Log-Analyse und Auswertung: GVU Trojaner; Laptop läßt sich auch nicht im abgesicherten Modus startenWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.
| ![]() GVU Trojaner; Laptop läßt sich auch nicht im abgesicherten Modus starten Hallo, seit heute ist mein Laptop (Betriebssystem Windows 7) von dem GVU Trojaner (Bundesamt für Sicherheit in der Informationstechnik - 100,- € über Paysafecard zu zahlen) infiziert. In einigen Beiträge unter Google wurde mir geraten, den PC im abgesicherten Modus hochzufahren, und die daraus resultierenden nächsten Schritte durchzuführen. Leider fährt der PC nicht hoch, sondern sofort wieder runter. Nun habe ich den ersten Schritt wie bereits im Beitrag (siehe unten) erwähnt, durchgeführt: http://www.trojaner-board.de/133527-...s-starten.html Ich habe den Farbar Scanner auf einen Stick gezogen und meinen Laptop im Boot Modus gestartet und den Scan durchgeführt, anbei die LogFile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-04-2013 Ran by DUCABOTOR (administrator) on 25-04-2013 12:30:20 Running from D:\ Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard Internet Explorer Version 9 Boot Mode: Minimal ==================== Processes (Whitelisted) ================= (Microsoft Corporation) [1096] C:\Windows\system32\cmd.exe (Microsoft Corporation) [1128] C:\Windows\system32\ctfmon.exe (Microsoft Corporation) [1236] C:\Windows\System32\dinotify.exe (McAfee, Inc.) [1556] C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (Farbar) [1700] d:\FRST64.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /SONYAPO [1158248 2012-02-27] (Realtek Semiconductor) HKLM\...\Run: [AtherosBtStack] "C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe" [1016992 2012-01-19] (Atheros Communications) HKLM\...\Run: [AthBtTray] "C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe" [800416 2012-01-19] (Atheros Commnucations) HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2870032 2012-03-15] (Synaptics Incorporated) HKCU\...\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun [1475584 2010-11-21] (Microsoft Corporation) HKCU\...\Run: [GoogleChromeAutoLaunch_50C8AB55EDB8CD3DA3E7A9C2D26F30E8] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window [1312720 2013-04-09] (Google Inc.) HKCU\...\Run: [EPLTarget\P0000000000000000] C:\Windows\system32\spool\DRIVERS\x64\3\E_YATIHSE.EXE /EPT "EPLTarget\P0000000000000000" /M "Epson Stylus Office BX935FWD" [239488 2011-04-24] (SEIKO EPSON CORPORATION) HKCU\...\Runonce: [Uninstall C:\Users\DUCABOTOR\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64] C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\DUCABOTOR\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64" [x] HKCU\...\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_6_602_180_ActiveX.exe -update activex [706776 2013-03-12] (Adobe Systems Incorporated) HKLM-x32\...\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [343168 2012-01-18] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2011-11-29] (Intel Corporation) HKLM-x32\...\Run: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [291608 2012-02-27] (Intel Corporation) HKLM-x32\...\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey [1534504 2013-01-14] (McAfee, Inc.) HKLM-x32\...\Run: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared files\brs.exe [75048 2012-02-20] (cyberlink) HKLM-x32\...\Run: [PMBVolumeWatcher] c:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe [693608 2012-02-21] (Sony Corporation) HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59720 2013-01-28] (Apple Inc.) HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [152392 2013-02-20] (Apple Inc.) Startup: C:\Users\DUCABOTOR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Users\DUCABOTOR\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://vaioportal.sony.eu URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.) HKCU SearchScopes: DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKCU - {0820323B-DA0D-4202-8D8B-7943B4E089FC} URL = hxxp://rover.ebay.com/rover/1/707-37276-16609-27/4?mpre=hxxp://shop.ebay.de/?oemInLn=ieSrch-Q212&_nkw={searchTerms} BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20121101161802.dll (McAfee, Inc.) BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.) BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) BHO-x32: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20121101161803.dll (McAfee, Inc.) BHO-x32: CIESpeechBHO Class - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations) BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.) BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation) BHO-x32: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.) Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.) Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.) Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - No File Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - No File Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.) Handler: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - No File Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - No File Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.) Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation) Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation) Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.) Handler-x32: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) Handler-x32: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation) Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\PROGRA~1\mcafee\msc\MCSNIE~1.DLL (McAfee, Inc.) Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\PROGRA~2\mcafee\msc\mcsniepl.dll (McAfee, Inc.) Winsock: Catalog5 08 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [36352] (Microsoft Corporation) Winsock: Catalog5-x64 08 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.) Winsock: Catalog5-x64 09 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171760] (Microsoft Corp.) Winsock: Catalog5-x64 10 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171760] (Microsoft Corp.) Tcpip\Parameters: [DhcpNameServer] Chrome: ======= CHR HomePage: "homepage": "", CHR RestoreOnStartup: https://www.google.de/ CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding} CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter} CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\PepperFlash\pepflashplayer.dll () CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_222.dll No File CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll () CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\pdf.dll () CHR Plugin: (Java Deployment Toolkit - C:\Program Files (x86)\Java\jre7\bin\new_plugin\npdeployJava1.dll (Oracle Corporation) CHR Plugin: (Java(TM) Platform SE 7 U1) - C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation) CHR Plugin: (Adobe Acrobat) - c:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.) CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\\npGoogleUpdate3.dll No File CHR Plugin: (Intel\u00AE Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) CHR Plugin: (Intel\u00AE Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) CHR Plugin: (McAfee SiteAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.) CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll No File CHR Plugin: (Media Go Detector) - C:\Program Files (x86)\Sony\Media Go\npmediago.dll (Sony Network Entertainment International LLC) CHR Plugin: (PlayStation(R)Network Downloader Check Plug-in) - C:\Program Files (x86)\Sony\PLAYSTATION Network Downloader\nppsndl.dll (Sony Computer Entertainment Inc.) CHR Plugin: (Windows Live\u0099 Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) CHR Plugin: (McAfee SecurityCenter) - c:\progra~2\mcafee\msc\npmcsn~1.dll () CHR Extension: (YouTube) - C:\Users\DUCABOTOR\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0 CHR Extension: (Google Search) - C:\Users\DUCABOTOR\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\ CHR Extension: (SiteAdvisor) - C:\Users\DUCABOTOR\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\ CHR Extension: (DVDVideoSoft Browser Extension) - C:\Users\DUCABOTOR\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\ CHR Extension: (Gmail) - C:\Users\DUCABOTOR\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1 ==================== Services (Whitelisted) ================= S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.) S2 CLKMSVC10_9EC60124; C:\Program Files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe [248304 2012-01-19] (CyberLink) S3 DCDhcpService; C:\Program Files\Sony\VAIO Smart Network\WFDA\DCDhcpService.exe [112256 2012-03-21] (Atheros Communication Inc.) S2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [121344 2012-02-07] () S2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2012-02-07] (Intel Corporation) S2 McAfee SiteAdvisor Service; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.) S3 McAWFwk; c:\PROGRA~1\mcafee\msc\mcawfwk.exe [225216 2011-01-28] (McAfee, Inc.) S2 McMPFSvc; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.) R2 mcmscsvc; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.) S2 McNaiAnn; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.) S2 McNASvc; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.) S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [383608 2012-11-16] (McAfee, Inc.) S4 McOobeSv; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.) S2 McProxy; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.) S2 McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [241456 2013-02-19] (McAfee, Inc.) S2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [218760 2013-02-19] (McAfee, Inc.) S2 mfevtp; C:\Windows\system32\mfevtps.exe [182752 2013-02-19] (McAfee, Inc.) S2 MOBK649backup; C:\Program Files (x86)\McAfee Online Backup\MOBK649backup.exe [223544 2011-04-18] (McAfee, Inc.) S2 MSK80Service; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.) S2 PMBDeviceInfoProvider; c:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [473960 2012-02-21] (Sony Corporation) S2 SampleCollector; C:\Program Files\Sony\VAIO Care\VCPerfService.exe [260768 2011-11-30] (Sony Corporation) S2 uCamMonitor; C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [105024 2011-02-23] (ArcSoft, Inc.) S2 ZAtheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [158880 2012-01-19] (Atheros) ==================== Drivers (Whitelisted) ==================== S3 ArcSoftKsUFilter; C:\Windows\System32\DRIVERS\ArcSoftKsUFilter.sys [19968 2009-05-26] (ArcSoft, Inc.) S3 BTATH_VDP; C:\Windows\System32\drivers\btath_vdp.sys [421664 2012-01-19] (Atheros) S3 cfwids; C:\Windows\System32\drivers\cfwids.sys [70112 2013-02-19] (McAfee, Inc.) S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [196440 2012-04-20] (McAfee, Inc.) S3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [179280 2013-02-19] (McAfee, Inc.) S3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [309840 2013-02-19] (McAfee, Inc.) S3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [515968 2013-02-19] (McAfee, Inc.) S0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [771536 2013-02-19] (McAfee, Inc.) S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [106552 2013-02-19] (McAfee, Inc.) R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [340216 2013-02-19] (McAfee, Inc.) S1 MOBK649Filter; C:\Windows\System32\DRIVERS\MOBK649.sys [66040 2011-04-18] (Mozy, Inc.) ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-04-25 12:30 - 2013-04-25 12:30 - 00000000 ____D C:\FRST 2013-04-25 11:51 - 2013-04-25 12:15 - 00000004 ____A C:\Users\DUCABOTOR\AppData\Roaming\AltShell.ini 2013-04-25 11:51 - 2013-04-25 11:51 - 00032256 ____A C:\Users\DUCABOTOR\6490269.exe 2013-04-13 21:55 - 2013-04-13 21:55 - 00001155 ____A C:\Users\DUCABOTOR\Desktop\Free M4a to MP3 Converter.lnk 2013-04-13 21:55 - 2013-04-13 21:55 - 00001150 ____A C:\Users\DUCABOTOR\Desktop\My Music Tools.lnk 2013-04-13 21:55 - 2013-04-13 21:55 - 00000000 ____D C:\Program Files (x86)\Free M4a to MP3 Converter 2013-04-13 21:54 - 2013-04-13 21:54 - 03743872 ____A (ManiacTools.com ) C:\Users\DUCABOTOR\Downloads\m4a-to-mp3-converter_7.2.exe 2013-04-13 21:51 - 2013-04-13 21:51 - 00000000 ____D C:\Users\DUCABOTOR\Desktop\W&W Mainstage 2013-04-13 21:29 - 2013-04-13 22:24 - 00000000 ____D C:\Users\DUCABOTOR\Desktop\Hardwell On Air 2013 2013-04-13 20:25 - 2013-04-13 20:25 - 00001783 ____A C:\Users\Public\Desktop\iTunes.lnk 2013-04-13 20:24 - 2013-04-13 20:25 - 00000000 ____D C:\Program Files\iTunes 2013-04-13 20:24 - 2013-04-13 20:25 - 00000000 ____D C:\Program Files (x86)\iTunes 2013-04-13 20:24 - 2013-04-13 20:24 - 00000000 ____D C:\Program Files\iPod 2013-04-10 03:01 - 2013-02-21 12:30 - 01766912 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2013-04-10 03:01 - 2013-02-21 12:30 - 01129984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2013-04-10 03:01 - 2013-02-21 12:29 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2013-04-10 03:01 - 2013-02-21 12:29 - 02046464 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2013-04-10 03:01 - 2013-02-21 12:29 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2013-04-10 03:01 - 2013-02-21 12:29 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2013-04-10 03:01 - 2013-02-21 12:29 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2013-04-10 03:01 - 2013-02-21 12:29 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll 2013-04-10 03:01 - 2013-02-21 12:29 - 00061440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2013-04-10 03:01 - 2013-02-21 12:29 - 00039424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2013-04-10 03:01 - 2013-02-21 12:29 - 00033280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2013-04-10 03:01 - 2013-02-21 12:15 - 00051712 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe 2013-04-10 03:01 - 2013-02-21 12:14 - 03958784 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll 2013-04-10 03:01 - 2013-02-21 12:14 - 02647040 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll 2013-04-10 03:01 - 2013-02-21 12:14 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll 2013-04-10 03:01 - 2013-02-21 12:14 - 00855552 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll 2013-04-10 03:01 - 2013-02-21 12:14 - 00603136 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll 2013-04-10 03:01 - 2013-02-21 12:14 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll 2013-04-10 03:01 - 2013-02-21 12:14 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll 2013-04-10 03:01 - 2013-02-21 12:14 - 00067072 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll 2013-04-10 03:01 - 2013-02-21 12:14 - 00053248 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll 2013-04-10 03:01 - 2013-02-21 12:14 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll 2013-04-10 03:01 - 2013-02-19 14:01 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2013-04-10 03:01 - 2013-02-19 13:42 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb 2013-04-10 03:01 - 2013-02-19 13:10 - 00071680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe 2013-04-10 03:01 - 2013-02-19 12:51 - 00089600 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe 2013-04-10 03:00 - 2013-02-21 12:29 - 14323200 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2013-04-10 03:00 - 2013-02-21 12:29 - 13761024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2013-04-10 03:00 - 2013-02-21 12:15 - 02240512 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll 2013-04-10 03:00 - 2013-02-21 12:14 - 19230208 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2013-04-10 03:00 - 2013-02-21 12:14 - 15404544 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll 2013-04-09 21:20 - 2013-03-02 08:04 - 01655656 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys 2013-04-09 21:20 - 2013-03-01 05:36 - 03153408 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys 2013-04-09 21:20 - 2013-02-15 08:08 - 00044032 ____A (Microsoft Corporation) C:\Windows\System32\tsgqec.dll 2013-04-09 21:20 - 2013-02-15 08:06 - 03717632 ____A (Microsoft Corporation) C:\Windows\System32\mstscax.dll 2013-04-09 21:20 - 2013-02-15 08:02 - 00158720 ____A (Microsoft Corporation) C:\Windows\System32\aaclient.dll 2013-04-09 21:20 - 2013-02-15 06:37 - 03217408 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll 2013-04-09 21:20 - 2013-02-15 06:34 - 00131584 ____A (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll 2013-04-09 21:20 - 2013-02-15 05:25 - 00036864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll 2013-04-09 21:20 - 2013-01-24 08:01 - 00223752 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\fvevol.sys 2013-04-09 21:19 - 2013-03-19 08:04 - 05550424 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe 2013-04-09 21:19 - 2013-03-19 07:46 - 00043520 ____A (Microsoft Corporation) C:\Windows\System32\csrsrv.dll 2013-04-09 21:19 - 2013-03-19 07:04 - 03968856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2013-04-09 21:19 - 2013-03-19 07:04 - 03913560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2013-04-09 21:19 - 2013-03-19 06:47 - 00006656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll 2013-04-09 21:19 - 2013-03-19 05:06 - 00112640 ____A (Microsoft Corporation) C:\Windows\System32\smss.exe 2013-04-04 13:40 - 2013-04-04 13:40 - 00000934 ____A C:\Users\Public\Desktop\EPSON Scan.lnk 2013-04-04 13:40 - 2013-04-04 13:40 - 00000000 ____D C:\Program Files (x86)\epson 2013-04-04 13:40 - 2009-12-09 00:00 - 00464384 ____A (Seiko Epson Corporation) C:\Windows\System32\esxw2ud.dll 2013-04-04 13:40 - 2009-10-16 00:00 - 00132560 ____A (Seiko Epson Corporation) C:\Windows\System32\esdevapp.exe 2013-04-04 13:40 - 2009-10-16 00:00 - 00013824 ____A (Seiko Epson Corporation) C:\Windows\System32\esxcdev.dll 2013-04-04 13:35 - 2013-04-04 13:35 - 06797384 ____A C:\Users\Public\Documents\Zeit und Selbstmanagement 03.04.2013.pptx 2013-04-02 16:45 - 2013-04-02 16:45 - 00000000 ____D C:\Users\DUCABOTOR\Bodenmatte 150x215 2013-04-01 19:45 - 2013-04-01 19:45 - 00011418 ____A C:\Users\DUCABOTOR\Hardwell 27.04.2013.xlsx ==================== One Month Modified Files and Folders ======= 2013-04-25 12:30 - 2013-04-25 12:30 - 00000000 ____D C:\FRST 2013-04-25 12:28 - 2012-04-26 08:40 - 00696620 ____A C:\Windows\System32\perfh007.dat 2013-04-25 12:28 - 2012-04-26 08:40 - 00147916 ____A C:\Windows\System32\perfc007.dat 2013-04-25 12:28 - 2009-07-14 07:13 - 01612484 ____A C:\Windows\System32\PerfStringBackup.INI 2013-04-25 12:15 - 2013-04-25 11:51 - 00000004 ____A C:\Users\DUCABOTOR\AppData\Roaming\AltShell.ini 2013-04-25 12:12 - 2012-11-19 23:24 - 00000000 ___RD C:\Users\DUCABOTOR\Dropbox 2013-04-25 12:12 - 2012-11-19 23:20 - 00000000 ____D C:\Users\DUCABOTOR\AppData\Roaming\Dropbox 2013-04-25 12:11 - 2012-11-01 16:10 - 00001112 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2013-04-25 12:11 - 2009-07-14 07:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT 2013-04-25 12:11 - 2009-07-14 06:51 - 00045713 ____A C:\Windows\setupact.log 2013-04-25 12:00 - 2012-11-01 16:10 - 00001116 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2013-04-25 11:58 - 2012-04-26 07:49 - 01197730 ____A C:\Windows\WindowsUpdate.log 2013-04-25 11:53 - 2012-04-26 08:11 - 00000000 ____D C:\Program Files (x86)\McAfee 2013-04-25 11:53 - 2010-11-21 05:47 - 00335392 ____A C:\Windows\PFRO.log 2013-04-25 11:51 - 2013-04-25 11:51 - 00032256 ____A C:\Users\DUCABOTOR\6490269.exe 2013-04-25 11:51 - 2012-11-01 15:58 - 00000000 ____D C:\users\DUCABOTOR 2013-04-25 11:50 - 2012-04-26 08:30 - 00000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-04-25 11:42 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\System32\NDF 2013-04-25 11:35 - 2012-11-02 18:48 - 00000000 ____D C:\Users\DUCABOTOR\Documents\Outlook-Dateien 2013-04-23 12:11 - 2011-04-18 22:00 - 00002072 ____A C:\Windows\MOBK649.blk 2013-04-23 12:11 - 2011-04-18 22:00 - 00000314 ____A C:\Windows\MOBK649.flt 2013-04-15 20:54 - 2009-07-14 06:45 - 00020992 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-04-15 20:54 - 2009-07-14 06:45 - 00020992 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-04-13 22:27 - 2012-09-14 23:11 - 00000000 ____D C:\Users\DUCABOTOR\Desktop\2012-02 2013-04-13 22:27 - 2009-06-29 18:02 - 00000000 ____D C:\Users\DUCABOTOR\Desktop\2011-01 2013-04-13 22:24 - 2013-04-13 21:29 - 00000000 ____D C:\Users\DUCABOTOR\Desktop\Hardwell On Air 2013 2013-04-13 21:55 - 2013-04-13 21:55 - 00001155 ____A C:\Users\DUCABOTOR\Desktop\Free M4a to MP3 Converter.lnk 2013-04-13 21:55 - 2013-04-13 21:55 - 00001150 ____A C:\Users\DUCABOTOR\Desktop\My Music Tools.lnk 2013-04-13 21:55 - 2013-04-13 21:55 - 00000000 ____D C:\Program Files (x86)\Free M4a to MP3 Converter 2013-04-13 21:54 - 2013-04-13 21:54 - 03743872 ____A (ManiacTools.com ) C:\Users\DUCABOTOR\Downloads\m4a-to-mp3-converter_7.2.exe 2013-04-13 21:51 - 2013-04-13 21:51 - 00000000 ____D C:\Users\DUCABOTOR\Desktop\W&W Mainstage 2013-04-13 20:25 - 2013-04-13 20:25 - 00001783 ____A C:\Users\Public\Desktop\iTunes.lnk 2013-04-13 20:25 - 2013-04-13 20:24 - 00000000 ____D C:\Program Files\iTunes 2013-04-13 20:25 - 2013-04-13 20:24 - 00000000 ____D C:\Program Files (x86)\iTunes 2013-04-13 20:24 - 2013-04-13 20:24 - 00000000 ____D C:\Program Files\iPod 2013-04-12 19:04 - 2012-11-09 22:36 - 00000000 ____D C:\Users\DUCABOTOR\AppData\Local\CrashDumps 2013-04-10 03:19 - 2009-07-14 06:45 - 00373416 ____A C:\Windows\System32\FNTCACHE.DAT 2013-04-09 21:19 - 2013-01-10 21:53 - 00000000 ____D C:\Users\DUCABOTOR\Alex 2013-04-04 19:14 - 2012-11-19 23:24 - 00001035 ____A C:\Users\DUCABOTOR\Desktop\Dropbox.lnk 2013-04-04 13:40 - 2013-04-04 13:40 - 00000934 ____A C:\Users\Public\Desktop\EPSON Scan.lnk 2013-04-04 13:40 - 2013-04-04 13:40 - 00000000 ____D C:\Program Files (x86)\epson 2013-04-04 13:35 - 2013-04-04 13:35 - 06797384 ____A C:\Users\Public\Documents\Zeit und Selbstmanagement 03.04.2013.pptx 2013-04-02 16:45 - 2013-04-02 16:45 - 00000000 ____D C:\Users\DUCABOTOR\Bodenmatte 150x215 2013-04-01 19:45 - 2013-04-01 19:45 - 00011418 ____A C:\Users\DUCABOTOR\Hardwell 27.04.2013.xlsx Other Malware: =========== C:\Users\DUCABOTOR\AppData\Roaming\AltShell.dat C:\Users\DUCABOTOR\AppData\Roaming\AltShell.ini ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit Last Boot: 2013-04-23 12:10 ==================== End Of Log ============================ Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24-04-2013 Ran by DUCABOTOR at 2013-04-25 12:30:56 Run: Running from D:\ Boot Mode: Minimal ========================================================== ==================== Installed Programs ======================= ?????? Windows Live (Version: 16.4.3503.0728) ???????? ?????????? Windows Live (Version: 16.4.3503.0728) ?????????? (????????????? ??????) (Version: 16.4.3503.0728) ?????????? (Version: 16.4.3503.0728) ??????????? (Version: 16.4.3503.0728) ???????????? (Version: 16.4.3503.0728) ACID Music Studio 8.0 (Version: 8.0.178) Adobe AIR (Version: Adobe Flash Player 11 ActiveX (Version: 11.6.602.180) Adobe Flash Player 11 Plugin (Version: 11.6.602.180) Adobe Reader X MUI (Version: 10.0.0) Agatha Christie - Death on the Nile (Version: Aloha TriPeaks (Version: AMD APP SDK Runtime (Version: 10.0.851.6) AMD Catalyst Install Manager (Version: 3.0.859.0) Apple Application Support (Version: 2.3.3) Apple Mobile Device Support (Version: Apple Software Update (Version: ArcSoft Magic-i Visual Effects 2 (Version: ArcSoft WebCam Companion 4 (Version: Atheros Bluetooth Suite (64) (Version: Bejeweled 3 (Version: Bing Bar (Version: 7.0.610.0) Bonjour (Version: Build-a-lot 2 (Version: Cake Mania (Version: Catalyst Control Center - Branding (Version: 1.00.0000) Catalyst Control Center (Version: 2012.0117.2242.40496) Catalyst Control Center Graphics Previews Common (Version: 2012.0117.2242.40496) Catalyst Control Center InstallProxy (Version: 2012.0117.2242.40496) Catalyst Control Center Localization All (Version: 2012.0117.2242.40496) CCC Help Chinese Standard (Version: 2012.0117.2241.40496) CCC Help Chinese Traditional (Version: 2012.0117.2241.40496) CCC Help Czech (Version: 2012.0117.2241.40496) CCC Help Danish (Version: 2012.0117.2241.40496) CCC Help Dutch (Version: 2012.0117.2241.40496) CCC Help English (Version: 2012.0117.2241.40496) CCC Help Finnish (Version: 2012.0117.2241.40496) CCC Help French (Version: 2012.0117.2241.40496) CCC Help German (Version: 2012.0117.2241.40496) CCC Help Greek (Version: 2012.0117.2241.40496) CCC Help Hungarian (Version: 2012.0117.2241.40496) CCC Help Italian (Version: 2012.0117.2241.40496) CCC Help Japanese (Version: 2012.0117.2241.40496) CCC Help Korean (Version: 2012.0117.2241.40496) CCC Help Norwegian (Version: 2012.0117.2241.40496) CCC Help Polish (Version: 2012.0117.2241.40496) CCC Help Portuguese (Version: 2012.0117.2241.40496) CCC Help Russian (Version: 2012.0117.2241.40496) CCC Help Spanish (Version: 2012.0117.2241.40496) CCC Help Swedish (Version: 2012.0117.2241.40496) CCC Help Thai (Version: 2012.0117.2241.40496) CCC Help Turkish (Version: 2012.0117.2241.40496) ccc-utility64 (Version: 2012.0117.2242.40496) Chuzzle Deluxe (Version: CyberLink PowerDVD (Version: 9.0.5009.52) D3DX10 (Version: 15.4.2368.0902) Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition Dropbox (Version: 1.6.18) DVD Architect Studio 5.0 (Version: 5.0.157) EPSON BX935FWD Series Printer Uninstall EPSON Scan Evernote v. 4.5.2 (Version: FDUx86 (Version: 1.0.0) Fishdom (TM) 2 (Version: Fotogaléria (Version: 16.4.3503.0728) Fotogalerie (Version: 16.4.3503.0728) Fotogalerija (Version: 16.4.3503.0728) Fotogalleri (Version: 16.4.3503.0728) Fotogalleriet (Version: 16.4.3503.0728) Fotograf Galerisi (Version: 16.4.3503.0728) Fotótár (Version: 16.4.3503.0728) Free M4a to MP3 Converter 7.2 Free YouTube to MP3 Converter version (Version: Galeria de Fotografias (Version: 16.4.3503.0728) Galeria fotografii (Version: 16.4.3503.0728) Galerie de photos (Version: 16.4.3503.0728) Galerie foto (Version: 16.4.3503.0728) Google Chrome (Version: 26.0.1410.64) Google Update Helper (Version: Insaniquarium Deluxe (Version: Intel(R) Control Center (Version: Intel(R) Management Engine Components (Version: Intel(R) Rapid Storage Technology (Version: Intel(R) USB 3.0 eXtensible Host Controller Driver (Version: Intel® Trusted Connect Service Client (Version: 1.23.605.1) iTunes (Version: Java Auto Updater (Version: Java(TM) 7 Update 1 (64-bit) (Version: 7.0.10) Java(TM) 7 Update 1 (Version: 7.0.10) Jewel Quest Solitaire 2 (Version: Junk Mail filter update (Version: 16.4.3503.0728) jZip (Version: KUx86 (Version: 1.0.0) Mahjongg Artifacts (Version: Malwarebytes Anti-Malware Version (Version: McAfee Internet Security (Version: 11.6.477) McAfee Online Backup (Version: Media Gallery (Version: Media Go (Version: 2.0.317) Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319) Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319) Microsoft .NET Framework 4 Extended (Version: 4.0.30319) Microsoft .NET Framework 4 Extended DEU Language Pack (Version: 4.0.30319) Microsoft Application Error Reporting (Version: 12.0.6015.5000) Microsoft Office 2010 Service Pack 1 (SP1) Microsoft Office Access MUI (German) 2010 (Version: 14.0.6029.1000) Microsoft Office Excel MUI (German) 2010 (Version: 14.0.6029.1000) Microsoft Office Home and Business 2010 (Version: 14.0.6029.1000) Microsoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000) Microsoft Office OneNote MUI (German) 2010 (Version: 14.0.6029.1000) Microsoft Office Outlook Connector (Version: 14.0.6123.5001) Microsoft Office Outlook MUI (German) 2010 (Version: 14.0.6029.1000) Microsoft Office PowerPoint MUI (German) 2010 (Version: 14.0.6029.1000) Microsoft Office Proof (English) 2010 (Version: 14.0.6029.1000) Microsoft Office Proof (French) 2010 (Version: 14.0.6029.1000) Microsoft Office Proof (German) 2010 (Version: 14.0.6029.1000) Microsoft Office Proof (Italian) 2010 (Version: 14.0.6029.1000) Microsoft Office Proofing (German) 2010 (Version: 14.0.6029.1000) Microsoft Office Publisher MUI (German) 2010 (Version: 14.0.6029.1000) Microsoft Office Shared 64-bit MUI (German) 2010 (Version: 14.0.6029.1000) Microsoft Office Shared MUI (German) 2010 (Version: 14.0.6029.1000) Microsoft Office Single Image 2010 (Version: 14.0.6029.1000) Microsoft Office Word MUI (German) 2010 (Version: 14.0.6029.1000) Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit (Version: 14.0.5120.5000) Microsoft Silverlight (Version: 5.1.20125.0) Microsoft SkyDrive (Version: 16.4.6013.0910) Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000) Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (Version: 10.0.30319) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (Version: 10.0.30319) Movie Maker (Version: 16.4.3503.0728) MSVCRT (Version: 15.4.2862.0708) MSVCRT Redists (Version: 1.0) MSVCRT_amd64 (Version: 15.4.2862.0708) MSVCRT110 (Version: 16.4.1108.0727) MSVCRT110_amd64 (Version: 16.4.1108.0727) MSXML 4.0 SP3 Parser (KB2721691) (Version: 4.30.2114.0) MSXML 4.0 SP3 Parser (KB2758694) (Version: 4.30.2117.0) MSXML 4.0 SP3 Parser (Version: 4.30.2100.0) Mystery of Mortlake Mansion (Version: Mystery P.I. - The London Caper (Version: Photo Common (Version: 16.4.3503.0728) Photo Gallery (Version: 16.4.3503.0728) Plants vs. Zombies - Game of the Year (Version: PlayMemories Home (Version: PlayStation(R)Network Downloader (Version: 2.07.00849) PlayStation(R)Store (Version: Poczta uslugi Windows Live (Version: 16.4.3503.0728) Podstawowe programy Windows Live (Version: 16.4.3503.0728) Polar Bowler (Version: Pošta Windows Live (Version: 16.4.3503.0728) PYV_x86 (Version: 1.0.0) Qualcomm Atheros Direct Connect (Version: 3.1) Qualcomm Atheros WiFi Driver Installation (Version: 3.0) Raccolta foto (Version: 16.4.3503.0728) Realtek High Definition Audio Driver (Version: Realtek PCIE Card Reader (Version: 6.1.7601.92) Remote Keyboard (Version: Remote Play with PlayStation(R)3 (Version: S?????? f?t???af??? (Version: 16.4.3503.0728) Shared C Run-time for x64 (Version: 10.0.0) Sound Forge Audio Studio 10.0 (Version: 10.0.176) SSLx64 (Version: 1.0.0) SSLx86 (Version: 1.0.0) Synaptics Pointing Device Driver (Version: The Hidden Object Game Show (Version: TrackID(TM) with BRAVIA (Version: Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1) Update for Microsoft .NET Framework 4 Extended (KB2468871) (Version: 1) Update for Microsoft .NET Framework 4 Extended (KB2533523) (Version: 1) Update for Microsoft .NET Framework 4 Extended (KB2600217) (Version: 1) Update for Microsoft Office 2010 (KB2553065) Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition Update for Microsoft Office 2010 (KB2566458) Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition Update for Microsoft Outlook 2010 (KB2597090) 32-Bit Edition Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition Update for Microsoft PowerPoint 2010 (KB2598240) 32-Bit Edition Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition Update Installer for WildTangent Games App VAIO - Microsoft Visual C++ 2010 SP1 Runtime 10.0.40219.325 (Version: VAIO - PlayMemories Home Plug-in (Version: VAIO - Remote Play mit PlayStation®3 (Version: VAIO - Remote-Tastatur (Version: VAIO - Remote-Tastatur mit PlayStation®3 (Version: VAIO - TrackID™ mit BRAVIA (Version: VAIO Care (Version: VAIO Control Center (Version: VAIO Data Restore Tool (Version: VAIO Easy Connect (Version: VAIO Gate (Version: VAIO Gate Default (Version: VAIO Gesture Control (Version: VAIO Improvement (Version: VAIO Improvement Validation (Version: VAIO Sample Contents (Version: VAIO Smart Network (Version: VAIO Update (Version: VAIO Update Merge Module x64 (Version: 5.7.13130) VAIO*CPU-Lüfterdiagnose (Version: VAIO-Handbuch (Version: VAIO-Support für Übertragungen (Version: Valokuvavalikoima (Version: 16.4.3503.0728) VCCx64 (Version: 1.0.0) VCCx86 (Version: 1.0.0) Vegas Movie Studio HD Platinum 11.0 (Version: 11.0.256) VHD (Version: 1.0.0) Virtual Villagers 4 - The Tree of Life (Version: VIx64 (Version: 1.0.0) VIx86 (Version: 1.0.0) VMLx86 (Version: 1.0.0) VPMx64 (Version: 1.0.0) VSNx64 (Version: 1.0.0) VSNx86 (Version: 1.0.0) VSSTx64 (Version: 1.0.0) VSSTx86 (Version: 1.0.0) VU5x64 (Version: 1.0.0) VU5x86 (Version: 1.0.0) VWSTx86 (Version: 1.0.0) WildTangent Games App (Version: WildTangent-Spiele (Version: Windows Live Communications Platform (Version: 16.4.3503.0728) Windows Live Essentials (Version: 15.4.3502.0922) Windows Live Essentials (Version: 16.4.3503.0728) Windows Live Fotogalleri (Version: 15.4.3502.0922) Windows Live ID Sign-in Assistant (Version: 7.250.4311.0) Windows Live Installer (Version: 16.4.3503.0728) Windows Live Mail (Version: 15.4.3502.0922) Windows Live Mail (Version: 16.4.3503.0728) Windows Live Messenger (Version: 15.4.3538.0513) Windows Live Messenger (Version: 16.4.3503.0728) Windows Live MIME IFilter (Version: 16.4.3503.0728) Windows Live Movie Maker (Version: 15.4.3502.0922) Windows Live Photo Common (Version: 15.4.3502.0922) Windows Live Photo Common (Version: 16.4.3503.0728) Windows Live PIMT Platform (Version: 16.4.3503.0728) Windows Live SOXE (Version: 16.4.3503.0728) Windows Live SOXE Definitions (Version: 16.4.3503.0728) Windows Live Temel Parçalar (Version: 16.4.3503.0728) Windows Live UX Platform (Version: 16.4.3503.0728) Windows Live UX Platform Language Pack (Version: 15.4.3508.1109) Windows Live UX Platform Language Pack (Version: 16.4.3503.0728) Windows Live Writer (Version: 15.4.3502.0922) Windows Live Writer (Version: 16.4.3503.0728) Windows Live Writer Resources (Version: 15.4.3502.0922) Windows Live Writer Resources (Version: 16.4.3503.0728) Windows Liven peruspaketti (Version: 16.4.3503.0728) Windows Liven sähköposti (Version: 16.4.3503.0728) ==================== Restore Points ========================= 03-04-2013 22:24:39 Geplanter Prüfpunkt 10-04-2013 01:00:20 Windows Update ==================== Faulty Device Manager Devices ============= Name: Security Processor Loader Driver Description: Security Processor Loader Driver Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: spldr Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24) Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed. Devices stay in this state if they have been prepared for removal. After you remove the device, this error disappears.Remove the device, and this error should be resolved. Name: McAfee Inc. mfehidk Description: McAfee Inc. mfehidk Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: mfehidk Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24) Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed. Devices stay in this state if they have been prepared for removal. After you remove the device, this error disappears.Remove the device, and this error should be resolved. ==================== Event log errors: ========================= Application errors: ================== Error: (04/25/2013 00:28:11 PM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (04/25/2013 00:13:18 PM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (04/25/2013 11:54:53 AM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (04/25/2013 03:15:21 AM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 9173 Error: (04/25/2013 03:15:21 AM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 9173 Error: (04/25/2013 03:15:21 AM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (04/25/2013 03:15:19 AM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 8003 Error: (04/25/2013 03:15:19 AM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 8003 Error: (04/25/2013 03:15:19 AM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (04/25/2013 03:15:18 AM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 7004 System errors: ============= Error: (04/25/2013 00:30:35 PM) (Source: DCOM) (User: ) Description: 1084McNaiAnn{DC7EF8E1-824F-4110-AB43-1604DA9B4F40} Error: (04/25/2013 00:28:34 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "PnP-X-IP-Busenumerator" ist vom Dienst "Funktionssuchanbieter-Host" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error: (04/25/2013 00:26:34 PM) (Source: Service Control Manager) (User: ) Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: AFD DfsC discache mfehidk MOBK649Filter NetBIOS NetBT nsiproxy Psched rdbss spldr tdx vwififlt Wanarpv6 WfpLwf Error: (04/25/2013 00:26:34 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "McAfee Proxy Service" ist vom Dienst "McAfee Firewall Core Service" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error: (04/25/2013 00:26:32 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "McAfee Anti-Spam Service" ist vom Dienst "McAfee Firewall Core Service" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error: (04/25/2013 00:26:32 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "McAfee Firewall Core Service" ist vom Dienst "McAfee Validation Trust Protection Service" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error: (04/25/2013 00:26:32 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "NLA (Network Location Awareness)" ist vom Dienst "Netzwerkspeicher-Schnittstellendienst" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error: (04/25/2013 00:26:32 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "SMB 2.0-Miniredirector" ist vom Dienst "SMB-Miniredirector-Wrapper und -Modul" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error: (04/25/2013 00:26:32 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "SMB 1.x-Miniredirector" ist vom Dienst "SMB-Miniredirector-Wrapper und -Modul" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error: (04/25/2013 00:26:32 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "SMB-Miniredirector-Wrapper und -Modul" ist vom Dienst "Umgeleitetes Puffersubsystem" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%31 Microsoft Office Sessions: ========================= Error: (04/25/2013 00:28:11 PM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (04/25/2013 00:13:18 PM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (04/25/2013 11:54:53 AM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (04/25/2013 03:15:21 AM) (Source: Bonjour Service)(User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 9173 Error: (04/25/2013 03:15:21 AM) (Source: Bonjour Service)(User: ) Description: Task Scheduling Error: m->NextScheduledEvent 9173 Error: (04/25/2013 03:15:21 AM) (Source: Bonjour Service)(User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (04/25/2013 03:15:19 AM) (Source: Bonjour Service)(User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 8003 Error: (04/25/2013 03:15:19 AM) (Source: Bonjour Service)(User: ) Description: Task Scheduling Error: m->NextScheduledEvent 8003 Error: (04/25/2013 03:15:19 AM) (Source: Bonjour Service)(User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (04/25/2013 03:15:18 AM) (Source: Bonjour Service)(User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 7004 CodeIntegrity Errors: =================================== Date: 2013-03-16 22:05:57.893 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\drivers\usbaapl64.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2013-03-16 22:05:57.863 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\drivers\usbaapl64.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2012-12-02 17:31:07.157 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files\Common Files\McAfee\VSCore\mfeelamk.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2012-12-02 17:31:07.154 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files\Common Files\McAfee\VSCore\mfeelamk.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2012-12-02 17:31:07.153 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files\Common Files\McAfee\VSCore\mfeelamk.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. ==================== Memory info =========================== Percentage of memory in use: 17% Total physical RAM: 6114.36 MB Available physical RAM: 5045.75 MB Total Pagefile: 12226.9 MB Available Pagefile: 11168.73 MB Total Virtual: 8192 MB Available Virtual: 8191.84 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:677.36 GB) (Free:592.24 GB) NTFS (Disk=0 Partition=3) Drive d: (USB_DISK) (Removable) (Total:0.48 GB) (Free:0.48 GB) FAT32 (Disk=1 Partition=1) Datentr„ger ### Status Gr”áe Frei Dyn GPT --------------- ------------- ------- ------- --- --- Datentr„ger 0 Online 698 GB 0 B Datentr„ger 1 Online 498 MB 0 B Partitions of Disk 0: =============== Datentr„ger-ID: F9A28C9B Partition ### Typ Gr”áe Offset ------------- ---------------- ------- ------- Partition 1 Wiederherstellun 20 GB 1024 KB Partition 2 Prim„r 350 MB 20 GB Partition 3 Prim„r 677 GB 21 GB ================================================================================== Disk: 0 Partition 1 Typ : 27 Versteckt: Ja Aktiv : Nein Volume ### Bst Bezeichnung DS Typ Gr”áe Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 3 Recovery NTFS Partition 20 GB Fehlerfre Versteck ========================================================= Disk: 0 Partition 2 Typ : 07 Versteckt: Nein Aktiv : Ja Volume ### Bst Bezeichnung DS Typ Gr”áe Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 1 System Rese NTFS Partition 350 MB Fehlerfre System (partition with boot components) ========================================================= Disk: 0 Partition 3 Typ : 07 Versteckt: Nein Aktiv : Nein Volume ### Bst Bezeichnung DS Typ Gr”áe Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 2 C NTFS Partition 677 GB Fehlerfre Startpar ========================================================= Partitions of Disk 1: =============== Datentr„ger-ID: 00000001 Partition ### Typ Gr”áe Offset ------------- ---------------- ------- ------- * Partition 1 Prim„r 498 MB 0 B ================================================================================== Disk: 1 Es wurde keine Partition gew„hlt. Es wurde keine Partition ausgew„hlt. W„hlen Sie eine Partition, und wiederholen Sie den Vorgang. ========================================================= ============================== MBR & Partition Table ================== ==================================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 699 GB) (Disk ID: F9A28C9B) Partition 1: (Not Active) - (Size=21 GB) - (Type=27) Partition 2: (Active) - (Size=350 MB) - (Type=07) (NTFS) Partition 3: (Not Active) - (Size=677 GB) - (Type=07) (NTFS) ==================================================================== Disk: 1 (Size: 499 MB) (Disk ID: 6E652072) Partition 1: (Not Active) - (Size=811 GB) - (Type=6E) Partition 2: (Not Active) - (Size=468 GB) - (Type=FF) Partition 3: (Not Active) - (Size=80 GB) - (Type=74) Partition 4: (Not Active) - (Size=26 MB) - (Type=00) |
/// TB-Ausbilder
__________________du hast die Anleitung, auf welche du verlinkt hast, nicht korrekt ausgeführt.. Aber du hast Glück, dass FRST neuerdings auch ausserhalb der Recovery-Umgebung läuft.. ![]() Schritt 1 entsperrt den Rechner. Danach kannst du wieder im normalen Modus arbeiten. Schritt 1 Drücke auf einem Zweitrechner bitte die ![]() Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument: Code:
ATTFilter C:\Users\DUCABOTOR\AppData\Roaming\AltShell.dat C:\Users\DUCABOTOR\AppData\Roaming\AltShell.ini C:\Users\DUCABOTOR\6490269.exe
Schritt 2 Lade dir bitte OTL (von Oldtimer) herunter und speichere es auf deinen Desktop.
Bitte poste in deiner nächsten Antwort:
__________________ |
GVU Trojaner; Laptop läßt sich auch nicht im abgesicherten Modus starten Hi,
__________________danke für die schnelle Antwort. Fixlog von FRST: Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 24-04-2013 Ran by DUCABOTOR at 2013-04-25 13:29:52 Run:1 Running from D:\ Boot Mode: Minimal ============================================== C:\Users\DUCABOTOR\AppData\Roaming\AltShell.dat moved successfully. C:\Users\DUCABOTOR\AppData\Roaming\AltShell.ini moved successfully. C:\Users\DUCABOTOR\6490269.exe moved successfully. ==== End of Fixlog ==== Code:
ATTFilter OTL logfile created on: 25.04.2013 13:35:44 - Run 1 OTL by OldTimer - Version Folder = C:\Users\DUCABOTOR\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16540) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 5,97 Gb Total Physical Memory | 3,76 Gb Available Physical Memory | 63,02% Memory free 11,94 Gb Paging File | 9,28 Gb Available in Paging File | 77,68% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 677,36 Gb Total Space | 592,31 Gb Free Space | 87,44% Space Free | Partition Type: NTFS Computer Name: DUCABOTOR-VAIO | User Name: DUCABOTOR | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.04.25 13:33:52 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\DUCABOTOR\Desktop\OTL.exe PRC - [2013.03.12 09:05:50 | 029,106,336 | ---- | M] (Dropbox, Inc.) -- C:\Users\DUCABOTOR\AppData\Roaming\Dropbox\bin\Dropbox.exe PRC - [2012.03.07 18:57:48 | 000,183,432 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe PRC - [2012.03.07 18:57:46 | 000,065,464 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\VAIO Control Center\VESMgr.exe PRC - [2012.02.27 09:34:42 | 000,291,608 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe PRC - [2012.02.21 12:41:12 | 000,473,960 | ---- | M] (Sony Corporation) -- c:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe PRC - [2012.02.21 12:37:16 | 000,693,608 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe PRC - [2012.02.20 06:01:33 | 000,075,048 | ---- | M] (cyberlink) -- C:\Program Files (x86)\CyberLink\Shared files\brs.exe PRC - [2012.02.07 17:53:34 | 000,363,800 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe PRC - [2012.02.07 17:53:32 | 000,277,784 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe PRC - [2012.02.07 17:52:04 | 000,161,560 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe PRC - [2012.02.07 17:27:24 | 000,121,344 | ---- | M] () -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe PRC - [2012.01.20 15:23:00 | 000,054,432 | ---- | M] (Sony Corporation) -- C:\Programme\Sony\VAIO Care\VCService.exe PRC - [2012.01.19 13:40:32 | 000,158,880 | ---- | M] (Atheros) -- C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe PRC - [2011.11.30 18:49:50 | 000,082,592 | ---- | M] (Sony of America Corporation) -- C:\Programme\Sony\VAIO Care\listener.exe PRC - [2011.11.29 20:04:56 | 000,013,592 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe PRC - [2011.11.29 20:04:54 | 000,284,440 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe PRC - [2011.02.25 10:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE PRC - [2011.02.23 14:05:04 | 000,105,024 | ---- | M] (ArcSoft, Inc.) -- C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe ========== Modules (No Company Name) ========== MOD - [2013.02.14 04:26:52 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\5ecf01964c70e453d71e5d7653912ff9\System.Web.ni.dll MOD - [2013.02.14 04:26:43 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\cb562e2e4f74ae607f1186f6ec50cec7\System.Windows.Forms.ni.dll MOD - [2013.01.13 17:08:15 | 000,487,424 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\7ffdaee3a54ffd1a5e3b008a5bde5ecf\IAStorUtil.ni.dll MOD - [2013.01.13 17:08:15 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\389a1832a3da11e1b409cd6ae60cb9fa\IAStorCommon.ni.dll MOD - [2013.01.13 16:52:44 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll MOD - [2013.01.13 16:52:17 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll MOD - [2013.01.13 16:52:08 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cf827fe7bc99d9bcf0ba3621054ef527\WindowsBase.ni.dll MOD - [2013.01.13 16:52:04 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll MOD - [2013.01.13 16:52:01 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll MOD - [2013.01.13 16:52:01 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll MOD - [2013.01.13 16:51:57 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll MOD - [2012.08.27 22:33:32 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2012.08.27 22:33:08 | 001,242,512 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2012.04.26 08:38:56 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\\System.Runtime.Remoting.resources.dll MOD - [2010.11.13 01:26:08 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\\mscorlib.resources.dll ========== Services (SafeList) ========== SRV:64bit: - [2013.02.19 14:56:14 | 000,182,752 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Windows\SysNative\mfevtps.exe -- (mfevtp) SRV:64bit: - [2013.02.19 14:53:32 | 000,218,760 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire) SRV:64bit: - [2013.02.19 14:51:54 | 000,241,456 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield) SRV:64bit: - [2012.08.31 14:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (MSK80Service) SRV:64bit: - [2012.08.31 14:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McProxy) SRV:64bit: - [2012.08.31 14:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McOobeSv) SRV:64bit: - [2012.08.31 14:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNASvc) SRV:64bit: - [2012.08.31 14:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNaiAnn) SRV:64bit: - [2012.08.31 14:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (mcmscsvc) SRV:64bit: - [2012.08.31 14:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McMPFSvc) SRV:64bit: - [2012.08.31 14:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McAfee SiteAdvisor Service) SRV:64bit: - [2012.04.16 08:44:49 | 000,235,520 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2011.11.30 18:49:50 | 000,260,768 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Care\VCPerfService.exe -- (SampleCollector) SRV - [2013.03.13 04:00:46 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.11.16 22:10:22 | 000,383,608 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Programme\McAfee\virusscan\mcods.exe -- (McODS) SRV - [2012.07.17 16:14:44 | 002,292,480 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2012.03.26 09:24:10 | 000,978,056 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Programme\Sony\VAIO Smart Network\VSNService.exe -- (VSNService) SRV - [2012.03.21 17:08:20 | 000,112,256 | ---- | M] (Atheros Communication Inc.) [On_Demand | Stopped] -- C:\Programme\Sony\VAIO Smart Network\WFDA\DCDhcpService.exe -- (DCDhcpService) SRV - [2012.03.07 18:57:46 | 000,065,464 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Sony\VAIO Control Center\VESMgr.exe -- (VAIO Event Service) SRV - [2012.02.21 12:41:12 | 000,473,960 | ---- | M] (Sony Corporation) [Auto | Running] -- c:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider) SRV - [2012.02.09 09:43:45 | 002,429,544 | ---- | M] (Realsil Microelectronics Inc.) [Auto | Running] -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe -- (IconMan_R) SRV - [2012.02.07 17:53:34 | 000,363,800 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) SRV - [2012.02.07 17:53:32 | 000,277,784 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) SRV - [2012.02.07 17:52:04 | 000,161,560 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe -- (jhi_service) SRV - [2012.02.07 17:27:24 | 000,121,344 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe -- (Intel(R) SRV - [2012.02.02 22:29:52 | 000,628,448 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\iCLS Client\HeciServer.exe -- (Intel(R) SRV - [2012.01.20 15:23:00 | 000,054,432 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Programme\Sony\VAIO Care\VCService.exe -- (VCService) SRV - [2012.01.19 13:40:32 | 000,158,880 | ---- | M] (Atheros) [Auto | Running] -- C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe -- (ZAtheros Bt&Wlan Coex Agent) SRV - [2012.01.19 13:22:08 | 000,106,144 | ---- | M] (Atheros Commnucations) [Auto | Running] -- C:\Program Files (x86)\Bluetooth Suite\adminservice.exe -- (AtherosSvc) SRV - [2012.01.19 11:40:56 | 000,248,304 | ---- | M] (CyberLink) [Auto | Stopped] -- C:\Program Files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe -- (CLKMSVC10_9EC60124) SRV - [2012.01.13 10:55:10 | 001,256,040 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Programme\Sony\VAIO Update Common\VUAgent.exe -- (VUAgent) SRV - [2012.01.10 13:45:32 | 000,535,688 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Sony\VAIO Power Management\SPMService.exe -- (VAIO Power Management) SRV - [2012.01.06 16:44:28 | 000,074,904 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe -- (SOHDs) SRV - [2012.01.06 16:44:26 | 000,138,392 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe -- (SOHCImp) SRV - [2011.12.29 16:10:08 | 000,960,160 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe -- (VCFw) SRV - [2011.12.21 13:55:14 | 000,382,720 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe -- (VcmINSMgr) SRV - [2011.12.21 13:15:06 | 000,550,128 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe -- (VcmIAlzMgr) SRV - [2011.12.01 10:04:56 | 000,289,952 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe -- (SpfService) SRV - [2011.11.29 20:04:56 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) SRV - [2011.08.26 18:47:26 | 000,101,600 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe -- (VcmXmlIfHelper) SRV - [2011.04.18 22:00:50 | 000,223,544 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files (x86)\McAfee Online Backup\MOBK649backup.exe -- (MOBK649backup) SRV - [2011.03.01 21:23:36 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc) SRV - [2011.02.25 10:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort) SRV - [2011.02.23 14:05:04 | 000,105,024 | ---- | M] (ArcSoft, Inc.) [Auto | Running] -- C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe -- (uCamMonitor) SRV - [2011.01.28 12:28:54 | 000,225,216 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- c:\Programme\McAfee\MSC\McAWFwk.exe -- (McAWFwk) SRV - [2010.10.12 19:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService) SRV - [2010.03.18 23:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.03.18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon) SRV - [2010.01.09 22:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2013.02.19 14:59:06 | 000,070,112 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\cfwids.sys -- (cfwids) DRV:64bit: - [2013.02.19 14:56:26 | 000,340,216 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfewfpk.sys -- (mfewfpk) DRV:64bit: - [2013.02.19 14:55:14 | 000,106,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mferkdet.sys -- (mferkdet) DRV:64bit: - [2013.02.19 14:54:32 | 000,771,536 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk) DRV:64bit: - [2013.02.19 14:53:42 | 000,515,968 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfefirek.sys -- (mfefirek) DRV:64bit: - [2013.02.19 14:53:02 | 000,309,840 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk) DRV:64bit: - [2013.02.19 14:52:44 | 000,179,280 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeapfk.sys -- (mfeapfk) DRV:64bit: - [2012.09.28 11:32:56 | 000,053,760 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2012.08.21 14:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2012.04.20 17:40:58 | 000,196,440 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HipShieldK.sys -- (HipShieldK) DRV:64bit: - [2012.04.16 08:49:00 | 000,095,248 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService) DRV:64bit: - [2012.04.16 08:45:19 | 000,328,192 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2012.04.16 08:45:15 | 010,729,984 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2012.03.26 15:50:12 | 000,022,528 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netaapl64.sys -- (Netaapl) DRV:64bit: - [2012.03.15 04:42:06 | 000,421,648 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP) DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012.02.27 09:34:27 | 000,787,736 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3xhc.sys -- (iusb3xhc) DRV:64bit: - [2012.02.27 09:34:19 | 000,356,120 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3hub.sys -- (iusb3hub) DRV:64bit: - [2012.02.27 09:34:16 | 000,016,152 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iusb3hcs.sys -- (iusb3hcs) DRV:64bit: - [2012.02.21 23:27:36 | 002,807,808 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr) DRV:64bit: - [2012.02.16 16:14:57 | 000,568,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2012.02.09 09:43:54 | 000,340,072 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsPStor.sys -- (RSPCIESTOR) DRV:64bit: - [2012.02.09 07:34:36 | 000,565,352 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2012.01.19 13:31:32 | 000,550,560 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btfilter.sys -- (BtFilter) DRV:64bit: - [2012.01.19 13:31:02 | 000,421,664 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_vdp.sys -- (BTATH_VDP) DRV:64bit: - [2012.01.19 13:30:50 | 000,280,992 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_rcp.sys -- (BTATH_RCP) DRV:64bit: - [2012.01.19 13:30:02 | 000,167,584 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_hcrp.sys -- (BTATH_HCRP) DRV:64bit: - [2012.01.19 13:29:44 | 000,036,000 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_flt.sys -- (AthBTPort) DRV:64bit: - [2012.01.19 13:29:32 | 000,030,368 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_bus.sys -- (BTATH_BUS) DRV:64bit: - [2012.01.19 13:29:14 | 000,110,752 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_avdt.sys -- (btath_avdt) DRV:64bit: - [2012.01.19 13:29:02 | 000,339,616 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_a2dp.sys -- (BTATH_A2DP) DRV:64bit: - [2012.01.16 11:01:14 | 000,014,336 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SFEP.sys -- (SFEP) DRV:64bit: - [2011.11.10 01:04:14 | 000,060,184 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) DRV:64bit: - [2011.04.18 22:00:24 | 000,066,040 | ---- | M] (Mozy, Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\MOBK649.sys -- (MOBK649Filter) DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.11.21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.11.21 05:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus) DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.07.14 02:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice) DRV:64bit: - [2009.07.14 02:35:37 | 000,025,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDScan.sys -- (WSDScan) DRV:64bit: - [2009.06.10 22:35:02 | 000,281,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\e1y60x64.sys -- (e1yexpress) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.05.26 14:32:04 | 000,019,968 | ---- | M] (ArcSoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ArcSoftKsUFilter.sys -- (ArcSoftKsUFilter) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=SNYEDF&pc=MASE&src=IE-SearchBox IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=SNYEDF&pc=MASE&src=IE-SearchBox IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3632474297-1850393708-2787934250-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://vaioportal.sony.eu IE - HKU\S-1-5-21-3632474297-1850393708-2787934250-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://sony.msn.com [binary data] IE - HKU\S-1-5-21-3632474297-1850393708-2787934250-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKU\S-1-5-21-3632474297-1850393708-2787934250-1000\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.) IE - HKU\S-1-5-21-3632474297-1850393708-2787934250-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-3632474297-1850393708-2787934250-1000\..\SearchScopes\{0820323B-DA0D-4202-8D8B-7943B4E089FC}: "URL" = hxxp://rover.ebay.com/rover/1/707-37276-16609-27/4?mpre=hxxp://shop.ebay.de/?oemInLn=ieSrch-Q212&_nkw={searchTerms} IE - HKU\S-1-5-21-3632474297-1850393708-2787934250-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3632474297-1850393708-2787934250-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local ========== FireFox ========== FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL () FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL () FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3503.0728: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@playstation.com/PsndlCheck,version=1.00: C:\Program Files (x86)\Sony\PLAYSTATION Network Downloader\nppsndl.dll (Sony Computer Entertainment Inc.) FF - HKLM\Software\MozillaPlugins\@SonyCreativeSoftware.com/Media Go,version=1.0: C:\Program Files (x86)\Sony\Media Go\npmediago.dll (Sony Network Entertainment International LLC) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll () FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files (x86)\McAfee\SiteAdvisor [2013.02.02 23:18:18 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files (x86)\Common Files\McAfee\SystemCore [2013.03.09 05:41:56 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\msktbird@mcafee.com: C:\Program Files\McAfee\MSK [2012.12.02 13:52:15 | 000,000,000 | ---D | M] ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter} CHR - homepage: CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\PepperFlash\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_222.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\pdf.dll CHR - plugin: Java Deployment Toolkit (Enabled) = C:\Program Files (x86)\Java\jre7\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 7 U1 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll CHR - plugin: Adobe Acrobat (Enabled) = c:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\\npGoogleUpdate3.dll CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll CHR - plugin: Media Go Detector (Enabled) = C:\Program Files (x86)\Sony\Media Go\npmediago.dll CHR - plugin: PlayStation(R)Network Downloader Check Plug-in (Enabled) = C:\Program Files (x86)\Sony\PLAYSTATION Network Downloader\nppsndl.dll CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: McAfee SecurityCenter (Enabled) = c:\progra~2\mcafee\msc\npmcsn~1.dll CHR - Extension: YouTube = C:\Users\DUCABOTOR\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\ CHR - Extension: Google-Suche = C:\Users\DUCABOTOR\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\\ CHR - Extension: SiteAdvisor = C:\Users\DUCABOTOR\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\\ CHR - Extension: DVDVideoSoft Browser Extension = C:\Users\DUCABOTOR\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\\ CHR - Extension: Google Mail = C:\Users\DUCABOTOR\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\ O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Programme\Common Files\McAfee\systemcore\ScriptSn.20121101161802.dll (McAfee, Inc.) O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20121101161803.dll (McAfee, Inc.) O2 - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations) O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.) O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.) O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O4:64bit: - HKLM..\Run: [AthBtTray] C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe (Atheros Commnucations) O4:64bit: - HKLM..\Run: [AtherosBtStack] C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe (Atheros Communications) O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared files\brs.exe (cyberlink) O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.) O4 - HKLM..\Run: [PMBVolumeWatcher] c:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe (Sony Corporation) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [USB3MON] C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-3632474297-1850393708-2787934250-1000..\Run: [EPLTarget\P0000000000000000] C:\Windows\system32\spool\DRIVERS\x64\3\E_YATIHSE.EXE /EPT "EPLTarget\P0000000000000000" /M "Epson Stylus Office BX935FWD" File not found O4 - HKU\S-1-5-21-3632474297-1850393708-2787934250-1000..\Run: [GoogleChromeAutoLaunch_50C8AB55EDB8CD3DA3E7A9C2D26F30E8] C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-21-3632474297-1850393708-2787934250-1000..\RunOnce: [Uninstall C:\Users\DUCABOTOR\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64] C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\DUCABOTOR\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64" File not found O4 - Startup: C:\Users\DUCABOTOR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\DUCABOTOR\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105 File not found O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\DUCABOTOR\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105 File not found O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\DUCABOTOR\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000 File not found O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations) O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 10.1.0) O16:64bit: - DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 1.7.0_01) O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 1.7.0_01) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 10.1.0) O16 - DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 1.7.0_01) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 1.7.0_01) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1859898F-10CA-4512-A16C-CCE4EF7B84BB}: DhcpNameServer = O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C9FA5206-9FBF-480D-B122-2D313B480991}: DhcpNameServer = O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E36893A6-B552-4374-8839-FF07021ED5F4}: DhcpNameServer = O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.) O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.) O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.) O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.) O18:64bit: - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Programme\McAfee\MSC\McSnIePl64.dll (McAfee, Inc.) O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~2\mcafee\msc\mcsniepl.dll (McAfee, Inc.) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKU\S-1-5-21-3632474297-1850393708-2787934250-1000 Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKU\S-1-5-21-3632474297-1850393708-2787934250-1000 Winlogon: Shell - (C:\Users\DUCABOTOR\AppData\Roaming\AltShell.dat) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.04.25 13:35:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee [2013.04.25 13:33:50 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\DUCABOTOR\Desktop\OTL.exe [2013.04.25 12:30:16 | 000,000,000 | ---D | C] -- C:\FRST [2013.04.13 21:55:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free M4a to MP3 Converter [2013.04.13 21:55:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Free M4a to MP3 Converter [2013.04.13 21:51:24 | 000,000,000 | ---D | C] -- C:\Users\DUCABOTOR\Desktop\W&W Mainstage [2013.04.13 21:29:20 | 000,000,000 | ---D | C] -- C:\Users\DUCABOTOR\Desktop\Hardwell On Air 2013 [2013.04.13 20:25:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2013.04.13 20:24:37 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [2013.04.13 20:24:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes [2013.04.13 20:24:37 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2013.04.13 20:24:37 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 [2013.04.13 20:20:57 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2013.04.10 03:01:04 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2013.04.10 03:01:03 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2013.04.10 03:01:03 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll [2013.04.10 03:01:03 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe [2013.04.10 03:01:02 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2013.04.10 03:01:02 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll [2013.04.10 03:01:02 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll [2013.04.10 03:01:02 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe [2013.04.10 03:01:02 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe [2013.04.10 03:01:02 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll [2013.04.10 03:01:02 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll [2013.04.10 03:01:02 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll [2013.04.10 03:01:01 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2013.04.10 03:01:01 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2013.04.10 03:01:00 | 003,958,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2013.04.09 21:20:19 | 003,717,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll [2013.04.09 21:20:19 | 003,217,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll [2013.04.09 21:20:18 | 000,158,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aaclient.dll [2013.04.09 21:20:18 | 000,131,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\aaclient.dll [2013.04.09 21:20:18 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tsgqec.dll [2013.04.09 21:20:18 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tsgqec.dll [2013.04.09 21:19:57 | 005,550,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe [2013.04.09 21:19:54 | 003,968,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe [2013.04.09 21:19:54 | 003,913,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe [2013.04.09 21:19:54 | 000,112,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\smss.exe [2013.04.09 21:19:53 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll [2013.04.09 21:19:53 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\apisetschema.dll [2013.04.07 19:13:54 | 000,000,000 | ---D | C] -- C:\DCMI Videos [2013.04.04 13:40:38 | 000,464,384 | ---- | C] (Seiko Epson Corporation) -- C:\Windows\SysNative\esxw2ud.dll [2013.04.04 13:40:38 | 000,132,560 | ---- | C] (Seiko Epson Corporation) -- C:\Windows\SysNative\esdevapp.exe [2013.04.04 13:40:38 | 000,013,824 | ---- | C] (Seiko Epson Corporation) -- C:\Windows\SysNative\esxcdev.dll [2013.04.04 13:40:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\epson [2013.04.02 16:45:10 | 000,000,000 | ---D | C] -- C:\Users\DUCABOTOR\Bodenmatte 150x215 [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.04.25 13:39:06 | 000,020,992 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.04.25 13:39:06 | 000,020,992 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.04.25 13:37:38 | 001,612,484 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.04.25 13:37:38 | 000,696,870 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.04.25 13:37:38 | 000,652,148 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.04.25 13:37:38 | 000,148,134 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.04.25 13:37:38 | 000,121,080 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.04.25 13:33:52 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\DUCABOTOR\Desktop\OTL.exe [2013.04.25 13:31:41 | 000,001,112 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.04.25 13:31:29 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.04.25 13:31:23 | 513,560,575 | -HS- | M] () -- C:\hiberfil.sys [2013.04.25 12:00:04 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.04.25 11:50:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.04.23 12:11:40 | 000,002,072 | ---- | M] () -- C:\Windows\MOBK649.blk [2013.04.23 12:11:40 | 000,000,314 | ---- | M] () -- C:\Windows\MOBK649.flt [2013.04.13 21:55:14 | 000,001,155 | ---- | M] () -- C:\Users\DUCABOTOR\Desktop\Free M4a to MP3 Converter.lnk [2013.04.13 21:55:14 | 000,001,150 | ---- | M] () -- C:\Users\DUCABOTOR\Desktop\My Music Tools.lnk [2013.04.13 20:25:59 | 000,001,783 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk [2013.04.10 03:19:01 | 000,373,416 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.04.04 23:38:17 | 000,084,187 | ---- | M] () -- C:\Users\DUCABOTOR\Desktop\Energiebedarf - 04.04.2013.JPG [2013.04.04 19:14:05 | 000,001,059 | ---- | M] () -- C:\Users\DUCABOTOR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2013.04.04 19:14:00 | 000,001,035 | ---- | M] () -- C:\Users\DUCABOTOR\Desktop\Dropbox.lnk [2013.04.04 13:40:39 | 000,000,934 | ---- | M] () -- C:\Users\Public\Desktop\EPSON Scan.lnk [2013.04.04 13:35:22 | 004,075,047 | ---- | M] () -- C:\Users\Public\Documents\Zeit und Selbstmanagement 03.04.2013.pdf [2013.04.01 19:51:17 | 000,211,354 | ---- | M] () -- C:\Users\DUCABOTOR\formular_pdf (1).pdf [2013.04.01 19:49:31 | 000,211,354 | ---- | M] () -- C:\Users\DUCABOTOR\formular_pdf.pdf [2013.04.01 19:45:29 | 000,186,458 | ---- | M] () -- C:\Users\DUCABOTOR\Hardwell 27.04.2013.pdf [2013.04.01 19:25:44 | 000,113,027 | ---- | M] () -- C:\Users\DUCABOTOR\Check In.JPG [2013.03.29 19:57:09 | 000,492,002 | ---- | M] () -- C:\Users\DUCABOTOR\Eticket-FN6691-158697-1.pdf [2013.03.28 19:29:46 | 000,617,080 | ---- | M] () -- C:\Users\DUCABOTOR\Eticket-RF3580-158697-4.pdf [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.04.13 21:55:14 | 000,001,155 | ---- | C] () -- C:\Users\DUCABOTOR\Desktop\Free M4a to MP3 Converter.lnk [2013.04.13 21:55:14 | 000,001,150 | ---- | C] () -- C:\Users\DUCABOTOR\Desktop\My Music Tools.lnk [2013.04.13 20:25:59 | 000,001,783 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk [2013.04.04 23:38:17 | 000,084,187 | ---- | C] () -- C:\Users\DUCABOTOR\Desktop\Energiebedarf - 04.04.2013.JPG [2013.04.04 13:40:39 | 000,000,934 | ---- | C] () -- C:\Users\Public\Desktop\EPSON Scan.lnk [2013.04.04 13:35:19 | 004,075,047 | ---- | C] () -- C:\Users\Public\Documents\Zeit und Selbstmanagement 03.04.2013.pdf [2013.04.01 19:51:17 | 000,211,354 | ---- | C] () -- C:\Users\DUCABOTOR\formular_pdf (1).pdf [2013.04.01 19:49:30 | 000,211,354 | ---- | C] () -- C:\Users\DUCABOTOR\formular_pdf.pdf [2013.04.01 19:45:28 | 000,186,458 | ---- | C] () -- C:\Users\DUCABOTOR\Hardwell 27.04.2013.pdf [2013.04.01 19:25:44 | 000,113,027 | ---- | C] () -- C:\Users\DUCABOTOR\Check In.JPG [2013.03.29 19:57:09 | 000,492,002 | ---- | C] () -- C:\Users\DUCABOTOR\Eticket-FN6691-158697-1.pdf [2013.03.28 19:29:45 | 000,617,080 | ---- | C] () -- C:\Users\DUCABOTOR\Eticket-RF3580-158697-4.pdf [2013.03.19 19:46:12 | 004,198,150 | ---- | C] () -- C:\Users\DUCABOTOR\DSC08867.JPG [2013.03.19 19:45:06 | 005,734,400 | ---- | C] () -- C:\Users\DUCABOTOR\DSC08865.JPG [2013.03.19 19:44:36 | 004,751,360 | ---- | C] () -- C:\Users\DUCABOTOR\DSC08864.JPG [2013.03.19 19:44:24 | 007,143,424 | ---- | C] () -- C:\Users\DUCABOTOR\DSC08863.JPG [2013.03.16 23:13:37 | 035,708,021 | ---- | C] () -- C:\Users\DUCABOTOR\Tomorrowland 2013 Warm Up Mix. Tiësto, Sander Van Doorn, Dimitri Vegas & Like Mike.mp3 [2013.03.16 23:13:37 | 013,684,764 | ---- | C] () -- C:\Users\DUCABOTOR\Deorro & duvoh - Black (Original Mix).mp3 [2013.03.16 23:13:37 | 013,290,308 | ---- | C] () -- C:\Users\DUCABOTOR\3971172_Amazing_Ft__Chipper_Original_Mix.mp3 [2013.03.16 23:13:37 | 009,866,989 | ---- | C] () -- C:\Users\DUCABOTOR\3995748_Make_Some_Noise_Deorro_Remix.mp3 [2013.03.03 16:20:08 | 000,022,516 | ---- | C] () -- C:\Users\DUCABOTOR\dasd.JPG [2013.02.07 00:08:37 | 000,087,925 | ---- | C] () -- C:\Users\DUCABOTOR\Dropbox.JPG [2013.01.25 00:09:42 | 000,064,068 | ---- | C] () -- C:\Users\DUCABOTOR\wangentreppe_06.jpg [2013.01.11 02:03:02 | 000,144,640 | ---- | C] () -- C:\Users\DUCABOTOR\Amazon.pdf [2012.12.02 19:30:08 | 000,089,011 | ---- | C] () -- C:\Users\DUCABOTOR\Unbenannt.JPG [2012.12.02 17:37:14 | 000,000,000 | ---- | C] () -- C:\ProgramData\0T6o34k.dat [2012.12.02 17:36:58 | 000,000,001 | ---- | C] () -- C:\ProgramData\B4o3v2on.exe_.b [2012.12.02 17:36:58 | 000,000,001 | ---- | C] () -- C:\ProgramData\B4o3v2on.exe.b [2012.11.29 19:10:00 | 005,285,059 | ---- | C] () -- C:\Users\DUCABOTOR\karten.7z [2012.11.29 19:09:00 | 005,056,610 | ---- | C] () -- C:\Users\DUCABOTOR\karten1.7z [2012.11.28 23:25:29 | 000,060,055 | ---- | C] () -- C:\Users\DUCABOTOR\Ausbildungsordnung - Fachkraft für Lagerlogistik.pdf [2012.11.28 23:22:31 | 000,065,249 | ---- | C] () -- C:\Users\DUCABOTOR\Ausbildungsordnung - Kaufmann für Spedition und Logistikdienstleistungen.pdf [2012.11.13 02:00:25 | 000,639,383 | ---- | C] () -- C:\Users\DUCABOTOR\Arbeitszeugnis SLG 2005-2012.pdf [2012.11.13 01:59:41 | 000,570,549 | ---- | C] () -- C:\Users\DUCABOTOR\Kopie Arbeitsvertrag Autovision 2012.pdf [2012.11.13 01:58:43 | 000,319,161 | ---- | C] () -- C:\Users\DUCABOTOR\Abschlusszeugnis BBS3 BS 2008.pdf [2012.11.13 01:57:32 | 000,281,363 | ---- | C] () -- C:\Users\DUCABOTOR\Prüfungszeugnis IHK 2008.pdf [2012.09.15 00:18:47 | 094,729,269 | ---- | C] () -- C:\Users\DUCABOTOR\48 TOTC 2012.02 Mix, Pt. 3.mp3 [2012.09.15 00:18:25 | 085,918,690 | ---- | C] () -- C:\Users\DUCABOTOR\47 TOTC 2012.02 Mix, Pt. 2.mp3 [2012.09.15 00:18:02 | 084,831,474 | ---- | C] () -- C:\Users\DUCABOTOR\46 TOTC 2012.02 Mix, Pt. 1.mp3 [2012.04.26 09:46:57 | 000,074,703 | ---- | C] () -- C:\Windows\SysWow64\mfc45.dll [2012.04.26 08:07:14 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2012.04.16 09:11:19 | 000,204,960 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat [2012.04.16 09:11:19 | 000,157,152 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat [2012.04.16 09:11:19 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2012.02.02 22:08:26 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll [2012.02.02 21:29:52 | 000,066,688 | ---- | C] () -- C:\Windows\SysWow64\OpenVideo.dll [2012.02.02 21:29:48 | 000,061,568 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll ========== ZeroAccess Check ========== [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] < End of report > Code:
ATTFilter OTL Extras logfile created on: 25.04.2013 13:35:44 - Run 1 OTL by OldTimer - Version Folder = C:\Users\DUCABOTOR\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16540) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 5,97 Gb Total Physical Memory | 3,76 Gb Available Physical Memory | 63,02% Memory free 11,94 Gb Paging File | 9,28 Gb Available in Paging File | 77,68% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 677,36 Gb Total Space | 592,31 Gb Free Space | 87,44% Space Free | Partition Type: NTFS Computer Name: DUCABOTOR-VAIO | User Name: DUCABOTOR | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) .html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) [HKEY_USERS\S-1-5-21-3632474297-1850393708-2787934250-1000\SOFTWARE\Classes\<extension>] .html [@ = ChromeHTML] -- Reg Error: Key error. File not found ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1" http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1" http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error. ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0AAFECDE-63ED-41A8-BFE1-CE472AF03184}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | "{24D0DDF3-9C60-4699-8BD7-5E14BAFE3410}" = lport=3888 | protocol=17 | dir=in | app=c:\program files (x86)\sony\vaio creations\vaio movie story\vmstory.exe | "{3A2AA4B2-54A9-4BDA-BED6-FFD73265AD43}" = lport=3880 | protocol=6 | dir=in | app=c:\program files (x86)\sony\vaio creations\vaio movie story\vmstory.exe | "{3B6B8D1A-BEAC-4B23-8F88-5D4F7BBF5CAA}" = rport=137 | protocol=17 | dir=out | app=system | "{3D2B269E-0A34-451A-8345-B00DA8DB9F09}" = lport=3888 | protocol=6 | dir=in | app=c:\program files (x86)\sony\vaio creations\vaio movie story\vmstory.exe | "{675D37F4-5AA9-43B8-BCB4-475CEECCFF65}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{840FCFC7-1E5C-4DBF-B180-2F95B5E80EAB}" = lport=139 | protocol=6 | dir=in | app=system | "{8C710C11-9F6A-448A-B428-75A782B02527}" = lport=53 | protocol=17 | dir=in | app=c:\program files\sony\vaio smart network\wfda\dcdhcpservice.exe | "{9690AD09-52D3-414C-82A4-B39E795A1C44}" = rport=445 | protocol=6 | dir=out | app=system | "{9E09B979-D245-4FBE-8DD1-88E8F0692674}" = lport=80 | protocol=6 | dir=in | app=c:\program files\sony\vaio smart network\wfda\wifidirectapplication.exe | "{A4913C17-EEC9-4419-A677-3865F0C73D38}" = lport=137 | protocol=17 | dir=in | app=system | "{A88AA586-A02F-455F-9C3A-D61FF1F76394}" = lport=445 | protocol=6 | dir=in | app=system | "{AEDF0580-D493-4CF7-87EA-D24303EE0211}" = lport=138 | protocol=17 | dir=in | app=system | "{B98826C6-C91D-40D9-B7AB-3D06A1DA4C58}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | "{BFDD61E0-0B19-47DE-A3BE-1F61DD6CC1F0}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{C8A4FD53-A205-4D3B-AA27-145550EB7C58}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{CFE1B4FF-B5D1-4A98-9EB7-A9567DA9AE3E}" = rport=139 | protocol=6 | dir=out | app=system | "{D03260B1-1A28-40FE-9E86-78A886EAA5C1}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe | "{D7AFA4B2-4AB1-4F9A-A711-E8321D8C41FD}" = rport=138 | protocol=17 | dir=out | app=system | "{E6E6E96F-37B5-4DF2-8468-3A8FAA1BB940}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{10EC1524-DA8E-4A6D-8578-3CD7D2457F1D}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | "{1827CF63-B3FE-4E73-952F-297F12300CE3}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{229CF65E-7AD8-4CC7-8BC5-507D99C723CD}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{25C264DC-AF24-46BF-BD14-AE229289D032}" = protocol=17 | dir=in | app=c:\users\ducabotor\appdata\roaming\dropbox\bin\dropbox.exe | "{2FC9CFA2-6947-454D-927C-BB32F90D6BBD}" = dir=in | app=c:\users\ducabotor\appdata\local\microsoft\skydrive\skydrive.exe | "{48B23585-7991-4835-ABCB-5B63E36F6712}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | "{4BCE896A-3044-4C4D-A77F-442F02C9EE46}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{4DDE08EA-00D2-4925-A1C4-83A7B22A8E9E}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{580206F5-5037-4EA8-9217-381FA8A59726}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | "{59FEA0AB-E437-4D02-A2D4-5108D32A86C5}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | "{684ED633-3520-49D1-A569-880A59EEFE24}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | "{8C1E3270-066C-456D-B769-55CF9113B709}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | "{9974A8A6-28F5-4C2F-AA9A-96E2AE54FFB8}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | "{A7D34460-61F2-4D2F-85BD-56EEF7C88DA1}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd9\powerdvd9.exe | "{B00788E6-4B3B-4C19-90F9-C76833B3DAB7}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{B017DA7C-F894-4F45-A424-9F0A4C608215}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{BA00ED32-C368-4283-B518-DA748C4B254D}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{D40BFAC1-FCE1-4EFD-A939-EB812CAFC71B}" = protocol=6 | dir=in | app=c:\users\ducabotor\appdata\roaming\dropbox\bin\dropbox.exe | "{E981D195-4192-457C-8B3D-0C29802CAFC9}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | "{EB656FB9-5A77-44CA-ADC1-D479B4AD35DD}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{F790F4FD-2B2E-4726-87CD-3462E19F87A1}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | "{FABBE79F-C072-4D47-8A78-321E24DC057C}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0225AD21-F3E2-4916-BFF3-65D3F9052582}" = iTunes "{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack "{09536BA1-E498-4CC3-B834-D884A67D7E34}" = Intel® Trusted Connect Service Client "{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{0EB7792D-EFA2-42AB-9A22-F33D9458E974}" = Media Gallery "{230D1595-57DA-4933-8C4E-375797EBB7E1}" = Atheros Bluetooth Suite (64) "{26A24AE4-039D-4CA4-87B4-2F86417001FF}" = Java(TM) 7 Update 1 (64-bit) "{28DB4A00-92CC-481E-5485-12A73F6B88C1}" = ccc-utility64 "{2F72F540-1F60-4266-9506-952B21D6640D}" = Apple Mobile Device Support "{312395BC-7CC2-434C-A660-30250276A926}" = SSLx64 "{34EB42BE-F4D3-44C1-B28E-9740115DB72C}" = VAIO - Microsoft Visual C++ 2010 SP1 Runtime 10.0.40219.325 "{46261E1C-5E0D-484E-8CCC-7F770375FBA2}" = VU5x64 "{471F7C0A-CA3A-4F4C-8346-DE36AD5E23D1}" = VAIO Care "{4BA33BE3-20CF-4972-BD67-B44CEFA52DCB}" = Windows Live MIME IFilter "{4F31AC31-0A28-4F5A-8416-513972DA1F79}" = VSSTx64 "{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime "{5212FB9D-C7A1-7BF4-9096-3DD48819F21D}" = McAfee Online Backup "{549AD5FB-F52D-4307-864A-C0008FB35D96}" = VCCx64 "{59CFDD96-728A-A88C-36E5-1163342C814F}" = AMD Catalyst Install Manager "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour "{75C95C84-264F-4CC7-8A7E-346444E6C7C1}" = VAIO Improvement Validation "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 "{886C0C18-F905-49B2-90BA-EFC0FEDF27C6}" = VAIO - PlayMemories Home Plug-in "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended "{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010 "{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010 "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{CE52672C-A0E9-4450-8875-88A221D5CD50}" = Windows Live ID Sign-in Assistant "{D55EAC07-7207-44BD-B524-0F063F327743}" = VIx64 "{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 "{DBEAA361-F8A4-4298-B41C-9E9DCB9AAB84}" = VPMx64 "{E743BA71-5955-420B-AA52-67508054AD66}" = VAIO Update Merge Module x64 "{EF79C448-6946-4D71-8134-03407888C054}" = Shared C Run-time for x64 "{F2611404-06BF-4E67-A5B7-8DB2FFC1CBF6}" = VSNx64 "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "{F842F8B0-6942-4930-821F-543E976B2C66}" = MSVCRT110_amd64 "EPSON BX935FWD Series" = EPSON BX935FWD Series Printer Uninstall "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended "Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack "SynTPDeinstKey" = Synaptics Pointing Device Driver [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{000B058E-E3E7-4E4D-88B1-4CEBB3D417B7}" = Windows Live Writer "{00AA59D7-B92D-4A06-8D06-0596081C0E68}" = Photo Gallery "{0159A45D-DB64-454C-8DEE-037702F2FDF0}" = Poczta usługi Windows Live "{0170C9A2-4FBB-47B3-B3FE-76170531EF1B}" = Movie Maker "{01FB4B77-9211-480E-8439-370C6DB71113}" = Windows Live Writer Resources "{02082E30-6019-4F5B-B55C-025F4CE5D335}" = Movie Maker "{046885A1-B4AE-4459-A0D1-8C93706698D6}" = "{05B093D6-140B-41EA-BC35-F611800E158D}" = Windows Live Writer Resources "{05F57124-7DDB-4141-B3E5-3C4F42491C1A}" = Windows Live Mail "{07441A52-E208-478A-92B7-5C337CA8C131}" = VAIO - Remote Play mit PlayStation®3 "{07EDFDF9-F920-4BCB-B6FD-59DB8FFFFF47}" = Movie Maker "{0899D75A-C2FC-42EA-A702-5B9A5F24EAD5}" = VAIO Smart Network "{08EBCF9F-416D-0BD3-0C9E-2CBFC6688A19}" = CCC Help German "{09C4F7A1-0AB6-477E-97BB-82FDA39DBD5D}" = Windows Live Mail "{0AA0DA00-A1D3-11E0-B9A9-005056C00008}" = Sound Forge Audio Studio 10.0 "{0AB5F0FD-D917-BB15-163F-B044C606C965}" = CCC Help French "{0ADCA84C-4276-4619-B318-38BC606476B7}" = Windows Liven sähköposti "{0B32E306-13AA-4EAE-987B-3BD1A1EC0F12}" = Photo Common "{0B4A75B4-4C0E-4850-8F25-036B92408E1B}" = Windows Live Messenger "{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}" = PlayStation(R)Store "{0F4E2825-F515-40B1-B3E6-F6C973C69E87}" = Photo Gallery "{0FBC0FEF-FAB2-465D-9F78-8AE1D0603559}" = Windows Live Messenger "{0FE59959-3EA2-470F-BF90-4AAA2F82E528}" = Windows Live Writer "{1057511B-F8FE-4230-9ED3-AB949A57EE4A}" = Windows Live PIMT Platform "{1221B471-09BE-71E6-1A26-AAC627625DA0}" = CCC Help Swedish "{12F9B6AA-B861-CA2C-7DFF-EE4334D9F142}" = CCC Help Spanish "{167A1F6A-9BF2-4B24-83DB-C6D659F680EA}" = Media Go "{1789AE05-5298-492C-9A4D-CDD3A98AE6A1}" = Photo Common "{18EE664A-8121-4023-8E6E-BB2E9AEEC75E}" = Catalyst Control Center - Branding "{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser "{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 "{1A2516F6-15CF-45F0-A14C-865742A647C3}" = Windows Live Messenger "{1AED08A6-6BC5-4927-8FCD-FEE9ED00D2F2}" = Fotogalerie "{1DC65309-3556-4D72-BC22-0FDD529BE2EB}" = Windows Live Essentials "{1E03DB52-D5CB-4338-A338-E526DD4D4DB1}" = Bing Bar "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{20068443-0047-49D6-B25E-3322A56D7E2B}" = Windows Live UX Platform Language Pack "{20FCB655-FF69-4BFF-9300-68C0386A51A6}" = Windows Live UX Platform Language Pack "{219801B0-668E-5AC0-193A-7F66BC1A9B8D}" = CCC Help Finnish "{21DD6041-7251-40FA-9D06-C5EB30268E0F}" = Qualcomm Atheros Direct Connect "{23AF8E37-01F3-41CD-B91C-9EF7E1F16B23}" = Основи Windows Live "{240C3DDD-C5E9-4029-9DF7-95650D040CF2}" = Intel(R) USB 3.0 eXtensible Host Controller Driver "{247092CD-6E4C-3B0E-9C93-FCF60191AE1E}" = CCC Help Czech "{24DAB461-8071-E28A-92BA-470D21AFFDF3}" = CCC Help Thai "{24DF33E0-F924-4D0D-9B96-11F28F0D602D}" = Windows Live UX Platform Language Pack "{25CD4B12-8CC5-433E-B723-C9CB41FA8C5A}" = Windows Live Writer "{269304A7-84ED-429C-8509-7C6AE2F3D085}" = Windows Live Mail "{26A24AE4-039D-4CA4-87B4-2F83217001FF}" = Java(TM) 7 Update 1 "{27C467F8-F8EF-4f68-BD72-D63632B2096C}" = McAfee Online Backup "{29315CEC-E6CE-4394-84DC-6F862E8D9A52}" = Windows Live UX Platform "{2AE414B5-7FE6-49A3-93C8-D864162CDEBC}" = Windows Live UX Platform Language Pack "{2D416A80-0BB1-4D8B-B770-7BE8F53D5937}" = Windows Live UX Platform Language Pack "{2E50E321-4747-4EB5-9ECB-BBC6C3AC0F31}" = Windows Live Writer Resources "{2F41EF61-A066-4EBF-84F8-21C1B317A780}" = VAIO - TrackID™ mit BRAVIA "{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App "{2FAFE37E-D796-47B8-BA8F-D09819B12DF6}" = Windows Live Essentials "{2FBB11ED-EB28-45AC-BACF-4282EA24E8EA}" = Windows Live UX Platform Language Pack "{302933F3-E6AD-414D-AB96-A18DBB979B1D}" = Movie Maker "{3136AA57-563A-4BF4-98A5-CC0276BF4DC0}" = Fotogalerija "{340600B4-1DAF-25DC-1F55-C67A03126F07}" = CCC Help Chinese Traditional "{3490653F-2789-46A1-B1BF-6BD4CF4131AB}" = FDUx86 "{34D42BA7-804F-41CB-A7F5-6C1E5169422F}" = Windows Live UX Platform Language Pack "{34FAB034-9225-83B3-9539-49267DE32A11}" = CCC Help Polish "{35FA69FA-49DD-4BDF-8140-7DC2C4472C45}" = Fotoğraf Galerisi "{377DE7D7-3C49-4D79-B23E-3E466096262E}" = Windows Live Writer Resources "{37D33036-532F-4D9D-8827-D47D8C5C6E0E}" = Windows Live Writer "{38547BC2-D932-4D3D-88DB-B0C33A34B469}" = Windows Live Messenger "{399F0DD6-ADDE-4C88-8312-617C03CECB1E}" = Windows Live Writer "{3A26D9BD-0F73-432D-B522-2BA18138F7EF}" = VAIO Improvement "{3AF0ACA1-E2CC-64C5-4589-E75E2CF7291C}" = CCC Help Italian "{3E1A80F8-3B1C-120E-D205-0D3FC3485995}" = Catalyst Control Center InstallProxy "{3E22AC09-619F-5C08-0FF2-5947ABC7ACB3}" = Catalyst Control Center "{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology "{3EAE58C0-7C36-40C3-ACED-0CABF2F46BCF}" = Windows Live Writer Resources "{3EF3A400-BC02-4345-AF19-297ED2D71DF4}" = Windows Live Messenger "{40DD2F13-254D-46BD-80B1-34E4677263A4}" = Windows Live Writer Resources "{40F55150-F43D-4C9F-9A00-1A0A6F1EB7F0}" = Movie Maker "{41FEC76C-9F4C-4A9A-B872-C605A4E04BBF}" = Photo Common "{4214AA76-A3A6-41FD-A8ED-DA2A5C533733}" = Windows Live UX Platform Language Pack "{43475DF9-3F29-4C45-9045-BDCEF39C17E8}" = Windows Live Writer "{438C2993-99AA-43F7-BA0B-1A13A75E5426}" = Windows Live Writer Resources "{43C1D630-B6A4-4F9A-BF59-7C35F5907E11}" = Фотоальбом "{43DE8A79-029C-38E0-AC90-167333F8EF7E}" = CCC Help Portuguese "{44E89CCA-BB20-4EA6-80EB-4126E886F83D}" = Windows Live Mail "{45C56AA7-ED1B-4800-A97F-EDDF3F3520B1}" = Apple Application Support "{46316411-80D8-4F68-8118-696E05FCE199}" = Windows Live Essentials "{4689F012-C8E3-4F6E-BDEF-13671D53A6DC}" = Windows Live UX Platform Language Pack "{48ADF615-F7E5-4805-8ABF-4FCB04A2BE58}" = Windows Live Mail "{49400307-EEC4-4C71-94C1-B419194F7290}" = Windows Live Writer Resources "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4D60765A-2FF1-4848-BDFD-CEA79458F59B}" = Фотографии (общедоступная версия) "{4DAB6CA2-71C2-4B28-A4D4-5F6E62E44D93}" = Photo Common "{4EFAC13A-6A1D-4A2A-8F4B-056ADBBF39E4}" = Movie Maker "{4F9A382F-4478-4036-905C-F77DF2EA0370}" = Windows Live SOXE "{4FA8F084-C42F-45E1-B7E5-E0C8A1083DC5}" = Windows Live SOXE Definitions "{4FE09BED-6F4C-47B9-9C46-DC1B7083CCF1}" = Windows Live UX Platform Language Pack "{5059436D-B480-494A-8F88-5CACFA883F2B}" = Windows Live Essentials "{510044D7-E70F-41C6-826A-A53C236B6FC5}" = Windows Live Writer Resources "{5156C9BF-1C27-430B-96D8-7129F11699A8}" = VAIO Data Restore Tool "{52FE9150-B4B1-42BE-8F05-7D559757E450}" = Movie Maker "{53EFA2AB-A58A-45BB-A044-47AC232FF0FE}" = Windows Live UX Platform Language Pack "{547C128A-691D-4D09-B195-AC5194C07403}" = Windows Live Temel Parçalar "{547C9EB4-4CA6-402F-9D1B-8BD30DC71E44}" = VAIO Sample Contents "{55F84131-D974-4CDA-AD01-C7DDAA3F19F2}" = Windows Live UX Platform Language Pack "{5663661E-25EB-40D6-ADA2-83D6D84A368A}" = Windows Live Writer "{5724CD7B-8AFC-4DE5-BF65-59272B22B25E}" = Windows Live Essentials "{57B0AA0C-3B99-435E-9CEC-2EF61CBCEF5F}" = Основные компоненты Windows Live "{57B955CE-B5D3-495D-AF1B-FAEE0540BFEF}" = VAIO Data Restore Tool "{57EC0BAF-E65F-4758-A6AB-586535C870A2}" = Windows Live Essentials "{5932CF7B-00D6-4B31-A849-554C3C68E0EB}" = Windows Live Essentials "{5BD54B96-C51E-4CE0-A507-1B606EE4364E}" = Photo Common "{5BEE8F1F-BD32-4553-8107-500439E43BD7}" = VAIO Update "{5C2F5C1B-9732-4F81-8FBF-6711627DC508}" = Windows Live Fotogalleri "{5CC4C963-F772-4766-BFF2-DE551E205EE9}" = Photo Common "{5D382E05-9CFA-45A5-962B-8F578E7D3A23}" = Photo Common "{5D425F10-407D-44DC-B464-A2586349CA71}" = Windows Live Writer "{5DBE54E2-C86B-4350-948B-461DC9FF6D20}" = Windows Live Messenger "{5DDAFB4B-C52E-468A-9E23-3B0CEEB671BF}" = VAIO-Support für Übertragungen "{5F00227C-7D06-4CCE-A064-8C98787029FE}" = Windows Live Writer Resources "{5F86FE78-D294-448C-9993-B9AFB62BE456}" = Movie Maker "{60A1253C-2D51-4166-95C2-52E9CF4F8D64}" = Photo Gallery "{60ADEF86-A867-47A0-9C8E-9B7E2AB3F87C}" = Windows Live Writer Resources "{61438020-DDD4-42FA-99A2-50225441980A}" = ArcSoft Magic-i Visual Effects 2 "{618F39BD-9720-47CF-A89C-108AB41B1493}" = Windows Live UX Platform Language Pack "{62813F65-4D78-43AF-A53C-DFAFA122E065}" = Windows Live Messenger "{63535877-2396-4437-9BF5-C9BE41EE7677}" = Windows Live Essentials "{63C43435-F428-42BA-8E7B-5848749D9262}" = SSLx86 "{643D412F-A46E-4D3D-832A-2D24A9AF85A8}" = Movie Maker "{6466EF6E-700E-470F-94CB-D0050302C84E}" = Remote Keyboard "{64DF7404-9D46-44AF-AFA1-A2F8D5648C2D}" = Windows Live Photo Common "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components "{692955F2-DE9F-4078-8FAA-858D6F3A1776}" = VAIO Gesture Control "{698ED639-3A26-49EF-B1EF-CD89CB97C778}" = Windows Live Essentials "{6BF29613-DEEF-44BA-93C1-431B9723041C}" = Windows Live Mail "{6C4BAF40-14F7-44F2-9B9A-C697DA797EF4}" = Συλλογή φωτογραφιών "{6F0C74FE-78BB-417E-969E-BB756F21ADEA}" = Windows Live Writer "{6FD21053-829D-40E7-B04C-CAFB7D5CD025}" = KUx86 "{70991E0A-1108-437E-BA7D-085702C670C0}" = "{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-sony" = WildTangent Games App "{70E5A613-5A04-42D9-B2CF-C99809BB6E0D}" = Windows Live Messenger "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{71D1898F-DFAE-4E0F-B57A-97F5F557EA3A}" = Windows Live Messenger "{723E4732-695B-4628-B5EC-A98EA34AA0F0}" = Movie Maker "{734A76AB-7427-4F31-8F91-1094523C6215}" = Windows Live Writer "{7396FB15-9AB4-4B78-BDD8-24A9C15D2C65}" = VAIO - Remote-Tastatur "{741ECBB6-1A0B-42F1-A7BF-76222734A63A}" = Movie Maker "{749D0B62-5610-4ADE-82E6-399E6B4DAD80}" = Windows Live Writer Resources "{74D68BE3-3804-4066-A244-B4C7A9D9F156}" = Movie Maker "{75FCD3A9-D7F8-46AD-BC90-91A6364B9334}" = Galeria de Fotografias "{76EE8FE7-1957-4C51-9074-4930A8CFB1AF}" = Windows Live Installer "{7762BB16-AF4E-769D-779C-F6E5F7F9D898}" = CCC Help Hungarian "{78136417-2ABA-47D0-A462-FBF55155EF8B}" = Movie Maker "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{78F35489-621D-4FFD-BCE7-2C7C3897E47C}" = Windows Live "{7914488D-F56B-464F-B735-F8E972E5E208}" = Photo Common "{7938AD90-AFEE-4573-AFC3-E5C20EE38759}" = Photo Common "{7967FE1D-16E7-4B39-858B-BBFC67070EC6}" = Windows Live Writer "{7A214298-DDD9-470E-895D-A8051ECA0093}" = Windows Live UX Platform Language Pack "{7A491ACF-24FE-11E1-B81E-F04DA23A5C58}" = DVD Architect Studio 5.0 "{7ACC21CF-6D04-11E0-903D-005056C00008}" = ACID Music Studio 8.0 "{7ADFA72D-2A9F-4DEC-80A5-2FAA27E23F0F}" = Windows Live Photo Common "{7AFB4A8D-F1CE-41E5-A18A-00A095447632}" = Фотогалерия "{7C80D30A-AC02-4E3F-B95D-29F0E4FF937B}" = VAIO Easy Connect "{7CCDEF0B-C593-49F0-9A8F-C06F00DF2143}" = Photo Common "{7D212065-7CC7-4BE4-9084-A8C2C687A72F}" = Windows Live Mail "{7E5A5CA6-B7D0-406E-A75E-157CAB47EB94}" = VMLx86 "{7F682A00-6497-4551-A2A6-063AE667D1CF}" = Movie Maker "{803E4FA5-A940-4420-B89D-A8BC2E160247}" = "{81019508-84DC-476E-8C49-BD77A61217D9}" = Fotogalleri "{810EED37-2024-4C10-B266-5A8CCB3D1A65}" = Windows Live Writer "{81E8E002-B85D-41A1-B085-850458716F52}" = Фотоколекція "{82F09B1C-F602-4552-9C40-5BD5F8EAF750}" = "{84BEAA30-1AF1-450B-9DD7-AD38B84004BA}" = Windows Live Messenger "{855DDD3C-131E-42A8-BCBD-F9581F80CACB}" = "{858B32BD-121C-4AC8-BD87-CE37C51C03E2}" = TrackID(TM) with BRAVIA "{85AC15A4-3C6D-4DA5-9DCE-C3396905CF9E}" = Windows Live Writer Resources "{862D7DA8-D4B6-EDAD-DFB0-D9F27E187B56}" = CCC Help Turkish "{8698AFE8-285C-44EA-A282-13DBD7039F1C}" = Photo Common "{86CAC8DE-288A-410D-A4A4-0190060E69AE}" = Raccolta foto "{86F56921-A690-4FD8-87B6-7BEAC39D2500}" = Photo Common "{8A05A5FC-339B-434E-B46E-B74A5D5E1BDB}" = Fotogaléria "{8B522F26-C481-1BDB-DA5B-239465957E15}" = CCC Help Russian "{8BE01561-9570-47E3-8B7F-D6A80005B970}" = Windows Live Essentials "{8CE152BA-1D16-11E1-867D-984BE15F174E}" = Evernote v. 4.5.2 "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110 "{8E2E1D4E-1F96-4361-9A69-0F513E3A4A25}" = Windows Live Messenger "{8E797841-A110-41FD-B17A-3ABC0641187A}" = VAIO Control Center "{8EEED220-D348-4F49-8C82-B11F6C5450C7}" = Movie Maker "{8F16159F-116C-4EC1-944C-DE491C8FFA4A}" = Windows Live Messenger "{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010 "{90140000-0015-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010 "{90140000-0016-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010 "{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010 "{90140000-0019-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010 "{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010 "{90140000-001B-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010 "{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010 "{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010 "{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010 "{90140000-001F-0410-0000-0000000FF1CE}_Office14.SingleImage_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002A-0407-1000-0000000FF1CE}_Office14.SingleImage_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010 "{90140000-002C-0407-0000-0000000FF1CE}_Office14.SingleImage_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010 "{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010 "{90140000-006E-0407-0000-0000000FF1CE}_Office14.SingleImage_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010 "{90140000-00A1-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90B936B2-33E6-4FE8-9A64-08EEB42AF2B1}" = Podstawowe programy Windows Live "{924B4D82-1B97-48EB-8F1E-55C4353C22DB}" = Windows Live Mail "{95140000-007D-0409-0000-0000000FF1CE}" = Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit "{95140000-0081-0407-0000-0000000FF1CE}" = Microsoft Office Outlook Connector "{96AA21F4-C8CE-4380-995A-992536463263}" = Galeria fotografii "{976BD361-BD7C-49D5-8423-3E98DD480E1F}" = Windows Liven peruspaketti "{9846E46F-07E0-4BDF-985A-E3FBA8C15877}" = Movie Maker "{98994720-A230-4F45-875C-AD56E28448F1}" = Windows Live Mail "{9994E62F-F31B-3890-5D17-2548A9F65B23}" = CCC Help Greek "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9B2E55F8-5BA8-4A45-9682-ACB6F2CC0DA5}" = Photo Gallery "{9BC2BB12-8EB4-43D9-97D0-FE1BFCD25903}" = Windows Live Messenger "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9CC77921-F397-43AE-8CA2-EDD0982BA25A}" = Windows Live Writer Resources "{A0080F8F-06D3-4409-8148-59D53EE1CF25}" = Windows Live Essentials "{A013F3E3-5F8E-43E0-BBCE-BA76F69E457B}" = Windows Live Messenger "{A29F0905-84B3-4D7C-8987-0F402BF1E78E}" = Windows Live Mail "{A35223E2-05BB-44D3-83A3-AF15C7ACD38D}" = Windows Live Writer Resources "{A45B1FCC-C091-45F7-90DB-967421945319}" = Windows Live Messenger "{A49A517F-5332-4665-922C-6D9AD31ADD4F}" = VSNx86 "{A4A06F18-206F-476C-9D57-E272B446B09C}" = Galerie foto "{A5D8B1C2-4B2E-42F1-ADB4-D0308A4F5C6F}" = Windows Live Writer "{A61E1C37-814A-42D8-8CF6-E49D729A4A9B}" = Windows Live Writer "{A7C30414-2382-4086-B0D6-01A88ABA21C3}" = VAIO Gate "{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD "{A929A7EA-4DFB-48F9-AAF6-C880DF64FB73}" = Windows Live Writer "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AA04DFE7-C921-43AD-9A70-595DE6C5A881}" = Valokuvavalikoima "{AA39D3EF-8722-BC43-1429-FD7ED7C0C20A}" = CCC Help Korean "{AA573301-DDE1-410A-9492-89CD5D76CD94}" = Windows Live Writer "{AAFCCC4E-587E-4493-9C11-AB75F208CF1B}" = Windows Live Writer Resources "{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X MUI "{AE5F3379-8B81-457E-8E09-7E61D941AFA4}" = VAIO Gate "{AFDA5989-2057-4388-A208-576D65024AD4}" = Windows Live Writer "{AFDCB551-9506-41FB-ADBD-678321A0E5F6}" = Windows Live Mail "{AFEDF394-2774-F2F4-6309-4F6436163ECE}" = CCC Help Japanese "{B19E03EA-067C-412F-A81E-271720E601AB}" = Fotogalerie "{B24BB74E-8359-43AA-985A-8E80C9219C70}" = VSSTx86 "{B25D84F2-16D6-42BB-BF24-158C7676D0B6}" = Windows Live Mail "{B27FA0A3-D80F-41A9-8BAD-C5F2D859AB22}" = Photo Common "{B2A814DF-B976-438D-92D0-54B53281F27F}" = Windows Live Writer Resources "{B410D843-920F-41AB-AE7F-F0C67498C113}" = Windows Live UX Platform Language Pack "{B417B07D-3373-458A-A431-0F7E3742F182}" = Почта Windows Live "{B4DEF552-B0CE-89A8-9A8B-936CDF5D041E}" = CCC Help Norwegian "{B6659DD8-00A7-4A24-BBFB-C1F6982E5D66}" = PlayStation(R)Network Downloader "{B6829511-95BB-46FC-9030-957D54B8EFE2}" = Windows Live UX Platform Language Pack "{B690AA36-1F69-469A-92DC-256688BD2568}" = Windows Live Mail "{B7546697-2A80-4256-A24B-1C33163F535B}" = VAIO Gate Default "{B8292FC1-3D39-43A0-B65B-BADDA11151FB}" = Windows Live Essentials "{B8991D99-88FD-41F2-8C32-DB70278D5C30}" = VWSTx86 "{B89EE842-D398-4EAC-A3DF-47280B285DD9}" = Windows Live Mail "{BA73469B-D8C7-4FE3-B33C-1340D09F0709}" = Windows Live Communications Platform "{BCE6E3D7-B565-4E1B-AC77-F780666A35FB}" = VAIO*CPU-Lüfterdiagnose "{BECFE8E0-4171-4562-8ED4-CBC4594204C9}" = Windows Live UX Platform Language Pack "{C1594429-8296-4652-BF54-9DBE4932A44C}" = Realtek PCIE Card Reader "{C2CDACDF-EC5C-4F9F-B2D7-D6486CFAAD58}" = Fotótár "{C33EA3F2-015B-48EE-A3ED-AFFDDC19E74A}" = Windows Live Messenger "{C346C112-D8D9-2ACC-3BC8-A204754C68BD}" = CCC Help Dutch "{C50ECBA4-CD35-47E6-B0A9-D22C8045B1F7}" = Windows Live Messenger "{C5335524-82F2-4C78-8A86-7B44AD1946FB}" = Windows Live Essentials "{C6E893E7-E5EA-4CD5-917C-5443E753FCBD}" = VAIO-Handbuch "{C782709A-0F72-4BCF-961B-3F40E2619A32}" = Windows Live Mail "{C793AD32-2BB8-4CC4-ABD3-A1469C21593C}" = ArcSoft WebCam Companion 4 "{C7BC5783-3244-FE39-2EF6-CDE781453D17}" = CCC Help Chinese Standard "{C7CE1BF7-08A1-9DD7-1E1A-101993EC91BC}" = Catalyst Control Center Localization All "{C8544A9A-76BE-4F82-811E-979799AE493B}" = VAIO Gesture Control "{CB11603E-C53E-4690-B73E-BC6E1317796B}" = Movie Maker "{CBB00A31-1E0F-458C-BA15-0BAFF0567772}" = Windows Live Mail "{CCDB7ADB-1643-4C30-B39D-1562CFE51420}" = Movie Maker "{CD442136-9115-4236-9C14-278F6A9DCB3F}" = Windows Live Movie Maker "{CD8F936D-7BA3-4902-B0A0-7D96C69E1193}" = Fotogalleriet "{CE806AF0-F384-11E0-9EE7-F04DA23A5C58}" = Vegas Movie Studio HD Platinum 11.0 "{CFDA5476-639A-45B9-AEA3-C8D6CD92B414}" = Windows Live Writer "{D0873221-A48B-4A2F-9D34-5F0C21725CF5}" = Windows Live Mail "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64 "{D17C2A58-E0EA-4DD7-A2D6-C448FD25B6F6}" = VIx86 "{D296620B-C85E-4890-A9B3-197A521B3457}" = Photo Common "{D2D23D08-D10E-43D6-883C-78E0B2AC9CC6}" = VU5x86 "{D48BCCD6-D2E2-42F4-B8E8-D7BC10C568EC}" = Windows Live UX Platform Language Pack "{D4C1DC3F-F1C4-4DAB-9DF9-73741965AB8E}" = Windows Live Essentials "{D531FC91-6F4E-49A7-B912-15289D05B6F8}" = Photo Common "{D555C389-F793-443A-B012-A3D70590CF3D}" = Windows Live Writer Resources "{D56DA747-5FDB-4AD5-9A6A-3481C0ED44BD}" = Remote Play with PlayStation(R)3 "{D6C0EDA5-7E06-4F01-895D-B08BBE82AC82}" = Windows Live Mail "{D71BC54E-A4E6-4E06-866C-FD6EE16EA187}" = Movie Maker "{D775D71D-C54B-41AE-97C2-EDEEBCA4FFCF}" = Windows Live Messenger "{D77A6FED-256C-4E2F-9873-59C92C854A4E}" = Photo Common "{D969C468-FCB8-4BFF-A480-33C0A6F7EA64}" = Windows Live Mail "{DA22811F-4A83-4FE3-959F-1F26B64BA54B}" = Windows Live Writer "{DB1A3EA7-0C25-4BEC-A108-176195190369}" = VHD "{DC2CB432-D3B9-4F81-8ACB-7775FD5202E5}" = Photo Common "{DCCC9E33-B234-42D9-9321-F1B961D3568F}" = Windows Live Messenger "{DE4E45CB-BA8F-4D82-81DA-22E93E522053}" = Photo Common "{DE93ED51-40D8-48B4-2A02-67EBF85DEE88}" = CCC Help Danish "{DF184496-1CA2-4D07-92E7-0BD251D7DEF0}" = VCCx86 "{DF6478C8-7643-4E80-8077-3D51614A3DBA}" = Movie Maker "{E03CD71A-F595-49DF-9ADC-0CFC93B1B211}" = PlayMemories Home "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E11BBB8C-AF78-4188-A429-74F7A51C5486}" = Windows Live Writer "{E13586CB-4E3A-41D3-BE97-2DA9C86CE6E9}" = Windows Live Writer Resources "{E17D151E-5E8E-C6AF-031E-76A941D2111E}" = Catalyst Control Center Graphics Previews Common "{E195A4C0-2684-467D-B7DC-E82D5C8310A2}" = Windows Live Writer "{E1B7239A-120F-4676-9B19-D2B028BEBDD1}" = Windows Live Essentials "{E26A3459-C2A9-9C54-4ED5-F0E26DECBD40}" = CCC Help English "{E3B75D04-2C2B-4423-8800-BF8BF345E504}" = Photo Common "{E48B3EBF-0CEC-43AB-AC12-B36439ABE14C}" = Movie Maker "{E51363F9-BA22-4069-A5CB-B17A9EB06BB9}" = Windows Live UX Platform Language Pack "{E5E19577-2ECC-4C8E-A342-79D160A06097}" = Windows Live UX Platform Language Pack "{E60D9CA8-14A6-4F56-BA12-D9D8C8004E09}" = Windows Live Messenger "{E6757A5B-EE7E-4D72-82B7-D1B2991DF55E}" = PYV_x86 "{E682702C-609C-4017-99E7-3129C163955F}" = VAIO - Remote-Tastatur mit PlayStation®3 "{E727B31A-8B24-4C1C-934A-69634E0D2C0B}" = Qualcomm Atheros WiFi Driver Installation "{E9E878AA-FF39-43EF-BDFE-01C17A0DD490}" = Windows Live Writer Resources "{EA53D435-3740-4513-A519-484D2BF659FA}" = Windows Live Writer Resources "{EBBB8461-52A2-11E1-8EBF-005056C00008}" = MSVCRT Redists "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0DA672E-15DB-4413-BE2D-887DD1513607}" = Windows Live Writer "{F0F9505B-3ACF-4158-9311-D0285136AA00}" = Windows Live Essentials "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F1CE08B9-2D76-40A3-8BE8-342FC15D62F6}" = Pošta Windows Live "{F2D28001-14A6-4A8C-96A1-DB638CACC9FA}" = Windows Live Writer "{F3EECDE9-68D3-404D-A29B-9DFC72FE48F0}" = Windows Live Messenger "{F5153DD9-B31E-48DA-BBB3-34E9428DA84B}" = Movie Maker "{F853F496-6AE9-40C9-96B2-78EF40881C3E}" = Windows Live Messenger "{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center "{F9328515-878F-4AB9-A113-104DD1A1F6EB}" = Photo Common "{F9E652C8-88D6-4056-B00A-DC3E4529A421}" = Windows Live UX Platform Language Pack "{FB77DB0C-6951-47B6-9D80-A0FDBEE0334C}" = "{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR "{FDF614F8-710F-4C28-A90F-07A9BC82774D}" = Windows Live UX Platform Language Pack "{FE58D81E-30CE-4C73-9A52-28E886B62B91}" = Windows Live Writer Resources "{FE8DFDD0-A543-4A83-B7A9-C411138194D5}" = Galerie de photos "{FECB76C1-1C1D-4A84-8D47-5754C74B5A5E}" = Junk Mail filter update "{FFA276E9-E93B-409B-8961-5F083B0A3794}" = Windows Live Writer "{FFFA0584-8E3D-4195-8283-CCA3AD73C746}" = Windows Live Messenger "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "EPSON Scanner" = EPSON Scan "Free M4a to MP3 Converter_is1" = Free M4a to MP3 Converter 7.2 "Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version "Google Chrome" = Google Chrome "InstallShield_{7C80D30A-AC02-4E3F-B95D-29F0E4FF937B}" = VAIO Easy Connect "InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version "MSC" = McAfee Internet Security "Office14.SingleImage" = Microsoft Office Home and Business 2010 "VAIO Help and Support" = "WildTangent sony Master Uninstall" = WildTangent-Spiele "WinLiveSuite" = Windows Live Essentials "WTA-04bc9f9a-3376-4280-bee7-06571515ef91" = Polar Bowler "WTA-2be29cb8-b593-4db6-8ef8-7ab82be5643c" = Virtual Villagers 4 - The Tree of Life "WTA-394c29b1-6712-4f21-8313-4e2419bdfa5d" = Agatha Christie - Death on the Nile "WTA-4861a0a4-6002-406c-90e3-29b463d03fa9" = Bejeweled 3 "WTA-536271c9-d88d-49ae-a1fc-1eb177cc352d" = Jewel Quest Solitaire 2 "WTA-63057d5e-365d-46c4-9a35-89306ee8d3c2" = Chuzzle Deluxe "WTA-6600e9d1-9b52-4680-8f50-aa2e2f6c111f" = Build-a-lot 2 "WTA-7448c8fc-f562-4a9e-a74f-fe585a235f4f" = Mystery of Mortlake Mansion "WTA-75761d13-474f-4f9a-8c92-6b173e0c6f22" = Insaniquarium Deluxe "WTA-8e0b632b-b3f0-4af6-9065-f2f14e357266" = Aloha TriPeaks
"WTA-a9a0afe6-a5b1-4655-b364-3a25ffcb75d8" = Mahjongg Artifacts
"WTA-afb4078e-96d3-4c9c-ac5f-b5cc26d3c902" = Cake Mania
"WTA-bccddf2b-cecc-42a3-a8e1-653577c160db" = Plants vs. Zombies - Game of the Year
"WTA-bf7223e1-6376-47d0-ac3a-6404d06edca4" = The Hidden Object Game Show
"WTA-e1b34d9e-5cdb-4983-bb54-2de31c69097b" = Fishdom (TM) 2
"WTA-e4809f71-bed6-4a10-aa43-4b69c97a3cd5" = Mystery P.I. - The London Caper

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3632474297-1850393708-2787934250-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"jZip" = jZip
"SkyDriveSetup.exe" = Microsoft SkyDrive

========== Last 20 Event Log Errors ========== DUCABOTOR-VAIO | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 4992 Error - 28.03.2013 14:22:05 | Computer Name = DUCABOTOR-VAIO | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 4992 Error - 28.03.2013 14:22:06 | Computer Name = DUCABOTOR-VAIO | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: Continuously busy for more than a second Error - 28.03.2013 14:22:06 | Computer Name = DUCABOTOR-VAIO | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 6006 Error - 28.03.2013 14:22:06 | Computer Name = DUCABOTOR-VAIO | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 6006 Error - 28.03.2013 14:22:07 | Computer Name = DUCABOTOR-VAIO | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: Continuously busy for more than a second Error - 28.03.2013 14:22:07 | Computer Name = DUCABOTOR-VAIO | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 7005 Error - 28.03.2013 14:22:07 | Computer Name = DUCABOTOR-VAIO | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 7005 Error - 28.03.2013 14:22:08 | Computer Name = DUCABOTOR-VAIO | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: Continuously busy for more than a second [ System Events ] Error - 08.04.2013 17:01:27 | Computer Name = DUCABOTOR-VAIO | Source = Service Control Manager | ID = 7011 Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst MOBK649backup erreicht. Error - 08.04.2013 17:01:57 | Computer Name = DUCABOTOR-VAIO | Source = Service Control Manager | ID = 7011 Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst MOBK649backup erreicht. Error - 08.04.2013 17:02:27 | Computer Name = DUCABOTOR-VAIO | Source = Service Control Manager | ID = 7011 Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst MOBK649backup erreicht. Error - 08.04.2013 18:59:45 | Computer Name = DUCABOTOR-VAIO | Source = Service Control Manager | ID = 7011 Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst MOBK649backup erreicht. Error - 08.04.2013 19:07:33 | Computer Name = DUCABOTOR-VAIO | Source = Service Control Manager | ID = 7011 Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst MOBK649backup erreicht. Error - 08.04.2013 19:08:03 | Computer Name = DUCABOTOR-VAIO | Source = Service Control Manager | ID = 7011 Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst MOBK649backup erreicht. Error - 08.04.2013 19:40:59 | Computer Name = DUCABOTOR-VAIO | Source = Service Control Manager | ID = 7011 Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst MOBK649backup erreicht. Error - 09.04.2013 01:27:25 | Computer Name = DUCABOTOR-VAIO | Source = Service Control Manager | ID = 7011 Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst MOBK649backup erreicht. Error - 09.04.2013 01:27:55 | Computer Name = DUCABOTOR-VAIO | Source = Service Control Manager | ID = 7011 Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst SampleCollector erreicht. Error - 09.04.2013 01:28:59 | Computer Name = DUCABOTOR-VAIO | Source = EventLog | ID = 6008 Description = Das System wurde zuvor am ?09.?04.?2013 um 07:26:55 unerwartet heruntergefahren. < End of report > |
GVU Trojaner; Laptop läßt sich auch nicht im abgesicherten Modus starten

Ok, weiter:

Schritt 1

Downloade dir bitte AdwCleaner und speichere es auf deinen Desktop.
Schritt 2 Warnung für Mitleser: Combofix sollte nur dann ausgeführt werden, wenn dies explizit von einem Teammitglied angewiesen wurde! Downloade dir bitte Combofix.
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten Zitat:
Schritt 3 Starte bitte die OTL.exe.
Bitte poste in deiner nächsten Antwort:
GVU Trojaner; Laptop läßt sich auch nicht im abgesicherten Modus starten

Schritt 1 > AdwCleaner:
ATTFilter # AdwCleaner v2.202 - Datei am 25/04/2013 um 19:09:44 erstellt # Aktualisiert am 23/04/2013 von Xplode # Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits) # Benutzer : DUCABOTOR - DUCABOTOR-VAIO # Bootmodus : Normal # Ausgeführt unter : C:\Users\DUCABOTOR\Desktop\adwcleaner.exe # Option [Löschen] **** [Dienste] **** ***** [Dateien / Ordner] ***** Ordner Gelöscht : C:\Program Files (x86)\Common Files\DVDVideoSoft\TB Ordner Gelöscht : C:\Users\DUCABOTOR\AppData\Roaming\dvdvideosoftiehelpers Ordner Gelöscht : C:\Users\DUCABOTOR\AppData\Roaming\OpenCandy ***** [Registrierungsdatenbank] ***** Schlüssel Gelöscht : HKCU\Software\APN PIP Schlüssel Gelöscht : HKCU\Software\Softonic Schlüssel Gelöscht : HKLM\Software\PIP Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{7D86A08B-0A8F-4BE0-B693-F05E6947E780} ***** [Internet Browser] ***** -\\ Internet Explorer v10.0.9200.16537 [OK] Die Registrierungsdatenbank ist sauber. -\\ Google Chrome v26.0.1410.64 Datei : C:\Users\DUCABOTOR\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] Die Datei ist sauber. ************************* AdwCleaner[S1].txt - [1179 octets] - [25/04/2013 19:09:44] ########## EOF - C:\AdwCleaner[S1].txt - [1239 octets] ########## Schritt 2 > Combofix: Code:
ATTFilter ComboFix 13-04-25.01 - DUCABOTOR 25.04.2013 19:22:42.1.8 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.6114.4160 [GMT 2:00] ausgeführt von:: c:\users\DUCABOTOR\Desktop\ComboFix.exe AV: McAfee Anti-Virus und Anti-Spyware *Disabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892} FW: McAfee Firewall *Disabled* {959DA8E2-3527-57D1-4915-924367AD4FE9} SP: McAfee Anti-Virus und Anti-Spyware *Disabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . . c:\programdata\B4o3v2on.exe.b c:\users\DUCABOTOR\AppData\Local\Microsoft\Windows\Temporary Internet Files\{0E645A15-1317-4605-B758-CAAAEB2C572D}.xps c:\users\DUCABOTOR\AppData\Local\Microsoft\Windows\Temporary Internet Files\{2771AFDB-0E65-4BFE-B804-5B3390CB1752}.xps c:\users\DUCABOTOR\AppData\Local\Microsoft\Windows\Temporary Internet Files\{D7011288-4924-4329-AA45-2B3277961F45}.xps . . ((((((((((((((((((((((( Dateien erstellt von 2013-03-25 bis 2013-04-25 )))))))))))))))))))))))))))))) . . 2013-04-25 17:27 . 2013-04-25 17:27 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-04-25 10:30 . 2013-04-25 10:30 -------- d-----w- C:\FRST 2013-04-24 08:15 . 2013-04-12 14:45 1656680 ----a-w- c:\windows\system32\drivers\ntfs.sys 2013-04-13 19:55 . 2013-04-13 19:55 -------- d-----w- c:\program files (x86)\Free M4a to MP3 Converter 2013-04-13 18:24 . 2013-04-13 18:25 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69 2013-04-13 18:24 . 2013-04-13 18:25 -------- d-----w- c:\program files\iTunes 2013-04-13 18:24 . 2013-04-13 18:25 -------- d-----w- c:\program files (x86)\iTunes 2013-04-13 18:24 . 2013-04-13 18:24 -------- d-----w- c:\program files\iPod 2013-04-10 01:00 . 2013-02-21 10:15 2240512 ----a-w- c:\windows\system32\wininet.dll 2013-04-10 01:00 . 2013-02-21 10:14 15404544 ----a-w- c:\windows\system32\ieframe.dll 2013-04-10 01:00 . 2013-02-21 10:14 19230208 ----a-w- c:\windows\system32\mshtml.dll 2013-04-09 19:20 . 2013-02-15 06:06 3717632 ----a-w- c:\windows\system32\mstscax.dll 2013-04-09 19:20 . 2013-02-15 04:37 3217408 ----a-w- c:\windows\SysWow64\mstscax.dll 2013-04-09 19:20 . 2013-02-15 06:08 44032 ----a-w- c:\windows\system32\tsgqec.dll 2013-04-09 19:20 . 2013-02-15 06:02 158720 ----a-w- c:\windows\system32\aaclient.dll 2013-04-09 19:20 . 2013-02-15 04:34 131584 ----a-w- c:\windows\SysWow64\aaclient.dll 2013-04-09 19:20 . 2013-02-15 03:25 36864 ----a-w- c:\windows\SysWow64\tsgqec.dll 2013-04-09 19:20 . 2013-03-01 03:36 3153408 ----a-w- c:\windows\system32\win32k.sys 2013-04-09 19:20 . 2013-01-24 06:01 223752 ----a-w- c:\windows\system32\drivers\fvevol.sys 2013-04-09 19:19 . 2013-03-19 06:04 5550424 ----a-w- c:\windows\system32\ntoskrnl.exe 2013-04-09 19:19 . 2013-03-19 05:04 3968856 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2013-04-09 19:19 . 2013-03-19 05:04 3913560 ----a-w- c:\windows\SysWow64\ntoskrnl.exe 2013-04-09 19:19 . 2013-03-19 03:06 112640 ----a-w- c:\windows\system32\smss.exe 2013-04-09 19:19 . 2013-03-19 05:46 43520 ----a-w- c:\windows\system32\csrsrv.dll 2013-04-09 19:19 . 2013-03-19 04:47 6656 ----a-w- c:\windows\SysWow64\apisetschema.dll 2013-04-07 17:13 . 2013-04-07 17:29 -------- d-----w- C:\DCMI Videos 2013-04-04 11:40 . 2009-12-08 22:00 464384 ----a-w- c:\windows\system32\esxw2ud.dll 2013-04-04 11:40 . 2009-10-15 22:00 13824 ----a-w- c:\windows\system32\esxcdev.dll 2013-04-04 11:40 . 2009-10-15 22:00 132560 ----a-w- c:\windows\system32\esdevapp.exe 2013-04-04 11:40 . 2013-04-04 11:40 -------- d-----w- c:\program files (x86)\epson 2013-04-02 14:45 . 2013-04-02 14:45 -------- d-----w- c:\users\DUCABOTOR\Bodenmatte 150x215 . . . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-03-17 02:02 . 2013-03-17 02:02 97280 ----a-w- c:\windows\system32\mshtmled.dll 2013-03-17 02:02 . 2013-03-17 02:02 92160 ----a-w- c:\windows\system32\SetIEInstalledDate.exe 2013-03-17 02:02 . 2013-03-17 02:02 905728 ----a-w- c:\windows\system32\mshtmlmedia.dll 2013-03-17 02:02 . 2013-03-17 02:02 81408 ----a-w- c:\windows\system32\icardie.dll 2013-03-17 02:02 . 2013-03-17 02:02 77312 ----a-w- c:\windows\system32\tdc.ocx 2013-03-17 02:02 . 2013-03-17 02:02 762368 ----a-w- c:\windows\system32\ieapfltr.dll 2013-03-17 02:02 . 2013-03-17 02:02 73728 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe 2013-03-17 02:02 . 2013-03-17 02:02 719360 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll 2013-03-17 02:02 . 2013-03-17 02:02 62976 ----a-w- c:\windows\system32\pngfilt.dll 2013-03-17 02:02 . 2013-03-17 02:02 61952 ----a-w- c:\windows\SysWow64\tdc.ocx 2013-03-17 02:02 . 2013-03-17 02:02 599552 ----a-w- c:\windows\system32\vbscript.dll 2013-03-17 02:02 . 2013-03-17 02:02 523264 ----a-w- c:\windows\SysWow64\vbscript.dll 2013-03-17 02:02 . 2013-03-17 02:02 52224 ----a-w- c:\windows\system32\msfeedsbs.dll 2013-03-17 02:02 . 2013-03-17 02:02 51200 ----a-w- c:\windows\system32\imgutil.dll 2013-03-17 02:02 . 2013-03-17 02:02 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll 2013-03-17 02:02 . 2013-03-17 02:02 48640 ----a-w- c:\windows\system32\mshtmler.dll 2013-03-17 02:02 . 2013-03-17 02:02 452096 ----a-w- c:\windows\system32\dxtmsft.dll 2013-03-17 02:02 . 2013-03-17 02:02 441856 ----a-w- c:\windows\system32\html.iec 2013-03-17 02:02 . 2013-03-17 02:02 38400 ----a-w- c:\windows\SysWow64\imgutil.dll 2013-03-17 02:02 . 2013-03-17 02:02 361984 ----a-w- c:\windows\SysWow64\html.iec 2013-03-17 02:02 . 2013-03-17 02:02 281600 ----a-w- c:\windows\system32\dxtrans.dll 2013-03-17 02:02 . 2013-03-17 02:02 27648 ----a-w- c:\windows\system32\licmgr10.dll 2013-03-17 02:02 . 2013-03-17 02:02 270848 ----a-w- c:\windows\system32\iedkcs32.dll 2013-03-17 02:02 . 2013-03-17 02:02 247296 ----a-w- c:\windows\system32\webcheck.dll 2013-03-17 02:02 . 2013-03-17 02:02 235008 ----a-w- c:\windows\system32\url.dll 2013-03-17 02:02 . 2013-03-17 02:02 23040 ----a-w- c:\windows\SysWow64\licmgr10.dll 2013-03-17 02:02 . 2013-03-17 02:02 226304 ----a-w- c:\windows\system32\elshyph.dll 2013-03-17 02:02 . 2013-03-17 02:02 216064 ----a-w- c:\windows\system32\msls31.dll 2013-03-17 02:02 . 2013-03-17 02:02 197120 ----a-w- c:\windows\system32\msrating.dll 2013-03-17 02:02 . 2013-03-17 02:02 185344 ----a-w- c:\windows\SysWow64\elshyph.dll 2013-03-17 02:02 . 2013-03-17 02:02 173568 ----a-w- c:\windows\system32\ieUnatt.exe 2013-03-17 02:02 . 2013-03-17 02:02 167424 ----a-w- c:\windows\system32\iexpress.exe 2013-03-17 02:02 . 2013-03-17 02:02 158720 ----a-w- c:\windows\SysWow64\msls31.dll 2013-03-17 02:02 . 2013-03-17 02:02 1509376 ----a-w- c:\windows\system32\inetcpl.cpl 2013-03-17 02:02 . 2013-03-17 02:02 150528 ----a-w- c:\windows\SysWow64\iexpress.exe 2013-03-17 02:02 . 2013-03-17 02:02 149504 ----a-w- c:\windows\system32\occache.dll 2013-03-17 02:02 . 2013-03-17 02:02 144896 ----a-w- c:\windows\system32\wextract.exe 2013-03-17 02:02 . 2013-03-17 02:02 1441280 ----a-w- c:\windows\SysWow64\inetcpl.cpl 2013-03-17 02:02 . 2013-03-17 02:02 1400416 ----a-w- c:\windows\system32\ieapfltr.dat 2013-03-17 02:02 . 2013-03-17 02:02 138752 ----a-w- c:\windows\SysWow64\wextract.exe 2013-03-17 02:02 . 2013-03-17 02:02 13824 ----a-w- c:\windows\system32\mshta.exe 2013-03-17 02:02 . 2013-03-17 02:02 137216 ----a-w- c:\windows\SysWow64\ieUnatt.exe 2013-03-17 02:02 . 2013-03-17 02:02 136192 ----a-w- c:\windows\system32\iepeers.dll 2013-03-17 02:02 . 2013-03-17 02:02 135680 ----a-w- c:\windows\system32\IEAdvpack.dll 2013-03-17 02:02 . 2013-03-17 02:02 12800 ----a-w- c:\windows\SysWow64\mshta.exe 2013-03-17 02:02 . 2013-03-17 02:02 12800 ----a-w- c:\windows\system32\msfeedssync.exe 2013-03-17 02:02 . 2013-03-17 02:02 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll 2013-03-17 02:02 . 2013-03-17 02:02 1054720 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe 2013-03-17 02:02 . 2013-03-17 02:02 102912 ----a-w- c:\windows\system32\inseng.dll 2013-03-13 02:00 . 2012-04-26 06:30 73432 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2013-03-13 02:00 . 2012-04-26 06:30 693976 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2013-02-19 12:59 . 2011-08-15 08:00 70112 ----a-w- c:\windows\system32\drivers\cfwids.sys 2013-02-19 12:56 . 2011-08-15 08:00 340216 ----a-w- c:\windows\system32\drivers\mfewfpk.sys 2013-02-19 12:56 . 2012-04-26 06:12 182752 ----a-w- c:\windows\system32\mfevtps.exe 2013-02-19 12:55 . 2012-04-26 06:13 10728 ----a-w- c:\windows\system32\drivers\mfeclnk.sys 2013-02-19 12:55 . 2011-08-15 08:00 106552 ----a-w- c:\windows\system32\drivers\mferkdet.sys 2013-02-19 12:54 . 2011-08-15 08:00 771536 ----a-w- c:\windows\system32\drivers\mfehidk.sys 2013-02-19 12:53 . 2011-08-15 08:00 515968 ----a-w- c:\windows\system32\drivers\mfefirek.sys 2013-02-19 12:53 . 2011-08-15 08:00 309840 ----a-w- c:\windows\system32\drivers\mfeavfk.sys 2013-02-19 12:52 . 2011-08-15 08:00 179280 ----a-w- c:\windows\system32\drivers\mfeapfk.sys 2013-02-12 05:45 . 2013-03-12 20:29 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll 2013-02-12 05:45 . 2013-03-12 20:29 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll 2013-02-12 05:45 . 2013-03-12 20:29 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll 2013-02-12 05:45 . 2013-03-12 20:29 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll 2013-02-12 04:48 . 2013-03-12 20:29 474112 ----a-w- c:\windows\apppatch\AcSpecfc.dll 2013-02-12 04:48 . 2013-03-12 20:29 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll 2013-02-12 04:12 . 2013-03-14 22:03 19968 ----a-w- c:\windows\system32\drivers\usb8023.sys . . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1] @="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}" [HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}] 2012-11-08 20:42 220632 ----a-w- c:\users\DUCABOTOR\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2] @="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}" [HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}] 2012-11-08 20:42 220632 ----a-w- c:\users\DUCABOTOR\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3] @="{BBACC218-34EA-4666-9D7A-C78F2274A524}" [HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}] 2012-11-08 20:42 220632 ----a-w- c:\users\DUCABOTOR\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 129272 ----a-w- c:\users\DUCABOTOR\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 129272 ----a-w- c:\users\DUCABOTOR\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 129272 ----a-w- c:\users\DUCABOTOR\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "GoogleChromeAutoLaunch_50C8AB55EDB8CD3DA3E7A9C2D26F30E8"="c:\program files (x86)\Google\Chrome\Application\chrome.exe" [2013-04-09 1312720] "EPLTarget\P0000000000000000"="c:\windows\system32\spool\DRIVERS\x64\3\E_YATIHSE.EXE" [2011-04-24 239488] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-01-17 343168] "IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2011-11-29 284440] "USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-02-27 291608] "mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2013-01-14 1534504] "BDRegion"="c:\program files (x86)\Cyberlink\Shared files\brs.exe" [2012-02-20 75048] "PMBVolumeWatcher"="c:\program files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe" [2012-02-21 693608] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-01-28 59720] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-02-20 152392] . c:\users\DUCABOTOR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dropbox.lnk - c:\users\DUCABOTOR\AppData\Roaming\Dropbox\bin\Dropbox.exe [2013-3-12 29106336] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ McAfee Online Backup Status.lnk - c:\program files (x86)\McAfee Online Backup\MOBK649stat.exe [2011-4-18 5077304] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "midi2"=wdmaud.drv . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-] "ISBMgr.exe"="c:\program files (x86)\Sony\ISB Utility\ISBMgr.exe" "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" . R2 CLKMSVC10_9EC60124;CyberLink Product - 2012/04/26 08:36;c:\program files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe [2012-01-19 248304] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 Intel(R) ME Service;Intel(R) ME Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [2012-02-07 121344] R3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [2012-01-19 36000] R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-03-01 183560] R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [2012-01-19 339616] R3 btath_avdt;Atheros Bluetooth AVDT Service;c:\windows\system32\drivers\btath_avdt.sys [2012-01-19 110752] R3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [2012-01-19 167584] R3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [2012-01-19 280992] R3 BTATH_VDP;Bluetooth VDP Driver;c:\windows\system32\drivers\btath_vdp.sys [2012-01-19 421664] R3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [2012-01-19 550560] R3 DCDhcpService;DCDhcpService;c:\program files\Sony\VAIO Smart Network\WFDA\DCDhcpService.exe [2012-03-21 112256] R3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y60x64.sys [2009-06-10 281088] R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072] R3 HipShieldK;McAfee Inc. HipShieldK;c:\windows\system32\drivers\HipShieldK.sys [2012-04-20 196440] R3 McAWFwk;McAfee Activation Service;c:\progra~1\mcafee\msc\mcawfwk.exe [2011-01-28 225216] R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2013-02-19 106552] R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys [2012-03-26 22528] R3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [2012-02-09 340072] R3 SOHCImp;VAIO Content Importer;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2012-01-06 138392] R3 SOHDs;VAIO Device Searcher;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2012-01-06 74904] R3 SpfService;VAIO Entertainment Common Service;c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe [2011-12-01 289952] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-09-28 53760] R3 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe [2012-01-10 535688] R3 VCFw;VAIO Content Folder Watcher;c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2011-12-29 960160] R3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2011-12-21 550128] R3 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;c:\program files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [2011-12-21 382720] R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2011-08-26 101600] R3 WSDScan;WSD-Scanunterstützung durch UMB;c:\windows\system32\DRIVERS\WSDScan.sys [2009-07-14 25088] R4 McOobeSv;McAfee OOBE Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-08-31 201304] S0 iusb3hcs;Intel(R) USB 3.0 Hostcontroller-Switchtreiber;c:\windows\system32\DRIVERS\iusb3hcs.sys [2012-02-27 16152] S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2013-02-19 340216] S1 MOBK649Filter;MOBK649Filter;c:\windows\system32\DRIVERS\MOBK649.sys [2011-04-18 66040] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-04-16 235520] S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe [2012-01-19 106144] S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-11-29 13592] S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2012-02-09 2429544] S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe [2012-02-02 628448] S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [2012-02-07 161560] S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-08-31 201304] S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-08-31 201304] S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-08-31 201304] S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2013-02-19 218760] S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2013-02-19 182752] S2 MOBK649backup;McAfee Online Backup Service;c:\program files (x86)\McAfee Online Backup\MOBK649backup.exe [2011-04-18 223544] S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [2012-02-21 473960] S2 SampleCollector;VAIO Care Performance Service;c:\program files\Sony\VAIO Care\VCPerfService.exe [2011-11-30 260768] S2 uCamMonitor;CamMonitor;c:\program files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2011-02-23 105024] S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-02-07 363800] S2 VSNService;VSNService;c:\program files\Sony\VAIO Smart Network\VSNService.exe [2012-03-26 978056] S2 ZAtheros Bt&Wlan Coex Agent;ZAtheros Bt&Wlan Coex Agent;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [2012-01-19 158880] S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys [2009-05-26 19968] S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-04-16 95248] S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [2012-01-19 30368] S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2013-02-19 70112] S3 iusb3hub;Intel(R) USB 3.0-Hubtreiber;c:\windows\system32\DRIVERS\iusb3hub.sys [2012-02-27 356120] S3 iusb3xhc;Intel(R) USB 3.0 eXtensible-Hostcontrollertreiber;c:\windows\system32\DRIVERS\iusb3xhc.sys [2012-02-27 787736] S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2013-02-19 515968] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2012-02-09 565352] S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\DRIVERS\SFEP.sys [2012-01-16 14336] S3 VCService;VCService;c:\program files\Sony\VAIO Care\VCService.exe [2012-01-20 54432] S3 VUAgent;VUAgent;c:\program files\Sony\VAIO Update Common\VUAgent.exe [2012-01-13 1256040] . . --- Andere Dienste/Treiber im Speicher --- . *Deregistered* - CLKMDRV10_9EC60124 *Deregistered* - mfeavfk01 . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2013-04-10 19:52 1642448 ----a-w- c:\program files (x86)\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe . Inhalt des "geplante Tasks" Ordners . 2013-04-25 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-26 02:00] . 2013-04-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-11-01 14:10] . 2013-04-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-11-01 14:10] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1] @="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}" [HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}] 2012-11-08 20:42 244696 ----a-w- c:\users\DUCABOTOR\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2] @="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}" [HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}] 2012-11-08 20:42 244696 ----a-w- c:\users\DUCABOTOR\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3] @="{BBACC218-34EA-4666-9D7A-C78F2274A524}" [HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}] 2012-11-08 20:42 244696 ----a-w- c:\users\DUCABOTOR\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 162552 ----a-w- c:\users\DUCABOTOR\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 162552 ----a-w- c:\users\DUCABOTOR\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 162552 ----a-w- c:\users\DUCABOTOR\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 162552 ----a-w- c:\users\DUCABOTOR\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK649] @="{7d7a9cff-a4c1-f2b8-7421-c722f7eac08a}" [HKEY_CLASSES_ROOT\CLSID\{7d7a9cff-a4c1-f2b8-7421-c722f7eac08a}] 2011-04-18 20:00 4734264 ----a-w- c:\program files (x86)\McAfee Online Backup\MOBK649shell.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK6492] @="{658e5c17-2ba4-ed79-d884-37ebe15e7b9b}" [HKEY_CLASSES_ROOT\CLSID\{658e5c17-2ba4-ed79-d884-37ebe15e7b9b}] 2011-04-18 20:00 4734264 ----a-w- c:\program files (x86)\McAfee Online Backup\MOBK649shell.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK6493] @="{22f1b264-d4dd-ef46-08eb-3eb0c80441ba}" [HKEY_CLASSES_ROOT\CLSID\{22f1b264-d4dd-ef46-08eb-3eb0c80441ba}] 2011-04-18 20:00 4734264 ----a-w- c:\program files (x86)\McAfee Online Backup\MOBK649shell.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2012-02-27 1158248] "AtherosBtStack"="c:\program files (x86)\Bluetooth Suite\BtvStack.exe" [2012-01-19 1016992] "AthBtTray"="c:\program files (x86)\Bluetooth Suite\AthBtTray.exe" [2012-01-19 800416] . HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService FontCache . ------- Zusätzlicher Suchlauf ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://www.google.de/ mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = <local>;*.local IE: Add to Evernote 4.0 - c:\program files (x86)\Evernote\Evernote\EvernoteIE.dll/204 IE: An OneNote s&enden - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105 IE: Free YouTube to MP3 Converter - c:\users\DUCABOTOR\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000 TCP: DhcpNameServer = . - - - - Entfernte verwaiste Registrierungseinträge - - - - . HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe . . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SampleCollector] "ImagePath"="\"c:\program files\Sony\VAIO Care\VCPerfService.exe\" \"/service\" \"/sstates\" \"/sampleinterval=5000\" \"/procinterval=5\" \"/dllinterval=120\" \"/counter=\Processor(_Total)\% Processor Time:1/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:1\" \"/counter=\Network Interface(*)\Bytes Total/sec:1\" \"/expandcounter=\Processor Information(*)\Processor Frequency:1\" \"&_\" \"/expandcounter=\Processor(*)\% Idle Time:1\" \"/expandcounter=\Processor(*)\% C1 Time:1\" \"/expandcounter=\Processor(*)\% C2 Time:1\" \"/expandcounter=\Processor(*)\%C3 &_ Time:1\" \"/expandcounter=\Processor(*)\% Processor Time:1\" \"/directory=c:\programdata\Sony Corporation\VAIO Care\inteldata\"" . --------------------- Gesperrte Registrierungsschluessel --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\McAfee] "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\ . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0] "Key"="ActionsPane3" "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Zeit der Fertigstellung: 2013-04-25 19:29:31 ComboFix-quarantined-files.txt 2013-04-25 17:29 . Vor Suchlauf: 12 Verzeichnis(se), 636.334.243.840 Bytes frei Nach Suchlauf: 17 Verzeichnis(se), 636.635.746.304 Bytes frei . - - End Of File - - DC66FC0CC769F45BEEF222C149FA83F0 Schritt 3 > OTL: Code:
ATTFilter OTL logfile created on: 25.04.2013 19:40:58 - Run 2 OTL by OldTimer - Version Folder = C:\Users\DUCABOTOR\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16540) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 5,97 Gb Total Physical Memory | 4,32 Gb Available Physical Memory | 72,41% Memory free 11,94 Gb Paging File | 9,93 Gb Available in Paging File | 83,19% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 677,36 Gb Total Space | 593,01 Gb Free Space | 87,55% Space Free | Partition Type: NTFS Computer Name: DUCABOTOR-VAIO | User Name: DUCABOTOR | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.04.25 13:33:52 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\DUCABOTOR\Desktop\OTL.exe PRC - [2013.03.12 09:05:50 | 029,106,336 | ---- | M] (Dropbox, Inc.) -- C:\Users\DUCABOTOR\AppData\Roaming\Dropbox\bin\Dropbox.exe PRC - [2012.03.07 18:57:48 | 000,183,432 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe PRC - [2012.03.07 18:57:46 | 000,065,464 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\VAIO Control Center\VESMgr.exe PRC - [2012.02.27 09:34:42 | 000,291,608 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe PRC - [2012.02.21 12:41:12 | 000,473,960 | ---- | M] (Sony Corporation) -- c:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe PRC - [2012.02.21 12:37:16 | 000,693,608 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe PRC - [2012.02.20 06:01:33 | 000,075,048 | ---- | M] (cyberlink) -- C:\Program Files (x86)\CyberLink\Shared files\brs.exe PRC - [2012.02.07 17:53:34 | 000,363,800 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe PRC - [2012.02.07 17:53:32 | 000,277,784 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe PRC - [2012.02.07 17:52:04 | 000,161,560 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe PRC - [2012.02.07 17:27:24 | 000,121,344 | ---- | M] () -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe PRC - [2012.01.19 13:40:32 | 000,158,880 | ---- | M] (Atheros) -- C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe PRC - [2011.11.30 18:49:50 | 000,082,592 | ---- | M] (Sony of America Corporation) -- C:\Programme\Sony\VAIO Care\listener.exe PRC - [2011.11.29 20:04:56 | 000,013,592 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe PRC - [2011.11.29 20:04:54 | 000,284,440 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe PRC - [2011.02.25 10:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE PRC - [2011.02.23 14:05:04 | 000,105,024 | ---- | M] (ArcSoft, Inc.) -- C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe ========== Modules (No Company Name) ========== MOD - [2013.02.14 04:26:43 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\cb562e2e4f74ae607f1186f6ec50cec7\System.Windows.Forms.ni.dll MOD - [2013.01.13 17:08:15 | 000,487,424 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\7ffdaee3a54ffd1a5e3b008a5bde5ecf\IAStorUtil.ni.dll MOD - [2013.01.13 17:08:15 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\389a1832a3da11e1b409cd6ae60cb9fa\IAStorCommon.ni.dll MOD - [2013.01.13 16:52:44 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll MOD - [2013.01.13 16:52:17 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll MOD - [2013.01.13 16:52:08 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cf827fe7bc99d9bcf0ba3621054ef527\WindowsBase.ni.dll MOD - [2013.01.13 16:52:04 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll MOD - [2013.01.13 16:52:01 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll MOD - [2013.01.13 16:52:01 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll MOD - [2013.01.13 16:51:57 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll MOD - [2012.08.27 22:33:32 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2012.08.27 22:33:08 | 001,242,512 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2012.04.26 08:38:56 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\\System.Runtime.Remoting.resources.dll MOD - [2010.11.13 01:26:08 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\\mscorlib.resources.dll ========== Services (SafeList) ========== SRV:64bit: - [2013.02.19 14:56:14 | 000,182,752 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Windows\SysNative\mfevtps.exe -- (mfevtp) SRV:64bit: - [2013.02.19 14:53:32 | 000,218,760 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire) SRV:64bit: - [2013.02.19 14:51:54 | 000,241,456 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield) SRV:64bit: - [2012.08.31 14:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (MSK80Service) SRV:64bit: - [2012.08.31 14:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McProxy) SRV:64bit: - [2012.08.31 14:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McOobeSv) SRV:64bit: - [2012.08.31 14:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNASvc) SRV:64bit: - [2012.08.31 14:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNaiAnn) SRV:64bit: - [2012.08.31 14:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (mcmscsvc) SRV:64bit: - [2012.08.31 14:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McMPFSvc) SRV:64bit: - [2012.08.31 14:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McAfee SiteAdvisor Service) SRV:64bit: - [2012.04.16 08:44:49 | 000,235,520 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2011.11.30 18:49:50 | 000,260,768 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Care\VCPerfService.exe -- (SampleCollector) SRV - [2013.03.13 04:00:46 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.11.16 22:10:22 | 000,383,608 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Programme\McAfee\virusscan\mcods.exe -- (McODS) SRV - [2012.07.17 16:14:44 | 002,292,480 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2012.03.26 09:24:10 | 000,978,056 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Programme\Sony\VAIO Smart Network\VSNService.exe -- (VSNService) SRV - [2012.03.21 17:08:20 | 000,112,256 | ---- | M] (Atheros Communication Inc.) [On_Demand | Stopped] -- C:\Programme\Sony\VAIO Smart Network\WFDA\DCDhcpService.exe -- (DCDhcpService) SRV - [2012.03.07 18:57:46 | 000,065,464 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Sony\VAIO Control Center\VESMgr.exe -- (VAIO Event Service) SRV - [2012.02.21 12:41:12 | 000,473,960 | ---- | M] (Sony Corporation) [Auto | Running] -- c:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider) SRV - [2012.02.09 09:43:45 | 002,429,544 | ---- | M] (Realsil Microelectronics Inc.) [Auto | Running] -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe -- (IconMan_R) SRV - [2012.02.07 17:53:34 | 000,363,800 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) SRV - [2012.02.07 17:53:32 | 000,277,784 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) SRV - [2012.02.07 17:52:04 | 000,161,560 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe -- (jhi_service) SRV - [2012.02.07 17:27:24 | 000,121,344 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe -- (Intel(R) SRV - [2012.02.02 22:29:52 | 000,628,448 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\iCLS Client\HeciServer.exe -- (Intel(R) SRV - [2012.01.20 15:23:00 | 000,054,432 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Sony\VAIO Care\VCService.exe -- (VCService) SRV - [2012.01.19 13:40:32 | 000,158,880 | ---- | M] (Atheros) [Auto | Running] -- C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe -- (ZAtheros Bt&Wlan Coex Agent) SRV - [2012.01.19 13:22:08 | 000,106,144 | ---- | M] (Atheros Commnucations) [Auto | Running] -- C:\Program Files (x86)\Bluetooth Suite\adminservice.exe -- (AtherosSvc) SRV - [2012.01.19 11:40:56 | 000,248,304 | ---- | M] (CyberLink) [Auto | Stopped] -- C:\Program Files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe -- (CLKMSVC10_9EC60124) SRV - [2012.01.13 10:55:10 | 001,256,040 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Sony\VAIO Update Common\VUAgent.exe -- (VUAgent) SRV - [2012.01.10 13:45:32 | 000,535,688 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Sony\VAIO Power Management\SPMService.exe -- (VAIO Power Management) SRV - [2012.01.06 16:44:28 | 000,074,904 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe -- (SOHDs) SRV - [2012.01.06 16:44:26 | 000,138,392 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe -- (SOHCImp) SRV - [2011.12.29 16:10:08 | 000,960,160 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe -- (VCFw) SRV - [2011.12.21 13:55:14 | 000,382,720 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe -- (VcmINSMgr) SRV - [2011.12.21 13:15:06 | 000,550,128 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe -- (VcmIAlzMgr) SRV - [2011.12.01 10:04:56 | 000,289,952 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe -- (SpfService) SRV - [2011.11.29 20:04:56 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) SRV - [2011.08.26 18:47:26 | 000,101,600 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe -- (VcmXmlIfHelper) SRV - [2011.04.18 22:00:50 | 000,223,544 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files (x86)\McAfee Online Backup\MOBK649backup.exe -- (MOBK649backup) SRV - [2011.03.01 21:23:36 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc) SRV - [2011.02.25 10:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort) SRV - [2011.02.23 14:05:04 | 000,105,024 | ---- | M] (ArcSoft, Inc.) [Auto | Running] -- C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe -- (uCamMonitor) SRV - [2011.01.28 12:28:54 | 000,225,216 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- c:\Programme\McAfee\MSC\McAWFwk.exe -- (McAWFwk) SRV - [2010.10.12 19:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService) SRV - [2010.03.18 23:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.03.18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon) SRV - [2010.01.09 22:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2013.02.19 14:59:06 | 000,070,112 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\cfwids.sys -- (cfwids) DRV:64bit: - [2013.02.19 14:56:26 | 000,340,216 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfewfpk.sys -- (mfewfpk) DRV:64bit: - [2013.02.19 14:55:14 | 000,106,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mferkdet.sys -- (mferkdet) DRV:64bit: - [2013.02.19 14:54:32 | 000,771,536 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk) DRV:64bit: - [2013.02.19 14:53:42 | 000,515,968 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfefirek.sys -- (mfefirek) DRV:64bit: - [2013.02.19 14:53:02 | 000,309,840 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk) DRV:64bit: - [2013.02.19 14:52:44 | 000,179,280 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mfeapfk.sys -- (mfeapfk) DRV:64bit: - [2012.09.28 11:32:56 | 000,053,760 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2012.08.21 14:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2012.04.20 17:40:58 | 000,196,440 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HipShieldK.sys -- (HipShieldK) DRV:64bit: - [2012.04.16 08:49:00 | 000,095,248 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService) DRV:64bit: - [2012.04.16 08:45:19 | 000,328,192 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2012.04.16 08:45:15 | 010,729,984 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2012.03.26 15:50:12 | 000,022,528 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netaapl64.sys -- (Netaapl) DRV:64bit: - [2012.03.15 04:42:06 | 000,421,648 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP) DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012.02.27 09:34:27 | 000,787,736 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3xhc.sys -- (iusb3xhc) DRV:64bit: - [2012.02.27 09:34:19 | 000,356,120 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3hub.sys -- (iusb3hub) DRV:64bit: - [2012.02.27 09:34:16 | 000,016,152 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iusb3hcs.sys -- (iusb3hcs) DRV:64bit: - [2012.02.21 23:27:36 | 002,807,808 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr) DRV:64bit: - [2012.02.16 16:14:57 | 000,568,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2012.02.09 09:43:54 | 000,340,072 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsPStor.sys -- (RSPCIESTOR) DRV:64bit: - [2012.02.09 07:34:36 | 000,565,352 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2012.01.19 13:31:32 | 000,550,560 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btfilter.sys -- (BtFilter) DRV:64bit: - [2012.01.19 13:31:02 | 000,421,664 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_vdp.sys -- (BTATH_VDP) DRV:64bit: - [2012.01.19 13:30:50 | 000,280,992 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_rcp.sys -- (BTATH_RCP) DRV:64bit: - [2012.01.19 13:30:02 | 000,167,584 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_hcrp.sys -- (BTATH_HCRP) DRV:64bit: - [2012.01.19 13:29:44 | 000,036,000 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_flt.sys -- (AthBTPort) DRV:64bit: - [2012.01.19 13:29:32 | 000,030,368 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_bus.sys -- (BTATH_BUS) DRV:64bit: - [2012.01.19 13:29:14 | 000,110,752 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_avdt.sys -- (btath_avdt) DRV:64bit: - [2012.01.19 13:29:02 | 000,339,616 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_a2dp.sys -- (BTATH_A2DP) DRV:64bit: - [2012.01.16 11:01:14 | 000,014,336 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SFEP.sys -- (SFEP) DRV:64bit: - [2011.11.10 01:04:14 | 000,060,184 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) DRV:64bit: - [2011.04.18 22:00:24 | 000,066,040 | ---- | M] (Mozy, Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\MOBK649.sys -- (MOBK649Filter) DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.11.21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.11.21 05:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus) DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.07.14 02:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice) DRV:64bit: - [2009.07.14 02:35:37 | 000,025,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDScan.sys -- (WSDScan) DRV:64bit: - [2009.06.10 22:35:02 | 000,281,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\e1y60x64.sys -- (e1yexpress) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.05.26 14:32:04 | 000,019,968 | ---- | M] (ArcSoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ArcSoftKsUFilter.sys -- (ArcSoftKsUFilter) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=SNYEDF&pc=MASE&src=IE-SearchBox IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=SNYEDF&pc=MASE&src=IE-SearchBox IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-3632474297-1850393708-2787934250-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://sony.msn.com [binary data] IE - HKU\S-1-5-21-3632474297-1850393708-2787934250-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKU\S-1-5-21-3632474297-1850393708-2787934250-1000\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.) IE - HKU\S-1-5-21-3632474297-1850393708-2787934250-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-3632474297-1850393708-2787934250-1000\..\SearchScopes\{0820323B-DA0D-4202-8D8B-7943B4E089FC}: "URL" = hxxp://rover.ebay.com/rover/1/707-37276-16609-27/4?mpre=hxxp://shop.ebay.de/?oemInLn=ieSrch-Q212&_nkw={searchTerms} IE - HKU\S-1-5-21-3632474297-1850393708-2787934250-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3632474297-1850393708-2787934250-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local ========== FireFox ========== FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL () FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL () FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3503.0728: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@playstation.com/PsndlCheck,version=1.00: C:\Program Files (x86)\Sony\PLAYSTATION Network Downloader\nppsndl.dll (Sony Computer Entertainment Inc.) FF - HKLM\Software\MozillaPlugins\@SonyCreativeSoftware.com/Media Go,version=1.0: C:\Program Files (x86)\Sony\Media Go\npmediago.dll (Sony Network Entertainment International LLC) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll () FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files (x86)\McAfee\SiteAdvisor [2013.02.02 23:18:18 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files (x86)\Common Files\McAfee\SystemCore [2013.03.09 05:41:56 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\msktbird@mcafee.com: C:\Program Files\McAfee\MSK [2012.12.02 13:52:15 | 000,000,000 | ---D | M] ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter} CHR - homepage: CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\PepperFlash\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_222.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\pdf.dll CHR - plugin: Java Deployment Toolkit (Enabled) = C:\Program Files (x86)\Java\jre7\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 7 U1 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll CHR - plugin: Adobe Acrobat (Enabled) = c:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\\npGoogleUpdate3.dll CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll CHR - plugin: Media Go Detector (Enabled) = C:\Program Files (x86)\Sony\Media Go\npmediago.dll CHR - plugin: PlayStation(R)Network Downloader Check Plug-in (Enabled) = C:\Program Files (x86)\Sony\PLAYSTATION Network Downloader\nppsndl.dll CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: McAfee SecurityCenter (Enabled) = c:\progra~2\mcafee\msc\npmcsn~1.dll CHR - Extension: YouTube = C:\Users\DUCABOTOR\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\ CHR - Extension: Google-Suche = C:\Users\DUCABOTOR\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\\ CHR - Extension: SiteAdvisor = C:\Users\DUCABOTOR\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\\ CHR - Extension: DVDVideoSoft Browser Extension = C:\Users\DUCABOTOR\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\\ CHR - Extension: Google Mail = C:\Users\DUCABOTOR\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\ O1 HOSTS File: ([2013.04.25 19:27:47 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: localhost O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Programme\Common Files\McAfee\systemcore\ScriptSn.20121101161802.dll (McAfee, Inc.) O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20121101161803.dll (McAfee, Inc.) O2 - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations) O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.) O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.) O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O4:64bit: - HKLM..\Run: [AthBtTray] C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe (Atheros Commnucations) O4:64bit: - HKLM..\Run: [AtherosBtStack] C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe (Atheros Communications) O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared files\brs.exe (cyberlink) O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.) O4 - HKLM..\Run: [PMBVolumeWatcher] c:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe (Sony Corporation) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [USB3MON] C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation) O4 - HKU\S-1-5-21-3632474297-1850393708-2787934250-1000..\Run: [EPLTarget\P0000000000000000] C:\Windows\system32\spool\DRIVERS\x64\3\E_YATIHSE.EXE /EPT "EPLTarget\P0000000000000000" /M "Epson Stylus Office BX935FWD" File not found O4 - HKU\S-1-5-21-3632474297-1850393708-2787934250-1000..\Run: [GoogleChromeAutoLaunch_50C8AB55EDB8CD3DA3E7A9C2D26F30E8] C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) O4 - Startup: C:\Users\DUCABOTOR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\DUCABOTOR\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-3632474297-1850393708-2787934250-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-3632474297-1850393708-2787934250-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8:64bit: - Extra context menu item: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105 File not found O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\DUCABOTOR\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105 File not found O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\DUCABOTOR\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000 File not found O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations) O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 10.1.0) O16:64bit: - DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 1.7.0_01) O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 1.7.0_01) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 10.1.0) O16 - DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 1.7.0_01) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 1.7.0_01) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1859898F-10CA-4512-A16C-CCE4EF7B84BB}: DhcpNameServer = O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C9FA5206-9FBF-480D-B122-2D313B480991}: DhcpNameServer = O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E36893A6-B552-4374-8839-FF07021ED5F4}: DhcpNameServer = O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.) O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.) O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.) O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.) O18:64bit: - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Programme\McAfee\MSC\McSnIePl64.dll (McAfee, Inc.) O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~2\mcafee\msc\mcsniepl.dll (McAfee, Inc.) O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.04.25 19:42:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee [2013.04.25 19:29:33 | 000,000,000 | ---D | C] -- C:\Windows\temp [2013.04.25 19:21:48 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2013.04.25 19:21:48 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2013.04.25 19:21:48 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2013.04.25 19:18:11 | 000,000,000 | ---D | C] -- C:\Qoobox [2013.04.25 19:17:53 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2013.04.25 19:13:54 | 005,059,017 | R--- | C] (Swearware) -- C:\Users\DUCABOTOR\Desktop\ComboFix.exe [2013.04.25 13:33:50 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\DUCABOTOR\Desktop\OTL.exe [2013.04.25 12:30:16 | 000,000,000 | ---D | C] -- C:\FRST [2013.04.13 21:55:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free M4a to MP3 Converter [2013.04.13 21:55:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Free M4a to MP3 Converter [2013.04.13 21:51:24 | 000,000,000 | ---D | C] -- C:\Users\DUCABOTOR\Desktop\W&W Mainstage [2013.04.13 21:29:20 | 000,000,000 | ---D | C] -- C:\Users\DUCABOTOR\Desktop\Hardwell On Air 2013 [2013.04.13 20:25:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2013.04.13 20:24:37 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [2013.04.13 20:24:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes [2013.04.13 20:24:37 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2013.04.13 20:24:37 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 [2013.04.13 20:20:57 | 000,000,000 | ---D | C] -- C:\Config.Msi [2013.04.07 19:13:54 | 000,000,000 | ---D | C] -- C:\DCMI Videos [2013.04.04 13:40:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\epson [2013.04.02 16:45:10 | 000,000,000 | ---D | C] -- C:\Users\DUCABOTOR\Bodenmatte 150x215 [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.04.25 19:45:35 | 000,020,992 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.04.25 19:45:35 | 000,020,992 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.04.25 19:45:15 | 001,612,484 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.04.25 19:45:15 | 000,696,870 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.04.25 19:45:15 | 000,652,148 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.04.25 19:45:15 | 000,148,134 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.04.25 19:45:15 | 000,121,080 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.04.25 19:38:10 | 000,001,112 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.04.25 19:37:55 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.04.25 19:37:52 | 513,560,575 | -HS- | M] () -- C:\hiberfil.sys [2013.04.25 19:27:47 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2013.04.25 19:14:00 | 005,059,017 | R--- | M] (Swearware) -- C:\Users\DUCABOTOR\Desktop\ComboFix.exe [2013.04.25 19:08:12 | 000,619,461 | ---- | M] () -- C:\Users\DUCABOTOR\Desktop\adwcleaner.exe [2013.04.25 19:00:02 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.04.25 13:50:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.04.25 13:33:52 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\DUCABOTOR\Desktop\OTL.exe [2013.04.23 12:11:40 | 000,002,072 | ---- | M] () -- C:\Windows\MOBK649.blk [2013.04.23 12:11:40 | 000,000,314 | ---- | M] () -- C:\Windows\MOBK649.flt [2013.04.13 21:55:14 | 000,001,155 | ---- | M] () -- C:\Users\DUCABOTOR\Desktop\Free M4a to MP3 Converter.lnk [2013.04.13 21:55:14 | 000,001,150 | ---- | M] () -- C:\Users\DUCABOTOR\Desktop\My Music Tools.lnk [2013.04.13 20:25:59 | 000,001,783 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk [2013.04.10 03:19:01 | 000,373,416 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.04.04 23:38:17 | 000,084,187 | ---- | M] () -- C:\Users\DUCABOTOR\Desktop\Energiebedarf - 04.04.2013.JPG [2013.04.04 19:14:05 | 000,001,059 | ---- | M] () -- C:\Users\DUCABOTOR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2013.04.04 19:14:00 | 000,001,035 | ---- | M] () -- C:\Users\DUCABOTOR\Desktop\Dropbox.lnk [2013.04.04 13:40:39 | 000,000,934 | ---- | M] () -- C:\Users\Public\Desktop\EPSON Scan.lnk [2013.04.04 13:35:22 | 004,075,047 | ---- | M] () -- C:\Users\Public\Documents\Zeit und Selbstmanagement 03.04.2013.pdf [2013.04.01 19:51:17 | 000,211,354 | ---- | M] () -- C:\Users\DUCABOTOR\formular_pdf (1).pdf [2013.04.01 19:49:31 | 000,211,354 | ---- | M] () -- C:\Users\DUCABOTOR\formular_pdf.pdf [2013.04.01 19:45:29 | 000,186,458 | ---- | M] () -- C:\Users\DUCABOTOR\Hardwell 27.04.2013.pdf [2013.04.01 19:25:44 | 000,113,027 | ---- | M] () -- C:\Users\DUCABOTOR\Check In.JPG [2013.03.29 19:57:09 | 000,492,002 | ---- | M] () -- C:\Users\DUCABOTOR\Eticket-FN6691-158697-1.pdf [2013.03.28 19:29:46 | 000,617,080 | ---- | M] () -- C:\Users\DUCABOTOR\Eticket-RF3580-158697-4.pdf [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.04.25 19:21:48 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2013.04.25 19:21:48 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2013.04.25 19:21:48 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2013.04.25 19:21:48 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2013.04.25 19:21:48 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2013.04.25 19:08:07 | 000,619,461 | ---- | C] () -- C:\Users\DUCABOTOR\Desktop\adwcleaner.exe [2013.04.13 21:55:14 | 000,001,155 | ---- | C] () -- C:\Users\DUCABOTOR\Desktop\Free M4a to MP3 Converter.lnk [2013.04.13 21:55:14 | 000,001,150 | ---- | C] () -- C:\Users\DUCABOTOR\Desktop\My Music Tools.lnk [2013.04.13 20:25:59 | 000,001,783 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk [2013.04.04 23:38:17 | 000,084,187 | ---- | C] () -- C:\Users\DUCABOTOR\Desktop\Energiebedarf - 04.04.2013.JPG [2013.04.04 13:40:39 | 000,000,934 | ---- | C] () -- C:\Users\Public\Desktop\EPSON Scan.lnk [2013.04.04 13:35:19 | 004,075,047 | ---- | C] () -- C:\Users\Public\Documents\Zeit und Selbstmanagement 03.04.2013.pdf [2013.04.01 19:51:17 | 000,211,354 | ---- | C] () -- C:\Users\DUCABOTOR\formular_pdf (1).pdf [2013.04.01 19:49:30 | 000,211,354 | ---- | C] () -- C:\Users\DUCABOTOR\formular_pdf.pdf [2013.04.01 19:45:28 | 000,186,458 | ---- | C] () -- C:\Users\DUCABOTOR\Hardwell 27.04.2013.pdf [2013.04.01 19:25:44 | 000,113,027 | ---- | C] () -- C:\Users\DUCABOTOR\Check In.JPG [2013.03.29 19:57:09 | 000,492,002 | ---- | C] () -- C:\Users\DUCABOTOR\Eticket-FN6691-158697-1.pdf [2013.03.28 19:29:45 | 000,617,080 | ---- | C] () -- C:\Users\DUCABOTOR\Eticket-RF3580-158697-4.pdf [2013.03.19 19:46:12 | 004,198,150 | ---- | C] () -- C:\Users\DUCABOTOR\DSC08867.JPG [2013.03.19 19:45:06 | 005,734,400 | ---- | C] () -- C:\Users\DUCABOTOR\DSC08865.JPG [2013.03.19 19:44:36 | 004,751,360 | ---- | C] () -- C:\Users\DUCABOTOR\DSC08864.JPG [2013.03.19 19:44:24 | 007,143,424 | ---- | C] () -- C:\Users\DUCABOTOR\DSC08863.JPG [2013.03.16 23:13:37 | 035,708,021 | ---- | C] () -- C:\Users\DUCABOTOR\Tomorrowland 2013 Warm Up Mix. Tiësto, Sander Van Doorn, Dimitri Vegas & Like Mike.mp3 [2013.03.16 23:13:37 | 013,684,764 | ---- | C] () -- C:\Users\DUCABOTOR\Deorro & duvoh - Black (Original Mix).mp3 [2013.03.16 23:13:37 | 013,290,308 | ---- | C] () -- C:\Users\DUCABOTOR\3971172_Amazing_Ft__Chipper_Original_Mix.mp3 [2013.03.16 23:13:37 | 009,866,989 | ---- | C] () -- C:\Users\DUCABOTOR\3995748_Make_Some_Noise_Deorro_Remix.mp3 [2013.03.03 16:20:08 | 000,022,516 | ---- | C] () -- C:\Users\DUCABOTOR\dasd.JPG [2013.02.07 00:08:37 | 000,087,925 | ---- | C] () -- C:\Users\DUCABOTOR\Dropbox.JPG [2013.01.25 00:09:42 | 000,064,068 | ---- | C] () -- C:\Users\DUCABOTOR\wangentreppe_06.jpg [2013.01.11 02:03:02 | 000,144,640 | ---- | C] () -- C:\Users\DUCABOTOR\Amazon.pdf [2012.12.02 19:30:08 | 000,089,011 | ---- | C] () -- C:\Users\DUCABOTOR\Unbenannt.JPG [2012.12.02 17:37:14 | 000,000,000 | ---- | C] () -- C:\ProgramData\0T6o34k.dat [2012.12.02 17:36:58 | 000,000,001 | ---- | C] () -- C:\ProgramData\B4o3v2on.exe_.b [2012.11.29 19:10:00 | 005,285,059 | ---- | C] () -- C:\Users\DUCABOTOR\karten.7z [2012.11.29 19:09:00 | 005,056,610 | ---- | C] () -- C:\Users\DUCABOTOR\karten1.7z [2012.11.28 23:25:29 | 000,060,055 | ---- | C] () -- C:\Users\DUCABOTOR\Ausbildungsordnung - Fachkraft für Lagerlogistik.pdf [2012.11.28 23:22:31 | 000,065,249 | ---- | C] () -- C:\Users\DUCABOTOR\Ausbildungsordnung - Kaufmann für Spedition und Logistikdienstleistungen.pdf [2012.11.13 02:00:25 | 000,639,383 | ---- | C] () -- C:\Users\DUCABOTOR\Arbeitszeugnis SLG 2005-2012.pdf [2012.11.13 01:59:41 | 000,570,549 | ---- | C] () -- C:\Users\DUCABOTOR\Kopie Arbeitsvertrag Autovision 2012.pdf [2012.11.13 01:58:43 | 000,319,161 | ---- | C] () -- C:\Users\DUCABOTOR\Abschlusszeugnis BBS3 BS 2008.pdf [2012.11.13 01:57:32 | 000,281,363 | ---- | C] () -- C:\Users\DUCABOTOR\Prüfungszeugnis IHK 2008.pdf [2012.09.15 00:18:47 | 094,729,269 | ---- | C] () -- C:\Users\DUCABOTOR\48 TOTC 2012.02 Mix, Pt. 3.mp3 [2012.09.15 00:18:25 | 085,918,690 | ---- | C] () -- C:\Users\DUCABOTOR\47 TOTC 2012.02 Mix, Pt. 2.mp3 [2012.09.15 00:18:02 | 084,831,474 | ---- | C] () -- C:\Users\DUCABOTOR\46 TOTC 2012.02 Mix, Pt. 1.mp3 [2012.04.26 09:46:57 | 000,074,703 | ---- | C] () -- C:\Windows\SysWow64\mfc45.dll [2012.04.26 08:07:14 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2012.04.16 09:11:19 | 000,204,960 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat [2012.04.16 09:11:19 | 000,157,152 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat [2012.04.16 09:11:19 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2012.02.02 22:08:26 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll [2012.02.02 21:29:52 | 000,066,688 | ---- | C] () -- C:\Windows\SysWow64\OpenVideo.dll [2012.02.02 21:29:48 | 000,061,568 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll ========== ZeroAccess Check ========== [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2013.04.25 19:38:33 | 000,000,000 | ---D | M] -- C:\Users\DUCABOTOR\AppData\Roaming\Dropbox [2012.12.28 21:09:21 | 000,000,000 | ---D | M] -- C:\Users\DUCABOTOR\AppData\Roaming\DVDVideoSoft [2012.11.02 19:40:43 | 000,000,000 | ---D | M] -- C:\Users\DUCABOTOR\AppData\Roaming\Sony [2012.12.28 21:09:33 | 000,000,000 | ---D | M] -- C:\Users\DUCABOTOR\AppData\Roaming\TuneUp Software ========== Purity Check ========== < End of report > |
GVU Trojaner; Laptop läßt sich auch nicht im abgesicherten Modus starten

Hi,

wie läuft der Rechner jetzt?

Schritt 1
ATTFilter :OTL [2012.12.02 17:37:14 | 000,000,000 | ---- | C] () -- C:\ProgramData\0T6o34k.dat [2012.12.02 17:36:58 | 000,000,001 | ---- | C] () -- C:\ProgramData\B4o3v2on.exe_.b :commands [emptytemp]
Schritt 2
Schritt 3 Lade das Setup des ESET Online Scanners herunter und speichere es auf den Desktop.
Schritt 4 Downloade dir bitte SecurityCheck (Link 2).
Bitte poste in deiner nächsten Antwort:
GVU Trojaner; Laptop läßt sich auch nicht im abgesicherten Modus starten

Hi,

ich hab schon länger keine Antwort mehr von dir erhalten. Brauchst du weiterhin noch Hilfe?

Wenn ich in den nächsten 24 Stunden nichts von dir höre, gehe ich davon aus, dass sich das Thema erledigt hat und lösche es aus meinen Abos.

Hinweis: Wir sind noch nicht fertig! Auch wenn die Symptome verschwunden sein sollten, kann dein System weiterhin infiziert sein und über Sicherheitslücken verfügen, welche eine erneute Infektion möglich machen.
GVU Trojaner; Laptop läßt sich auch nicht im abgesicherten Modus starten

Fehlende Rückmeldung
Dieses Thema wurde aus meinen Abos gelöscht. Somit bekomme ich keine Benachrichtigung mehr über neue Antworten.
Schreib mir eine PM, falls du das Thema doch wieder fortsetzen möchtest. Dann machen wir hier weiter.

Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass dein Rechner schon sauber ist.

Jeder andere bitte diese Anleitung lesen und einen eigenen Thread erstellen.
GVU Trojaner; Laptop läßt sich auch nicht im abgesicherten Modus starten

Hallo,

leider ist das Problem erneut wieder da

Ich habe nun einen Scan mit dem Farbar Scanner durchgeführt:

Bitte um Hilfe

FRST Logfile:
FRST Logfile:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-04-2013 (ATTENTION: FRST version is 60 days old) Ran by DUCABOTOR (administrator) on 23-06-2013 19:45:23 Running from D:\ Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard Internet Explorer Version 9 Boot Mode: Minimal ==================== Processes (Whitelisted) ================= (Microsoft Corporation) [1084] C:\Windows\system32\ctfmon.exe (Farbar) [1524] D:\FRST64.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /SONYAPO [1158248 2012-02-27] (Realtek Semiconductor) HKLM\...\Run: [AtherosBtStack] "C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe" [1016992 2012-01-19] (Atheros Communications) HKLM\...\Run: [AthBtTray] "C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe" [800416 2012-01-19] (Atheros Commnucations) HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2870032 2012-03-15] (Synaptics Incorporated) HKCU\...\Run: [GoogleChromeAutoLaunch_50C8AB55EDB8CD3DA3E7A9C2D26F30E8] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window [825808 2013-05-29] (Google Inc.) HKCU\...\Run: [EPLTarget\P0000000000000000] C:\Windows\system32\spool\DRIVERS\x64\3\E_YATIHSE.EXE /EPT "EPLTarget\P0000000000000000" /M "Epson Stylus Office BX935FWD" [239488 2011-04-24] (SEIKO EPSON CORPORATION) HKCU\...\Run: [EPLTarget\P0000000000000001] C:\Windows\system32\spool\DRIVERS\x64\3\E_YATIHSE.EXE /EPT "EPLTarget\P0000000000000001" /M "Epson Stylus Office BX935FWD" [239488 2011-04-24] (SEIKO EPSON CORPORATION) HKCU\...\Run: [ctfmon32.exe] C:\PROGRA~3\rundll32.exe C:\PROGRA~3\tjeofo.dat,XFG00 [260608 2013-06-23] (ggggggggggggggggggggggggggg) HKLM-x32\...\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [343168 2012-01-18] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2011-11-29] (Intel Corporation) HKLM-x32\...\Run: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [291608 2012-02-27] (Intel Corporation) HKLM-x32\...\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey [1532992 2013-03-13] (McAfee, Inc.) HKLM-x32\...\Run: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared files\brs.exe [75048 2012-02-20] (cyberlink) HKLM-x32\...\Run: [PMBVolumeWatcher] c:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe [693608 2012-02-21] (Sony Corporation) HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59720 2013-01-28] (Apple Inc.) HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [152392 2013-02-20] (Apple Inc.) Startup: C:ProgramData\Start Menu\Programs\Startup\McAfee Online Backup Status.lnk ShortcutTarget: McAfee Online Backup Status.lnk -> C:\Program Files (x86)\McAfee Online Backup\MOBK649stat.exe (McAfee, Inc.) Startup: C:\Users\DUCABOTOR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Users\DUCABOTOR\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) Startup: C:\Users\DUCABOTOR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\regmonstd.lnk ShortcutTarget: regmonstd.lnk -> C:\PROGRA~3\tjeofo.dat (ggggggggggggggggggggggggggg) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.) HKCU SearchScopes: DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKCU - {0820323B-DA0D-4202-8D8B-7943B4E089FC} URL = hxxp://rover.ebay.com/rover/1/707-37276-16609-27/4?mpre=hxxp://shop.ebay.de/?oemInLn=ieSrch-Q212&_nkw={searchTerms} BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20121101161802.dll (McAfee, Inc.) BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.) BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO: [verify-U]_Add-on - {F4552A56-119C-478E-AB3F-2C850F78B72E} - C:\Program Files\[verify-U]_AVS_IE_Add-on\[verify-U]_AVS.dll (Cybits AG) BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) BHO-x32: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20121101161803.dll (McAfee, Inc.) BHO-x32: CIESpeechBHO Class - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations) BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.) BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation) BHO-x32: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: [verify-U]_Add-on - {F4552A56-119C-478E-AB3F-2C850F78B72E} - C:\Program Files (x86)\[verify-U]_AVS_IE_Add-on\[verify-U]_AVS.dll (Cybits AG) Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.) Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.) Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.) Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - No File Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - No File Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.) Handler: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - No File Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - No File Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.) Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation) Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation) Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.) Handler-x32: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) Handler-x32: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation) Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\PROGRA~1\mcafee\msc\MCSNIE~1.DLL (McAfee, Inc.) Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\PROGRA~2\mcafee\msc\mcsniepl.dll (McAfee, Inc.) Winsock: Catalog5 08 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [36352] (Microsoft Corporation) Winsock: Catalog5-x64 08 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.) Winsock: Catalog5-x64 09 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171760] (Microsoft Corp.) Winsock: Catalog5-x64 10 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171760] (Microsoft Corp.) Tcpip\Parameters: [DhcpNameServer] Chrome: ======= CHR HomePage: "homepage": "", CHR RestoreOnStartup: https://www.google.de/ CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding} CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter} CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\PepperFlash\pepflashplayer.dll () CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_222.dll No File CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\ppGoogleNaClPluginChrome.dll () CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\pdf.dll () CHR Plugin: (Java Deployment Toolkit - C:\Program Files (x86)\Java\jre7\bin\new_plugin\npdeployJava1.dll (Oracle Corporation) CHR Plugin: (Java(TM) Platform SE 7 U1) - C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation) CHR Plugin: (Adobe Acrobat) - c:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.) CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\\npGoogleUpdate3.dll No File CHR Plugin: (Intel\u00AE Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) CHR Plugin: (Intel\u00AE Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) CHR Plugin: (McAfee SiteAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.) CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll No File CHR Plugin: (Media Go Detector) - C:\Program Files (x86)\Sony\Media Go\npmediago.dll (Sony Network Entertainment International LLC) CHR Plugin: (PlayStation(R)Network Downloader Check Plug-in) - C:\Program Files (x86)\Sony\PLAYSTATION Network Downloader\nppsndl.dll (Sony Computer Entertainment Inc.) CHR Plugin: (Windows Live\u0099 Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) CHR Plugin: (McAfee SecurityCenter) - c:\progra~2\mcafee\msc\npmcsn~1.dll () CHR Extension: (YouTube) - C:\Users\DUCABOTOR\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0 CHR Extension: (Google Search) - C:\Users\DUCABOTOR\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\ CHR Extension: (SiteAdvisor) - C:\Users\DUCABOTOR\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\ CHR Extension: (DVDVideoSoft Browser Extension) - C:\Users\DUCABOTOR\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\ CHR Extension: (Gmail) - C:\Users\DUCABOTOR\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1 ==================== Services (Whitelisted) ================= S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.) S2 CLKMSVC10_9EC60124; C:\Program Files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe [248304 2012-01-19] (CyberLink) S3 DCDhcpService; C:\Program Files\Sony\VAIO Smart Network\WFDA\DCDhcpService.exe [112256 2012-03-21] (Atheros Communication Inc.) S2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [121344 2012-02-07] () S2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2012-02-07] (Intel Corporation) S2 McAfee SiteAdvisor Service; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.) S3 McAWFwk; c:\PROGRA~1\mcafee\msc\mcawfwk.exe [225216 2011-01-28] (McAfee, Inc.) S2 McMPFSvc; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.) S2 mcmscsvc; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.) S2 McNaiAnn; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.) S2 McNASvc; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.) S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [383608 2012-11-16] (McAfee, Inc.) S4 McOobeSv; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.) S2 McProxy; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.) S2 McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [241456 2013-02-19] (McAfee, Inc.) S2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [218760 2013-02-19] (McAfee, Inc.) S2 mfevtp; C:\Windows\system32\mfevtps.exe [182752 2013-02-19] (McAfee, Inc.) S2 MOBK649backup; C:\Program Files (x86)\McAfee Online Backup\MOBK649backup.exe [223544 2011-04-18] (McAfee, Inc.) S2 MSK80Service; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.) S2 PMBDeviceInfoProvider; c:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [473960 2012-02-21] (Sony Corporation) S2 SampleCollector; C:\Program Files\Sony\VAIO Care\VCPerfService.exe [260768 2011-11-30] (Sony Corporation) S2 uCamMonitor; C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [105024 2011-02-23] (ArcSoft, Inc.) S2 ZAtheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [158880 2012-01-19] (Atheros) ==================== Drivers (Whitelisted) ==================== S3 ArcSoftKsUFilter; C:\Windows\System32\DRIVERS\ArcSoftKsUFilter.sys [19968 2009-05-26] (ArcSoft, Inc.) S3 BTATH_VDP; C:\Windows\System32\drivers\btath_vdp.sys [421664 2012-01-19] (Atheros) S3 cfwids; C:\Windows\System32\drivers\cfwids.sys [70112 2013-02-19] (McAfee, Inc.) S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [196440 2012-04-20] (McAfee, Inc.) S3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [179280 2013-02-19] (McAfee, Inc.) S3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [309840 2013-02-19] (McAfee, Inc.) S3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [515968 2013-02-19] (McAfee, Inc.) S0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [771536 2013-02-19] (McAfee, Inc.) S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [106552 2013-02-19] (McAfee, Inc.) R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [340216 2013-02-19] (McAfee, Inc.) S1 MOBK649Filter; C:\Windows\System32\DRIVERS\MOBK649.sys [66040 2011-04-18] (Mozy, Inc.) S3 catchme; \??\C:\ComboFix\catchme.sys [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-06-23 19:26 - 2013-06-23 19:27 - 95023320 ___AT C:ProgramData\oir2in.pad 2013-06-23 19:26 - 2013-06-23 19:27 - 95023320 ___AT C:ProgramData\ofoejt.pad 2013-06-23 19:26 - 2013-06-23 19:26 - 00260608 ____A (ggggggggggggggggggggggggggg) C:ProgramData\tjeofo.dat 2013-06-23 19:26 - 2013-06-23 19:26 - 00260608 ____A (ggggggggggggggggggggggggggg) C:ProgramData\ni2rio.dat 2013-06-23 19:26 - 2013-06-23 19:26 - 00044544 ____A (Microsoft Corporation) C:ProgramData\rundll32.exe 2013-06-23 19:26 - 2013-06-23 19:26 - 00002681 ____A C:ProgramData\ofoejt.js 2013-06-23 19:26 - 2013-06-23 19:26 - 00001007 ____A C:ProgramData\sdaksda.txt 2013-06-23 19:26 - 2013-06-23 19:26 - 00000152 ____A C:ProgramData\ofoejt.reg 2013-06-23 19:26 - 2013-06-23 19:26 - 00000057 ____A C:ProgramData\ofoejt.bat 2013-06-23 19:26 - 2013-06-23 19:26 - 00000000 ____A C:ProgramData\g252qs.txt 2013-06-17 20:49 - 2013-06-17 20:49 - 00995688 ____A C:\Users\DUCABOTOR\Downloads\[verify-U]_AVS_IE_Add-on_1.0.0.3.exe 2013-06-17 20:49 - 2013-06-17 20:49 - 00000000 ____D C:\Program Files\[verify-U]_AVS_IE_Add-on 2013-06-17 20:49 - 2013-06-17 20:49 - 00000000 ____D C:\Program Files (x86)\[verify-U]_AVS_IE_Add-on 2013-06-16 03:01 - 2013-06-08 16:08 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll 2013-06-16 03:01 - 2013-06-08 16:07 - 19233792 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2013-06-16 03:01 - 2013-06-08 16:06 - 15404544 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll 2013-06-16 03:01 - 2013-06-08 16:06 - 02648064 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll 2013-06-16 03:01 - 2013-06-08 16:06 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll 2013-06-16 03:01 - 2013-06-08 14:28 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb 2013-06-16 03:01 - 2013-06-08 13:42 - 01141248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2013-06-16 03:01 - 2013-06-08 13:40 - 14327808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2013-06-16 03:01 - 2013-06-08 13:40 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2013-06-16 03:01 - 2013-06-08 13:40 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2013-06-16 03:01 - 2013-06-08 13:40 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2013-06-16 03:01 - 2013-06-08 13:13 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2013-06-14 03:01 - 2013-05-17 03:25 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2013-06-14 03:01 - 2013-05-17 03:25 - 01767936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2013-06-14 03:01 - 2013-05-17 03:25 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2013-06-14 03:01 - 2013-05-17 03:25 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2013-06-14 03:01 - 2013-05-17 03:25 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll 2013-06-14 03:01 - 2013-05-17 03:25 - 00061440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2013-06-14 03:01 - 2013-05-17 03:25 - 00039424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2013-06-14 03:01 - 2013-05-17 03:25 - 00033280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2013-06-14 03:01 - 2013-05-17 02:59 - 02241024 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll 2013-06-14 03:01 - 2013-05-17 02:59 - 00051712 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe 2013-06-14 03:01 - 2013-05-17 02:58 - 03958784 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll 2013-06-14 03:01 - 2013-05-17 02:58 - 00855552 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll 2013-06-14 03:01 - 2013-05-17 02:58 - 00603136 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll 2013-06-14 03:01 - 2013-05-17 02:58 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll 2013-06-14 03:01 - 2013-05-17 02:58 - 00067072 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll 2013-06-14 03:01 - 2013-05-17 02:58 - 00053248 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll 2013-06-14 03:01 - 2013-05-17 02:58 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll 2013-06-14 03:01 - 2013-05-14 14:23 - 00089600 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe 2013-06-14 03:01 - 2013-05-14 10:40 - 00071680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe 2013-06-13 15:10 - 2013-05-08 08:39 - 01910632 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys 2013-06-13 15:10 - 2013-04-26 07:51 - 00751104 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll 2013-06-13 15:10 - 2013-04-26 06:55 - 00492544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll 2013-06-13 15:09 - 2013-05-13 07:51 - 01464320 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll 2013-06-13 15:09 - 2013-05-13 07:51 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll 2013-06-13 15:09 - 2013-05-13 07:51 - 00139776 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll 2013-06-13 15:09 - 2013-05-13 07:50 - 00052224 ____A (Microsoft Corporation) C:\Windows\System32\certenc.dll 2013-06-13 15:09 - 2013-05-13 06:45 - 01160192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll 2013-06-13 15:09 - 2013-05-13 06:45 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll 2013-06-13 15:09 - 2013-05-13 06:45 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll 2013-06-13 15:09 - 2013-05-13 05:43 - 01192448 ____A (Microsoft Corporation) C:\Windows\System32\certutil.exe 2013-06-13 15:09 - 2013-05-13 05:08 - 00903168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe 2013-06-13 15:09 - 2013-05-13 05:08 - 00043008 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certenc.dll 2013-06-13 15:09 - 2013-05-10 07:49 - 00030720 ____A (Microsoft Corporation) C:\Windows\System32\cryptdlg.dll 2013-06-13 15:09 - 2013-05-10 05:20 - 00024576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptdlg.dll 2013-06-13 15:09 - 2013-04-17 09:02 - 01230336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll 2013-06-13 15:09 - 2013-04-17 08:24 - 01424384 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll 2013-06-13 15:08 - 2013-04-26 01:30 - 01505280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll 2013-06-13 15:08 - 2013-04-01 00:52 - 01887232 ____A (Microsoft Corporation) C:\Windows\System32\d3d11.dll 2013-06-05 00:06 - 2013-06-05 00:58 - 00027515 ____A C:\Users\DUCABOTOR\Desktop\Logistik Werk 3.xlsm 2013-06-01 12:30 - 2013-06-01 12:31 - 00013050 ____A C:\Users\DUCABOTOR\Documents\Mappe1.xlsm 2013-06-01 01:02 - 2013-06-01 01:07 - 00013969 ____A C:\Users\DUCABOTOR\Documents\test.xlsm 2013-05-29 00:06 - 2013-05-29 00:39 - 00031232 ____A C:\Users\DUCABOTOR\Desktop\Lebenslauf 28052013_neu.xls ==================== One Month Modified Files and Folders ======= 2013-06-23 19:27 - 2013-06-23 19:26 - 95023320 ___AT C:ProgramData\oir2in.pad 2013-06-23 19:27 - 2013-06-23 19:26 - 95023320 ___AT C:ProgramData\ofoejt.pad 2013-06-23 19:26 - 2013-06-23 19:26 - 00260608 ____A (ggggggggggggggggggggggggggg) C:ProgramData\tjeofo.dat 2013-06-23 19:26 - 2013-06-23 19:26 - 00260608 ____A (ggggggggggggggggggggggggggg) C:ProgramData\ni2rio.dat 2013-06-23 19:26 - 2013-06-23 19:26 - 00044544 ____A (Microsoft Corporation) C:ProgramData\rundll32.exe 2013-06-23 19:26 - 2013-06-23 19:26 - 00002681 ____A C:ProgramData\ofoejt.js 2013-06-23 19:26 - 2013-06-23 19:26 - 00001007 ____A C:ProgramData\sdaksda.txt 2013-06-23 19:26 - 2013-06-23 19:26 - 00000152 ____A C:ProgramData\ofoejt.reg 2013-06-23 19:26 - 2013-06-23 19:26 - 00000057 ____A C:ProgramData\ofoejt.bat 2013-06-23 19:26 - 2013-06-23 19:26 - 00000000 ____A C:ProgramData\g252qs.txt 2013-06-23 19:19 - 2012-11-02 18:48 - 00000000 ____D C:\Users\DUCABOTOR\Documents\Outlook-Dateien 2013-06-23 19:14 - 2012-04-26 07:49 - 01549734 ____A C:\Windows\WindowsUpdate.log 2013-06-23 19:09 - 2012-11-01 16:10 - 00001116 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2013-06-23 18:50 - 2012-04-26 08:30 - 00000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-06-23 18:44 - 2012-04-26 08:40 - 00696870 ____A C:\Windows\System32\perfh007.dat 2013-06-23 18:44 - 2012-04-26 08:40 - 00148134 ____A C:\Windows\System32\perfc007.dat 2013-06-23 18:44 - 2009-07-14 07:13 - 01612484 ____A C:\Windows\System32\PerfStringBackup.INI 2013-06-23 18:42 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\System32\NDF 2013-06-23 16:30 - 2009-07-14 07:32 - 00000000 ____D C:\Windows\System32\FxsTmp 2013-06-23 03:04 - 2011-02-11 01:03 - 01590378 ____A C:\Windows\SysWOW64\PerfStringBackup.INI 2013-06-23 03:00 - 2012-11-01 16:10 - 00001112 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2013-06-22 22:43 - 2009-07-14 06:45 - 00020992 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-06-22 22:43 - 2009-07-14 06:45 - 00020992 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-06-22 22:38 - 2011-04-18 22:00 - 00002148 ____A C:\Windows\MOBK649.blk 2013-06-22 22:38 - 2011-04-18 22:00 - 00000314 ____A C:\Windows\MOBK649.flt 2013-06-22 22:37 - 2012-11-19 23:20 - 00000000 ____D C:\Users\DUCABOTOR\AppData\Roaming\Dropbox 2013-06-22 22:36 - 2012-11-19 23:24 - 00000000 ___RD C:\Users\DUCABOTOR\Dropbox 2013-06-22 22:33 - 2009-07-14 07:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT 2013-06-22 22:33 - 2009-07-14 06:51 - 00048875 ____A C:\Windows\setupact.log 2013-06-17 20:55 - 2012-11-19 23:24 - 00001035 ____A C:\Users\DUCABOTOR\Desktop\Dropbox.lnk 2013-06-17 20:49 - 2013-06-17 20:49 - 00995688 ____A C:\Users\DUCABOTOR\Downloads\[verify-U]_AVS_IE_Add-on_1.0.0.3.exe 2013-06-17 20:49 - 2013-06-17 20:49 - 00000000 ____D C:\Program Files\[verify-U]_AVS_IE_Add-on 2013-06-17 20:49 - 2013-06-17 20:49 - 00000000 ____D C:\Program Files (x86)\[verify-U]_AVS_IE_Add-on 2013-06-16 11:48 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache 2013-06-16 03:20 - 2012-04-26 08:11 - 00000000 ____D C:\Program Files (x86)\McAfee 2013-06-14 03:19 - 2010-11-21 05:47 - 00336554 ____A C:\Windows\PFRO.log 2013-06-13 18:47 - 2012-04-26 08:30 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2013-06-13 18:47 - 2012-04-26 08:30 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2013-06-08 16:08 - 2013-06-16 03:01 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll 2013-06-08 16:07 - 2013-06-16 03:01 - 19233792 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2013-06-08 16:06 - 2013-06-16 03:01 - 15404544 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll 2013-06-08 16:06 - 2013-06-16 03:01 - 02648064 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll 2013-06-08 16:06 - 2013-06-16 03:01 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll 2013-06-08 14:28 - 2013-06-16 03:01 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb 2013-06-08 13:42 - 2013-06-16 03:01 - 01141248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2013-06-08 13:40 - 2013-06-16 03:01 - 14327808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2013-06-08 13:40 - 2013-06-16 03:01 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2013-06-08 13:40 - 2013-06-16 03:01 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2013-06-08 13:40 - 2013-06-16 03:01 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2013-06-08 13:13 - 2013-06-16 03:01 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2013-06-05 00:58 - 2013-06-05 00:06 - 00027515 ____A C:\Users\DUCABOTOR\Desktop\Logistik Werk 3.xlsm 2013-06-03 21:39 - 2012-11-02 18:37 - 00000000 ____D C:\Users\DUCABOTOR\AppData\Local\Microsoft Help 2013-06-01 12:31 - 2013-06-01 12:30 - 00013050 ____A C:\Users\DUCABOTOR\Documents\Mappe1.xlsm 2013-06-01 01:07 - 2013-06-01 01:02 - 00013969 ____A C:\Users\DUCABOTOR\Documents\test.xlsm 2013-05-29 00:39 - 2013-05-29 00:06 - 00031232 ____A C:\Users\DUCABOTOR\Desktop\Lebenslauf 28052013_neu.xls 2013-05-28 21:38 - 2013-01-10 21:53 - 00000000 ____D C:\Users\DUCABOTOR\Alex ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit Last Boot: 2013-06-16 03:49 ==================== End Of Log ============================ --- --- --- |
GVU Trojaner; Laptop läßt sich auch nicht im abgesicherten Modus starten

Hi,

ich will keine Moralkeule schwingen, aber gestatte mir doch noch eine Bemerkung. Solche Hinweise posten wir nicht umsonst:
Startet der Rechner nach diesem Fix wieder? Drücke auf einem Zweitrechner bitte die ![]() Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument: Code:
ATTFilter HKCU\...\Run: [ctfmon32.exe] C:\PROGRA~3\rundll32.exe C:\PROGRA~3\tjeofo.dat,XFG00 [260608 2013-06-23] (ggggggggggggggggggggggggggg) C:\Users\DUCABOTOR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\regmonstd.lnk 2013-06-23 19:26 - 2013-06-23 19:27 - 95023320 ___AT C:ProgramData\oir2in.pad 2013-06-23 19:26 - 2013-06-23 19:27 - 95023320 ___AT C:ProgramData\ofoejt.pad 2013-06-23 19:26 - 2013-06-23 19:26 - 00260608 ____A (ggggggggggggggggggggggggggg) C:ProgramData\tjeofo.dat 2013-06-23 19:26 - 2013-06-23 19:26 - 00260608 ____A (ggggggggggggggggggggggggggg) C:ProgramData\ni2rio.dat 2013-06-23 19:26 - 2013-06-23 19:26 - 00044544 ____A (Microsoft Corporation) C:ProgramData\rundll32.exe 2013-06-23 19:26 - 2013-06-23 19:26 - 00002681 ____A C:ProgramData\ofoejt.js 2013-06-23 19:26 - 2013-06-23 19:26 - 00001007 ____A C:ProgramData\sdaksda.txt 2013-06-23 19:26 - 2013-06-23 19:26 - 00000152 ____A C:ProgramData\ofoejt.reg 2013-06-23 19:26 - 2013-06-23 19:26 - 00000057 ____A C:ProgramData\ofoejt.bat 2013-06-23 19:26 - 2013-06-23 19:26 - 00000000 ____A C:ProgramData\g252qs.txt
__________________ cheers, Leo |
GVU Trojaner; Laptop läßt sich auch nicht im abgesicherten Modus starten

Hi,

ich hab schon länger keine Antwort mehr von dir erhalten. Brauchst du weiterhin noch Hilfe?

Wenn ich in den nächsten 24 Stunden nichts von dir höre, gehe ich davon aus, dass sich das Thema erledigt hat und lösche es aus meinen Abos.

Hinweis: Wir sind noch nicht fertig! Auch wenn die Symptome verschwunden sein sollten, kann dein System weiterhin infiziert sein und über Sicherheitslücken verfügen, welche eine erneute Infektion möglich machen.
GVU Trojaner; Laptop läßt sich auch nicht im abgesicherten Modus starten

Hi,

anbei der Fixlog:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 24-04-2013 Ran by DUCABOTOR at 2013-06-23 20:54:52 Run:2 Running from D:\ Boot Mode: Minimal ============================================== HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\ctfmon32.exe value deleted successfully. C:\Users\DUCABOTOR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\regmonstd.lnk moved successfully. 2013-06-23 19:26 - 2013-06-23 19:27 - 95023320 ___AT C:ProgramData\oir2in.pad not found. 2013-06-23 19:26 - 2013-06-23 19:27 - 95023320 ___AT C:ProgramData\ofoejt.pad not found. 2013-06-23 19:26 - 2013-06-23 19:26 - 00260608 ____A (ggggggggggggggggggggggggggg) C:ProgramData\tjeofo.dat not found. 2013-06-23 19:26 - 2013-06-23 19:26 - 00260608 ____A (ggggggggggggggggggggggggggg) C:ProgramData\ni2rio.dat not found. 2013-06-23 19:26 - 2013-06-23 19:26 - 00044544 ____A (Microsoft Corporation) C:ProgramData\rundll32.exe not found. 2013-06-23 19:26 - 2013-06-23 19:26 - 00002681 ____A C:ProgramData\ofoejt.js not found. 2013-06-23 19:26 - 2013-06-23 19:26 - 00001007 ____A C:ProgramData\sdaksda.txt not found. 2013-06-23 19:26 - 2013-06-23 19:26 - 00000152 ____A C:ProgramData\ofoejt.reg not found. 2013-06-23 19:26 - 2013-06-23 19:26 - 00000057 ____A C:ProgramData\ofoejt.bat not found. 2013-06-23 19:26 - 2013-06-23 19:26 - 00000000 ____A C:ProgramData\g252qs.txt not found. ==== End of Fixlog ==== |
GVU Trojaner; Laptop läßt sich auch nicht im abgesicherten Modus starten

Und ist der Sperrbildschirm weg?
__________________ cheers, Leo |
GVU Trojaner; Laptop läßt sich auch nicht im abgesicherten Modus starten

Hi,

ja der Sperrbildschirm ist weg
GVU Trojaner; Laptop läßt sich auch nicht im abgesicherten Modus starten

Dann verschiebe die frst64.exe vom USB-Stick auf den Desktop.
__________________ cheers, Leo |
