| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: GUV TrojanerWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
12.06.2013, 22:21
| #16 |
| /// TB-Ausbilder   |  GUV Trojaner Hi, dann lass uns mal mit einem OTL-Scan reinschauen: Lade dir bitte OTL (von Oldtimer) herunter und speichere es auf deinen Desktop.
__________________ cheers, Leo |
|
12.06.2013, 22:45
| #17 |
 | GUV Trojaner OTL Logfile:
__________________Code:
ATTFilter OTL logfile created on: 12.06.2013 23:28:37 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Markus Wester\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1,99 Gb Total Physical Memory | 0,88 Gb Available Physical Memory | 44,07% Memory free 4,22 Gb Paging File | 2,78 Gb Available in Paging File | 65,84% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 139,87 Gb Total Space | 42,65 Gb Free Space | 30,50% Space Free | Partition Type: NTFS Drive L: | 465,76 Gb Total Space | 394,34 Gb Free Space | 84,67% Space Free | Partition Type: NTFS Computer Name: MARKUS-LAPTOP | User Name: Markus Wester | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.06.12 23:27:46 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Markus Wester\Desktop\OTL.exe PRC - [2013.06.11 22:37:26 | 000,814,472 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\Macromed\Flash\FlashUtil32_11_7_700_224_ActiveX.exe PRC - [2013.05.23 11:09:59 | 002,827,728 | ---- | M] () -- C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe PRC - [2013.05.10 09:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2013.03.26 15:43:42 | 001,013,808 | ---- | M] (Sony Corporation) -- C:\Programme\Sony\VAIO Update\VUAgent.exe PRC - [2013.03.26 15:16:14 | 001,083,440 | ---- | M] (Sony Corporation) -- C:\Programme\Sony\VAIO Update\VAIOUpdt.exe PRC - [2012.08.10 12:46:17 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.05.13 16:11:22 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2012.05.13 16:11:17 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe PRC - [2012.05.13 16:11:16 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2011.12.08 19:22:38 | 002,807,808 | ---- | M] (DVBLogic) -- C:\Programme\DVBLogic\DVBLink\dvblink_server.exe PRC - [2011.12.06 17:47:56 | 000,058,368 | ---- | M] (DVBLogic) -- C:\Programme\DVBLogic\DVBLink\addons\connect_server\dvblink_mc_launcher.exe PRC - [2011.03.28 20:31:16 | 000,193,920 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE PRC - [2011.03.28 20:31:14 | 001,713,536 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE PRC - [2010.12.10 19:30:50 | 000,086,880 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe PRC - [2010.12.10 19:29:30 | 000,238,944 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe PRC - [2009.10.09 05:45:56 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe PRC - [2009.09.16 14:27:12 | 000,480,624 | ---- | M] (Sony Corporation) -- C:\Programme\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe PRC - [2009.05.19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe PRC - [2009.04.11 08:28:03 | 001,233,920 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009.03.05 19:59:50 | 000,313,264 | ---- | M] (Sony Corporation) -- C:\Programme\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe PRC - [2009.03.05 19:59:50 | 000,192,512 | ---- | M] (Sony Corporation) -- C:\Programme\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe PRC - [2009.03.05 19:41:58 | 005,189,992 | ---- | M] (Sony Corporation) -- C:\Programme\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe PRC - [2008.11.05 09:32:40 | 000,262,144 | ---- | M] (Sony Corporation) -- C:\Programme\Sony\Network Utility\LANUtil.exe PRC - [2008.11.03 17:01:44 | 000,299,008 | ---- | M] (Sony Corporation) -- C:\Programme\Sony\Network Utility\NSUService.exe PRC - [2008.01.19 09:33:37 | 000,397,312 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Mail\WinMail.exe PRC - [2008.01.16 10:51:44 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe PRC - [2007.10.31 14:13:44 | 000,921,600 | ---- | M] (Sony Corporation) -- C:\Programme\Sony\VAIO Power Management\SPMgr.exe PRC - [2007.08.14 21:05:18 | 000,182,392 | ---- | M] (Sony Corporation) -- C:\Programme\Sony\VAIO Event Service\VESMgr.exe PRC - [2007.08.14 21:05:18 | 000,100,472 | ---- | M] (Sony Corporation) -- C:\Programme\Sony\VAIO Event Service\VESMgrSub.exe PRC - [2007.06.10 02:12:18 | 000,118,784 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Programme\Apoint\Apoint.exe PRC - [2007.06.10 02:12:16 | 000,050,736 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Programme\Apoint\ApMsgFwd.exe PRC - [2007.01.04 20:48:52 | 000,112,152 | R--- | M] (InterVideo) -- C:\Programme\Common Files\InterVideo\RegMgr\iviRegMgr.exe PRC - [2006.12.19 19:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Programme\Common Files\EPSON\EBAPI\eEBSvc.exe PRC - [2003.06.19 23:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\VS7DEBUG\MDM.EXE PRC - [2000.06.29 10:45:10 | 000,052,224 | ---- | M] (Kenonic Controls Ltd.) -- C:\Windows\System32\Crypserv.exe ========== Modules (No Company Name) ========== MOD - [2013.05.23 11:09:59 | 002,827,728 | ---- | M] () -- C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe MOD - [2013.05.23 11:09:01 | 002,521,040 | ---- | M] () -- C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.dll MOD - [2011.06.24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2011.06.24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2007.09.20 02:04:28 | 000,249,856 | ---- | M] () -- C:\Windows\System32\igfxTMM.dll ========== Services (SafeList) ========== SRV - File not found [On_Demand | Stopped] -- C:\Users\MARKUS~1\AppData\Local\Temp\SUWARVUQPPSQ.exe -- (SUWARVUQPPSQ) SRV - File not found [Disabled | Stopped] -- C:\Windows\system32\IoctlSvc.exe -- (PLFlash DeviceIoControl Service) SRV - File not found [On_Demand | Stopped] -- C:\Users\MARKUS~1\AppData\Local\Temp\NFQRDNI.exe -- (NFQRDNI) SRV - File not found [On_Demand | Stopped] -- C:\Users\MARKUS~1\AppData\Local\Temp\KEDVYIK.exe -- (KEDVYIK) SRV - File not found [Auto | Stopped] -- C:\Users\MARKUS~1\AppData\Local\Temp\hpdj.exe -- (hpdj) SRV - File not found [Disabled | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon -- (CLTNetCnService) SRV - File not found [On_Demand | Stopped] -- C:\Users\MARKUS~1\AppData\Local\Temp\BBDIRSECKXY.exe -- (BBDIRSECKXY) SRV - [2013.06.11 22:56:21 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013.05.23 11:09:59 | 002,827,728 | ---- | M] () [Auto | Running] -- C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe -- (BrowserDefendert) SRV - [2013.05.10 09:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2013.03.26 15:43:42 | 001,013,808 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Programme\Sony\VAIO Update\VUAgent.exe -- (VUAgent) SRV - [2013.03.07 16:29:15 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013.01.08 13:53:48 | 000,161,536 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.05.13 16:11:22 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.05.13 16:11:16 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011.12.08 19:22:38 | 002,807,808 | ---- | M] (DVBLogic) [Auto | Running] -- C:\Programme\DVBLogic\DVBLink\dvblink_server.exe -- (dvblink_server) SRV - [2011.03.28 20:31:14 | 001,713,536 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2010.12.10 19:30:50 | 000,086,880 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter) SRV - [2010.12.10 19:29:30 | 029,293,408 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$MSSMLBIZ) SRV - [2010.12.10 19:29:30 | 000,238,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser) SRV - [2010.12.10 19:29:30 | 000,044,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper) SRV - [2010.10.27 08:54:05 | 000,867,080 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2009.10.09 05:45:56 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor8.0) SRV - [2009.09.16 14:27:12 | 000,480,624 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Programme\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe -- (VcmIAlzMgr) SRV - [2009.09.08 19:09:14 | 000,083,312 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe -- (VcmXmlIfHelper) SRV - [2009.05.19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort) SRV - [2009.03.05 19:59:50 | 000,313,264 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Programme\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe -- (Vcsw) SRV - [2009.03.05 19:59:50 | 000,192,512 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Programme\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe -- (VzCdbSvc) SRV - [2009.03.05 19:59:50 | 000,069,632 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe -- (VAIO Entertainment TV Device Arbitration Service) SRV - [2009.03.05 19:41:58 | 005,189,992 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Programme\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe -- (VCFw) SRV - [2008.11.03 17:01:44 | 000,299,008 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Programme\Sony\Network Utility\NSUService.exe -- (NSUService) SRV - [2008.01.19 09:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2008.01.19 09:33:39 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) SRV - [2008.01.16 10:51:44 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc) SRV - [2007.08.14 21:05:18 | 000,182,392 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Programme\Sony\VAIO Event Service\VESMgr.exe -- (VAIO Event Service) SRV - [2007.06.20 16:35:06 | 002,523,136 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Sony\VAIO Media Integrated Server\VMISrv.exe -- (VAIOMediaPlatform-IntegratedServer-AppServer) SRV - [2007.06.20 16:34:52 | 000,499,712 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe -- (VAIOMediaPlatform-Mobile-Gateway) SRV - [2007.06.20 16:34:50 | 001,089,536 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe -- (VAIOMediaPlatform-UCLS-UPnP) SRV - [2007.06.20 16:34:50 | 001,089,536 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe -- (VAIOMediaPlatform-IntegratedServer-UPnP) SRV - [2007.06.20 16:34:50 | 000,397,312 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe -- (VAIOMediaPlatform-UCLS-HTTP) SRV - [2007.06.20 16:34:50 | 000,397,312 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe -- (VAIOMediaPlatform-IntegratedServer-HTTP) SRV - [2007.01.10 17:51:06 | 000,745,472 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Sony\VAIO Media Integrated Server\UCLS.exe -- (VAIOMediaPlatform-UCLS-AppServer) SRV - [2007.01.04 20:48:52 | 000,112,152 | R--- | M] (InterVideo) [Auto | Running] -- C:\Programme\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr) SRV - [2006.12.19 19:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Programme\Common Files\EPSON\EBAPI\eEBSvc.exe -- (EpsonBidirectionalService) SRV - [2006.12.14 03:21:20 | 000,045,056 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV) SRV - [2006.12.14 03:02:08 | 000,069,632 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV) SRV - [2006.12.14 02:46:16 | 000,057,344 | ---- | M] () [On_Demand | Stopped] -- C:\Programme\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR) SRV - [2006.10.26 15:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose) SRV - [2003.06.19 23:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Common Files\microsoft shared\VS7DEBUG\MDM.EXE -- (MDM) SRV - [2000.06.29 10:45:10 | 000,052,224 | ---- | M] (Kenonic Controls Ltd.) [Auto | Running] -- C:\Windows\System32\Crypserv.exe -- (Crypkey License) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | Disabled | Stopped] -- system32\DRIVERS\UIUSYS.SYS -- (UIUSys) DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\PCASp50.sys -- (PCASp50) DRV - File not found [Kernel | Disabled | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | Disabled | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | Disabled | Stopped] -- system32\DRIVERS\mdmxsdk.sys -- (mdmxsdk) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp) DRV - File not found [Kernel | Disabled | Stopped] -- system32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) DRV - File not found [Kernel | Disabled | Stopped] -- system32\DRIVERS\HSXHWAZL.sys -- (HSXHWAZL) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\MARKUS~1\AppData\Local\Temp\catchme.sys -- (catchme) DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive) DRV - [2013.02.22 07:32:08 | 000,134,144 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ser2pl.sys -- (Ser2plx86) DRV - [2012.05.13 16:11:23 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2012.05.13 16:11:23 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2012.01.09 12:49:12 | 000,043,392 | ---- | M] (Realtek) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RTL2832U_IRHID.sys -- (RTL2832U_IRHID) DRV - [2012.01.09 12:49:12 | 000,033,536 | ---- | M] (REALTEK SEMICONDUCTOR Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RTL2832UUSB.sys -- (RTL2832UUSB) DRV - [2012.01.09 12:49:10 | 000,189,184 | ---- | M] (REALTEK SEMICONDUCTOR Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RTL2832UBDA.sys -- (RTL2832UBDA) DRV - [2011.10.11 16:00:01 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr) DRV - [2011.05.10 08:06:14 | 000,018,432 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netaapl.sys -- (Netaapl) DRV - [2010.06.17 16:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2010.03.25 19:09:38 | 000,113,664 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbnet.sys -- (ewusbnet) DRV - [2010.03.25 19:09:38 | 000,103,168 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard) DRV - [2010.03.25 19:09:38 | 000,101,120 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbfake.sys -- (hwusbfake) DRV - [2009.04.27 15:15:04 | 000,009,216 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\massfilter.sys -- (massfilter) DRV - [2009.03.25 17:48:00 | 000,114,728 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018mdm.sys -- (s1018mdm) DRV - [2009.03.25 17:48:00 | 000,109,864 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018unic.sys -- (s1018unic) DRV - [2009.03.25 17:48:00 | 000,106,208 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018mgmt.sys -- (s1018mgmt) DRV - [2009.03.25 17:48:00 | 000,104,744 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018obex.sys -- (s1018obex) DRV - [2009.03.25 17:48:00 | 000,086,824 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018bus.sys -- (s1018bus) DRV - [2009.03.25 17:48:00 | 000,026,024 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018nd5.sys -- (s1018nd5) DRV - [2009.03.25 17:48:00 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018mdfl.sys -- (s1018mdfl) DRV - [2008.06.18 17:49:16 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BVRPMPR5.SYS -- (BVRPMPR5) DRV - [2008.05.16 11:33:14 | 000,115,752 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016unic.sys -- (s0016unic) DRV - [2008.05.16 11:33:14 | 000,025,512 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016nd5.sys -- (s0016nd5) DRV - [2008.05.16 11:33:14 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016mdfl.sys -- (s0016mdfl) DRV - [2008.05.16 11:33:12 | 000,120,744 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016mdm.sys -- (s0016mdm) DRV - [2008.05.16 11:33:12 | 000,114,216 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016mgmt.sys -- (s0016mgmt) DRV - [2008.05.16 11:33:12 | 000,110,632 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016obex.sys -- (s0016obex) DRV - [2008.05.16 11:33:12 | 000,089,256 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016bus.sys -- (s0016bus) DRV - [2007.10.25 02:04:01 | 000,776,704 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\athr.sys -- (athr) DRV - [2007.09.19 14:38:18 | 000,010,216 | ---- | M] (Sony Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\DMICall.sys -- (DMICall) DRV - [2007.09.19 05:29:09 | 002,222,080 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) DRV - [2007.08.29 03:58:45 | 000,009,344 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SFEP.sys -- (SFEP) DRV - [2007.06.10 02:12:18 | 000,140,800 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService) DRV - [2007.06.06 02:00:39 | 000,812,544 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ti21sony.sys -- (ti21sony) DRV - [2007.04.17 21:09:28 | 000,011,032 | ---- | M] (InterVideo) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\regi.sys -- (regi) DRV - [2007.02.13 20:06:36 | 000,128,104 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\WimFltr.sys -- (WimFltr) DRV - [2006.11.02 09:30:54 | 001,781,760 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) DRV - [2004.04.26 23:31:04 | 000,474,304 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvcd.sys -- (QCDonner) DRV - [2000.02.03 21:53:12 | 000,024,608 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\Ckldrv.sys -- (NetworkX) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{B6BC3804-A54A-4D3C-94D2-A09AB9D1AD6F}: "URL" = hxxp://www.google.de/search?hl=de&q={searchTerms}&meta= IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1433685974-1778743318-4094590983-1003\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page = Delta Search IE - HKU\S-1-5-21-1433685974-1778743318-4094590983-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = C:\Users\Markus Wester\Desktop IE - HKU\S-1-5-21-1433685974-1778743318-4094590983-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google IE - HKU\S-1-5-21-1433685974-1778743318-4094590983-1003\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKU\S-1-5-21-1433685974-1778743318-4094590983-1003\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} IE - HKU\S-1-5-21-1433685974-1778743318-4094590983-1003\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} IE - HKU\S-1-5-21-1433685974-1778743318-4094590983-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\S-1-5-21-1433685974-1778743318-4094590983-1003\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://www.delta-search.com/?q={searchTerms}&affID=121562&babsrc=SP_ss&mntrId=383B001CBF5C17D1 IE - HKU\S-1-5-21-1433685974-1778743318-4094590983-1003\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\S-1-5-21-1433685974-1778743318-4094590983-1003\..\SearchScopes\{6C15FAAF-7DB7-4EE8-B17F-63CF5C42A625}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-1433685974-1778743318-4094590983-1003\..\SearchScopes\{B6BC3804-A54A-4D3C-94D2-A09AB9D1AD6F}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGLL_de IE - HKU\S-1-5-21-1433685974-1778743318-4094590983-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1433685974-1778743318-4094590983-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..extensions.enabledAddons: %7BACAA314B-EEBA-48e4-AD47-84E31C44796C%7D:1.0.10 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2 FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:2.7.2.0 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: ff-bmboc@bytemobile.com:4.2.2 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..network.proxy.no_proxies_on: "*.local" FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011.12.16 16:33:03 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.05.26 10:46:58 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.05.26 10:46:58 | 000,000,000 | ---D | M] [2009.11.18 01:57:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Markus Wester\AppData\Roaming\mozilla\Extensions [2013.04.01 19:39:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Markus Wester\AppData\Roaming\mozilla\Firefox\Profiles\iftac3se.default\extensions [2010.05.28 23:13:33 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Markus Wester\AppData\Roaming\mozilla\Firefox\Profiles\iftac3se.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2012.12.20 15:40:41 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Markus Wester\AppData\Roaming\mozilla\Firefox\Profiles\iftac3se.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2013.04.01 19:38:56 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2013.03.07 16:30:04 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2013.03.07 17:45:15 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2013.03.07 17:45:15 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2013.03.07 17:45:15 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2013.03.07 17:45:15 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2013.03.07 17:45:15 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2013.03.07 17:45:15 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - default_search_provider: () CHR - default_search_provider: search_url = CHR - default_search_provider: suggest_url = CHR - homepage: Google O1 HOSTS File: ([2013.03.24 22:41:56 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programme\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2 - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Programme\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.) O2 - BHO: (delta Helper Object) - {C1AF5FA5-852C-4C90-812E-A7F75E011D87} - C:\Programme\Delta\delta\1.8.21.5\bh\delta.dll (Delta-search.com) O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Programme\Google BAE\BAE.dll (Your Company Name) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (DVDVideoSoft WebPageAdjuster Class) - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Programme\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.) O3 - HKLM\..\Toolbar: (Delta Toolbar) - {82E1477C-B154-48D3-9891-33D83C26BCD3} - C:\Programme\Delta\delta\1.8.21.5\deltaTlbr.dll (Delta-search.com) O3 - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Programme\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.) O3 - HKLM\..\Toolbar: (TerraTec Home Cinema) - {AD6E6555-FB2C-47D4-8339-3E2965509877} - C:\Programme\TerraTec\TerraTec Home Cinema\ThcDeskBand.dll (TerraTec Electronic GmbH) O3 - HKU\S-1-5-21-1433685974-1778743318-4094590983-1003\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found. O3 - HKU\S-1-5-21-1433685974-1778743318-4094590983-1003\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found. O3 - HKU\S-1-5-21-1433685974-1778743318-4094590983-1003\..\Toolbar\WebBrowser: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No CLSID value found. O4 - HKLM..\Run: [Apoint] C:\Programme\Apoint\Apoint.exe (Alps Electric Co., Ltd.) O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [DVBLink MediaCenter Launcher] C:\Programme\DVBLogic\DVBLink\addons\connect_server\dvblink_mc_launcher.exe (DVBLogic) O4 - HKU\S-1-5-21-1433685974-1778743318-4094590983-1003..\Run: [NSUFloatingUI] C:\Program Files\Sony\Network Utility\LANUtil.exe (Sony Corporation) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-1433685974-1778743318-4094590983-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-1433685974-1778743318-4094590983-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-1433685974-1778743318-4094590983-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.) O8 - Extra context menu item: Free YouTube Download - C:\Programme\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm () O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Programme\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm () O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html File not found O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Save YouTube Video - res://C:\Program Files\Common Files\DVDVideoSoft\Dll\IEContextMenuY.dll/scriptY2MP4.htm File not found O9 - Extra Button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Programme\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.) O9 - Extra 'Tools' menuitem : Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Programme\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{14A7AC6E-184D-420A-8521-26E50DFAB121}: DhcpNameServer = 192.168.34.254 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4165FF16-3A47-48F7-86CD-6157C9869565}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{61D1D401-7AA3-436F-9B49-DB8CA17F8349}: DhcpNameServer = 10.111.81.129 10.129.32.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{99C3A7CB-3A38-4D63-8F7A-E6F11D6A7F10}: DhcpNameServer = 10.74.210.210 10.74.210.211 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C80BAF53-83DE-444E-84E2-497792622D88}: DhcpNameServer = 139.7.30.125 139.7.30.126 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D60701BC-F42B-4E2C-A980-50CFE908DF80}: DhcpNameServer = 139.7.30.125 139.7.30.126 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EB84E87D-78F5-49D9-9F10-F1E56A98C93F}: DhcpNameServer = 139.7.30.125 139.7.30.126 O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.dll File not found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.dll File not found O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Programme\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (c:\progra~2\browse~2\261339~1.144\{c16c1~1\browse~1.dll) - c:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.dll () O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\VESWinlogon: DllName - (VESWinlogon.dll) - C:\Windows\System32\VESWinlogon.dll (Sony Corporation) O24 - Desktop WallPaper: C:\Users\Markus Wester\Pictures\Iphone\Jasmina\IMG_2488.jpg O24 - Desktop BackupWallPaper: C:\Users\Markus Wester\Pictures\Iphone\Jasmina\IMG_2488.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2013.06.12 23:27:40 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Markus Wester\Desktop\OTL.exe [2013.06.12 00:44:06 | 000,000,000 | ---D | C] -- C:\Users\Markus Wester\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserDefender [2013.06.12 00:44:02 | 000,000,000 | ---D | C] -- C:\ProgramData\BrowserDefender [2013.06.12 00:43:59 | 000,000,000 | ---D | C] -- C:\Users\Markus Wester\AppData\Roaming\BabSolution [2013.06.12 00:43:54 | 000,000,000 | ---D | C] -- C:\Program Files\Delta [2013.06.12 00:43:53 | 000,000,000 | ---D | C] -- C:\Users\Markus Wester\AppData\Roaming\Delta [2013.06.12 00:42:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon [2013.06.12 00:42:12 | 000,000,000 | ---D | C] -- C:\Users\Markus Wester\AppData\Roaming\Babylon [2013.06.12 00:40:51 | 000,000,000 | ---D | C] -- C:\Users\Markus Wester\AppData\Roaming\DVDVideoSoftIEHelpers [2013.06.12 00:40:18 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DVDVideoSoft [2013.06.12 00:40:16 | 000,000,000 | ---D | C] -- C:\Users\Markus Wester\AppData\Roaming\OpenCandy [2013.06.11 15:57:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2013.06.11 15:55:57 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2013.06.11 15:55:54 | 000,000,000 | ---D | C] -- C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1 [2013.05.26 10:46:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime [2013.05.26 10:45:38 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime [2013.05.26 10:33:45 | 000,000,000 | ---D | C] -- C:\Users\Markus Wester\Desktop\Neue Musik [2013.05.19 10:01:25 | 000,000,000 | ---D | C] -- C:\Program Files\DVBLogic [2013.05.19 10:01:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVBLink [2013.05.18 16:11:52 | 000,000,000 | ---D | C] -- C:\ProgramData\DVBLogic [2013.05.18 16:08:58 | 000,000,000 | ---D | C] -- C:\ProgramData\TerraTec [2013.05.18 16:07:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TerraTec [2013.05.18 16:07:35 | 000,000,000 | ---D | C] -- C:\Program Files\TerraTec [2013.05.18 16:07:13 | 000,000,000 | ---D | C] -- C:\Users\Markus Wester\AppData\Roaming\TerraTec [2013.05.18 16:00:49 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\TerraTec [2013.05.15 23:22:17 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2013.05.15 23:08:15 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2013.05.15 23:08:14 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2013.05.15 23:08:14 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2013.05.15 23:08:14 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2013.05.15 23:08:12 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2013.05.15 23:08:12 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2013.05.15 23:08:11 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2013.05.15 23:06:48 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll [2013.05.15 23:06:14 | 002,049,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys ========== Files - Modified Within 30 Days ========== [2013.06.12 23:27:46 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Markus Wester\Desktop\OTL.exe [2013.06.12 22:58:12 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.06.12 22:57:53 | 000,003,568 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2013.06.12 22:57:53 | 000,003,568 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2013.06.12 22:57:47 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.06.12 02:58:31 | 006,354,023 | ---- | M] () -- C:\Users\Markus Wester\Desktop\Macklemore - Can't Hold Us.mp3 [2013.06.12 02:58:02 | 006,102,621 | ---- | M] () -- C:\Users\Markus Wester\Desktop\Passenger - Let Her Go.mp3 [2013.06.12 02:57:33 | 005,031,182 | ---- | M] () -- C:\Users\Markus Wester\Desktop\Gossip - Move in the right direction.mp3 [2013.06.12 02:57:09 | 005,037,452 | ---- | M] () -- C:\Users\Markus Wester\Desktop\Culture Beat - Mr. Vain (2002).mp3 [2013.06.12 02:56:40 | 005,695,110 | ---- | M] () -- C:\Users\Markus Wester\Desktop\Culture Beat - Mr. Vain.mp3 [2013.06.12 02:56:00 | 005,713,919 | ---- | M] () -- C:\Users\Markus Wester\Desktop\Whigfield - Saturday Night.mp3 [2013.06.12 02:56:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.06.12 02:55:09 | 005,513,298 | ---- | M] () -- C:\Users\Markus Wester\Desktop\Dr. Alban - It's My Life.mp3 [2013.06.12 02:55:03 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.06.12 02:54:39 | 005,488,848 | ---- | M] () -- C:\Users\Markus Wester\Desktop\Snap - Rhythm is a dancer.mp3 [2013.06.12 02:54:11 | 005,650,598 | ---- | M] () -- C:\Users\Markus Wester\Desktop\CHER - Believe (1998).mp3 [2013.06.12 02:53:38 | 004,717,086 | ---- | M] () -- C:\Users\Markus Wester\Desktop\SNAP - Rhythm Is A Dancer (2003 Remix).mp3 [2013.06.12 02:53:15 | 004,358,477 | ---- | M] () -- C:\Users\Markus Wester\Desktop\The Frank Popp Ensemble - Hip Teens (don't wear blue jeans).mp3 [2013.06.12 02:52:57 | 004,347,819 | ---- | M] () -- C:\Users\Markus Wester\Desktop\Loona - Vamos A La Playa.mp3 [2013.06.12 02:52:35 | 005,206,098 | ---- | M] () -- C:\Users\Markus Wester\Desktop\Loona - Bailando.mp3 [2013.06.12 02:52:06 | 005,097,011 | ---- | M] () -- C:\Users\Markus Wester\Desktop\Seeed Augenbling.mp3 [2013.06.12 02:51:37 | 005,753,416 | ---- | M] () -- C:\Users\Markus Wester\Desktop\Seeed - Dickes B.mp3 [2013.06.12 01:30:15 | 005,412,988 | ---- | M] () -- C:\Users\Markus Wester\Desktop\Mischa Daniels & Tara McDonald - Beats For You.mp3 [2013.06.12 01:29:51 | 005,181,648 | ---- | M] () -- C:\Users\Markus Wester\Desktop\David Guetta ft. Akon & Ne-Yo - Play Hard.mp3 [2013.06.12 01:29:20 | 005,029,928 | ---- | M] () -- C:\Users\Markus Wester\Desktop\Juli - elektrisches Gefühl.mp3 [2013.06.12 01:28:57 | 005,448,724 | ---- | M] () -- C:\Users\Markus Wester\Desktop\Lykke Li - I Follow Rivers ( Lyrics).mp3 [2013.06.12 01:28:34 | 006,491,950 | ---- | M] () -- C:\Users\Markus Wester\Desktop\Peter Maffay.......Uber Sieben Brucken Must Du Gehn.mp3 [2013.06.12 01:27:59 | 008,805,354 | ---- | M] () -- C:\Users\Markus Wester\Desktop\Jive Bunny and the Mastermixers - Swing the Mood.mp3 [2013.06.12 01:27:09 | 006,130,206 | ---- | M] () -- C:\Users\Markus Wester\Desktop\Christian Anders - Ruby 2010 (3select Rmx).mp3 [2013.06.12 01:26:39 | 005,352,175 | ---- | M] () -- C:\Users\Markus Wester\Desktop\Remady ft. Manu-L & J-Son - Single Ladies (2012).mp3 [2013.06.11 22:56:21 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe [2013.06.11 22:56:21 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2013.06.11 21:39:52 | 002,079,917 | ---- | M] () -- C:\Users\Markus Wester\Desktop\Foto.jpg [2013.06.11 15:57:07 | 000,001,670 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk [2013.05.26 22:30:07 | 000,686,620 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2013.05.26 22:30:07 | 000,643,612 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2013.05.26 22:30:07 | 000,150,694 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2013.05.26 22:30:07 | 000,122,500 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2013.05.25 17:56:35 | 000,098,206 | ---- | M] () -- C:\Users\Markus Wester\Desktop\Adac.pdf [2013.05.25 17:54:26 | 000,037,280 | ---- | M] () -- C:\Users\Markus Wester\Desktop\__www.adac.de_kontakt_pannenhilfe_default.aspx_ComponentI.pdf [2013.05.21 21:26:28 | 000,004,204 | ---- | M] () -- C:\Users\Markus Wester\Desktop\Übersicht Markus Wester 2013.pdf [2013.05.18 16:07:36 | 000,000,799 | ---- | M] () -- C:\Users\Public\Desktop\TerraTec Home Cinema.lnk [2013.05.16 21:27:26 | 000,430,296 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT ========== Files Created - No Company Name ========== [2013.06.12 02:58:03 | 006,354,023 | ---- | C] () -- C:\Users\Markus Wester\Desktop\Macklemore - Can't Hold Us.mp3 [2013.06.12 02:57:33 | 006,102,621 | ---- | C] () -- C:\Users\Markus Wester\Desktop\Passenger - Let Her Go.mp3 [2013.06.12 02:57:10 | 005,031,182 | ---- | C] () -- C:\Users\Markus Wester\Desktop\Gossip - Move in the right direction.mp3 [2013.06.12 02:56:43 | 005,037,452 | ---- | C] () -- C:\Users\Markus Wester\Desktop\Culture Beat - Mr. Vain (2002).mp3 [2013.06.12 02:56:07 | 005,695,110 | ---- | C] () -- C:\Users\Markus Wester\Desktop\Culture Beat - Mr. Vain.mp3 [2013.06.12 02:55:26 | 005,713,919 | ---- | C] () -- C:\Users\Markus Wester\Desktop\Whigfield - Saturday Night.mp3 [2013.06.12 02:54:40 | 005,513,298 | ---- | C] () -- C:\Users\Markus Wester\Desktop\Dr. Alban - It's My Life.mp3 [2013.06.12 02:54:12 | 005,488,848 | ---- | C] () -- C:\Users\Markus Wester\Desktop\Snap - Rhythm is a dancer.mp3 [2013.06.12 02:53:39 | 005,650,598 | ---- | C] () -- C:\Users\Markus Wester\Desktop\CHER - Believe (1998).mp3 [2013.06.12 02:53:16 | 004,717,086 | ---- | C] () -- C:\Users\Markus Wester\Desktop\SNAP - Rhythm Is A Dancer (2003 Remix).mp3 [2013.06.12 02:52:58 | 004,358,477 | ---- | C] () -- C:\Users\Markus Wester\Desktop\The Frank Popp Ensemble - Hip Teens (don't wear blue jeans).mp3 [2013.06.12 02:52:36 | 004,347,819 | ---- | C] () -- C:\Users\Markus Wester\Desktop\Loona - Vamos A La Playa.mp3 [2013.06.12 02:52:11 | 005,206,098 | ---- | C] () -- C:\Users\Markus Wester\Desktop\Loona - Bailando.mp3 [2013.06.12 02:51:39 | 005,097,011 | ---- | C] () -- C:\Users\Markus Wester\Desktop\Seeed Augenbling.mp3 [2013.06.12 02:51:08 | 005,753,416 | ---- | C] () -- C:\Users\Markus Wester\Desktop\Seeed - Dickes B.mp3 [2013.06.12 01:29:51 | 005,412,988 | ---- | C] () -- C:\Users\Markus Wester\Desktop\Mischa Daniels & Tara McDonald - Beats For You.mp3 [2013.06.12 01:29:21 | 005,181,648 | ---- | C] () -- C:\Users\Markus Wester\Desktop\David Guetta ft. Akon & Ne-Yo - Play Hard.mp3 [2013.06.12 01:28:58 | 005,029,928 | ---- | C] () -- C:\Users\Markus Wester\Desktop\Juli - elektrisches Gefühl.mp3 [2013.06.12 01:28:35 | 005,448,724 | ---- | C] () -- C:\Users\Markus Wester\Desktop\Lykke Li - I Follow Rivers ( Lyrics).mp3 [2013.06.12 01:28:00 | 006,491,950 | ---- | C] () -- C:\Users\Markus Wester\Desktop\Peter Maffay.......Uber Sieben Brucken Must Du Gehn.mp3 [2013.06.12 01:27:10 | 008,805,354 | ---- | C] () -- C:\Users\Markus Wester\Desktop\Jive Bunny and the Mastermixers - Swing the Mood.mp3 [2013.06.12 01:26:42 | 006,130,206 | ---- | C] () -- C:\Users\Markus Wester\Desktop\Christian Anders - Ruby 2010 (3select Rmx).mp3 [2013.06.12 01:26:12 | 005,352,175 | ---- | C] () -- C:\Users\Markus Wester\Desktop\Remady ft. Manu-L & J-Son - Single Ladies (2012).mp3 [2013.06.11 22:21:52 | 000,000,982 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Update.lnk [2013.06.11 21:39:59 | 002,079,917 | ---- | C] () -- C:\Users\Markus Wester\Desktop\Foto.jpg [2013.06.11 15:57:07 | 000,001,670 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk [2013.05.25 17:56:35 | 000,098,206 | ---- | C] () -- C:\Users\Markus Wester\Desktop\Adac.pdf [2013.05.25 17:54:23 | 000,037,280 | ---- | C] () -- C:\Users\Markus Wester\Desktop\__www.adac.de_kontakt_pannenhilfe_default.aspx_ComponentI.pdf [2013.05.18 16:07:36 | 000,000,799 | ---- | C] () -- C:\Users\Public\Desktop\TerraTec Home Cinema.lnk [2013.02.19 21:24:01 | 000,009,190 | ---- | C] () -- C:\Windows\hpdj3500.ini [2011.08.02 11:48:43 | 000,004,096 | ---- | C] () -- C:\Users\Markus Wester\AppData\Local\keyfile3.drm [2011.07.05 16:40:35 | 000,027,872 | ---- | C] () -- C:\Users\Markus Wester\AppData\Roaming\UserTile.png [2011.03.10 20:43:59 | 000,102,983 | ---- | C] () -- C:\Users\Markus Wester\rechnung Februar.pdf [2010.02.04 23:07:05 | 000,019,801 | ---- | C] () -- C:\Users\Markus Wester\Muster.elfo [2009.12.25 22:21:50 | 000,000,056 | ---- | C] () -- C:\ProgramData\ezsidmv.dat [2009.01.20 18:55:08 | 000,000,098 | ---- | C] () -- C:\Users\Markus Wester\AppData\Local\eqwigqw.bat [2008.07.09 01:04:18 | 000,001,024 | ---- | C] () -- C:\Users\Markus Wester\.rnd [2008.06.08 17:30:56 | 000,000,100 | ---- | C] () -- C:\Users\Markus Wester\AppData\Local\qlvqa.bat [2008.04.13 13:30:28 | 000,000,085 | -HS- | C] () -- C:\ProgramData\.zreglib [2008.03.23 15:39:17 | 000,000,305 | ---- | C] () -- C:\ProgramData\addr_file.html [2008.03.19 16:47:17 | 000,177,152 | ---- | C] () -- C:\Users\Markus Wester\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008.03.19 16:47:17 | 000,006,324 | ---- | C] () -- C:\Users\Markus Wester\AppData\Local\d3d9caps.dat ========== ZeroAccess Check ========== [2006.11.02 14:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 19:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 08:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 08:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== Files - Unicode (All) ========== [2008.04.04 14:03:52 | 000,000,000 | ---D | M](C:\Windows\System32\?æ?æ?æ?æ?æ?æ) -- C:\Windows\System32\ææææææ [2008.04.04 14:03:52 | 000,000,000 | ---D | C](C:\Windows\System32\?æ?æ?æ?æ?æ?æ) -- C:\Windows\System32\ææææææ ========== Alternate Data Streams ========== @Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:34E543D7 < End of report > Extras:OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 12.06.2013 23:28:37 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Markus Wester\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1,99 Gb Total Physical Memory | 0,88 Gb Available Physical Memory | 44,07% Memory free
4,22 Gb Paging File | 2,78 Gb Available in Paging File | 65,84% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 139,87 Gb Total Space | 42,65 Gb Free Space | 30,50% Space Free | Partition Type: NTFS
Drive L: | 465,76 Gb Total Space | 394,34 Gb Free Space | 84,67% Space Free | Partition Type: NTFS
Computer Name: MARKUS-LAPTOP | User Name: Markus Wester | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-1433685974-1778743318-4094590983-1003]
"EnableNotificationsRef" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{026B206A-6842-4F45-9D77-A45078D57253}" = lport=139 | protocol=6 | dir=in | app=system |
"{0B38DD35-5CE8-4D35-B212-F2AA038A0EEB}" = lport=445 | protocol=6 | dir=in | app=system |
"{149080F8-8571-4D97-B967-ADAAB5E1A887}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{1DBCE52E-EFCC-406E-A208-8EDB90EDAC74}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{26D06637-6C0C-4F22-B6F5-D5F9DB04CBC2}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{48701019-B2D1-477D-B88D-FFB1847DEE3B}" = rport=138 | protocol=17 | dir=out | app=system |
"{51B0EFA8-6726-456E-90E2-093EFF71DDCC}" = lport=2869 | protocol=6 | dir=in | app=system |
"{5A453BA7-1497-43BC-ADA0-6E5D1C3922A9}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{5EC7440D-0D30-45A1-85C8-844CD0131236}" = lport=137 | protocol=17 | dir=in | app=system |
"{5F680300-7CD9-47E0-A7BA-FE4E48E2AB42}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{6429B0EB-01F6-4543-8C9F-2FA7DF18348C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{74B9183B-582B-4F5C-9F67-E61037585D85}" = lport=2869 | protocol=6 | dir=in | app=system |
"{7D58D6EA-E636-4CD7-9FD4-FE28023D3D07}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{7D74F7F6-F7D4-4CA7-819E-EA71266DA5A6}" = lport=138 | protocol=17 | dir=in | app=system |
"{8A695735-0D50-4077-B01D-AF8561BA7DA7}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{9254CEFE-CB6E-4065-847E-6BA20E457DCA}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{9C0AF538-F6EA-4911-B0F0-1DE0CE576E66}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{B75F515B-D18C-4D2E-8EDE-20262A071699}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{C2B42F54-9CDE-4AA6-960D-A5CC33D654A9}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{CCC90B71-F158-48A2-9316-0087D15A2D85}" = lport=2869 | protocol=6 | dir=in | app=system |
"{CE9DE1BE-6C61-4120-AC1B-D28C4E6F1A35}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{D05AED4D-F344-4C51-A8BD-046D22DA3DD0}" = rport=137 | protocol=17 | dir=out | app=system |
"{F86EFFC0-3352-4187-ACD6-EC98879363D2}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{F9B4D9D4-AA65-41F1-8C83-8E41D2E2EA69}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{FB945A36-67F1-4C89-8DC5-7FBF40901DE9}" = rport=445 | protocol=6 | dir=out | app=system |
"{FF704A58-A475-46DB-A9F2-2E749AFE4191}" = rport=139 | protocol=6 | dir=out | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03A32D70-C67A-4397-8497-39DEFF74F080}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{090BA670-1140-4A65-A75A-D99B2156D7ED}" = protocol=17 | dir=in | app=c:\program files\icq7.1\icq.exe |
"{095B85A6-6A1A-4733-8C11-E8D9A7D634C8}" = protocol=17 | dir=in | app=c:\program files\terratec\terratec home cinema\insttool.exe |
"{0A9D9C92-7416-4B33-8F3A-8A807E9F96E9}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{17E75FB7-EC47-48B4-83CF-26C09EC70F24}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{1E3D166D-4AB3-4F36-81FD-9025671DFD5D}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{2A9B24BD-FBB1-467B-854A-C6AE906FCE40}" = protocol=6 | dir=in | app=c:\program files\icq7.1\icq.exe |
"{332991E1-CD45-4FD8-A666-923997D18CC8}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{34B5A2B6-B782-4ECF-A952-B96A5AEF6FEA}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{3593415B-D914-4772-A603-38ED8BEA3D1C}" = protocol=6 | dir=in | app=c:\program files\icq7.1\aolload.exe |
"{3648342A-44CC-475E-81E0-4065ACE36F79}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{3BEC5918-CFCA-4A16-94A8-0405636BF1B8}" = protocol=6 | dir=in | app=c:\program files\terratec\terratec home cinema\cinergydvr.exe |
"{3BF3D01E-B7C7-4A71-A3B5-4A7C018A9705}" = protocol=17 | dir=in | app=c:\program files\icq7.1\aolload.exe |
"{4217B96D-811C-411E-926F-4CC97B4F4539}" = protocol=6 | dir=in | app=c:\program files\goforfiles\goforfilesdl.exe |
"{4D7D0E81-F020-4323-BC06-804EAFDBC138}" = protocol=6 | dir=in | app=c:\program files\google\google talk\googletalk.exe |
"{4ECA886B-72C4-4DBF-932E-04EB6EC91F5D}" = protocol=17 | dir=in | app=c:\program files\icq7.1\icq.exe |
"{4F7529D1-F213-43D6-BD0D-57A7830D78B6}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{6062DA68-698B-4F7C-94FF-9F7519264A8E}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{620BF46F-0882-453C-A745-373A4F2BDA79}" = protocol=6 | dir=in | app=c:\program files\icq7.1\icq.exe |
"{62DF44A8-7BF6-4E7A-8CAD-95ADDE719404}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{63C56378-AA7E-4EC1-A6F9-7A0F83261EF1}" = protocol=17 | dir=in | app=c:\program files\terratec\terratec home cinema\versioncheck\versioncheck.exe |
"{676A1359-FDA7-4F98-A2E7-4FA7BD800E41}" = protocol=6 | dir=in | app=c:\program files\terratec\terratec home cinema\versioncheck\versioncheck.exe |
"{68F5756E-BD17-45B7-A775-6EB25510E7CB}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{6DBE3175-89AD-4EC6-9A16-658442CD642C}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{6ED2A89B-72EA-4F7C-9AA8-8E8CFF22B714}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{782EF26E-C58B-461D-AE0B-5858FF034009}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{7AFAF51B-1983-4FEC-89E5-3F6BA77FEDE4}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{83F3A636-DC5F-4213-A120-8250B165C0CF}" = protocol=6 | dir=in | app=c:\program files\goforfiles\goforfiles.exe |
"{901CD394-35BA-4048-AEF3-AC5C4FA4D902}" = protocol=17 | dir=in | app=c:\program files\google\google talk\googletalk.exe |
"{91AB3583-7B7F-4A9D-8F82-823EF44E6E61}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{9F8AEDFB-AA1A-45B3-9171-22DFD9EE69F5}" = protocol=17 | dir=in | app=c:\program files\goforfiles\goforfilesdl.exe |
"{A93EBF65-1DA2-42AA-927D-AF8E36D560BD}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{A9461152-E198-4509-B4A6-D492FF6D8663}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{ACABD999-BF8A-4078-812F-2E181A4C903B}" = protocol=6 | dir=in | app=c:\program files\icq7.1\aolload.exe |
"{AFAF9CAC-F6DD-4C4E-8C63-9D2E13B52A37}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{B073A4B6-088B-4075-A5F4-114BA71E3C7D}" = protocol=6 | dir=in | app=f:\network\epsonnetsetup\eneasyapp.exe |
"{B0A54EE6-044B-483A-A837-475A368A4D24}" = protocol=17 | dir=in | app=c:\program files\icq7.1\aolload.exe |
"{B1B11981-7035-4AF3-AFDB-1C6E7161EADA}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{B2BD0CE2-A2F0-403D-91A5-750B6F181997}" = protocol=17 | dir=in | app=c:\program files\icq7.1\icq.exe |
"{B3521047-1C38-4DA9-BC7C-70D1E7D014FE}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{B5FF9984-77F8-4E99-B9EF-83A970366FF3}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{B6120E56-A93A-445A-AAA8-262849DED989}" = protocol=17 | dir=in | app=c:\program files\terratec\terratec home cinema\cinergydvr.exe |
"{BC66C1CB-F089-4B20-BAAC-E31500A23014}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{BF79A2C9-1A81-4708-AF35-5C7969EF3C8B}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{BF9BFDF9-F8A1-4AE7-85BA-769EF81BA4C8}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{C2C5A39C-A97C-4B79-A75A-AB63D4AD8165}" = dir=in | app=c:\program files\dvblogic\dvblink\sinks\network_streamer\asf_transcoder_host.exe |
"{C75B7CFE-9BC5-4C3F-8154-35A4353174F6}" = protocol=17 | dir=in | app=f:\network\epsonnetsetup\eneasyapp.exe |
"{C7AD6E79-E267-42E6-AF17-C69BE9992623}" = protocol=6 | dir=in | app=c:\program files\terratec\terratec home cinema\insttool.exe |
"{CFC81ED6-EC7E-4A1B-96E7-95BD2912D772}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{D535F660-58AB-4546-9B4C-D93F0439C27F}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{DEA4337B-74E8-4F77-A98E-98690885883C}" = protocol=17 | dir=in | app=c:\program files\goforfiles\goforfiles.exe |
"{E0605177-0B64-48D9-8E28-38997062AA84}" = protocol=6 | dir=in | app=c:\program files\icq7.1\aolload.exe |
"{E0BE19B2-A1E0-4472-B353-1160537C2745}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{E12F1301-542D-4288-B683-C35EB81BE3E4}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{E214BD0F-9390-4271-8928-2537151E0129}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{E975B2B2-349D-4010-BEEC-0CCAFF920DF6}" = protocol=17 | dir=in | app=c:\program files\icq7.1\aolload.exe |
"{EB763BD2-B82C-44C8-A573-FA4972F0C9D4}" = dir=in | app=c:\program files\dvblogic\dvblink\dvblink_server.exe |
"{EBAE0B51-8B08-42DA-BFD7-B106C6CD7751}" = protocol=6 | dir=in | app=c:\program files\terratec\terratec home cinema\tvtvsetup\tvtv_wizard.exe |
"{ED7A003F-6E65-483E-A032-BBD3EDB5969D}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{F75DEBA6-5A43-40EC-B262-315A763684EB}" = protocol=6 | dir=in | app=c:\program files\icq7.1\icq.exe |
"{FCB9418B-0839-4F36-83A4-DE2DA29F94E9}" = protocol=17 | dir=in | app=c:\program files\terratec\terratec home cinema\tvtvsetup\tvtv_wizard.exe |
"TCP Query User{10274428-2F70-4101-ADF4-346D1BCC844C}G:\half-life\hl.exe" = protocol=6 | dir=in | app=g:\half-life\hl.exe |
"TCP Query User{113ECB03-E215-4704-95EB-97F9C2DF41BB}G:\spiele\worms2\frontend.exe" = protocol=6 | dir=in | app=g:\spiele\worms2\frontend.exe |
"TCP Query User{214B6FF2-0FED-47CA-90F1-084454FB355B}C:\program files\dolby\dolby lake controller v4.2.1\dolby lake controller.exe" = protocol=6 | dir=in | app=c:\program files\dolby\dolby lake controller v4.2.1\dolby lake controller.exe |
"TCP Query User{3342E648-875D-4641-9315-2787AA18946C}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe |
"TCP Query User{437AB3B8-4E4E-4428-A41F-8E4DE1819968}C:\program files\bearshare\bearshare.exe" = protocol=6 | dir=in | app=c:\program files\bearshare\bearshare.exe |
"TCP Query User{479CB086-11D5-41D4-9FD4-932ECED64789}C:\program files\ma lighting technologies\grandma\grandma2 onpc 2.2.0.13\gma2onpc.exe" = protocol=6 | dir=in | app=c:\program files\ma lighting technologies\grandma\grandma2 onpc 2.2.0.13\gma2onpc.exe |
"TCP Query User{47C7B76B-8EB0-42F8-8615-15EB926E6191}C:\program files\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe |
"TCP Query User{4BA301AA-DA38-4AD5-AD1A-34F356B3B11F}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe |
"TCP Query User{58C5118C-5A72-4771-AF8F-4667641EDF99}C:\program files\itunes\itunes.exe" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"TCP Query User{5A33CB0B-EACB-42B7-9CF5-06B6A1CC2808}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{6E7EBC32-C59B-437B-AEDC-6F2FB5446D2A}C:\program files\icq6\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6\icq.exe |
"TCP Query User{7AEFAA0F-0F66-4410-892A-649F88DC0D03}I:\programme\grandma\grandma onpc 6.614\gmaonpc.exe" = protocol=6 | dir=in | app=i:\programme\grandma\grandma onpc 6.614\gmaonpc.exe |
"TCP Query User{81FC47D1-4996-43E8-B9CA-0439F7DCADBC}C:\program files\ma lighting technologies\grandma\grandma2 onpc 2.2.0.13\gma2onpc.exe" = protocol=6 | dir=in | app=c:\program files\ma lighting technologies\grandma\grandma2 onpc 2.2.0.13\gma2onpc.exe |
"TCP Query User{886943B3-3EE4-4887-A75E-A91CEFC90A36}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"TCP Query User{9184AD2E-B227-4418-BD5A-0582D8577A8F}C:\users\markus wester\appdata\local\temp\onlineupdate8\setupxu.exe" = protocol=6 | dir=in | app=c:\users\markus wester\appdata\local\temp\onlineupdate8\setupxu.exe |
"TCP Query User{B2D1E011-677B-4726-B41D-727C698E8E07}G:\spiele\worms 4 mayhem.exe" = protocol=6 | dir=in | app=g:\spiele\worms 4 mayhem.exe |
"TCP Query User{C1AEBF23-5056-4663-8B03-71F3EB6B018E}I:\programme\grandma\grandma onpc 6.603\gmaonpc.exe" = protocol=6 | dir=in | app=i:\programme\grandma\grandma onpc 6.603\gmaonpc.exe |
"TCP Query User{CBFC9F37-0D2F-4633-818F-281D3D6A605D}C:\program files\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe |
"TCP Query User{D705B722-3719-427B-BA2B-A25E541054AC}L:\feuerwehr\fms32 pro\fms32prodemo.exe" = protocol=6 | dir=in | app=l:\feuerwehr\fms32 pro\fms32prodemo.exe |
"TCP Query User{EA88919B-8B41-4398-9E0D-4AA529A4E813}C:\program files\icq6\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6\icq.exe |
"TCP Query User{F1A3F115-37BF-4405-88B5-D184B7173A02}C:\program files\azureus\azureus.exe" = protocol=6 | dir=in | app=c:\program files\azureus\azureus.exe |
"TCP Query User{F6E787C8-160B-4508-AB64-504A7F558E08}C:\program files\dolby\dolby lake controller v4.2.1\dolby lake controller.exe" = protocol=6 | dir=in | app=c:\program files\dolby\dolby lake controller v4.2.1\dolby lake controller.exe |
"UDP Query User{115502F9-14F3-4C8A-9474-0C4F3D4D34C2}C:\program files\icq6\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6\icq.exe |
"UDP Query User{1C178151-1F83-4BFB-BD79-7333BFE5E057}G:\half-life\hl.exe" = protocol=17 | dir=in | app=g:\half-life\hl.exe |
"UDP Query User{2A2EFC48-D1DB-45BC-AE1D-70A784DF6D18}L:\feuerwehr\fms32 pro\fms32prodemo.exe" = protocol=17 | dir=in | app=l:\feuerwehr\fms32 pro\fms32prodemo.exe |
"UDP Query User{3E77D89F-7C88-4698-8A83-55134F8066FA}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"UDP Query User{42B1F589-A53A-42B4-AB07-FD00159BA752}C:\program files\dolby\dolby lake controller v4.2.1\dolby lake controller.exe" = protocol=17 | dir=in | app=c:\program files\dolby\dolby lake controller v4.2.1\dolby lake controller.exe |
"UDP Query User{4D38898A-6049-44BB-9456-D9AD8B59618F}C:\program files\dolby\dolby lake controller v4.2.1\dolby lake controller.exe" = protocol=17 | dir=in | app=c:\program files\dolby\dolby lake controller v4.2.1\dolby lake controller.exe |
"UDP Query User{53E3AF45-D96B-4BA4-ADE8-4FB099BBF246}C:\users\markus wester\appdata\local\temp\onlineupdate8\setupxu.exe" = protocol=17 | dir=in | app=c:\users\markus wester\appdata\local\temp\onlineupdate8\setupxu.exe |
"UDP Query User{6579262E-69AF-42B5-9197-94516E1E2F42}C:\program files\ma lighting technologies\grandma\grandma2 onpc 2.2.0.13\gma2onpc.exe" = protocol=17 | dir=in | app=c:\program files\ma lighting technologies\grandma\grandma2 onpc 2.2.0.13\gma2onpc.exe |
"UDP Query User{6BAE85AB-557D-408D-B58A-BB5D932103AF}C:\program files\itunes\itunes.exe" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"UDP Query User{7C7EFD3F-6CA3-4968-B65C-EEB7D5B6AB81}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe |
"UDP Query User{A09D2C30-3C0F-4DBA-AD49-26DBD85BD0A5}C:\program files\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe |
"UDP Query User{A998F9D3-52E6-4C17-9C1B-C6F51FBA8698}I:\programme\grandma\grandma onpc 6.603\gmaonpc.exe" = protocol=17 | dir=in | app=i:\programme\grandma\grandma onpc 6.603\gmaonpc.exe |
"UDP Query User{AAD7BB0E-BD1E-4B45-9F80-7F4EAE273AA9}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe |
"UDP Query User{AE0E6BC6-C02F-4C62-A9F6-0BD235D51999}C:\program files\bearshare\bearshare.exe" = protocol=17 | dir=in | app=c:\program files\bearshare\bearshare.exe |
"UDP Query User{AEDFB1D7-1525-4818-8147-8AFB76D3AF91}C:\program files\ma lighting technologies\grandma\grandma2 onpc 2.2.0.13\gma2onpc.exe" = protocol=17 | dir=in | app=c:\program files\ma lighting technologies\grandma\grandma2 onpc 2.2.0.13\gma2onpc.exe |
"UDP Query User{B864A5C6-AD09-456F-B4CE-337C19FAAC29}C:\program files\icq6\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6\icq.exe |
"UDP Query User{B9D4F562-B68F-4DCD-91A4-ADDA904112D8}G:\spiele\worms 4 mayhem.exe" = protocol=17 | dir=in | app=g:\spiele\worms 4 mayhem.exe |
"UDP Query User{BE60FB70-9BAA-4C6A-A8D4-368D9EE5C9BF}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{D437332E-D60E-4354-9322-FE46DC8AB6FD}C:\program files\azureus\azureus.exe" = protocol=17 | dir=in | app=c:\program files\azureus\azureus.exe |
"UDP Query User{DB222749-3A9F-4562-A789-57AD9F348A44}C:\program files\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe |
"UDP Query User{E3E97E1F-141E-4125-B81B-9753372D383D}G:\spiele\worms2\frontend.exe" = protocol=17 | dir=in | app=g:\spiele\worms2\frontend.exe |
"UDP Query User{EBCA8294-A50A-45A4-8A3D-1674E196197E}I:\programme\grandma\grandma onpc 6.614\gmaonpc.exe" = protocol=17 | dir=in | app=i:\programme\grandma\grandma onpc 6.614\gmaonpc.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000407-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Premium
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{00D0200F-3B4D-4A2F-869E-533ED835A943}" = Hervorhebe-Funktion (Windows Live Toolbar)
"{01FDC9FC-4D4F-4DB0-ACD1-D3E8E1D52902}" = Sony Video Shared Library
"{0289B35E-DC07-4c7a-9710-BBD686EA4B7D}" = Status
"{028ED9C4-25EE-4DEE-9CF4-91034BC89B18}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{07159635-9DFE-4105-BFC0-2817DB540C68}" = Roxio Activation Module
"{07629207-FAA0-4F1A-8092-BF5085BE511F}" = Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{12D0BE8D-538C-4AB1-86DE-C540308F50DA}" = VAIO Content Metadata Manager Settings
"{133F46FF-B547-4462-AEAA-2322CA89CF67}" = VAIO Database Converter Ver 1.0
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693}" = BrowserDefender
"{15D5C238-4C2E-4AEA-A66D-D6989A4C586B}" = VAIO Launcher
"{1746EA69-DCB6-4408-B5A5-E75F55439CDF}" = Scan
"{179C56A4-F57F-4561-8BBF-F911D26EB435}" = WebReg
"{17DFE37C-064E-4834-AD8F-A4B2B4DF68F8}" = Adobe Photoshop Elements 8.0
"{18510937-0146-417B-95D8-14706649C384}" = VAIO Content Metadata Manager Settings
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = WinDVD for VAIO
"{2063C2E8-3812-4BBD-9998-6610F80C1DD4}" = VAIO Media AC3 Decoder 1.0
"{206FD69B-F9FE-4164-81BD-D52552BC9C23}" = GearDrvs
"{218761F6-CBF6-4973-B910-A33E6563A1EA}" = Windows Live Toolbar-Erweiterung (Windows Live Toolbar)
"{23825B69-36DF-4DAD-9CFD-118D11D80F16}" = VAIO Content Folder Setting
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 21
"{28549656-3CB3-44B6-9FAB-925A18DAC796}" = VAIO Movie Story
"{28AD24E2-BC9F-49B8-A20C-31C6C2D78428}" = VAIO Database Converter 1.0
"{291FB4BF-EEC7-4CF9-8469-F39ED1DBC4D8}" = VAIO Content Metadata XML Interface Library
"{2DD6C198-FA9A-40B4-8DE5-CE5206E3EB34}" = Smart Menus (Windows Live Toolbar)
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{33E87189-3534-40B0-9DA2-10598B64EDAF}" = DVBLink TVSource
"{36FDBE6E-6684-462B-AE98-9A39A1B200CC}" = HP Product Assistant
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3B659FAD-E772-44A3-B7E7-560FF084669F}" = VAIO Smart Network
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3C43EAE7-22C0-4b33-ABFB-3757ECA5FD7B}" = HP Officejet All-In-One Series
"{3E31400D-274E-4647-916C-2CACC3741799}" = EpsonNet Print
"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = Browser Address Error Redirector
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{40724630-C95F-449d-B71D-777CFDE9EA21}" = J5700
"{40BA976E-38B8-4C63-990C-50999C8C3521}" = BPD_Scan
"{41A96655-19FB-473c-AAB7-429E372527C8}" = ProductContext
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{468D22C0-8080-11E2-B86E-B8AC6F98CCE3}" = Google Earth
"{4882EBF5-CA37-4EF4-BCB8-9B0E78B907D0}" = VAIO Content Metadata Intelligent Analyzing Manager
"{49F2B650-2D7B-4F59-B33D-346F63776BD3}" = DocProc
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4BA5EF57-CF36-46A4-90F1-139803BF21BB}" = DVBLink Connect! Server
"{4cb9f93c-9edc-4be9-ae61-af128ddbecfa}" = Business Contact Manager für Outlook 2007 SP2
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.1
"{4EA55D20-27FB-45D7-8726-147E8A5F6C62}" = VAIO MusicBox
"{500162A0-4DD5-460A-BAFD-895AAE48C532}" = VAIO Media Content Collection 6.0
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{51C91B84-7B46-4FE7-8999-8228CFA75F89}" = Intel(R) Integrated Performance Primitives RTI 4.0
"{560F6B2E-F0DF-44E5-8190-A4A161F0E205}" = VAIO Media 6.0
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57B955CE-B5D3-495D-AF1B-FAEE0540BFEF}" = VAIO Data Restore Tool
"{5855C127-1F20-404D-B7FB-1FD84D7EAB5E}" = VAIO Media Redistribution 6.0
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{596BED91-A1D8-4DF1-8CD1-1C777F7588AC}" = VAIO DVD Menu Data Basic
"{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}" = Apple Application Support
"{5D0F0C1F-46B0-4AA2-B8DC-02E5FE777C19}" = 5700_Help
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{63A6E9A9-A190-46D4-9430-2DB28654AFD8}" = Norton 360
"{63B9BAB5-F36A-4A3B-9E5C-68A7F212BFB9}" = TerraTec Home Cinema
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{67D3F1A0-A1F2-49b7-B9EE-011277B170CD}" = HPProductAssistant
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6B1F20F2-6321-4669-A58C-33DF8E7517FF}" = VAIO Entertainment Platform
"{6C1EC809-88C6-4111-A6E0-0C6E203B3818}" = VAIO Movie Story 1.3 Upgrade
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{6FA8BA2C-052B-4072-B8E2-2302C268BE9E}" = VAIO Movie Story Template Data
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{72042FA6-5609-489F-A8EA-3C2DD650F667}" = VAIO Control Center
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{785EB1D4-ECEC-4195-99B4-73C47E187721}" = VAIO Media Integrated Server 6.1
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7C404084-C5A6-42FF-B731-0BAC79A6E134}" = VAIO Original Funktion Einstellungen
"{802889F8-6AF5-45A5-9764-CA5B999E50FC}" = VAIO Power Management
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90A40407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{91FD46D2-4FB7-4A51-8637-556E1BE1DB7C}" = iTunes
"{925F1DB6-E86E-4378-9091-D1F68B0583C9}" = iCloud
"{926BD0E8-24A3-41D2-AF9B-340F1A37ED12}" = MobileMe Control Panel
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-007A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{95229EF6-F4A1-413A-BA50-668311FAFE19}" = VAIO Original Function Settings
"{95D08F4E-DFC2-4ce3-ACB7-8C8E206217E9}" = MarketResearch
"{96296507-058A-4BFA-A042-998487514AC9}" = VAIO Entertainment Platform
"{989ED050-E296-4FDC-9E4E-C48B4AF76E32}" = VAIO Content Metadata Intelligent Analyzing Manager
"{98FC7A64-774B-49B5-B046-4B4EBC053FA9}" = VAIO MusicBox Sample Music
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B1FD9CE-0776-4f0b-A6F5-C6AB7B650CDF}" = Destinations
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C2D4047-0E40-499a-AC7A-C4B9BB12FE03}" = TrayApp
"{9D12A8B5-9D41-4465-BF11-70719EB0CD02}" = VU5x86
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Alps Pointing-device for VAIO
"{9FA8B5F5-4BDC-4CF4-9202-AA97FF79AE98}" = VAIO Media
"{9FF95DA2-7DA1-4228-93B7-DED7EC02B6B2}" = VAIO Update
"{A02D7029-C4EF-44C1-9FD4-C0D3CA518113}" = Epson Easy Photo Print 2
"{A2CC286B-BFE9-4D1F-9EDA-AA3E8289CA12}" = BPDSoftware_Ini
"{A3563827-B0DB-44DC-B037-15CC4E5E692F}" = VAIO Content Metadata XML Interface Library
"{A36CD345-625C-4d6c-B3E2-76E1248CB451}" = SolutionCenter
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A7DA438C-2E43-4C20-BFDA-C1F4A6208558}" = Setting Utility Series
"{A80FA752-C491-4ED9-ABF0-4278563160B2}" = 32 Bit HP CIO Components Installer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.7) - Deutsch
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{AF9A04EB-7D8E-41DE-9EDE-4AB9BB2B71B6}" = VAIO Media Registration Tool 6.0
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B1991F22-4F93-4D11-9866-A7DFE551DF9E}" = VAIO Content Metadata Intelligent Analyzing Manager
"{B25563A0-41F4-4A81-A6C1-6DBC0911B1F3}" = VAIO Movie Story
"{B2D55EB8-32C5-4B43-9006-9E97DECBA178}" = Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser)
"{B67BAFBA-4C9F-48FA-9496-933E3B255044}" = QuickTime
"{B8DC6C33-ADF5-47EC-9116-705C0C8F408C}" = DVBLink Server
"{BE77A81F-B315-4666-9BF3-AE70C0ADB057}" = BufferChm
"{C0482AA0-9CDF-49B4-9B39-551FD1A7A7E6}" = VAIO Movie Story 1.5 Upgrade
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{C716522C-3731-4667-8579-40B098294500}" = Toolbox
"{C7477742-DDB4-43E5-AC8D-0259E1E661B1}" = VAIO Event Service
"{CCD663AE-610D-4BDF-AAB0-E914B044527D}" = OpenMG Secure Module 4.7.00
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D60F97EC-EF06-4E1E-B0D1-C2CBABA62FA3}" = VAIO Wallpaper Contents
"{dc57c3f1-257a-42c0-9300-8fa645304f88}_is1" = Funkspiel Rettlingen
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E14ADE0E-75F3-4A46-87E5-26692DD626EC}" = Apple Mobile Device Support
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E89D31F3-7F6C-47A3-8669-0A8DDE27B664}" = VAIO Media Registration Tool
"{EB21A812-671B-4D08-B974-2A347F0D8F70}" = HP Photosmart Essential
"{EB75DE50-5754-4F6F-875D-126EDF8E4CB3}" = HPSSupply
"{ECAD4F6A-0BF3-4028-9C81-E5D9F9606CBA}" = BPDSoftware
"{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}" = PL-2303 USB-to-Serial
"{EEEB604C-C1A7-4f8c-B03F-56F9C1C9C45F}" = Fax
"{EF1ADA5A-0B1A-4662-8C55-7475A61D8B65}" = DeviceDiscovery
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F46E21DF-5BE1-48E2-8390-5EEA8B25E36A}" = Microsoft SQL Server Native Client
"{F570A6CC-53ED-4AA9-8B08-551CD3E38D8B}" =
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F88A7EB0-90F4-4012-9194-33AF2F1C5BF1}" = VAIO Movie Story 1.5 Upgrade
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FDE96E86-7780-431C-92F7-679C6A7CEC51}" = Microsoft SQL Server VSS Writer
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop Elements 8.0" = Adobe Photoshop Elements 8.0
"Avira AntiVir Desktop" = Avira Free Antivirus
"Business Contact Manager" = Business Contact Manager für Outlook 2007 SP2
"Cinergy T Stick RC" = Cinergy T Stick RC V86.001.1129.2011
"delta" = Delta toolbar
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup" = DivX-Setup
"Dolby Lake Controller CProgram FilesDolbyDolby Lake Controller v4.2.1" = Dolby Lake Controller v4.2.1 Build 663
"dt icon module" =
"ElsterFormular 12.4.0.7094u" = ElsterFormular
"EPSON Scanner" = EPSON Scan
"EPSON SX235 Series" = EPSON SX235 Series Printer Uninstall
"EPSON SX235 Series Netg" = Netzwerkhandbuch EPSON SX235 Series
"EPSON SX235 Series Useg" = Benutzerhandbuch EPSON SX235 Series
"ESET Online Scanner" = ESET Online Scanner v3
"Free YouTube Download_is1" = Free YouTube Download version 3.2.3.610
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.12.3.610
"FUSSBALL MANAGER 08" = FUSSBALL MANAGER 08
"grandMA onPC 6.603" = grandMA onPC 6.603
"grandMA2 onPC 2.2.0.13" = grandMA2 onPC 2.2.0.13
"gtfirstboot Setting Request" =
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HP Imaging Device Functions" = HP Imaging Device Functions 8.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center 8.0
"HPExtendedCapabilities" = HP Customer Participation Program 8.0
"HPOCR" = HP OCR Software 8.0
"InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = WinDVD for VAIO
"InstallShield_{CCD663AE-610D-4BDF-AAB0-E914B044527D}" = OpenMG Secure Module 4.7.00
"KF730Wiz" = KF730Wiz
"MarketingTools" = Vaio Marketing Tools
"MFU Module" =
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Mozilla Firefox 19.0.2 (x86 de)" = Mozilla Firefox 19.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Nero - Burning Rom!UninstallKey" = Nero OEM
"NeroVision!UninstallKey" = NeroVision Express 2
"OpenMG HotFix4.7-07-13-22-01" = OpenMG Limited Patch 4.7-07-15-19-01
"PDF-to-Word 3.1 Demo" = PDF-to-Word 3.1 Demo
"Picasa 3" = Picasa 3
"qlvqa" = Favorit
"ST6UNST #1" = FMS32-PRO - Demoversion
"SurfingSoftware" = SurfingSoftware
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"VAIO Help and Support" =
"VAIO_My Club VAIO" = My Club VAIO
"VLC media player" = VLC media player 1.0.1
"Winamp" = Winamp
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 11.06.2013 06:26:17 | Computer Name = Markus-Laptop | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 11.06.2013 06:26:17 | Computer Name = Markus-Laptop | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 11.06.2013 09:42:07 | Computer Name = Markus-Laptop | Source = VzCdbSvc | ID = 7
Description = Das Plug-In-Modul konnte nicht geladen werden. (GUID = {56F9312C-C989-4E04-8C23-299DEE3A36F5})
(Fehlercode = 0x80042019)
Error - 11.06.2013 10:02:43 | Computer Name = Markus-Laptop | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung iexplore.exe, Version 9.0.8112.16483, Zeitstempel
0x515df825, fehlerhaftes Modul gdiplus.dll_unloaded, Version 0.0.0.0, Zeitstempel
0x4f2bf90a, Ausnahmecode 0xc0000005, Fehleroffset 0x741a74b2, Prozess-ID 0x1540,
Anwendungsstartzeit 01ce66abf4b15c66.
Error - 11.06.2013 14:26:06 | Computer Name = Markus-Laptop | Source = VzCdbSvc | ID = 7
Description = Das Plug-In-Modul konnte nicht geladen werden. (GUID = {56F9312C-C989-4E04-8C23-299DEE3A36F5})
(Fehlercode = 0x80042019)
Error - 11.06.2013 16:35:20 | Computer Name = Markus-Laptop | Source = VzCdbSvc | ID = 7
Description = Das Plug-In-Modul konnte nicht geladen werden. (GUID = {56F9312C-C989-4E04-8C23-299DEE3A36F5})
(Fehlercode = 0x80042019)
Error - 12.06.2013 12:07:23 | Computer Name = Markus-Laptop | Source = VzCdbSvc | ID = 7
Description = Das Plug-In-Modul konnte nicht geladen werden. (GUID = {56F9312C-C989-4E04-8C23-299DEE3A36F5})
(Fehlercode = 0x80042019)
Error - 12.06.2013 16:59:47 | Computer Name = Markus-Laptop | Source = VzCdbSvc | ID = 7
Description = Das Plug-In-Modul konnte nicht geladen werden. (GUID = {56F9312C-C989-4E04-8C23-299DEE3A36F5})
(Fehlercode = 0x80042019)
Error - 12.06.2013 17:26:41 | Computer Name = Markus-Laptop | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung WinMail.exe, Version 6.0.6001.18000, Zeitstempel
0x47918ed8, fehlerhaftes Modul gdiplus.dll_unloaded, Version 0.0.0.0, Zeitstempel
0x4f2bf90a, Ausnahmecode 0xc0000005, Fehleroffset 0x73c474b2, Prozess-ID 0x111c,
Anwendungsstartzeit 01ce67afe0aaf125.
Error - 12.06.2013 17:27:54 | Computer Name = Markus-Laptop | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung iexplore.exe, Version 9.0.8112.16483, Zeitstempel
0x515df825, fehlerhaftes Modul gdiplus.dll_unloaded, Version 0.0.0.0, Zeitstempel
0x4f2bf90a, Ausnahmecode 0xc0000005, Fehleroffset 0x73c474b2, Prozess-ID 0x1718,
Anwendungsstartzeit 01ce67b391920d95.
[ Media Center Events ]
Error - 17.04.2008 05:27:37 | Computer Name = Markus-Laptop | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: Download von Paket MCESpotlight
gescheitert.
[ System Events ]
Error - 11.06.2013 16:35:17 | Computer Name = Markus-Laptop | Source = Service Control Manager | ID = 7022
Description =
Error - 11.06.2013 21:25:57 | Computer Name = Markus-Laptop | Source = DCOM | ID = 10010
Description =
Error - 11.06.2013 21:26:04 | Computer Name = Markus-Laptop | Source = DCOM | ID = 10010
Description =
Error - 12.06.2013 12:06:08 | Computer Name = Markus-Laptop | Source = Service Control Manager | ID = 7000
Description =
Error - 12.06.2013 12:06:08 | Computer Name = Markus-Laptop | Source = Service Control Manager | ID = 7000
Description =
Error - 12.06.2013 12:07:13 | Computer Name = Markus-Laptop | Source = Service Control Manager | ID = 7022
Description =
Error - 12.06.2013 12:11:22 | Computer Name = Markus-Laptop | Source = DCOM | ID = 10010
Description =
Error - 12.06.2013 16:58:37 | Computer Name = Markus-Laptop | Source = Service Control Manager | ID = 7000
Description =
Error - 12.06.2013 16:58:37 | Computer Name = Markus-Laptop | Source = Service Control Manager | ID = 7000
Description =
Error - 12.06.2013 16:59:44 | Computer Name = Markus-Laptop | Source = Service Control Manager | ID = 7022
Description =
< End of report >
|
|
13.06.2013, 00:00
| #18 |
| /// TB-Ausbilder | GUV Trojaner Hallo,
__________________jetzt hast du dir bereits wieder eine Menge Adware installiert...  Schritt 1
Schritt 2 Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Schritt 3 Starte bitte die OTL.exe.
Bitte poste in deiner nächsten Antwort:
__________________ |
|
13.06.2013, 23:28
| #19 |
| | GUV Trojaner AdwCleaner Logfile: Code:
ATTFilter # AdwCleaner v2.303 - Datei am 13/06/2013 um 23:35:23 erstellt
# Aktualisiert am 08/06/2013 von Xplode
# Betriebssystem : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# Benutzer : Markus Wester - MARKUS-LAPTOP
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Markus Wester\Desktop\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Datei Gelöscht : C:\Users\Markus Wester\AppData\Roaming\Mozilla\Firefox\Profiles\iftac3se.default\bProtector_extensions.rdf
Gelöscht mit Neustart : C:\ProgramData\BrowserDefender
Ordner Gelöscht : C:\ProgramData\Babylon
Ordner Gelöscht : C:\ProgramData\BrowserProtect
Ordner Gelöscht : C:\Users\Markus Wester\AppData\Roaming\Babylon
Ordner Gelöscht : C:\Users\Markus Wester\AppData\Roaming\dvdvideosoftiehelpers
Ordner Gelöscht : C:\Users\Markus Wester\AppData\Roaming\Mozilla\Firefox\Profiles\iftac3se.default\extensions\{ACAA314B-EEBA-48E4-AD47-84E31C44796C}
Ordner Gelöscht : C:\Users\Markus Wester\AppData\Roaming\OpenCandy
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKCU\Software\BabSolution
Schlüssel Gelöscht : HKCU\Software\DataMngr
Schlüssel Gelöscht : HKCU\Software\DataMngr_Toolbar
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{82E1477C-B154-48D3-9891-33D83C26BCD3}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{82E1477C-B154-48D3-9891-33D83C26BCD3}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\YahooPartnerToolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\58edd8be234e548
Schlüssel Gelöscht : HKLM\Software\Babylon
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\Software\DataMngr
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16483
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v19.0.2 (de)
Datei : C:\Users\Markus Wester\AppData\Roaming\Mozilla\Firefox\Profiles\iftac3se.default\prefs.js
[OK] Die Datei ist sauber.
-\\ Google Chrome v [Version kann nicht ermittelt werden]
Datei : C:\Users\Markus Wester\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] Die Datei ist sauber.
*************************
AdwCleaner[S1].txt - [3283 octets] - [13/06/2013 23:35:23]
########## EOF - C:\AdwCleaner[S1].txt - [3343 octets] ##########
OTL Logfile:
Code:
ATTFilter OTL logfile created on: 14.06.2013 00:00:23 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Markus Wester\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1,99 Gb Total Physical Memory | 0,57 Gb Available Physical Memory | 28,88% Memory free 4,21 Gb Paging File | 2,65 Gb Available in Paging File | 63,01% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 139,87 Gb Total Space | 43,43 Gb Free Space | 31,05% Space Free | Partition Type: NTFS Drive L: | 465,76 Gb Total Space | 394,34 Gb Free Space | 84,67% Space Free | Partition Type: NTFS Computer Name: MARKUS-LAPTOP | User Name: Markus Wester | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.06.12 23:27:46 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Markus Wester\Desktop\OTL.exe PRC - [2013.05.10 09:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2013.03.26 15:43:42 | 001,013,808 | ---- | M] (Sony Corporation) -- C:\Programme\Sony\VAIO Update\VUAgent.exe PRC - [2013.03.26 15:16:14 | 001,083,440 | ---- | M] (Sony Corporation) -- C:\Programme\Sony\VAIO Update\VAIOUpdt.exe PRC - [2012.08.10 12:46:17 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.05.13 16:11:22 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2012.05.13 16:11:17 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe PRC - [2012.05.13 16:11:16 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2011.12.08 19:22:38 | 002,807,808 | ---- | M] (DVBLogic) -- C:\Programme\DVBLogic\DVBLink\dvblink_server.exe PRC - [2011.12.06 17:47:56 | 000,058,368 | ---- | M] (DVBLogic) -- C:\Programme\DVBLogic\DVBLink\addons\connect_server\dvblink_mc_launcher.exe PRC - [2011.03.28 20:31:16 | 000,193,920 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE PRC - [2011.03.28 20:31:14 | 001,713,536 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE PRC - [2010.12.10 19:30:50 | 000,086,880 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe PRC - [2010.12.10 19:29:30 | 000,238,944 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe PRC - [2009.10.09 05:45:56 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe PRC - [2009.09.16 14:27:12 | 000,480,624 | ---- | M] (Sony Corporation) -- C:\Programme\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe PRC - [2009.05.19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe PRC - [2009.04.11 08:28:03 | 001,233,920 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009.03.05 19:59:50 | 000,313,264 | ---- | M] (Sony Corporation) -- C:\Programme\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe PRC - [2009.03.05 19:59:50 | 000,192,512 | ---- | M] (Sony Corporation) -- C:\Programme\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe PRC - [2009.03.05 19:41:58 | 005,189,992 | ---- | M] (Sony Corporation) -- C:\Programme\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe PRC - [2008.11.05 09:32:40 | 000,262,144 | ---- | M] (Sony Corporation) -- C:\Programme\Sony\Network Utility\LANUtil.exe PRC - [2008.11.03 17:01:44 | 000,299,008 | ---- | M] (Sony Corporation) -- C:\Programme\Sony\Network Utility\NSUService.exe PRC - [2008.01.19 09:33:37 | 000,397,312 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Mail\WinMail.exe PRC - [2008.01.16 10:51:44 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe PRC - [2007.10.31 14:13:44 | 000,921,600 | ---- | M] (Sony Corporation) -- C:\Programme\Sony\VAIO Power Management\SPMgr.exe PRC - [2007.08.14 21:05:18 | 000,182,392 | ---- | M] (Sony Corporation) -- C:\Programme\Sony\VAIO Event Service\VESMgr.exe PRC - [2007.08.14 21:05:18 | 000,100,472 | ---- | M] (Sony Corporation) -- C:\Programme\Sony\VAIO Event Service\VESMgrSub.exe PRC - [2007.06.10 02:12:18 | 000,118,784 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Programme\Apoint\Apoint.exe PRC - [2007.06.10 02:12:18 | 000,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Programme\Apoint\ApntEx.exe PRC - [2007.06.10 02:12:16 | 000,050,736 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Programme\Apoint\ApMsgFwd.exe PRC - [2007.01.04 20:48:52 | 000,112,152 | R--- | M] (InterVideo) -- C:\Programme\Common Files\InterVideo\RegMgr\iviRegMgr.exe PRC - [2006.12.19 19:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Programme\Common Files\EPSON\EBAPI\eEBSvc.exe PRC - [2003.06.19 23:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\VS7DEBUG\MDM.EXE PRC - [2000.06.29 10:45:10 | 000,052,224 | ---- | M] (Kenonic Controls Ltd.) -- C:\Windows\System32\Crypserv.exe ========== Modules (No Company Name) ========== MOD - [2011.06.24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2011.06.24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2007.09.20 02:04:28 | 000,249,856 | ---- | M] () -- C:\Windows\System32\igfxTMM.dll ========== Services (SafeList) ========== SRV - File not found [On_Demand | Stopped] -- C:\Users\MARKUS~1\AppData\Local\Temp\SUWARVUQPPSQ.exe -- (SUWARVUQPPSQ) SRV - File not found [Disabled | Stopped] -- C:\Windows\system32\IoctlSvc.exe -- (PLFlash DeviceIoControl Service) SRV - File not found [On_Demand | Stopped] -- C:\Users\MARKUS~1\AppData\Local\Temp\NFQRDNI.exe -- (NFQRDNI) SRV - File not found [On_Demand | Stopped] -- C:\Users\MARKUS~1\AppData\Local\Temp\KEDVYIK.exe -- (KEDVYIK) SRV - File not found [Auto | Stopped] -- C:\Users\MARKUS~1\AppData\Local\Temp\hpdj.exe -- (hpdj) SRV - File not found [Disabled | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon -- (CLTNetCnService) SRV - File not found [On_Demand | Stopped] -- C:\Users\MARKUS~1\AppData\Local\Temp\BBDIRSECKXY.exe -- (BBDIRSECKXY) SRV - [2013.06.11 22:56:21 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013.05.10 09:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2013.03.26 15:43:42 | 001,013,808 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Programme\Sony\VAIO Update\VUAgent.exe -- (VUAgent) SRV - [2013.03.07 16:29:15 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013.01.08 13:53:48 | 000,161,536 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.05.13 16:11:22 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.05.13 16:11:16 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011.12.08 19:22:38 | 002,807,808 | ---- | M] (DVBLogic) [Auto | Running] -- C:\Programme\DVBLogic\DVBLink\dvblink_server.exe -- (dvblink_server) SRV - [2011.03.28 20:31:14 | 001,713,536 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2010.12.10 19:30:50 | 000,086,880 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter) SRV - [2010.12.10 19:29:30 | 029,293,408 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$MSSMLBIZ) SRV - [2010.12.10 19:29:30 | 000,238,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser) SRV - [2010.12.10 19:29:30 | 000,044,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper) SRV - [2010.10.27 08:54:05 | 000,867,080 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2009.10.09 05:45:56 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor8.0) SRV - [2009.09.16 14:27:12 | 000,480,624 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Programme\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe -- (VcmIAlzMgr) SRV - [2009.09.08 19:09:14 | 000,083,312 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe -- (VcmXmlIfHelper) SRV - [2009.05.19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort) SRV - [2009.03.05 19:59:50 | 000,313,264 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Programme\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe -- (Vcsw) SRV - [2009.03.05 19:59:50 | 000,192,512 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Programme\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe -- (VzCdbSvc) SRV - [2009.03.05 19:59:50 | 000,069,632 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe -- (VAIO Entertainment TV Device Arbitration Service) SRV - [2009.03.05 19:41:58 | 005,189,992 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Programme\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe -- (VCFw) SRV - [2008.11.03 17:01:44 | 000,299,008 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Programme\Sony\Network Utility\NSUService.exe -- (NSUService) SRV - [2008.01.19 09:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2008.01.19 09:33:39 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) SRV - [2008.01.16 10:51:44 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc) SRV - [2007.08.14 21:05:18 | 000,182,392 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Programme\Sony\VAIO Event Service\VESMgr.exe -- (VAIO Event Service) SRV - [2007.06.20 16:35:06 | 002,523,136 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Sony\VAIO Media Integrated Server\VMISrv.exe -- (VAIOMediaPlatform-IntegratedServer-AppServer) SRV - [2007.06.20 16:34:52 | 000,499,712 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe -- (VAIOMediaPlatform-Mobile-Gateway) SRV - [2007.06.20 16:34:50 | 001,089,536 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe -- (VAIOMediaPlatform-UCLS-UPnP) SRV - [2007.06.20 16:34:50 | 001,089,536 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe -- (VAIOMediaPlatform-IntegratedServer-UPnP) SRV - [2007.06.20 16:34:50 | 000,397,312 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe -- (VAIOMediaPlatform-UCLS-HTTP) SRV - [2007.06.20 16:34:50 | 000,397,312 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe -- (VAIOMediaPlatform-IntegratedServer-HTTP) SRV - [2007.01.10 17:51:06 | 000,745,472 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Sony\VAIO Media Integrated Server\UCLS.exe -- (VAIOMediaPlatform-UCLS-AppServer) SRV - [2007.01.04 20:48:52 | 000,112,152 | R--- | M] (InterVideo) [Auto | Running] -- C:\Programme\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr) SRV - [2006.12.19 19:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Programme\Common Files\EPSON\EBAPI\eEBSvc.exe -- (EpsonBidirectionalService) SRV - [2006.12.14 03:21:20 | 000,045,056 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV) SRV - [2006.12.14 03:02:08 | 000,069,632 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV) SRV - [2006.12.14 02:46:16 | 000,057,344 | ---- | M] () [On_Demand | Stopped] -- C:\Programme\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR) SRV - [2006.10.26 15:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose) SRV - [2003.06.19 23:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Common Files\microsoft shared\VS7DEBUG\MDM.EXE -- (MDM) SRV - [2000.06.29 10:45:10 | 000,052,224 | ---- | M] (Kenonic Controls Ltd.) [Auto | Running] -- C:\Windows\System32\Crypserv.exe -- (Crypkey License) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | Disabled | Stopped] -- system32\DRIVERS\UIUSYS.SYS -- (UIUSys) DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\PCASp50.sys -- (PCASp50) DRV - File not found [Kernel | Disabled | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | Disabled | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | Disabled | Stopped] -- system32\DRIVERS\mdmxsdk.sys -- (mdmxsdk) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp) DRV - File not found [Kernel | Disabled | Stopped] -- system32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) DRV - File not found [Kernel | Disabled | Stopped] -- system32\DRIVERS\HSXHWAZL.sys -- (HSXHWAZL) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\MARKUS~1\AppData\Local\Temp\catchme.sys -- (catchme) DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive) DRV - [2013.02.22 07:32:08 | 000,134,144 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ser2pl.sys -- (Ser2plx86) DRV - [2012.05.13 16:11:23 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2012.05.13 16:11:23 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2012.01.09 12:49:12 | 000,043,392 | ---- | M] (Realtek) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RTL2832U_IRHID.sys -- (RTL2832U_IRHID) DRV - [2012.01.09 12:49:12 | 000,033,536 | ---- | M] (REALTEK SEMICONDUCTOR Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RTL2832UUSB.sys -- (RTL2832UUSB) DRV - [2012.01.09 12:49:10 | 000,189,184 | ---- | M] (REALTEK SEMICONDUCTOR Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RTL2832UBDA.sys -- (RTL2832UBDA) DRV - [2011.10.11 16:00:01 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr) DRV - [2011.05.10 08:06:14 | 000,018,432 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netaapl.sys -- (Netaapl) DRV - [2010.06.17 16:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2010.03.25 19:09:38 | 000,113,664 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbnet.sys -- (ewusbnet) DRV - [2010.03.25 19:09:38 | 000,103,168 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard) DRV - [2010.03.25 19:09:38 | 000,101,120 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbfake.sys -- (hwusbfake) DRV - [2009.04.27 15:15:04 | 000,009,216 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\massfilter.sys -- (massfilter) DRV - [2009.03.25 17:48:00 | 000,114,728 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018mdm.sys -- (s1018mdm) DRV - [2009.03.25 17:48:00 | 000,109,864 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018unic.sys -- (s1018unic) DRV - [2009.03.25 17:48:00 | 000,106,208 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018mgmt.sys -- (s1018mgmt) DRV - [2009.03.25 17:48:00 | 000,104,744 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018obex.sys -- (s1018obex) DRV - [2009.03.25 17:48:00 | 000,086,824 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018bus.sys -- (s1018bus) DRV - [2009.03.25 17:48:00 | 000,026,024 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018nd5.sys -- (s1018nd5) DRV - [2009.03.25 17:48:00 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018mdfl.sys -- (s1018mdfl) DRV - [2008.06.18 17:49:16 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BVRPMPR5.SYS -- (BVRPMPR5) DRV - [2008.05.16 11:33:14 | 000,115,752 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016unic.sys -- (s0016unic) DRV - [2008.05.16 11:33:14 | 000,025,512 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016nd5.sys -- (s0016nd5) DRV - [2008.05.16 11:33:14 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016mdfl.sys -- (s0016mdfl) DRV - [2008.05.16 11:33:12 | 000,120,744 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016mdm.sys -- (s0016mdm) DRV - [2008.05.16 11:33:12 | 000,114,216 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016mgmt.sys -- (s0016mgmt) DRV - [2008.05.16 11:33:12 | 000,110,632 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016obex.sys -- (s0016obex) DRV - [2008.05.16 11:33:12 | 000,089,256 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016bus.sys -- (s0016bus) DRV - [2007.10.25 02:04:01 | 000,776,704 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\athr.sys -- (athr) DRV - [2007.09.19 14:38:18 | 000,010,216 | ---- | M] (Sony Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\DMICall.sys -- (DMICall) DRV - [2007.09.19 05:29:09 | 002,222,080 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) DRV - [2007.08.29 03:58:45 | 000,009,344 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SFEP.sys -- (SFEP) DRV - [2007.06.10 02:12:18 | 000,140,800 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService) DRV - [2007.06.06 02:00:39 | 000,812,544 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ti21sony.sys -- (ti21sony) DRV - [2007.04.17 21:09:28 | 000,011,032 | ---- | M] (InterVideo) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\regi.sys -- (regi) DRV - [2007.02.13 20:06:36 | 000,128,104 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\WimFltr.sys -- (WimFltr) DRV - [2006.11.02 09:30:54 | 001,781,760 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) DRV - [2004.04.26 23:31:04 | 000,474,304 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvcd.sys -- (QCDonner) DRV - [2000.02.03 21:53:12 | 000,024,608 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\Ckldrv.sys -- (NetworkX) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{B6BC3804-A54A-4D3C-94D2-A09AB9D1AD6F}: "URL" = hxxp://www.google.de/search?hl=de&q={searchTerms}&meta= IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1433685974-1778743318-4094590983-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = C:\Users\Markus Wester\Desktop IE - HKU\S-1-5-21-1433685974-1778743318-4094590983-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google IE - HKU\S-1-5-21-1433685974-1778743318-4094590983-1003\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKU\S-1-5-21-1433685974-1778743318-4094590983-1003\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-1433685974-1778743318-4094590983-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\S-1-5-21-1433685974-1778743318-4094590983-1003\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\S-1-5-21-1433685974-1778743318-4094590983-1003\..\SearchScopes\{6C15FAAF-7DB7-4EE8-B17F-63CF5C42A625}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-1433685974-1778743318-4094590983-1003\..\SearchScopes\{B6BC3804-A54A-4D3C-94D2-A09AB9D1AD6F}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGLL_de IE - HKU\S-1-5-21-1433685974-1778743318-4094590983-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1433685974-1778743318-4094590983-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..extensions.enabledAddons: %7BACAA314B-EEBA-48e4-AD47-84E31C44796C%7D:1.0.10 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2 FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:2.7.2.0 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: ff-bmboc@bytemobile.com:4.2.2 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..network.proxy.no_proxies_on: "*.local" FF - prefs.js..browser.startup.homepage: FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011.12.16 16:33:03 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.05.26 10:46:58 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.05.26 10:46:58 | 000,000,000 | ---D | M] [2009.11.18 01:57:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Markus Wester\AppData\Roaming\mozilla\Extensions [2013.06.13 23:35:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Markus Wester\AppData\Roaming\mozilla\Firefox\Profiles\iftac3se.default\extensions [2010.05.28 23:13:33 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Markus Wester\AppData\Roaming\mozilla\Firefox\Profiles\iftac3se.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2013.04.01 19:38:56 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions File not found (No name found) -- C:\USERS\MARKUS WESTER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IFTAC3SE.DEFAULT\EXTENSIONS\{ACAA314B-EEBA-48E4-AD47-84E31C44796C} [2013.03.07 16:30:04 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2013.03.07 17:45:15 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2013.03.07 17:45:15 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2013.03.07 17:45:15 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2013.03.07 17:45:15 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2013.03.07 17:45:15 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2013.03.07 17:45:15 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - default_search_provider: () CHR - default_search_provider: search_url = CHR - default_search_provider: suggest_url = CHR - homepage: Google O1 HOSTS File: ([2013.03.24 22:41:56 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programme\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2 - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Programme\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.) O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Programme\Google BAE\BAE.dll (Your Company Name) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Programme\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.) O3 - HKLM\..\Toolbar: (TerraTec Home Cinema) - {AD6E6555-FB2C-47D4-8339-3E2965509877} - C:\Programme\TerraTec\TerraTec Home Cinema\ThcDeskBand.dll (TerraTec Electronic GmbH) O3 - HKU\S-1-5-21-1433685974-1778743318-4094590983-1003\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found. O3 - HKU\S-1-5-21-1433685974-1778743318-4094590983-1003\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found. O3 - HKU\S-1-5-21-1433685974-1778743318-4094590983-1003\..\Toolbar\WebBrowser: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No CLSID value found. O4 - HKLM..\Run: [Apoint] C:\Programme\Apoint\Apoint.exe (Alps Electric Co., Ltd.) O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [DVBLink MediaCenter Launcher] C:\Programme\DVBLogic\DVBLink\addons\connect_server\dvblink_mc_launcher.exe (DVBLogic) O4 - HKU\S-1-5-21-1433685974-1778743318-4094590983-1003..\Run: [NSUFloatingUI] C:\Program Files\Sony\Network Utility\LANUtil.exe (Sony Corporation) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-1433685974-1778743318-4094590983-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-1433685974-1778743318-4094590983-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-1433685974-1778743318-4094590983-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.) O8 - Extra context menu item: Free YouTube Download - C:\Programme\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm () O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Programme\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm () O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html File not found O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Save YouTube Video - res://C:\Program Files\Common Files\DVDVideoSoft\Dll\IEContextMenuY.dll/scriptY2MP4.htm File not found O9 - Extra Button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{14A7AC6E-184D-420A-8521-26E50DFAB121}: DhcpNameServer = 192.168.34.254 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4165FF16-3A47-48F7-86CD-6157C9869565}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{61D1D401-7AA3-436F-9B49-DB8CA17F8349}: DhcpNameServer = 10.111.81.129 10.129.32.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{99C3A7CB-3A38-4D63-8F7A-E6F11D6A7F10}: DhcpNameServer = 10.74.210.210 10.74.210.211 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C80BAF53-83DE-444E-84E2-497792622D88}: DhcpNameServer = 139.7.30.125 139.7.30.126 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D60701BC-F42B-4E2C-A980-50CFE908DF80}: DhcpNameServer = 139.7.30.125 139.7.30.126 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EB84E87D-78F5-49D9-9F10-F1E56A98C93F}: DhcpNameServer = 139.7.30.125 139.7.30.126 O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.dll File not found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.dll File not found O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Programme\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\VESWinlogon: DllName - (VESWinlogon.dll) - C:\Windows\System32\VESWinlogon.dll (Sony Corporation) O24 - Desktop WallPaper: C:\Users\Markus Wester\Pictures\Iphone\Jasmina\IMG_2488.jpg O24 - Desktop BackupWallPaper: C:\Users\Markus Wester\Pictures\Iphone\Jasmina\IMG_2488.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2013.06.12 23:27:40 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Markus Wester\Desktop\OTL.exe [2013.06.12 00:40:18 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DVDVideoSoft [2013.06.11 15:57:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2013.06.11 15:55:57 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2013.06.11 15:55:54 | 000,000,000 | ---D | C] -- C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1 [2013.05.26 10:46:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime [2013.05.26 10:45:38 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime [2013.05.26 10:33:45 | 000,000,000 | ---D | C] -- C:\Users\Markus Wester\Desktop\Neue Musik [2013.05.19 10:01:25 | 000,000,000 | ---D | C] -- C:\Program Files\DVBLogic [2013.05.19 10:01:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVBLink [2013.05.18 16:11:52 | 000,000,000 | ---D | C] -- C:\ProgramData\DVBLogic [2013.05.18 16:08:58 | 000,000,000 | ---D | C] -- C:\ProgramData\TerraTec [2013.05.18 16:07:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TerraTec [2013.05.18 16:07:35 | 000,000,000 | ---D | C] -- C:\Program Files\TerraTec [2013.05.18 16:07:13 | 000,000,000 | ---D | C] -- C:\Users\Markus Wester\AppData\Roaming\TerraTec [2013.05.18 16:00:49 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\TerraTec ========== Files - Modified Within 30 Days ========== [2013.06.13 23:56:15 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.06.13 23:55:28 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.06.13 23:53:39 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.06.13 23:50:28 | 000,003,568 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2013.06.13 23:50:27 | 000,003,568 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2013.06.13 23:50:21 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.06.13 23:36:09 | 000,000,195 | ---- | M] () -- C:\Windows\DeleteOnReboot.bat [2013.06.13 23:34:22 | 000,648,201 | ---- | M] () -- C:\Users\Markus Wester\Desktop\adwcleaner.exe [2013.06.12 23:27:46 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Markus Wester\Desktop\OTL.exe [2013.06.12 02:58:31 | 006,354,023 | ---- | M] () -- C:\Users\Markus Wester\Desktop\Macklemore - Can't Hold Us.mp3 [2013.06.12 02:58:02 | 006,102,621 | ---- | M] () -- C:\Users\Markus Wester\Desktop\Passenger - Let Her Go.mp3 [2013.06.12 02:57:33 | 005,031,182 | ---- | M] () -- C:\Users\Markus Wester\Desktop\Gossip - Move in the right direction.mp3 [2013.06.12 02:57:09 | 005,037,452 | ---- | M] () -- C:\Users\Markus Wester\Desktop\Culture Beat - Mr. Vain (2002).mp3 [2013.06.12 02:56:40 | 005,695,110 | ---- | M] () -- C:\Users\Markus Wester\Desktop\Culture Beat - Mr. Vain.mp3 [2013.06.12 02:56:00 | 005,713,919 | ---- | M] () -- C:\Users\Markus Wester\Desktop\Whigfield - Saturday Night.mp3 [2013.06.12 02:55:09 | 005,513,298 | ---- | M] () -- C:\Users\Markus Wester\Desktop\Dr. Alban - It's My Life.mp3 [2013.06.12 02:54:39 | 005,488,848 | ---- | M] () -- C:\Users\Markus Wester\Desktop\Snap - Rhythm is a dancer.mp3 [2013.06.12 02:54:11 | 005,650,598 | ---- | M] () -- C:\Users\Markus Wester\Desktop\CHER - Believe (1998).mp3 [2013.06.12 02:53:38 | 004,717,086 | ---- | M] () -- C:\Users\Markus Wester\Desktop\SNAP - Rhythm Is A Dancer (2003 Remix).mp3 [2013.06.12 02:53:15 | 004,358,477 | ---- | M] () -- C:\Users\Markus Wester\Desktop\The Frank Popp Ensemble - Hip Teens (don't wear blue jeans).mp3 [2013.06.12 02:52:57 | 004,347,819 | ---- | M] () -- C:\Users\Markus Wester\Desktop\Loona - Vamos A La Playa.mp3 [2013.06.12 02:52:35 | 005,206,098 | ---- | M] () -- C:\Users\Markus Wester\Desktop\Loona - Bailando.mp3 [2013.06.12 02:52:06 | 005,097,011 | ---- | M] () -- C:\Users\Markus Wester\Desktop\Seeed Augenbling.mp3 [2013.06.12 02:51:37 | 005,753,416 | ---- | M] () -- C:\Users\Markus Wester\Desktop\Seeed - Dickes B.mp3 [2013.06.12 01:30:15 | 005,412,988 | ---- | M] () -- C:\Users\Markus Wester\Desktop\Mischa Daniels & Tara McDonald - Beats For You.mp3 [2013.06.12 01:29:51 | 005,181,648 | ---- | M] () -- C:\Users\Markus Wester\Desktop\David Guetta ft. Akon & Ne-Yo - Play Hard.mp3 [2013.06.12 01:29:20 | 005,029,928 | ---- | M] () -- C:\Users\Markus Wester\Desktop\Juli - elektrisches Gefühl.mp3 [2013.06.12 01:28:57 | 005,448,724 | ---- | M] () -- C:\Users\Markus Wester\Desktop\Lykke Li - I Follow Rivers ( Lyrics).mp3 [2013.06.12 01:28:34 | 006,491,950 | ---- | M] () -- C:\Users\Markus Wester\Desktop\Peter Maffay.......Uber Sieben Brucken Must Du Gehn.mp3 [2013.06.12 01:27:59 | 008,805,354 | ---- | M] () -- C:\Users\Markus Wester\Desktop\Jive Bunny and the Mastermixers - Swing the Mood.mp3 [2013.06.12 01:27:09 | 006,130,206 | ---- | M] () -- C:\Users\Markus Wester\Desktop\Christian Anders - Ruby 2010 (3select Rmx).mp3 [2013.06.12 01:26:39 | 005,352,175 | ---- | M] () -- C:\Users\Markus Wester\Desktop\Remady ft. Manu-L & J-Son - Single Ladies (2012).mp3 [2013.06.11 21:39:52 | 002,079,917 | ---- | M] () -- C:\Users\Markus Wester\Desktop\Foto.jpg [2013.06.11 15:57:07 | 000,001,670 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk [2013.05.26 22:30:07 | 000,686,620 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2013.05.26 22:30:07 | 000,643,612 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2013.05.26 22:30:07 | 000,150,694 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2013.05.26 22:30:07 | 000,122,500 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2013.05.25 17:56:35 | 000,098,206 | ---- | M] () -- C:\Users\Markus Wester\Desktop\Adac.pdf [2013.05.25 17:54:26 | 000,037,280 | ---- | M] () -- C:\Users\Markus Wester\Desktop\__www.adac.de_kontakt_pannenhilfe_default.aspx_ComponentI.pdf [2013.05.21 21:26:28 | 000,004,204 | ---- | M] () -- C:\Users\Markus Wester\Desktop\Übersicht Markus Wester 2013.pdf [2013.05.18 16:07:36 | 000,000,799 | ---- | M] () -- C:\Users\Public\Desktop\TerraTec Home Cinema.lnk [2013.05.16 21:27:26 | 000,430,296 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT ========== Files Created - No Company Name ========== [2013.06.13 23:34:22 | 000,648,201 | ---- | C] () -- C:\Users\Markus Wester\Desktop\adwcleaner.exe [2013.06.12 02:58:03 | 006,354,023 | ---- | C] () -- C:\Users\Markus Wester\Desktop\Macklemore - Can't Hold Us.mp3 [2013.06.12 02:57:33 | 006,102,621 | ---- | C] () -- C:\Users\Markus Wester\Desktop\Passenger - Let Her Go.mp3 [2013.06.12 02:57:10 | 005,031,182 | ---- | C] () -- C:\Users\Markus Wester\Desktop\Gossip - Move in the right direction.mp3 [2013.06.12 02:56:43 | 005,037,452 | ---- | C] () -- C:\Users\Markus Wester\Desktop\Culture Beat - Mr. Vain (2002).mp3 [2013.06.12 02:56:07 | 005,695,110 | ---- | C] () -- C:\Users\Markus Wester\Desktop\Culture Beat - Mr. Vain.mp3 [2013.06.12 02:55:26 | 005,713,919 | ---- | C] () -- C:\Users\Markus Wester\Desktop\Whigfield - Saturday Night.mp3 [2013.06.12 02:54:40 | 005,513,298 | ---- | C] () -- C:\Users\Markus Wester\Desktop\Dr. Alban - It's My Life.mp3 [2013.06.12 02:54:12 | 005,488,848 | ---- | C] () -- C:\Users\Markus Wester\Desktop\Snap - Rhythm is a dancer.mp3 [2013.06.12 02:53:39 | 005,650,598 | ---- | C] () -- C:\Users\Markus Wester\Desktop\CHER - Believe (1998).mp3 [2013.06.12 02:53:16 | 004,717,086 | ---- | C] () -- C:\Users\Markus Wester\Desktop\SNAP - Rhythm Is A Dancer (2003 Remix).mp3 [2013.06.12 02:52:58 | 004,358,477 | ---- | C] () -- C:\Users\Markus Wester\Desktop\The Frank Popp Ensemble - Hip Teens (don't wear blue jeans).mp3 [2013.06.12 02:52:36 | 004,347,819 | ---- | C] () -- C:\Users\Markus Wester\Desktop\Loona - Vamos A La Playa.mp3 [2013.06.12 02:52:11 | 005,206,098 | ---- | C] () -- C:\Users\Markus Wester\Desktop\Loona - Bailando.mp3 [2013.06.12 02:51:39 | 005,097,011 | ---- | C] () -- C:\Users\Markus Wester\Desktop\Seeed Augenbling.mp3 [2013.06.12 02:51:08 | 005,753,416 | ---- | C] () -- C:\Users\Markus Wester\Desktop\Seeed - Dickes B.mp3 [2013.06.12 01:29:51 | 005,412,988 | ---- | C] () -- C:\Users\Markus Wester\Desktop\Mischa Daniels & Tara McDonald - Beats For You.mp3 [2013.06.12 01:29:21 | 005,181,648 | ---- | C] () -- C:\Users\Markus Wester\Desktop\David Guetta ft. Akon & Ne-Yo - Play Hard.mp3 [2013.06.12 01:28:58 | 005,029,928 | ---- | C] () -- C:\Users\Markus Wester\Desktop\Juli - elektrisches Gefühl.mp3 [2013.06.12 01:28:35 | 005,448,724 | ---- | C] () -- C:\Users\Markus Wester\Desktop\Lykke Li - I Follow Rivers ( Lyrics).mp3 [2013.06.12 01:28:00 | 006,491,950 | ---- | C] () -- C:\Users\Markus Wester\Desktop\Peter Maffay.......Uber Sieben Brucken Must Du Gehn.mp3 [2013.06.12 01:27:10 | 008,805,354 | ---- | C] () -- C:\Users\Markus Wester\Desktop\Jive Bunny and the Mastermixers - Swing the Mood.mp3 [2013.06.12 01:26:42 | 006,130,206 | ---- | C] () -- C:\Users\Markus Wester\Desktop\Christian Anders - Ruby 2010 (3select Rmx).mp3 [2013.06.12 01:26:12 | 005,352,175 | ---- | C] () -- C:\Users\Markus Wester\Desktop\Remady ft. Manu-L & J-Son - Single Ladies (2012).mp3 [2013.06.11 22:21:52 | 000,000,982 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Update.lnk [2013.06.11 21:39:59 | 002,079,917 | ---- | C] () -- C:\Users\Markus Wester\Desktop\Foto.jpg [2013.06.11 15:57:07 | 000,001,670 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk [2013.05.25 17:56:35 | 000,098,206 | ---- | C] () -- C:\Users\Markus Wester\Desktop\Adac.pdf [2013.05.25 17:54:23 | 000,037,280 | ---- | C] () -- C:\Users\Markus Wester\Desktop\__www.adac.de_kontakt_pannenhilfe_default.aspx_ComponentI.pdf [2013.05.18 16:07:36 | 000,000,799 | ---- | C] () -- C:\Users\Public\Desktop\TerraTec Home Cinema.lnk [2013.02.19 21:24:01 | 000,009,190 | ---- | C] () -- C:\Windows\hpdj3500.ini [2011.08.02 11:48:43 | 000,004,096 | ---- | C] () -- C:\Users\Markus Wester\AppData\Local\keyfile3.drm [2011.07.05 16:40:35 | 000,027,872 | ---- | C] () -- C:\Users\Markus Wester\AppData\Roaming\UserTile.png [2011.03.10 20:43:59 | 000,102,983 | ---- | C] () -- C:\Users\Markus Wester\rechnung Februar.pdf [2010.02.04 23:07:05 | 000,019,801 | ---- | C] () -- C:\Users\Markus Wester\Muster.elfo [2009.12.25 22:21:50 | 000,000,056 | ---- | C] () -- C:\ProgramData\ezsidmv.dat [2009.01.20 18:55:08 | 000,000,098 | ---- | C] () -- C:\Users\Markus Wester\AppData\Local\eqwigqw.bat [2008.07.09 01:04:18 | 000,001,024 | ---- | C] () -- C:\Users\Markus Wester\.rnd [2008.06.08 17:30:56 | 000,000,100 | ---- | C] () -- C:\Users\Markus Wester\AppData\Local\qlvqa.bat [2008.04.13 13:30:28 | 000,000,085 | -HS- | C] () -- C:\ProgramData\.zreglib [2008.03.23 15:39:17 | 000,000,305 | ---- | C] () -- C:\ProgramData\addr_file.html [2008.03.19 16:47:17 | 000,177,152 | ---- | C] () -- C:\Users\Markus Wester\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008.03.19 16:47:17 | 000,006,324 | ---- | C] () -- C:\Users\Markus Wester\AppData\Local\d3d9caps.dat ========== ZeroAccess Check ========== [2006.11.02 14:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 19:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 08:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 08:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2011.10.31 13:49:37 | 000,000,000 | ---D | M] -- C:\Users\Jasmina\AppData\Roaming\Vodafone [2011.11.26 11:42:21 | 000,000,000 | ---D | M] -- C:\Users\Markus Wester\AppData\Roaming\Avolites [2008.09.02 00:42:18 | 000,000,000 | ---D | M] -- C:\Users\Markus Wester\AppData\Roaming\Azureus [2010.12.11 13:16:17 | 000,000,000 | ---D | M] -- C:\Users\Markus Wester\AppData\Roaming\Bytemobile [2008.03.26 18:32:48 | 000,000,000 | ---D | M] -- C:\Users\Markus Wester\AppData\Roaming\CDBurnerXP_Soft [2008.04.01 20:04:53 | 000,000,000 | ---D | M] -- C:\Users\Markus Wester\AppData\Roaming\DeepBurner [2013.06.12 00:40:18 | 000,000,000 | ---D | M] -- C:\Users\Markus Wester\AppData\Roaming\DVDVideoSoft [2011.12.14 12:57:24 | 000,000,000 | ---D | M] -- C:\Users\Markus Wester\AppData\Roaming\elsterformular [2012.02.10 00:34:03 | 000,000,000 | ---D | M] -- C:\Users\Markus Wester\AppData\Roaming\Epson [2009.09.05 19:33:55 | 000,000,000 | ---D | M] -- C:\Users\Markus Wester\AppData\Roaming\GetRightToGo [2013.02.13 02:58:16 | 000,000,000 | ---D | M] -- C:\Users\Markus Wester\AppData\Roaming\GoforFiles [2012.10.04 23:55:05 | 000,000,000 | ---D | M] -- C:\Users\Markus Wester\AppData\Roaming\ICQ [2011.09.27 13:16:54 | 000,000,000 | ---D | M] -- C:\Users\Markus Wester\AppData\Roaming\Image Zone Express [2008.03.19 20:28:59 | 000,000,000 | ---D | M] -- C:\Users\Markus Wester\AppData\Roaming\InterVideo [2008.05.06 23:21:18 | 000,000,000 | ---D | M] -- C:\Users\Markus Wester\AppData\Roaming\iScreensaver [2009.09.25 01:27:15 | 000,000,000 | ---D | M] -- C:\Users\Markus Wester\AppData\Roaming\OpenOffice.org [2010.01.07 23:37:13 | 000,000,000 | ---D | M] -- C:\Users\Markus Wester\AppData\Roaming\Opera [2010.10.23 20:23:32 | 000,000,000 | ---D | M] -- C:\Users\Markus Wester\AppData\Roaming\Printer Info Cache [2013.02.13 03:06:23 | 000,000,000 | ---D | M] -- C:\Users\Markus Wester\AppData\Roaming\Software Informer [2010.03.30 16:35:57 | 000,000,000 | ---D | M] -- C:\Users\Markus Wester\AppData\Roaming\TeamViewer [2011.09.28 01:33:56 | 000,000,000 | ---D | M] -- C:\Users\Markus Wester\AppData\Roaming\temp [2013.05.18 16:07:13 | 000,000,000 | ---D | M] -- C:\Users\Markus Wester\AppData\Roaming\TerraTec [2010.12.12 15:54:28 | 000,000,000 | ---D | M] -- C:\Users\Markus Wester\AppData\Roaming\Vodafone [2010.12.12 16:19:45 | 000,000,000 | ---D | M] -- C:\Users\Markus Wester\AppData\Roaming\Vodafone Mobile Broadband [2010.12.11 13:20:47 | 000,000,000 | ---D | M] -- C:\Users\Markus Wester\AppData\Roaming\Vodafone Mobile Connect ========== Purity Check ========== ========== Files - Unicode (All) ========== [2008.04.04 14:03:52 | 000,000,000 | ---D | M](C:\Windows\System32\?æ?æ?æ?æ?æ?æ) -- C:\Windows\System32\ææææææ [2008.04.04 14:03:52 | 000,000,000 | ---D | C](C:\Windows\System32\?æ?æ?æ?æ?æ?æ) -- C:\Windows\System32\ææææææ ========== Alternate Data Streams ========== @Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:34E543D7 < End of report > |
|
14.06.2013, 12:32
| #20 |
| /// TB-Ausbilder | GUV Trojaner Hi, wie ist die Situation jetzt? Unverändert?
__________________ cheers, Leo |
|
15.06.2013, 10:54
| #21 |
| | GUV Trojaner also die ddl could not be opened meldung ist weg. Nur dieses Fenster öffnet sich immer noch mit diesen pfad nach autoruns. |
|
18.06.2013, 00:11
| #22 |
| /// TB-Ausbilder | GUV Trojaner Kannst du bitte einen Screenshot von diesem Fenster machen und hier einfügen?
__________________ cheers, Leo |
|
18.06.2013, 22:01
| #23 |
| | GUV Trojaner [IMG]  [/IMG] |
|
18.06.2013, 22:17
| #24 |
| /// TB-Ausbilder | GUV Trojaner Also das ist sicher harmlos. Aber vielleicht finden wir ja den Verursacher: Lade SystemLook (von jpshortstuff) herunter und speichere das Tool auf dem Desktop.
__________________ cheers, Leo |
|
18.06.2013, 23:50
| #25 |
| | GUV Trojaner SystemLook 30.07.11 by jpshortstuff Log created at 00:20 on 19/06/2013 by Markus Wester Administrator - Elevation successful ========== filefind ========== Searching for "*AutorunsDisabled*" No files found. Searching for "*Autoruns*" No files found. ========== folderfind ========== Searching for "*AutorunsDisabled*" C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled d------ [14:46 28/08/2012] C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled d------ [14:46 28/08/2012] Searching for "*Autoruns*" C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled d------ [14:46 28/08/2012] C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled d------ [14:46 28/08/2012] ========== regfind ========== Searching for "AutorunsDisabled" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\AutorunsDisabled] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\AutorunsDisabled] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\AutorunsDisabled] [HKEY_USERS\S-1-5-21-1433685974-1778743318-4094590983-1003\Software\Microsoft\Windows\CurrentVersion\Run\AutorunsDisabled] Searching for "Autoruns" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\AutorunsDisabled] [HKEY_CURRENT_USER\Software\Sysinternals\AutoRuns] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\AutorunsDisabled] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\AutorunsDisabled] [HKEY_USERS\S-1-5-21-1433685974-1778743318-4094590983-1003\Software\Microsoft\Windows\CurrentVersion\Run\AutorunsDisabled] [HKEY_USERS\S-1-5-21-1433685974-1778743318-4094590983-1003\Software\Sysinternals\AutoRuns] -= EOF =- |
|
19.06.2013, 01:10
| #26 |
| /// TB-Ausbilder | GUV Trojaner
Code:
ATTFilter :files
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled
reg query "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\AutorunsDisabled" /s /c
reg query "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\AutorunsDisabled" /s /c
reg query "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\AutorunsDisabled" /s /c
__________________ cheers, Leo |
|
25.06.2013, 20:35
| #27 |
| /// TB-Ausbilder | GUV Trojaner Hi, ich hab schon länger keine Antwort mehr von dir erhalten. Brauchst du weiterhin noch Hilfe? Wenn ich in den nächsten 24 Stunden nichts von dir höre, gehe ich davon aus, dass sich das Thema erledigt hat und lösche es aus meinen Abos.
__________________ cheers, Leo |
|
26.06.2013, 00:31
| #28 |
| | GUV Trojaner ========== FILES ========== C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled folder moved successfully. < reg query "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\AutorunsDisabled" /s /c > HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\AutorunsDisabled WindowsUpdateManager REG_SZ C:\Users\Public\winsvcn.exe Windows Control Manager REG_SZ C:\Users\Public\winvsn.exe MobileDocuments REG_SZ C:\Program Files\Common Files\Apple\Internet Services\ubd.exe ehTray.exe REG_SZ C:\Windows\ehome\ehTray.exe C:\Users\Markus Wester\Desktop\cmd.bat deleted successfully. C:\Users\Markus Wester\Desktop\cmd.txt deleted successfully. < reg query "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\AutorunsDisabled" /s /c > HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\AutorunsDisabled\{71BFC818-0CED-42D6-9C87-5142918957EE} ButtonText REG_SZ ICQ7.1 MenuText REG_SZ ICQ7.1 Default Visible REG_SZ YES Exec REG_SZ C:\Program Files\ICQ7.1\ICQ.exe Icon REG_SZ ,1040 HotIcon REG_SZ ,1040 clsid REG_SZ {1FBA04EE-3024-11d2-8F1F-0000F87ABD16} C:\Users\Markus Wester\Desktop\cmd.bat deleted successfully. C:\Users\Markus Wester\Desktop\cmd.txt deleted successfully. < reg query "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\AutorunsDisabled" /s /c > HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\AutorunsDisabled WinampAgent REG_SZ "C:\Program Files\Winamp\winampa.exe" QuickTime Task REG_SZ "C:\Program Files\QuickTime\QTTask.exe" -atboottime MobileBroadband REG_SZ C:\Program Files\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe /silent MarketingTools REG_SZ C:\Program Files\Sony\Marketing Tools\MarketingTools.exe iTunesHelper REG_SZ "C:\Program Files\iTunes\iTunesHelper.exe" ISBMgr.exe REG_SZ "C:\Program Files\Sony\ISB Utility\ISBMgr.exe" HP Software Update REG_SZ C:\Program Files\HP\HP Software Update\HPWuSchd2.exe DivXUpdate REG_SZ "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW APSDaemon REG_SZ "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" AppleSyncNotifier REG_SZ C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe Adobe Reader Speed Launcher REG_SZ "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" Adobe ARM REG_SZ "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" C:\Users\Markus Wester\Desktop\cmd.bat deleted successfully. C:\Users\Markus Wester\Desktop\cmd.txt deleted successfully. OTL by OldTimer - Version 3.2.69.0 log created on 06262013_013113 sorry bin leider viel arbeiten |
|
26.06.2013, 00:45
| #29 |
| /// TB-Ausbilder | GUV Trojaner Öffnet sich dieses Explorer-Fenster jetzt immer noch, wenn du den Rechner startest?
__________________ cheers, Leo |
|
26.06.2013, 20:57
| #30 |
| | GUV Trojaner hallo, nein öffnet sich nicht mehr. Danke vielmals ihr seit einfach die besten |
|
| Themen zu GUV Trojaner |
| adware.egdaccess, antivir, appdata, avg, avira, boot, c:\windows, defender, desktop, explorer.exe, microsoft, rechner, roaming, rundll, rundll32.exe, shell, sidebar, system, system32, trojaner, vista, win32/kryptik.axpj, windows, winlogon |
Textbox.
Linear-Darstellung
