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{87441A59-5E64-4096-A170-14EFE67200C3}" = Picture Control Utility
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{90280407-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional mit FrontPage
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{934A3213-1CB6-4264-84A2-EE080C017BCA}" = VAIO Tender Green Wallpaper
"{953AA732-9AFB-49C9-84A4-7F96CA0A08DA}" = SweetPacks bundle uninstaller
"{97BCD719-6ECB-458F-97D6-F38D2E07375E}" = VAIO Aqua Breeze Wallpaper
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C31FFDC-E796-4884-B990-41B9A5B2A647}" = HP Deskjet 1050 J410 series - Grundlegende Software für das Gerät
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9E319E96-ED8E-4B01-9775-C521A1869A25}" = VAIO Power Management
"{9E407618-D9CD-4F39-9490-9ED45294073D}" = Click to DVD 2.0.05 Menu Data
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Alps Pointing-device for VAIO
"{9FA8B5F5-4BDC-4CF4-9202-AA97FF79AE98}" = VAIO Media
"{A0EB195B-5876-48E6-879D-33D4B2102610}" = SonicStage 4.3
"{A17EABB6-D0C6-44E5-820C-72DC7F495064}" = PaperPort
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A947C2B3-7445-42C4-9063-EE704CACCB22}" = VAIO Hardware Diagnostics
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.02)
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{AF9A04EB-7D8E-41DE-9EDE-4AB9BB2B71B6}" = VAIO Media Registration Tool 6.0
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B7FB0C86-41A4-4402-9A33-912C462042A0}" = Roxio Easy Media Creator Home
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{C183A21C-395A-490F-99D4-CCAB35E32859}" =
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{C4674FEF-AC81-79B6-C6C9-1E13CD51B77C}" = myphotobook.de
"{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}" = TuneUp Utilities 2013
"{CCD663AE-610D-4BDF-AAB0-E914B044527D}" = OpenMG Secure Module 4.7.00
"{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE72437E-0C5F-4E26-8C07-42AB0C9F7B1D}" = VAIO Video & Photo Suite
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D1E7142C-6BC3-49EB-A71A-E5D7ADAC7599}" = Nikon File Uploader 2
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}" = Nikon Message Center
"{D642E38E-0D24-486C-9A2D-E316DD696F4B}" = Microsoft XML Parser
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{DDD62492-32A7-412B-8AF1-2CF032AD42E3}" = ViewNX 2
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9-Reihe
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{E809063C-51A3-4269-8984-D1EB742F2151}" = Click to DVD 2.6.00
"{E89D31F3-7F6C-47A3-8669-0A8DDE27B664}" = VAIO Media Registration Tool
"{EA8FA6BE-29BE-4AF2-9352-841F83215EB0}" = Update Manager for SweetPacks 1.1
"{EF3D45BB-2260-4008-88EA-492E7744A9DF}" = Sony Utilities DLL
"{EFD0BFEB-980E-491B-833B-A8848E5E0F0F}" = Hyplay
"{F01F79AD-1F47-4685-AE4E-CCFA4EA9FF7C}" = Adobe Setup
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0D85ADD-DD61-4B43-87A0-6DA52A211A8B}" = VAIO Event Service
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F46E21DF-5BE1-48E2-8390-5EEA8B25E36A}" = Microsoft SQL Server Native Client
"{F4811919-F252-4B25-9AB2-8859A85810B5}" = TuneUp Utilities Language Pack (de-DE)
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FC37C108-821D-4EDE-8F40-D5B497586805}" = VAIO Control Center
"{FCCB0B43-7A6D-49A4-A5B3-B10F592F4EB6}" = LAN-Express AS IEEE 802.11 Wireless LAN
"{FDE96E86-7780-431C-92F7-679C6A7CEC51}" = Microsoft SQL Server VSS Writer
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"{FE58B892-3825-4610-A6A2-E6EFCA83BD97}" = Ulead PhotoImpact 10
"{FE96C49B-DB90-405E-A00E-09E38372F880}" = Camera Control Pro 2
"{FF29A7E2-FF40-4D07-B7E4-2093DE59E10A}" = Adobe Color NA Extra Settings
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"5513-1208-7298-9440" = JDownloader 0.9
"AC3Filter" = AC3Filter (remove only)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Adobe_5f143314a5d434c8511097393d17397" = Adobe Photoshop CS3
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.15
"Audiograbber" = Audiograbber 1.83 SE
"Avira AntiVir Desktop" = Avira Free Antivirus
"BrothersInArms" = Brothers In Arms
"Capture NX 2" = Capture NX 2
"CCleaner" = CCleaner (remove only)
"Celtx (2.0.2)" = Celtx (2.0.2)
"C-Media CM106 Like Sound Driver" = SPEED-LINK Medusa 5.1 USB
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_104D0200" = HDAUDIO SoftV92 Data Fax Modem with SmartCP
"de.myphotobook.creator.001F9DF2D0BAABEB11F42CCEE43224607B61109C.1" = myphotobook.de
"delta" = Delta toolbar
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup" = DivX-Setup
"doPDF 7 printer_is1" = doPDF 7.1 printer
"EASEUS Partition Master Home Edition_is1" = EASEUS Partition Master 8.0.1 Home Edition
"ElsterFormular für Privatanwender 12.1.1.6214p" = ElsterFormular für Privatanwender
"Exif-Viewer" = Exif-Viewer 2.50
"FileZilla Client" = FileZilla Client 3.5.1
"Google Updater" = Google Updater
"Haushaltsbuch2" = Softwarenetz Haushaltsbuch2
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = WinDVD for VAIO
"InstallShield_{CCD663AE-610D-4BDF-AAB0-E914B044527D}" = OpenMG Secure Module 4.7.00
"Live Usb Helper" = Live Usb Helper 0.0.8
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Mirillis Splash Lite" = Splash Lite
"Mozilla Thunderbird (2.0.0.24)" = Mozilla Thunderbird (2.0.0.24)
"NSS" = Norton Security Scan
"OpenMG HotFix4.7-07-13-22-01" = OpenMG Limited Patch 4.7-07-13-24-01
"PC Performer_is1" = PC Performer
"PS3 Media Server" = PS3 Media Server
"Registry Mechanic_is1" = PC Tools Registry Mechanic 11.0
"TomTom HOME" = TomTom HOME 2.8.3.2499
"TuneUp Utilities 2013" = TuneUp Utilities 2013
"UseNeXT_is1" = UseNeXT
"Veetle TV" = Veetle TV 0.9.18
"Verbatim GREEN BUTTON_is1" = Verbatim GREEN BUTTON 1.38
"VideoPerformer" = VideoPerformer
"VLC media player" = VLC media player 2.0.3
"vShare.tv plugin" = vShare.tv plugin 1.3
"Windows Live Toolbar" = Windows Live Toolbar
"Windows Media Encoder 9" = Windows Media Encoder 9-Reihe
"WinRAR archiver" = WinRAR
"WMV9_VCM" = Microsoft Windows Media Video 9 VCM
"Xfire" = Xfire (remove only)
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 23.02.2013 14:30:20 | Computer Name = jensar-notebook | Source = Software Licensing Service | ID = 12291
Description = Fehler beim Starten des Schlüsselverwaltungsdienstes (Key Management
Service, KMS). Info: hr=0xC004D301
Error - 23.02.2013 14:36:23 | Computer Name = jensar-notebook | Source = Winlogon | ID = 4103
Description = Fehler bei der Windows-Lizenzaktivierung. Fehler 0x00000000.
Error - 23.02.2013 14:36:31 | Computer Name = jensar-notebook | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung Explorer.EXE, Version 6.0.6002.18005, Zeitstempel
0x49e01da5, fehlerhaftes Modul ntdll.dll, Version 6.0.6002.18541, Zeitstempel 0x4ec3e3d5,
Ausnahmecode 0xc0000005, Fehleroffset 0x00065c28, Prozess-ID 0x308, Anwendungsstartzeit
01ce11f4ae86a090.
Error - 23.02.2013 14:37:29 | Computer Name = jensar-notebook | Source = ESENT | ID = 215
Description = WinMail (4508) WindowsMail0: Die Sicherung wurde abgebrochen, weil
sie vom Client angehalten wurde, oder weil die Verbindung mit dem Client unterbrochen
wurde.
Error - 23.02.2013 14:54:01 | Computer Name = jensar-notebook | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung Explorer.EXE, Version 6.0.6002.18005, Zeitstempel
0x49e01da5, fehlerhaftes Modul ntdll.dll, Version 6.0.6002.18541, Zeitstempel 0x4ec3e3d5,
Ausnahmecode 0xc0000005, Fehleroffset 0x000406e0, Prozess-ID 0xb44, Anwendungsstartzeit
01ce11f720b11032.
Error - 23.02.2013 15:01:54 | Computer Name = jensar-notebook | Source = Application Hang | ID = 1002
Description = Programm iexplore.exe, Version 9.0.8112.16464 arbeitet nicht mehr
mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet
"Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen
über das Problem zu suchen. Prozess-ID: 156c Anfangszeit: 01ce11f7ecb28ec2 Zeitpunkt
der Beendigung: 22
Error - 23.02.2013 17:00:00 | Computer Name = jensar-notebook | Source = EventSystem | ID = 4609
Description =
Error - 23.02.2013 17:00:43 | Computer Name = jensar-notebook | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung ntvdm.exe, Version 6.0.6001.18000, Zeitstempel
0x47918baf, fehlerhaftes Modul kernel32.dll, Version 6.0.6002.18704, Zeitstempel
0x5065ccb6, Ausnahmecode 0xc0000005, Fehleroffset 0x0003fc16, Prozess-ID 0x7c4,
Anwendungsstartzeit 01ce1208d749ba5c.
Error - 23.02.2013 17:11:04 | Computer Name = jensar-notebook | Source = EventSystem | ID = 4609
Description =
Error - 23.02.2013 17:13:30 | Computer Name = jensar-notebook | Source = EventSystem | ID = 4609
Description =
[ Media Center Events ]
Error - 16.04.2008 04:04:27 | Computer Name = jensar-notebook | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: Download von Paket MCESpotlight
gescheitert.
[ System Events ]
Error - 23.02.2013 17:13:30 | Computer Name = jensar-notebook | Source = DCOM | ID = 10005
Description =
Error - 23.02.2013 17:13:31 | Computer Name = jensar-notebook | Source = Service Control Manager | ID = 7001
Description =
Error - 23.02.2013 17:13:31 | Computer Name = jensar-notebook | Source = Service Control Manager | ID = 7001
Description =
Error - 23.02.2013 17:14:04 | Computer Name = jensar-notebook | Source = Service Control Manager | ID = 7001
Description =
Error - 23.02.2013 17:14:04 | Computer Name = jensar-notebook | Source = Service Control Manager | ID = 7001
Description =
Error - 23.02.2013 17:15:46 | Computer Name = jensar-notebook | Source = DCOM | ID = 10005
Description =
Error - 23.02.2013 17:18:50 | Computer Name = jensar-notebook | Source = Service Control Manager | ID = 7000
Description =
Error - 23.02.2013 18:20:49 | Computer Name = jensar-notebook | Source = Service Control Manager | ID = 7000
Description =
Error - 23.02.2013 18:58:14 | Computer Name = jensar-notebook | Source = DCOM | ID = 10010
Description =
Error - 23.02.2013 19:01:33 | Computer Name = jensar-notebook | Source = Service Control Manager | ID = 7000
Description =
< End of report >
GMER.txtGMER Logfile: Code:
ATTFilter GMER 2.1.19081 - hxxp://www.gmer.net
Rootkit scan 2013-02-24 01:03:52
Windows 6.0.6002 Service Pack 2 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-3 Hitachi_HTS541612J9SA00 rev.SBDOC74P 111,79GB
Running: gmer_2.1.19081.exe; Driver: C:\Users\ADMINI~1\AppData\Local\Temp\kwpcipob.sys
---- System - GMER 2.1 ----
SSDT 8CD466D6 ZwCreateSection
SSDT 8CD466E0 ZwRequestWaitReplyPort
SSDT 8CD466DB ZwSetContextThread
SSDT 8CD466E5 ZwSetSecurityObject
SSDT 8CD466EA ZwSystemDebugControl
SSDT 8CD46677 ZwTerminateProcess
---- Kernel code sections - GMER 2.1 ----
.text ntkrnlpa.exe!KeSetEvent + 215 84EEB8D8 4 Bytes [D6, 66, D4, 8C] {SALC ; AAM 0x8c}
.text ntkrnlpa.exe!KeSetEvent + 539 84EEBBFC 4 Bytes [E0, 66, D4, 8C] {LOOPNZ 0x68; AAM 0x8c}
.text ntkrnlpa.exe!KeSetEvent + 56D 84EEBC30 4 Bytes [DB, 66, D4, 8C]
.text ntkrnlpa.exe!KeSetEvent + 5D1 84EEBC94 4 Bytes [E5, 66, D4, 8C] {IN EAX, 0x66; AAM 0x8c}
.text ntkrnlpa.exe!KeSetEvent + 619 84EEBCDC 4 Bytes [EA, 66, D4, 8C]
.text ...
---- User code sections - GMER 2.1 ----
.text C:\PROGRA~1\Borland\INTERB~1\Bin\IBGuard.EXE[256] USER32.dll!DialogBoxParamW 75BF10B0 5 Bytes JMP 74FE44C0 c:\progra~2\browse~1\261095~1.52\{c16c1~1\browse~1.dll
.text C:\Windows\system32\schtasks.exe[344] USER32.dll!DialogBoxParamW 75BF10B0 5 Bytes JMP 74FE44C0 c:\progra~2\browse~1\261095~1.52\{c16c1~1\browse~1.dll
.text C:\Windows\system32\wininit.exe[520] USER32.dll!DialogBoxParamW 75BF10B0 5 Bytes JMP 74FE44C0 c:\progra~2\browse~1\261095~1.52\{c16c1~1\browse~1.dll
.text C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe[560] USER32.dll!DialogBoxParamW 75BF10B0 5 Bytes JMP 74FE44C0 c:\progra~2\browse~1\261095~1.52\{c16c1~1\browse~1.dll
.text C:\Windows\system32\services.exe[564] USER32.dll!DialogBoxParamW 75BF10B0 5 Bytes JMP 74FE44C0 c:\progra~2\browse~1\261095~1.52\{c16c1~1\browse~1.dll
.text ...
---- EOF - GMER 2.1 ----
Hoffe so sehr auf Hilfe. Vielen Dank im voraus! |
|
24.02.2013, 11:15
| #2 |
| /// Helfer-Team  | GVU-windows funktioniert aber bin ich sauber? Die Bereinigung besteht aus mehreren Schritten, die ausgefuehrt werden muessen. Diese Nacheinander abarbeiten und die 3 Logs, die dabei erstellt werden bitte in deine naechste Antwort einfuegen. Sollte der OTL-FIX nicht richig durchgelaufen sein. Fahre nicht fort, sondern melde dies bitte. 1. Schritt Fixen mit OTL Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).
Code:
ATTFilter :OTL
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\jensar\AppData\Local\Temp\musbehco.sys -- (musbehco)
DRV - File not found [Kernel | System | Unknown] -- C:\Windows\system32\drivers\kbdqtezq.sys -- (kbdqtezq)
@Alternate Data Stream - 99 bytes -> C:\ProgramData\Temp:D1B5B4F1
@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:861A898F
[2013.02.24 00:02:28 | 000,000,334 | ---- | M] () -- C:\Windows\tasks\RegistryBooster.job
:Files
C:\ProgramData\*.exe
C:\ProgramData\*.dll
C:\ProgramData\*.tmp
C:\ProgramData\TEMP
C:\Users\Administrator\*.tmp
C:\Users\Administrator\AppData\*.dll
C:\Users\Administrator\AppData\*.exe
C:\Users\Administrator\AppData\Local\Temp\*.exe
C:\Users\Administrator\AppData\LocalLow\Sun\Java\Deployment\cache
ipconfig /flushdns /c
:Commands
[emptytemp]
Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden. Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen! 2. Schritt Downloade dir bitte  Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers danach: 3. Schritt Downloade Dir bitte  AdwCleaner auf deinen Desktop.
__________________ |
|
24.02.2013, 17:15
| #3 |
| | GVU-windows funktioniert aber bin ich sauber? Vielen Dank ich werde alle Schritte durchführen, ABER
__________________AdwCleaner kann ich nicht downloaden. Der Link von filepony funktioniert nicht... So, das runterlasdn hat geklappt... OTL fix mit Skript hat einwandfrei funktioniert. Leider zeigt Schritt 2 Schwierigkeiten: mbar.exe habe ich als Administrator gestartet. Daraufhin kam folgende Fehlermeldung Probable rootkit activity detected Registry value "AppInt_Dlls" has been found, which may be Causen by rootkit activity. Note: press "no" Button if you're Not Sure. If the Tool crashes or terminates unexpectedly during a System Scan, restart the tool änder press "yes" should this message appear again. Do you want to remove this value and restart Tool? Habe verneint. Poste gleich direkt hinterher den OTL.text Moment. Nach verneinen erscheint Malwarebytes anti-rootkit normal. Hab einfach weiter gemacht... Poste alle Logfiles nach allen Schritten. So alles durchgeführt. 1. OTL Logfile Code:
ATTFilter All processes killed
========== OTL ==========
Service musbehco stopped successfully!
Service musbehco deleted successfully!
File C:\Users\jensar\AppData\Local\Temp\musbehco.sys not found.
Error: No service named kbdqtezq was found to stop!
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\kbdqtezq deleted successfully.
File C:\Windows\system32\drivers\kbdqtezq.sys not found.
ADS C:\ProgramData\Temp:D1B5B4F1 deleted successfully.
ADS C:\ProgramData\Temp:861A898F deleted successfully.
C:\Windows\Tasks\RegistryBooster.job moved successfully.
========== FILES ==========
File\Folder C:\ProgramData\*.exe not found.
File\Folder C:\ProgramData\*.dll not found.
File\Folder C:\ProgramData\*.tmp not found.
C:\ProgramData\TEMP folder moved successfully.
File\Folder C:\Users\Administrator\*.tmp not found.
File\Folder C:\Users\Administrator\AppData\*.dll not found.
File\Folder C:\Users\Administrator\AppData\*.exe not found.
File\Folder C:\Users\Administrator\AppData\Local\Temp\*.exe not found.
File\Folder C:\Users\Administrator\AppData\LocalLow\Sun\Java\Deployment\cache not found.
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\jensar\Desktop\cmd.bat deleted successfully.
C:\Users\jensar\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: Administrator
->Temp folder emptied: 20864568 bytes
->Temporary Internet Files folder emptied: 214353 bytes
->Flash cache emptied: 56632 bytes
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56632 bytes
User: Default User
User: Gast
->Temp folder emptied: 187231545 bytes
->Temporary Internet Files folder emptied: 36117903 bytes
->Flash cache emptied: 59646 bytes
User: jensar
->Temp folder emptied: 38035985 bytes
->Temporary Internet Files folder emptied: 76196783 bytes
->Java cache emptied: 4469857 bytes
->Google Chrome cache emptied: 72667430 bytes
->Flash cache emptied: 61080 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 18590784 bytes
RecycleBin emptied: 4093775 bytes
Total Files Cleaned = 437,00 mb
OTL by OldTimer - Version 3.2.69.0 log created on 02242013_205835
2. MBAR Logfile Übrigens hat hier der erste Scan nichts gefunden und es wurde auch kein Neustart gemacht. Habe daraufhin auch nicht Cleanup aktivieren können und auch nicht einen neuen Scan durchführen lassen. Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.01.0.1020
www.malwarebytes.org
Database version: v2013.02.24.06
Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Administrator :: JENSAR-NOTEBOOK [administrator]
24.02.2013 21:43:49
mbar-log-2013-02-24 (21-43-49).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 30297
Time elapsed: 14 minute(s), 54 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
AdwCleaner Logfile: Code:
ATTFilter # AdwCleaner v2.113 - Datei am 24/02/2013 um 21:47:39 erstellt
# Aktualisiert am 23/02/2013 von Xplode
# Betriebssystem : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# Benutzer : Administrator - JENSAR-NOTEBOOK
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\jensar\Desktop\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
Gestoppt & Gelöscht : BrowserProtect
***** [Dateien / Ordner] *****
Datei Gelöscht : \user.js
Datei Gelöscht : C:\Program Files\Mozilla FireFox\Components\AskSearch.js
Datei Gelöscht : C:\Users\Administrator\Desktop\eBay.lnk
Datei Gelöscht : C:\Users\Gast\Desktop\eBay.lnk
Datei Gelöscht : C:\Users\jensar\AppData\Local\Google\Chrome\User Data\Default\bProtector Web Data
Datei Gelöscht : C:\Users\jensar\AppData\Local\Google\Chrome\User Data\Default\bprotectorpreferences
Gelöscht mit Neustart : C:\ProgramData\BrowserProtect
Ordner Gelöscht : C:\Program Files\DAEMON Tools Toolbar
Ordner Gelöscht : C:\Program Files\DealPly
Ordner Gelöscht : C:\Program Files\Delta
Ordner Gelöscht : C:\Program Files\file scout
Ordner Gelöscht : C:\Program Files\Perion
Ordner Gelöscht : C:\Program Files\SweetIM
Ordner Gelöscht : C:\Program Files\vShare.tv plugin
Ordner Gelöscht : C:\ProgramData\Babylon
Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DealPly
Ordner Gelöscht : C:\ProgramData\SweetIM
Ordner Gelöscht : C:\ProgramData\Tarma Installer
Ordner Gelöscht : C:\Users\Administrator\AppData\Roaming\PerformerSoft
Ordner Gelöscht : C:\Users\Gast\AppData\LocalLow\Delta
Ordner Gelöscht : C:\Users\jensar\AppData\LocalLow\BabylonToolbar
Ordner Gelöscht : C:\Users\jensar\AppData\LocalLow\boost_interprocess
Ordner Gelöscht : C:\Users\jensar\AppData\Roaming\Babylon
Ordner Gelöscht : C:\Users\jensar\AppData\Roaming\Delta
Ordner Gelöscht : C:\Users\jensar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserProtect
Ordner Gelöscht : C:\Users\jensar\AppData\Roaming\PerformerSoft
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKCU\Software\580d6d8b56ebf10
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{82E1477C-B154-48D3-9891-33D83C26BCD3}
Schlüssel Gelöscht : HKLM\SOFTWARE\580d6d8b56ebf10
Schlüssel Gelöscht : HKLM\Software\Babylon
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{39CB8175-E224-4446-8746-00566302DF8D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{261DD098-8A3E-43D4-87AA-63324FA897D8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{4FCB4630-2A1C-4AA1-B422-345E8DC8A6DE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{82E1477C-B154-48D3-9891-33D83C26BCD3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{86838207-681D-469D-9511-D0DCC6F19F9B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{8F97BFF8-488B-4107-BCEE-B161AB4E4183}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{9AFB8248-617F-460D-9366-D71CDEDA3179}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{A1B48071-416D-474E-A13B-BE5456E7FC31}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E97A663B-81A6-49C5-A6D3-BCB05BA1DE26}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\delta.deltaappCore
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\delta.deltaappCore.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\delta.deltadskBnd
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\delta.deltadskBnd.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\delta.deltaHlpr
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\delta.deltaHlpr.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\escort.escortIEPane
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\esrv.deltaESrvc
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\esrv.deltaESrvc.1
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Features\EB6AF8AEEB922FA4392548F13812E50B
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Products\EB6AF8AEEB922FA4392548F13812E50B
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{39CB8175-E224-4446-8746-00566302DF8D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{4599D05A-D545-4069-BB42-5895B4EAE05B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{79D60450-56C5-4A8C-9321-6D5BC2A81E5A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{99C22A61-21BA-4F81-85FF-CDC9EB5DB10B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Schlüssel Gelöscht : HKLM\Software\Conduit
Schlüssel Gelöscht : HKLM\Software\DataMngr
Schlüssel Gelöscht : HKLM\Software\DealPly
Schlüssel Gelöscht : HKLM\Software\Delta
Schlüssel Gelöscht : HKLM\Software\Description
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\jifflliplgeajjdhmkcfnngfpgbjonjg
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\pgafcinpmmpklohkojmllohdhomoefph
Schlüssel Gelöscht : HKLM\Software\IB Updater
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{348C2DF3-1191-4C3E-92A6-B3A89A9D9C85}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SweetPacks Communicator
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8F97BFF8-488B-4107-BCEE-B161AB4E4183}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A1B48071-416D-474E-A13B-BE5456E7FC31}
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\12BF94BD06C95F343A77631402B9556A
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2124D8A8CF720FD44866190AF560228E
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\27A325ACED8CA4743A30127638591ADB
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\350D17402BD84234EAF7D32F08172D7C
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3EE8C5F419057E1478A654868CEE60B5
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4735D908D66E1BA46B6C2D7185A12B2B
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\76D8378E2DDAED3428720A631F6E3BF0
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9A001B259DB7D694E818BE29B973992C
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BAE2EC163C6A68A48921573E0E7E199D
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C06C6662FA5B04646829E4A460857770
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CEEB3E14ABE8270419B0FD762E18F7C6
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ED1B5E9A3BDB51349BF96E842C062D98
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FECBC2BC14DA6CD459BD59A041709836
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\EB6AF8AEEB922FA4392548F13812E50B
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{953AA732-9AFB-49C9-84A4-7F96CA0A08DA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{EA8FA6BE-29BE-4AF2-9352-841F83215EB0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Delta
Schlüssel Gelöscht : HKLM\Software\Tarma Installer
Schlüssel Gelöscht : HKU\S-1-5-21-441438614-1551882760-1506043834-1003\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gelöscht : HKU\S-1-5-21-441438614-1551882760-1506043834-1003\Software\Microsoft\Internet Explorer\SearchScopes\{BE9654C9-9D79-42EC-B55A-3CAEB12DBF58}
Schlüssel Gelöscht : HKU\S-1-5-21-441438614-1551882760-1506043834-1003\Software\Microsoft\Internet Explorer\SearchScopes\{CF739809-1C6C-47C0-85B9-569DBB141420}
Schlüssel Gelöscht : HKU\S-1-5-21-441438614-1551882760-1506043834-1003\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A}
Schlüssel Gelöscht : HKU\S-1-5-21-441438614-1551882760-1506043834-500\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [bProtectorDefaultScope]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{82E1477C-B154-48D3-9891-33D83C26BCD3}]
Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\extensions [{336D0C35-8A85-403a-B9D2-65C292C39087}]
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16464
[OK] Die Registrierungsdatenbank ist sauber.
*************************
AdwCleaner[S1].txt - [11770 octets] - [24/02/2013 21:47:39]
########## EOF - \AdwCleaner[S1].txt - [11831 octets] ##########
[/CODE] Oh je bin ganz gespannt. Hab ich es geschafft?!?!!! |
|
25.02.2013, 13:17
| #4 |
| /// Helfer-Team | GVU-windows funktioniert aber bin ich sauber? Sehr gut!  Downloade dir bitte  aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none). danach: ESET Online Scanner
danach: Downloade Dir bitte  SecurityCheck und:
|
|
26.02.2013, 21:20
| #5 |
| | GVU-windows funktioniert aber bin ich sauber? Erledigt!!! 1.aswMBR.txt Code:
ATTFilter aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2013-02-25 23:10:24
-----------------------------
23:10:24.308 OS Version: Windows 6.0.6002 Service Pack 2
23:10:24.308 Number of processors: 2 586 0xE0C
23:10:24.312 ComputerName: JENSAR-NOTEBOOK UserName: Administrator
23:11:12.354 Initialize success
23:12:35.345 AVAST engine defs: 13022501
23:15:37.442 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-3
23:15:37.444 Disk 0 Vendor: Hitachi_HTS541612J9SA00 SBDOC74P Size: 114473MB BusType: 3
23:15:37.446 Disk 1 \Device\Harddisk1\DR1 -> \Device\00000062
23:15:37.447 Disk 1 Vendor: ( Size: 114473MB BusType: 0
23:15:37.450 Disk 2 \Device\Harddisk2\DR2 -> \Device\00000063
23:15:37.451 Disk 2 Vendor: ( Size: 114473MB BusType: 0
23:15:37.475 Disk 0 MBR read successfully
23:15:37.477 Disk 0 MBR scan
23:15:37.482 Disk 0 Windows VISTA default MBR code
23:15:37.490 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 9536 MB offset 2048
23:15:37.514 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 104935 MB offset 19531776
23:15:37.521 Disk 0 scanning sectors +234439600
23:15:37.600 Disk 0 scanning C:\Windows\system32\drivers
23:15:50.778 Service scanning
23:16:34.429 Modules scanning
23:17:02.798 Disk 0 trace - called modules:
23:17:02.840 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll dxgkrnl.sys igdkmd32.sys tcpip.sys NETIO.SYS afd.sys ataport.SYS pciide.sys
23:17:02.844 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x88181ac8]
23:17:02.847 3 CLASSPNP.SYS[8ada08b3] -> nt!IofCallDriver -> [0x87a005e0]
23:17:02.850 5 acpi.sys[806a46bc] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-3[0x87a1bb98]
23:17:03.551 AVAST engine scan C:\Windows
23:17:09.440 AVAST engine scan C:\Windows\system32
23:21:31.828 AVAST engine scan C:\Windows\system32\drivers
23:21:46.226 AVAST engine scan C:\Users\Administrator
23:22:05.706 AVAST engine scan C:\ProgramData
23:24:01.436 Scan finished successfully
23:24:29.371 Disk 0 MBR has been saved successfully to "C:\Users\Administrator\Desktop\MBR.dat"
23:24:29.374 The log file has been saved successfully to "C:\Users\Administrator\Desktop\aswMBR.txt"
Code:
ATTFilter ESETSmartInstaller@High as downloader log:
Can not open internetESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=067aedda0478254994d0c78919c0338e
# engine=13241
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-02-26 01:35:25
# local_time=2013-02-26 02:35:25 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=1799 16775165 100 97 22277 183136324 15035 0
# compatibility_mode=5892 16776574 100 100 14404 199375254 0 0
# scanned=193390
# found=1
# cleaned=0
# scan_time=10623
sh=715EFB9CF8FE45B7464DDF6CB882CBE9B53EDC21 ft=1 fh=1d963bbf2538cd72 vn="a variant of Win32/Adware.iBryte.D application" ac=I fn="C:\Users\jensar\Downloads\Setup.exe"
Code:
ATTFilter Results of screen317's Security Check version 0.99.59 Windows Vista Service Pack 2 x86 Internet Explorer 9 ``````````````Antivirus/Firewall Check:`````````````` Avira Desktop Antivirus up to date! (On Access scanning disabled!) `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware Version 1.70.0.1100 TuneUp Utilities 2013 TuneUp Utilities Language Pack (de-DE) CCleaner (remove only) Java(TM) 6 Update 31 Java(TM) SE Runtime Environment 6 Java version out of Date! Adobe Flash Player 11.6.602.168 Adobe Reader XI Mozilla Thunderbird (2.0.0 Thunderbird out of Date! ````````Process Check: objlist.exe by Laurent```````` Windows Defender MSASCui.exe Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbamgui.exe Avira Antivir avgnt.exe Avira Antivir avguard.exe Malwarebytes' Anti-Malware mbamscheduler.exe Windows Defender MSASCui.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: % ````````````````````End of Log`````````````````````` ... ich halte durch!!! |
|
27.02.2013, 12:09
| #6 |
| /// Helfer-Team | GVU-windows funktioniert aber bin ich sauber? Deinstalliere: Thunderbird Java aktualisieren Dein Java ist nicht mehr aktuell. Älter Versionen enthalten Sicherheitslücken, die von Malware missbraucht werden können.
Dann so einstellen: http://www.trojaner-board.de/105213-...tellungen.html Danach poste (kopieren und einfuegen) mir, was du hier angezeigt bekommst: PluginCheck Java deaktivieren Aufgrund derezeitigen Sicherheitsluecke: http://www.trojaner-board.de/122961-...ktivieren.html Danach poste mir (kopieren und einfuegen), was du hier angezeigt bekommst: PluginCheck  Hinweis: Registry CleanerIch sehe, dass du sogenannte Registry Cleaner installiert hast. In deinem Fall TuneUp Utilities 2013, CCleaner. Wir raten von der Verwendung jeglicher Art von Registry Cleaner ab. Der Grund ist ganz einfach: Die Registry ist das Hirn des Systems. Funktioniert das Hirn nicht, funktioniert der Rest nicht mehr wirklich. Man sollte nicht unnötigerweise an der Registry rumbasteln. Schon ein kleiner Fehler kann gravierende Folgen haben und auch Programme machen manchmal Fehler. Zerstörst du die Registry, zerstörst du Windows. Zudem ist der Nutzen zur Performancesteigerung umstritten und meist kaum im wahrnehmbaren Bereich. Ich würde dir empfehlen, Registry Cleaner nicht weiterhin zu verwenden und über Start --> Systemsteuerung --> Software (bei Windows XP)zu deinstallieren.
__________________ --> GVU-windows funktioniert aber bin ich sauber? |
|
27.02.2013, 18:43
| #7 |
| | GVU-windows funktioniert aber bin ich sauber? Alles erledigt 1. Thunderbird gelöscht 2. Java aktualisiert PluginCheck Der PluginCheck hilft die größten Sicherheitslücken beim Surfen im Internet zu schliessen. Überprüft wird: Browser, Flash, Java und Adobe Reader Version. • Chrome 25.0.1364.97 ist aktuell • Flash (11,6,602,168) ist aktuell. • Java (1,7,0,15) ist aktuell. • Adobe Reader 11,0,2,0 ist aktuell. 3. Plug -in deaktiviert PluginCheck Der PluginCheck hilft die größten Sicherheitslücken beim Surfen im Internet zu schliessen. Überprüft wird: Browser, Flash, Java und Adobe Reader Version. Chrome 25.0.1364.97 ist aktuell Flash (11,6,602,0) ist aktuell. Java (1,7,0,15) ist aktuell. Adobe Reader 11,0,2,0 ist aktuell. 4. Tune up Utilities gelöscht. |
|
27.02.2013, 18:46
| #8 |
| /// Helfer-Team | GVU-windows funktioniert aber bin ich sauber? Sehr gut! damit bist Du sauber und entlassen!  adwCleaner entfernen
Tool-Bereinigung mit OTL Wir werden nun die CleanUp!-Funktion von OTL nutzen, um die meisten Programme, die wir zur Bereinigung installiert haben, wieder von Deinem System zu löschen.
Zurücksetzen der Sicherheitszonen Lasse die Sicherheitszonen wieder zurücksetzen, da diese manipuliert wurden um den Browser für weitere Angriffe zu öffnen. Gehe dabei so vor: http://www.trojaner-board.de/111805-...ecksetzen.html Systemwiederherstellungen leeren Damit der Rechner nicht mit einer infizierten Systemwiederherstellung erneut infiziert werden kann, muessen wir diese leeren. Dazu schalten wir sie einmal aus und dann wieder ein: Systemwiederherstellung deaktivieren Tutorial fuer Windows XP, Windows Vista, Windows 7 Danach wieder aktivieren. Lektuere zum abarbeiten: http://www.trojaner-board.de/90880-d...tallation.html http://www.trojaner-board.de/105213-...tellungen.html PluginCheck http://www.trojaner-board.de/96344-a...-rechners.html Secunia Online Software Inspector http://www.trojaner-board.de/71715-k...iendungen.html http://www.trojaner-board.de/83238-a...sschalten.html http://www.trojaner-board.de/109844-...ren-seite.html PC wird immer langsamer - was tun? |
|
23.04.2013, 14:14
| #9 |
| /// Helfer-Team | GVU-windows funktioniert aber bin ich sauber? Fehlende Rückmeldung Gibt es Probleme beim Abarbeiten obiger Anleitung? Um Kapazitäten für andere Hilfesuchende freizumachen, lösche ich dieses Thema aus meinen Benachrichtigungen. Solltest Du weitermachen wollen, schreibe mir eine PN oder eröffne ein neues Thema. http://www.trojaner-board.de/69886-a...-beachten.html Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner sauber ist. |
|
| Themen zu GVU-windows funktioniert aber bin ich sauber? |
| antivir, audiograbber, avira, bho, bildschirm, bonjour, delta toolbar, desktop, error, excel, festplatte, filescout.exe, firefox, flash player, helper, home, iexplore.exe, install.exe, logfile, msiexec.exe, ntdll.dll, object, office 2007, plug-in, realtek, scan, security, senden, software, starten, svchost.exe, tarma, usenext, virus, vista, visual studio |
Linear-Darstellung
