Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Win7 Wartungscenter: Entfernen des Win32/Small.CA-Virus

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

 
Alt 13.05.2013, 15:49   #1
Friedolin
 
Win7 Wartungscenter: Entfernen des Win32/Small.CA-Virus - Standard

Win7 Wartungscenter: Entfernen des Win32/Small.CA-Virus



Liebe Mitglieder des Trojaner-Boards,

bitte helft mir dabei festzustellen, ob mein Computer infiziert ist (und die Infektion evtl. zu behandeln). Ich bin zufällig im Wartungscenter über die Nachricht gestolpert: "Entfernen des Win32/Small.CA-Virus von Ihrem PC", ähnlich wie bei Nutzer schnipschap. Ich habe vorher keine Anzeichen eines Virenbefalls bemerkt und mein Schutzprogramm SOPHOS auch nicht.

Daraufhin habe ich mit folgenden Programmen ausführliche Scans durchlaufen lassen, alle ohne einen einzigen positiven Befund:
  • Sophos
  • Microsoft Safety Scanner (frisch runtergeladen)
  • Malwarebytes Anti Malware

Außerdem habe ich die hier vorgeschlagenen Schritte befolgt, alles lief ohne Unterbrechungen durch. Dabei war mir allerdings nicht klar, ob defrogger während der anderen Scans offen sein sollte - ich hatte es nach erfolgreicher Durchführung nämlich geschlossen.

Vielen Dank schon einmal für Eure Hilfe!


Es folgen die Logs:

OTL
Code:
ATTFilter
OTL logfile created on: 13.05.2013 13:33:50 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\knuts\Desktop\Neuer Ordner (3)
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16540)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,97 Gb Total Physical Memory | 1,32 Gb Available Physical Memory | 44,35% Memory free
5,95 Gb Paging File | 4,46 Gb Available in Paging File | 75,06% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 50,02 Gb Total Space | 15,29 Gb Free Space | 30,56% Space Free | Partition Type: NTFS
Drive D: | 182,76 Gb Total Space | 54,75 Gb Free Space | 29,95% Space Free | Partition Type: NTFS
Drive F: | 479,44 Mb Total Space | 442,53 Mb Free Space | 92,30% Space Free | Partition Type: FAT
Drive G: | 60,97 Mb Total Space | 60,96 Mb Free Space | 99,99% Space Free | Partition Type: FAT
 
Computer Name: KNUTS_T61 | User Name: knuts | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.05.13 13:28:53 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\knuts\Desktop\Neuer Ordner (3)\OTL.exe
PRC - [2013.04.05 02:56:19 | 000,389,016 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
PRC - [2013.03.21 17:08:16 | 002,890,232 | ---- | M] (Sophos Limited) -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe
PRC - [2013.02.13 15:17:33 | 000,237,048 | ---- | M] (Sophos Limited) -- C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe
PRC - [2013.02.13 15:17:32 | 000,929,272 | ---- | M] (Sophos Limited) -- C:\Program Files (x86)\SOPHOS\AutoUpdate\ALMon.exe
PRC - [2013.02.13 15:16:24 | 000,217,592 | ---- | M] (Sophos Limited) -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe
PRC - [2013.02.11 15:49:54 | 000,159,296 | ---- | M] (Sophos Limited) -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe
PRC - [2012.12.18 16:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.10.17 19:29:39 | 000,544,248 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
PRC - [2012.10.13 17:05:42 | 000,042,496 | ---- | M] () -- C:\Program Files (x86)\dradio-Recorder\phonostarTimer.exe
PRC - [2012.08.14 03:32:02 | 000,357,400 | ---- | M] (Sophos Limited) -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe
PRC - [2012.01.18 06:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
PRC - [2011.11.04 15:37:16 | 000,330,304 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\HOTKEY\TPONSCR.exe
PRC - [2011.07.12 18:03:32 | 000,069,568 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\HOTKEY\TPOSDSVC.exe
PRC - [2011.07.12 16:53:18 | 000,142,696 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\HOTKEY\TPHKSVC.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013.04.05 02:56:21 | 002,243,480 | ---- | M] () -- C:\Program Files (x86)\Mozilla Thunderbird\mozjs.dll
MOD - [2013.04.05 02:56:21 | 000,158,104 | ---- | M] () -- C:\Program Files (x86)\Mozilla Thunderbird\NSLDAP32V60.dll
MOD - [2013.04.05 02:56:20 | 000,022,424 | ---- | M] () -- C:\Program Files (x86)\Mozilla Thunderbird\NSLDAPPR32V60.dll
MOD - [2012.11.21 07:26:34 | 000,008,704 | ---- | M] () -- D:\THUNDERBIRD MAILS\9h8xw68a.default\extensions\mintrayr@tn123.ath.cx\lib\tray_x86-msvc.dll
MOD - [2012.10.13 17:05:42 | 000,042,496 | ---- | M] () -- C:\Program Files (x86)\dradio-Recorder\phonostarTimer.exe
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2008.07.15 17:09:48 | 000,111,616 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\AEADISRV.EXE -- (AEADIFilters)
SRV:64bit: - [2007.06.01 02:02:16 | 000,043,568 | ---- | M] (Lenovo) [Auto | Running] -- C:\Windows\SysNative\ibmpmsvc.exe -- (IBMPMSVC)
SRV:64bit: - [2006.11.27 17:45:16 | 000,410,624 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\SysNative\drivers\XAudio64.exe -- (XAudioService)
SRV - [2013.05.12 12:53:30 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.04.19 23:10:50 | 000,543,656 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013.04.12 11:33:31 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.03.21 17:08:16 | 002,890,232 | ---- | M] (Sophos Limited) [Auto | Running] -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe -- (swi_service)
SRV - [2013.02.28 18:45:16 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013.02.13 15:17:33 | 000,237,048 | ---- | M] (Sophos Limited) [Auto | Running] -- C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe -- (Sophos AutoUpdate Service)
SRV - [2013.02.13 15:16:24 | 000,217,592 | ---- | M] (Sophos Limited) [Auto | Running] -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe -- (SAVAdminService)
SRV - [2013.02.11 15:49:54 | 000,159,296 | ---- | M] (Sophos Limited) [Auto | Running] -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe -- (SAVService)
SRV - [2013.02.11 15:49:15 | 002,010,688 | ---- | M] (Sophos Limited) [Auto | Stopped] -- C:\ProgramData\Sophos\Web Intelligence\swi_update_64.exe -- (swi_update_64)
SRV - [2012.12.18 16:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.10.17 19:29:39 | 000,544,248 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe -- (vpnagent)
SRV - [2012.08.14 03:32:02 | 000,357,400 | ---- | M] (Sophos Limited) [Auto | Running] -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe -- (Sophos Web Control Service)
SRV - [2012.01.18 06:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)
SRV - [2011.07.12 16:53:40 | 000,145,256 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Lenovo\HOTKEY\tphkload.exe -- (TPHKLOAD)
SRV - [2011.07.12 16:53:24 | 000,101,736 | ---- | M] (Lenovo Group Limited) [Auto | Stopped] -- C:\Programme\Lenovo\HOTKEY\micmute.exe -- (LENOVO.MICMUTE)
SRV - [2011.07.12 16:53:18 | 000,142,696 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Lenovo\HOTKEY\TPHKSVC.exe -- (TPHKSVC)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.01.09 21:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2010.01.09 21:20:56 | 000,174,440 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose64)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013.02.11 15:51:16 | 000,154,952 | ---- | M] (Sophos Limited) [File_System | System | Running] -- C:\Windows\SysNative\drivers\savonaccess.sys -- (SAVOnAccess)
DRV:64bit: - [2013.01.23 07:43:35 | 000,310,984 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt)
DRV:64bit: - [2013.01.21 05:14:21 | 000,042,696 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2012.10.17 19:13:36 | 000,027,048 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpnva64.sys -- (vpnva)
DRV:64bit: - [2012.10.17 19:11:37 | 000,107,432 | R--- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acsock64.sys -- (acsock)
DRV:64bit: - [2012.08.14 03:33:07 | 000,036,640 | ---- | M] (Sophos Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdcfilter.sys -- (sdcfilter)
DRV:64bit: - [2012.08.14 03:30:05 | 000,025,608 | ---- | M] (Sophos Plc) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\SophosBootDriver.sys -- (SophosBootDriver)
DRV:64bit: - [2012.07.05 21:43:24 | 000,443,192 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2012.06.18 13:34:44 | 000,019,032 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\pwdrvio.sys -- (pwdrvio)
DRV:64bit: - [2012.06.18 13:34:42 | 000,012,384 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\pwdspio.sys -- (pwdspio)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.01.18 06:44:36 | 004,865,568 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvuvc64.sys -- (LVUVC64)
DRV:64bit: - [2012.01.18 06:44:28 | 000,351,136 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.21 05:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010.11.21 05:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010.09.07 14:09:34 | 000,015,472 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\smiifx64.sys -- (lenovo.smi)
DRV:64bit: - [2009.09.23 12:23:02 | 006,180,832 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009.09.03 20:14:30 | 000,057,856 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rixdpx64.sys -- (rismxdp)
DRV:64bit: - [2009.09.03 19:59:28 | 000,054,784 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimspx64.sys -- (rimsptsk)
DRV:64bit: - [2009.09.03 19:37:02 | 000,067,072 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimmpx64.sys -- (rimmptsk)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 01:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
DRV:64bit: - [2009.06.10 23:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009.06.10 23:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009.06.10 23:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009.06.10 22:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64)
DRV:64bit: - [2009.06.10 22:35:20 | 000,278,016 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1e6032e.sys -- (e1express)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.05.18 14:31:56 | 000,497,152 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ADIHdAud.sys -- (ADIHdAudAddService)
DRV:64bit: - [2009.02.24 19:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mcdbus.sys -- (mcdbus)
DRV:64bit: - [2007.06.01 02:01:52 | 000,026,928 | ---- | M] (Lenovo.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ibmpmdrv.sys -- (IBMPMDRV)
DRV:64bit: - [2006.12.21 13:33:28 | 001,511,936 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAX_DPV.sys -- (HSF_DPV)
DRV:64bit: - [2006.12.21 13:30:50 | 000,300,032 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAXHWAZL.sys -- (CAXHWAZL)
DRV:64bit: - [2006.12.21 13:29:48 | 000,731,648 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAX_CNXT.sys -- (winachsf)
DRV:64bit: - [2006.11.27 17:45:06 | 000,009,728 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\XAudio64.sys -- (XAudio)
DRV:64bit: - [2006.06.18 15:27:24 | 000,017,024 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\mdmxsdk.sys -- (mdmxsdk)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2009.02.24 19:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\mcdbus.sys -- (mcdbus)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.liberation.fr/"
FF - prefs.js..extensions.enabledAddons: last-tab-close-button%40victor.sacharin:0.3.7
FF - prefs.js..extensions.enabledAddons: searchimdb%40sogame.cat:1.2.0
FF - prefs.js..extensions.enabledAddons: %7Bdf4e4df5-5cb7-46b0-9aef-6c784c3249f8%7D:1.2.0
FF - prefs.js..extensions.enabledAddons: %7BD4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389%7D:0.9.10
FF - prefs.js..extensions.enabledAddons: %7B54BB9F3F-07E5-486c-9B39-C7398B99391C%7D:4.1.2013040601
FF - prefs.js..extensions.enabledAddons: firefox%40ghostery.com:2.9.4
FF - prefs.js..extensions.enabledAddons: %7B73a6fe31-595d-460b-a920-fcc0f8843232%7D:2.6.6.1
FF - prefs.js..extensions.enabledAddons: %7B19503e42-ca3c-4c27-b1e2-9cdb2170ee34%7D:1.5.5.3
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1
FF - prefs.js..network.proxy.autoconfig_url: "https://secure.premiumize.me/64ebc8218c9ec0164e09b04b792e3540/proxy.pac"
FF - prefs.js..network.proxy.http: "orion.premiumize.me"
FF - prefs.js..network.proxy.http_port: 80
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_169.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@phonostar.de/phonostar: C:\Program Files (x86)\dradio-Recorder\npphonostarDetectNP.dll File not found
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.04.12 11:33:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 14.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013.04.05 02:56:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 14.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 15.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013.04.05 02:56:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 15.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013.04.05 02:56:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013.04.05 02:56:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013.04.05 02:56:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013.04.05 02:56:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013.04.05 02:56:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.3\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013.04.05 02:56:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.3\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.4\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013.04.05 02:56:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.4\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.5\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013.04.05 02:56:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.5\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.04.12 11:33:33 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013.04.05 02:56:08 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013.04.05 02:56:08 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013.04.05 02:56:08 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.3\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013.04.05 02:56:08 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.3\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.4\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013.04.05 02:56:08 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.4\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.5\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013.04.05 02:56:08 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.5\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
 
[2012.08.11 02:51:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\knuts\AppData\Roaming\mozilla\Extensions
[2013.05.09 15:34:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\knuts\AppData\Roaming\mozilla\Firefox\Profiles\h9etqm4k.default-1357563564427\extensions
[2013.03.04 17:34:02 | 000,000,000 | ---D | M] (Freecorder) -- C:\Users\knuts\AppData\Roaming\mozilla\Firefox\Profiles\h9etqm4k.default-1357563564427\extensions\addon@freecorder.com
[2013.04.18 21:07:40 | 000,000,000 | ---D | M] (Ghostery) -- C:\Users\knuts\AppData\Roaming\mozilla\Firefox\Profiles\h9etqm4k.default-1357563564427\extensions\firefox@ghostery.com
[2013.01.07 17:23:10 | 000,007,834 | ---- | M] () (No name found) -- C:\Users\knuts\AppData\Roaming\mozilla\firefox\profiles\h9etqm4k.default-1357563564427\extensions\last-tab-close-button@victor.sacharin.xpi
[2013.01.10 19:15:08 | 000,039,326 | ---- | M] () (No name found) -- C:\Users\knuts\AppData\Roaming\mozilla\firefox\profiles\h9etqm4k.default-1357563564427\extensions\searchimdb@sogame.cat.xpi
[2013.05.08 00:50:23 | 000,350,501 | ---- | M] () (No name found) -- C:\Users\knuts\AppData\Roaming\mozilla\firefox\profiles\h9etqm4k.default-1357563564427\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi
[2013.04.13 14:50:31 | 000,307,011 | ---- | M] () (No name found) -- C:\Users\knuts\AppData\Roaming\mozilla\firefox\profiles\h9etqm4k.default-1357563564427\extensions\{54BB9F3F-07E5-486c-9B39-C7398B99391C}.xpi
[2013.05.07 00:32:18 | 000,534,214 | ---- | M] () (No name found) -- C:\Users\knuts\AppData\Roaming\mozilla\firefox\profiles\h9etqm4k.default-1357563564427\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2013.05.09 15:34:13 | 000,870,680 | ---- | M] () (No name found) -- C:\Users\knuts\AppData\Roaming\mozilla\firefox\profiles\h9etqm4k.default-1357563564427\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013.03.04 17:11:15 | 000,434,392 | ---- | M] () (No name found) -- C:\Users\knuts\AppData\Roaming\mozilla\firefox\profiles\h9etqm4k.default-1357563564427\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}.xpi
[2013.01.17 00:56:12 | 000,026,136 | ---- | M] () (No name found) -- C:\Users\knuts\AppData\Roaming\mozilla\firefox\profiles\h9etqm4k.default-1357563564427\extensions\{df4e4df5-5cb7-46b0-9aef-6c784c3249f8}.xpi
[2013.01.07 15:03:45 | 000,005,471 | ---- | M] () -- C:\Users\knuts\AppData\Roaming\mozilla\firefox\profiles\h9etqm4k.default-1357563564427\searchplugins\googlecom-in-english.xml
[2013.02.04 21:18:37 | 000,001,504 | ---- | M] () -- C:\Users\knuts\AppData\Roaming\mozilla\firefox\profiles\h9etqm4k.default-1357563564427\searchplugins\imdb.xml
[2013.03.01 09:38:59 | 000,001,330 | ---- | M] () -- C:\Users\knuts\AppData\Roaming\mozilla\firefox\profiles\h9etqm4k.default-1357563564427\searchplugins\wikipedia-en.xml
[2013.04.12 11:33:18 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2013.04.12 11:33:33 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2013.01.21 00:00:23 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2013.01.21 00:00:23 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2013.01.21 00:00:23 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2013.01.21 00:00:23 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2013.01.21 00:00:23 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2013.01.21 00:00:23 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Freecorder extension) - {B15BBE59-42F5-4206-B3F0-BE98F5DC4B93} - C:\Program Files (x86)\Freecorder extension\ScriptHost.dll (Applian Technologies Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Reg Error: Value error.) - {EEE6C35C-6118-11DC-9C72-001320C79847} - Reg Error: Value error. File not found
O2 - BHO: (no name) - AutorunsDisabled - No CLSID value found.
O3 - HKLM\..\Toolbar: (Reg Error: Value error.) - {EEE6C35B-6118-11DC-9C72-001320C79847} - Reg Error: Value error. File not found
O4 - HKLM..\Run: [Sophos AutoUpdate Monitor] C:\Program Files (x86)\Sophos\AutoUpdate\almon.exe (Sophos Limited)
O4 - HKCU..\Run: [dradio-RecorderTimer] C:\Program Files (x86)\dradio-Recorder\phonostarTimer.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll (Sophos Limited)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll (Sophos Limited)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll (Sophos Limited)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll (Sophos Limited)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll (Sophos Limited)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll (Sophos Limited)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll (Sophos Limited)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll (Sophos Limited)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000020 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AA257E24-8422-44E4-A53A-F618F3452739}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BFCA13F0-1BD4-4CF4-8CE7-84B55BA7A76E}: DhcpNameServer = 192.168.220.1
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\ms-help - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~2.DLL) - C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~2.DLL (Sophos Limited)
O20 - AppInit_DLLs: (C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~1.DLL) - C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Limited)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.05.13 13:32:45 | 000,000,000 | ---D | C] -- C:\Users\knuts\Desktop\Neuer Ordner (3)
[2013.05.08 17:33:09 | 000,000,000 | ---D | C] -- C:\Users\knuts\Desktop\Neuer Ordner (2)
[2013.05.06 09:10:26 | 000,000,000 | ---D | C] -- C:\Users\knuts\Desktop\Neuer Ordner
[2013.04.30 09:51:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2013.04.28 19:16:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2013.04.22 09:46:02 | 000,000,000 | ---D | C] -- C:\Users\knuts\Desktop\voicememo
[2013.04.19 10:25:06 | 000,000,000 | --SD | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice.org 3.4.1
[2013.04.19 10:24:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenOffice.org 3
[1 C:\Users\knuts\Desktop\*.tmp files -> C:\Users\knuts\Desktop\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.05.13 13:18:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.05.13 12:19:14 | 000,000,000 | ---- | M] () -- C:\Users\knuts\defogger_reenable
[2013.05.13 09:49:19 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.05.13 01:33:52 | 000,022,000 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.05.13 01:33:52 | 000,022,000 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.05.13 01:14:58 | 2395,705,344 | -HS- | M] () -- C:\hiberfil.sys
[2013.05.12 20:15:59 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\drivers\lvuvc.hs
[2013.05.06 09:26:10 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.05.06 09:26:10 | 000,654,166 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.05.06 09:26:10 | 000,616,008 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.05.06 09:26:10 | 000,130,006 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.05.06 09:26:10 | 000,106,388 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.04.23 00:59:01 | 000,365,952 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.04.19 10:25:06 | 000,001,172 | ---- | M] () -- C:\Users\Public\Desktop\OpenOffice.org 3.4.1.lnk
[1 C:\Users\knuts\Desktop\*.tmp files -> C:\Users\knuts\Desktop\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.05.13 12:19:14 | 000,000,000 | ---- | C] () -- C:\Users\knuts\defogger_reenable
[2013.05.12 17:29:10 | 000,590,793 | ---- | C] () -- C:\Users\knuts\Desktop\CIMG0122.JPG
[2013.04.19 10:25:06 | 000,001,172 | ---- | C] () -- C:\Users\Public\Desktop\OpenOffice.org 3.4.1.lnk
[2013.04.11 21:14:30 | 000,000,680 | ---- | C] () -- C:\Users\knuts\knuts - Verknüpfung.lnk
[2013.02.08 17:15:01 | 000,000,448 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2012.08.14 02:17:28 | 000,000,142 | ---- | C] () -- C:\Windows\ODBC.INI
[2012.08.12 02:10:31 | 002,050,952 | ---- | C] () -- C:\Windows\SysWow64\igkrng400.bin
[2012.08.11 04:42:17 | 000,066,856 | ---- | C] () -- C:\Windows\SysWow64\SynTPEnhPS.dll
[2012.01.18 06:44:00 | 010,920,984 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll
[2012.01.18 06:44:00 | 000,336,408 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll
[2012.01.18 06:44:00 | 000,104,472 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2012.09.07 00:21:48 | 000,000,000 | ---D | M] -- C:\Users\knuts\AppData\Roaming\DeepBurner
[2012.11.15 15:50:20 | 000,000,000 | ---D | M] -- C:\Users\knuts\AppData\Roaming\e-academy Inc
[2012.08.30 15:50:41 | 000,000,000 | ---D | M] -- C:\Users\knuts\AppData\Roaming\Easy Thumbnails
[2013.05.04 01:35:33 | 000,000,000 | ---D | M] -- C:\Users\knuts\AppData\Roaming\FileZilla
[2013.05.13 09:49:43 | 000,000,000 | ---D | M] -- C:\Users\knuts\AppData\Roaming\foobar2000
[2012.08.23 16:02:40 | 000,000,000 | ---D | M] -- C:\Users\knuts\AppData\Roaming\hdbADS
[2012.08.12 03:08:12 | 000,000,000 | ---D | M] -- C:\Users\knuts\AppData\Roaming\ImgBurn
[2012.12.17 12:56:21 | 000,000,000 | ---D | M] -- C:\Users\knuts\AppData\Roaming\JDownloaderPackages
[2013.02.23 04:08:38 | 000,000,000 | ---D | M] -- C:\Users\knuts\AppData\Roaming\phonostar GmbH
[2012.08.11 04:45:13 | 000,000,000 | ---D | M] -- C:\Users\knuts\AppData\Roaming\Synaptics
[2013.04.05 01:53:28 | 000,000,000 | ---D | M] -- C:\Users\knuts\AppData\Roaming\Thunderbird
 
========== Purity Check ==========
 
 

< End of report >
         
-----------------
Extras

Code:
ATTFilter
OTL Extras logfile created on: 13.05.2013 13:33:50 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\knuts\Desktop\Neuer Ordner (3)
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16540)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,97 Gb Total Physical Memory | 1,32 Gb Available Physical Memory | 44,35% Memory free
5,95 Gb Paging File | 4,46 Gb Available in Paging File | 75,06% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 50,02 Gb Total Space | 15,29 Gb Free Space | 30,56% Space Free | Partition Type: NTFS
Drive D: | 182,76 Gb Total Space | 54,75 Gb Free Space | 29,95% Space Free | Partition Type: NTFS
Drive F: | 479,44 Mb Total Space | 442,53 Mb Free Space | 92,30% Space Free | Partition Type: FAT
Drive G: | 60,97 Mb Total Space | 60,96 Mb Free Space | 99,99% Space Free | Partition Type: FAT
 
Computer Name: KNUTS_T61 | User Name: knuts | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
"" = 
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0EB893E5-9CD7-4492-AF42-2486FEB7547D}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{1D3B5FE3-0AAA-466C-A7B7-469E4665F933}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{2474D2A4-B7B9-4C8D-B9CA-706D4F5A3466}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{2C1C37F6-2B75-444B-8F75-A5CE3F6BF663}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{3C114313-6988-40E4-A5E0-EDCCCD2F4703}" = rport=445 | protocol=6 | dir=out | app=system | 
"{41A48134-7875-482D-90AE-D8691E5BE10B}" = lport=137 | protocol=17 | dir=in | app=system | 
"{443348D0-E776-4A71-BAC9-6ACE1C88CDAF}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{4BCF9363-23AF-4208-BC6C-6C5635A32DE9}" = lport=138 | protocol=17 | dir=in | app=system | 
"{66017456-790A-46A5-9E48-0C35EC33298D}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{73B342CD-41E8-40B3-AFBA-75203BB31A25}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{909CA039-B45F-4F69-B50D-513ECF180329}" = rport=137 | protocol=17 | dir=out | app=system | 
"{9B2049B2-C7EE-46BD-A66B-0420D50369AE}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{9D2FB8ED-79B8-4085-9814-50E5454C5E38}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{B1F2D540-640D-4853-B81B-EC06C8FD2200}" = rport=138 | protocol=17 | dir=out | app=system | 
"{B478C05F-FCE4-43E7-B5FA-983E608B59E1}" = lport=139 | protocol=6 | dir=in | app=system | 
"{C1B72353-D145-418F-88B9-3294718FF28B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{C6397997-A081-4629-AFC5-882137842B2B}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{CF37A211-7EE6-4A07-841C-232A324A5C5B}" = rport=139 | protocol=6 | dir=out | app=system | 
"{D64F0960-A142-4997-A144-F4F4C818143B}" = lport=445 | protocol=6 | dir=in | app=system | 
"{E08C34C5-7F87-4ED8-B20C-2A3F3B25E100}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{F2AD55AE-DB26-4D46-BD98-6B9D1BD5AF63}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{08B51A5D-DEE1-4E3C-9D1C-622A627F386C}" = protocol=17 | dir=in | app=c:\windows\syswow64\msiexec.exe | 
"{0CDAA829-0152-4E10-A51E-A29602D99026}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{109AD964-4166-4E0D-856B-161ED2D78C0D}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{185859A6-8E48-42F5-ADFA-3249D1BB825B}" = protocol=6 | dir=in | app=c:\windows\syswow64\msiexec.exe | 
"{366FA693-2F37-4FB3-948B-0B59B23756D5}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{3804ED93-33F2-4E35-9086-D18687B66769}" = protocol=17 | dir=in | app=d:\spielereien\civ_vstream\steamapps\common\sid meier's civilization v\launcher.exe | 
"{462012D9-6A5C-428F-BC92-B270320ECFD9}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{4D7289F8-6A1B-45D3-BFDB-C72755489354}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe | 
"{5978847B-9E46-43B0-842A-3EA57096CE84}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe | 
"{5BC36163-0822-4D11-BB3E-856B787DD37B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{6CBC3DC8-75DD-4CA4-8D16-0E69718EFE81}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{7EF023DF-A776-4208-B7F2-E68E34BA87E0}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{874AEED5-08C8-464E-9140-D9C6E5AD17DD}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{880E5FCC-1851-405C-8CAD-4485E0E8FB3F}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{91E94415-D645-4D09-92D7-A7313EDC708F}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{9B9863BD-7EBE-46EF-8F9E-03FAEDD0B5C5}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{A898450A-C082-4C7F-BCEA-AC69B964B0D2}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{B31C205F-A1E5-49D0-98A1-C970FE48B4A7}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{BA06C152-E661-4B02-8594-599070B83428}" = protocol=17 | dir=in | app=c:\windows\system32\cnab4rpd.exe | 
"{BA42E194-241A-4084-9ADD-E0BE90FD4152}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{BF818717-3186-4F8F-9493-79351DA2E6FA}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{C039AECB-2AF9-490B-BFA6-4246669CC8A7}" = protocol=6 | dir=in | app=d:\spielereien\civ_vstream\steamapps\common\sid meier's civilization v\launcher.exe | 
"{DD42DFCE-59C1-4E8D-81CE-D6FA1C9666DD}" = protocol=6 | dir=out | app=system | 
"{E546050E-B7BA-48CA-AABA-1170F3D586C3}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{E88B53A7-88C6-4CB9-BDD0-72A0BDC5510F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{F289530F-963D-40A2-AE9A-8348C5627A5C}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{F3840F6A-F6B4-4312-89A2-155D633E846F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{FF4DE679-4506-4EFF-B697-1A7072CB541E}" = protocol=6 | dir=in | app=c:\windows\system32\cnab4rpd.exe | 
"TCP Query User{33B563AC-1849-46EF-B559-D359EA7405F9}C:\program files (x86)\foobar2000\foobar2000.exe" = protocol=6 | dir=in | app=c:\program files (x86)\foobar2000\foobar2000.exe | 
"TCP Query User{F3252131-272D-46C8-B897-3EE12779CFC0}C:\program files (x86)\foobar2000\foobar2000.exe" = protocol=6 | dir=in | app=c:\program files (x86)\foobar2000\foobar2000.exe | 
"UDP Query User{7EAA2CFB-EF49-401D-BCEF-E3FE4798921B}C:\program files (x86)\foobar2000\foobar2000.exe" = protocol=17 | dir=in | app=c:\program files (x86)\foobar2000\foobar2000.exe | 
"UDP Query User{BA36773D-3805-4457-ADBF-BFCEE3E619B4}C:\program files (x86)\foobar2000\foobar2000.exe" = protocol=17 | dir=in | app=c:\program files (x86)\foobar2000\foobar2000.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{4C47DA93-303F-4165-918B-BCBAD9099DB8}" = Russisch für Deutsche - empfohlen
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-0011-0000-1000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{7BC9B5EB-125A-4E9B-97E1-8D85B5E960B8}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0015-0407-1000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-1000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-1000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-1000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-1000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-1000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-1000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-1000-0000000FF1CE}_Office14.PROPLUS_{70A3169E-288F-454F-A08D-20DF66639B50}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-1000-0000000FF1CE}_Office14.PROPLUS_{0242505C-4E90-407F-9299-B5B275F50D86}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-1000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-1000-0000000FF1CE}_Office14.PROPLUS_{B51389C8-2890-4633-81D8-47D2A7402274}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-1000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-1000-0000000FF1CE}_Office14.PROPLUS_{3013A793-10A7-4D1F-B8B4-2FAA82F4D259}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-1000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-1000-0000000FF1CE}_Office14.PROPLUS_{98782D5D-A9EE-43C6-88AD-B50AD8530E78}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0043-0000-1000-0000000FF1CE}" = Microsoft Office Office 32-bit Components 2010
"{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUS_{E8B6D35B-0B6F-4DCE-9493-859BF3809A7F}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0043-0407-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (German) 2010
"{90140000-0043-0407-1000-0000000FF1CE}_Office14.PROPLUS_{8DFD91C7-66AE-4E54-9901-5D5F401AD329}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0407-1000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-0044-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-1000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-1000-0000000FF1CE}_Office14.PROPLUS_{8299B64F-1537-4081-974C-033EAB8F098E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-1000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0407-1000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{90140000-00BA-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Canon LBP2900" = Canon LBP2900
"CCleaner" = CCleaner
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_10140588" = ThinkPad Modem
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"LENOVO.SMIIF" = Lenovo System Interface Driver
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"OnScreenDisplay" = Anzeige am Bildschirm
"Power Management Driver" = ThinkPad Power Management Driver
"SynTPDeinstKey" = ThinkPad UltraNav Driver
"VLC media player" = VLC media player 2.0.2
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0138F525-6C8A-333F-A105-14AE030B9A54}" = Visual C++ 9.0 CRT (x86) WinSXS MSM
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{05D996FA-ADCB-4D23-BA3C-A7C184A8FAC6}_is1" = MiniTool Partition Wizard Home Edition 7.5
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{15C418EB-7675-42be-B2B3-281952DA014D}" = Sophos AutoUpdate
"{17CBC505-D1AE-459D-B445-3D2000A85842}" = Dienstprogramm "ThinkPad UltraNav"
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{20B1B020-DEAE-48D1-9960-D4C3185D758B}" = Phase 5 HTML-Editor
"{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}" = OpenOffice.org 3.4.1
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 21
"{2ADE2157-7A5E-122C-B51D-EB8A01B15943}" = DeepBurner v1.9.0.228
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5U8xx Media Driver ver.3.64.02
"{69BCC264-0D43-469F-8434-31E738982E7B}" = Cisco AnyConnect Secure Mobility Client
"{6DED41BC-C9EF-4330-B4E5-46CB2C5C6E2D}" = No23 Recorder
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9ACB414D-9347-40B6-A453-5EFB2DB59DFA}" = Sophos Anti-Virus
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.6) - Deutsch
"{CCF298AF-9CE1-4B26-B251-486E98A34789}" = Windows 7 USB/DVD Download Tool
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Cisco AnyConnect Secure Mobility Client" = Cisco AnyConnect Secure Mobility Client 
"dradio-Recorder_is1" = dradio-Recorder Version 3.02.6
"Easy Thumbnails_is1" = Easy Thumbnails (Remove only)
"foobar2000" = foobar2000 v1.1.13
"Freecorder extension" = Freecorder extension
"Freecorder extension for Firefox" = Freecorder extension for Firefox
"HD Tune_is1" = HD Tune 2.55
"ImgBurn" = ImgBurn
"MagicDisc 2.7.106" = MagicDisc 2.7.106
"Mozilla Firefox 20.0.1 (x86 de)" = Mozilla Firefox 20.0.1 (x86 de)
"Mozilla Thunderbird 17.0.5 (x86 de)" = Mozilla Thunderbird 17.0.5 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"No23 Recorder" = No23 Recorder
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"FileZilla Client" = FileZilla Client 3.5.3
"JDownloader Packages" = JDownloader Packages
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 03.05.2013 05:23:29 | Computer Name = knuts_t61 | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "c:\program files
 (x86)\dradio-recorder\phonostar.exe". Fehler in  Manifest- oder Richtliniendatei 
"" in Zeile .  Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt
 mit  einer anderen, bereits aktiven Komponentenversion.  In Konflikt stehende Komponenten:.
Komponente
 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
 
Error - 06.05.2013 18:32:19 | Computer Name = knuts_t61 | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: firefox.exe, Version: 20.0.1.4847,
 Zeitstempel: 0x51650aee  Name des fehlerhaften Moduls: xul.dll, Version: 20.0.1.4847,
 Zeitstempel: 0x51650a09  Ausnahmecode: 0xc0000005  Fehleroffset: 0x000b10e8  ID des fehlerhaften
 Prozesses: 0x1094  Startzeit der fehlerhaften Anwendung: 0x01ce47f159bc4d4e  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Mozilla Firefox\firefox.exe  Pfad 
des fehlerhaften Moduls: C:\Program Files (x86)\Mozilla Firefox\xul.dll  Berichtskennung:
 cf149212-b69c-11e2-a226-001c25bc1cec
 
Error - 07.05.2013 18:54:01 | Computer Name = knuts_t61 | Source = WinMgmt | ID = 10
Description = 
 
Error - 07.05.2013 19:21:08 | Computer Name = knuts_t61 | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "c:\program files
 (x86)\dradio-recorder\phonostar.exe". Fehler in  Manifest- oder Richtliniendatei 
"" in Zeile .  Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt
 mit  einer anderen, bereits aktiven Komponentenversion.  In Konflikt stehende Komponenten:.
Komponente
 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
 
Error - 10.05.2013 09:24:52 | Computer Name = knuts_t61 | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "c:\program files
 (x86)\dradio-recorder\phonostar.exe". Fehler in  Manifest- oder Richtliniendatei 
"" in Zeile .  Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt
 mit  einer anderen, bereits aktiven Komponentenversion.  In Konflikt stehende Komponenten:.
Komponente
 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
 
Error - 12.05.2013 06:27:32 | Computer Name = knuts_t61 | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: services.exe, Version: 6.1.7600.16385,
 Zeitstempel: 0x4a5bc10e  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725,
 Zeitstempel: 0x4ec4aa8e  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0000000000021cca
ID
 des fehlerhaften Prozesses: 0x200  Startzeit der fehlerhaften Anwendung: 0x01ce4b758600d0b3
Pfad
 der fehlerhaften Anwendung: C:\Windows\system32\services.exe  Pfad des fehlerhaften
 Moduls: C:\Windows\SYSTEM32\ntdll.dll  Berichtskennung: 8dc4d00b-baee-11e2-9155-001c25bc1cec
 
Error - 12.05.2013 06:31:25 | Computer Name = knuts_t61 | Source = WinMgmt | ID = 10
Description = 
 
Error - 12.05.2013 07:18:24 | Computer Name = knuts_t61 | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "c:\program files
 (x86)\dradio-recorder\phonostar.exe". Fehler in  Manifest- oder Richtliniendatei 
"" in Zeile .  Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt
 mit  einer anderen, bereits aktiven Komponentenversion.  In Konflikt stehende Komponenten:.
Komponente
 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
 
Error - 12.05.2013 19:16:47 | Computer Name = knuts_t61 | Source = WinMgmt | ID = 10
Description = 
 
Error - 12.05.2013 23:37:50 | Computer Name = knuts_t61 | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "c:\program files
 (x86)\dradio-recorder\phonostar.exe". Fehler in  Manifest- oder Richtliniendatei 
"" in Zeile .  Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt
 mit  einer anderen, bereits aktiven Komponentenversion.  In Konflikt stehende Komponenten:.
Komponente
 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
 
[ Cisco AnyConnect Secure Mobility Client Events ]
Error - 12.05.2013 19:15:37 | Computer Name = knuts_t61 | Source = acvpnagent | ID = 67108866
Description = Function: CMainThread::OnTimerExpired File: .\MainThread.cpp Line: 5264
Invoked
 Function: CMainThread::initiateConnectionRetry Return Code: -28770294 (0xFE49000A)
Description:
 IPCUTIL_ERROR_NO_GUI 
 
Error - 12.05.2013 19:20:32 | Computer Name = knuts_t61 | Source = acvpnagent | ID = 67108865
Description = Function: CServicePluginMgr::GetSettings File: .\ServicePluginMgr.cpp
Line:
 274 m_pIServicePlugin is NULL
 
Error - 12.05.2013 19:20:32 | Computer Name = knuts_t61 | Source = acvpnagent | ID = 67108865
Description = Function: CServicePluginMgr::GetSettings File: .\ServicePluginMgr.cpp
Line:
 274 m_pIServicePlugin is NULL
 
Error - 12.05.2013 19:20:32 | Computer Name = knuts_t61 | Source = acvpnagent | ID = 67108865
Description = Function: CTelemetryPluginMgr::GetSettings File: .\TelemetryPluginMgr.cpp
Line:
 311 m_pITelemetryPlugin is NULL
 
Error - 13.05.2013 03:49:29 | Computer Name = knuts_t61 | Source = acvpnagent | ID = 67108866
Description = Function: CTND::ApplyAutomaticVpnPolicy File: .\TND.cpp Line: 539 Invoked
 Function: CIpcUtil::SendApiCommand Return Code: -28770294 (0xFE49000A) Description:
 IPCUTIL_ERROR_NO_GUI 
 
Error - 13.05.2013 03:49:29 | Computer Name = knuts_t61 | Source = acvpnagent | ID = 67108866
Description = Function: CMainThread::initiateConnectionRetry File: .\MainThread.cpp
Line:
 9081 Invoked Function: CTND::ApplyAutomaticVPNPolicy Return Code: -28770294 (0xFE49000A)
Description:
 IPCUTIL_ERROR_NO_GUI 
 
Error - 13.05.2013 03:49:29 | Computer Name = knuts_t61 | Source = acvpnagent | ID = 67108866
Description = Function: CMainThread::genericNoticeCategoryHandler File: .\MainThread.cpp
Line:
 6606 Invoked Function: CMainThread::initiateConnectionRetry Return Code: -28770294
 (0xFE49000A) Description: IPCUTIL_ERROR_NO_GUI 
 
Error - 13.05.2013 03:49:29 | Computer Name = knuts_t61 | Source = acvpnagent | ID = 67108866
Description = Function: CTND::ApplyAutomaticVpnPolicy File: .\TND.cpp Line: 539 Invoked
 Function: CIpcUtil::SendApiCommand Return Code: -28770294 (0xFE49000A) Description:
 IPCUTIL_ERROR_NO_GUI 
 
Error - 13.05.2013 03:49:29 | Computer Name = knuts_t61 | Source = acvpnagent | ID = 67108866
Description = Function: CMainThread::initiateConnectionRetry File: .\MainThread.cpp
Line:
 9081 Invoked Function: CTND::ApplyAutomaticVPNPolicy Return Code: -28770294 (0xFE49000A)
Description:
 IPCUTIL_ERROR_NO_GUI 
 
Error - 13.05.2013 03:49:29 | Computer Name = knuts_t61 | Source = acvpnagent | ID = 67108866
Description = Function: CMainThread::OnTimerExpired File: .\MainThread.cpp Line: 5264
Invoked
 Function: CMainThread::initiateConnectionRetry Return Code: -28770294 (0xFE49000A)
Description:
 IPCUTIL_ERROR_NO_GUI 
 
[ System Events ]
Error - 28.01.2013 04:46:25 | Computer Name = knuts_t61 | Source = volsnap | ID = 393252
Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
 nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
 
Error - 28.01.2013 16:05:54 | Computer Name = knuts_t61 | Source = Application Popup | ID = 875
Description = Treiber atksgt.sys konnte nicht geladen werden.
 
Error - 28.01.2013 16:05:54 | Computer Name = knuts_t61 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "atksgt" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%1275
 
Error - 29.01.2013 15:12:11 | Computer Name = knuts_t61 | Source = cdrom | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\CdRom0.
 
Error - 29.01.2013 15:14:05 | Computer Name = knuts_t61 | Source = cdrom | ID = 262159
Description = Das Gerät \Device\CdRom0 ist für den Zugriff noch nicht bereit.
 
Error - 29.01.2013 15:21:15 | Computer Name = knuts_t61 | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Steam Client Service erreicht.
 
Error - 29.01.2013 15:21:15 | Computer Name = knuts_t61 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Steam Client Service" wurde aufgrund folgenden Fehlers
 nicht gestartet:   %%1053
 
Error - 29.01.2013 15:35:46 | Computer Name = knuts_t61 | Source = Application Popup | ID = 875
Description = Treiber atksgt.sys konnte nicht geladen werden.
 
Error - 29.01.2013 15:35:46 | Computer Name = knuts_t61 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "atksgt" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%1275
 
Error - 29.01.2013 15:36:51 | Computer Name = knuts_t61 | Source = cdrom | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\CdRom1 gefunden.
 
 
< End of report >
         
-----------------
gmer_2.1.19163_LOG
Code:
ATTFilter
GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-05-13 14:49:48
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP2T0L0-3 Hitachi_HTS542525K9SA00 rev.BBFOC31P 232,89GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\knuts\AppData\Local\Temp\kgroapow.sys


---- Kernel code sections - GMER 2.1 ----

INITKDBG  C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 560                                                                                fffff80002ffd000 93 bytes [FF, F3, 48, 83, EC, 40, 8B, ...]
INITKDBG  C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 654                                                                                fffff80002ffd05e 7 bytes {ADD EAX, 0x17b33d; JMP 0x73}

---- User code sections - GMER 2.1 ----

.text     C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe[284] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                     0000000075971465 2 bytes [97, 75]
.text     C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe[284] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                    00000000759714bb 2 bytes [97, 75]
.text     ...                                                                                                                                               * 2
.text     C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe[1132] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                      0000000075971465 2 bytes [97, 75]
.text     C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe[1132] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                     00000000759714bb 2 bytes [97, 75]
.text     ...                                                                                                                                               * 2
.text     C:\Windows\Explorer.EXE[1332] C:\Windows\system32\kernel32.dll!CopyFileExW                                                                        0000000077aa23d0 5 bytes JMP 000000016fff00d8
.text     C:\Windows\Explorer.EXE[1332] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW                                                              0000000077b1f6c0 8 bytes JMP 000000016fff0110
.text     C:\Windows\Explorer.EXE[1332] C:\Windows\system32\ole32.dll!CoCreateInstance                                                                      000007fefed57490 11 bytes JMP 000007fffdf600d8
.text     C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe[1596] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69   0000000075971465 2 bytes [97, 75]
.text     C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe[1596] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155  00000000759714bb 2 bytes [97, 75]
.text     ...                                                                                                                                               * 2
.text     C:\Program Files (x86)\dradio-Recorder\phonostarTimer.exe[1812] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                           0000000075971465 2 bytes [97, 75]
.text     C:\Program Files (x86)\dradio-Recorder\phonostarTimer.exe[1812] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                          00000000759714bb 2 bytes [97, 75]
.text     ...                                                                                                                                               * 2
.text     C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe[1240] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                          0000000075971465 2 bytes [97, 75]
.text     C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe[1240] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                         00000000759714bb 2 bytes [97, 75]
.text     ...                                                                                                                                               * 2
.text     C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2136] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                        0000000075971465 2 bytes [97, 75]
.text     C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2136] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                       00000000759714bb 2 bytes [97, 75]
.text     ...                                                                                                                                               * 2
.text     C:\Program Files\LENOVO\HOTKEY\tposdsvc.exe[2284] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                         0000000075971465 2 bytes [97, 75]
.text     C:\Program Files\LENOVO\HOTKEY\tposdsvc.exe[2284] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                        00000000759714bb 2 bytes [97, 75]
.text     ...                                                                                                                                               * 2
.text     C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe[2420] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                 0000000075971465 2 bytes [97, 75]
.text     C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe[2420] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                00000000759714bb 2 bytes [97, 75]
.text     ...                                                                                                                                               * 2
.text     C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe[2544] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                             0000000075971465 2 bytes [97, 75]
.text     C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe[2544] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                            00000000759714bb 2 bytes [97, 75]
.text     ...                                                                                                                                               * 2
.text     C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe[2552] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                          0000000075971465 2 bytes [97, 75]
.text     C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe[2552] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                         00000000759714bb 2 bytes [97, 75]
.text     ...                                                                                                                                               * 2
.text     C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe[2860] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69         0000000075971465 2 bytes [97, 75]
.text     C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe[2860] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155        00000000759714bb 2 bytes [97, 75]
.text     ...                                                                                                                                               * 2
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2936] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                    0000000075971465 2 bytes [97, 75]
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2936] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                   00000000759714bb 2 bytes [97, 75]
.text     ...                                                                                                                                               * 2
.text     C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe[3000] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69    0000000075971465 2 bytes [97, 75]
.text     C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe[3000] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155   00000000759714bb 2 bytes [97, 75]
.text     ...                                                                                                                                               * 2
.text     C:\Users\knuts\Desktop\Neuer Ordner (3)\gmer_2.1.19163.exe[956] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                           0000000075971465 2 bytes [97, 75]
.text     C:\Users\knuts\Desktop\Neuer Ordner (3)\gmer_2.1.19163.exe[956] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                          00000000759714bb 2 bytes [97, 75]
.text     ...                                                                                                                                               * 2

---- Registry - GMER 2.1 ----

Reg       HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001c26da3fc5                                                                       
Reg       HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001c26da3fc5 (not active ControlSet)                                                   

---- EOF - GMER 2.1 ----
         
-----------------
Malwarebytes - mbam-log-2013-05-13
Code:
ATTFilter
 Malwarebytes Anti-Malware  (Test) 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.05.13.03

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16540
knuts :: KNUTS_T61 [Administrator]

Schutz: Aktiviert

13.05.2013 15:07:16
mbam-log-2013-05-13 (15-07-16).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 360561
Laufzeit: 56 Minute(n), 15 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
         
-----------------
Ausschnitt vom Sophos Protokoll
Code:
ATTFilter
20130513 024606	Der Scan von 'D:\Sichern_\HANDY_kopie der sdkarte_012012\sys\bin\ATServer_2002E2A3.exe' führte zu SAV Interface-Fehler 0xa004020f: Unzulässiges Format.
20130513 024606	Der Scan von 'D:\Sichern_\HANDY_kopie der sdkarte_012012\sys\bin\BeeTagg.exe' führte zu SAV Interface-Fehler 0xa004020f: Unzulässiges Format.
20130513 024606	Der Scan von 'D:\Sichern_\HANDY_kopie der sdkarte_012012\sys\bin\BTSend_A0000F61.dll' führte zu SAV Interface-Fehler 0xa004020f: Unzulässiges Format.
20130513 024606	Der Scan von 'D:\Sichern_\HANDY_kopie der sdkarte_012012\sys\bin\FolderPlay.exe' führte zu SAV Interface-Fehler 0xa004020f: Unzulässiges Format.
20130513 024607	Der Scan von 'D:\Sichern_\HANDY_kopie der sdkarte_012012\sys\bin\freetype2_1_10.dll' führte zu SAV Interface-Fehler 0xa004020f: Unzulässiges Format.
20130513 024607	Der Scan von 'D:\Sichern_\HANDY_kopie der sdkarte_012012\sys\bin\GIPSVoiceEngineDLL_2000B080.dll' führte zu SAV Interface-Fehler 0xa004020f: Unzulässiges Format.
20130513 024607	Der Scan von 'D:\Sichern_\HANDY_kopie der sdkarte_012012\sys\bin\HBServer_2002E2A0.exe' führte zu SAV Interface-Fehler 0xa004020f: Unzulässiges Format.
20130513 024607	Der Scan von 'D:\Sichern_\HANDY_kopie der sdkarte_012012\sys\bin\LTServer_2002E2A4.exe' führte zu SAV Interface-Fehler 0xa004020f: Unzulässiges Format.
20130513 024607	Der Scan von 'D:\Sichern_\HANDY_kopie der sdkarte_012012\sys\bin\munduradio.exe' führte zu SAV Interface-Fehler 0xa004020f: Unzulässiges Format.
20130513 024607	Der Scan von 'D:\Sichern_\HANDY_kopie der sdkarte_012012\sys\bin\NewMunduRadioEngine.dll' führte zu SAV Interface-Fehler 0xa004020f: Unzulässiges Format.
20130513 024607	Der Scan von 'D:\Sichern_\HANDY_kopie der sdkarte_012012\sys\bin\Nimbuzz.exe' führte zu SAV Interface-Fehler 0xa004020f: Unzulässiges Format.
20130513 024607	Der Scan von 'D:\Sichern_\HANDY_kopie der sdkarte_012012\sys\bin\NimbuzzWD.exe' führte zu SAV Interface-Fehler 0xa004020f: Unzulässiges Format.
20130513 024607	Der Scan von 'D:\Sichern_\HANDY_kopie der sdkarte_012012\sys\bin\PdfFileList.exe' führte zu SAV Interface-Fehler 0xa004020f: Unzulässiges Format.
20130513 024607	Der Scan von 'D:\Sichern_\HANDY_kopie der sdkarte_012012\sys\bin\pdflib.dll' führte zu SAV Interface-Fehler 0xa004020f: Unzulässiges Format.
20130513 024607	Der Scan von 'D:\Sichern_\HANDY_kopie der sdkarte_012012\sys\bin\PdfPlus.exe' führte zu SAV Interface-Fehler 0xa004020f: Unzulässiges Format.
20130513 024607	Der Scan von 'D:\Sichern_\HANDY_kopie der sdkarte_012012\sys\bin\pdfplusuilib.dll' führte zu SAV Interface-Fehler 0xa004020f: Unzulässiges Format.
20130513 024607	Der Scan von 'D:\Sichern_\HANDY_kopie der sdkarte_012012\sys\bin\PersonalBest_20026054.exe' führte zu SAV Interface-Fehler 0xa004020f: Unzulässiges Format.
20130513 024607	Der Scan von 'D:\Sichern_\HANDY_kopie der sdkarte_012012\sys\bin\recpdf_20000B81.dll' führte zu SAV Interface-Fehler 0xa004020f: Unzulässiges Format.
20130513 024607	Der Scan von 'D:\Sichern_\HANDY_kopie der sdkarte_012012\sys\bin\registry_certificate_reader_2001F6CB.dll' führte zu SAV Interface-Fehler 0xa004020f: Unzulässiges Format.
20130513 024607	Der Scan von 'D:\Sichern_\HANDY_kopie der sdkarte_012012\sys\bin\SCServer_2002E2A2.exe' führte zu SAV Interface-Fehler 0xa004020f: Unzulässiges Format.
20130513 024607	Der Scan von 'D:\Sichern_\HANDY_kopie der sdkarte_012012\sys\bin\shazamcore_0x2003027F.dll' führte zu SAV Interface-Fehler 0xa004020f: Unzulässiges Format.
20130513 024607	Der Scan von 'D:\Sichern_\HANDY_kopie der sdkarte_012012\sys\bin\Shazam_0x20030280.exe' führte zu SAV Interface-Fehler 0xa004020f: Unzulässiges Format.
20130513 024607	Der Scan von 'D:\Sichern_\HANDY_kopie der sdkarte_012012\sys\bin\skyhost.exe' führte zu SAV Interface-Fehler 0xa004020f: Unzulässiges Format.
20130513 024607	Der Scan von 'D:\Sichern_\HANDY_kopie der sdkarte_012012\sys\bin\SkypeEngine.dll' führte zu SAV Interface-Fehler 0xa004020f: Unzulässiges Format.
20130513 024607	Der Scan von 'D:\Sichern_\HANDY_kopie der sdkarte_012012\sys\bin\SkypeModel.dll' führte zu SAV Interface-Fehler 0xa004020f: Unzulässiges Format.
20130513 024607	Der Scan von 'D:\Sichern_\HANDY_kopie der sdkarte_012012\sys\bin\SkypeUI.exe' führte zu SAV Interface-Fehler 0xa004020f: Unzulässiges Format.
20130513 024607	Der Scan von 'D:\Sichern_\HANDY_kopie der sdkarte_012012\sys\bin\SkyWidget.dll' führte zu SAV Interface-Fehler 0xa004020f: Unzulässiges Format.
20130513 024607	Der Scan von 'D:\Sichern_\HANDY_kopie der sdkarte_012012\sys\bin\snap_selection_2001F6CE.dll' führte zu SAV Interface-Fehler 0xa004020f: Unzulässiges Format.
20130513 024607	Der Scan von 'D:\Sichern_\HANDY_kopie der sdkarte_012012\sys\bin\YToolsMailFolders.dll' führte zu SAV Interface-Fehler 0xa004020f: Unzulässiges Format.
20130513 024607	Der Scan von 'D:\Sichern_\HANDY_kopie der sdkarte_012012\sys\bin\YToolsTextViewer.dll' führte zu SAV Interface-Fehler 0xa004020f: Unzulässiges Format.
20130513 024607	Der Scan von 'D:\Sichern_\HANDY_kopie der sdkarte_012012\sys\bin\YToolsZipper.dll' führte zu SAV Interface-Fehler 0xa004020f: Unzulässiges Format.
20130513 024607	Der Scan von 'D:\Sichern_\HANDY_kopie der sdkarte_012012\sys\bin\YToolsZipperUI.dll' führte zu SAV Interface-Fehler 0xa004020f: Unzulässiges Format.
20130513 024607	Der Scan von 'D:\Sichern_\HANDY_kopie der sdkarte_012012\sys\bin\YuccaBrowser.exe' führte zu SAV Interface-Fehler 0xa004020f: Unzulässiges Format.
20130513 074936	Benutzer (NT-AUTORITÄT\SYSTEM) hat den On-Access-Scan auf diesem Computer abgebrochen.
20130513 074937	Die Erkennungsdatenversion 4.89G (Detection Engine 3.43.0) wird verwendet. Diese Version kann 5023313 Objekte erkennen.
20130513 074937	Benutzer (NT-AUTORITÄT\SYSTEM) hat den On-Access-Scan auf diesem Computer gestartet.
20130513 075047	Scan 'Computer scannen' gestartet.
20130513 082844	Der Scan von 'D:\Sichern_\HANDY_kopie der sdkarte_012012\sys\bin\ATServer_2002E2A3.exe' führte zu SAV Interface-Fehler 0xa004020f: Unzulässiges Format.
20130513 082844	Der Scan von 'D:\Sichern_\HANDY_kopie der sdkarte_012012\sys\bin\BeeTagg.exe' führte zu SAV Interface-Fehler 0xa004020f: Unzulässiges Format.
20130513 082844	Der Scan von 'D:\Sichern_\HANDY_kopie der sdkarte_012012\sys\bin\BTSend_A0000F61.dll' führte zu SAV Interface-Fehler 0xa004020f: Unzulässiges Format.
20130513 082844	Der Scan von 'D:\Sichern_\HANDY_kopie der sdkarte_012012\sys\bin\FolderPlay.exe' führte zu SAV Interface-Fehler 0xa004020f: Unzulässiges Format.
20130513 082844	Der Scan von 'D:\Sichern_\HANDY_kopie der sdkarte_012012\sys\bin\freetype2_1_10.dll' führte zu SAV Interface-Fehler 0xa004020f: Unzulässiges Format.
20130513 082844	Der Scan von 'D:\Sichern_\HANDY_kopie der sdkarte_012012\sys\bin\GIPSVoiceEngineDLL_2000B080.dll' führte zu SAV Interface-Fehler 0xa004020f: Unzulässiges Format.
20130513 082844	Der Scan von 'D:\Sichern_\HANDY_kopie der sdkarte_012012\sys\bin\HBServer_2002E2A0.exe' führte zu SAV Interface-Fehler 0xa004020f: Unzulässiges Format.
20130513 082844	Der Scan von 'D:\Sichern_\HANDY_kopie der sdkarte_012012\sys\bin\LTServer_2002E2A4.exe' führte zu SAV Interface-Fehler 0xa004020f: Unzulässiges Format.
20130513 082844	Der Scan von 'D:\Sichern_\HANDY_kopie der sdkarte_012012\sys\bin\munduradio.exe' führte zu SAV Interface-Fehler 0xa004020f: Unzulässiges Format.
20130513 082844	Der Scan von 'D:\Sichern_\HANDY_kopie der sdkarte_012012\sys\bin\NewMunduRadioEngine.dll' führte zu SAV Interface-Fehler 0xa004020f: Unzulässiges Format.
20130513 082845	Der Scan von 'D:\Sichern_\HANDY_kopie der sdkarte_012012\sys\bin\Nimbuzz.exe' führte zu SAV Interface-Fehler 0xa004020f: Unzulässiges Format.
20130513 082845	Der Scan von 'D:\Sichern_\HANDY_kopie der sdkarte_012012\sys\bin\NimbuzzWD.exe' führte zu SAV Interface-Fehler 0xa004020f: Unzulässiges Format.
20130513 082845	Der Scan von 'D:\Sichern_\HANDY_kopie der sdkarte_012012\sys\bin\PdfFileList.exe' führte zu SAV Interface-Fehler 0xa004020f: Unzulässiges Format.
20130513 082845	Der Scan von 'D:\Sichern_\HANDY_kopie der sdkarte_012012\sys\bin\pdflib.dll' führte zu SAV Interface-Fehler 0xa004020f: Unzulässiges Format.
20130513 082845	Der Scan von 'D:\Sichern_\HANDY_kopie der sdkarte_012012\sys\bin\PdfPlus.exe' führte zu SAV Interface-Fehler 0xa004020f: Unzulässiges Format.
20130513 082845	Der Scan von 'D:\Sichern_\HANDY_kopie der sdkarte_012012\sys\bin\pdfplusuilib.dll' führte zu SAV Interface-Fehler 0xa004020f: Unzulässiges Format.
20130513 082845	Der Scan von 'D:\Sichern_\HANDY_kopie der sdkarte_012012\sys\bin\PersonalBest_20026054.exe' führte zu SAV Interface-Fehler 0xa004020f: Unzulässiges Format.
20130513 082845	Der Scan von 'D:\Sichern_\HANDY_kopie der sdkarte_012012\sys\bin\recpdf_20000B81.dll' führte zu SAV Interface-Fehler 0xa004020f: Unzulässiges Format.
20130513 082845	Der Scan von 'D:\Sichern_\HANDY_kopie der sdkarte_012012\sys\bin\registry_certificate_reader_2001F6CB.dll' führte zu SAV Interface-Fehler 0xa004020f: Unzulässiges Format.
20130513 082845	Der Scan von 'D:\Sichern_\HANDY_kopie der sdkarte_012012\sys\bin\SCServer_2002E2A2.exe' führte zu SAV Interface-Fehler 0xa004020f: Unzulässiges Format.
20130513 082845	Der Scan von 'D:\Sichern_\HANDY_kopie der sdkarte_012012\sys\bin\shazamcore_0x2003027F.dll' führte zu SAV Interface-Fehler 0xa004020f: Unzulässiges Format.
20130513 082845	Der Scan von 'D:\Sichern_\HANDY_kopie der sdkarte_012012\sys\bin\Shazam_0x20030280.exe' führte zu SAV Interface-Fehler 0xa004020f: Unzulässiges Format.
20130513 082845	Der Scan von 'D:\Sichern_\HANDY_kopie der sdkarte_012012\sys\bin\skyhost.exe' führte zu SAV Interface-Fehler 0xa004020f: Unzulässiges Format.
20130513 082845	Der Scan von 'D:\Sichern_\HANDY_kopie der sdkarte_012012\sys\bin\SkypeEngine.dll' führte zu SAV Interface-Fehler 0xa004020f: Unzulässiges Format.
20130513 082845	Der Scan von 'D:\Sichern_\HANDY_kopie der sdkarte_012012\sys\bin\SkypeModel.dll' führte zu SAV Interface-Fehler 0xa004020f: Unzulässiges Format.
20130513 082845	Der Scan von 'D:\Sichern_\HANDY_kopie der sdkarte_012012\sys\bin\SkypeUI.exe' führte zu SAV Interface-Fehler 0xa004020f: Unzulässiges Format.
20130513 082845	Der Scan von 'D:\Sichern_\HANDY_kopie der sdkarte_012012\sys\bin\SkyWidget.dll' führte zu SAV Interface-Fehler 0xa004020f: Unzulässiges Format.
20130513 082845	Der Scan von 'D:\Sichern_\HANDY_kopie der sdkarte_012012\sys\bin\snap_selection_2001F6CE.dll' führte zu SAV Interface-Fehler 0xa004020f: Unzulässiges Format.
20130513 082845	Der Scan von 'D:\Sichern_\HANDY_kopie der sdkarte_012012\sys\bin\YToolsMailFolders.dll' führte zu SAV Interface-Fehler 0xa004020f: Unzulässiges Format.
20130513 082845	Der Scan von 'D:\Sichern_\HANDY_kopie der sdkarte_012012\sys\bin\YToolsTextViewer.dll' führte zu SAV Interface-Fehler 0xa004020f: Unzulässiges Format.
20130513 082845	Der Scan von 'D:\Sichern_\HANDY_kopie der sdkarte_012012\sys\bin\YToolsZipper.dll' führte zu SAV Interface-Fehler 0xa004020f: Unzulässiges Format.
20130513 082845	Der Scan von 'D:\Sichern_\HANDY_kopie der sdkarte_012012\sys\bin\YToolsZipperUI.dll' führte zu SAV Interface-Fehler 0xa004020f: Unzulässiges Format.
20130513 082845	Der Scan von 'D:\Sichern_\HANDY_kopie der sdkarte_012012\sys\bin\YuccaBrowser.exe' führte zu SAV Interface-Fehler 0xa004020f: Unzulässiges Format.
20130513 084423	Scan 'Computer scannen' abgeschlossen.
20130513 084423	Ergebniszusammenfassung für Scan 'Computer scannen':
		Gescannte Objekte: 159573
		Fehler: 33
		Objekte in Quarantäne: 0
		Behandelte Objekte: 0
         

Geändert von Friedolin (13.05.2013 um 15:55 Uhr) Grund: typo

 

Themen zu Win7 Wartungscenter: Entfernen des Win32/Small.CA-Virus
7-zip, bho, canon, computer, desktop, entfernen, error, fehler, firefox, flash player, format, helper, iexplore.exe, install.exe, logfile, monitor, mozilla, msiexec.exe, ntdll.dll, object, plug-in, popup, port, registry, richtlinie, rundll, russisch, security, services.exe, svchost.exe, udp, version., wartungscenter, win 7 64 bit, win32/small.ca-virus, windows




Ähnliche Themen: Win7 Wartungscenter: Entfernen des Win32/Small.CA-Virus


  1. Win 7 Prof: Win32/Small.CA-Virus wird angezeigt von Wartungscenter
    Log-Analyse und Auswertung - 25.10.2014 (7)
  2. Win7: Small.CA Virus entfernen
    Log-Analyse und Auswertung - 03.12.2013 (11)
  3. Kasperski meldet c:\windows\system32\fsvk.exe.exe, Wartungscenter Befall Win32/Small.CA Virus
    Log-Analyse und Auswertung - 04.11.2013 (7)
  4. Win 7 x64: Entfernen des Win32/Small.CA-Virus
    Log-Analyse und Auswertung - 31.10.2013 (15)
  5. Entfernen des Win32/Small.CA-Virus
    Log-Analyse und Auswertung - 21.10.2013 (9)
  6. Windows 7: Wartungscenter meldet: Entfernen des Win32/Small.CA-Virus
    Log-Analyse und Auswertung - 12.10.2013 (21)
  7. Windows-Wartungscenter meldet mir: Entfernen des TrojanDownloader:Win32/Adload.DA-Virus
    Plagegeister aller Art und deren Bekämpfung - 10.09.2013 (1)
  8. Windows 7: Wartungscenter zeigt "Entfernen des Win32/Small.CA-Virus von Ihrem PC"
    Log-Analyse und Auswertung - 10.09.2013 (11)
  9. Win32/Small.CA-Virus wird im Wartungscenter von Windows 7 angezeigt
    Plagegeister aller Art und deren Bekämpfung - 29.08.2013 (11)
  10. Windows hat Win32/Small.CA Meldung im Wartungscenter
    Plagegeister aller Art und deren Bekämpfung - 31.07.2013 (27)
  11. Win32/Small.CA-Virus entfernen
    Log-Analyse und Auswertung - 22.07.2013 (13)
  12. Entfernen des Win32/Small.CA-Virus
    Plagegeister aller Art und deren Bekämpfung - 05.07.2013 (41)
  13. Win32/Small.CA-Virus entfernen
    Log-Analyse und Auswertung - 03.07.2013 (13)
  14. Win32/Small.CA-Virus vom Windows-Wartungscenter gefunden
    Plagegeister aller Art und deren Bekämpfung - 01.07.2013 (9)
  15. Entfernen des Win32/Small.CA-Virus
    Plagegeister aller Art und deren Bekämpfung - 25.06.2013 (19)
  16. Win7 Sicherheitscenter meldet Win32/Small.CA-Virus
    Plagegeister aller Art und deren Bekämpfung - 20.06.2013 (4)
  17. Win7 sagt PC-Problem: Entfernen des Win32/Small.CA-Virus
    Plagegeister aller Art und deren Bekämpfung - 03.04.2013 (7)

Zum Thema Win7 Wartungscenter: Entfernen des Win32/Small.CA-Virus - Liebe Mitglieder des Trojaner-Boards, bitte helft mir dabei festzustellen, ob mein Computer infiziert ist (und die Infektion evtl. zu behandeln). Ich bin zufällig im Wartungscenter über die Nachricht gestolpert: " - Win7 Wartungscenter: Entfernen des Win32/Small.CA-Virus...
Archiv
Du betrachtest: Win7 Wartungscenter: Entfernen des Win32/Small.CA-Virus auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.