| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: GUV TrojanerWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
22.03.2013, 02:13
| #1 |
 |  GUV Trojaner Hallo, mich hat der GuV Trojaner auch erwischt auf einer Kinofilm seite. habe srep ausgeführt und da steht folgendes: WIN_VISTA X86 Service Pack 2 Running from L:\ HKLM\..\Winlogon; Shell = explorer.exe [ Microsoft Corporation ] . . . HKCU\..\Winlogon; Shell not found . [System Process] System smss.exe csrss.exe csrss.exe wininit.exe winlogon.exe services.exe lsass.exe lsm.exe svchost.exe svchost.exe svchost.exe svchost.exe svchost.exe svchost.exe svchost.exe cmd.exe srep.exe HKLM\..\Run [Windows Defender] = %ProgramFiles%\Windows Defender\MSASCui.exe -hide HKLM\..\Run [Apoint] = C:\Program Files\Apoint\Apoint.exe HKLM\..\Run [IgfxTray] = C:\Windows\system32\igfxtray.exe HKLM\..\Run [HotKeysCmds] = C:\Windows\system32\hkcmd.exe HKLM\..\Run [Persistence] = C:\Windows\system32\igfxpers.exe HKLM\..\Run [avgnt] = "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min HKLM\..\Run [APSDaemon] = "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" HKLM\..\Run [QuickTime Task] = "C:\Program Files\QuickTime\QTTask.exe" -atboottime HKLM\..\Run [iTunesHelper] = "C:\Program Files\iTunes\iTunesHelper.exe" HKCU\..\Run [NSUFloatingUI] = "C:\Program Files\Sony\Network Utility\LANUtil.exe" HKCU\..\Run [Sidebar] = C:\Program Files\Windows Sidebar\sidebar.exe /autoRun HKU\.DEFAULT\..\Winlogon; Shell = HKU\S-1-5-19\..\Winlogon; Shell = HKU\S-1-5-20\..\Winlogon; Shell = HKU\S-1-5-21-1433685974-1778743318-4094590983-1003\..\Winlogon; Shell = explorer.exe,C:\Users\Markus Wester\AppData\Roaming\skype.dat HKU\S-1-5-21-1433685974-1778743318-4094590983-1003_Classes\..\Winlogon; Shell = HKU\S-1-5-18\..\Winlogon; Shell = HKU\S-1-5-19\..\Run [Sidebar] = %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem HKU\S-1-5-19\..\Run [WindowsWelcomeCenter] = rundll32.exe oobefldr.dll,ShowWelcomeCenter HKU\S-1-5-20\..\Run [Sidebar] = %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem HKU\S-1-5-20\..\Run [WindowsWelcomeCenter] = rundll32.exe oobefldr.dll,ShowWelcomeCenter HKU\S-1-5-21-1433685974-1778743318-4094590983-1003\..\Run [NSUFloatingUI] = "C:\Program Files\Sony\Network Utility\LANUtil.exe" HKU\S-1-5-21-1433685974-1778743318-4094590983-1003\..\Run [Sidebar] = C:\Program Files\Windows Sidebar\sidebar.exe /autoRun ==== FINISH 22.03-02.03 ==== wie muss ich jetzt weiter vorgehen das ich meinen Rechner wieder nutzen kann. Gruß Markus |
|
22.03.2013, 03:56
| #2 |
| /// TB-Ausbilder   | GUV Trojaner Hallo Markus,
__________________Drücke bitte die  + R Taste und schreibe notepad in das Ausführen Fenster.Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter C:\Users\Markus Wester\AppData\Roaming\skype.dat
C:\Users\Markus Wester\AppData\Roaming\skype.ini
Starte deinen Rechner bitte erneut in den Abgesicherten Modus mit Eingabeaufforderung. Schließe deinen USB Stick erneut an den Infizierten Rechner. Bitte nutze den selben USB Steckplatz wie beim Scan
Schau dann bitte, ob du nun wieder auf den Infizierten Rechner zugreifen kannst, und teile mir das mit.
__________________ |
|
22.03.2013, 21:42
| #3 |
| | GUV Trojaner also schonmal vielen dank aharonov kann jetzt mein Rechner wieder zugreifen.
__________________Gehe ich jetzt richtig in der Annahme am besten Skype mal komplett zu deinstallieren? weil der Trojaner ist ja immer noch auf meinen Rechner. Gruß Markus |
|
22.03.2013, 21:48
| #4 | |
| /// TB-Ausbilder | GUV Trojaner Hallo Markus, Zitat:
Aber jetzt, wo du wieder zugreifen kannst, sollten wir noch einen Blick in dein System werfen, ob da sonst noch etwas ist: Schritt 1 Downloade dir bitte defogger (von jpshortstuff) auf deinen Desktop.
Schritt 2 Lade dir Gmer herunter (auf den Button Download EXE drücken) und speichere das Programm auf den Desktop.
Schritt 3 Lade dir bitte OTL (von Oldtimer) herunter und speichere es auf deinen Desktop.
Bitte poste in deiner nächsten Antwort:
__________________ cheers, Leo |
|
24.03.2013, 20:54
| #5 |
| | GUV Trojaner hi, also ein problem habe ich noch wenn ich den Rechner hochfahre erscheint immer ein Fenster mit dem Text "DLL not found" und in der Taskleiste steht keine Name dazu nur ein Symbol mit nem orangen Kreis und direkt nen Grünen Kreis drüber. Defogger lief durch und OTL auch. Bei GMER beendet Windows das Programm immer beim Scannen mit dem Text GMER funkioniert nicht mehr. Hier die Textdatei zu OTL:OTL EXTRAS Logfile: OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 24.03.2013 20:36:25 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Markus Wester\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1,99 Gb Total Physical Memory | 0,83 Gb Available Physical Memory | 41,71% Memory free
4,22 Gb Paging File | 2,77 Gb Available in Paging File | 65,65% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 139,87 Gb Total Space | 46,30 Gb Free Space | 33,10% Space Free | Partition Type: NTFS
Drive L: | 465,76 Gb Total Space | 397,20 Gb Free Space | 85,28% Space Free | Partition Type: NTFS
Computer Name: MARKUS-LAPTOP | User Name: Markus Wester | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-1433685974-1778743318-4094590983-1003]
"EnableNotificationsRef" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{026B206A-6842-4F45-9D77-A45078D57253}" = lport=139 | protocol=6 | dir=in | app=system |
"{0B38DD35-5CE8-4D35-B212-F2AA038A0EEB}" = lport=445 | protocol=6 | dir=in | app=system |
"{149080F8-8571-4D97-B967-ADAAB5E1A887}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{1DBCE52E-EFCC-406E-A208-8EDB90EDAC74}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{26D06637-6C0C-4F22-B6F5-D5F9DB04CBC2}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{48701019-B2D1-477D-B88D-FFB1847DEE3B}" = rport=138 | protocol=17 | dir=out | app=system |
"{51B0EFA8-6726-456E-90E2-093EFF71DDCC}" = lport=2869 | protocol=6 | dir=in | app=system |
"{5A453BA7-1497-43BC-ADA0-6E5D1C3922A9}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{5EC7440D-0D30-45A1-85C8-844CD0131236}" = lport=137 | protocol=17 | dir=in | app=system |
"{5F680300-7CD9-47E0-A7BA-FE4E48E2AB42}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{6429B0EB-01F6-4543-8C9F-2FA7DF18348C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{74B9183B-582B-4F5C-9F67-E61037585D85}" = lport=2869 | protocol=6 | dir=in | app=system |
"{7D58D6EA-E636-4CD7-9FD4-FE28023D3D07}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{7D74F7F6-F7D4-4CA7-819E-EA71266DA5A6}" = lport=138 | protocol=17 | dir=in | app=system |
"{8A695735-0D50-4077-B01D-AF8561BA7DA7}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{9254CEFE-CB6E-4065-847E-6BA20E457DCA}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{9C0AF538-F6EA-4911-B0F0-1DE0CE576E66}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{B75F515B-D18C-4D2E-8EDE-20262A071699}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{C2B42F54-9CDE-4AA6-960D-A5CC33D654A9}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{CCC90B71-F158-48A2-9316-0087D15A2D85}" = lport=2869 | protocol=6 | dir=in | app=system |
"{CE9DE1BE-6C61-4120-AC1B-D28C4E6F1A35}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{D05AED4D-F344-4C51-A8BD-046D22DA3DD0}" = rport=137 | protocol=17 | dir=out | app=system |
"{F86EFFC0-3352-4187-ACD6-EC98879363D2}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{F9B4D9D4-AA65-41F1-8C83-8E41D2E2EA69}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{FB945A36-67F1-4C89-8DC5-7FBF40901DE9}" = rport=445 | protocol=6 | dir=out | app=system |
"{FF704A58-A475-46DB-A9F2-2E749AFE4191}" = rport=139 | protocol=6 | dir=out | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03A32D70-C67A-4397-8497-39DEFF74F080}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{090BA670-1140-4A65-A75A-D99B2156D7ED}" = protocol=17 | dir=in | app=c:\program files\icq7.1\icq.exe |
"{0A9D9C92-7416-4B33-8F3A-8A807E9F96E9}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{17E75FB7-EC47-48B4-83CF-26C09EC70F24}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{1E3D166D-4AB3-4F36-81FD-9025671DFD5D}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{2A9B24BD-FBB1-467B-854A-C6AE906FCE40}" = protocol=6 | dir=in | app=c:\program files\icq7.1\icq.exe |
"{332991E1-CD45-4FD8-A666-923997D18CC8}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{34B5A2B6-B782-4ECF-A952-B96A5AEF6FEA}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{3593415B-D914-4772-A603-38ED8BEA3D1C}" = protocol=6 | dir=in | app=c:\program files\icq7.1\aolload.exe |
"{3648342A-44CC-475E-81E0-4065ACE36F79}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{3BF3D01E-B7C7-4A71-A3B5-4A7C018A9705}" = protocol=17 | dir=in | app=c:\program files\icq7.1\aolload.exe |
"{4217B96D-811C-411E-926F-4CC97B4F4539}" = protocol=6 | dir=in | app=c:\program files\goforfiles\goforfilesdl.exe |
"{4D7D0E81-F020-4323-BC06-804EAFDBC138}" = protocol=6 | dir=in | app=c:\program files\google\google talk\googletalk.exe |
"{4ECA886B-72C4-4DBF-932E-04EB6EC91F5D}" = protocol=17 | dir=in | app=c:\program files\icq7.1\icq.exe |
"{4F7529D1-F213-43D6-BD0D-57A7830D78B6}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{6062DA68-698B-4F7C-94FF-9F7519264A8E}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{620BF46F-0882-453C-A745-373A4F2BDA79}" = protocol=6 | dir=in | app=c:\program files\icq7.1\icq.exe |
"{62DF44A8-7BF6-4E7A-8CAD-95ADDE719404}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{68F5756E-BD17-45B7-A775-6EB25510E7CB}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{6DBE3175-89AD-4EC6-9A16-658442CD642C}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{6ED2A89B-72EA-4F7C-9AA8-8E8CFF22B714}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{782EF26E-C58B-461D-AE0B-5858FF034009}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{7AFAF51B-1983-4FEC-89E5-3F6BA77FEDE4}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{83F3A636-DC5F-4213-A120-8250B165C0CF}" = protocol=6 | dir=in | app=c:\program files\goforfiles\goforfiles.exe |
"{901CD394-35BA-4048-AEF3-AC5C4FA4D902}" = protocol=17 | dir=in | app=c:\program files\google\google talk\googletalk.exe |
"{91AB3583-7B7F-4A9D-8F82-823EF44E6E61}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{9F8AEDFB-AA1A-45B3-9171-22DFD9EE69F5}" = protocol=17 | dir=in | app=c:\program files\goforfiles\goforfilesdl.exe |
"{A93EBF65-1DA2-42AA-927D-AF8E36D560BD}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{A9461152-E198-4509-B4A6-D492FF6D8663}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{ACABD999-BF8A-4078-812F-2E181A4C903B}" = protocol=6 | dir=in | app=c:\program files\icq7.1\aolload.exe |
"{AFAF9CAC-F6DD-4C4E-8C63-9D2E13B52A37}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{B073A4B6-088B-4075-A5F4-114BA71E3C7D}" = protocol=6 | dir=in | app=f:\network\epsonnetsetup\eneasyapp.exe |
"{B0A54EE6-044B-483A-A837-475A368A4D24}" = protocol=17 | dir=in | app=c:\program files\icq7.1\aolload.exe |
"{B1B11981-7035-4AF3-AFDB-1C6E7161EADA}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{B2BD0CE2-A2F0-403D-91A5-750B6F181997}" = protocol=17 | dir=in | app=c:\program files\icq7.1\icq.exe |
"{B3521047-1C38-4DA9-BC7C-70D1E7D014FE}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{B5FF9984-77F8-4E99-B9EF-83A970366FF3}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{BC66C1CB-F089-4B20-BAAC-E31500A23014}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{BF79A2C9-1A81-4708-AF35-5C7969EF3C8B}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{BF9BFDF9-F8A1-4AE7-85BA-769EF81BA4C8}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{C75B7CFE-9BC5-4C3F-8154-35A4353174F6}" = protocol=17 | dir=in | app=f:\network\epsonnetsetup\eneasyapp.exe |
"{CFC81ED6-EC7E-4A1B-96E7-95BD2912D772}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{D535F660-58AB-4546-9B4C-D93F0439C27F}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{DEA4337B-74E8-4F77-A98E-98690885883C}" = protocol=17 | dir=in | app=c:\program files\goforfiles\goforfiles.exe |
"{E0605177-0B64-48D9-8E28-38997062AA84}" = protocol=6 | dir=in | app=c:\program files\icq7.1\aolload.exe |
"{E0BE19B2-A1E0-4472-B353-1160537C2745}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{E12F1301-542D-4288-B683-C35EB81BE3E4}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{E214BD0F-9390-4271-8928-2537151E0129}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{E975B2B2-349D-4010-BEEC-0CCAFF920DF6}" = protocol=17 | dir=in | app=c:\program files\icq7.1\aolload.exe |
"{ED7A003F-6E65-483E-A032-BBD3EDB5969D}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{F75DEBA6-5A43-40EC-B262-315A763684EB}" = protocol=6 | dir=in | app=c:\program files\icq7.1\icq.exe |
"TCP Query User{10274428-2F70-4101-ADF4-346D1BCC844C}G:\half-life\hl.exe" = protocol=6 | dir=in | app=g:\half-life\hl.exe |
"TCP Query User{113ECB03-E215-4704-95EB-97F9C2DF41BB}G:\spiele\worms2\frontend.exe" = protocol=6 | dir=in | app=g:\spiele\worms2\frontend.exe |
"TCP Query User{214B6FF2-0FED-47CA-90F1-084454FB355B}C:\program files\dolby\dolby lake controller v4.2.1\dolby lake controller.exe" = protocol=6 | dir=in | app=c:\program files\dolby\dolby lake controller v4.2.1\dolby lake controller.exe |
"TCP Query User{3342E648-875D-4641-9315-2787AA18946C}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe |
"TCP Query User{437AB3B8-4E4E-4428-A41F-8E4DE1819968}C:\program files\bearshare\bearshare.exe" = protocol=6 | dir=in | app=c:\program files\bearshare\bearshare.exe |
"TCP Query User{479CB086-11D5-41D4-9FD4-932ECED64789}C:\program files\ma lighting technologies\grandma\grandma2 onpc 2.2.0.13\gma2onpc.exe" = protocol=6 | dir=in | app=c:\program files\ma lighting technologies\grandma\grandma2 onpc 2.2.0.13\gma2onpc.exe |
"TCP Query User{47C7B76B-8EB0-42F8-8615-15EB926E6191}C:\program files\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe |
"TCP Query User{4BA301AA-DA38-4AD5-AD1A-34F356B3B11F}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe |
"TCP Query User{5A33CB0B-EACB-42B7-9CF5-06B6A1CC2808}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{6E7EBC32-C59B-437B-AEDC-6F2FB5446D2A}C:\program files\icq6\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6\icq.exe |
"TCP Query User{7AEFAA0F-0F66-4410-892A-649F88DC0D03}I:\programme\grandma\grandma onpc 6.614\gmaonpc.exe" = protocol=6 | dir=in | app=i:\programme\grandma\grandma onpc 6.614\gmaonpc.exe |
"TCP Query User{81FC47D1-4996-43E8-B9CA-0439F7DCADBC}C:\program files\ma lighting technologies\grandma\grandma2 onpc 2.2.0.13\gma2onpc.exe" = protocol=6 | dir=in | app=c:\program files\ma lighting technologies\grandma\grandma2 onpc 2.2.0.13\gma2onpc.exe |
"TCP Query User{886943B3-3EE4-4887-A75E-A91CEFC90A36}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"TCP Query User{9184AD2E-B227-4418-BD5A-0582D8577A8F}C:\users\markus wester\appdata\local\temp\onlineupdate8\setupxu.exe" = protocol=6 | dir=in | app=c:\users\markus wester\appdata\local\temp\onlineupdate8\setupxu.exe |
"TCP Query User{B2D1E011-677B-4726-B41D-727C698E8E07}G:\spiele\worms 4 mayhem.exe" = protocol=6 | dir=in | app=g:\spiele\worms 4 mayhem.exe |
"TCP Query User{C1AEBF23-5056-4663-8B03-71F3EB6B018E}I:\programme\grandma\grandma onpc 6.603\gmaonpc.exe" = protocol=6 | dir=in | app=i:\programme\grandma\grandma onpc 6.603\gmaonpc.exe |
"TCP Query User{CBFC9F37-0D2F-4633-818F-281D3D6A605D}C:\program files\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe |
"TCP Query User{D705B722-3719-427B-BA2B-A25E541054AC}L:\feuerwehr\fms32 pro\fms32prodemo.exe" = protocol=6 | dir=in | app=l:\feuerwehr\fms32 pro\fms32prodemo.exe |
"TCP Query User{D7866476-7B0D-42A2-8F6C-C284A31427E9}C:\program files\itunes\itunes.exe" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"TCP Query User{EA88919B-8B41-4398-9E0D-4AA529A4E813}C:\program files\icq6\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6\icq.exe |
"TCP Query User{F1A3F115-37BF-4405-88B5-D184B7173A02}C:\program files\azureus\azureus.exe" = protocol=6 | dir=in | app=c:\program files\azureus\azureus.exe |
"TCP Query User{F6E787C8-160B-4508-AB64-504A7F558E08}C:\program files\dolby\dolby lake controller v4.2.1\dolby lake controller.exe" = protocol=6 | dir=in | app=c:\program files\dolby\dolby lake controller v4.2.1\dolby lake controller.exe |
"UDP Query User{115502F9-14F3-4C8A-9474-0C4F3D4D34C2}C:\program files\icq6\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6\icq.exe |
"UDP Query User{1C178151-1F83-4BFB-BD79-7333BFE5E057}G:\half-life\hl.exe" = protocol=17 | dir=in | app=g:\half-life\hl.exe |
"UDP Query User{2A2EFC48-D1DB-45BC-AE1D-70A784DF6D18}L:\feuerwehr\fms32 pro\fms32prodemo.exe" = protocol=17 | dir=in | app=l:\feuerwehr\fms32 pro\fms32prodemo.exe |
"UDP Query User{3E77D89F-7C88-4698-8A83-55134F8066FA}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"UDP Query User{42B1F589-A53A-42B4-AB07-FD00159BA752}C:\program files\dolby\dolby lake controller v4.2.1\dolby lake controller.exe" = protocol=17 | dir=in | app=c:\program files\dolby\dolby lake controller v4.2.1\dolby lake controller.exe |
"UDP Query User{4D38898A-6049-44BB-9456-D9AD8B59618F}C:\program files\dolby\dolby lake controller v4.2.1\dolby lake controller.exe" = protocol=17 | dir=in | app=c:\program files\dolby\dolby lake controller v4.2.1\dolby lake controller.exe |
"UDP Query User{53E3AF45-D96B-4BA4-ADE8-4FB099BBF246}C:\users\markus wester\appdata\local\temp\onlineupdate8\setupxu.exe" = protocol=17 | dir=in | app=c:\users\markus wester\appdata\local\temp\onlineupdate8\setupxu.exe |
"UDP Query User{6579262E-69AF-42B5-9197-94516E1E2F42}C:\program files\ma lighting technologies\grandma\grandma2 onpc 2.2.0.13\gma2onpc.exe" = protocol=17 | dir=in | app=c:\program files\ma lighting technologies\grandma\grandma2 onpc 2.2.0.13\gma2onpc.exe |
"UDP Query User{7C7EFD3F-6CA3-4968-B65C-EEB7D5B6AB81}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe |
"UDP Query User{8E7CCE44-F548-418F-BE78-BF506AE94CCD}C:\program files\itunes\itunes.exe" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"UDP Query User{A09D2C30-3C0F-4DBA-AD49-26DBD85BD0A5}C:\program files\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe |
"UDP Query User{A998F9D3-52E6-4C17-9C1B-C6F51FBA8698}I:\programme\grandma\grandma onpc 6.603\gmaonpc.exe" = protocol=17 | dir=in | app=i:\programme\grandma\grandma onpc 6.603\gmaonpc.exe |
"UDP Query User{AAD7BB0E-BD1E-4B45-9F80-7F4EAE273AA9}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe |
"UDP Query User{AE0E6BC6-C02F-4C62-A9F6-0BD235D51999}C:\program files\bearshare\bearshare.exe" = protocol=17 | dir=in | app=c:\program files\bearshare\bearshare.exe |
"UDP Query User{AEDFB1D7-1525-4818-8147-8AFB76D3AF91}C:\program files\ma lighting technologies\grandma\grandma2 onpc 2.2.0.13\gma2onpc.exe" = protocol=17 | dir=in | app=c:\program files\ma lighting technologies\grandma\grandma2 onpc 2.2.0.13\gma2onpc.exe |
"UDP Query User{B864A5C6-AD09-456F-B4CE-337C19FAAC29}C:\program files\icq6\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6\icq.exe |
"UDP Query User{B9D4F562-B68F-4DCD-91A4-ADDA904112D8}G:\spiele\worms 4 mayhem.exe" = protocol=17 | dir=in | app=g:\spiele\worms 4 mayhem.exe |
"UDP Query User{BE60FB70-9BAA-4C6A-A8D4-368D9EE5C9BF}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{D437332E-D60E-4354-9322-FE46DC8AB6FD}C:\program files\azureus\azureus.exe" = protocol=17 | dir=in | app=c:\program files\azureus\azureus.exe |
"UDP Query User{DB222749-3A9F-4562-A789-57AD9F348A44}C:\program files\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe |
"UDP Query User{E3E97E1F-141E-4125-B81B-9753372D383D}G:\spiele\worms2\frontend.exe" = protocol=17 | dir=in | app=g:\spiele\worms2\frontend.exe |
"UDP Query User{EBCA8294-A50A-45A4-8A3D-1674E196197E}I:\programme\grandma\grandma onpc 6.614\gmaonpc.exe" = protocol=17 | dir=in | app=i:\programme\grandma\grandma onpc 6.614\gmaonpc.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000407-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Premium
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{00D0200F-3B4D-4A2F-869E-533ED835A943}" = Hervorhebe-Funktion (Windows Live Toolbar)
"{01FDC9FC-4D4F-4DB0-ACD1-D3E8E1D52902}" = Sony Video Shared Library
"{0289B35E-DC07-4c7a-9710-BBD686EA4B7D}" = Status
"{028ED9C4-25EE-4DEE-9CF4-91034BC89B18}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{07159635-9DFE-4105-BFC0-2817DB540C68}" = Roxio Activation Module
"{07629207-FAA0-4F1A-8092-BF5085BE511F}" = Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{12D0BE8D-538C-4AB1-86DE-C540308F50DA}" = VAIO Content Metadata Manager Settings
"{133F46FF-B547-4462-AEAA-2322CA89CF67}" = VAIO Database Converter Ver 1.0
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693}" = BrowserProtect
"{15D5C238-4C2E-4AEA-A66D-D6989A4C586B}" = VAIO Launcher
"{1746EA69-DCB6-4408-B5A5-E75F55439CDF}" = Scan
"{179C56A4-F57F-4561-8BBF-F911D26EB435}" = WebReg
"{17DFE37C-064E-4834-AD8F-A4B2B4DF68F8}" = Adobe Photoshop Elements 8.0
"{18510937-0146-417B-95D8-14706649C384}" = VAIO Content Metadata Manager Settings
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = WinDVD for VAIO
"{2063C2E8-3812-4BBD-9998-6610F80C1DD4}" = VAIO Media AC3 Decoder 1.0
"{206FD69B-F9FE-4164-81BD-D52552BC9C23}" = GearDrvs
"{218761F6-CBF6-4973-B910-A33E6563A1EA}" = Windows Live Toolbar-Erweiterung (Windows Live Toolbar)
"{23825B69-36DF-4DAD-9CFD-118D11D80F16}" = VAIO Content Folder Setting
"{268278CF-FB69-4D98-B70E-BFEC1CDCA225}" = iTunes
"{26A24AE4-039D-4CA4-87B4-2F83216018F0}" = Java(TM) 6 Update 18
"{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java(TM) 6 Update 22
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{28549656-3CB3-44B6-9FAB-925A18DAC796}" = VAIO Movie Story
"{28AD24E2-BC9F-49B8-A20C-31C6C2D78428}" = VAIO Database Converter 1.0
"{291FB4BF-EEC7-4CF9-8469-F39ED1DBC4D8}" = VAIO Content Metadata XML Interface Library
"{2DD6C198-FA9A-40B4-8DE5-CE5206E3EB34}" = Smart Menus (Windows Live Toolbar)
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java(TM) 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{36FDBE6E-6684-462B-AE98-9A39A1B200CC}" = HP Product Assistant
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3B659FAD-E772-44A3-B7E7-560FF084669F}" = VAIO Smart Network
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3C43EAE7-22C0-4b33-ABFB-3757ECA5FD7B}" = HP Officejet All-In-One Series
"{3E31400D-274E-4647-916C-2CACC3741799}" = EpsonNet Print
"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = Browser Address Error Redirector
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{40724630-C95F-449d-B71D-777CFDE9EA21}" = J5700
"{40BA976E-38B8-4C63-990C-50999C8C3521}" = BPD_Scan
"{41A96655-19FB-473c-AAB7-429E372527C8}" = ProductContext
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{45C56AA7-ED1B-4800-A97F-EDDF3F3520B1}" = Apple Application Support
"{4882EBF5-CA37-4EF4-BCB8-9B0E78B907D0}" = VAIO Content Metadata Intelligent Analyzing Manager
"{49F2B650-2D7B-4F59-B33D-346F63776BD3}" = DocProc
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4cb9f93c-9edc-4be9-ae61-af128ddbecfa}" = Business Contact Manager für Outlook 2007 SP2
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.1
"{4EA55D20-27FB-45D7-8726-147E8A5F6C62}" = VAIO MusicBox
"{500162A0-4DD5-460A-BAFD-895AAE48C532}" = VAIO Media Content Collection 6.0
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{51C91B84-7B46-4FE7-8999-8228CFA75F89}" = Intel(R) Integrated Performance Primitives RTI 4.0
"{560F6B2E-F0DF-44E5-8190-A4A161F0E205}" = VAIO Media 6.0
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57B955CE-B5D3-495D-AF1B-FAEE0540BFEF}" = VAIO Data Restore Tool
"{5855C127-1F20-404D-B7FB-1FD84D7EAB5E}" = VAIO Media Redistribution 6.0
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{596BED91-A1D8-4DF1-8CD1-1C777F7588AC}" = VAIO DVD Menu Data Basic
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5D0F0C1F-46B0-4AA2-B8DC-02E5FE777C19}" = 5700_Help
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{5DDB3393-E08B-447E-925F-6C00B95D0FE7}" = iCloud
"{63A6E9A9-A190-46D4-9430-2DB28654AFD8}" = Norton 360
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{67D3F1A0-A1F2-49b7-B9EE-011277B170CD}" = HPProductAssistant
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6B1F20F2-6321-4669-A58C-33DF8E7517FF}" = VAIO Entertainment Platform
"{6C1EC809-88C6-4111-A6E0-0C6E203B3818}" = VAIO Movie Story 1.3 Upgrade
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{6FA8BA2C-052B-4072-B8E2-2302C268BE9E}" = VAIO Movie Story Template Data
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{72042FA6-5609-489F-A8EA-3C2DD650F667}" = VAIO Control Center
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{785EB1D4-ECEC-4195-99B4-73C47E187721}" = VAIO Media Integrated Server 6.1
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7B63B2922B174135AFC0E1377DD81EC2}" =
"{7C404084-C5A6-42FF-B731-0BAC79A6E134}" = VAIO Original Funktion Einstellungen
"{802889F8-6AF5-45A5-9764-CA5B999E50FC}" = VAIO Power Management
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90A40407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{926BD0E8-24A3-41D2-AF9B-340F1A37ED12}" = MobileMe Control Panel
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-007A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{95229EF6-F4A1-413A-BA50-668311FAFE19}" = VAIO Original Function Settings
"{95D08F4E-DFC2-4ce3-ACB7-8C8E206217E9}" = MarketResearch
"{96296507-058A-4BFA-A042-998487514AC9}" = VAIO Entertainment Platform
"{989ED050-E296-4FDC-9E4E-C48B4AF76E32}" = VAIO Content Metadata Intelligent Analyzing Manager
"{98FC7A64-774B-49B5-B046-4B4EBC053FA9}" = VAIO MusicBox Sample Music
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B1FD9CE-0776-4f0b-A6F5-C6AB7B650CDF}" = Destinations
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C2D4047-0E40-499a-AC7A-C4B9BB12FE03}" = TrayApp
"{9D12A8B5-9D41-4465-BF11-70719EB0CD02}" = VU5x86
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Alps Pointing-device for VAIO
"{9FA8B5F5-4BDC-4CF4-9202-AA97FF79AE98}" = VAIO Media
"{9FF95DA2-7DA1-4228-93B7-DED7EC02B6B2}" = VAIO Update
"{A02D7029-C4EF-44C1-9FD4-C0D3CA518113}" = Epson Easy Photo Print 2
"{A2CC286B-BFE9-4D1F-9EDA-AA3E8289CA12}" = BPDSoftware_Ini
"{A3563827-B0DB-44DC-B037-15CC4E5E692F}" = VAIO Content Metadata XML Interface Library
"{A36CD345-625C-4d6c-B3E2-76E1248CB451}" = SolutionCenter
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A7DA438C-2E43-4C20-BFDA-C1F4A6208558}" = Setting Utility Series
"{A80FA752-C491-4ED9-ABF0-4278563160B2}" = 32 Bit HP CIO Components Installer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1031-7B44-A83000000003}" = Adobe Reader 8.3.1 - Deutsch
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{AF9A04EB-7D8E-41DE-9EDE-4AB9BB2B71B6}" = VAIO Media Registration Tool 6.0
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B1991F22-4F93-4D11-9866-A7DFE551DF9E}" = VAIO Content Metadata Intelligent Analyzing Manager
"{B25563A0-41F4-4A81-A6C1-6DBC0911B1F3}" = VAIO Movie Story
"{B2D55EB8-32C5-4B43-9006-9E97DECBA178}" = Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser)
"{BE77A81F-B315-4666-9BF3-AE70C0ADB057}" = BufferChm
"{C0482AA0-9CDF-49B4-9B39-551FD1A7A7E6}" = VAIO Movie Story 1.5 Upgrade
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{C716522C-3731-4667-8579-40B098294500}" = Toolbox
"{C7477742-DDB4-43E5-AC8D-0259E1E661B1}" = VAIO Event Service
"{CCD663AE-610D-4BDF-AAB0-E914B044527D}" = OpenMG Secure Module 4.7.00
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D60F97EC-EF06-4E1E-B0D1-C2CBABA62FA3}" = VAIO Wallpaper Contents
"{dc57c3f1-257a-42c0-9300-8fa645304f88}_is1" = Funkspiel Rettlingen
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E14ADE0E-75F3-4A46-87E5-26692DD626EC}" = Apple Mobile Device Support
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E89D31F3-7F6C-47A3-8669-0A8DDE27B664}" = VAIO Media Registration Tool
"{EB21A812-671B-4D08-B974-2A347F0D8F70}" = HP Photosmart Essential
"{EB75DE50-5754-4F6F-875D-126EDF8E4CB3}" = HPSSupply
"{ECAD4F6A-0BF3-4028-9C81-E5D9F9606CBA}" = BPDSoftware
"{EEEB604C-C1A7-4f8c-B03F-56F9C1C9C45F}" = Fax
"{EF1ADA5A-0B1A-4662-8C55-7475A61D8B65}" = DeviceDiscovery
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F46E21DF-5BE1-48E2-8390-5EEA8B25E36A}" = Microsoft SQL Server Native Client
"{F570A6CC-53ED-4AA9-8B08-551CD3E38D8B}" =
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F88A7EB0-90F4-4012-9194-33AF2F1C5BF1}" = VAIO Movie Story 1.5 Upgrade
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FDE96E86-7780-431C-92F7-679C6A7CEC51}" = Microsoft SQL Server VSS Writer
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop Elements 8.0" = Adobe Photoshop Elements 8.0
"Avira AntiVir Desktop" = Avira Free Antivirus
"Business Contact Manager" = Business Contact Manager für Outlook 2007 SP2
"delta" = Delta toolbar
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup" = DivX-Setup
"Dolby Lake Controller CProgram FilesDolbyDolby Lake Controller v4.2.1" = Dolby Lake Controller v4.2.1 Build 663
"dt icon module" =
"ElsterFormular 12.4.0.7094u" = ElsterFormular
"EPSON Scanner" = EPSON Scan
"EPSON SX235 Series" = EPSON SX235 Series Printer Uninstall
"EPSON SX235 Series Netg" = Netzwerkhandbuch EPSON SX235 Series
"EPSON SX235 Series Useg" = Benutzerhandbuch EPSON SX235 Series
"FBrowsingAdvisor_is1" = FBrowsingAdvisor
"Free Studio_is1" = Free Studio version 5.9.0.1212
"Free YouTube Download_is1" = Free YouTube Download version 3.1.40.1031
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.35.1031
"FUSSBALL MANAGER 08" = FUSSBALL MANAGER 08
"grandMA onPC 6.603" = grandMA onPC 6.603
"grandMA onPC 6.614" = grandMA onPC 6.614
"grandMA2 onPC 2.2.0.13" = grandMA2 onPC 2.2.0.13
"gtfirstboot Setting Request" =
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HP Imaging Device Functions" = HP Imaging Device Functions 8.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center 8.0
"HPExtendedCapabilities" = HP Customer Participation Program 8.0
"HPOCR" = HP OCR Software 8.0
"InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = WinDVD for VAIO
"InstallShield_{CCD663AE-610D-4BDF-AAB0-E914B044527D}" = OpenMG Secure Module 4.7.00
"KF730Wiz" = KF730Wiz
"MarketingTools" = Vaio Marketing Tools
"MFU Module" =
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"Nero - Burning Rom!UninstallKey" = Nero OEM
"NeroVision!UninstallKey" = NeroVision Express 2
"OpenMG HotFix4.7-07-13-22-01" = OpenMG Limited Patch 4.7-07-15-19-01
"PDF-to-Word 3.1 Demo" = PDF-to-Word 3.1 Demo
"Picasa 3" = Picasa 3
"qlvqa" = Favorit
"ST6UNST #1" = FMS32-PRO - Demoversion
"Stardraw Professional" = Stardraw Professional
"SurfingSoftware" = SurfingSoftware
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"Uninstall_is1" = Uninstall 1.0.0.1
"VAIO Help and Support" =
"VAIO_My Club VAIO" = My Club VAIO
"VLC media player" = VLC media player 1.0.1
"Winamp" = Winamp
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 22.03.2013 16:32:07 | Computer Name = Markus-Laptop | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung notepad.exe, Version 6.0.6001.18000, Zeitstempel
0x47918ea2, fehlerhaftes Modul gdiplus.dll_unloaded, Version 0.0.0.0, Zeitstempel
0x4f2bf90a, Ausnahmecode 0xc0000005, Fehleroffset 0x73a174b2, Prozess-ID 0x10a4,
Anwendungsstartzeit 01ce273ba8b6f7d8.
Error - 22.03.2013 16:36:13 | Computer Name = Markus-Laptop | Source = Microsoft-Windows-CAPI2 | ID = 131584
Description =
Error - 22.03.2013 16:39:12 | Computer Name = Markus-Laptop | Source = VzCdbSvc | ID = 7
Description = Das Plug-In-Modul konnte nicht geladen werden. (GUID = {56F9312C-C989-4E04-8C23-299DEE3A36F5})
(Fehlercode = 0x80042019)
Error - 22.03.2013 17:04:10 | Computer Name = Markus-Laptop | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung otir98yb.exe, Version 2.1.19155.0, Zeitstempel
0x51349f87, fehlerhaftes Modul otir98yb.exe, Version 2.1.19155.0, Zeitstempel 0x51349f87,
Ausnahmecode 0xc0000005, Fehleroffset 0x00012288, Prozess-ID 0x874, Anwendungsstartzeit
01ce27404a39ff3e.
Error - 22.03.2013 17:07:19 | Computer Name = Markus-Laptop | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung otir98yb.exe, Version 2.1.19155.0, Zeitstempel
0x51349f87, fehlerhaftes Modul otir98yb.exe, Version 2.1.19155.0, Zeitstempel 0x51349f87,
Ausnahmecode 0xc0000005, Fehleroffset 0x00012288, Prozess-ID 0x494, Anwendungsstartzeit
01ce2740d7fb558e.
Error - 22.03.2013 17:11:16 | Computer Name = Markus-Laptop | Source = VzCdbSvc | ID = 7
Description = Das Plug-In-Modul konnte nicht geladen werden. (GUID = {56F9312C-C989-4E04-8C23-299DEE3A36F5})
(Fehlercode = 0x80042019)
Error - 22.03.2013 17:15:23 | Computer Name = Markus-Laptop | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung otir98yb.exe, Version 2.1.19155.0, Zeitstempel
0x51349f87, fehlerhaftes Modul otir98yb.exe, Version 2.1.19155.0, Zeitstempel 0x51349f87,
Ausnahmecode 0xc0000005, Fehleroffset 0x00012288, Prozess-ID 0x16b8, Anwendungsstartzeit
01ce2741f3ee30dd.
Error - 22.03.2013 17:31:34 | Computer Name = Markus-Laptop | Source = Application Hang | ID = 1002
Description = Programm OTL.exe, Version 3.2.69.0 arbeitet nicht mehr mit Windows
zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen
für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem
zu suchen. Prozess-ID: 10a4 Anfangszeit: 01ce2742c4aa226d Zeitpunkt der Beendigung:
0
Error - 23.03.2013 12:54:51 | Computer Name = Markus-Laptop | Source = VzCdbSvc | ID = 7
Description = Das Plug-In-Modul konnte nicht geladen werden. (GUID = {56F9312C-C989-4E04-8C23-299DEE3A36F5})
(Fehlercode = 0x80042019)
Error - 24.03.2013 15:11:59 | Computer Name = Markus-Laptop | Source = VzCdbSvc | ID = 7
Description = Das Plug-In-Modul konnte nicht geladen werden. (GUID = {56F9312C-C989-4E04-8C23-299DEE3A36F5})
(Fehlercode = 0x80042019)
[ Media Center Events ]
Error - 17.04.2008 05:27:37 | Computer Name = Markus-Laptop | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: Download von Paket MCESpotlight
gescheitert.
[ System Events ]
Error - 22.03.2013 17:10:40 | Computer Name = Markus-Laptop | Source = Service Control Manager | ID = 7000
Description =
Error - 22.03.2013 17:11:01 | Computer Name = Markus-Laptop | Source = Service Control Manager | ID = 7022
Description =
Error - 22.03.2013 17:32:17 | Computer Name = Markus-Laptop | Source = DCOM | ID = 10010
Description =
Error - 23.03.2013 12:54:04 | Computer Name = Markus-Laptop | Source = Service Control Manager | ID = 7000
Description =
Error - 23.03.2013 12:54:04 | Computer Name = Markus-Laptop | Source = Service Control Manager | ID = 7000
Description =
Error - 23.03.2013 12:54:44 | Computer Name = Markus-Laptop | Source = Service Control Manager | ID = 7022
Description =
Error - 23.03.2013 13:17:24 | Computer Name = Markus-Laptop | Source = DCOM | ID = 10010
Description =
Error - 24.03.2013 15:11:25 | Computer Name = Markus-Laptop | Source = Service Control Manager | ID = 7000
Description =
Error - 24.03.2013 15:11:25 | Computer Name = Markus-Laptop | Source = Service Control Manager | ID = 7000
Description =
Error - 24.03.2013 15:11:56 | Computer Name = Markus-Laptop | Source = Service Control Manager | ID = 7022
Description =
< End of report >
--- --- ---OTL Logfile: Code:
ATTFilter OTL logfile created on: 24.03.2013 20:36:25 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Markus Wester\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1,99 Gb Total Physical Memory | 0,83 Gb Available Physical Memory | 41,71% Memory free 4,22 Gb Paging File | 2,77 Gb Available in Paging File | 65,65% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 139,87 Gb Total Space | 46,30 Gb Free Space | 33,10% Space Free | Partition Type: NTFS Drive L: | 465,76 Gb Total Space | 397,20 Gb Free Space | 85,28% Space Free | Partition Type: NTFS Computer Name: MARKUS-LAPTOP | User Name: Markus Wester | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.03.22 22:18:13 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Markus Wester\Desktop\OTL.exe PRC - [2013.03.12 21:57:11 | 000,706,776 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\Macromed\Flash\FlashUtil32_11_6_602_180_ActiveX.exe PRC - [2013.01.16 17:27:06 | 002,550,224 | ---- | M] () -- C:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe PRC - [2012.10.26 10:33:12 | 001,038,496 | ---- | M] (Sony Corporation) -- C:\Programme\Sony\VAIO Update\VAIOUpdt.exe PRC - [2012.10.26 09:44:42 | 000,957,056 | ---- | M] (Sony Corporation) -- C:\Programme\Sony\VAIO Update\VUAgent.exe PRC - [2012.08.10 11:46:17 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.05.13 15:11:22 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2012.05.13 15:11:17 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe PRC - [2012.05.13 15:11:16 | 000,110,032 | ---- | M] (Avira OperAations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2011.03.28 19:31:16 | 000,193,920 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE PRC - [2011.03.28 19:31:14 | 001,713,536 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE PRC - [2010.12.10 18:30:50 | 000,086,880 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe PRC - [2010.12.10 18:29:30 | 000,238,944 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe PRC - [2009.10.09 04:45:56 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe PRC - [2009.09.16 13:27:12 | 000,480,624 | ---- | M] (Sony Corporation) -- C:\Programme\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe PRC - [2009.05.19 10:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe PRC - [2009.04.11 07:28:03 | 001,233,920 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe PRC - [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009.03.05 18:59:50 | 000,313,264 | ---- | M] (Sony Corporation) -- C:\Programme\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe PRC - [2009.03.05 18:59:50 | 000,192,512 | ---- | M] (Sony Corporation) -- C:\Programme\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe PRC - [2009.03.05 18:41:58 | 005,189,992 | ---- | M] (Sony Corporation) -- C:\Programme\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe PRC - [2008.11.05 08:32:40 | 000,262,144 | ---- | M] (Sony Corporation) -- C:\Programme\Sony\Network Utility\LANUtil.exe PRC - [2008.11.03 16:01:44 | 000,299,008 | ---- | M] (Sony Corporation) -- C:\Programme\Sony\Network Utility\NSUService.exe PRC - [2008.01.19 08:38:38 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Defender\MSASCui.exe PRC - [2008.01.19 08:38:32 | 000,319,544 | ---- | M] (Microsoft Corporation) -- c:\Programme\Windows Defender\MpCmdRun.exe PRC - [2008.01.19 08:33:37 | 000,397,312 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Mail\WinMail.exe PRC - [2008.01.16 09:51:44 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe PRC - [2007.10.31 13:13:44 | 000,921,600 | ---- | M] (Sony Corporation) -- C:\Programme\Sony\VAIO Power Management\SPMgr.exe PRC - [2007.08.14 20:05:18 | 000,182,392 | ---- | M] (Sony Corporation) -- C:\Programme\Sony\VAIO Event Service\VESMgr.exe PRC - [2007.08.14 20:05:18 | 000,100,472 | ---- | M] (Sony Corporation) -- C:\Programme\Sony\VAIO Event Service\VESMgrSub.exe PRC - [2007.06.10 01:12:18 | 000,118,784 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Programme\Apoint\Apoint.exe PRC - [2007.06.10 01:12:16 | 000,050,736 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Programme\Apoint\ApMsgFwd.exe PRC - [2007.01.04 19:48:52 | 000,112,152 | R--- | M] (InterVideo) -- C:\Programme\Common Files\InterVideo\RegMgr\iviRegMgr.exe PRC - [2006.12.19 18:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Programme\Common Files\EPSON\EBAPI\eEBSvc.exe PRC - [2003.06.19 22:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\VS7DEBUG\MDM.EXE PRC - [2000.06.29 09:45:10 | 000,052,224 | ---- | M] (Kenonic Controls Ltd.) -- C:\Windows\System32\Crypserv.exe ========== Modules (No Company Name) ========== MOD - [2013.01.16 17:27:06 | 002,550,224 | ---- | M] () -- C:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe MOD - [2013.01.16 17:26:01 | 002,212,304 | ---- | M] () -- c:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.dll MOD - [2011.06.24 21:56:36 | 000,087,328 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2011.06.24 21:56:14 | 001,241,888 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2007.09.20 18:34:58 | 000,129,024 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll MOD - [2007.09.20 01:04:28 | 000,249,856 | ---- | M] () -- C:\Windows\System32\igfxTMM.dll ========== Services (SafeList) ========== SRV - File not found [On_Demand | Stopped] -- C:\Users\MARKUS~1\AppData\Local\Temp\SUWARVUQPPSQ.exe -- (SUWARVUQPPSQ) SRV - File not found [Disabled | Stopped] -- C:\Windows\system32\IoctlSvc.exe -- (PLFlash DeviceIoControl Service) SRV - File not found [On_Demand | Stopped] -- C:\Users\MARKUS~1\AppData\Local\Temp\NFQRDNI.exe -- (NFQRDNI) SRV - File not found [On_Demand | Stopped] -- C:\Users\MARKUS~1\AppData\Local\Temp\KEDVYIK.exe -- (KEDVYIK) SRV - File not found [Auto | Stopped] -- C:\Users\MARKUS~1\AppData\Local\Temp\hpdj.exe -- (hpdj) SRV - File not found [Disabled | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon -- (CLTNetCnService) SRV - File not found [On_Demand | Stopped] -- C:\Users\MARKUS~1\AppData\Local\Temp\BBDIRSECKXY.exe -- (BBDIRSECKXY) SRV - [2013.03.12 22:57:00 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013.01.16 17:27:06 | 002,550,224 | ---- | M] () [Auto | Running] -- C:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe -- (BrowserProtect) SRV - [2013.01.08 12:53:48 | 000,161,536 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.10.26 09:44:42 | 000,957,056 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Programme\Sony\VAIO Update\VUAgent.exe -- (VUAgent) SRV - [2012.05.13 15:11:22 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.05.13 15:11:16 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011.03.28 19:31:14 | 001,713,536 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2010.12.10 18:30:50 | 000,086,880 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter) SRV - [2010.12.10 18:29:30 | 029,293,408 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$MSSMLBIZ) SRV - [2010.12.10 18:29:30 | 000,238,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser) SRV - [2010.12.10 18:29:30 | 000,044,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper) SRV - [2010.10.27 07:54:05 | 000,867,080 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2009.10.09 04:45:56 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor8.0) SRV - [2009.09.16 13:27:12 | 000,480,624 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Programme\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe -- (VcmIAlzMgr) SRV - [2009.09.08 18:09:14 | 000,083,312 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe -- (VcmXmlIfHelper) SRV - [2009.05.19 10:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort) SRV - [2009.03.05 18:59:50 | 000,313,264 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Programme\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe -- (Vcsw) SRV - [2009.03.05 18:59:50 | 000,192,512 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Programme\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe -- (VzCdbSvc) SRV - [2009.03.05 18:59:50 | 000,069,632 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe -- (VAIO Entertainment TV Device Arbitration Service) SRV - [2009.03.05 18:41:58 | 005,189,992 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Programme\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe -- (VCFw) SRV - [2008.11.03 16:01:44 | 000,299,008 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Programme\Sony\Network Utility\NSUService.exe -- (NSUService) SRV - [2008.01.19 08:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2008.01.19 08:33:39 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) SRV - [2008.01.16 09:51:44 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc) SRV - [2007.08.14 20:05:18 | 000,182,392 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Programme\Sony\VAIO Event Service\VESMgr.exe -- (VAIO Event Service) SRV - [2007.06.20 15:35:06 | 002,523,136 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Sony\VAIO Media Integrated Server\VMISrv.exe -- (VAIOMediaPlatform-IntegratedServer-AppServer) SRV - [2007.06.20 15:34:52 | 000,499,712 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe -- (VAIOMediaPlatform-Mobile-Gateway) SRV - [2007.06.20 15:34:50 | 001,089,536 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe -- (VAIOMediaPlatform-UCLS-UPnP) SRV - [2007.06.20 15:34:50 | 001,089,536 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe -- (VAIOMediaPlatform-IntegratedServer-UPnP) SRV - [2007.06.20 15:34:50 | 000,397,312 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe -- (VAIOMediaPlatform-UCLS-HTTP) SRV - [2007.06.20 15:34:50 | 000,397,312 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe -- (VAIOMediaPlatform-IntegratedServer-HTTP) SRV - [2007.01.10 16:51:06 | 000,745,472 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Sony\VAIO Media Integrated Server\UCLS.exe -- (VAIOMediaPlatform-UCLS-AppServer) SRV - [2007.01.04 19:48:52 | 000,112,152 | R--- | M] (InterVideo) [Auto | Running] -- C:\Programme\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr) SRV - [2006.12.19 18:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Programme\Common Files\EPSON\EBAPI\eEBSvc.exe -- (EpsonBidirectionalService) SRV - [2006.12.14 02:21:20 | 000,045,056 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV) SRV - [2006.12.14 02:02:08 | 000,069,632 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV) SRV - [2006.12.14 01:46:16 | 000,057,344 | ---- | M] () [On_Demand | Stopped] -- C:\Programme\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR) SRV - [2006.10.26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose) SRV - [2003.06.19 22:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Common Files\microsoft shared\VS7DEBUG\MDM.EXE -- (MDM) SRV - [2000.06.29 09:45:10 | 000,052,224 | ---- | M] (Kenonic Controls Ltd.) [Auto | Running] -- C:\Windows\System32\Crypserv.exe -- (Crypkey License) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | Disabled | Stopped] -- system32\DRIVERS\UIUSYS.SYS -- (UIUSys) DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\PCASp50.sys -- (PCASp50) DRV - File not found [Kernel | Disabled | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | Disabled | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | Disabled | Stopped] -- system32\DRIVERS\mdmxsdk.sys -- (mdmxsdk) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp) DRV - File not found [Kernel | Disabled | Stopped] -- system32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) DRV - File not found [Kernel | Disabled | Stopped] -- system32\DRIVERS\HSXHWAZL.sys -- (HSXHWAZL) DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive) DRV - [2012.05.13 15:11:23 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2012.05.13 15:11:23 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2011.10.11 15:00:01 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr) DRV - [2011.05.10 07:06:14 | 000,018,432 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netaapl.sys -- (Netaapl) DRV - [2010.06.17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2010.03.25 18:09:38 | 000,113,664 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbnet.sys -- (ewusbnet) DRV - [2010.03.25 18:09:38 | 000,103,168 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard) DRV - [2010.03.25 18:09:38 | 000,101,120 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbfake.sys -- (hwusbfake) DRV - [2009.04.27 14:15:04 | 000,009,216 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\massfilter.sys -- (massfilter) DRV - [2009.03.25 16:48:00 | 000,114,728 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018mdm.sys -- (s1018mdm) DRV - [2009.03.25 16:48:00 | 000,109,864 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018unic.sys -- (s1018unic) DRV - [2009.03.25 16:48:00 | 000,106,208 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018mgmt.sys -- (s1018mgmt) DRV - [2009.03.25 16:48:00 | 000,104,744 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018obex.sys -- (s1018obex) DRV - [2009.03.25 16:48:00 | 000,086,824 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018bus.sys -- (s1018bus) DRV - [2009.03.25 16:48:00 | 000,026,024 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018nd5.sys -- (s1018nd5) DRV - [2009.03.25 16:48:00 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018mdfl.sys -- (s1018mdfl) DRV - [2008.06.18 16:49:16 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BVRPMPR5.SYS -- (BVRPMPR5) DRV - [2008.05.16 10:33:14 | 000,115,752 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016unic.sys -- (s0016unic) DRV - [2008.05.16 10:33:14 | 000,025,512 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016nd5.sys -- (s0016nd5) DRV - [2008.05.16 10:33:14 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016mdfl.sys -- (s0016mdfl) DRV - [2008.05.16 10:33:12 | 000,120,744 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016mdm.sys -- (s0016mdm) DRV - [2008.05.16 10:33:12 | 000,114,216 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016mgmt.sys -- (s0016mgmt) DRV - [2008.05.16 10:33:12 | 000,110,632 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016obex.sys -- (s0016obex) DRV - [2008.05.16 10:33:12 | 000,089,256 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016bus.sys -- (s0016bus) DRV - [2007.10.25 01:04:01 | 000,776,704 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\athr.sys -- (athr) DRV - [2007.09.19 13:38:18 | 000,010,216 | ---- | M] (Sony Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\DMICall.sys -- (DMICall) DRV - [2007.09.19 04:29:09 | 002,222,080 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) DRV - [2007.08.29 02:58:45 | 000,009,344 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SFEP.sys -- (SFEP) DRV - [2007.06.10 01:12:18 | 000,140,800 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService) DRV - [2007.06.06 01:00:39 | 000,812,544 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ti21sony.sys -- (ti21sony) DRV - [2007.04.17 20:09:28 | 000,011,032 | ---- | M] (InterVideo) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\regi.sys -- (regi) DRV - [2007.02.13 19:06:36 | 000,128,104 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\WimFltr.sys -- (WimFltr) DRV - [2006.11.02 08:30:54 | 001,781,760 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) DRV - [2004.04.26 22:31:04 | 000,474,304 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvcd.sys -- (QCDonner) DRV - [2000.02.03 20:53:12 | 000,024,608 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\Ckldrv.sys -- (NetworkX) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.club-vaio.com IE - HKLM\..\SearchScopes,DefaultScope = {B6BC3804-A54A-4D3C-94D2-A09AB9D1AD6F} IE - HKLM\..\SearchScopes\{B6BC3804-A54A-4D3C-94D2-A09AB9D1AD6F}: "URL" = hxxp://www.google.de/search?hl=de&q={searchTerms}&meta= IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1433685974-1778743318-4094590983-1003\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page = hxxp://google.de/ IE - HKU\S-1-5-21-1433685974-1778743318-4094590983-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = C:\Users\Markus Wester\Desktop IE - HKU\S-1-5-21-1433685974-1778743318-4094590983-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKU\S-1-5-21-1433685974-1778743318-4094590983-1003\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKU\S-1-5-21-1433685974-1778743318-4094590983-1003\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} IE - HKU\S-1-5-21-1433685974-1778743318-4094590983-1003\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} IE - HKU\S-1-5-21-1433685974-1778743318-4094590983-1003\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://www.delta-search.com/?q={searchTerms}&affID=119293&babsrc=SP_ss&mntrId=383bf899000000000000001cbf5c17d1 IE - HKU\S-1-5-21-1433685974-1778743318-4094590983-1003\..\SearchScopes\{4F11ACBB-393F-4c86-A214-FF3D0D155CC3}: "URL" = hxxp://search.burn4free-toolbar.com/search?p=Q&ts=ne&w={searchTerms}&csrc=search-field IE - HKU\S-1-5-21-1433685974-1778743318-4094590983-1003\..\SearchScopes\{6C15FAAF-7DB7-4EE8-B17F-63CF5C42A625}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-1433685974-1778743318-4094590983-1003\..\SearchScopes\{B6BC3804-A54A-4D3C-94D2-A09AB9D1AD6F}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGLL_de IE - HKU\S-1-5-21-1433685974-1778743318-4094590983-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1433685974-1778743318-4094590983-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.selectedEngine: "Delta Search" FF - prefs.js..browser.startup.homepage: "hxxp://www.delta-search.com/?affID=119293&babsrc=HP_ss&mntrId=383bf899000000000000001cbf5c17d1" FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:2.7.2.0 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: ff-bmboc@bytemobile.com:4.2.2 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..network.proxy.no_proxies_on: "*.local" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011.12.16 15:33:03 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.12.20 12:14:55 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.12.20 12:14:55 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{58bd07eb-0ee0-4df0-8121-dc9b693373df}: C:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension [2013.02.13 01:58:43 | 000,000,000 | ---D | M] [2009.11.18 00:57:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Markus Wester\AppData\Roaming\mozilla\Extensions [2013.02.13 01:58:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Markus Wester\AppData\Roaming\mozilla\Firefox\Profiles\iftac3se.default\extensions [2010.05.28 22:13:33 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Markus Wester\AppData\Roaming\mozilla\Firefox\Profiles\iftac3se.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.08.25 01:32:56 | 000,000,000 | ---D | M] (DVDVideoSoftTB Toolbar) -- C:\Users\Markus Wester\AppData\Roaming\mozilla\Firefox\Profiles\iftac3se.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5} [2012.12.20 14:40:41 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Markus Wester\AppData\Roaming\mozilla\Firefox\Profiles\iftac3se.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2013.02.13 01:58:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Markus Wester\AppData\Roaming\mozilla\Firefox\Profiles\iftac3se.default\extensions\ffxtlbr@babylon.com [2013.02.13 01:58:36 | 000,000,000 | ---D | M] (Delta Toolbar) -- C:\Users\Markus Wester\AppData\Roaming\mozilla\Firefox\Profiles\iftac3se.default\extensions\ffxtlbr@delta.com [2013.02.13 01:58:39 | 000,001,294 | ---- | M] () -- C:\Users\Markus Wester\AppData\Roaming\mozilla\firefox\profiles\iftac3se.default\searchplugins\delta.xml [2012.04.16 22:42:18 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2010.05.13 20:51:25 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010.08.13 00:32:50 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2010.10.13 16:12:24 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2011.01.13 01:35:13 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [2011.04.13 00:22:59 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [2012.04.16 22:42:18 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} [2012.04.16 22:41:39 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2010.10.19 14:40:39 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2013.02.13 01:58:27 | 000,006,484 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml [2010.10.19 14:40:39 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2010.10.19 14:40:39 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2010.10.19 14:40:39 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2010.10.19 14:40:39 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - default_search_provider: () CHR - default_search_provider: search_url = CHR - default_search_provider: suggest_url = CHR - homepage: hxxp://www.google.com/ CHR - Extension: No name found = C:\Users\Markus Wester\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgafcinpmmpklohkojmllohdhomoefph\1.0\ O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programme\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2 - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Programme\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.) O2 - BHO: (delta Helper Object) - {C1AF5FA5-852C-4C90-812E-A7F75E011D87} - C:\Programme\Delta\delta\1.8.10.0\bh\delta.dll (Delta-search.com) O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Programme\Google BAE\BAE.dll (Your Company Name) O3 - HKLM\..\Toolbar: (Delta Toolbar) - {82E1477C-B154-48D3-9891-33D83C26BCD3} - C:\Programme\Delta\delta\1.8.10.0\deltaTlbr.dll (Delta-search.com) O3 - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Programme\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.) O3 - HKU\S-1-5-21-1433685974-1778743318-4094590983-1003\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found. O3 - HKU\S-1-5-21-1433685974-1778743318-4094590983-1003\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found. O3 - HKU\S-1-5-21-1433685974-1778743318-4094590983-1003\..\Toolbar\WebBrowser: (no name) - {4F11ACBB-393F-4C86-A214-FF3D0D155CC3} - No CLSID value found. O3 - HKU\S-1-5-21-1433685974-1778743318-4094590983-1003\..\Toolbar\WebBrowser: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No CLSID value found. O4 - HKLM..\Run: [Apoint] C:\Programme\Apoint\Apoint.exe (Alps Electric Co., Ltd.) O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-21-1433685974-1778743318-4094590983-1003..\Run: [NSUFloatingUI] C:\Program Files\Sony\Network Utility\LANUtil.exe (Sony Corporation) O7 - HKU\S-1-5-21-1433685974-1778743318-4094590983-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.) O8 - Extra context menu item: Free YouTube Download - C:\Users\Markus Wester\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm () O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Markus Wester\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html File not found O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Save YouTube Video - res://C:\Program Files\Common Files\DVDVideoSoft\Dll\IEContextMenuY.dll/scriptY2MP4.htm File not found O9 - Extra Button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{14A7AC6E-184D-420A-8521-26E50DFAB121}: DhcpNameServer = 192.168.34.254 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4165FF16-3A47-48F7-86CD-6157C9869565}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{61D1D401-7AA3-436F-9B49-DB8CA17F8349}: DhcpNameServer = 10.111.81.129 10.129.32.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{99C3A7CB-3A38-4D63-8F7A-E6F11D6A7F10}: DhcpNameServer = 10.74.210.210 10.74.210.211 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C80BAF53-83DE-444E-84E2-497792622D88}: DhcpNameServer = 139.7.30.125 139.7.30.126 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D60701BC-F42B-4E2C-A980-50CFE908DF80}: DhcpNameServer = 139.7.30.125 139.7.30.126 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EB84E87D-78F5-49D9-9F10-F1E56A98C93F}: DhcpNameServer = 139.7.30.125 139.7.30.126 O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.dll File not found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.dll File not found O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Programme\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (c:\progra~2\browse~1\261095~1.52\{c16c1~1\browse~1.dll) - c:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.dll () O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKU\S-1-5-21-1433685974-1778743318-4094590983-1003 Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKU\S-1-5-21-1433685974-1778743318-4094590983-1003 Winlogon: Shell - (C:\Users\Markus Wester\AppData\Roaming\skype.dat) - File not found O20 - Winlogon\Notify\VESWinlogon: DllName - (VESWinlogon.dll) - C:\Windows\System32\VESWinlogon.dll (Sony Corporation) O24 - Desktop WallPaper: C:\Users\Markus Wester\Pictures\Iphone\Jasmina\IMG_2488.jpg O24 - Desktop BackupWallPaper: C:\Users\Markus Wester\Pictures\Iphone\Jasmina\IMG_2488.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2011.09.15 12:12:14 | 000,000,080 | -H-- | M] () - L:\autorun.inf -- [ NTFS ] O33 - MountPoints2\{16ddee3e-0434-11e0-b602-001a80270f0d}\Shell - "" = AutoRun O33 - MountPoints2\{16ddee3e-0434-11e0-b602-001a80270f0d}\Shell\AutoRun\command - "" = K:\setup_vmc_lite.exe /checkApplicationPresence O33 - MountPoints2\{16ddee41-0434-11e0-b602-001a80270f0d}\Shell - "" = AutoRun O33 - MountPoints2\{16ddee41-0434-11e0-b602-001a80270f0d}\Shell\AutoRun\command - "" = K:\setup_vmc_lite.exe /checkApplicationPresence O33 - MountPoints2\{16ddee52-0434-11e0-b602-001e101f1f81}\Shell - "" = AutoRun O33 - MountPoints2\{16ddee52-0434-11e0-b602-001e101f1f81}\Shell\AutoRun\command - "" = K:\setup_vmc_lite.exe /checkApplicationPresence O33 - MountPoints2\{2ce70774-88df-11de-9833-001a80270f0d}\Shell - "" = AutoRun O33 - MountPoints2\{2ce70774-88df-11de-9833-001a80270f0d}\Shell\AutoRun\command - "" = J:\LaunchU3.exe -a O33 - MountPoints2\{3ec3ed04-2df4-11e0-86d7-001e101ff8c4}\Shell - "" = AutoRun O33 - MountPoints2\{3ec3ed04-2df4-11e0-86d7-001e101ff8c4}\Shell\AutoRun\command - "" = K:\setup_vmc_lite.exe /checkApplicationPresence O33 - MountPoints2\{65e8b903-ae6d-11de-aed2-001cbf5c17d1}\Shell - "" = AutoRun O33 - MountPoints2\{65e8b903-ae6d-11de-aed2-001cbf5c17d1}\Shell\AutoRun\command - "" = I:\AutoRun.exe O33 - MountPoints2\{65e8b927-ae6d-11de-aed2-001cbf5c17d1}\Shell - "" = AutoRun O33 - MountPoints2\{65e8b927-ae6d-11de-aed2-001cbf5c17d1}\Shell\AutoRun\command - "" = I:\AutoRun.exe O33 - MountPoints2\{774cf515-53d9-11df-ad6c-001a80270f0d}\Shell - "" = AutoRun O33 - MountPoints2\{774cf515-53d9-11df-ad6c-001a80270f0d}\Shell\AutoRun\command - "" = I:\Startme.exe O33 - MountPoints2\{8d737d90-05eb-11e0-9a02-001e101f4e71}\Shell - "" = AutoRun O33 - MountPoints2\{8d737d90-05eb-11e0-9a02-001e101f4e71}\Shell\AutoRun\command - "" = K:\setup_vmc_lite.exe /checkApplicationPresence O33 - MountPoints2\{a909c4d1-7a01-11e0-8203-001e101fb681}\Shell - "" = AutoRun O33 - MountPoints2\{a909c4d1-7a01-11e0-8203-001e101fb681}\Shell\AutoRun\command - "" = K:\setup_vmc_lite.exe /checkApplicationPresence O33 - MountPoints2\{d39f9e00-03dc-11e0-9d4f-001a80270f0d}\Shell - "" = AutoRun O33 - MountPoints2\{d39f9e00-03dc-11e0-9d4f-001a80270f0d}\Shell\AutoRun\command - "" = K:\setup_vmc_lite.exe /checkApplicationPresence O33 - MountPoints2\{effa4ad1-02bb-11e0-a8a9-001cbf5c17d1}\Shell - "" = AutoRun O33 - MountPoints2\{effa4ad1-02bb-11e0-a8a9-001cbf5c17d1}\Shell\AutoRun\command - "" = L:\setup_vmc_lite.exe /checkApplicationPresence O33 - MountPoints2\I\Shell\AutoRun\command - "" = I:\Autorun\Autorun.exe O33 - MountPoints2\K\Shell - "" = AutoRun O33 - MountPoints2\K\Shell\AutoRun\command - "" = K:\setup_vmc_lite.exe /checkApplicationPresence O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2013.03.22 22:18:07 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Markus Wester\Desktop\OTL.exe [2013.03.22 21:59:48 | 000,103,680 | ---- | C] (GMER) -- C:\uxliakog.sys [2013.03.22 02:12:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [2013.03.22 00:51:31 | 000,000,000 | ---D | C] -- C:\Windows\System32\Extensions [2013.03.22 00:51:30 | 000,000,000 | ---D | C] -- C:\Windows\System32\searchplugins [2013.03.13 23:27:50 | 000,000,000 | ---D | C] -- C:\Users\Markus Wester\AppData\Local\Swissphone_Telecom_AG [2013.03.12 21:56:50 | 016,486,616 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerInstaller.exe [2013.03.11 12:11:08 | 000,000,000 | ---D | C] -- C:\Users\Markus Wester\AppData\Local\Apps [2013.02.24 21:46:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2013.02.24 21:44:43 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2013.02.24 21:44:34 | 000,000,000 | ---D | C] -- C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1 [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.03.24 20:10:24 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.03.24 20:10:01 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2013.03.24 20:10:01 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2013.03.24 20:09:53 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.03.23 17:56:15 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.03.22 22:18:13 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Markus Wester\Desktop\OTL.exe [2013.03.22 21:59:48 | 000,103,680 | ---- | M] (GMER) -- C:\uxliakog.sys [2013.03.22 21:56:43 | 000,377,856 | ---- | M] () -- C:\Users\Markus Wester\Desktop\otir98yb.exe [2013.03.22 21:54:52 | 000,000,000 | ---- | M] () -- C:\Users\Markus Wester\defogger_reenable [2013.03.22 21:54:41 | 000,050,477 | ---- | M] () -- C:\Users\Markus Wester\Desktop\Defogger.exe [2013.03.22 21:50:05 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.03.22 02:12:04 | 000,001,853 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2013.03.12 22:56:59 | 000,693,976 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe [2013.03.12 22:56:59 | 000,073,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2013.03.12 22:56:41 | 016,486,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerInstaller.exe [2013.02.24 21:46:12 | 000,001,670 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.03.22 21:56:43 | 000,377,856 | ---- | C] () -- C:\Users\Markus Wester\Desktop\otir98yb.exe [2013.03.22 21:54:52 | 000,000,000 | ---- | C] () -- C:\Users\Markus Wester\defogger_reenable [2013.03.22 21:54:30 | 000,050,477 | ---- | C] () -- C:\Users\Markus Wester\Desktop\Defogger.exe [2013.02.24 21:46:12 | 000,001,670 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk [2013.02.19 20:24:01 | 000,009,190 | ---- | C] () -- C:\Windows\hpdj3500.ini [2011.08.02 10:48:43 | 000,004,096 | -H-- | C] () -- C:\Users\Markus Wester\AppData\Local\keyfile3.drm [2011.07.05 15:40:35 | 000,027,872 | ---- | C] () -- C:\Users\Markus Wester\AppData\Roaming\UserTile.png [2011.03.10 19:43:59 | 000,102,983 | ---- | C] () -- C:\Users\Markus Wester\rechnung Februar.pdf [2010.02.04 22:07:05 | 000,019,801 | ---- | C] () -- C:\Users\Markus Wester\Muster.elfo [2009.12.25 21:21:50 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2009.02.21 05:54:46 | 000,283,070 | ---- | C] () -- C:\Users\Markus Wester\AppData\Local\sskiyao_nav.dat [2009.02.21 05:54:46 | 000,003,242 | ---- | C] () -- C:\Users\Markus Wester\AppData\Local\sskiyao.dat [2009.02.21 05:54:46 | 000,001,139 | ---- | C] () -- C:\Users\Markus Wester\AppData\Local\sskiyao_navps.dat [2009.01.20 17:55:08 | 000,000,098 | ---- | C] () -- C:\Users\Markus Wester\AppData\Local\eqwigqw.bat [2008.07.09 00:04:18 | 000,001,024 | ---- | C] () -- C:\Users\Markus Wester\.rnd [2008.06.08 16:30:56 | 000,000,100 | ---- | C] () -- C:\Users\Markus Wester\AppData\Local\qlvqa.bat [2008.04.13 12:30:28 | 000,000,085 | -HS- | C] () -- C:\ProgramData\.zreglib [2008.03.23 14:39:17 | 000,000,305 | ---- | C] () -- C:\ProgramData\addr_file.html [2008.03.19 15:47:17 | 000,174,080 | ---- | C] () -- C:\Users\Markus Wester\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008.03.19 15:47:17 | 000,006,324 | ---- | C] () -- C:\Users\Markus Wester\AppData\Local\d3d9caps.dat ========== ZeroAccess Check ========== [2006.11.02 13:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 07:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 07:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== Files - Unicode (All) ========== [2008.04.04 13:03:52 | 000,000,000 | ---D | M](C:\Windows\System32\?æ?æ?æ?æ?æ?æ) -- C:\Windows\System32\ææææææ [2008.04.04 13:03:52 | 000,000,000 | ---D | C](C:\Windows\System32\?æ?æ?æ?æ?æ?æ) -- C:\Windows\System32\ææææææ ========== Alternate Data Streams ========== @Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:C980DA7D < End of report > |
|
24.03.2013, 21:01
| #6 | |
| /// TB-Ausbilder | GUV Trojaner Hi, dann so weiter: Schritt 1 Downloade dir bitte AdwCleaner und speichere es auf deinen Desktop.
Schritt 2 Warnung für Mitleser: Combofix sollte nur dann ausgeführt werden, wenn dies explizit von einem Teammitglied angewiesen wurde! Downloade dir bitte Combofix.
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten Zitat:
Schritt 3 Starte bitte die OTL.exe.
Bitte poste in deiner nächsten Antwort:
__________________ --> GUV Trojaner |
|
24.03.2013, 22:10
| #7 |
| | GUV Trojaner okay alles gemacht und der rechner läuft schon viel besser. hier die txt dateienAdwCleaner Logfile: Code:
ATTFilter # AdwCleaner v2.115 - Datei am 24/03/2013 um 21:06:52 erstellt
# Aktualisiert am 17/03/2013 von Xplode
# Betriebssystem : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# Benutzer : Markus Wester - MARKUS-LAPTOP
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Markus Wester\Desktop\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
Gestoppt & Gelöscht : BrowserProtect
***** [Dateien / Ordner] *****
Datei Gelöscht : C:\Program Files\Mozilla Firefox\.autoreg
Datei Gelöscht : C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml
Datei Gelöscht : C:\Users\Jasmina\Desktop\eBay.lnk
Datei Gelöscht : C:\Users\Markus Wester\AppData\Local\Google\Chrome\User Data\Default\bprotectorpreferences
Datei Gelöscht : C:\Users\Markus Wester\AppData\Local\sskiyao.dat
Datei Gelöscht : C:\Users\Markus Wester\AppData\Local\sskiyao_nav.dat
Datei Gelöscht : C:\Users\Markus Wester\AppData\Local\sskiyao_navps.dat
Datei Gelöscht : C:\Users\Markus Wester\AppData\Roaming\Mozilla\Firefox\Profiles\iftac3se.default\bprotector_prefs.js
Datei Gelöscht : C:\Users\Markus Wester\AppData\Roaming\Mozilla\Firefox\Profiles\iftac3se.default\searchplugins\delta.xml
Gelöscht mit Neustart : C:\ProgramData\BrowserProtect
Ordner Gelöscht : C:\Program Files\Delta
Ordner Gelöscht : C:\ProgramData\Babylon
Ordner Gelöscht : C:\Users\Jasmina\AppData\LocalLow\Delta
Ordner Gelöscht : C:\Users\Markus Wester\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgafcinpmmpklohkojmllohdhomoefph
Ordner Gelöscht : C:\Users\Markus Wester\AppData\LocalLow\boost_interprocess
Ordner Gelöscht : C:\Users\Markus Wester\AppData\Roaming\Babylon
Ordner Gelöscht : C:\Users\Markus Wester\AppData\Roaming\Delta
Ordner Gelöscht : C:\Users\Markus Wester\AppData\Roaming\dvdvideosoftiehelpers
Ordner Gelöscht : C:\Users\Markus Wester\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserProtect
Ordner Gelöscht : C:\Users\Markus Wester\AppData\Roaming\Mozilla\Firefox\Profiles\iftac3se.default\Conduit
Ordner Gelöscht : C:\Users\Markus Wester\AppData\Roaming\Mozilla\Firefox\Profiles\iftac3se.default\CT2269050
Ordner Gelöscht : C:\Users\Markus Wester\AppData\Roaming\Mozilla\Firefox\Profiles\iftac3se.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
Ordner Gelöscht : C:\Users\Markus Wester\AppData\Roaming\Mozilla\Firefox\Profiles\iftac3se.default\extensions\ffxtlbr@babylon.com
Ordner Gelöscht : C:\Users\Markus Wester\AppData\Roaming\Mozilla\Firefox\Profiles\iftac3se.default\extensions\ffxtlbr@delta.com
Ordner Gelöscht : C:\Users\Markus Wester\AppData\Roaming\OCS
***** [Registrierungsdatenbank] *****
Daten Gelöscht : HKLM\..\Windows [AppInit_DLLs] = c:\progra~2\browse~1\261095~1.52\{c16c1~1\browse~1.dll
Schlüssel Gelöscht : HKCU\Software\58edd8be234e548
Schlüssel Gelöscht : HKCU\Software\76405935086281163742407160462399
Schlüssel Gelöscht : HKCU\Software\DataMngr
Schlüssel Gelöscht : HKCU\Software\DataMngr_Toolbar
Schlüssel Gelöscht : HKCU\Software\Delta
Schlüssel Gelöscht : HKCU\Software\Headlight
Schlüssel Gelöscht : HKCU\Software\MediaHoldings
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{4F11ACBB-393F-4C86-A214-FF3D0D155CC3}
Schlüssel Gelöscht : HKCU\Software\Microsoft\SystemCertificates\TrustedPublisher\Certificates\62119EF862C6B3A0D853419B87EB3E2F6C78640A
Schlüssel Gelöscht : HKCU\Software\Microsoft\SystemCertificates\TrustedPublisher\Certificates\7EE743314C844C7F445B8B1D7617612DF1FDD50F
Schlüssel Gelöscht : HKCU\Software\Microsoft\SystemCertificates\TrustedPublisher\Certificates\E6A6A4A475FCE37F8B5AC2F1244DEB2BFCA5615A
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Delta
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{82E1477C-B154-48D3-9891-33D83C26BCD3}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}
Schlüssel Gelöscht : HKCU\Software\PlayMP3
Schlüssel Gelöscht : HKLM\SOFTWARE\58edd8be234e548
Schlüssel Gelöscht : HKLM\Software\Babylon
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{39CB8175-E224-4446-8746-00566302DF8D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{261DD098-8A3E-43D4-87AA-63324FA897D8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{4FCB4630-2A1C-4AA1-B422-345E8DC8A6DE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{82E1477C-B154-48D3-9891-33D83C26BCD3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{86838207-681D-469D-9511-D0DCC6F19F9B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E97A663B-81A6-49C5-A6D3-BCB05BA1DE26}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\delta.deltaappCore
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\delta.deltaappCore.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\delta.deltadskBnd
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\delta.deltadskBnd.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\delta.deltaHlpr
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\delta.deltaHlpr.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\escort.escortIEPane
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\esrv.deltaESrvc
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\esrv.deltaESrvc.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{39CB8175-E224-4446-8746-00566302DF8D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{4599D05A-D545-4069-BB42-5895B4EAE05B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Schlüssel Gelöscht : HKLM\Software\DataMngr
Schlüssel Gelöscht : HKLM\Software\Delta
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\pgafcinpmmpklohkojmllohdhomoefph
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{348C2DF3-1191-4C3E-92A6-B3A89A9D9C85}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Delta
Schlüssel Gelöscht : HKU\S-1-5-21-1433685974-1778743318-4094590983-1003\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Main [bprotector start page]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [bProtectorDefaultScope]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{4F11ACBB-393F-4C86-A214-FF3D0D155CC3}]
Wert Gelöscht : HKCU\Software\Mozilla\Firefox\extensions [{58BD07EB-0EE0-4DF0-8121-DC9B693373DF}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{82E1477C-B154-48D3-9891-33D83C26BCD3}]
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16464
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v3.6.13 (de)
Datei : C:\Users\Markus Wester\AppData\Roaming\Mozilla\Firefox\Profiles\iftac3se.default\prefs.js
C:\Users\Markus Wester\AppData\Roaming\Mozilla\Firefox\Profiles\iftac3se.default\user.js ... Gelöscht !
Gelöscht : user_pref("browser.newtab.url", "hxxp://www.delta-search.com/?affID=119293&babsrc=NT_ss&mntrId=383bf[...]
Gelöscht : user_pref("browser.search.selectedEngine", "Delta Search");
Gelöscht : user_pref("browser.startup.homepage", "hxxp://www.delta-search.com/?affID=119293&babsrc=HP_ss&mntrId[...]
Gelöscht : user_pref("CommunityToolbar.alert.alertInfoInterval", 60);
Gelöscht : user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Mon Sep 05 2011 00:30:53 GMT+0200");
Gelöscht : user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com");
Gelöscht : user_pref("CommunityToolbar.alert.firstTimeAlertShown", true);
Gelöscht : user_pref("CommunityToolbar.alert.locale", "en");
Gelöscht : user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);
Gelöscht : user_pref("CommunityToolbar.alert.loginLastCheckTime", "Mon Sep 05 2011 00:30:53 GMT+0200");
Gelöscht : user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1313487611");
Gelöscht : user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);
Gelöscht : user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");
Gelöscht : user_pref("CommunityToolbar.alert.showTrayIcon", false);
Gelöscht : user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);
Gelöscht : user_pref("CommunityToolbar.alert.userId", "{af36fad1-32dc-43f5-973c-fe940a9ddcb5}");
Gelöscht : user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Mon Sep 05 2011 00:30:55 GMT+0200");
Gelöscht : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "chrome://browser-region/locale/region.pr[...]
Gelöscht : user_pref("CommunityToolbar.ToolbarsList", "CT2269050");
Gelöscht : user_pref("CommunityToolbar.ToolbarsList2", "CT2269050");
Gelöscht : user_pref("CT2269050.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Gelöscht : user_pref("CT2269050.alertChannelId", "666138");
Gelöscht : user_pref("CT2269050.clientLogIsEnabled", false);
Gelöscht : user_pref("CT2269050.clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asm[...]
Gelöscht : user_pref("CT2269050.CTID", "CT2269050");
Gelöscht : user_pref("CT2269050.CurrentServerDate", "5-9-2011");
Gelöscht : user_pref("CT2269050.DialogsAlignMode", "LTR");
Gelöscht : user_pref("CT2269050.DownloadReferralCookieData", "");
Gelöscht : user_pref("CT2269050.EMailNotifierPollDate", "Mon Sep 05 2011 01:23:28 GMT+0200");
Gelöscht : user_pref("CT2269050.FirstServerDate", "25-8-2010");
Gelöscht : user_pref("CT2269050.FirstTime", true);
Gelöscht : user_pref("CT2269050.FirstTimeFF3", true);
Gelöscht : user_pref("CT2269050.FirstTimeSettingsDone", true);
Gelöscht : user_pref("CT2269050.FixPageNotFoundErrors", true);
Gelöscht : user_pref("CT2269050.GroupingServerCheckInterval", 1440);
Gelöscht : user_pref("CT2269050.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Gelöscht : user_pref("CT2269050.Initialize", true);
Gelöscht : user_pref("CT2269050.InitializeCommonPrefs", true);
Gelöscht : user_pref("CT2269050.InstallationAndCookieDataSentCount", 3);
Gelöscht : user_pref("CT2269050.InstallationType", "UnknownIntegration");
Gelöscht : user_pref("CT2269050.InstalledDate", "Wed Aug 25 2010 02:28:34 GMT+0200");
Gelöscht : user_pref("CT2269050.InvalidateCache", false);
Gelöscht : user_pref("CT2269050.IsGrouping", false);
Gelöscht : user_pref("CT2269050.IsMulticommunity", false);
Gelöscht : user_pref("CT2269050.IsOpenThankYouPage", false);
Gelöscht : user_pref("CT2269050.IsOpenUninstallPage", false);
Gelöscht : user_pref("CT2269050.LanguagePackLastCheckTime", "Mon Sep 05 2011 00:30:57 GMT+0200");
Gelöscht : user_pref("CT2269050.LanguagePackReloadIntervalMM", 1440);
Gelöscht : user_pref("CT2269050.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Gelöscht : user_pref("CT2269050.LastLogin_2.7.0.14", "Wed Aug 25 2010 02:28:35 GMT+0200");
Gelöscht : user_pref("CT2269050.LastLogin_2.7.2.0", "Mon Sep 05 2011 00:30:57 GMT+0200");
Gelöscht : user_pref("CT2269050.LatestVersion", "3.6.0.10");
Gelöscht : user_pref("CT2269050.Locale", "en");
Gelöscht : user_pref("CT2269050.LoginCache", 4);
Gelöscht : user_pref("CT2269050.MCDetectTooltipHeight", "83");
Gelöscht : user_pref("CT2269050.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Gelöscht : user_pref("CT2269050.MCDetectTooltipWidth", "295");
Gelöscht : user_pref("CT2269050.myStuffEnabled", true);
Gelöscht : user_pref("CT2269050.myStuffPublihserMinWidth", 400);
Gelöscht : user_pref("CT2269050.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Gelöscht : user_pref("CT2269050.myStuffServiceIntervalMM", 1440);
Gelöscht : user_pref("CT2269050.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Gelöscht : user_pref("CT2269050.RadioIsPodcast", false);
Gelöscht : user_pref("CT2269050.RadioLastCheckTime", "Mon Sep 05 2011 00:30:57 GMT+0200");
Gelöscht : user_pref("CT2269050.RadioLastUpdateIPServer", "3");
Gelöscht : user_pref("CT2269050.RadioLastUpdateServer", "129132338014870000");
Gelöscht : user_pref("CT2269050.RadioMediaID", "12473383");
Gelöscht : user_pref("CT2269050.RadioMediaType", "Media Player");
Gelöscht : user_pref("CT2269050.RadioMenuSelectedID", "EBRadioMenu_CT226905012473383");
Gelöscht : user_pref("CT2269050.RadioStationName", "Hotmix%20108");
Gelöscht : user_pref("CT2269050.RadioStationURL", "hxxp://67.202.67.18:8082");
Gelöscht : user_pref("CT2269050.SearchEngine", "Search||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TER[...]
Gelöscht : user_pref("CT2269050.SearchFromAddressBarIsInit", true);
Gelöscht : user_pref("CT2269050.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT226[...]
Gelöscht : user_pref("CT2269050.SearchInNewTabEnabled", true);
Gelöscht : user_pref("CT2269050.SearchInNewTabIntervalMM", 1440);
Gelöscht : user_pref("CT2269050.SearchInNewTabLastCheckTime", "Mon Sep 05 2011 00:30:53 GMT+0200");
Gelöscht : user_pref("CT2269050.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Gelöscht : user_pref("CT2269050.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageServic[...]
Gelöscht : user_pref("CT2269050.SettingsCheckIntervalMin", 120);
Gelöscht : user_pref("CT2269050.SettingsLastCheckTime", "Mon Sep 05 2011 00:30:53 GMT+0200");
Gelöscht : user_pref("CT2269050.SettingsLastUpdate", "1292878116");
Gelöscht : user_pref("CT2269050.ThirdPartyComponentsInterval", 504);
Gelöscht : user_pref("CT2269050.ThirdPartyComponentsLastCheck", "Mon Sep 05 2011 00:30:53 GMT+0200");
Gelöscht : user_pref("CT2269050.ThirdPartyComponentsLastUpdate", "1312887586");
Gelöscht : user_pref("CT2269050.TrusteLinkUrl", "hxxp://trust.conduit.com/EB_ORIGINAL_CTID");
Gelöscht : user_pref("CT2269050.uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Reg[...]
Gelöscht : user_pref("CT2269050.UserID", "UN78356720864087467");
Gelöscht : user_pref("CT2269050.ValidationData_Search", 0);
Gelöscht : user_pref("CT2269050.ValidationData_Toolbar", 2);
Gelöscht : user_pref("CT2269050.WeatherNetwork", "");
Gelöscht : user_pref("CT2269050.WeatherPollDate", "Mon Sep 05 2011 01:23:29 GMT+0200");
Gelöscht : user_pref("CT2269050.WeatherUnit", "C");
Gelöscht : user_pref("extensions.delta.admin", false);
Gelöscht : user_pref("extensions.delta.aflt", "babsst");
Gelöscht : user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
Gelöscht : user_pref("extensions.delta.autoRvrt", "false");
Gelöscht : user_pref("extensions.delta.dfltLng", "en");
Gelöscht : user_pref("extensions.delta.excTlbr", false);
Gelöscht : user_pref("extensions.delta.id", "383bf899000000000000001cbf5c17d1");
Gelöscht : user_pref("extensions.delta.instlDay", "15749");
Gelöscht : user_pref("extensions.delta.instlRef", "sst");
Gelöscht : user_pref("extensions.delta.newTab", false);
Gelöscht : user_pref("extensions.delta.prdct", "delta");
Gelöscht : user_pref("extensions.delta.prtnrId", "delta");
Gelöscht : user_pref("extensions.delta.rvrt", "false");
Gelöscht : user_pref("extensions.delta.smplGrp", "none");
Gelöscht : user_pref("extensions.delta.tlbrId", "base");
Gelöscht : user_pref("extensions.delta.tlbrSrchUrl", "");
Gelöscht : user_pref("extensions.delta.vrsn", "1.8.10.0");
Gelöscht : user_pref("extensions.delta.vrsni", "1.8.10.0");
Gelöscht : user_pref("extensions.delta.vrsnTs", "1.8.10.01:58:37");
-\\ Google Chrome v [Version kann nicht ermittelt werden]
Datei : C:\Users\Markus Wester\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] Die Datei ist sauber.
*************************
AdwCleaner[S1].txt - [17488 octets] - [24/03/2013 21:06:52]
########## EOF - C:\AdwCleaner[S1].txt - [17549 octets] ##########
Combofix Logfile: Code:
ATTFilter ComboFix 13-03-24.03 - Markus Wester 24.03.2013 21:30:29.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.2038.826 [GMT 1:00]
ausgeführt von:: c:\users\Markus Wester\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Antivirus 2009
c:\program files\FBrowsingAdvisor
c:\program files\FBrowsingAdvisor\IXPCOMEvents.xpt
c:\program files\FBrowsingAdvisor\Logo.png
c:\program files\FBrowsingAdvisor\main.db
c:\program files\FBrowsingAdvisor\unins000.dat
c:\program files\FBrowsingAdvisor\unins000.exe
c:\program files\Windows Service
c:\program files\Windows Service\WCDMAISOUpdate\function.cfg
c:\program files\Windows Service\WCDMAISOUpdate\ResetUSB.dll
c:\program files\Windows Service\WCDMAISOUpdate\ZTEDrvSetup.EXE
c:\program files\Windows Service\WCDMAISOUpdate\ZTEMODEM.ISO
c:\programdata\Microsoft\Windows\Start Menu\Programs\Spyware-Secure
c:\programdata\Microsoft\Windows\Start Menu\Programs\Spyware-Secure\Spyware-Secure trial.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\Spyware-Secure\Website.lnk
c:\windows\IsUn0407.exe
c:\windows\security\Database\tmp.edb
L:\autorun.inf
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-02-24 bis 2013-03-24 ))))))))))))))))))))))))))))))
.
.
2013-03-24 20:07 . 2013-03-24 20:07 97 ----a-w- c:\windows\DeleteOnReboot.bat
2013-03-23 17:14 . 2013-03-15 07:21 7108640 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{351324C3-8473-4C07-B59F-3D71806FA8D1}\mpengine.dll
2013-03-22 20:59 . 2013-03-22 20:59 103680 ----a-w- C:\uxliakog.sys
2013-03-21 23:59 . 2013-03-21 23:59 -------- d-----w- c:\users\Jasmina\AppData\Roaming\Avira
2013-03-21 23:51 . 2013-03-21 23:51 -------- d-----w- c:\windows\system32\Extensions
2013-03-21 23:51 . 2013-03-21 23:51 -------- d-----w- c:\windows\system32\searchplugins
2013-03-13 22:27 . 2013-03-13 22:27 -------- d-----w- c:\users\Markus Wester\AppData\Local\Swissphone_Telecom_AG
2013-03-12 20:56 . 2013-03-12 21:56 16486616 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
2013-03-11 11:11 . 2013-03-11 11:11 -------- d-----w- c:\users\Markus Wester\AppData\Local\Apps
2013-02-24 20:44 . 2013-02-24 20:44 -------- d-----w- c:\program files\iPod
2013-02-24 20:44 . 2013-02-24 20:46 -------- d-----w- c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-03-12 21:56 . 2012-04-16 20:45 693976 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-03-12 21:56 . 2011-05-30 09:40 73432 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-02-13 00:14 . 2013-02-13 00:14 253952 ------w- c:\windows\Setup1.exe
2013-02-13 00:14 . 2013-02-13 00:14 74752 ----a-w- c:\windows\ST6UNST.EXE
2013-01-17 00:28 . 2009-10-03 07:33 232336 ------w- c:\windows\system32\MpSigStub.exe
2013-01-08 22:11 . 2013-02-13 21:39 1800704 ----a-w- c:\windows\system32\jscript9.dll
2013-01-08 22:03 . 2013-02-13 21:39 1129472 ----a-w- c:\windows\system32\wininet.dll
2013-01-08 22:03 . 2013-02-13 21:39 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2013-01-08 21:59 . 2013-02-13 21:39 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2013-01-08 21:58 . 2013-02-13 21:39 420864 ----a-w- c:\windows\system32\vbscript.dll
2013-01-08 21:56 . 2013-02-13 21:39 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2013-01-05 05:26 . 2013-02-13 21:24 3550072 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-01-05 05:26 . 2013-02-13 21:24 3602808 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-01-04 11:28 . 2013-02-13 21:26 905576 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-01-04 01:38 . 2013-02-13 21:26 2048512 ----a-w- c:\windows\system32\win32k.sys
2012-12-27 22:05 . 2012-12-27 22:07 8192 ----a-w- c:\windows\system32\E_DCINST.DLL
2012-12-27 22:05 . 2012-12-27 22:07 81408 ----a-w- c:\windows\system32\E_FD4BHLE.DLL
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NSUFloatingUI"="c:\program files\Sony\Network Utility\LANUtil.exe" [2008-11-05 262144]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2007-06-10 118784]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-09-20 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-09-20 154136]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-09-20 137752]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-08-10 348664]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-01-28 59720]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-10-25 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2013-02-20 152392]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-4-29 65588]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-3-25 214360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2007-08-14 19:05 98304 ----a-w- c:\windows\System32\VESWinlogon.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1433685974-1778743318-4094590983-1003]
"EnableNotificationsRef"=dword:00000001
.
S2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;c:\program files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Inhalt des "geplante Tasks" Ordners
.
2013-03-24 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-16 21:57]
.
2013-03-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-02 17:58]
.
2013-03-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-02 17:58]
.
2010-12-15 c:\windows\Tasks\User_Feed_Synchronization-{CA67C86C-6A24-486F-A3DA-C3B0FAFA1DEC}.job
- c:\windows\system32\msfeedssync.exe [2011-05-01 17:58]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Free YouTube Download - c:\users\Markus Wester\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm
IE: Free YouTube to Mp3 Converter - c:\users\Markus Wester\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Save YouTube Video - c:\program files\Common Files\DVDVideoSoft\Dll\IEContextMenuY.dll/scriptY2MP4.htm
IE: {{71BFC818-0CED-42D6-9C87-5142918957EE} - c:\program files\ICQ7.1\ICQ.exe
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Markus Wester\AppData\Roaming\Mozilla\Firefox\Profiles\iftac3se.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Free YouTube Download (Free Studio) Menu: {ACAA314B-EEBA-48e4-AD47-84E31C44796C} - %profile%\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
SafeBoot-WudfPf
SafeBoot-WudfRd
AddRemove-FBrowsingAdvisor_is1 - c:\program files\FBrowsingAdvisor\unins000.exe
AddRemove-grandMA onPC 6.614 - i:\programme\grandMA\grandMA onPC 6.614\uninst.exe
AddRemove-Stardraw Professional - c:\windows\IsUn0407.exe
AddRemove-Uninstall_is1 - c:\program files\Common Files\DVDVideoSoft\unins000.exe
AddRemove-{7B63B2922B174135AFC0E1377DD81EC2} - c:\program files\DivX\DivXCodecUninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2013-03-24 21:42
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0009\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Zeit der Fertigstellung: 2013-03-24 21:52:14
ComboFix-quarantined-files.txt 2013-03-24 20:52
.
Vor Suchlauf: 14 Verzeichnis(se), 49.276.792.832 Bytes frei
Nach Suchlauf: 19 Verzeichnis(se), 49.444.995.072 Bytes frei
.
- - End Of File - - 1B07227AB50A1D2D9011A800B5CCBCBAOTL Logfile:
Code:
ATTFilter OTL logfile created on: 24.03.2013 21:52:57 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Markus Wester\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1,99 Gb Total Physical Memory | 0,67 Gb Available Physical Memory | 33,72% Memory free 4,22 Gb Paging File | 2,88 Gb Available in Paging File | 68,34% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 139,87 Gb Total Space | 46,11 Gb Free Space | 32,97% Space Free | Partition Type: NTFS Drive L: | 465,76 Gb Total Space | 397,20 Gb Free Space | 85,28% Space Free | Partition Type: NTFS Computer Name: MARKUS-LAPTOP | User Name: Markus Wester | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.03.22 22:18:13 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Markus Wester\Desktop\OTL.exe PRC - [2012.10.26 10:33:12 | 001,038,496 | ---- | M] (Sony Corporation) -- C:\Programme\Sony\VAIO Update\VAIOUpdt.exe PRC - [2012.10.26 09:44:42 | 000,957,056 | ---- | M] (Sony Corporation) -- C:\Programme\Sony\VAIO Update\VUAgent.exe PRC - [2012.08.10 11:46:17 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.05.13 15:11:22 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2012.05.13 15:11:17 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe PRC - [2012.05.13 15:11:16 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2011.03.28 19:31:16 | 000,193,920 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE PRC - [2011.03.28 19:31:14 | 001,713,536 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE PRC - [2010.12.10 18:30:50 | 000,086,880 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe PRC - [2010.12.10 18:29:30 | 000,238,944 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe PRC - [2009.10.09 04:45:56 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe PRC - [2009.09.16 13:27:12 | 000,480,624 | ---- | M] (Sony Corporation) -- C:\Programme\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe PRC - [2009.05.19 10:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe PRC - [2009.04.11 07:28:03 | 001,233,920 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe PRC - [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009.03.05 18:59:50 | 000,313,264 | ---- | M] (Sony Corporation) -- C:\Programme\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe PRC - [2009.03.05 18:59:50 | 000,192,512 | ---- | M] (Sony Corporation) -- C:\Programme\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe PRC - [2009.03.05 18:41:58 | 005,189,992 | ---- | M] (Sony Corporation) -- C:\Programme\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe PRC - [2008.11.05 08:32:40 | 000,262,144 | ---- | M] (Sony Corporation) -- C:\Programme\Sony\Network Utility\LANUtil.exe PRC - [2008.11.03 16:01:44 | 000,299,008 | ---- | M] (Sony Corporation) -- C:\Programme\Sony\Network Utility\NSUService.exe PRC - [2008.01.19 08:38:38 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Defender\MSASCui.exe PRC - [2008.01.16 09:51:44 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe PRC - [2007.10.31 13:13:44 | 000,921,600 | ---- | M] (Sony Corporation) -- C:\Programme\Sony\VAIO Power Management\SPMgr.exe PRC - [2007.08.14 20:05:18 | 000,182,392 | ---- | M] (Sony Corporation) -- C:\Programme\Sony\VAIO Event Service\VESMgr.exe PRC - [2007.08.14 20:05:18 | 000,100,472 | ---- | M] (Sony Corporation) -- C:\Programme\Sony\VAIO Event Service\VESMgrSub.exe PRC - [2007.06.10 01:12:18 | 000,118,784 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Programme\Apoint\Apoint.exe PRC - [2007.06.10 01:12:16 | 000,050,736 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Programme\Apoint\ApMsgFwd.exe PRC - [2007.01.04 19:48:52 | 000,112,152 | R--- | M] (InterVideo) -- C:\Programme\Common Files\InterVideo\RegMgr\iviRegMgr.exe PRC - [2006.12.19 18:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Programme\Common Files\EPSON\EBAPI\eEBSvc.exe PRC - [2006.10.26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE PRC - [2003.06.19 22:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\VS7DEBUG\MDM.EXE PRC - [2000.06.29 09:45:10 | 000,052,224 | ---- | M] (Kenonic Controls Ltd.) -- C:\Windows\System32\Crypserv.exe ========== Modules (No Company Name) ========== MOD - [2011.06.24 21:56:36 | 000,087,328 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2011.06.24 21:56:14 | 001,241,888 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2007.09.20 01:04:28 | 000,249,856 | ---- | M] () -- C:\Windows\System32\igfxTMM.dll ========== Services (SafeList) ========== SRV - File not found [On_Demand | Stopped] -- C:\Users\MARKUS~1\AppData\Local\Temp\SUWARVUQPPSQ.exe -- (SUWARVUQPPSQ) SRV - File not found [Disabled | Stopped] -- C:\Windows\system32\IoctlSvc.exe -- (PLFlash DeviceIoControl Service) SRV - File not found [On_Demand | Stopped] -- C:\Users\MARKUS~1\AppData\Local\Temp\NFQRDNI.exe -- (NFQRDNI) SRV - File not found [On_Demand | Stopped] -- C:\Users\MARKUS~1\AppData\Local\Temp\KEDVYIK.exe -- (KEDVYIK) SRV - File not found [Auto | Stopped] -- C:\Users\MARKUS~1\AppData\Local\Temp\hpdj.exe -- (hpdj) SRV - File not found [Disabled | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon -- (CLTNetCnService) SRV - File not found [On_Demand | Stopped] -- C:\Users\MARKUS~1\AppData\Local\Temp\BBDIRSECKXY.exe -- (BBDIRSECKXY) SRV - [2013.03.12 22:57:00 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013.01.08 12:53:48 | 000,161,536 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.10.26 09:44:42 | 000,957,056 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Programme\Sony\VAIO Update\VUAgent.exe -- (VUAgent) SRV - [2012.05.13 15:11:22 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.05.13 15:11:16 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011.03.28 19:31:14 | 001,713,536 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2010.12.10 18:30:50 | 000,086,880 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter) SRV - [2010.12.10 18:29:30 | 029,293,408 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$MSSMLBIZ) SRV - [2010.12.10 18:29:30 | 000,238,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser) SRV - [2010.12.10 18:29:30 | 000,044,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper) SRV - [2010.10.27 07:54:05 | 000,867,080 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2009.10.09 04:45:56 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor8.0) SRV - [2009.09.16 13:27:12 | 000,480,624 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Programme\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe -- (VcmIAlzMgr) SRV - [2009.09.08 18:09:14 | 000,083,312 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe -- (VcmXmlIfHelper) SRV - [2009.05.19 10:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort) SRV - [2009.03.05 18:59:50 | 000,313,264 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Programme\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe -- (Vcsw) SRV - [2009.03.05 18:59:50 | 000,192,512 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Programme\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe -- (VzCdbSvc) SRV - [2009.03.05 18:59:50 | 000,069,632 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe -- (VAIO Entertainment TV Device Arbitration Service) SRV - [2009.03.05 18:41:58 | 005,189,992 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Programme\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe -- (VCFw) SRV - [2008.11.03 16:01:44 | 000,299,008 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Programme\Sony\Network Utility\NSUService.exe -- (NSUService) SRV - [2008.01.19 08:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2008.01.19 08:33:39 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) SRV - [2008.01.16 09:51:44 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc) SRV - [2007.08.14 20:05:18 | 000,182,392 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Programme\Sony\VAIO Event Service\VESMgr.exe -- (VAIO Event Service) SRV - [2007.06.20 15:35:06 | 002,523,136 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Sony\VAIO Media Integrated Server\VMISrv.exe -- (VAIOMediaPlatform-IntegratedServer-AppServer) SRV - [2007.06.20 15:34:52 | 000,499,712 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe -- (VAIOMediaPlatform-Mobile-Gateway) SRV - [2007.06.20 15:34:50 | 001,089,536 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe -- (VAIOMediaPlatform-UCLS-UPnP) SRV - [2007.06.20 15:34:50 | 001,089,536 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe -- (VAIOMediaPlatform-IntegratedServer-UPnP) SRV - [2007.06.20 15:34:50 | 000,397,312 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe -- (VAIOMediaPlatform-UCLS-HTTP) SRV - [2007.06.20 15:34:50 | 000,397,312 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe -- (VAIOMediaPlatform-IntegratedServer-HTTP) SRV - [2007.01.10 16:51:06 | 000,745,472 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Sony\VAIO Media Integrated Server\UCLS.exe -- (VAIOMediaPlatform-UCLS-AppServer) SRV - [2007.01.04 19:48:52 | 000,112,152 | R--- | M] (InterVideo) [Auto | Running] -- C:\Programme\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr) SRV - [2006.12.19 18:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Programme\Common Files\EPSON\EBAPI\eEBSvc.exe -- (EpsonBidirectionalService) SRV - [2006.12.14 02:21:20 | 000,045,056 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV) SRV - [2006.12.14 02:02:08 | 000,069,632 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV) SRV - [2006.12.14 01:46:16 | 000,057,344 | ---- | M] () [On_Demand | Stopped] -- C:\Programme\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR) SRV - [2006.10.26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose) SRV - [2003.06.19 22:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Common Files\microsoft shared\VS7DEBUG\MDM.EXE -- (MDM) SRV - [2000.06.29 09:45:10 | 000,052,224 | ---- | M] (Kenonic Controls Ltd.) [Auto | Running] -- C:\Windows\System32\Crypserv.exe -- (Crypkey License) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | Disabled | Stopped] -- system32\DRIVERS\UIUSYS.SYS -- (UIUSys) DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\PCASp50.sys -- (PCASp50) DRV - File not found [Kernel | Disabled | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | Disabled | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | Disabled | Stopped] -- system32\DRIVERS\mdmxsdk.sys -- (mdmxsdk) DRV - File not found [Kernel | On_Demand | Unknown] -- C:\ComboFix\mbr.sys -- (mbr) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp) DRV - File not found [Kernel | Disabled | Stopped] -- system32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) DRV - File not found [Kernel | Disabled | Stopped] -- system32\DRIVERS\HSXHWAZL.sys -- (HSXHWAZL) DRV - File not found [Kernel | On_Demand | Unknown] -- C:\Users\MARKUS~1\AppData\Local\Temp\catchme.sys -- (catchme) DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive) DRV - [2012.05.13 15:11:23 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2012.05.13 15:11:23 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2011.10.11 15:00:01 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr) DRV - [2011.05.10 07:06:14 | 000,018,432 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netaapl.sys -- (Netaapl) DRV - [2010.06.17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2010.03.25 18:09:38 | 000,113,664 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbnet.sys -- (ewusbnet) DRV - [2010.03.25 18:09:38 | 000,103,168 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard) DRV - [2010.03.25 18:09:38 | 000,101,120 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbfake.sys -- (hwusbfake) DRV - [2009.04.27 14:15:04 | 000,009,216 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\massfilter.sys -- (massfilter) DRV - [2009.03.25 16:48:00 | 000,114,728 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018mdm.sys -- (s1018mdm) DRV - [2009.03.25 16:48:00 | 000,109,864 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018unic.sys -- (s1018unic) DRV - [2009.03.25 16:48:00 | 000,106,208 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018mgmt.sys -- (s1018mgmt) DRV - [2009.03.25 16:48:00 | 000,104,744 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018obex.sys -- (s1018obex) DRV - [2009.03.25 16:48:00 | 000,086,824 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018bus.sys -- (s1018bus) DRV - [2009.03.25 16:48:00 | 000,026,024 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018nd5.sys -- (s1018nd5) DRV - [2009.03.25 16:48:00 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018mdfl.sys -- (s1018mdfl) DRV - [2008.06.18 16:49:16 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BVRPMPR5.SYS -- (BVRPMPR5) DRV - [2008.05.16 10:33:14 | 000,115,752 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016unic.sys -- (s0016unic) DRV - [2008.05.16 10:33:14 | 000,025,512 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016nd5.sys -- (s0016nd5) DRV - [2008.05.16 10:33:14 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016mdfl.sys -- (s0016mdfl) DRV - [2008.05.16 10:33:12 | 000,120,744 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016mdm.sys -- (s0016mdm) DRV - [2008.05.16 10:33:12 | 000,114,216 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016mgmt.sys -- (s0016mgmt) DRV - [2008.05.16 10:33:12 | 000,110,632 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016obex.sys -- (s0016obex) DRV - [2008.05.16 10:33:12 | 000,089,256 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016bus.sys -- (s0016bus) DRV - [2007.10.25 01:04:01 | 000,776,704 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\athr.sys -- (athr) DRV - [2007.09.19 13:38:18 | 000,010,216 | ---- | M] (Sony Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\DMICall.sys -- (DMICall) DRV - [2007.09.19 04:29:09 | 002,222,080 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) DRV - [2007.08.29 02:58:45 | 000,009,344 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SFEP.sys -- (SFEP) DRV - [2007.06.10 01:12:18 | 000,140,800 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService) DRV - [2007.06.06 01:00:39 | 000,812,544 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ti21sony.sys -- (ti21sony) DRV - [2007.04.17 20:09:28 | 000,011,032 | ---- | M] (InterVideo) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\regi.sys -- (regi) DRV - [2007.02.13 19:06:36 | 000,128,104 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\WimFltr.sys -- (WimFltr) DRV - [2006.11.02 08:30:54 | 001,781,760 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) DRV - [2004.04.26 22:31:04 | 000,474,304 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvcd.sys -- (QCDonner) DRV - [2000.02.03 20:53:12 | 000,024,608 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\Ckldrv.sys -- (NetworkX) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{B6BC3804-A54A-4D3C-94D2-A09AB9D1AD6F}: "URL" = hxxp://www.google.de/search?hl=de&q={searchTerms}&meta= IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\@1\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Upgrade to Google Chrome IE - HKU\@1\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Google IE - HKU\@1\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://partnerpage.google.com/eu.s [Binary data over 200 bytes] IE - HKU\@1\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Sony: Community: Welcome to the Sony Community for Computing IE - HKU\@1\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKU\@1\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7SNYK IE - HKU\@1\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\@2\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = Sony: Community: Welcome to the Sony Community for Computing IE - HKU\@2\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://partnerpage.google.com/eu.s [Binary data over 200 bytes] IE - HKU\@2\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Upgrade to Google Chrome IE - HKU\@2\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Google IE - HKU\@2\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google IE - HKU\@2\..\SearchScopes,bProtectorDefaultScope = {B6BC3804-A54A-4D3C-94D2-A09AB9D1AD6F} IE - HKU\@2\..\SearchScopes,DefaultScope = {B6BC3804-A54A-4D3C-94D2-A09AB9D1AD6F} IE - HKU\@2\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7SNYK IE - HKU\@2\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1433685974-1778743318-4094590983-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = C:\Users\Markus Wester\Desktop IE - HKU\S-1-5-21-1433685974-1778743318-4094590983-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google IE - HKU\S-1-5-21-1433685974-1778743318-4094590983-1003\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKU\S-1-5-21-1433685974-1778743318-4094590983-1003\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-1433685974-1778743318-4094590983-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\S-1-5-21-1433685974-1778743318-4094590983-1003\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\S-1-5-21-1433685974-1778743318-4094590983-1003\..\SearchScopes\{6C15FAAF-7DB7-4EE8-B17F-63CF5C42A625}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-1433685974-1778743318-4094590983-1003\..\SearchScopes\{B6BC3804-A54A-4D3C-94D2-A09AB9D1AD6F}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGLL_de IE - HKU\S-1-5-21-1433685974-1778743318-4094590983-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1433685974-1778743318-4094590983-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:2.7.2.0 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: ff-bmboc@bytemobile.com:4.2.2 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..network.proxy.no_proxies_on: "*.local" FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011.12.16 15:33:03 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.12.20 12:14:55 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.12.20 12:14:55 | 000,000,000 | ---D | M] [2009.11.18 00:57:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Markus Wester\AppData\Roaming\mozilla\Extensions [2013.03.24 21:07:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Markus Wester\AppData\Roaming\mozilla\Firefox\Profiles\iftac3se.default\extensions [2010.05.28 22:13:33 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Markus Wester\AppData\Roaming\mozilla\Firefox\Profiles\iftac3se.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2012.12.20 14:40:41 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Markus Wester\AppData\Roaming\mozilla\Firefox\Profiles\iftac3se.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2012.04.16 22:42:18 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2010.05.13 20:51:25 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010.08.13 00:32:50 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2010.10.13 16:12:24 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2011.01.13 01:35:13 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [2011.04.13 00:22:59 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [2012.04.16 22:42:18 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} [2012.04.16 22:41:39 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2010.10.19 14:40:39 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2010.10.19 14:40:39 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2010.10.19 14:40:39 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2010.10.19 14:40:39 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2010.10.19 14:40:39 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - default_search_provider: () CHR - default_search_provider: search_url = CHR - default_search_provider: suggest_url = CHR - homepage: Google O1 HOSTS File: ([2013.03.24 21:41:56 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programme\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2 - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Programme\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.) O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Programme\Google BAE\BAE.dll (Your Company Name) O3 - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Programme\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.) O3 - HKU\S-1-5-21-1433685974-1778743318-4094590983-1003\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found. O3 - HKU\S-1-5-21-1433685974-1778743318-4094590983-1003\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found. O3 - HKU\S-1-5-21-1433685974-1778743318-4094590983-1003\..\Toolbar\WebBrowser: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No CLSID value found. O4 - HKLM..\Run: [Apoint] C:\Programme\Apoint\Apoint.exe (Alps Electric Co., Ltd.) O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKU\@1..\Run: [NSUFloatingUI] C:\Program Files\Sony\Network Utility\LANUtil.exe (Sony Corporation) O4 - HKU\@1..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe File not found O4 - HKU\@1..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\@2..\Run: [NSUFloatingUI] C:\Program Files\Sony\Network Utility\LANUtil.exe (Sony Corporation) O4 - HKU\@2..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe File not found O4 - HKU\S-1-5-21-1433685974-1778743318-4094590983-1003..\Run: [NSUFloatingUI] C:\Program Files\Sony\Network Utility\LANUtil.exe (Sony Corporation) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\@1\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\@1\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\@2\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\@2\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-1433685974-1778743318-4094590983-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-1433685974-1778743318-4094590983-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-1433685974-1778743318-4094590983-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.) O8 - Extra context menu item: Free YouTube Download - C:\Users\Markus Wester\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm File not found O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Markus Wester\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html File not found O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Save YouTube Video - res://C:\Program Files\Common Files\DVDVideoSoft\Dll\IEContextMenuY.dll/scriptY2MP4.htm File not found O9 - Extra Button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O15 - HKU\@1\..Trusted Ranges: GD ([http] in Local intranet) O15 - HKU\@2\..Trusted Ranges: GD ([http] in Local intranet) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{14A7AC6E-184D-420A-8521-26E50DFAB121}: DhcpNameServer = 192.168.34.254 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4165FF16-3A47-48F7-86CD-6157C9869565}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{61D1D401-7AA3-436F-9B49-DB8CA17F8349}: DhcpNameServer = 10.111.81.129 10.129.32.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{99C3A7CB-3A38-4D63-8F7A-E6F11D6A7F10}: DhcpNameServer = 10.74.210.210 10.74.210.211 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C80BAF53-83DE-444E-84E2-497792622D88}: DhcpNameServer = 139.7.30.125 139.7.30.126 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D60701BC-F42B-4E2C-A980-50CFE908DF80}: DhcpNameServer = 139.7.30.125 139.7.30.126 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EB84E87D-78F5-49D9-9F10-F1E56A98C93F}: DhcpNameServer = 139.7.30.125 139.7.30.126 O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.dll File not found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.dll File not found O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Programme\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\VESWinlogon: DllName - (VESWinlogon.dll) - C:\Windows\System32\VESWinlogon.dll (Sony Corporation) O24 - Desktop WallPaper: C:\Users\Markus Wester\Pictures\Iphone\Jasmina\IMG_2488.jpg O24 - Desktop BackupWallPaper: C:\Users\Markus Wester\Pictures\Iphone\Jasmina\IMG_2488.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2013.03.24 21:52:22 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2013.03.24 21:52:17 | 000,000,000 | ---D | C] -- C:\Windows\temp [2013.03.24 21:52:17 | 000,000,000 | ---D | C] -- C:\Users\Markus Wester\AppData\Local\temp [2013.03.24 21:26:23 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2013.03.24 21:26:23 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2013.03.24 21:26:23 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2013.03.24 21:25:41 | 000,000,000 | ---D | C] -- C:\Qoobox [2013.03.24 21:24:53 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2013.03.24 21:16:41 | 005,044,071 | R--- | C] (Swearware) -- C:\Users\Markus Wester\Desktop\ComboFix.exe [2013.03.24 20:53:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth [2013.03.22 22:18:07 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Markus Wester\Desktop\OTL.exe [2013.03.22 21:59:48 | 000,103,680 | ---- | C] (GMER) -- C:\uxliakog.sys [2013.03.22 02:12:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [2013.03.22 00:51:31 | 000,000,000 | ---D | C] -- C:\Windows\System32\Extensions [2013.03.22 00:51:30 | 000,000,000 | ---D | C] -- C:\Windows\System32\searchplugins [2013.03.13 23:27:50 | 000,000,000 | ---D | C] -- C:\Users\Markus Wester\AppData\Local\Swissphone_Telecom_AG [2013.03.11 12:11:08 | 000,000,000 | ---D | C] -- C:\Users\Markus Wester\AppData\Local\Apps [2013.02.24 21:46:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2013.02.24 21:44:43 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2013.02.24 21:44:34 | 000,000,000 | ---D | C] -- C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1 [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.03.24 21:56:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.03.24 21:50:01 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.03.24 21:41:56 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts [2013.03.24 21:16:41 | 005,044,071 | R--- | M] (Swearware) -- C:\Users\Markus Wester\Desktop\ComboFix.exe [2013.03.24 21:10:12 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.03.24 21:09:44 | 000,003,568 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2013.03.24 21:09:44 | 000,003,568 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2013.03.24 21:09:37 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.03.24 21:07:17 | 000,000,097 | ---- | M] () -- C:\Windows\DeleteOnReboot.bat [2013.03.24 21:05:46 | 000,609,993 | ---- | M] () -- C:\Users\Markus Wester\Desktop\adwcleaner.exe [2013.03.22 22:18:13 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Markus Wester\Desktop\OTL.exe [2013.03.22 21:59:48 | 000,103,680 | ---- | M] (GMER) -- C:\uxliakog.sys [2013.03.22 21:54:52 | 000,000,000 | ---- | M] () -- C:\Users\Markus Wester\defogger_reenable [2013.03.22 02:12:04 | 000,001,853 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2013.02.24 21:46:12 | 000,001,670 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.03.24 21:26:23 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2013.03.24 21:26:23 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2013.03.24 21:26:23 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2013.03.24 21:26:23 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2013.03.24 21:26:23 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2013.03.24 21:07:04 | 000,000,097 | ---- | C] () -- C:\Windows\DeleteOnReboot.bat [2013.03.24 21:05:45 | 000,609,993 | ---- | C] () -- C:\Users\Markus Wester\Desktop\adwcleaner.exe [2013.03.22 21:54:52 | 000,000,000 | ---- | C] () -- C:\Users\Markus Wester\defogger_reenable [2013.02.24 21:46:12 | 000,001,670 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk [2013.02.19 20:24:01 | 000,009,190 | ---- | C] () -- C:\Windows\hpdj3500.ini [2011.08.02 10:48:43 | 000,004,096 | ---- | C] () -- C:\Users\Markus Wester\AppData\Local\keyfile3.drm [2011.07.05 15:40:35 | 000,027,872 | ---- | C] () -- C:\Users\Markus Wester\AppData\Roaming\UserTile.png [2011.03.10 19:43:59 | 000,102,983 | ---- | C] () -- C:\Users\Markus Wester\rechnung Februar.pdf [2010.02.04 22:07:05 | 000,019,801 | ---- | C] () -- C:\Users\Markus Wester\Muster.elfo [2009.12.25 21:21:50 | 000,000,056 | ---- | C] () -- C:\ProgramData\ezsidmv.dat [2009.01.20 17:55:08 | 000,000,098 | ---- | C] () -- C:\Users\Markus Wester\AppData\Local\eqwigqw.bat [2008.07.09 00:04:18 | 000,001,024 | ---- | C] () -- C:\Users\Markus Wester\.rnd [2008.06.08 16:30:56 | 000,000,100 | ---- | C] () -- C:\Users\Markus Wester\AppData\Local\qlvqa.bat [2008.04.13 12:30:28 | 000,000,085 | -HS- | C] () -- C:\ProgramData\.zreglib [2008.03.23 14:39:17 | 000,000,305 | ---- | C] () -- C:\ProgramData\addr_file.html [2008.03.19 15:47:17 | 000,174,080 | ---- | C] () -- C:\Users\Markus Wester\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008.03.19 15:47:17 | 000,006,324 | ---- | C] () -- C:\Users\Markus Wester\AppData\Local\d3d9caps.dat ========== ZeroAccess Check ========== [2006.11.02 13:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 07:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 07:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2011.10.31 12:49:37 | 000,000,000 | ---D | M] -- C:\Users\Jasmina\AppData\Roaming\Vodafone [2011.11.26 10:42:21 | 000,000,000 | ---D | M] -- C:\Users\Markus Wester\AppData\Roaming\Avolites [2008.09.01 23:42:18 | 000,000,000 | ---D | M] -- C:\Users\Markus Wester\AppData\Roaming\Azureus [2010.12.11 12:16:17 | 000,000,000 | ---D | M] -- C:\Users\Markus Wester\AppData\Roaming\Bytemobile [2008.03.26 17:32:48 | 000,000,000 | ---D | M] -- C:\Users\Markus Wester\AppData\Roaming\CDBurnerXP_Soft [2008.04.01 19:04:53 | 000,000,000 | ---D | M] -- C:\Users\Markus Wester\AppData\Roaming\DeepBurner [2012.12.20 14:40:06 | 000,000,000 | ---D | M] -- C:\Users\Markus Wester\AppData\Roaming\DVDVideoSoft [2011.12.14 11:57:24 | 000,000,000 | ---D | M] -- C:\Users\Markus Wester\AppData\Roaming\elsterformular [2012.02.09 23:34:03 | 000,000,000 | ---D | M] -- C:\Users\Markus Wester\AppData\Roaming\Epson [2009.09.05 18:33:55 | 000,000,000 | ---D | M] -- C:\Users\Markus Wester\AppData\Roaming\GetRightToGo [2013.02.13 01:58:16 | 000,000,000 | ---D | M] -- C:\Users\Markus Wester\AppData\Roaming\GoforFiles [2012.10.04 22:55:05 | 000,000,000 | ---D | M] -- C:\Users\Markus Wester\AppData\Roaming\ICQ [2011.09.27 12:16:54 | 000,000,000 | ---D | M] -- C:\Users\Markus Wester\AppData\Roaming\Image Zone Express [2008.03.19 19:28:59 | 000,000,000 | ---D | M] -- C:\Users\Markus Wester\AppData\Roaming\InterVideo [2008.05.06 22:21:18 | 000,000,000 | ---D | M] -- C:\Users\Markus Wester\AppData\Roaming\iScreensaver [2009.09.25 00:27:15 | 000,000,000 | ---D | M] -- C:\Users\Markus Wester\AppData\Roaming\OpenOffice.org [2010.01.07 22:37:13 | 000,000,000 | ---D | M] -- C:\Users\Markus Wester\AppData\Roaming\Opera [2010.10.23 19:23:32 | 000,000,000 | ---D | M] -- C:\Users\Markus Wester\AppData\Roaming\Printer Info Cache [2013.02.13 02:06:23 | 000,000,000 | ---D | M] -- C:\Users\Markus Wester\AppData\Roaming\Software Informer [2010.03.30 15:35:57 | 000,000,000 | ---D | M] -- C:\Users\Markus Wester\AppData\Roaming\TeamViewer [2011.09.28 00:33:56 | 000,000,000 | ---D | M] -- C:\Users\Markus Wester\AppData\Roaming\temp [2010.12.12 14:54:28 | 000,000,000 | ---D | M] -- C:\Users\Markus Wester\AppData\Roaming\Vodafone [2010.12.12 15:19:45 | 000,000,000 | ---D | M] -- C:\Users\Markus Wester\AppData\Roaming\Vodafone Mobile Broadband [2010.12.11 12:20:47 | 000,000,000 | ---D | M] -- C:\Users\Markus Wester\AppData\Roaming\Vodafone Mobile Connect ========== Purity Check ========== ========== Files - Unicode (All) ========== [2008.04.04 13:03:52 | 000,000,000 | ---D | M](C:\Windows\System32\?æ?æ?æ?æ?æ?æ) -- C:\Windows\System32\ææææææ [2008.04.04 13:03:52 | 000,000,000 | ---D | C](C:\Windows\System32\?æ?æ?æ?æ?æ?æ) -- C:\Windows\System32\ææææææ ========== Alternate Data Streams ========== @Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:C980DA7D < End of report > |
|
24.03.2013, 22:23
| #8 |
| /// TB-Ausbilder | GUV Trojaner Hallo, sehr gut, dann machen wir weiter: Schritt 1
Code:
ATTFilter :OTL
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:C980DA7D
:commands
[emptytemp]
Schritt 2 Downloade dir bitte Malwarebytes Anti-Malware .
Schritt 3 Lade das Setup des ESET Online Scanners herunter und speichere es auf den Desktop.
Schritt 4 Downloade dir bitte SecurityCheck (Link 2).
Bitte poste in deiner nächsten Antwort:
__________________ cheers, Leo |
|
28.03.2013, 01:04
| #9 |
| /// TB-Ausbilder | GUV Trojaner Hi, ich hab schon länger keine Antwort mehr von dir erhalten. Brauchst du weiterhin noch Hilfe? Wenn ich in den nächsten 24 Stunden nichts von dir höre, gehe ich davon aus, dass sich das Thema erledigt hat und lösche es aus meinen Abos. Hinweis: Wir sind noch nicht fertig! Auch wenn die Symptome verschwunden sein sollten, kann dein System weiterhin infiziert sein und über Sicherheitslücken verfügen, welche eine erneute Infektion möglich machen.
__________________ cheers, Leo |
|
29.03.2013, 19:44
| #10 |
| | GUV Trojaner hey sorry das ich mich nicht solange gemeldet habe aber ich bin Selbstständig und war jetzt so viel arbeiten das ich mich gerade nicht um den Rechner kümmern konnte. bin jetzt gerade noch dran aber hier das logfile scho von otl: All processes killed ========== OTL ========== ADS C:\ProgramData\TEMP:C980DA7D deleted successfully. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 67 bytes ->Flash cache emptied: 198 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Jasmina ->Temp folder emptied: 287822 bytes ->Temporary Internet Files folder emptied: 16342542 bytes ->Flash cache emptied: 690 bytes User: Markus Wester ->Temp folder emptied: 962695 bytes ->Temporary Internet Files folder emptied: 105387636 bytes ->Java cache emptied: 17734058 bytes ->FireFox cache emptied: 53214652 bytes ->Google Chrome cache emptied: 0 bytes ->Apple Safari cache emptied: 13680640 bytes ->Flash cache emptied: 3296 bytes User: Public ->Temp folder emptied: 0 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 1545402961 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 72048 bytes RecycleBin emptied: 7170 bytes Total Files Cleaned = 1.672,00 mb OTL by OldTimer - Version 3.2.69.0 log created on 03292013_191933 Files\Folders moved on Reboot... PendingFileRenameOperations files... Registry entries deleted on Reboot... jetzt noch ne Frage: Beim Starten vom Rechner öffnet sich immer ein Ordner von Autorun und Autorun disable ist das normal? verschwinden eigentlich nachher die ganzen Ordner die die Programme erstellen? sobald die anderen Programme durch gelaufen sind poste ich den Rest |
|
30.03.2013, 00:59
| #11 | ||
| /// TB-Ausbilder | GUV TrojanerZitat:
Zitat:
__________________ cheers, Leo |
|
30.03.2013, 17:05
| #12 |
| | GUV Trojaner hey, also es ist ein Fenster das den Pfad hat Autorun-Autorun disable kann ja mal nen Screenshot machen wenn es sich nochmal öffnet. So hier jetzt die Sachen die du brauchst: OTL: All processes killed ========== OTL ========== ADS C:\ProgramData\TEMP:C980DA7D deleted successfully. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 67 bytes ->Flash cache emptied: 198 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Jasmina ->Temp folder emptied: 287822 bytes ->Temporary Internet Files folder emptied: 16342542 bytes ->Flash cache emptied: 690 bytes User: Markus Wester ->Temp folder emptied: 962695 bytes ->Temporary Internet Files folder emptied: 105387636 bytes ->Java cache emptied: 17734058 bytes ->FireFox cache emptied: 53214652 bytes ->Google Chrome cache emptied: 0 bytes ->Apple Safari cache emptied: 13680640 bytes ->Flash cache emptied: 3296 bytes User: Public ->Temp folder emptied: 0 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 1545402961 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 72048 bytes RecycleBin emptied: 7170 bytes Total Files Cleaned = 1.672,00 mb OTL by OldTimer - Version 3.2.69.0 log created on 03292013_191933 Files\Folders moved on Reboot... PendingFileRenameOperations files... Registry entries deleted on Reboot... Malwarebytes Anti-Malware (Test) 1.70.0.1100 Malwarebytes : Free Anti-Malware download Datenbank Version: v2013.03.29.12 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 9.0.8112.16421 Markus Wester :: MARKUS-LAPTOP [Administrator] Schutz: Aktiviert 29.03.2013 19:37:04 mbam-log-2013-03-29 (19-37-04).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 252781 Laufzeit: 10 Minute(n), 33 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 1 C:\Windows\System32\nvs2.inf (Adware.EGDAccess) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Eset: L:\infected\skype.dat a variant of Win32/Kryptik.AXPJ trojan securitycheck Results of screen317's Security Check version 0.99.61 Windows Vista Service Pack 2 x86 (UAC is enabled) Internet Explorer 9 ``````````````Antivirus/Firewall Check:`````````````` Avira Desktop Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware Version 1.70.0.1100 Java(TM) 6 Update 18 Java(TM) 6 Update 22 Java(TM) 6 Update 31 Java(TM) 6 Update 2 Java(TM) 6 Update 3 Java(TM) 6 Update 5 Java(TM) 6 Update 7 Java version out of Date! Adobe Flash Player 11.6.602.180 Adobe Reader 8 Adobe Reader out of Date! Mozilla Firefox (3.6.13) Firefox out of Date! ````````Process Check: objlist.exe by Laurent```````` Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbamgui.exe Avira Antivir avgnt.exe Avira Antivir avguard.exe Microsoft Small Business Business Contact Manager BcmSqlStartupSvc.exe Malwarebytes' Anti-Malware mbamscheduler.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: % ````````````````````End of Log`````````````````````` |
|
31.03.2013, 13:38
| #13 |
| /// TB-Ausbilder | GUV Trojaner Hi, den Ordner infected kannst du vom USB-Stick löschen. Ansonsten gab es ja keine Funde mehr. Bleiben nur noch die Updates und dann das Aufräumen. Schritt 1 Dein Java ist nicht mehr aktuell. Ältere Versionen enthalten Sicherheitslücken, die von Malware zur Infizierung per Drive-by Download missbraucht werden können. Die aktuelle Version ist Java 7 Update 17.
Überleg dir also, ob du eine Java-Installation wirklich brauchst. Falls du Java weiterhin verwenden möchtest, dann:
Schritt 2 Downloade und installiere dir die neuste Version des Mozilla Firefox. Schritt 3 Die Version deines Adobe PDF Readers ist veraltet, wir müssen ihn updaten:
Überprüfe dann mit diesem Plugin-Check, ob nun alle deine verwendeten Versionen aktuell sind und update sie anderenfalls. Schritt 4 Starte defogger und drücke den Button Re-enable. Schritt 5 Bitte deaktiviere jetzt temporär das Antiviren-Programm, evtl. vorhandenes Skript-Blocking und Antimalware-Programme. Drücke bitte die + R Taste, kopiere folgenden Text in das Ausführen FensterCode:
ATTFilter Combofix /Uninstall
Du kannst die eben deaktivierten Programme nun wieder einschalten. Schritt 6 Den ESET Online Scanner kannst du behalten, um ab und zu für eine Zweitmeinung dein System damit zu scannen. Falls du ESET aber deinstallieren möchtest, dann: Drücke bitte die + R Taste, kopiere folgenden Text in das Ausführen FensterCode:
ATTFilter "%ProgramFiles%\Eset\Eset Online Scanner\OnlineScannerUninstaller.exe"
Schritt 7 Downloade dir bitte delfix auf deinen Desktop.
>> OK << Wir sind durch, deine Logs sehen für mich im Moment sauber aus.  Ich habe dir nachfolgend ein paar Hinweise und Tipps zusammengestellt, die dazu beitragen sollen, dass du in Zukunft unsere Hilfe nicht mehr brauchen wirst. Bitte gib mir danach noch eine kurze Rückmeldung, wenn auch von deiner Seite keine Probleme oder Fragen mehr offen sind, damit ich dieses Thema als erledigt betrachten kann. Epilog: Tipps, Dos & Don'ts  Aktualität von System und SoftwareDas Betriebsystem Windows muss zwingend immer auf dem neusten Stand sein. Stelle sicher, dass die automatischen Updates aktiviert sind:
Auch die installierte Software sollte immer in der aktuellsten Version vorliegen. Speziell gilt das für den Browser, Java, Flash-Player und PDF-Reader, denn bekannte Sicherheitslücken in deren alten Versionen werden dazu ausgenutzt, um beim blossen Besuch einer präparierten Website per Drive-by Download Malware zu installieren. Das kann sogar auf normalerweise legitimen Websites geschehen, wenn es einem Angreifer gelungen ist, seinen Code in die Seite einzuschleusen, und ist deshalb relativ unberechenbar.
Sicherheits-SoftwareEine Bemerkung vorneweg: Jede Softwarelösung hat ihre Schwächen. Die gesamte Verantwortung für die Sicherheit auf Software zu übertragen und einen Rundum-Schutz zu erwarten, wäre eine gefährliche Illusion. Bei unbedachtem oder bewusst risikoreichem Verhalten wird auch das beste Programm früher oder später seinen Dienst versagen (z.B. ein Virenscanner, der eine verseuchte Datei nicht erkennt). Trotzdem ist entsprechende Software natürlich wichtig und hilft dir in Kombination mit einem gut gewarteten (up-to-date) System und durchdachtem Verhalten, deinen Rechner sauber zu halten.
Es liegt in der Natur der Sache, dass die am weitesten verbreitete Anwendungs-Software auch am häufigsten von Malware-Autoren attackiert wird. Es kann daher bereits einen kleinen Sicherheitsgewinn darstellen, wenn man alternative Software (z.B. einen alternativen PDF Reader) benutzt. Anstelle des Internet Explorers kann man beispielsweise den Mozilla Firefox einsetzen, für welchen es zwei nützliche Addons zur Empfehlung gibt:
(Un-)Sicheres Verhalten im InternetNebst unbemerkten Drive-by Installationen wird Malware aber auch oft mehr oder weniger aktiv vom Benutzer selbst installiert. Der Besuch zwielichtiger Websites kann bereits Risiken bergen. Und Downloads aus dubiosen Quellen sind immer russisches Roulette. Auch wenn der Virenscanner im Moment darin keine Bedrohung erkennt, muss das nichts bedeuten.
Oft wird auch versucht, den Benutzer mit mehr oder weniger trickreichen Methoden dazu zu bringen, eine für ihn verhängnisvolle Handlung selbst auszuführen (Überbegriff Social Engineering).
Nervige Adware (Werbung) und unnötige Toolbars werden auch meist durch den Benutzer selbst mitinstalliert.
Allgemeine HinweiseAbschliessend noch ein paar grundsätzliche Bemerkungen:
Wenn du möchtest, kannst du das Forum mit einer kleinen Spende unterstützen. Es bleibt mir nur noch, dir unbeschwertes und sicheres Surfen zu wünschen und dass wir uns hier so bald nicht wiedersehen. 
__________________ cheers, Leo |
|
11.05.2013, 02:43
| #14 |
| /// TB-Ausbilder | GUV Trojaner Freut mich, dass wir helfen konnten.  Falls du dem Forum noch Verbesserungsvorschläge, Kritik oder ein Lob mitgeben möchtest, kannst du das hier tun. Dieses Thema scheint erledigt und wird aus meinen Abos gelöscht. Ich bekomme somit keine Benachrichtigung mehr über neue Antworten. Solltest du das Thema erneut brauchen, schicke mir bitte eine PM und wir machen hier weiter. Jeder andere bitte diese Anleitung lesen und einen eigenen Thread erstellen.
__________________ cheers, Leo |
|
12.06.2013, 22:13
| #15 |
| | GUV Trojaner Hallo, aufjedenfall mal danke aber habe jetzt wieder 2 probleme. Wenn ich den Rechner hoch fahren wird seit dem der Trojaner beseitigt wurde immer ein Fenster und bei jeden mal. Folgenden Pfad hat das Fenster: Master(C)->ProgramData->Microsoft->Windows->Startmenü->Programme->Autostart->AutorunsDisabled wie bekommt man das weg? Dann ist seit gestern nach dem ich den Adobe Flashplayer+Itunes aktualliesiert habe wieder das Fenster da mit dem Ananas Logo wo drin steht "DLL could not be opened" beim hochfahren. Damit hat es ja beim letzten mal angefangen. Könnt ihr mir noch mal helfen |
|
| Themen zu GUV Trojaner |
| adware.egdaccess, antivir, appdata, avg, avira, boot, c:\windows, defender, desktop, explorer.exe, microsoft, rechner, roaming, rundll, rundll32.exe, shell, sidebar, system, system32, trojaner, vista, win32/kryptik.axpj, windows, winlogon |
Textbox.
Linear-Darstellung
