GVU Trojaner, entsperren/entfernen mit Farbar-Programm

ponglenis · 27.06.2013, 17:24

Hallo,

ich habe seit Heute den nervigen GVU-Trojaner auf einem WinVista-Notebook. Ich habe versucht über System-Reset (Zeitpunkt wo alles funktioniert hat) und abgesichertem Modus (auch mit Eingabeaufforderung) das Notebook zu entsperren, scheint die Bastarde (tut mir Leid für die Ausdrucksweise, aber die Zeit die ich jetzt damit verschwenden muss ist mir glaub ich mehr Wert als die 100€ die, die haben wollen) haben eine neue Version rausgebracht wo dieser ''fix'' unmöglich gemacht wird.

Jedenfalls kenne ich euer Forum nicht, bzw. habe ich es grad gefunden und hab auch bei anderen Foren gesehen das, da das Programm ''Farbar Recovery Scan Tool" helfen soll, dies soll aber nur mit einem eigens dafür gemachten Skript funktionieren, so wie ich das verstanden hab.

Ich wäre euch zu tiefen Dank verplichtet wenn Ihr mir genauso wie vielen anderen helfen würdet, dafür habt ihr gleich hier auch den Log vom Scan mit diesem Farbar-Programm.

Vielen Dank!

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 26-06-2013 02
Ran by SYSTEM on 27-06-2013 17:44:27
Running from F:\
Windows Vista (TM) Home Premium (X86) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and Addition.txt log.

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide [1008184 2008-01-19] (Microsoft Corporation)
HKLM\...\Run: [RtHDVCpl] RtHDVCpl.exe [x]
HKLM\...\Run: [Skytel] Skytel.exe [x]
HKLM\...\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [835584 2007-03-10] (Synaptics, Inc.)
HKLM\...\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [182808 2008-07-20] (Intel Corporation)
HKLM\...\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart [86016 2007-08-01] (NVIDIA Corporation)
HKLM\...\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup [8429568 2007-08-01] (NVIDIA Corporation)
HKLM\...\Run: [fssui] "C:\Program Files\Windows Live\Family Safety\fsui.exe" -autorun [647528 2010-04-28] (Microsoft Corporation)
HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [919008 2012-07-27] (Adobe Systems Incorporated)
HKLM\...\Run: [IndexSearch] "C:\Program Files\Nuance\PaperPort\IndexSearch.exe" [46368 2010-03-09] (Nuance Communications, Inc.)
HKLM\...\Run: [PDFHook] C:\Program Files\Nuance\PDF Viewer Plus\pdfpro5hook.exe [636192 2010-03-05] (Nuance Communications, Inc.)
HKLM\...\Run: [PDF5 Registry Controller] C:\Program Files\Nuance\PDF Viewer Plus\RegistryController.exe [62752 2010-03-05] (Nuance Communications, Inc.)
HKLM\...\Run: [ControlCenter4] C:\Program Files\ControlCenter4\BrCcBoot.exe /autorun [143360 2012-09-06] (Brother Industries, Ltd.)
HKLM\...\Run: [BrStsMon00] C:\Program Files\Browny02\Brother\BrStMonW.exe /AUTORUN [3076096 2012-06-06] (Brother Industries, Ltd.)
HKLM\...\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min [345312 2013-05-02] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\VESWinlogon: VESWinlogon.dll (Sony Corporation)
HKU\Mcx1\...\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe [ 2008-01-19] (Microsoft Corporation)
HKU\Mcx1\...\Run: [T-Online_Software_6\WLAN-Access Finder] C:\Program Files\T-Online\WLAN-Access Finder\ToWLaAcF.exe /StartMinimized [ 2007-07-25] (Deutsche Telekom AG, Marmiko IT-Solutions GmbH)
HKU\Mcx1\...\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [x]
HKU\Mcx1\...\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount [ 2008-11-22] ()
HKU\Mcx1\...\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent [ 2013-02-15] (Valve Corporation)
HKU\Mcx1\...\Run: [Grey pop cake audio] "C:\ProgramData\sixth wma defy.xep15" [x]
HKU\Mcx1\...\Run: [admin knob] "C:\ProgramData\Data Date Date.bt9qlaw" [x]
HKU\Mcx1\...\Run: [Facebook Update] "C:\Users\Osteria\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver [ 2012-07-12] (Facebook Inc.)
HKU\Mcx1\...\Run: [SealOne] "C:\Users\Osteria\AppData\Roaming\Seal One\SealOne.exe" /FASTRUN [ 2012-12-27] (Seal One AG)
HKU\Mcx1\...\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler [ 2009-05-05] (Acresso Corporation)
HKU\Mcx1\...\Winlogon: [Shell] C:\Windows\eHome\McrMgr.exe [ 2009-04-11] (Microsoft Corporation) <==== ATTENTION 
HKU\Osteria\...\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe [ 2008-01-19] (Microsoft Corporation)
HKU\Osteria\...\Run: [Grey pop cake audio] "C:\ProgramData\sixth wma defy.xep15" [x]
HKU\Osteria\...\Run: [admin knob] "C:\ProgramData\Data Date Date.bt9qlaw" [x]
HKU\Osteria\...\Run: [SealOne] "C:\Users\Osteria\AppData\Roaming\Seal One\SealOne.exe" /FASTRUN [ 2012-12-27] (Seal One AG)
HKU\Osteria\...\Run: [T-Online_Software_6\WLAN-Access Finder] C:\Program Files\T-Online\WLAN-Access Finder\ToWLaAcF.exe /StartMinimized [ 2007-07-25] (Deutsche Telekom AG, Marmiko IT-Solutions GmbH)
HKU\Osteria\...\Run: [qcgce2mrvjq91kk1e7pnbb19m52fx] C:\Users\Osteria\tnmg2pkn9k9a1.exe [ 2013-06-27] (NVIDIA Corporation)
HKU\Osteria\...\Command Processor: "C:\Users\Osteria\tnmg2pkn9k9a1.exe" <===== ATTENTION!
Startup: C:\Users\Osteria\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Audio Filter.lnk
ShortcutTarget: Audio Filter.lnk -> C:\Program Files\Sony\SonicStage Mastering Studio\Audio Filter\SSMSFilter.exe (Sony Corporation)

========================== Services (Whitelisted) =================

S2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [86752 2013-02-25] (Avira Operations GmbH & Co. KG)
S2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [110816 2013-02-25] (Avira Operations GmbH & Co. KG)
S3 BrYNSvc; C:\Program Files\Browny02\BrYNSvc.exe [266240 2012-06-05] (Brother Industries, Ltd.)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.0.318\McCHSvc.exe [235216 2013-02-05] (McAfee, Inc.)
S3 PACSPTISVR; C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe [57344 2006-12-14] ()
S2 PDFProFiltSrvPP; C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe [144672 2010-03-09] (Nuance Communications, Inc.)
S2 SBSDWSCService; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
S3 SPTISRV; C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe [69632 2006-12-14] (Sony Corporation)
S3 TuneUp.Defrag; C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe [435016 2009-12-07] (TuneUp Software)
S2 TuneUp.UtilitiesSvc; C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [1021256 2009-10-30] (TuneUp Software)
S3 VAIO Entertainment TV Device Arbitration Service; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe [73728 2007-06-28] (Sony Corporation)
S3 VAIOMediaPlatform-IntegratedServer-AppServer; C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe [2523136 2007-06-20] (Sony Corporation)
S3 VAIOMediaPlatform-IntegratedServer-UPnP; C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe [1089536 2007-06-20] (Sony Corporation)
S3 VAIOMediaPlatform-UCLS-AppServer; C:\Program Files\Sony\VAIO Media Integrated Server\UCLS.exe [745472 2007-01-10] (Sony Corporation)
S3 VAIOMediaPlatform-UCLS-UPnP; C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe [1089536 2007-06-20] (Sony Corporation)
S3 VcmIAlzMgr; C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [292152 2007-07-05] (Sony Corporation)
S3 Vcsw; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe [274432 2007-06-28] (Sony Corporation)
S3 VUAgent; C:\Program Files\Sony\VAIO Update\VUAgent.exe [957056 2012-10-26] (Sony Corporation)
S2 VzCdbSvc; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe [192512 2007-08-28] (Sony Corporation)
S2 VzFw; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe [131072 2007-08-28] (Sony Corporation)
S3 VAIOMediaPlatform-IntegratedServer-HTTP; "C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-IntegratedServer-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="Applications\IntegratedServer\HTTP" [x]
S3 VAIOMediaPlatform-Mobile-Gateway; "C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe" /Service=VAIOMediaPlatform-Mobile-Gateway /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Addons\Packages\Mobile\Gateway" /DisplayName="VAIO Media Gateway Server" [x]
S3 VAIOMediaPlatform-UCLS-HTTP; "C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-UCLS-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Applications\UCLS\HTTP" [x]

==================== Drivers (Whitelisted) ====================

S2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [84744 2013-02-27] (Avira Operations GmbH & Co. KG)
S1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [135136 2013-02-27] (Avira Operations GmbH & Co. KG)
S1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-03-06] (Avira Operations GmbH & Co. KG)
S3 hwusbdev; C:\Windows\System32\DRIVERS\ewusbdev.sys [101120 2009-10-12] (Huawei Technologies Co., Ltd.)
S3 R5U870FLx86; C:\Windows\System32\Drivers\R5U870FLx86.sys [73472 2007-04-20] (Ricoh)
S3 R5U870FUx86; C:\Windows\System32\Drivers\R5U870FUx86.sys [43904 2007-04-20] (Ricoh)
S3 s1018bus; C:\Windows\System32\DRIVERS\s1018bus.sys [90408 2008-06-04] (MCCI Corporation)
S3 s1018mdfl; C:\Windows\System32\DRIVERS\s1018mdfl.sys [15016 2008-06-04] (MCCI Corporation)
S3 s1018mdm; C:\Windows\System32\DRIVERS\s1018mdm.sys [122024 2008-06-04] (MCCI Corporation)
S3 s1018mgmt; C:\Windows\System32\DRIVERS\s1018mgmt.sys [115368 2008-06-04] (MCCI Corporation)
S3 s1018nd5; C:\Windows\System32\DRIVERS\s1018nd5.sys [25768 2008-06-04] (MCCI Corporation)
S3 s1018unic; C:\Windows\System32\DRIVERS\s1018unic.sys [117544 2008-06-04] (MCCI Corporation)
S3 SNC; C:\Windows\System32\Drivers\SonyNC.sys [27520 2006-11-06] (Sony Corporation)
S0 sptd; C:\Windows\System32\Drivers\sptd.sys [716272 2008-11-22] (Duplex Secure Ltd.)
S1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2012-08-27] (Avira GmbH)
S3 ti21sony; C:\Windows\System32\drivers\ti21sony.sys [812544 2007-06-06] (Texas Instruments)
S3 TuneUpUtilitiesDrv; C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [10064 2009-10-14] (TuneUp Software)
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [x]
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]
S3 TSMPacket; system32\DRIVERS\tsmpkt.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-06-27 15:44 - 2013-06-27 15:44 - 00000000 ____D C:\FRST
2013-06-27 09:19 - 2013-06-27 09:19 - 01084715 ____A C:\Users\Osteria\AppData\Roaming\2433f433
2013-06-27 09:19 - 2013-06-27 09:19 - 01084673 ____A C:\Users\Osteria\AppData\Local\2433f433
2013-06-27 09:18 - 2013-06-27 09:18 - 00068096 ____A (NVIDIA Corporation) C:\Users\Osteria\tnmg2pkn9k9a1.exe
2013-06-27 09:18 - 2013-06-27 09:18 - 00068096 ____A (NVIDIA Corporation) C:\Users\Osteria\tnmg2pkn9k9a1.dll
2013-06-25 11:31 - 2013-06-27 16:14 - 00000000 ____D C:\e4c96dea219e64f8c868cace7c
2013-06-24 12:02 - 2013-06-27 16:26 - 00000384 ____A C:\Windows\Tasks\RNUpgradeHelperLogonPrompt_Osteria.job
2013-06-24 12:02 - 2013-06-26 12:03 - 00000374 ____A C:\Windows\Tasks\ReclaimerUpdateXML_Osteria.job
2013-06-24 12:02 - 2013-06-26 11:03 - 00000378 ____A C:\Windows\Tasks\ReclaimerUpdateFiles_Osteria.job
2013-06-13 12:48 - 2013-05-16 23:28 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-06-13 12:48 - 2013-05-16 23:23 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-06-13 12:48 - 2013-05-16 23:21 - 00717824 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-06-13 12:48 - 2013-05-16 23:21 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-06-13 12:48 - 2013-05-16 23:20 - 00420864 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-06-13 12:48 - 2013-05-16 23:19 - 00607744 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-06-13 12:48 - 2013-05-16 23:17 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-06-13 12:48 - 2013-05-16 23:16 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-13 12:48 - 2013-05-16 23:12 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-13 12:47 - 2013-05-17 00:08 - 12329984 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-13 12:47 - 2013-05-16 23:49 - 09738752 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-13 12:47 - 2013-05-16 23:39 - 01800704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-06-13 12:47 - 2013-05-16 23:28 - 01104384 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-13 12:47 - 2013-05-16 23:27 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-06-13 12:47 - 2013-05-16 23:26 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2013-06-13 12:47 - 2013-05-16 23:17 - 01796096 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-12 12:06 - 2013-05-08 05:37 - 00905576 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-06-12 12:06 - 2013-05-02 23:03 - 03603832 ____A (Microsoft Corporation) C:\Windows\System32\ntkrnlpa.exe
2013-06-12 12:06 - 2013-05-02 23:03 - 03551096 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2013-06-12 12:06 - 2013-05-02 05:04 - 00443904 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll
2013-06-12 12:06 - 2013-05-02 05:03 - 00037376 ____A (Microsoft Corporation) C:\Windows\System32\printcom.dll
2013-06-12 12:06 - 2013-04-24 05:00 - 00985600 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2013-06-12 12:06 - 2013-04-24 05:00 - 00133120 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2013-06-12 12:06 - 2013-04-24 05:00 - 00098304 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2013-06-12 12:06 - 2013-04-24 05:00 - 00041984 ____A (Microsoft Corporation) C:\Windows\System32\certenc.dll
2013-06-12 12:06 - 2013-04-24 02:46 - 00812544 ____A (Microsoft Corporation) C:\Windows\System32\certutil.exe
2013-06-12 12:05 - 2013-04-17 13:30 - 00024576 ____A (Microsoft Corporation) C:\Windows\System32\cryptdlg.dll

==================== One Month Modified Files and Folders ========

2013-06-27 16:26 - 2013-06-24 12:02 - 00000384 ____A C:\Windows\Tasks\RNUpgradeHelperLogonPrompt_Osteria.job
2013-06-27 16:26 - 2009-12-25 18:56 - 00001094 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-06-27 16:26 - 2006-11-02 14:01 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-06-27 16:26 - 2006-11-02 13:47 - 00003696 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-06-27 16:26 - 2006-11-02 13:47 - 00003696 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-06-27 16:14 - 2013-06-25 11:31 - 00000000 ____D C:\e4c96dea219e64f8c868cace7c
2013-06-27 16:14 - 2009-12-11 14:29 - 00000000 ____D C:\ProgramData\Real
2013-06-27 16:14 - 2009-03-23 21:02 - 00000000 ____D C:\users\Mcx1
2013-06-27 16:14 - 2007-12-18 22:00 - 00000000 ____D C:\users\Osteria
2013-06-27 16:14 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\System32\spool
2013-06-27 16:14 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\System32\Msdtc
2013-06-27 16:14 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\registration
2013-06-27 16:14 - 2006-11-02 11:22 - 53477376 ____A C:\Windows\System32\config\software_previous
2013-06-27 16:14 - 2006-11-02 11:22 - 35127296 ____A C:\Windows\System32\config\system_previous
2013-06-27 16:10 - 2006-11-02 11:22 - 45088768 ____A C:\Windows\System32\config\components_previous
2013-06-27 16:09 - 2006-11-02 11:22 - 00262144 ____A C:\Windows\System32\config\sam_previous
2013-06-27 15:53 - 2007-08-15 13:39 - 00000012 ____A C:\Windows\bthservsdp.dat
2013-06-27 15:53 - 2006-11-02 14:01 - 00032632 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2013-06-27 15:44 - 2013-06-27 15:44 - 00000000 ____D C:\FRST
2013-06-27 14:58 - 2007-12-18 22:00 - 00061440 ____A C:\Users\Osteria\AppData\Roaming\nvModes.001
2013-06-27 14:03 - 2007-12-18 21:46 - 02053016 ____A C:\Windows\WindowsUpdate.log
2013-06-27 09:24 - 2012-07-30 10:24 - 00000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-06-27 09:19 - 2013-06-27 09:19 - 01084715 ____A C:\Users\Osteria\AppData\Roaming\2433f433
2013-06-27 09:19 - 2013-06-27 09:19 - 01084673 ____A C:\Users\Osteria\AppData\Local\2433f433
2013-06-27 09:18 - 2013-06-27 09:18 - 00068096 ____A (NVIDIA Corporation) C:\Users\Osteria\tnmg2pkn9k9a1.exe
2013-06-27 09:18 - 2013-06-27 09:18 - 00068096 ____A (NVIDIA Corporation) C:\Users\Osteria\tnmg2pkn9k9a1.dll
2013-06-27 09:13 - 2009-12-25 18:56 - 00001098 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-06-27 08:46 - 2011-11-20 15:14 - 00001146 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-723902195-3043266244-887298501-1000UA.job
2013-06-26 21:14 - 2006-11-02 11:33 - 00005576 ____A C:\Windows\System32\PerfStringBackup.INI
2013-06-26 12:03 - 2013-06-24 12:02 - 00000374 ____A C:\Windows\Tasks\ReclaimerUpdateXML_Osteria.job
2013-06-26 11:46 - 2011-11-20 15:14 - 00001124 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-723902195-3043266244-887298501-1000Core.job
2013-06-26 11:03 - 2013-06-24 12:02 - 00000378 ____A C:\Windows\Tasks\ReclaimerUpdateFiles_Osteria.job
2013-06-25 11:15 - 2006-11-02 11:22 - 00524288 ____A C:\Windows\System32\config\default_previous
2013-06-25 11:15 - 2006-11-02 11:22 - 00262144 ____A C:\Windows\System32\config\security_previous
2013-06-22 21:09 - 2013-05-08 14:40 - 00003980 ____A C:\Windows\setupact.log
2013-06-21 21:12 - 2007-12-24 06:19 - 00000000 ____D C:\Update
2013-06-16 19:02 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\Microsoft.NET
2013-06-13 18:01 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\rescache
2013-06-13 12:58 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\System32\de-DE
2013-06-13 12:38 - 2006-11-02 11:24 - 73381792 ____A (Microsoft Corporation) C:\Windows\System32\mrt.exe
2013-06-12 12:24 - 2012-07-30 10:24 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2013-06-12 12:24 - 2011-07-16 23:50 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2013-06-05 12:47 - 2008-03-17 17:29 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2013-06-05 09:01 - 2013-05-24 08:47 - 00000000 ____D C:\Users\Osteria\AppData\Roaming\Soyhal
2013-06-04 21:21 - 2013-05-24 08:47 - 00000000 ____D C:\Users\Osteria\AppData\Roaming\Cyru

ZeroAccess:
C:\$Recycle.Bin\S-1-5-21-723902195-3043266244-887298501-1000\$d95d36d54d0baff114e4fbf8656ae7d0

Files to move or delete:
====================
C:\Users\Osteria\tnmg2pkn9k9a1.exe
C:\ProgramData\ezsid.dat

==================== Known DLLs (Whitelisted) ============


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points  =========================

Restore point made on: 2013-06-10 12:32:42
Restore point made on: 2013-06-11 11:04:05
Restore point made on: 2013-06-11 12:58:58
Restore point made on: 2013-06-12 20:29:33
Restore point made on: 2013-06-13 12:34:37
Restore point made on: 2013-06-14 16:12:42
Restore point made on: 2013-06-14 21:36:30
Restore point made on: 2013-06-15 21:53:31
Restore point made on: 2013-06-16 19:44:37
Restore point made on: 2013-06-18 10:42:14
Restore point made on: 2013-06-19 10:40:37
Restore point made on: 2013-06-20 10:16:45
Restore point made on: 2013-06-21 09:53:10
Restore point made on: 2013-06-21 16:07:27
Restore point made on: 2013-06-22 09:46:14
Restore point made on: 2013-06-23 12:10:51
Restore point made on: 2013-06-24 09:49:53
Restore point made on: 2013-06-25 11:30:44
Restore point made on: 2013-06-26 08:56:48
Restore point made on: 2013-06-27 10:06:25

==================== Memory info =========================== 

Percentage of memory in use: 18%
Total physical RAM: 2045.81 MB
Available physical RAM: 1657.76 MB
Total Pagefile: 1872.59 MB
Available Pagefile: 1729.16 MB
Total Virtual: 2047.88 MB
Available Virtual: 1979.14 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:177.4 GB) (Free:90.06 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive e: (Recovery) (Fixed) (Total:8.91 GB) (Free:0.85 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive f: (INTENSO) (Removable) (Total:7.37 GB) (Free:7.37 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 186 GB) (Disk ID: 976E47FC)
Partition 1: (Not Active) - (Size=9 GB) - (Type=27)
Partition 2: (Active) - (Size=177 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 7 GB) (Disk ID: C3072E18)
Partition 1: (Active) - (Size=7 GB) - (Type=0C)


LastRegBack: 2013-06-27 13:49

==================== End Of Log ============================

M-K-D-B · 27.06.2013, 17:57

Mein Name ist Matthias und ich werde dir bei der Bereinigung deines Computers helfen.

Bitte beachte folgende Hinweise:

Eine Bereinigung ist mitunter mit viel Arbeit für dich verbunden. Es können mehrere Analyse- und Bereinigungsschritte erforderlich sein.
Abschließend entfernen wir wieder alle verwendeten Programme und ich gebe dir ein paar Tipps für die Zukunft mit auf den Weg.
Bei Anzeichen von illegaler Software wird der Support ohne Diskussion eingestellt.
Bitte arbeite alle Schritte in der vorgegebenen Reihefolge nacheinander ab und poste alle Logdateien in CODE-Tags.
Lies dir die Anleitungen sorgfältig durch. Solltest du Probleme haben, stoppe mit deiner Bearbeitung und beschreibe mir dein Problem so gut es geht.
Führe nur Scans durch, zu denen du von mir oder einem anderen Helfer aufgefordert wirst.
Bitte kein Crossposting (posten in mehreren Foren).
Installiere oder deinstalliere während der Bereinigung keine Software außer du wirst dazu aufgefordert.
Solltest du mir nicht innerhalb von 3 Tagen antworten, gehe ich davon aus, dass du keine Hilfe mehr benötigst. Dann lösche ich dein Thema aus meinem Abo.
Solltest du einmal länger abwesend sein, so gib mir bitte Bescheid!
Alle zu verwendenen Programme sind auf dem Desktop abzuspeichern und von dort zu starten!
Ich kann Dir niemals eine Garantie geben, dass auch ich alles finde. Eine Formatierung ist meist der schnellere und immer der sicherste Weg.
Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass Du clean bist.

Ich habe dein Thema in Arbeit und melde mich so schnell wie möglich mit weiteren Anweisungen.

M-K-D-B · 27.06.2013, 18:12

Servus,

Schritt 1 sollte deinen Rechner entsperren.
Schritt 2 + 3 bitte im normalen Modus vom Desktop starten.

Schritt 1
Drücke auf dem sauberen Rechner bitte die

+ R Taste und schreibe notepad in das Ausführen Fenster und drücke Enter.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

ATTFilter

start
HKU\Mcx1\...\Run: [Grey pop cake audio] "C:\ProgramData\sixth wma defy.xep15" [x]
HKU\Mcx1\...\Run: [admin knob] "C:\ProgramData\Data Date Date.bt9qlaw" [x]
HKU\Mcx1\...\Winlogon: [Shell] C:\Windows\eHome\McrMgr.exe [ 2009-04-11] (Microsoft Corporation) <==== ATTENTION 
HKU\Osteria\...\Run: [Grey pop cake audio] "C:\ProgramData\sixth wma defy.xep15" [x]
HKU\Osteria\...\Run: [admin knob] "C:\ProgramData\Data Date Date.bt9qlaw" [x]
HKU\Osteria\...\Run: [qcgce2mrvjq91kk1e7pnbb19m52fx] C:\Users\Osteria\tnmg2pkn9k9a1.exe [ 2013-06-27] (NVIDIA Corporation)
HKU\Osteria\...\Command Processor: "C:\Users\Osteria\tnmg2pkn9k9a1.exe" <===== ATTENTION!
2013-06-27 09:19 - 2013-06-27 09:19 - 01084715 ____A C:\Users\Osteria\AppData\Roaming\2433f433
2013-06-27 09:19 - 2013-06-27 09:19 - 01084673 ____A C:\Users\Osteria\AppData\Local\2433f433
2013-06-27 09:18 - 2013-06-27 09:18 - 00068096 ____A (NVIDIA Corporation) C:\Users\Osteria\tnmg2pkn9k9a1.exe
2013-06-27 09:18 - 2013-06-27 09:18 - 00068096 ____A (NVIDIA Corporation) C:\Users\Osteria\tnmg2pkn9k9a1.dll
2013-06-05 09:01 - 2013-05-24 08:47 - 00000000 ____D C:\Users\Osteria\AppData\Roaming\Soyhal
2013-06-04 21:21 - 2013-05-24 08:47 - 00000000 ____D C:\Users\Osteria\AppData\Roaming\Cyru
C:\$Recycle.Bin\S-1-5-21-723902195-3043266244-887298501-1000\$d95d36d54d0baff114e4fbf8656ae7d0
end

Speichere diese bitte als Fixlist.txt auf deinem USB Stick.

Starte deinen infizierten Rechner erneut in die Reparaturoptionen
Starte nun die FRST.exe erneut und klicke den Fix Button.

Das Tool erstellt eine Fixlog.txt auf deinem USB Stick. Poste den Inhalt bitte hier.

Schritt 2
Scan mit Combofix

WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link

WICHTIG: Speichere Combofix auf deinem Desktop.

Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.

Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!

Wenn Combofix fertig ist, wird es ein Logfile erstellen.

Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

Schritt 3
Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop (falls noch nicht vorhanden).

Starte bitte die OTL.exe.
Oben findest Du ein Kästchen mit Ausgabe. Wähle bitte Standard Ausgabe.
Setze einen Haken bei Scanne alle Benutzer.
Unter Extra Registry, wähle bitte Use SafeList.
Kopiere nun den Inhalt aus der Codebox in die Textbox.

Code:

ATTFilter

activex
msconfig
CREATERESTOREPOINT

Schließe bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Scan Button.
Am Ende des Suchlaufs werden 2 Logdateien erstellt.
Kopiere nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread

Bitte poste mit deiner nächsten Antwort

die Logdatei von FRST,
die Logdatei von ComboFix,
die beiden Logdateien von OTL.

ponglenis · 27.06.2013, 18:56

Hier schon mal die Fixlog-Datei vom Farbar-Programm:

Code:

ATTFilter

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 26-06-2013 02
Ran by SYSTEM at 2013-06-27 19:37:33 Run:2
Running from F:\
Boot Mode: Recovery

==============================================

HKU\Mcx1\Software\Microsoft\Windows\CurrentVersion\Run\\Grey pop cake audio => Value deleted successfully.
HKU\Mcx1\Software\Microsoft\Windows\CurrentVersion\Run\\admin knob => Value deleted successfully.
HKU\Mcx1\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => Value deleted successfully.
HKU\Osteria\Software\Microsoft\Windows\CurrentVersion\Run\\Grey pop cake audio => Value deleted successfully.
HKU\Osteria\Software\Microsoft\Windows\CurrentVersion\Run\\admin knob => Value deleted successfully.
HKU\Osteria\Software\Microsoft\Windows\CurrentVersion\Run\\qcgce2mrvjq91kk1e7pnbb19m52fx => Value not found.
HKU\Osteria\Software\Microsoft\Command Processor\\AutoRun => Value not found.
C:\Users\Osteria\AppData\Roaming\2433f433 => Moved successfully.
C:\Users\Osteria\AppData\Local\2433f433 => Moved successfully.
C:\Users\Osteria\tnmg2pkn9k9a1.exe => File/Directory not found.
C:\Users\Osteria\tnmg2pkn9k9a1.dll => File/Directory not found.
C:\Users\Osteria\AppData\Roaming\Soyhal => Moved successfully.
C:\Users\Osteria\AppData\Roaming\Cyru => Moved successfully.
C:\$Recycle.Bin\S-1-5-21-723902195-3043266244-887298501-1000\$d95d36d54d0baff114e4fbf8656ae7d0 => Directory moved successfully.

==== End of Fixlog ====

Vielen Dank, das Notebook ist entsperrt, weitere Log-Dateien folgen von den weiteren Schritten in kürze...

M-K-D-B · 27.06.2013, 19:05

Servus,

das hört sich doch schon mal gut an.

ponglenis · 27.06.2013, 19:53

Tut mir Leid, ich habe ein Problem, nachdem Combofix meinen Computer neugestartet hat, will er nicht Hochfahren, oben links blinkt nur ein Strich vom BIOS...

Was nun?

M-K-D-B · 27.06.2013, 19:54

Servus,

Rechner komplett ausschalten und neu starten.

Ggf. im abgesicherten Modus starten, wenn der normale Modus nicht funktioniert.

Berichte mir, ob sich eine Besserung ergeben hat.

ponglenis · 27.06.2013, 20:02

Okay, Gott sei Dank ist er wieder angesprungen, Combofix-Fenster ist offen und bittet mich um Gelduld, glaub ist bald fertig also, Fixlogs folgen...

M-K-D-B · 27.06.2013, 20:03

Hehe...

Ich hatte schon gedacht, ComboFix hat deinen Rechner ausgeknippst...

Freut mich, dass es läuft.

ponglenis · 27.06.2013, 20:35

Hatte gerade nachdem Combofix fertig war, und der eine Fehler den du schon beschrieben hast (in der Anleitung) kam, beim Neustart wieder den BIOS-Strich... sprang aber bei neuem Hard-Reset wieder an...

jedenfalls der Combofix-Fixlog:

Code:

ATTFilter

ComboFix 13-06-27.01 - Osteria 27.06.2013  20:23:25.1.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.49.1031.18.2046.709 [GMT 2:00]
ausgeführt von:: c:\users\Osteria\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\webmediaplayer
c:\program files\webmediaplayer\resources\wmp_translation_file.xml
c:\program files\webmediaplayer\skins\classic.skn
c:\program files\webmediaplayer\sqlite3.dll
c:\programdata\Microsoft\Windows\Start Menu\Programs\WebMediaPlayer
c:\programdata\Microsoft\Windows\Start Menu\Programs\WebMediaPlayer\Datenschutzrichtlinien.url
c:\programdata\Microsoft\Windows\Start Menu\Programs\WebMediaPlayer\Geschäftsbedingungen.url
c:\programdata\Microsoft\Windows\Start Menu\Programs\WebMediaPlayer\Website.url
c:\programdata\SPL65E9.tmp
c:\programdata\SPL71E5.tmp
c:\programdata\SPL8547.tmp
c:\programdata\SPL90DB.tmp
c:\programdata\SPLB7FA.tmp
c:\programdata\SPLD00C.tmp
c:\programdata\SPLD329.tmp
c:\programdata\SPLDC.tmp
c:\programdata\SPLF97C.tmp
c:\users\Osteria\AppData\Local\bqftbxm.dat
c:\users\Osteria\AppData\Local\bqftbxm_nav.dat
c:\users\Osteria\AppData\Local\bqftbxm_navps.dat
c:\users\Osteria\AppData\Local\Temp\~WS1219.tmp
c:\users\Osteria\AppData\Local\Temp\~WS13AF.tmp
c:\users\Osteria\AppData\Local\Temp\~WS16BC.tmp
c:\windows\system32\paypal.url
c:\windows\system32\winx.url
c:\windows\wininit.ini
c:\users\Osteria\AppData\Roaming\Microsoft\Windows\Recent\????? 1 ??????? ??????.url . . . . Nicht in der Lage zu löschen
c:\users\Osteria\AppData\Roaming\Microsoft\Windows\Recent\Fishki.Net - ??????? ? ??? ??? ??????? (?????)  ??????? ?????.url . . . . Nicht in der Lage zu löschen
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-05-27 bis 2013-06-27  ))))))))))))))))))))))))))))))
.
.
2013-06-27 18:39 . 2013-06-27 18:39	--------	d-----w-	c:\users\Mcx1\AppData\Local\temp
2013-06-27 18:39 . 2013-06-27 18:39	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-06-27 18:05 . 2013-05-13 06:19	7016152	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{E30EFE53-D75B-47DB-BC27-027CBD75F2CA}\mpengine.dll
2013-06-27 14:44 . 2013-06-27 18:37	--------	d-----w-	C:\FRST
2013-06-25 10:31 . 2013-06-27 15:14	--------	d-----w-	C:\e4c96dea219e64f8c868cace7c
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-15 13:24 . 2012-07-30 09:24	692104	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2013-05-15 13:24 . 2011-07-16 22:50	71048	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2013-05-05 19:12 . 2013-05-16 08:34	2382848	----a-w-	c:\windows\system32\mshtml.tlb
2013-05-02 00:06 . 2009-10-02 23:24	238872	------w-	c:\windows\system32\MpSigStub.exe
2013-04-15 14:20 . 2013-05-15 08:20	638328	----a-w-	c:\windows\system32\drivers\dxgkrnl.sys
2013-04-13 10:56 . 2013-05-15 08:20	37376	----a-w-	c:\windows\system32\cdd.dll
2013-04-09 01:36 . 2013-05-15 08:20	2049024	----a-w-	c:\windows\system32\win32k.sys
2013-04-04 22:11 . 2013-05-16 08:10	1800704	----a-w-	c:\windows\system32\jscript9.dll
2013-04-04 22:02 . 2013-05-16 08:10	1427968	----a-w-	c:\windows\system32\inetcpl.cpl
2013-04-04 22:02 . 2013-05-16 08:10	1129472	----a-w-	c:\windows\system32\wininet.dll
2013-04-04 21:58 . 2013-05-16 08:10	142848	----a-w-	c:\windows\system32\ieUnatt.exe
2013-04-04 21:57 . 2013-05-16 08:10	420864	----a-w-	c:\windows\system32\vbscript.dll
2009-02-24 19:34 . 2013-05-24 13:35	1044480	----a-w-	c:\program files\mozilla firefox\plugins\libdivx.dll
2009-02-24 19:34 . 2013-05-24 13:35	200704	----a-w-	c:\program files\mozilla firefox\plugins\ssldivx.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"SealOne"="c:\users\Osteria\AppData\Roaming\Seal One\SealOne.exe" [2012-12-27 280600]
"T-Online_Software_6\WLAN-Access Finder"="c:\program files\T-Online\WLAN-Access Finder\ToWLaAcF.exe" [2007-07-25 671796]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2007-06-26 4489216]
"Skytel"="Skytel.exe" [2007-06-26 1826816]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-03-10 835584]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-07-20 182808]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-08-01 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-08-01 8429568]
"fssui"="c:\program files\Windows Live\Family Safety\fsui.exe" [2010-04-28 647528]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"IndexSearch"="c:\program files\Nuance\PaperPort\IndexSearch.exe" [2010-03-08 46368]
"PDFHook"="c:\program files\Nuance\PDF Viewer Plus\pdfpro5hook.exe" [2010-03-05 636192]
"PDF5 Registry Controller"="c:\program files\Nuance\PDF Viewer Plus\RegistryController.exe" [2010-03-05 62752]
"ControlCenter4"="c:\program files\ControlCenter4\BrCcBoot.exe" [2012-09-06 143360]
"BrStsMon00"="c:\program files\Browny02\Brother\BrStMonW.exe" [2012-06-06 3076096]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2013-05-02 345312]
.
c:\users\Osteria\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Audio Filter.lnk - c:\program files\Sony\SonicStage Mastering Studio\Audio Filter\SSMSFilter.exe [2007-9-5 5742136]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2012-8-6 110592]
BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-7-3 739880]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2007-07-24 17:26	98304	----a-w-	c:\windows\System32\VESWinlogon.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
backup=c:\windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
backupExtension=.CommonStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\T-Online_Software_6
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]
2008-11-22 19:34	4608	----a-w-	c:\program files\Alcohol Soft\Alcohol 120\AxCmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppMon Utility]
2007-07-12 13:39	534392	----a-w-	c:\program files\Sony\AppMonUtil\AppMonUtility.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Facebook Update]
2012-07-12 10:41	138096	----atw-	c:\users\Osteria\AppData\Local\Facebook\Update\FacebookUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2007-08-01 00:17	81920	----a-w-	c:\windows\System32\nvmctray.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PaperPort PTD]
2010-03-08 23:42	29984	----a-w-	c:\program files\Nuance\PaperPort\pptd40nt.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-05-26 15:18	413696	----a-w-	c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2009-04-11 06:28	1233920	----a-w-	c:\program files\Windows Sidebar\sidebar.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2013-02-15 12:08	1597864	----a-w-	c:\program files\Steam\steam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SweetIM]
2010-06-07 14:32	111928	----a-r-	c:\program files\SweetIM\Messenger\SweetIM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\T-Online_Software_6\WLAN-Access Finder]
2007-07-25 16:50	671796	----a-w-	c:\program files\T-Online\WLAN-Access Finder\ToWLaAcF.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"LosAlamos"=rundll32.exe c:\users\Osteria\AppData\Local\Temp\sshnas21.dll,AttachConsoleA
"ISUSPM"=c:\programdata\FLEXnet\Connect\11\ISUSPM.exe -scheduler
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe"
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe"
"TkBellExe"="c:\program files\real\realplayer\Update\realsched.exe" -osboot
"PPort12reminder"="c:\program files\Nuance\PaperPort\Ereg\Ereg.exe" -r "c:\programdata\ScanSoft\PaperPort\12\Config\Ereg\Ereg.ini"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs	REG_MULTI_SZ   	BthServ
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	FontCache
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
UxTuneUp
.
Inhalt des "geplante Tasks" Ordners
.
2013-06-27 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-30 13:24]
.
2013-06-11 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-723902195-3043266244-887298501-1000Core.job
- c:\users\Osteria\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-11-20 10:41]
.
2013-06-11 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-723902195-3043266244-887298501-1000UA.job
- c:\users\Osteria\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-11-20 10:41]
.
2013-06-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-25 17:56]
.
2013-06-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-25 17:56]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
mStart Page = hxxp://home.sweetim.com
uInternet Settings,ProxyOverride = <local>;*.local
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
FF - ProfilePath - c:\users\Osteria\AppData\Roaming\Mozilla\Firefox\Profiles\b9sabiz4.default\
FF - prefs.js: browser.search.defaulturl - hxxp://homepage.am/?q=
FF - prefs.js: browser.search.selectedEngine - mail.ru: ÐŸÐ¾Ð¸ÑÐº Ð² Ð˜Ð½Ñ‚ÐµÑ€Ð½ÐµÑ‚Ðµ
FF - prefs.js: browser.startup.homepage - hxxp://google.ru/
FF - prefs.js: keyword.URL - hxxp://go.mail.ru/search?utf8in=1&fr=fftbUFix&q=
FF - ExtSQL: !HIDDEN! 2009-06-25 23:14; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
WebBrowser-{A057A204-BACC-4D26-8087-36EE87E26986} - (no file)
SafeBoot-WudfPf
SafeBoot-WudfRd
MSConfigStartUp-Lexmark Pro200-S500 Series Fax Server - c:\program files\Lexmark Pro200-S500 Series\fm3032.exe
MSConfigStartUp-Lexmark Pro700 Series Fax Server - c:\program files\Lexmark Pro700 Series\fm3032.exe
.
.
.
**************************************************************************
Scanne versteckte Prozesse... 
.
Scanne versteckte Autostarteinträge... 
.
Scanne versteckte Dateien... 
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'Explorer.exe'(5008)
c:\windows\system32\btmmhook.dll
c:\windows\system32\btncopy.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files\Avira\AntiVir Desktop\sched.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Microsoft\BingBar\7.1.391.0\BBSvc.exe
c:\program files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
c:\program files\Nuance\PaperPort\PDFProFiltSrvPP.exe
c:\windows\system32\stacsv.exe
c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
c:\program files\Sony\VAIO Event Service\VESMgr.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
c:\program files\Sony\Wireless Switch Setting Utility\Switcher.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\windows\system32\DRIVERS\xaudio.exe
c:\program files\Spybot - Search & Destroy\SDWinSec.exe
c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
c:\program files\Sony\VAIO Event Service\VESMgrSub.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
c:\windows\System32\WUDFHost.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\Sony\VAIO Power Management\SPMgr.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\system32\conime.exe
c:\program files\Sony\VAIO Update\VAIOUpdt.exe
c:\program files\Sony\VAIO Update\VUAgent.exe
c:\windows\RtHDVCpl.exe
c:\windows\System32\rundll32.exe
c:\program files\ControlCenter4\BrCtrlCntr.exe
c:\windows\ehome\ehmsas.exe
c:\users\Osteria\AppData\Local\Temp\Seal One\SealOne.exe
c:\program files\Common Files\Marmiko Shared\MWLaMaS.exe
c:\program files\Browny02\BrYNSvc.exe
c:\program files\Windows Media Player\wmplayer.exe
c:\program files\ControlCenter4\BrCcUxSys.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2013-06-27  21:09:26 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2013-06-27 19:09
.
Vor Suchlauf: 17 Verzeichnis(se), 95.568.633.856 Bytes frei
Nach Suchlauf: 22 Verzeichnis(se), 95.466.504.192 Bytes frei
.
- - End Of File - - D1715562EAE09228652BFDA11CA5ED2B
5C616939100B85E558DA92B899A0FC36

letzter Fixlog von Punkt 3 folgt...

EDIT:

OTL Fixlogs (2):

OTL.txt:

Code:

ATTFilter

OTL logfile created on: 27.06.2013 21:40:18 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Osteria\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,21 Gb Available Physical Memory | 60,68% Memory free
4,23 Gb Paging File | 3,24 Gb Available in Paging File | 76,66% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 177,40 Gb Total Space | 88,76 Gb Free Space | 50,03% Space Free | Partition Type: NTFS
Drive H: | 7,37 Gb Total Space | 7,36 Gb Free Space | 99,91% Space Free | Partition Type: FAT32
Drive I: | 1,48 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: OSTERIA-PC | User Name: Osteria | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.06.27 20:14:50 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Osteria\Desktop\OTL.exe
PRC - [2013.05.02 10:44:00 | 000,345,312 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2013.03.06 16:13:38 | 000,079,584 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2013.02.25 16:47:33 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2013.02.25 16:47:19 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.12.27 16:26:34 | 000,280,600 | ---- | M] (Seal One AG) -- C:\Users\Osteria\AppData\Local\Temp\Seal One\SealOne.exe
PRC - [2012.10.26 11:33:12 | 001,038,496 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe
PRC - [2012.10.26 10:44:42 | 000,957,056 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Update\VUAgent.exe
PRC - [2012.09.06 22:11:30 | 001,327,104 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files\ControlCenter4\BrCcUxSys.exe
PRC - [2012.09.06 22:06:14 | 000,393,216 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files\ControlCenter4\BrCtrlCntr.exe
PRC - [2012.07.27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.06.11 16:22:16 | 000,193,616 | ---- | M] (Microsoft Corporation.) -- C:\Program Files\Microsoft\BingBar\7.1.391.0\BBSvc.exe
PRC - [2012.06.06 16:31:56 | 003,076,096 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files\Browny02\Brother\BrStMonW.exe
PRC - [2012.06.05 16:56:28 | 000,266,240 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files\Browny02\BrYNSvc.exe
PRC - [2010.03.09 01:40:36 | 000,144,672 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe
PRC - [2010.03.05 21:11:30 | 000,636,192 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files\Nuance\PDF Viewer Plus\pdfPro5Hook.exe
PRC - [2009.10.30 15:33:46 | 000,486,216 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
PRC - [2009.10.30 15:31:24 | 001,021,256 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.01.26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008.07.20 18:45:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
PRC - [2008.07.20 18:45:06 | 000,182,808 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2007.09.13 15:45:38 | 000,102,400 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\stacsv.exe
PRC - [2007.08.28 16:27:12 | 000,131,072 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
PRC - [2007.08.28 16:27:10 | 000,192,512 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
PRC - [2007.07.26 17:55:16 | 000,483,393 | ---- | M] (Deutsche Telekom AG, Marmiko IT-Solutions GmbH) -- C:\Program Files\Common Files\Marmiko Shared\MWLaMaS.exe
PRC - [2007.07.25 18:50:32 | 000,671,796 | ---- | M] (Deutsche Telekom AG, Marmiko IT-Solutions GmbH) -- C:\Program Files\T-Online\WLAN-Access Finder\ToWLaAcF.exe
PRC - [2007.07.24 19:26:38 | 000,182,392 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
PRC - [2007.07.24 19:26:38 | 000,100,472 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe
PRC - [2007.07.03 10:31:46 | 000,739,880 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2007.06.28 08:52:48 | 000,274,432 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
PRC - [2007.06.26 02:39:42 | 004,489,216 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007.06.15 12:45:20 | 000,469,112 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
PRC - [2007.06.14 08:40:46 | 000,921,600 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
PRC - [2007.06.07 14:30:30 | 005,742,136 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\SonicStage Mastering Studio\Audio Filter\SSMSFilter.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2009.02.27 17:38:20 | 000,139,264 | R--- | M] () -- C:\Program Files\Brother\BrUtilities\BrLogAPI.dll
MOD - [2007.07.03 10:24:04 | 000,126,976 | ---- | M] () -- C:\Program Files\WIDCOMM\Bluetooth Software\btkeyind.dll
MOD - [2007.07.03 10:07:34 | 000,389,120 | ---- | M] () -- C:\Windows\System32\btwhidcs.dll
 
 
========== Services (SafeList) ==========
 
SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SBSDWSCService)
SRV - [2013.05.24 15:35:18 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.05.15 15:24:22 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.02.25 16:47:33 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2013.02.25 16:47:19 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2013.02.15 14:08:20 | 000,543,144 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013.02.05 17:48:00 | 000,235,216 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\3.0.318\McCHSvc.exe -- (McComponentHostService)
SRV - [2012.10.26 10:44:42 | 000,957,056 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Program Files\Sony\VAIO Update\VUAgent.exe -- (VUAgent)
SRV - [2012.07.27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.07.13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.06.11 16:22:16 | 000,240,208 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files\Microsoft\BingBar\7.1.391.0\SeaPort.exe -- (BBUpdate)
SRV - [2012.06.11 16:22:16 | 000,193,616 | ---- | M] (Microsoft Corporation.) [Auto | Running] -- C:\Program Files\Microsoft\BingBar\7.1.391.0\BBSvc.exe -- (BBSvc)
SRV - [2012.06.05 16:56:28 | 000,266,240 | ---- | M] (Brother Industries, Ltd.) [On_Demand | Running] -- C:\Program Files\Browny02\BrYNSvc.exe -- (BrYNSvc)
SRV - [2010.03.09 01:40:36 | 000,144,672 | ---- | M] (Nuance Communications, Inc.) [Auto | Running] -- C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe -- (PDFProFiltSrvPP)
SRV - [2009.12.07 23:42:36 | 000,435,016 | ---- | M] (TuneUp Software) [On_Demand | Stopped] -- C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe -- (TuneUp.Defrag)
SRV - [2009.10.30 15:31:24 | 001,021,256 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc)
SRV - [2009.10.30 15:27:34 | 000,030,024 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\System32\uxtuneup.dll -- (UxTuneUp)
SRV - [2009.09.08 19:09:14 | 000,083,312 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe -- (VcmXmlIfHelper)
SRV - [2008.07.20 18:45:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe -- (IAANTMON)
SRV - [2008.01.19 09:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2007.09.13 15:45:38 | 000,102,400 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\stacsv.exe -- (STacSV)
SRV - [2007.08.28 16:27:12 | 000,131,072 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe -- (VzFw)
SRV - [2007.08.28 16:27:10 | 000,192,512 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe -- (VzCdbSvc)
SRV - [2007.07.24 19:26:38 | 000,182,392 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe -- (VAIO Event Service)
SRV - [2007.07.05 19:12:52 | 000,292,152 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe -- (VcmIAlzMgr)
SRV - [2007.06.28 08:53:04 | 000,073,728 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe -- (VAIO Entertainment TV Device Arbitration Service)
SRV - [2007.06.28 08:52:48 | 000,274,432 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe -- (Vcsw)
SRV - [2007.06.20 15:35:06 | 002,523,136 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe -- (VAIOMediaPlatform-IntegratedServer-AppServer)
SRV - [2007.06.20 15:34:52 | 000,499,712 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe -- (VAIOMediaPlatform-Mobile-Gateway)
SRV - [2007.06.20 15:34:50 | 001,089,536 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe -- (VAIOMediaPlatform-UCLS-UPnP)
SRV - [2007.06.20 15:34:50 | 001,089,536 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe -- (VAIOMediaPlatform-IntegratedServer-UPnP)
SRV - [2007.06.20 15:34:50 | 000,397,312 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe -- (VAIOMediaPlatform-UCLS-HTTP)
SRV - [2007.06.20 15:34:50 | 000,397,312 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe -- (VAIOMediaPlatform-IntegratedServer-HTTP)
SRV - [2007.01.10 16:51:06 | 000,745,472 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\UCLS.exe -- (VAIOMediaPlatform-UCLS-AppServer)
SRV - [2006.12.14 02:21:20 | 000,045,056 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV)
SRV - [2006.12.14 02:02:08 | 000,069,632 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV)
SRV - [2006.12.14 01:46:16 | 000,057,344 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\tsmpkt.sys -- (TSMPacket)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Osteria\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - File not found [Kernel | On_Demand | Unknown] --  -- (aoz3k1lz)
DRV - [2013.03.06 16:13:37 | 000,037,352 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2013.02.27 13:22:36 | 000,135,136 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2013.02.27 13:22:36 | 000,084,744 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2012.08.27 15:50:24 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.12.08 21:19:22 | 000,113,664 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbnet.sys -- (ewusbnet)
DRV - [2009.12.07 20:53:18 | 000,103,168 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2009.10.14 08:24:44 | 000,010,064 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv)
DRV - [2009.10.12 16:22:56 | 000,101,120 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbdev.sys -- (hwusbdev)
DRV - [2008.11.22 21:26:06 | 000,716,272 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV - [2008.06.04 08:34:08 | 000,122,024 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018mdm.sys -- (s1018mdm)
DRV - [2008.06.04 08:34:08 | 000,115,368 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018mgmt.sys -- (s1018mgmt)
DRV - [2008.06.04 08:34:08 | 000,090,408 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018bus.sys -- (s1018bus)
DRV - [2008.06.04 08:34:08 | 000,025,768 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018nd5.sys -- (s1018nd5)
DRV - [2008.06.04 08:34:06 | 000,117,544 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018unic.sys -- (s1018unic)
DRV - [2008.06.04 08:34:06 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018mdfl.sys -- (s1018mdfl)
DRV - [2008.01.19 08:14:59 | 000,016,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV - [2007.09.13 15:46:06 | 000,330,240 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2007.08.01 02:18:30 | 007,115,072 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2007.07.13 08:14:36 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007.06.30 13:04:34 | 002,222,080 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32)
DRV - [2007.06.27 19:29:58 | 000,010,216 | ---- | M] (Sony Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\DMICall.sys -- (DMICall)
DRV - [2007.06.06 02:00:39 | 000,812,544 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ti21sony.sys -- (ti21sony)
DRV - [2007.04.20 02:00:55 | 000,073,472 | ---- | M] (Ricoh) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\R5U870FLx86.sys -- (R5U870FLx86)
DRV - [2007.04.20 02:00:55 | 000,043,904 | ---- | M] (Ricoh) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\R5U870FUx86.sys -- (R5U870FUx86)
DRV - [2007.02.13 19:06:36 | 000,128,104 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\WimFltr.sys -- (WimFltr)
DRV - [2006.11.06 10:29:32 | 000,027,520 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SonyNC.sys -- (SNC)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = Reg Error: Value error.
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://home.sweetim.com
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{14676E70-1FBF-474F-9D1D-F9C033049E91}: "URL" = hxxp://www.amazon.de/gp/search?ie=UTF8&keywords={searchTerms}&tag=interactivemesuche-21&index=blended&linkCode=ur2&camp=1638&creative=6742
IE - HKLM\..\SearchScopes\{229098C5-56E2-4EED-914C-85018578CD62}: "URL" = hxxp://suche.t-online.de/fast-cgi/tsc?mandant=toi&device=html&portallanguage=de&userlanguage=de&dia=suche&context=internet-tab&tpc=internet&ptl=std&classification=internet-tab_internet_std&q={searchTerms}&br=ie7-toi
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2431245
IE - HKLM\..\SearchScopes\{CF739809-1C6C-47C0-85B9-569DBB141420}: "URL" = hxxp://toolbar.ask.com/toolbarv/askRedirect?o=10591&gct=&gc=1&q={searchTerms}&crm=1
IE - HKLM\..\SearchScopes\{D89F17A0-B037-4C66-B786-88AB6E65935E}: "URL" = hxxp://adfarm.mediaplex.com/ad/ck/707-1403-18840-0?mpro=hxxp://search.ebay.de/search/search.dll?shortcut=4&query={searchTerms}
IE - HKLM\..\SearchScopes\{E88E0043-C9D4-4e33-8555-FEE4F5B63060}: "URL" = hxxp://go.mail.ru/search?q={searchTerms}&utf8in=1&lang=ru
IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}
IE - HKLM\..\SearchScopes\{FC89D558-A166-406E-82DA-ADF0DC064F0E}: "URL" = hxxp://suche.t-online.de/fast-cgi/tsc?mandant=toi&device=html&portallanguage=de&userlanguage=de&dia=suche&context=wiki-tab&tpc=internet&ptl=std&classification=wiki-tab_internet_std&q={searchTerms}&br=ie7-toi
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-723902195-3043266244-887298501-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.google.de/ [binary data]
IE - HKU\S-1-5-21-723902195-3043266244-887298501-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-723902195-3043266244-887298501-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\S-1-5-21-723902195-3043266244-887298501-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-723902195-3043266244-887298501-1000\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-723902195-3043266244-887298501-1000\..\SearchScopes\{3E9F47F1-B56F-463C-A805-B77F1129C950}: "URL" = hxxp://go.web.de/suchbox/ie_amazon/?keywords={searchTerms}
IE - HKU\S-1-5-21-723902195-3043266244-887298501-1000\..\SearchScopes\{3EB9D85D-B2CB-4D57-B5E4-2555FB1CCE91}: "URL" = hxxp://wa.ui-portal.de/webde/webde/s?produkte.browser.link.ebaysuche&s_brand=webde&t_link=ebaysuche&ns_type=clickin&ns_url=hxxp://rover.ebay.com/rover/1/707-52222-30040-5/4?mpre=hxxp://shop.ebay.de/?_sacat=See-All-Categories&_nkw={searchTerms}
IE - HKU\S-1-5-21-723902195-3043266244-887298501-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGIE_de
IE - HKU\S-1-5-21-723902195-3043266244-887298501-1000\..\SearchScopes\{7FEF4122-3BEE-4E15-9A80-49B32AC89399}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IEFM1&src=IE-SearchBox
IE - HKU\S-1-5-21-723902195-3043266244-887298501-1000\..\SearchScopes\{8B9A1316-BC57-4547-BFFE-C9B988A95EB8}: "URL" = hxxp://suche.web.de/search/web/?su={searchTerms}&origin=searchplugin
IE - HKU\S-1-5-21-723902195-3043266244-887298501-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-723902195-3043266244-887298501-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "homepage.am"
FF - prefs.js..browser.search.defaultthis.engineName: "softonic-de3 Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://homepage.am/?q="
FF - prefs.js..browser.search.order.1: "Ask"
FF - prefs.js..browser.search.selectedEngine: "mail.ru: ÐŸÐ¾Ð¸ÑÐº Ð² Ð˜Ð½Ñ‚ÐµÑ€Ð½ÐµÑ‚Ðµ"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://google.ru/"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0
FF - prefs.js..extensions.enabledItems: {37964A3C-4EE8-47b1-8321-34DE2C39BA4D}:2.2.0.34
FF - prefs.js..extensions.enabledItems: maps@ovi.com:4.0.12.11
FF - prefs.js..extensions.enabledItems: {79AB5E93-0AE2-4759-891A-3F1B322F9F9A}:1.0.0.0
FF - prefs.js..extensions.enabledItems: {76aeea42-e04a-4b62-83ab-df4b2be2541e}:2.7.1.3
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.5
FF - prefs.js..extensions.enabledItems: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065}:2.7.1.3
FF - prefs.js..extensions.enabledItems: {EEE6C361-6118-11DC-9C72-001320C79847}:1.0.0.10
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..keyword.URL: "hxxp://go.mail.ru/search?utf8in=1&fr=fftbUFix&q="
FF - prefs.js..network.proxy.no_proxies_on: "localhost,127.0.0.1"
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: "SweetIM Search"
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaulturl: "hxxp://search.sweetim.com/search.asp?src=2&q="
FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: "SweetIM Search"
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.ru/webhp?sourceid=navclient-ff"
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "hxxp://go.mail.ru/search?utf8in=1&fr=fftbUFix&q="
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.669: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.669: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.669: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.669: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.669: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.0.5.0: C:\Program Files\Kartina.TV\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Osteria\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{79AB5E93-0AE2-4759-891A-3F1B322F9F9A}: C:\Program Files\Kartina.TV\VLC\npvlc.dll [2010.02.17 17:00:04 | 000,235,184 | ---- | M] (the VideoLAN Team)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2013.06.27 20:02:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.05.24 15:35:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.05.24 15:35:11 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.05.24 15:35:19 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.05.24 15:35:11 | 000,000,000 | ---D | M]
 
[2008.08.29 10:23:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Osteria\AppData\Roaming\mozilla\Extensions
[2013.04.04 22:20:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Osteria\AppData\Roaming\mozilla\Firefox\Profiles\b9sabiz4.default\extensions
[2010.05.25 15:44:33 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Osteria\AppData\Roaming\mozilla\Firefox\Profiles\b9sabiz4.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.07.02 16:30:51 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\Osteria\AppData\Roaming\mozilla\Firefox\Profiles\b9sabiz4.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2013.04.04 22:20:11 | 000,000,000 | ---D | M] (Ð¡Ð¿ÑƒÑ‚Ð½Ð¸Ðº @Mail.Ru) -- C:\Users\Osteria\AppData\Roaming\mozilla\Firefox\Profiles\b9sabiz4.default\extensions\{37964A3C-4EE8-47b1-8321-34DE2C39BA4D}
[2013.02.11 21:13:56 | 000,000,000 | ---D | M] (MessengerPlusLive Germany TB Community Toolbar) -- C:\Users\Osteria\AppData\Roaming\mozilla\Firefox\Profiles\b9sabiz4.default\extensions\{76aeea42-e04a-4b62-83ab-df4b2be2541e}
[2010.05.25 15:40:31 | 000,000,000 | ---D | M] (VLC Mozilla plugin) -- C:\Users\Osteria\AppData\Roaming\mozilla\Firefox\Profiles\b9sabiz4.default\extensions\{79AB5E93-0AE2-4759-891A-3F1B322F9F9A}
[2013.02.11 21:14:00 | 000,000,000 | ---D | M] (ST-de3 Community Toolbar) -- C:\Users\Osteria\AppData\Roaming\mozilla\Firefox\Profiles\b9sabiz4.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}
[2011.05.07 17:28:20 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Osteria\AppData\Roaming\mozilla\Firefox\Profiles\b9sabiz4.default\extensions\engine@conduit.com
[2010.03.19 18:55:01 | 000,000,000 | ---D | M] (Ovi maps browser plugin) -- C:\Users\Osteria\AppData\Roaming\mozilla\Firefox\Profiles\b9sabiz4.default\extensions\maps@ovi.com
[2012.03.01 21:11:49 | 000,000,000 | ---D | M] ("Ð‘Ð°Ñ€ Ð·Ð½Ð°ÐºÐ¾Ð¼ÑÑ‚Ð²") -- C:\Users\Osteria\AppData\Roaming\mozilla\Firefox\Profiles\b9sabiz4.default\extensions\toolbar@mamba.ru
[2013.01.07 10:58:21 | 000,190,000 | ---- | M] () (No name found) -- C:\Users\Osteria\AppData\Roaming\mozilla\firefox\profiles\b9sabiz4.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi
[2008.11.17 19:54:05 | 000,000,681 | ---- | M] () -- C:\Users\Osteria\AppData\Roaming\mozilla\firefox\profiles\b9sabiz4.default\searchplugins\ask.xml
[2010.06.08 11:29:10 | 000,000,927 | ---- | M] () -- C:\Users\Osteria\AppData\Roaming\mozilla\firefox\profiles\b9sabiz4.default\searchplugins\conduit.xml
[2009.03.21 00:38:26 | 000,001,632 | ---- | M] () -- C:\Users\Osteria\AppData\Roaming\mozilla\firefox\profiles\b9sabiz4.default\searchplugins\live-search.xml
[2011.11.09 10:54:58 | 000,001,533 | ---- | M] () -- C:\Users\Osteria\AppData\Roaming\mozilla\firefox\profiles\b9sabiz4.default\searchplugins\mailru---.xml
[2010.04.17 00:15:28 | 000,001,455 | ---- | M] () -- C:\Users\Osteria\AppData\Roaming\mozilla\firefox\profiles\b9sabiz4.default\searchplugins\mailru.xml
[2010.10.13 09:39:41 | 000,003,915 | ---- | M] () -- C:\Users\Osteria\AppData\Roaming\mozilla\firefox\profiles\b9sabiz4.default\searchplugins\sweetim.xml
[2013.05.24 15:35:19 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions
[2013.05.24 15:35:08 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\mozilla firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2013.05.24 15:35:19 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\browser\extensions
[2013.05.24 15:35:19 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2012.03.15 23:53:54 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010.12.03 20:05:02 | 000,001,945 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\torgmailru.xml
 
O1 HOSTS File: ([2013.06.27 20:39:50 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (PlusIEEventHelper Class) - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll (Zeon Corporation)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.)
O3 - HKU\S-1-5-21-723902195-3043266244-887298501-1000\..\Toolbar\ShellBrowser: (no name) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - No CLSID value found.
O3 - HKU\S-1-5-21-723902195-3043266244-887298501-1000\..\Toolbar\WebBrowser: (no name) - {09900DE8-1DCA-443F-9243-26FF581438AF} - No CLSID value found.
O3 - HKU\S-1-5-21-723902195-3043266244-887298501-1000\..\Toolbar\WebBrowser: (no name) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - No CLSID value found.
O3 - HKU\S-1-5-21-723902195-3043266244-887298501-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-21-723902195-3043266244-887298501-1000\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-723902195-3043266244-887298501-1000\..\Toolbar\WebBrowser: (no name) - {25F97EB4-1C02-45BA-BA0C-E67AACE64D4A} - No CLSID value found.
O3 - HKU\S-1-5-21-723902195-3043266244-887298501-1000\..\Toolbar\WebBrowser: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No CLSID value found.
O3 - HKU\S-1-5-21-723902195-3043266244-887298501-1000\..\Toolbar\WebBrowser: (no name) - {C424171E-592A-415A-9EB1-DFD6D95D3530} - No CLSID value found.
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [BrStsMon00] C:\Program Files\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [ControlCenter4] C:\Program Files\ControlCenter4\BrCcBoot.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [IndexSearch] C:\Program Files\Nuance\PaperPort\IndexSearch.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [PDF5 Registry Controller] C:\Program Files\Nuance\PDF Viewer Plus\RegistryController.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PDFHook] C:\Program Files\Nuance\PDF Viewer Plus\pdfpro5hook.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKU\S-1-5-21-723902195-3043266244-887298501-1000..\Run: [SealOne] C:\Users\Osteria\AppData\Roaming\Seal One\SealOne.exe (Seal One AG)
O4 - HKU\S-1-5-21-723902195-3043266244-887298501-1000..\Run: [T-Online_Software_6\WLAN-Access Finder] C:\Program Files\T-Online\WLAN-Access Finder\ToWLaAcF.exe (Deutsche Telekom AG, Marmiko IT-Solutions GmbH)
O4 - Startup: C:\Users\Osteria\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Audio Filter.lnk = C:\Program Files\Sony\SonicStage Mastering Studio\Audio Filter\SSMSFilter.exe (Sony Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoMSAppLogo5ChannelNotify = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoBandCustomize = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-723902195-3043266244-887298501-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-723902195-3043266244-887298501-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-723902195-3043266244-887298501-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe File not found
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} hxxp://messenger.zone.msn.com/DE-DE/a-UNO1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1211222955877 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} hxxp://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/PhtPkMSN.cab (PhotoPickConvert Class)
O16 - DPF: {A1F2F2CE-06AF-483C-9F12-D3BAA72477D6} hxxp://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/DigWXMSN.cab (BatchDownloader Class)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6205A2CE-2A8E-4058-9D82-E4B274EB6CAB}: DhcpNameServer = 193.189.244.225 193.189.244.206
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8A75E139-7BFF-4853-963B-48705599B5AF}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\VESWinlogon: DllName - (VESWinlogon.dll) - C:\Windows\System32\VESWinlogon.dll (Sony Corporation)
O24 - Desktop WallPaper: C:\Users\Osteria\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Osteria\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - Unable to obtain root file information for disk H:\
O32 - AutoRun File - [2011.05.16 11:14:31 | 000,000,139 | RH-- | M] () - I:\autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - 
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - 
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4A567E9E-64B9-4BD8-9001-7D82B9160734} - Bing Bar
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CACE1E62-59B0-4F7F-87D4-DD335EBBC8F5} - T-Online Toolbar 2.0
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Macromedia Shockwave Flash
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{D7CC206D-8C02-4EEA-853B-67B261C977D2} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
 
MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk - C:\PROGRA~1\MCAFEE~1\309042~1.318\SSSCHE~1.EXE - (McAfee, Inc.)
MsConfig - StartUpReg: AlcoholAutomount - hkey= - key= - C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe ()
MsConfig - StartUpReg: AppMon Utility - hkey= - key= - C:\Program Files\Sony\AppMonUtil\AppMonUtility.exe (Sony Corporation)
MsConfig - StartUpReg: Facebook Update - hkey= - key= - C:\Users\Osteria\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
MsConfig - StartUpReg: NvMediaCenter - hkey= - key= -  File not found
MsConfig - StartUpReg: PaperPort PTD - hkey= - key= - C:\Program Files\Nuance\PaperPort\pptd40nt.exe (Nuance Communications, Inc.)
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
MsConfig - StartUpReg: Sidebar - hkey= - key= - C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
MsConfig - StartUpReg: Steam - hkey= - key= - C:\Program Files\Steam\Steam.exe (Valve Corporation)
MsConfig - StartUpReg: SweetIM - hkey= - key= - C:\Program Files\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.06.27 21:09:32 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013.06.27 21:01:54 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013.06.27 20:19:16 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013.06.27 20:19:16 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013.06.27 20:19:16 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013.06.27 20:18:52 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.06.27 20:17:39 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013.06.27 20:15:26 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Osteria\Desktop\OTL.exe
[2013.06.27 16:44:43 | 000,000,000 | ---D | C] -- C:\FRST
[2013.06.25 12:31:02 | 000,000,000 | ---D | C] -- C:\e4c96dea219e64f8c868cace7c
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.06.27 21:46:04 | 000,001,146 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-723902195-3043266244-887298501-1000UA.job
[2013.06.27 21:33:19 | 000,100,595 | ---- | M] () -- C:\Users\Osteria\AppData\Roaming\nvModes.001
[2013.06.27 21:31:48 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.06.27 21:31:26 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013.06.27 21:31:26 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013.06.27 21:31:17 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.06.27 21:31:09 | 2145,837,056 | -HS- | M] () -- C:\hiberfil.sys
[2013.06.27 21:14:29 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2013.06.27 21:13:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.06.27 20:39:50 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2013.06.27 20:24:16 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.06.27 20:16:14 | 005,460,966 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.06.27 20:16:14 | 002,092,238 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.06.27 20:16:14 | 001,716,076 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.06.27 20:16:14 | 001,540,792 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.06.27 20:14:50 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Osteria\Desktop\OTL.exe
[2013.06.21 21:39:29 | 000,057,109 | ---- | M] () -- C:\Users\Osteria\bolshe-0038.jpg
[2013.06.21 21:16:58 | 000,051,645 | ---- | M] () -- C:\Users\Osteria\awesome_photo_31.jpg
[2013.06.11 12:46:00 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-723902195-3043266244-887298501-1000Core.job
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.06.27 20:19:16 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013.06.27 20:19:16 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013.06.27 20:19:16 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013.06.27 20:19:16 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013.06.27 20:19:16 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013.06.27 15:20:03 | 2145,837,056 | -HS- | C] () -- C:\hiberfil.sys
[2013.06.21 21:39:28 | 000,057,109 | ---- | C] () -- C:\Users\Osteria\bolshe-0038.jpg
[2013.06.21 21:16:55 | 000,051,645 | ---- | C] () -- C:\Users\Osteria\awesome_photo_31.jpg
[2013.04.05 22:35:49 | 000,031,387 | ---- | C] () -- C:\Users\Osteria\smeshnie_kartinki_1359098085250120131911.jpg
[2013.04.05 22:28:27 | 000,022,389 | ---- | C] () -- C:\Users\Osteria\getImage_photoId_485251026329_photoType_0.jpg
[2013.03.01 23:24:44 | 000,000,000 | ---- | C] () -- C:\Windows\BRPARAM.INI
[2013.03.01 21:04:47 | 000,045,056 | ---- | C] () -- C:\Windows\System32\BRTCPCON.DLL
[2013.03.01 21:04:43 | 000,000,114 | ---- | C] () -- C:\Windows\System32\BRLMW03A.INI
[2013.03.01 19:44:33 | 000,000,064 | ---- | C] () -- C:\Windows\brpcfx.ini
[2013.03.01 19:44:32 | 000,000,248 | ---- | C] () -- C:\Windows\Brpfx04a.ini
[2013.03.01 19:41:54 | 000,000,066 | ---- | C] () -- C:\Windows\Brfaxrx.ini
[2013.03.01 19:41:53 | 000,000,000 | ---- | C] () -- C:\Windows\brdfxspd.dat
[2012.08.06 17:40:09 | 000,016,384 | ---- | C] () -- C:\Windows\System32\FileOps.exe
[2012.08.04 19:10:34 | 000,000,752 | ---- | C] () -- C:\Users\Osteria\AppData\Local\recently-used.xbel
[2012.02.05 22:26:50 | 000,059,710 | ---- | C] () -- C:\Users\Osteria\22092010126.jpg
[2011.10.13 10:30:23 | 000,000,127 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2011.07.23 14:06:57 | 000,000,000 | ---- | C] () -- C:\Users\Osteria\AppData\Local\{F801315B-3A8A-4B33-9579-619C263FBCAC}
[2010.01.09 19:15:26 | 000,028,688 | ---- | C] () -- C:\ProgramData\sixth wma defy.xep15
[2010.01.09 19:15:21 | 000,344,080 | ---- | C] () -- C:\ProgramData\Data Date Date.2gtdk4
[2010.01.09 19:15:21 | 000,028,688 | ---- | C] () -- C:\ProgramData\Data Date Date.bt9qlaw
[2009.11.17 01:23:08 | 000,188,432 | ---- | C] () -- C:\ProgramData\Web Fork Okay.bdr6v
[2009.11.17 01:22:52 | 000,024,592 | ---- | C] () -- C:\ProgramData\Data Date Date.h9m6k
[2009.10.15 22:36:51 | 000,000,092 | ---- | C] () -- C:\Users\Osteria\AppData\Local\xiscnxar.bat
[2009.09.09 18:56:44 | 000,000,093 | ---- | C] () -- C:\Users\Osteria\AppData\Local\jmxddilo.bat
[2009.01.22 17:03:33 | 000,003,435 | ---- | C] () -- C:\Users\Osteria\AppData\Local\eigouse.dat
[2009.01.04 23:24:17 | 000,000,000 | ---- | C] () -- C:\Users\Osteria\AppData\Roaming\wklnhst.dat
[2008.11.18 14:47:31 | 000,000,092 | ---- | C] () -- C:\Users\Osteria\AppData\Local\msafciou.bat
[2008.09.27 17:34:02 | 000,000,898 | ---- | C] () -- C:\Users\Osteria\Gran Canarien2008.lnk
[2008.01.05 03:46:53 | 000,025,773 | ---- | C] () -- C:\Users\Osteria\AppData\Roaming\UserTile.png
[2008.01.03 19:06:38 | 000,000,032 | ---- | C] () -- C:\ProgramData\ezsid.dat
[2007.12.21 07:33:22 | 000,000,305 | ---- | C] () -- C:\ProgramData\addr_file.html
[2007.12.18 23:00:44 | 000,065,024 | ---- | C] () -- C:\Users\Osteria\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007.12.18 23:00:44 | 000,007,592 | ---- | C] () -- C:\Users\Osteria\AppData\Local\d3d9caps.dat
[2007.12.18 23:00:31 | 000,100,595 | ---- | C] () -- C:\Users\Osteria\AppData\Roaming\nvModes.dat
[2007.12.18 23:00:31 | 000,100,595 | ---- | C] () -- C:\Users\Osteria\AppData\Roaming\nvModes.001
 
========== ZeroAccess Check ==========
 
[2006.11.02 14:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 19:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 08:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 08:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== Files - Unicode (All) ==========
[2012.01.15 22:37:45 | 000,068,185 | ---- | M] ()(C:\Users\Osteria\????0022.jpg) -- C:\Users\Osteria\Фото0022.jpg
[2012.01.15 22:37:44 | 000,068,185 | ---- | C] ()(C:\Users\Osteria\????0022.jpg) -- C:\Users\Osteria\Фото0022.jpg
[2009.06.16 00:32:31 | 000,000,000 | ---D | M](C:\Users\Osteria\Documents\?????????? ?????) -- C:\Users\Osteria\Documents\Полученные файлы
[2009.06.16 00:32:31 | 000,000,000 | ---D | C](C:\Users\Osteria\Documents\?????????? ?????) -- C:\Users\Osteria\Documents\Полученные файлы

< End of report >

Extras.txt:

Code:

ATTFilter

OTL Extras logfile created on: 27.06.2013 21:40:18 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Osteria\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,21 Gb Available Physical Memory | 60,68% Memory free
4,23 Gb Paging File | 3,24 Gb Available in Paging File | 76,66% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 177,40 Gb Total Space | 88,76 Gb Free Space | 50,03% Space Free | Partition Type: NTFS
Drive H: | 7,37 Gb Total Space | 7,36 Gb Free Space | 99,91% Space Free | Partition Type: FAT32
Drive I: | 1,48 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: OSTERIA-PC | User Name: Osteria | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L"
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0DE273E9-B2CB-412D-82E7-F83AEC641AAE}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{283C8ACB-7D52-4F39-B593-913CB60DEC0B}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{2A0AB20F-276C-4F33-BDB7-1EACE36FFB8A}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{2EA58A98-3175-4529-AB51-5E1D86B3FF76}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{3FF7ADCB-7D08-4876-8AD9-945C8501F5F0}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{4AE4733B-978E-4EE2-BABC-C7A2F36BA2F7}" = rport=10244 | protocol=6 | dir=out | app=system | 
"{4BFFDFEF-E057-41BC-981B-AA5CAFB85FA7}" = lport=3390 | protocol=6 | dir=in | app=system | 
"{5A6F1207-CDCC-48A1-8DF3-B420C934FB2B}" = lport=10244 | protocol=6 | dir=in | app=system | 
"{63E8812A-FC7C-460B-B122-A099E5340C4F}" = lport=3390 | protocol=6 | dir=in | app=system | 
"{65339D8C-4711-4DF3-83D2-F9BBC3FCE5C7}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{66A606AC-8DF7-4383-B1B3-9F76EFCC91FA}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe | 
"{68BC54E4-16FD-4350-A7A1-5BB39B81F65D}" = rport=10244 | protocol=6 | dir=out | app=system | 
"{6B220E00-1588-4A50-9032-3966B83936E1}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{70D0FCB6-D165-460D-970B-4C431683AE5C}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{78245475-C3B8-4A2A-ADBE-1C870DA9E647}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{8EEEB8F8-E41E-4837-B4AA-0B249E978492}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{8F5DA208-C864-4267-BCD5-BDBE51D7F17F}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{91EBC06B-8895-44CF-ABB3-634CEEB70313}" = lport=54925 | protocol=17 | dir=in | name=brothernetwork scanner | 
"{9DFD11FD-488E-4E9F-9516-5B972E49C398}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe | 
"{A399F4F0-763F-4916-834C-F516F0C2C53B}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{A72AFEF6-332F-494A-9453-68EBB228053A}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{AA07C166-CC1B-45FF-835A-222D791C2DA7}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{AE22CD2F-4694-47E5-BE56-D081E5B14D90}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{B417C030-5167-4FB3-B1C2-D9FDFF61C001}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{C820E783-BB5E-475A-9857-D1E123205BED}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe | 
"{CA9E86B8-D59B-4391-8414-C0DDB2B75FC0}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{CDA6E1E4-39FD-445B-B0B4-2366BD903356}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{D61C991D-0543-4E80-82B3-6F10FB04A04A}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{D6421730-4020-464B-BBB7-B2A0B095D423}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{E0FFC809-8B1D-4D81-AE12-92E3D389A788}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{E2938912-777D-463A-9A2C-36CE2DD0C476}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{ED615D6B-4914-431C-A3B8-596533AEB3F5}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{F7174C0B-AD35-4C01-AD86-995C819ECE92}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe | 
"{FF9156A6-C13B-43CB-8B58-6BAA3DDD7CF1}" = lport=10244 | protocol=6 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00D458A0-C290-4BED-9611-3396E7A3887C}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{0D6D65CC-5774-4B54-821A-28FDFA7352D3}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{0DC4DC6A-BD18-4CBC-B9BA-B0CEB8FB077A}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{1012F961-AB27-4C5C-8EC0-7B591C2F0666}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\empire total war demo\empire.exe | 
"{1086C55F-05DB-46DB-90B3-3C5B2BA86B0F}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe | 
"{112158AF-9DBD-46E0-AC16-ACB7F1680744}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{19255894-DD5F-4878-8A9B-DFB222C87EF9}" = protocol=17 | dir=in | app=c:\program files\lexmark pro200-s500 series\lxebfax.exe | 
"{1ED8FB30-A5D7-43DF-8C16-D049ED805353}" = protocol=17 | dir=in | app=c:\program files\brother\brmfl10g\faxrx.exe | 
"{22B1A053-F00B-4555-BEAE-6726F74BDC56}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe | 
"{2986EAE6-C53E-423E-90D2-766BFBAE7046}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | 
"{299D2D9A-215E-4ED9-9A71-69CC6786220F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{2A5C397B-72BD-4209-9236-88BAEDAB5478}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{3460BF26-9CDC-4EDD-8700-FF95554F2A5E}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{3A348111-AC40-43E6-87CE-6462951BEB62}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe | 
"{3D65F362-1A3C-4F6D-B3CB-E88A507AAAF2}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe | 
"{4D7CAB54-8F63-4C7F-9990-41A5C5DD54E1}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{4DAFF504-641C-4975-871A-772E8D3DE6E1}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{4DEF3CCE-A098-4E5F-BCA6-EA4F0506C99D}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe | 
"{5363D3B1-544D-4478-A93E-79C6FB483C01}" = dir=in | app=c:\windows\system32\lxebcoms.exe | 
"{53666F33-28E0-4099-AED5-DE283281BBAD}" = protocol=17 | dir=in | app=c:\program files\abbyy finereader 6.0 sprint\scan\scanman6.exe | 
"{60760AAB-BBB9-4C2E-87CA-D70431FDC127}" = protocol=6 | dir=in | app=c:\program files\abbyy finereader 6.0 sprint\scan\scanman6.exe | 
"{62FCB93B-5E60-43C9-BF6C-6C123EEB7BEF}" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe | 
"{6500980D-3216-4178-873C-ECCC712E89D8}" = protocol=17 | dir=in | app=c:\program files\sony ericsson\sony ericsson media manager\mediamanager.exe | 
"{66B41546-01EF-48A7-B7BC-3A07C4243A3D}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe | 
"{67FB968C-A14A-4854-8D85-2451AD48D43B}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe | 
"{6D10B504-B956-427C-8BA3-6A4F23F6074D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{7307B54A-963C-4F88-A7E2-7E37C3FA5464}" = protocol=17 | dir=in | app=c:\program files\lexmark pro700 series\lxeefax.exe | 
"{74CD7487-D843-4D91-895F-D2026EEBAE3F}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{7958A1AB-2E4F-4C94-8BBF-38D35EBB1147}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe | 
"{7AA4841A-66AE-4383-8ABF-97712899FC2D}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe | 
"{7D408FEA-5322-44F6-820C-7DABAC3CF43E}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe | 
"{877723F4-CEF1-4865-9CA2-127D7958DA3F}" = protocol=6 | dir=in | app=c:\program files\brother\brmfl10g\faxrx.exe | 
"{9154AEFB-479D-447B-9331-EAE48FB50A57}" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe | 
"{93AD5143-0A54-45DB-9092-D1057A3865B0}" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe | 
"{9D24778F-3CEC-4ED5-B160-067773E1C04E}" = dir=in | app=c:\users\osteria\appdata\local\facebook\video\skype\facebookvideocalling.exe | 
"{9E83A95B-5122-439E-BEBF-F608A54C43B6}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe | 
"{A2D549EC-5BC3-49F2-B484-FD9FE45B5EA3}" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe | 
"{AC8392B5-8C7C-4F8B-B159-BD4B86F5C9E1}" = protocol=6 | dir=in | app=c:\program files\lexmark pro700 series\lxeefax.exe | 
"{C06DAF55-BB16-4174-B514-5817F5927AC2}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{CE35A1C5-172E-4728-A174-1F099A6C40DC}" = dir=in | app=c:\windows\system32\lxebcoms.exe | 
"{D2238ED8-5C86-4525-A9DC-2A00A44211D1}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\empire total war demo\empire.exe | 
"{D556AF65-177F-43DF-BCA5-63AACB7B195D}" = protocol=6 | dir=in | app=c:\program files\sony ericsson\sony ericsson media manager\mediamanager.exe | 
"{DEA45F1B-B053-44B8-8248-440A330E5BA1}" = protocol=6 | dir=in | app=c:\program files\lexmark pro200-s500 series\lxebfax.exe | 
"{E2337BA7-581C-44AD-8BB7-770A0B42DB3B}" = protocol=6 | dir=out | app=system | 
"{E264E545-0CB4-489F-A261-ECC04FD18E85}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{ED98360D-822A-46F1-B855-11C1F462AFF9}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{F8F7B21A-3EDE-4673-B466-9883DD11DA67}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{FE2A1740-C805-4910-BC8F-171D86121327}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe | 
"TCP Query User{0A35A0F2-55E8-4527-9638-085B80411FBA}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"TCP Query User{273A99C8-3B9C-4B4E-94CA-AFACB0E8CCB6}C:\program files\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files\real\realplayer\realplay.exe | 
"TCP Query User{2F584AE3-28A4-4592-ACC7-5A2D8F5CD3FD}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"TCP Query User{3EA356BF-A9D1-4AA5-9233-255C078E4B53}C:\windows\system32\taskeng.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskeng.exe | 
"TCP Query User{CF0BC741-6973-45E0-8BF5-040790FF4B57}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | 
"TCP Query User{EB165B71-4653-4612-89B1-3E1EE00464B2}C:\program files\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files\real\realplayer\realplay.exe | 
"TCP Query User{F3E33FF7-2217-4E38-9DDE-962E28010D03}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe | 
"TCP Query User{F6530E7F-6BD9-4F1F-B3F3-755B03C94E17}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"UDP Query User{087DE222-B484-4AA4-A613-8623D3820A09}C:\program files\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files\real\realplayer\realplay.exe | 
"UDP Query User{1BA1DE04-24A7-42C9-8EB8-6A4869CD421F}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe | 
"UDP Query User{2DBB666F-8FC0-4633-9AF5-4D91D0041BCA}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"UDP Query User{875F791A-4B87-4BDD-B922-FE2476C53BE0}C:\program files\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files\real\realplayer\realplay.exe | 
"UDP Query User{9392FEA1-2730-414C-BC89-020F823ED9FB}C:\windows\system32\taskeng.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskeng.exe | 
"UDP Query User{D65E8D0F-33D8-4F2D-9442-7D6A3CB50D0A}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"UDP Query User{E35E5AC7-0B8F-4F3E-B698-7758323A85F0}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"UDP Query User{E47E50F8-AE2C-4B9F-AF72-EC1AB03205B9}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{009E7FB7-1775-4D89-8956-F5C9A1C019FC}" = DSD Playback Plug-in
"{01FDC9FC-4D4F-4DB0-ACD1-D3E8E1D52902}" = Sony Video Shared Library
"{0312BD0D-A1FE-4E1A-9208-D436F566D867}" = VAIO Azure Float Wallpaper
"{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = WIDCOMM Bluetooth Software 6.1.0.1205
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{068724F8-D8BE-4B43-8DDD-B9FE9E49FD76}" = Scansoft PDF Professional
"{07D8511D-C9FE-4A93-933F-EAA5C8F20095}" = IDT Audio
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID-Anmelde-Assistent
"{08ED8855-4C2E-429B-A878-F129E1F624FA}" = SweetIM for Messenger 3.2
"{09A84598-E18A-4E7B-A49A-E19BB8D5C648}" = AppMon Utility
"{10812DE7-2E57-4740-B226-6B3BE34AF9D7}" = Lexmark Tools for Office
"{12D0BE8D-538C-4AB1-86DE-C540308F50DA}" = VAIO Content Metadata Manager Settings
"{15D5C238-4C2E-4AEA-A66D-D6989A4C586B}" = VAIO Launcher
"{17795164-3BC1-4D4F-8ADA-65C895EBFC9A}" = Brother MFL-Pro Suite MFC-J6510DW
"{18510937-0146-417B-95D8-14706649C384}" = VAIO Content Metadata Manager Settings
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1AE46C09-2AB8-4EE5-88FB-08CD0FF7F2DF}" = Bing Bar
"{1BEF9285-5530-426B-A5F1-5836B95C7EB1}" = VAIO Original Screen Saver
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{2063C2E8-3812-4BBD-9998-6610F80C1DD4}" = VAIO Media AC3 Decoder 1.0
"{206FD69B-F9FE-4164-81BD-D52552BC9C23}" = GearDrvs
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{23825B69-36DF-4DAD-9CFD-118D11D80F16}" = VAIO Content Folder Setting
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 22
"{28656860-4728-433C-8AD4-D1A930437BC8}" = Nuance PDF Viewer Plus
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{291FB4BF-EEC7-4CF9-8469-F39ED1DBC4D8}" = VAIO Content Metadata XML Interface Library
"{295C31E5-3F91-498E-9623-DA24D2FA2B6A}" = T-Online WLAN-Access Finder
"{2A0F3EF9-68EE-49E9-A05B-ED5B82DF63E5}" = Wireless Switch Setting Utility
"{2A2FF7F5-6F0E-4A5D-A881-39365E718BD6}" = VAIO Cozy Orange Wallpaper
"{2CCBABCB-6427-4A55-B091-49864623C43F}" = Google Toolbar for Firefox
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{468D22C0-8080-11E2-B86E-B8AC6F98CCE3}" = Google Earth
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{4937160D-9A3B-429C-A82E-645116A4EB17}" = VLC TV Player
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CDE3168-D060-4b7c-BC74-4D8F9BB01AFD}" = Python 3.2.2
"{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works
"{4EA55D20-27FB-45D7-8726-147E8A5F6C62}" = VAIO MusicBox
"{500162A0-4DD5-460A-BAFD-895AAE48C532}" = VAIO Media Content Collection 6.0
"{533D0A8A-D7E7-4F15-BC9E-FF2916A6BAA7}" = DSD Direct Player
"{560F6B2E-F0DF-44E5-8190-A4A161F0E205}" = VAIO Media 6.0
"{57B955CE-B5D3-495D-AF1B-FAEE0540BFEF}" = VAIO Data Restore Tool
"{5855C127-1F20-404D-B7FB-1FD84D7EAB5E}" = VAIO Media Redistribution 6.0
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{5888428E-699C-4E71-BF71-94EE06B497DA}" = TuneUp Utilities 2008
"{5F12E9D1-402C-4672-86D7-52E86A3A1411}" = VAIO Content Importer  VAIO Content Exporter
"{6110F38A-5BE6-4199-AC96-D2DD6B4A3ADE}" = VAIO Content Metadata Intelligent Analyzing Manager
"{6332AFF1-9D9A-429C-AA03-F82749FA4F49}" = SonicStage Mastering Studio
"{63A6E9A9-A190-46D4-9430-2DB28654AFD8}" = Norton 360
"{68A69CFF-130D-4CDE-AB0E-7374ECB144C8}" = VAIO Content Importer / VAIO Content Exporter
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6B1F20F2-6321-4669-A58C-33DF8E7517FF}" = VAIO Entertainment Platform
"{6C0A559F-8583-4B5A-8B50-20BEE15D8E64}" = Nuance PaperPort 12
"{6D2576EC-A0E9-418A-A09A-409933A3B6F4}" = VAIO Camera Capture Utility
"{6FA8BA2C-052B-4072-B8E2-2302C268BE9E}" = VAIO Movie Story Template Data
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser und SDK
"{72042FA6-5609-489F-A8EA-3C2DD650F667}" = VAIO Control Center
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{785EB1D4-ECEC-4195-99B4-73C47E187721}" = VAIO Media Integrated Server 6.1
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7C404084-C5A6-42FF-B731-0BAC79A6E134}" = VAIO Original Funktion Einstellungen
"{7EE873AF-46BB-4B5D-BA6F-CFE4B0566E22}" = TuneUp Utilities Language Pack (de-DE)
"{802889F8-6AF5-45A5-9764-CA5B999E50FC}" = VAIO Power Management
"{82D5BACA-3619-4D34-99DB-3A65CFB4DA33}" = DSD Direct
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{850C7BD3-9F3F-46AD-9396-E7985B38C55E}" = Windows Live Fotogalerie
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{91A4AD99-69CE-4745-97B7-0E0DFBECFDE5}" = Adobe Illustrator CS
"{934A3213-1CB6-4264-84A2-EE080C017BCA}" = VAIO Tender Green Wallpaper
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95229EF6-F4A1-413A-BA50-668311FAFE19}" = VAIO Original Function Settings
"{97BCD719-6ECB-458F-97D6-F38D2E07375E}" = VAIO Aqua Breeze Wallpaper
"{98EA51C9-B0B0-45BC-8641-3E119EA47D7B}" = Sony Ericsson Media Manager 1.2
"{98FC7A64-774B-49B5-B046-4B4EBC053FA9}" = VAIO MusicBox Sample Music
"{99ECF41F-5CCA-42BD-B8B8-A8333E2E2944}" = iTunes
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9AB83A3C-604D-4B4F-AA25-A23A3FC39844}" = ArcSoft Magic-i Visual Effects Installer
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C1C8A04-F8CA-4472-A92D-4288CE32DE86}" = SonicStage Mastering Studio Plugins
"{9CF4A37B-A8C4-44D7-8C53-13B9D9594BB2}" = Paint.NET v3.5.8
"{9D12A8B5-9D41-4465-BF11-70719EB0CD02}" = VU5x86
"{9E407618-D9CD-4F39-9490-9ED45294073D}" = Click to DVD 2.0.05 Menu Data
"{9FA8B5F5-4BDC-4CF4-9202-AA97FF79AE98}" = VAIO Media
"{9FF95DA2-7DA1-4228-93B7-DED7EC02B6B2}" = VAIO Update
"{A3563827-B0DB-44DC-B037-15CC4E5E692F}" = VAIO Content Metadata XML Interface Library
"{A6CC2CA2-2779-4F10-88BF-A3C9EB874C24}" = SweetIM Toolbar for Internet Explorer 3.9
"{A7DA438C-2E43-4C20-BFDA-C1F4A6208558}" = Setting Utility Series
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.4)
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{AF9A04EB-7D8E-41DE-9EDE-4AB9BB2B71B6}" = VAIO Media Registration Tool 6.0
"{AFBA0609-EB70-43CB-B11C-294EDADFA101}" = 
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B7FB0C86-41A4-4402-9A33-912C462042A0}" = Roxio Easy Media Creator Home
"{B92C5909-1D37-4C51-8397-A28BB28E5DC3}" = Facebook Video Calling 1.2.0.287
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CCD663AE-610D-4BDF-AAB0-E914B044527D}" = OpenMG Secure Module 4.7.00
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}" = TuneUp Utilities
"{DF7DB916-90E5-40F2-9010-B8125EB5FD6F}" = SonicStage Mastering Studio Audio Filter
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E4D96ABB-E0D8-4CA4-856E-A2703F5490F0}" = VAIO Content Metadata Intelligent Analyzing Manager
"{E66BB7B9-EC7B-45A6-B479-AD43A9B32AA0}" = SonicStage Mastering Studio
"{E809063C-51A3-4269-8984-D1EB742F2151}" = Click to DVD 2.6.00
"{E89D31F3-7F6C-47A3-8669-0A8DDE27B664}" = VAIO Media Registration Tool
"{EC37A846-53AC-4DA7-98FA-76A4E74AA900}" = Benutzerdefinierte Voreinstellungen für SonicStage Mastering Studio Audio Filter
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{EFCEF949-9821-4759-A573-3EB8C857DF46}" = Windows Live Family Safety
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0D85ADD-DD61-4B43-87A0-6DA52A211A8B}" = VAIO Event Service
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FAA6B94E-78A7-489C-B2DB-050D9FEBFADA}" = VAIO Content Metadata Intelligent Analyzing Manager
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe SVG Viewer" = Adobe SVG Viewer 3.0
"Alice Software" = Alice Software 4.9.2
"Avira AntiVir Desktop" = Avira Free Antivirus
"CCleaner" = CCleaner
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_104D0200" = HDAUDIO SoftV92 Data Fax Modem with SmartCP
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"doPDF 6  printer_is1" = doPDF 6.2  printer
"dt icon module" = 
"eBay HTML" = 
"Free FLV Converter_is1" = Free FLV Converter V 4.9
"gtfirstboot Setting Request" = 
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"Inkscape" = Inkscape 0.48.3.1
"InstallShield_{CCD663AE-610D-4BDF-AAB0-E914B044527D}" = OpenMG Secure Module 4.7.00
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mobile Partner" = Mobile Partner
"Mozilla Firefox 21.0 (x86 ru)" = Mozilla Firefox 21.0 (x86 ru)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIA Drivers" = NVIDIA Drivers
"OpenMG HotFix4.7-07-13-22-01" = OpenMG Limited Patch 4.7-07-15-19-01
"Opera 12.15.1748" = Opera 12.15
"Premiere Internet TV_is1" = Premiere Internet TV Version 1.3.0
"RealPlayer 12.0" = RealPlayer
"Steam App 10620" = Empire: Total War Demo
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TuneUp Utilities" = TuneUp Utilities
"VAIO Help and Support" = 
"VAIO MFU Module" = 
"VAIO Xblack Contents" = VAIO Xblack Contents
"WinLiveSuite_Wave3" = Windows Live Essentials
"WOLAPI" = Gemeinsam genutzte Internet-Komponenten von Westwood
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-723902195-3043266244-887298501-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Game Organizer" = EasyBits GO
"JNLP" = JNLP
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 27.06.2013 13:49:30 | Computer Name = Osteria-PC | Source = ESENT | ID = 455
Description = Catalog Database (1604) Catalog Database: Fehler -1811 beim Öffnen
 von Protokolldatei C:\Windows\system32\CatRoot2\edb002A4.log.
 
Error - 27.06.2013 13:49:30 | Computer Name = Osteria-PC | Source = Microsoft-Windows-CAPI2 | ID = 131329
Description = 
 
Error - 27.06.2013 14:05:14 | Computer Name = Osteria-PC | Source = LoadPerf | ID = 3012
Description = 
 
Error - 27.06.2013 14:05:14 | Computer Name = Osteria-PC | Source = LoadPerf | ID = 3012
Description = 
 
Error - 27.06.2013 14:05:14 | Computer Name = Osteria-PC | Source = LoadPerf | ID = 3011
Description = 
 
Error - 27.06.2013 14:16:10 | Computer Name = Osteria-PC | Source = LoadPerf | ID = 3012
Description = 
 
Error - 27.06.2013 14:16:10 | Computer Name = Osteria-PC | Source = LoadPerf | ID = 3012
Description = 
 
Error - 27.06.2013 14:16:10 | Computer Name = Osteria-PC | Source = LoadPerf | ID = 3011
Description = 
 
Error - 27.06.2013 14:58:58 | Computer Name = Osteria-PC | Source = VzCdbSvc | ID = 7
Description = Das Plug-In-Modul konnte nicht geladen werden. (GUID = {56F9312C-C989-4E04-8C23-299DEE3A36F5})
 (Fehlercode = 0x80042019)
 
Error - 27.06.2013 15:31:52 | Computer Name = Osteria-PC | Source = VzCdbSvc | ID = 7
Description = Das Plug-In-Modul konnte nicht geladen werden. (GUID = {56F9312C-C989-4E04-8C23-299DEE3A36F5})
 (Fehlercode = 0x80042019)
 
[ Media Center Events ]
Error - 23.03.2009 16:05:00 | Computer Name = Osteria-PC | Source = McrMgr | ID = 109
Description = 
 
Error - 23.03.2009 16:07:23 | Computer Name = Osteria-PC | Source = McrMgr | ID = 109
Description = 
 
Error - 23.03.2009 16:09:49 | Computer Name = Osteria-PC | Source = McrMgr | ID = 109
Description = 
 
Error - 21.08.2009 17:30:48 | Computer Name = Osteria-PC | Source = McrMgr | ID = 109
Description = 
 
Error - 22.08.2009 10:46:37 | Computer Name = Osteria-PC | Source = McrMgr | ID = 109
Description = 
 
Error - 22.08.2009 10:49:16 | Computer Name = Osteria-PC | Source = McrMgr | ID = 109
Description = 
 
Error - 24.08.2009 12:59:28 | Computer Name = Osteria-PC | Source = McrMgr | ID = 109
Description = 
 
Error - 19.09.2009 10:03:59 | Computer Name = Osteria-PC | Source = Mcx2Svc | ID = 301
Description = 
 
Error - 29.11.2009 13:28:19 | Computer Name = Osteria-PC | Source = McrMgr | ID = 109
Description = 
 
Error - 19.08.2010 10:12:17 | Computer Name = Osteria-PC | Source = McrMgr | ID = 109
Description = 
 
[ OSession Events ]
Error - 29.08.2011 12:42:52 | Computer Name = Osteria-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 2
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 29.08.2011 12:47:34 | Computer Name = Osteria-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 2
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 04.10.2011 13:26:51 | Computer Name = Osteria-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 2
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 07.11.2011 13:19:03 | Computer Name = Osteria-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 2
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 04.08.2012 12:39:49 | Computer Name = Osteria-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 9
 seconds with 0 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 27.06.2013 14:20:41 | Computer Name = Osteria-PC | Source = Service Control Manager | ID = 7034
Description = 
 
Error - 27.06.2013 14:21:57 | Computer Name = Osteria-PC | Source = Service Control Manager | ID = 7030
Description = 
 
Error - 27.06.2013 14:31:19 | Computer Name = Osteria-PC | Source = Service Control Manager | ID = 7030
Description = 
 
Error - 27.06.2013 14:40:02 | Computer Name = Osteria-PC | Source = Service Control Manager | ID = 7030
Description = 
 
Error - 27.06.2013 14:58:51 | Computer Name = Osteria-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 27.06.2013 15:02:51 | Computer Name = Osteria-PC | Source = Service Control Manager | ID = 7009
Description = 
 
Error - 27.06.2013 15:02:51 | Computer Name = Osteria-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 27.06.2013 15:05:09 | Computer Name = Osteria-PC | Source = Service Control Manager | ID = 7022
Description = 
 
Error - 27.06.2013 15:06:14 | Computer Name = Osteria-PC | Source = DCOM | ID = 10010
Description = 
 
Error - 27.06.2013 15:31:51 | Computer Name = Osteria-PC | Source = Service Control Manager | ID = 7000
Description = 
 
 
< End of report >

hoffentlich wars das jetzt...
ich sage jetzt schon vielen herzlichen dank, top forum, top hilfe!

M-K-D-B · 28.06.2013, 19:21

Servus,

Nein, das wars noch nicht.

So geht es weiter:

Schritt 1
Combofix-Skript

WARNUNG für die MITLESER:
Folgendes ComboFix Skript ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!
Lösche die vorhandene Combofix.exe von deinem Desktop und lade das Programm von folgenden Download-Spiegel neu herunter: Link

Speichere es erneut auf dem Desktop (nicht woanders hin, das ist wichtig)!

Drücke die Windows + R Taste --> notepad (hinein schreiben) --> OK
Kopiere nun den Text aus der folgenden Codebox komplett in das leere Textdokument.
Code:
ATTFilter
Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SweetIM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"LosAlamos"=-
         
Speichere dies als CFScript.txt auf deinem Desktop.

Wichtig: Stelle deine Anti Viren Software temporär ab. Dies kann ComboFix nämlich bei der Arbeit behindern.
Danach wieder anstellen nicht vergessen!

Schließe alle laufenden Programme damit ComboFix ungehindert arbeiten kann.

Ziehe CFScript.txt in die ComboFix.exe wie in diesem Bild:

Mache nichts am Computer, bewege nicht die Maus über das ComboFix-Fenster oder klicke in dieses hinein. Dies kann dazu führen, dass ComboFix sich aufhängt.

Wenn ComboFix fertig ist wird es ein Log erstellen: C:\ComboFix.txt
Bitte füge es hier als Antwort (in CODE-Tags mit dem #-Button des Editors) ein.
Hinweis:
Suspect:: und Collect::
Falls im Skript diese Anweisungen enthalten sind, sollen Dateien zur Analyse eingeschickt werden. Es erscheint eine Message-Box, nachdem Combofix fertig ist. Klicke OK und folge den Aufforderungen/Anweisungen, um die Dateien hochzuladen. Teile mir unbedingt mit, ob der Upload geklappt hat!

Schritt 2
Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Schritt 3

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

Bitte poste mit deiner nächsten Antwort

die Logdatei von ComboFix,
die Logdatei von AdwCleaner,
die Logdatei von JRT.

ponglenis · 29.06.2013, 16:37

Combofix:

Code:

ATTFilter

ComboFix 13-06-28.02 - Osteria 29.06.2013  16:28:34.1.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.49.1031.18.2046.990 [GMT 2:00]
ausgeführt von:: c:\users\Osteria\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\Osteria\Desktop\CFScript.txt
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Osteria\AppData\Roaming\Microsoft\Windows\Recent\????? 1 ??????? ??????.url . . . . Nicht in der Lage zu löschen
c:\users\Osteria\AppData\Roaming\Microsoft\Windows\Recent\Fishki.Net - ??????? ? ??? ??? ??????? (?????)  ??????? ?????.url . . . . Nicht in der Lage zu löschen
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-05-28 bis 2013-06-29  ))))))))))))))))))))))))))))))
.
.
2013-06-29 14:39 . 2013-06-29 14:43	--------	d-----w-	c:\users\Osteria\AppData\Local\temp
2013-06-29 14:39 . 2013-06-29 14:39	--------	d-----w-	c:\users\Mcx1\AppData\Local\temp
2013-06-29 14:39 . 2013-06-29 14:39	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-06-27 18:14 . 2013-05-08 04:37	905576	----a-w-	c:\windows\system32\drivers\tcpip.sys
2013-06-27 18:13 . 2013-04-24 01:46	812544	----a-w-	c:\windows\system32\certutil.exe
2013-06-27 18:13 . 2013-04-24 04:00	985600	----a-w-	c:\windows\system32\crypt32.dll
2013-06-27 18:13 . 2013-04-24 04:00	98304	----a-w-	c:\windows\system32\cryptnet.dll
2013-06-27 18:13 . 2013-04-24 04:00	133120	----a-w-	c:\windows\system32\cryptsvc.dll
2013-06-27 18:13 . 2013-04-24 04:00	41984	----a-w-	c:\windows\system32\certenc.dll
2013-06-27 18:13 . 2013-05-02 22:03	3603832	----a-w-	c:\windows\system32\ntkrnlpa.exe
2013-06-27 18:13 . 2013-05-02 22:03	3551096	----a-w-	c:\windows\system32\ntoskrnl.exe
2013-06-27 18:13 . 2013-04-17 12:30	24576	----a-w-	c:\windows\system32\cryptdlg.dll
2013-06-27 14:44 . 2013-06-27 18:37	--------	d-----w-	C:\FRST
2013-06-25 10:31 . 2013-06-27 15:14	--------	d-----w-	C:\e4c96dea219e64f8c868cace7c
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-27 21:24 . 2012-07-30 09:24	692104	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2013-06-27 21:24 . 2011-07-16 22:50	71048	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2013-06-17 00:10 . 2013-06-28 13:15	7068072	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{841EE5A3-CB0D-41D5-83DA-625402489374}\mpengine.dll
2013-05-16 22:28 . 2013-06-28 01:06	1129472	----a-w-	c:\windows\system32\wininet.dll
2013-05-16 22:20 . 2013-06-28 01:06	420864	----a-w-	c:\windows\system32\vbscript.dll
2013-05-02 04:04 . 2013-06-27 18:13	443904	----a-w-	c:\windows\system32\win32spl.dll
2013-05-02 04:03 . 2013-06-27 18:13	37376	----a-w-	c:\windows\system32\printcom.dll
2013-05-02 00:06 . 2009-10-02 23:24	238872	------w-	c:\windows\system32\MpSigStub.exe
2013-04-15 14:20 . 2013-05-15 08:20	638328	----a-w-	c:\windows\system32\drivers\dxgkrnl.sys
2013-04-13 10:56 . 2013-05-15 08:20	37376	----a-w-	c:\windows\system32\cdd.dll
2013-04-09 01:36 . 2013-05-15 08:20	2049024	----a-w-	c:\windows\system32\win32k.sys
2009-02-24 19:34 . 2013-05-24 13:35	1044480	----a-w-	c:\program files\mozilla firefox\plugins\libdivx.dll
2009-02-24 19:34 . 2013-05-24 13:35	200704	----a-w-	c:\program files\mozilla firefox\plugins\ssldivx.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"SealOne"="c:\users\Osteria\AppData\Roaming\Seal One\SealOne.exe" [2012-12-27 280600]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2007-06-26 4489216]
"Skytel"="Skytel.exe" [2007-06-26 1826816]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-03-10 835584]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-07-20 182808]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-08-01 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-08-01 8429568]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"ControlCenter4"="c:\program files\ControlCenter4\BrCcBoot.exe" [2012-09-06 143360]
"BrStsMon00"="c:\program files\Browny02\Brother\BrStMonW.exe" [2012-06-06 3076096]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2013-05-02 345312]
.
c:\users\Osteria\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Audio Filter.lnk - c:\program files\Sony\SonicStage Mastering Studio\Audio Filter\SSMSFilter.exe [2007-9-5 5742136]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2012-8-6 110592]
BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-7-3 739880]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2007-07-24 17:26	98304	----a-w-	c:\windows\System32\VESWinlogon.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
backup=c:\windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]
2008-11-22 19:34	4608	----a-w-	c:\program files\Alcohol Soft\Alcohol 120\AxCmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppMon Utility]
2007-07-12 13:39	534392	----a-w-	c:\program files\Sony\AppMonUtil\AppMonUtility.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Facebook Update]
2012-07-12 10:41	138096	----atw-	c:\users\Osteria\AppData\Local\Facebook\Update\FacebookUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2007-08-01 00:17	81920	----a-w-	c:\windows\System32\nvmctray.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PaperPort PTD]
2010-03-08 23:42	29984	----a-w-	c:\program files\Nuance\PaperPort\pptd40nt.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-05-26 15:18	413696	----a-w-	c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2009-04-11 06:28	1233920	----a-w-	c:\program files\Windows Sidebar\sidebar.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2013-02-15 12:08	1597864	----a-w-	c:\program files\Steam\steam.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ISUSPM"=c:\programdata\FLEXnet\Connect\11\ISUSPM.exe -scheduler
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs	REG_MULTI_SZ   	BthServ
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	FontCache
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
UxTuneUp
.
Inhalt des "geplante Tasks" Ordners
.
2013-06-29 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-30 21:24]
.
2013-06-29 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-723902195-3043266244-887298501-1000Core.job
- c:\users\Osteria\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-11-20 10:41]
.
2013-06-29 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-723902195-3043266244-887298501-1000UA.job
- c:\users\Osteria\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-11-20 10:41]
.
2013-06-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-25 17:56]
.
2013-06-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-25 17:56]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
mStart Page = hxxp://home.sweetim.com
uInternet Settings,ProxyOverride = <local>;*.local
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Osteria\AppData\Roaming\Mozilla\Firefox\Profiles\b9sabiz4.default\
FF - prefs.js: browser.search.defaulturl - hxxp://homepage.am/?q=
FF - prefs.js: browser.search.selectedEngine - mail.ru: ÐŸÐ¾Ð¸ÑÐº Ð² Ð˜Ð½Ñ‚ÐµÑ€Ð½ÐµÑ‚Ðµ
FF - prefs.js: browser.startup.homepage - hxxp://google.ru/
FF - prefs.js: keyword.URL - hxxp://go.mail.ru/search?utf8in=1&fr=fftbUFix&q=
FF - ExtSQL: !HIDDEN! 2009-06-25 23:14; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2013-06-29 16:45
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse... 
.
Scanne versteckte Autostarteinträge... 
.
Scanne versteckte Dateien... 
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'Explorer.exe'(4436)
c:\windows\system32\btmmhook.dll
c:\windows\system32\btncopy.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files\Avira\AntiVir Desktop\sched.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Microsoft\BingBar\7.1.391.0\BBSvc.exe
c:\program files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
c:\program files\Nuance\PaperPort\PDFProFiltSrvPP.exe
c:\windows\system32\stacsv.exe
c:\program files\Sony\Wireless Switch Setting Utility\Switcher.exe
c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
c:\program files\Sony\VAIO Event Service\VESMgr.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
c:\program files\Sony\VAIO Event Service\VESMgrSub.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\program files\Spybot - Search & Destroy\SDWinSec.exe
c:\program files\Sony\VAIO Power Management\SPMgr.exe
c:\windows\System32\WUDFHost.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
c:\windows\system32\conime.exe
c:\windows\RtHDVCpl.exe
c:\windows\System32\rundll32.exe
c:\program files\ControlCenter4\BrCtrlCntr.exe
c:\program files\TuneUp Utilities 2010\TuneUpSystemStatusCheck.exe
c:\windows\ehome\ehmsas.exe
c:\program files\Sony\VAIO Update\VAIOUpdt.exe
c:\users\Osteria\AppData\Local\Temp\Seal One\SealOne.exe
c:\program files\Browny02\BrYNSvc.exe
c:\program files\ControlCenter4\BrCcUxSys.exe
c:\program files\Sony\VAIO Update\VUAgent.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\servicing\TrustedInstaller.exe
c:\program files\Microsoft\BingBar\7.1.391.0\SeaPort.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2013-06-29  16:51:58 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2013-06-29 14:51
ComboFix2.txt  2013-06-27 19:09
.
Vor Suchlauf: 21 Verzeichnis(se), 99.513.413.632 Bytes frei
Nach Suchlauf: 22 Verzeichnis(se), 99.522.179.072 Bytes frei
.
- - End Of File - - 66BD5FECAFA73F2BF3ADB5C517D5D54E
5C616939100B85E558DA92B899A0FC36

AdwCleaner:

Code:

ATTFilter

# AdwCleaner v2.303 - Datei am 29/06/2013 um 17:12:05 erstellt
# Aktualisiert am 08/06/2013 von Xplode
# Betriebssystem : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# Benutzer : Osteria - OSTERIA-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Osteria\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gelöscht : C:\Program Files\Mozilla FireFox\Components\AskSearch.js
Datei Gelöscht : C:\Users\Mcx1\Desktop\eBay.lnk
Datei Gelöscht : C:\Users\Osteria\AppData\Roaming\Mozilla\Firefox\Profiles\b9sabiz4.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi
Datei Gelöscht : C:\Users\Osteria\AppData\Roaming\Mozilla\Firefox\Profiles\b9sabiz4.default\searchplugins\Ask.xml
Datei Gelöscht : C:\Users\Osteria\AppData\Roaming\Mozilla\Firefox\Profiles\b9sabiz4.default\searchplugins\Conduit.xml
Datei Gelöscht : C:\Users\Osteria\AppData\Roaming\Mozilla\Firefox\Profiles\b9sabiz4.default\searchplugins\SweetIm.xml
Ordner Gelöscht : C:\Program Files\Conduit
Ordner Gelöscht : C:\Program Files\SweetIM
Ordner Gelöscht : C:\ProgramData\SweetIM
Ordner Gelöscht : C:\Users\Osteria\AppData\Local\PackageAware
Ordner Gelöscht : C:\Users\Osteria\AppData\LocalLow\Conduit
Ordner Gelöscht : C:\Users\Osteria\AppData\LocalLow\FunWebProducts
Ordner Gelöscht : C:\Users\Osteria\AppData\LocalLow\MyWebSearch
Ordner Gelöscht : C:\Users\Osteria\AppData\LocalLow\PriceGong
Ordner Gelöscht : C:\Users\Osteria\AppData\LocalLow\SweetIM
Ordner Gelöscht : C:\Users\Osteria\AppData\Roaming\Mozilla\Firefox\Profiles\b9sabiz4.default\Conduit
Ordner Gelöscht : C:\Users\Osteria\AppData\Roaming\Mozilla\Firefox\Profiles\b9sabiz4.default\ConduitEngine
Ordner Gelöscht : C:\Users\Osteria\AppData\Roaming\Mozilla\Firefox\Profiles\b9sabiz4.default\CT2431245
Ordner Gelöscht : C:\Users\Osteria\AppData\Roaming\Mozilla\Firefox\Profiles\b9sabiz4.default\CT2719325
Ordner Gelöscht : C:\Users\Osteria\AppData\Roaming\Mozilla\Firefox\Profiles\b9sabiz4.default\extensions\{76aeea42-e04a-4b62-83ab-df4b2be2541e}
Ordner Gelöscht : C:\Users\Osteria\AppData\Roaming\Mozilla\Firefox\Profiles\b9sabiz4.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}
Ordner Gelöscht : C:\Users\Osteria\AppData\Roaming\Mozilla\Firefox\Profiles\b9sabiz4.default\extensions\engine@conduit.com
Ordner Gelöscht : C:\Users\Osteria\AppData\Roaming\Mozilla\Firefox\Profiles\b9sabiz4.default\SweetIMToolbarData

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\FocusInteractive
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Fun Web Products
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\FunWebProducts
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\MyWebSearch
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\PriceGong
Schlüssel Gelöscht : HKCU\Software\AskSearchAsst
Schlüssel Gelöscht : HKCU\Software\Microsoft\SystemCertificates\TrustedPublisher\Certificates\7EE743314C844C7F445B8B1D7617612DF1FDD50F
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{08ED8855-4C2E-429B-A878-F129E1F624FA}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{A6CC2CA2-2779-4F10-88BF-A3C9EB874C24}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\mywebsearch bar uninstall
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\YahooPartnerToolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{82AC53B4-164C-4B07-A016-437A8388B81A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{A4A0CB15-8465-4F58-A7E5-73084EA2A064}
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Features\90C64EA18BA25EE488BF80DCF07F2FFD
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Products\90C64EA18BA25EE488BF80DCF07F2FFD
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A439801C-961D-452C-AB42-7848E9CBD289}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{F4EBB1E2-21F3-4786-8CF4-16EC5925867F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\MediaPlayer.GraphicsUtils
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\MediaPlayer.GraphicsUtils.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\MgMediaPlayer.GifAnimator
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\MgMediaPlayer.GifAnimator.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2431245
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2719325
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{4D3B167E-5FD8-4276-8FD7-9DF19C1E4D19}
Schlüssel Gelöscht : HKLM\Software\Conduit
Schlüssel Gelöscht : HKLM\Software\ImInstaller
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EEE6C367-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CF739809-1C6C-47C0-85B9-569DBB141420}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\SweetIM.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\789034A89BAC50E4782F0A7BDBF75632
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\A97CEC23332751B47BA4B95BAA50C9D0
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\02F47BF73B948514FAACADD8CBBDF37D
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\07D5290CDBDAE4242926B8E6CA650501
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\080D9F5E1E95FEE4794CE438E635239E
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08E33F7B61DEFF24BB9673ED7D467636
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E3D8A5B48622A445A7DF73FEFF32C3F
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1E264E0A5959A1C46BA9175A878B12EA
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2E6768B6932D112438F047C54D180635
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\34EDDB1BFB3A2D448845F3EFD0F15A43
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\351716A953E21214898904032EAE2E81
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\397C771A7BCAC904697C3EC629ED33ED
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\427EA997C413D1D47907CBFC7B2DB432
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4318DF19719275242801CBE292063A4C
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\45FC115D1FEAEF849A4E1610D6EC8BF0
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\46A5861A389ADB844AF89E31BC9DF0A1
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49B0E1A6FF50BBE4289E4E23DE6EA0C7
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4CCCAC049F34D0540AAC13011398BEDB
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5C4389D0BFB302C479DE4178BD5D9EBA
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5D2B09BDEF4FE54418E6F3373CDBC7AC
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\61B65D3397A1FBF4CB1571B5E4F6B5B0
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\68E8A05C60DD9254591DBD16C94EDDBF
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\697E782CF574CC34CBB9566440BA12BC
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\69D6A6B2ED56AF24EA6335EAD6E91CA4
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AE27A8613CF7EA4782F2886F67295E5
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7CE172051F585E04187BCB97570BFA74
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7FFA128C2B0FF414D805FC5627883401
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\86A901BA5265452499DCBF719C378EE3
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\88ABD1CD5C40EC84789A7F6EF86DAC5E
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\97C3D0F82E712E241A2F969F45E3351C
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\980289C22F80A7C4BB9323DC61255E4E
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\98CC8BF5A4A6E6C4ABF7051DDAB8B058
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9A4B7EF3789F871419D9302583B20C15
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A189D17A469616C4688D23E192996267
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A6C53B0F76C44004A8F36716213017DB
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B59F2D8189784CC46A4597F2842480B0
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BD746FB95FB8E5B45BF66BE54D5FD91F
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BF4F885EDEE45644EB1E0C99E0162399
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CCF399FCD6D2D3F46BF02A1378654FC9
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D149C1355C98DE24E82CEFBD996FE06A
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D15DAF33C220F91468A1D7D57C31ACD7
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D3BA76A44C779424889063D5098ED2D6
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D6D0EB9FDBD90C04D92A7E729058F10D
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DB59FDB786388EA4D897F3EE715683AC
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DB8DAD19CFBCC2049A4477183787E8C5
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E1C820A74ED67374BA048B52CB3C3804
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E4748F9A4181FCE46A23C13B517B9420
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EC65F200D112357449C8B1BC3CFA03D0
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F327D0C73C0973644A21E8CC852267A0
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F754C503375A13344B22388E18DFE87E
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FA96423FE2B98E248A3B23548D1E22D9
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\90C64EA18BA25EE488BF80DCF07F2FFD
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{08ED8855-4C2E-429B-A878-F129E1F624FA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A6CC2CA2-2779-4F10-88BF-A3C9EB874C24}
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs [C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelperApp.exe]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs [C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarProxy.dll]

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16490

Ersetzt : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - Start Page] = hxxp://home.sweetim.com --> hxxp://www.google.com

-\\ Mozilla Firefox v21.0 (ru)

Datei : C:\Users\Osteria\AppData\Roaming\Mozilla\Firefox\Profiles\b9sabiz4.default\prefs.js

C:\Users\Osteria\AppData\Roaming\Mozilla\Firefox\Profiles\b9sabiz4.default\user.js ... Gelöscht !

Gelöscht : user_pref("CT2431245.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Gelöscht : user_pref("CT2431245.CTID", "CT2431245");
Gelöscht : user_pref("CT2431245.CurrentServerDate", "21-10-2010");
Gelöscht : user_pref("CT2431245.DialogsAlignMode", "LTR");
Gelöscht : user_pref("CT2431245.DownloadReferralCookieData", "");
Gelöscht : user_pref("CT2431245.EMailNotifierPollDate", "Thu Oct 21 2010 22:11:02 GMT+0200");
Gelöscht : user_pref("CT2431245.FeedLastCount129009402595187825", 1107);
Gelöscht : user_pref("CT2431245.FeedPollDate7470634014180506963", "Thu Oct 21 2010 21:50:28 GMT+0200");
Gelöscht : user_pref("CT2431245.FeedPollDate7470634014269327586", "Thu Oct 21 2010 21:50:26 GMT+0200");
Gelöscht : user_pref("CT2431245.FeedPollDate7470634014329599698", "Thu Oct 21 2010 21:50:27 GMT+0200");
Gelöscht : user_pref("CT2431245.FeedPollDate7470634014537505092", "Thu Oct 21 2010 21:50:27 GMT+0200");
Gelöscht : user_pref("CT2431245.FeedPollDate7470634014970726540", "Thu Oct 21 2010 21:50:27 GMT+0200");
Gelöscht : user_pref("CT2431245.FeedPollDate7470634015410831318", "Thu Oct 21 2010 19:54:31 GMT+0200");
Gelöscht : user_pref("CT2431245.FeedPollDate7470634015483395460", "Thu Oct 21 2010 21:50:28 GMT+0200");
Gelöscht : user_pref("CT2431245.FeedPollDate7470634015636754705", "Thu Oct 21 2010 21:50:28 GMT+0200");
Gelöscht : user_pref("CT2431245.FeedPollDate7470634015768347545", "Thu Oct 21 2010 21:50:27 GMT+0200");
Gelöscht : user_pref("CT2431245.FeedPollDate7470634015855543602", "Thu Oct 21 2010 21:50:27 GMT+0200");
Gelöscht : user_pref("CT2431245.FeedPollDate7470634016030710453", "Thu Oct 21 2010 21:50:26 GMT+0200");
Gelöscht : user_pref("CT2431245.FeedPollDate7470634016114705611", "Thu Oct 21 2010 21:50:28 GMT+0200");
Gelöscht : user_pref("CT2431245.FeedPollDate7470634016129205152", "Thu Oct 21 2010 19:54:31 GMT+0200");
Gelöscht : user_pref("CT2431245.FeedPollDate7470634016143724791", "Thu Oct 21 2010 19:54:31 GMT+0200");
Gelöscht : user_pref("CT2431245.FeedPollDate7470634016271239162", "Thu Oct 21 2010 19:54:31 GMT+0200");
Gelöscht : user_pref("CT2431245.FeedPollDate7470634016568520719", "Thu Oct 21 2010 21:50:28 GMT+0200");
Gelöscht : user_pref("CT2431245.FeedPollDate7470634016726993788", "Thu Oct 21 2010 21:50:26 GMT+0200");
Gelöscht : user_pref("CT2431245.FeedPollDate7470634017109031809", "Thu Oct 21 2010 21:50:28 GMT+0200");
Gelöscht : user_pref("CT2431245.FeedPollDate7470634017132743740", "Thu Oct 21 2010 21:50:27 GMT+0200");
Gelöscht : user_pref("CT2431245.FeedPollDate7470634017299547668", "Thu Oct 21 2010 21:50:28 GMT+0200");
Gelöscht : user_pref("CT2431245.FeedPollDate7470634017302327846", "Thu Oct 21 2010 21:50:27 GMT+0200");
Gelöscht : user_pref("CT2431245.FeedPollDate7470634017344111490", "Thu Oct 21 2010 21:50:27 GMT+0200");
Gelöscht : user_pref("CT2431245.FeedPollDate7470634017478360748", "Thu Oct 21 2010 19:54:31 GMT+0200");
Gelöscht : user_pref("CT2431245.FeedPollDate7470634017732797593", "Thu Oct 21 2010 21:50:27 GMT+0200");
Gelöscht : user_pref("CT2431245.FeedPollDate7470634017821686064", "Thu Oct 21 2010 19:54:31 GMT+0200");
Gelöscht : user_pref("CT2431245.FeedPollDate7470634018090228721", "Thu Oct 21 2010 21:50:28 GMT+0200");
Gelöscht : user_pref("CT2431245.FeedTTL7470634014269327586", 5);
Gelöscht : user_pref("CT2431245.FeedTTL7470634014537505092", 5);
Gelöscht : user_pref("CT2431245.FeedTTL7470634014970726540", 2);
Gelöscht : user_pref("CT2431245.FeedTTL7470634015636754705", 5);
Gelöscht : user_pref("CT2431245.FeedTTL7470634016568520719", 30);
Gelöscht : user_pref("CT2431245.FirstServerDate", "13-9-2010");
Gelöscht : user_pref("CT2431245.FirstTime", true);
Gelöscht : user_pref("CT2431245.FirstTimeFF3", true);
Gelöscht : user_pref("CT2431245.FirstTimeSettingsDone", true);
Gelöscht : user_pref("CT2431245.FixPageNotFoundErrors", true);
Gelöscht : user_pref("CT2431245.GroupingServerCheckInterval", 1440);
Gelöscht : user_pref("CT2431245.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Gelöscht : user_pref("CT2431245.Initialize", true);
Gelöscht : user_pref("CT2431245.InitializeCommonPrefs", true);
Gelöscht : user_pref("CT2431245.InstallationAndCookieDataSentCount", 3);
Gelöscht : user_pref("CT2431245.InstallationType", "UnknownIntegration");
Gelöscht : user_pref("CT2431245.InstalledDate", "Mon Sep 13 2010 16:25:52 GMT+0200");
Gelöscht : user_pref("CT2431245.InvalidateCache", false);
Gelöscht : user_pref("CT2431245.IsGrouping", false);
Gelöscht : user_pref("CT2431245.IsMulticommunity", false);
Gelöscht : user_pref("CT2431245.IsOpenThankYouPage", false);
Gelöscht : user_pref("CT2431245.IsOpenUninstallPage", true);
Gelöscht : user_pref("CT2431245.LanguagePackLastCheckTime", "Thu Oct 21 2010 15:59:28 GMT+0200");
Gelöscht : user_pref("CT2431245.LanguagePackReloadIntervalMM", 1440);
Gelöscht : user_pref("CT2431245.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Gelöscht : user_pref("CT2431245.LastLogin_2.7.1.3", "Thu Oct 21 2010 19:26:24 GMT+0200");
Gelöscht : user_pref("CT2431245.LatestVersion", "2.7.2.0");
Gelöscht : user_pref("CT2431245.Locale", "de-de");
Gelöscht : user_pref("CT2431245.LoginCache", 4);
Gelöscht : user_pref("CT2431245.MCDetectTooltipHeight", "83");
Gelöscht : user_pref("CT2431245.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Gelöscht : user_pref("CT2431245.MCDetectTooltipWidth", "295");
Gelöscht : user_pref("CT2431245.RadioIsPodcast", false);
Gelöscht : user_pref("CT2431245.RadioLastCheckTime", "Thu Oct 21 2010 11:11:21 GMT+0200");
Gelöscht : user_pref("CT2431245.RadioLastUpdateIPServer", "3");
Gelöscht : user_pref("CT2431245.RadioLastUpdateServer", "129167771525870000");
Gelöscht : user_pref("CT2431245.RadioMediaID", "20503682");
Gelöscht : user_pref("CT2431245.RadioMediaType", "Media Player");
Gelöscht : user_pref("CT2431245.RadioMenuSelectedID", "EBRadioMenu_CT2431245_RECENT20503682");
Gelöscht : user_pref("CT2431245.RadioShrinked", "expanded");
Gelöscht : user_pref("CT2431245.RadioStationName", "FM%2080s%20%26%2090s%20(EURO)");
Gelöscht : user_pref("CT2431245.RadioStationURL", "hxxp://www.1.fm/TuneIn/WM/energy80s32k/Listen.aspx");
Gelöscht : user_pref("CT2431245.RadioVolume", "90");
Gelöscht : user_pref("CT2431245.SavedHomepage", "google.ru");
Gelöscht : user_pref("CT2431245.SearchEngine", "Suchen||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TER[...]
Gelöscht : user_pref("CT2431245.SearchFromAddressBarIsInit", true);
Gelöscht : user_pref("CT2431245.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT243[...]
Gelöscht : user_pref("CT2431245.SearchInNewTabEnabled", true);
Gelöscht : user_pref("CT2431245.SearchInNewTabIntervalMM", 1440);
Gelöscht : user_pref("CT2431245.SearchInNewTabLastCheckTime", "Thu Oct 21 2010 11:10:36 GMT+0200");
Gelöscht : user_pref("CT2431245.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Gelöscht : user_pref("CT2431245.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageServic[...]
Gelöscht : user_pref("CT2431245.SettingsCheckIntervalMin", 120);
Gelöscht : user_pref("CT2431245.SettingsLastCheckTime", "Thu Oct 21 2010 21:50:26 GMT+0200");
Gelöscht : user_pref("CT2431245.SettingsLastUpdate", "1286818167");
Gelöscht : user_pref("CT2431245.ThirdPartyComponentsInterval", 504);
Gelöscht : user_pref("CT2431245.ThirdPartyComponentsLastCheck", "Mon Oct 04 2010 16:51:31 GMT+0200");
Gelöscht : user_pref("CT2431245.ThirdPartyComponentsLastUpdate", "1255348257");
Gelöscht : user_pref("CT2431245.TrusteLinkUrl", "hxxp://www.truste.org/pvr.php?page=validate&softwareProgramId=[...]
Gelöscht : user_pref("CT2431245.UserID", "UN03928684062756771");
Gelöscht : user_pref("CT2431245.ValidationData_Search", 0);
Gelöscht : user_pref("CT2431245.ValidationData_Toolbar", 2);
Gelöscht : user_pref("CT2431245.WeatherNetwork", "");
Gelöscht : user_pref("CT2431245.WeatherPollDate", "Thu Oct 21 2010 21:50:27 GMT+0200");
Gelöscht : user_pref("CT2431245.WeatherUnit", "C");
Gelöscht : user_pref("CT2431245.alertChannelId", "825452");
Gelöscht : user_pref("CT2431245.backendstorage.hxxp://cmg1_conduit-widgets_com/pitsi.state", "4F50454E");
Gelöscht : user_pref("CT2431245.clientLogIsEnabled", true);
Gelöscht : user_pref("CT2431245.clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asm[...]
Gelöscht : user_pref("CT2431245.myStuffEnabled", true);
Gelöscht : user_pref("CT2431245.myStuffPublihserMinWidth", 400);
Gelöscht : user_pref("CT2431245.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Gelöscht : user_pref("CT2431245.myStuffServiceIntervalMM", 1440);
Gelöscht : user_pref("CT2431245.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Gelöscht : user_pref("CT2431245.uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Reg[...]
Gelöscht : user_pref("CT2719325.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Gelöscht : user_pref("CT2719325.CTID", "CT2719325");
Gelöscht : user_pref("CT2719325.CurrentServerDate", "21-10-2010");
Gelöscht : user_pref("CT2719325.DialogsAlignMode", "LTR");
Gelöscht : user_pref("CT2719325.DownloadReferralCookieData", "");
Gelöscht : user_pref("CT2719325.EMailNotifierPollDate", "Thu Oct 21 2010 22:11:01 GMT+0200");
Gelöscht : user_pref("CT2719325.FeedLastCount7577869347469948784", 1120);
Gelöscht : user_pref("CT2719325.FeedPollDate129255010923663813", "Thu Oct 21 2010 21:50:26 GMT+0200");
Gelöscht : user_pref("CT2719325.FeedPollDate129255010923663819", "Thu Oct 21 2010 21:50:26 GMT+0200");
Gelöscht : user_pref("CT2719325.FeedPollDate129255010923663825", "Thu Oct 21 2010 21:50:26 GMT+0200");
Gelöscht : user_pref("CT2719325.FeedPollDate129255010923663831", "Thu Oct 21 2010 21:50:26 GMT+0200");
Gelöscht : user_pref("CT2719325.FeedPollDate129255010923663837", "Thu Oct 21 2010 21:50:26 GMT+0200");
Gelöscht : user_pref("CT2719325.FeedPollDate129255010923820093", "Thu Oct 21 2010 21:50:27 GMT+0200");
Gelöscht : user_pref("CT2719325.FeedPollDate129255010923820099", "Thu Oct 21 2010 21:50:27 GMT+0200");
Gelöscht : user_pref("CT2719325.FeedPollDate129255010923820105", "Thu Oct 21 2010 21:50:27 GMT+0200");
Gelöscht : user_pref("CT2719325.FeedPollDate129255010923820111", "Thu Oct 21 2010 21:50:27 GMT+0200");
Gelöscht : user_pref("CT2719325.FeedPollDate129255010923820117", "Thu Oct 21 2010 21:50:27 GMT+0200");
Gelöscht : user_pref("CT2719325.FeedPollDate129255010923820123", "Thu Oct 21 2010 21:50:27 GMT+0200");
Gelöscht : user_pref("CT2719325.FeedPollDate129255010923820129", "Thu Oct 21 2010 21:50:27 GMT+0200");
Gelöscht : user_pref("CT2719325.FeedPollDate129255010923820135", "Thu Oct 21 2010 21:50:27 GMT+0200");
Gelöscht : user_pref("CT2719325.FeedPollDate129255010923820141", "Thu Oct 21 2010 21:50:28 GMT+0200");
Gelöscht : user_pref("CT2719325.FeedPollDate129255010923820147", "Thu Oct 21 2010 21:50:28 GMT+0200");
Gelöscht : user_pref("CT2719325.FeedPollDate129255010923820153", "Thu Oct 21 2010 21:50:28 GMT+0200");
Gelöscht : user_pref("CT2719325.FeedPollDate129255010923820159", "Thu Oct 21 2010 21:50:28 GMT+0200");
Gelöscht : user_pref("CT2719325.FeedPollDate129255010923820165", "Thu Oct 21 2010 21:50:28 GMT+0200");
Gelöscht : user_pref("CT2719325.FeedPollDate129255010923820171", "Thu Oct 21 2010 21:50:28 GMT+0200");
Gelöscht : user_pref("CT2719325.FeedPollDate129255010923820177", "Thu Oct 21 2010 19:54:31 GMT+0200");
Gelöscht : user_pref("CT2719325.FeedPollDate129255010923820183", "Thu Oct 21 2010 21:50:28 GMT+0200");
Gelöscht : user_pref("CT2719325.FeedPollDate129255010923820189", "Thu Oct 21 2010 19:54:31 GMT+0200");
Gelöscht : user_pref("CT2719325.FeedPollDate129255010923820195", "Thu Oct 21 2010 19:54:31 GMT+0200");
Gelöscht : user_pref("CT2719325.FeedPollDate129255010923820201", "Thu Oct 21 2010 19:54:31 GMT+0200");
Gelöscht : user_pref("CT2719325.FeedPollDate129255010923820207", "Thu Oct 21 2010 19:54:31 GMT+0200");
Gelöscht : user_pref("CT2719325.FeedPollDate129255010923820213", "Thu Oct 21 2010 19:54:31 GMT+0200");
Gelöscht : user_pref("CT2719325.FeedTTL129255010923663825", 5);
Gelöscht : user_pref("CT2719325.FeedTTL129255010923663831", 5);
Gelöscht : user_pref("CT2719325.FeedTTL129255010923820111", 2);
Gelöscht : user_pref("CT2719325.FeedTTL129255010923820141", 5);
Gelöscht : user_pref("CT2719325.FeedTTL129255010923820153", 30);
Gelöscht : user_pref("CT2719325.FirstServerDate", "30-8-2010");
Gelöscht : user_pref("CT2719325.FirstTime", true);
Gelöscht : user_pref("CT2719325.FirstTimeFF3", true);
Gelöscht : user_pref("CT2719325.FirstTimeSettingsDone", true);
Gelöscht : user_pref("CT2719325.FixPageNotFoundErrors", true);
Gelöscht : user_pref("CT2719325.GroupingServerCheckInterval", 1440);
Gelöscht : user_pref("CT2719325.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Gelöscht : user_pref("CT2719325.Initialize", true);
Gelöscht : user_pref("CT2719325.InitializeCommonPrefs", true);
Gelöscht : user_pref("CT2719325.InstallationAndCookieDataSentCount", 3);
Gelöscht : user_pref("CT2719325.InstallationType", "UnknownIntegration");
Gelöscht : user_pref("CT2719325.InstalledDate", "Mon Aug 30 2010 22:49:36 GMT+0200");
Gelöscht : user_pref("CT2719325.InvalidateCache", false);
Gelöscht : user_pref("CT2719325.IsGrouping", false);
Gelöscht : user_pref("CT2719325.IsMulticommunity", false);
Gelöscht : user_pref("CT2719325.IsOpenThankYouPage", false);
Gelöscht : user_pref("CT2719325.IsOpenUninstallPage", true);
Gelöscht : user_pref("CT2719325.LanguagePackLastCheckTime", "Thu Oct 21 2010 15:59:27 GMT+0200");
Gelöscht : user_pref("CT2719325.LanguagePackReloadIntervalMM", 1440);
Gelöscht : user_pref("CT2719325.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Gelöscht : user_pref("CT2719325.LastLogin_2.7.1.3", "Thu Oct 21 2010 19:26:23 GMT+0200");
Gelöscht : user_pref("CT2719325.LatestVersion", "2.7.2.0");
Gelöscht : user_pref("CT2719325.Locale", "de");
Gelöscht : user_pref("CT2719325.LoginCache", 4);
Gelöscht : user_pref("CT2719325.MCDetectTooltipHeight", "83");
Gelöscht : user_pref("CT2719325.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Gelöscht : user_pref("CT2719325.MCDetectTooltipWidth", "295");
Gelöscht : user_pref("CT2719325.RadioIsPodcast", false);
Gelöscht : user_pref("CT2719325.RadioLastCheckTime", "Thu Oct 21 2010 11:11:21 GMT+0200");
Gelöscht : user_pref("CT2719325.RadioLastUpdateIPServer", "3");
Gelöscht : user_pref("CT2719325.RadioLastUpdateServer", "129246150971600000");
Gelöscht : user_pref("CT2719325.RadioMediaID", "21056683");
Gelöscht : user_pref("CT2719325.RadioMediaType", "Media Player");
Gelöscht : user_pref("CT2719325.RadioMenuSelectedID", "EBRadioMenu_CT271932521056683");
Gelöscht : user_pref("CT2719325.RadioShrinked", "shrinked");
Gelöscht : user_pref("CT2719325.RadioStationName", "MDR%20Info");
Gelöscht : user_pref("CT2719325.RadioStationURL", "hxxp://mdr.streamfarm.net/cms/_vm100/radios/mdr/live/info_cm[...]
Gelöscht : user_pref("CT2719325.SHRINK_TOOLBAR", 1);
Gelöscht : user_pref("CT2719325.SearchEngine", "Suchen||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TER[...]
Gelöscht : user_pref("CT2719325.SearchFromAddressBarIsInit", true);
Gelöscht : user_pref("CT2719325.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT271[...]
Gelöscht : user_pref("CT2719325.SearchInNewTabEnabled", true);
Gelöscht : user_pref("CT2719325.SearchInNewTabIntervalMM", 1440);
Gelöscht : user_pref("CT2719325.SearchInNewTabLastCheckTime", "Thu Oct 21 2010 11:10:35 GMT+0200");
Gelöscht : user_pref("CT2719325.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Gelöscht : user_pref("CT2719325.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageServic[...]
Gelöscht : user_pref("CT2719325.SettingsCheckIntervalMin", 120);
Gelöscht : user_pref("CT2719325.SettingsLastCheckTime", "Thu Oct 21 2010 21:50:25 GMT+0200");
Gelöscht : user_pref("CT2719325.SettingsLastUpdate", "1287572559");
Gelöscht : user_pref("CT2719325.ThirdPartyComponentsInterval", 504);
Gelöscht : user_pref("CT2719325.ThirdPartyComponentsLastCheck", "Tue Oct 12 2010 09:51:01 GMT+0200");
Gelöscht : user_pref("CT2719325.ThirdPartyComponentsLastUpdate", "1255348257");
Gelöscht : user_pref("CT2719325.TrusteLinkUrl", "hxxp://www.truste.org/pvr.php?page=validate&softwareProgramId=[...]
Gelöscht : user_pref("CT2719325.UserID", "UN32582554992682722");
Gelöscht : user_pref("CT2719325.ValidationData_Search", 2);
Gelöscht : user_pref("CT2719325.ValidationData_Toolbar", 2);
Gelöscht : user_pref("CT2719325.WeatherNetwork", "");
Gelöscht : user_pref("CT2719325.WeatherPollDate", "Thu Oct 21 2010 21:50:27 GMT+0200");
Gelöscht : user_pref("CT2719325.WeatherUnit", "C");
Gelöscht : user_pref("CT2719325.alertChannelId", "1111610");
Gelöscht : user_pref("CT2719325.backendstorage.ct2719325ads1", "25374225323261647325323225334125354225374225323[...]
Gelöscht : user_pref("CT2719325.backendstorage.ct2719325current_term", "");
Gelöscht : user_pref("CT2719325.backendstorage.ct2719325sdate", "3231");
Gelöscht : user_pref("CT2719325.clientLogIsEnabled", false);
Gelöscht : user_pref("CT2719325.clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asm[...]
Gelöscht : user_pref("CT2719325.myStuffEnabled", true);
Gelöscht : user_pref("CT2719325.myStuffPublihserMinWidth", 400);
Gelöscht : user_pref("CT2719325.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Gelöscht : user_pref("CT2719325.myStuffServiceIntervalMM", 1440);
Gelöscht : user_pref("CT2719325.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Gelöscht : user_pref("CT2719325.uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Reg[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/909619/905414/DE", "\"0\"")[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.engine.conduit-services.com/DLG.pkg?ver=3.3.3[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=0", "63[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=3/13/20[...]
Gelöscht : user_pref("CommunityToolbar.EngineOwner", "ConduitEngine");
Gelöscht : user_pref("CommunityToolbar.EngineOwnerGuid", "engine@conduit.com");
Gelöscht : user_pref("CommunityToolbar.EngineOwnerToolbarId", "conduitengine");
Gelöscht : user_pref("CommunityToolbar.IsEngineShown", true);
Gelöscht : user_pref("CommunityToolbar.IsMyStuffImportedToEngine", true);
Gelöscht : user_pref("CommunityToolbar.OriginalEngineOwner", "ConduitEngine");
Gelöscht : user_pref("CommunityToolbar.OriginalEngineOwnerGuid", "engine@conduit.com");
Gelöscht : user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", "conduitengine");
Gelöscht : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "hxxp://go.mail.ru/search?utf8in=1&fr=fft[...]
Gelöscht : user_pref("CommunityToolbar.ToolbarsList", "CT2719325,CT2431245,ConduitEngine");
Gelöscht : user_pref("CommunityToolbar.ToolbarsList2", "CT2719325,CT2431245");
Gelöscht : user_pref("CommunityToolbar.alert.alertDialogsGetterLastCheckTime", "Sat May 07 2011 17:28:35 GMT+02[...]
Gelöscht : user_pref("CommunityToolbar.alert.alertInfoInterval", 1440);
Gelöscht : user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Sat Jul 02 2011 18:35:04 GMT+0200");
Gelöscht : user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com");
Gelöscht : user_pref("CommunityToolbar.alert.locale", "en");
Gelöscht : user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);
Gelöscht : user_pref("CommunityToolbar.alert.loginLastCheckTime", "Sun Jul 03 2011 16:30:58 GMT+0200");
Gelöscht : user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1305622559");
Gelöscht : user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);
Gelöscht : user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");
Gelöscht : user_pref("CommunityToolbar.alert.showTrayIcon", false);
Gelöscht : user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);
Gelöscht : user_pref("CommunityToolbar.alert.userId", "59196e17-edb3-4a7a-9258-f318b5b5c791");
Gelöscht : user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Thu Oct 21 2010 11:10:35 GMT+0200");
Gelöscht : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Gelöscht : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Gelöscht : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT2431245");
Gelöscht : user_pref("ConduitEngine.AppTrackingLastCheckTime", "Thu Jun 16 2011 08:05:53 GMT+0200");
Gelöscht : user_pref("ConduitEngine.CTID", "ConduitEngine");
Gelöscht : user_pref("ConduitEngine.DialogsGetterLastCheckTime", "Fri Jul 01 2011 15:53:02 GMT+0200");
Gelöscht : user_pref("ConduitEngine.FirstServerDate", "05/07/2011 18");
Gelöscht : user_pref("ConduitEngine.FirstTime", true);
Gelöscht : user_pref("ConduitEngine.FirstTimeFF3", true);
Gelöscht : user_pref("ConduitEngine.HasUserGlobalKeys", true);
Gelöscht : user_pref("ConduitEngine.Initialize", true);
Gelöscht : user_pref("ConduitEngine.InitializeCommonPrefs", true);
Gelöscht : user_pref("ConduitEngine.InstalledDate", "Sat May 07 2011 17:28:49 GMT+0200");
Gelöscht : user_pref("ConduitEngine.IsMulticommunity", false);
Gelöscht : user_pref("ConduitEngine.IsOpenThankYouPage", false);
Gelöscht : user_pref("ConduitEngine.IsOpenUninstallPage", true);
Gelöscht : user_pref("ConduitEngine.LanguagePackLastCheckTime", "Sun Jul 03 2011 16:31:00 GMT+0200");
Gelöscht : user_pref("ConduitEngine.LastLogin_3.3.3.2", "Sun Jul 03 2011 18:45:53 GMT+0200");
Gelöscht : user_pref("ConduitEngine.SearchFromAddressBarIsInit", true);
Gelöscht : user_pref("ConduitEngine.SettingsLastCheckTime", "Sun Jul 03 2011 18:45:52 GMT+0200");
Gelöscht : user_pref("ConduitEngine.UserID", "UN73273620323853002");
Gelöscht : user_pref("ConduitEngine.componentAlertEnabled", false);
Gelöscht : user_pref("ConduitEngine.engineLocale", "ru");
Gelöscht : user_pref("ConduitEngine.enngineContextMenuLastCheckTime", "Sun Jul 03 2011 16:31:00 GMT+0200");
Gelöscht : user_pref("ConduitEngine.globalFirstTimeInfoLastCheckTime", "Sun Jul 03 2011 18:20:02 GMT+0200");
Gelöscht : user_pref("ConduitEngine.initDone", true);
Gelöscht : user_pref("ConduitEngine.isAppTrackingManagerOn", true);
Gelöscht : user_pref("ConduitEngine.usagesFlag", 2);
Gelöscht : user_pref("browser.search.defaultthis.engineName", "softonic-de3 Customized Web Search");
Gelöscht : user_pref("extensions.snipit.askTbInstalled", true);
Gelöscht : user_pref("extensions.snipit.chromeURL", "hxxp://toolbar.ask.com/toolbarv/askRedirect?o=10591&gct=&g[...]
Gelöscht : user_pref("sweetim.toolbar.highlight.colors", "#FFFF00,#00FFE4,#5AFF00,#0087FF,#FFCC00,#FF00F0");
Gelöscht : user_pref("sweetim.toolbar.logger.ConsoleHandler.MinReportLevel", "7");
Gelöscht : user_pref("sweetim.toolbar.logger.FileHandler.FileName", "ff-toolbar.log");
Gelöscht : user_pref("sweetim.toolbar.logger.FileHandler.MaxFileSize", "200000");
Gelöscht : user_pref("sweetim.toolbar.logger.FileHandler.MinReportLevel", "7");
Gelöscht : user_pref("sweetim.toolbar.mode.debug", "false");
Gelöscht : user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "SweetIM Search");
Gelöscht : user_pref("sweetim.toolbar.previous.browser.search.defaulturl", "hxxp://search.sweetim.com/search.as[...]
Gelöscht : user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "SweetIM Search");
Gelöscht : user_pref("sweetim.toolbar.previous.browser.startup.homepage", "hxxp://www.google.ru/webhp?sourceid=[...]
Gelöscht : user_pref("sweetim.toolbar.previous.keyword.URL", "hxxp://go.mail.ru/search?utf8in=1&fr=fftbUFix&q="[...]
Gelöscht : user_pref("sweetim.toolbar.search.external", "<?xml version=\"1.0\"?><TOOLBAR><EXTERNAL_SEARCH engin[...]
Gelöscht : user_pref("sweetim.toolbar.search.history.capacity", "10");
Gelöscht : user_pref("sweetim.toolbar.searchguard.enable", "true");
Gelöscht : user_pref("sweetim.toolbar.simapp_id", "{FBA090A7-D69C-11DF-91BD-001A801BB28A}");
Gelöscht : user_pref("sweetim.toolbar.urls.homepage", "hxxp://home.sweetim.com");
Gelöscht : user_pref("sweetim.toolbar.version", "1.2.0.2");

-\\ Opera v12.15.1748.0

Datei : C:\Users\Osteria\AppData\Roaming\Opera\Opera\operaprefs.ini

[OK] Die Datei ist sauber.

*************************

AdwCleaner[S1].txt - [39270 octets] - [29/06/2013 17:12:05]

########## EOF - C:\AdwCleaner[S1].txt - [39331 octets] ##########

JRT:

Code:

ATTFilter

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.4 (05.06.2013:1)
OS: Windows Vista (TM) Home Premium x86
Ran by Osteria on 29.06.2013 at 17:32:02,73
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\sweetim
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\sweetim
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{D89F17A0-B037-4C66-B786-88AB6E65935E}



~~~ Files

Successfully deleted: [File] "C:\Windows\system32\turegopt.exe"



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\fighters"
Successfully deleted: [Folder] "C:\Program Files\oovootoolbar"



~~~ FireFox

Successfully deleted the following from C:\Users\Osteria\AppData\Roaming\mozilla\firefox\profiles\b9sabiz4.default\prefs.js

user_pref("google.toolbar.button_option.cached.gtbSearchBlogs", "<toolbarbutton xmlns=\"hxxp://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul\" id=\"gtbSearchBlogs\" t
user_pref("google.toolbar.button_option.cached.gtbSearchPhotos", "<toolbarbutton xmlns=\"hxxp://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul\" id=\"gtbSearchPhotos\"
user_pref("google.toolbar.button_option.cached.gtbstoolbar-google-com_J66T77NJDBMW4FEUU7FA-xml", "<toolbarbutton xmlns=\"hxxp://www.mozilla.org/keymaster/gatekeeper/there.is.o
user_pref("google.toolbar.search-icon", "data:image/x-icon;base64,AAABAAEAEBAAAAEAIABoBAAAFgAAACgAAAAQAAAAIAAAAAEAIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA7PT7/3zF6/9Ptu//RbHx/
Emptied folder: C:\Users\Osteria\AppData\Roaming\mozilla\firefox\profiles\b9sabiz4.default\minidumps [244 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 29.06.2013 at 17:34:18,89
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

M-K-D-B · 29.06.2013, 18:16

Servus,

sieht gut aus.

Wir spüren die letzten Reste auf, damit wie sie später entfernen können:

Schritt 1

Starte bitte OTL.exe.
Wähle unter Extra Registrierung: Benutze Safe List
Klicke auf den Scan Button.
Poste die OTL.txt und die Extras.txt hier in deinen Thread.

Schritt 2
Lade SystemLook von jpshortstuff vom folgenden Spiegel herunter und speichere das Tool auf dem Desktop.
SystemLook (64 bit)

Doppelklicke auf die SystemLook_x64.exe, um das Tool zu starten.

Kopiere den Inhalt der folgenden Codebox in das Textfeld des Tools:

Code:

ATTFilter

:filefind
*oovootoolbar*
*AskSearch*
*Conduit*
*SweetIM*
*FunWebProducts*
*MyWebSearch*
*PriceGong*
*Softonic*

:folderfind
*oovootoolbar*
*AskSearch*
*Conduit*
*SweetIM*
*FunWebProducts*
*MyWebSearch*
*PriceGong*
*Softonic*

:regfind
oovootoolbar
AskSearch
Conduit
SweetIM
FunWebProducts
MyWebSearch
PriceGong
Softonic

Klicke nun auf den Button Look, um den Scan zu starten.
Der Suchlauf kann einige Zeit dauern.
Wenn der Suchlauf beendet ist, wird sich Dein Editor mit den Ergebnissen öffnen, poste diese in deinen Thread.
Die Ergebnisse werden auf dem Desktop als SystemLook.txt gespeichert.

Gibt es noch Probleme mit Malware? Wenn ja, welche?
Wie läuft der Rechner derzeit?

Bitte poste mit deiner nächsten Antwort

die beiden Logdateien von OTL,
die Logdatei von SystemLook,
die Beantwortung der gestellten Fragen.

ponglenis · 29.06.2013, 19:09

OTL:

Code:

ATTFilter

OTL logfile created on: 29.06.2013 19:42:15 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Osteria\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,10 Gb Available Physical Memory | 54,93% Memory free
4,23 Gb Paging File | 3,12 Gb Available in Paging File | 73,77% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 177,40 Gb Total Space | 92,62 Gb Free Space | 52,21% Space Free | Partition Type: NTFS
Drive I: | 1,48 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: OSTERIA-PC | User Name: Osteria | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.06.29 19:41:47 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Osteria\Desktop\OTL.exe
PRC - [2013.05.02 10:44:00 | 000,345,312 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2013.04.11 20:35:54 | 000,879,456 | ---- | M] (Opera Software) -- C:\Program Files\Opera\opera.exe
PRC - [2013.03.06 16:13:38 | 000,079,584 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2013.02.25 16:47:33 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2013.02.25 16:47:19 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.12.27 16:26:34 | 000,280,600 | ---- | M] (Seal One AG) -- C:\Users\Osteria\AppData\Local\Temp\Seal One\SealOne.exe
PRC - [2012.10.26 11:33:12 | 001,038,496 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe
PRC - [2012.10.26 10:44:42 | 000,957,056 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Update\VUAgent.exe
PRC - [2012.09.06 22:11:30 | 001,327,104 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files\ControlCenter4\BrCcUxSys.exe
PRC - [2012.09.06 22:06:14 | 000,393,216 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files\ControlCenter4\BrCtrlCntr.exe
PRC - [2012.07.27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.06.11 16:22:16 | 000,240,208 | ---- | M] (Microsoft Corporation.) -- C:\Program Files\Microsoft\BingBar\7.1.391.0\SeaPort.exe
PRC - [2012.06.06 16:31:56 | 003,076,096 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files\Browny02\Brother\BrStMonW.exe
PRC - [2012.06.05 16:56:28 | 000,266,240 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files\Browny02\BrYNSvc.exe
PRC - [2010.03.09 01:40:36 | 000,144,672 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe
PRC - [2009.10.30 15:33:46 | 000,486,216 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
PRC - [2009.10.30 15:31:24 | 001,021,256 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.01.26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008.07.20 18:45:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
PRC - [2008.07.20 18:45:06 | 000,182,808 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2007.09.13 15:45:38 | 000,102,400 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\stacsv.exe
PRC - [2007.08.28 16:27:12 | 000,131,072 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
PRC - [2007.08.28 16:27:10 | 000,192,512 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
PRC - [2007.07.24 19:26:38 | 000,182,392 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
PRC - [2007.07.24 19:26:38 | 000,100,472 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe
PRC - [2007.07.03 10:31:46 | 000,739,880 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2007.06.28 08:52:48 | 000,274,432 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
PRC - [2007.06.26 02:39:42 | 004,489,216 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007.06.15 12:45:20 | 000,469,112 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
PRC - [2007.06.14 08:40:46 | 000,921,600 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
PRC - [2007.06.07 14:30:30 | 005,742,136 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\SonicStage Mastering Studio\Audio Filter\SSMSFilter.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2009.02.27 17:38:20 | 000,139,264 | R--- | M] () -- C:\Program Files\Brother\BrUtilities\BrLogAPI.dll
MOD - [2007.07.03 10:24:04 | 000,126,976 | ---- | M] () -- C:\Program Files\WIDCOMM\Bluetooth Software\btkeyind.dll
MOD - [2007.07.03 10:07:34 | 000,389,120 | ---- | M] () -- C:\Windows\System32\btwhidcs.dll
 
 
========== Services (SafeList) ==========
 
SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SBSDWSCService)
SRV - [2013.06.27 23:24:52 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.05.24 15:35:18 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.02.25 16:47:33 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2013.02.25 16:47:19 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2013.02.15 14:08:20 | 000,543,144 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013.02.05 17:48:00 | 000,235,216 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\3.0.318\McCHSvc.exe -- (McComponentHostService)
SRV - [2012.10.26 10:44:42 | 000,957,056 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Program Files\Sony\VAIO Update\VUAgent.exe -- (VUAgent)
SRV - [2012.07.27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.07.13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.06.11 16:22:16 | 000,240,208 | ---- | M] (Microsoft Corporation.) [On_Demand | Running] -- C:\Program Files\Microsoft\BingBar\7.1.391.0\SeaPort.exe -- (BBUpdate)
SRV - [2012.06.11 16:22:16 | 000,193,616 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Program Files\Microsoft\BingBar\7.1.391.0\BBSvc.exe -- (BBSvc)
SRV - [2012.06.05 16:56:28 | 000,266,240 | ---- | M] (Brother Industries, Ltd.) [On_Demand | Running] -- C:\Program Files\Browny02\BrYNSvc.exe -- (BrYNSvc)
SRV - [2010.03.09 01:40:36 | 000,144,672 | ---- | M] (Nuance Communications, Inc.) [Auto | Running] -- C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe -- (PDFProFiltSrvPP)
SRV - [2009.12.07 23:42:36 | 000,435,016 | ---- | M] (TuneUp Software) [On_Demand | Stopped] -- C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe -- (TuneUp.Defrag)
SRV - [2009.10.30 15:31:24 | 001,021,256 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc)
SRV - [2009.10.30 15:27:34 | 000,030,024 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\System32\uxtuneup.dll -- (UxTuneUp)
SRV - [2009.09.08 19:09:14 | 000,083,312 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe -- (VcmXmlIfHelper)
SRV - [2008.07.20 18:45:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe -- (IAANTMON)
SRV - [2008.01.19 09:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2007.09.13 15:45:38 | 000,102,400 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\stacsv.exe -- (STacSV)
SRV - [2007.08.28 16:27:12 | 000,131,072 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe -- (VzFw)
SRV - [2007.08.28 16:27:10 | 000,192,512 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe -- (VzCdbSvc)
SRV - [2007.07.24 19:26:38 | 000,182,392 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe -- (VAIO Event Service)
SRV - [2007.07.05 19:12:52 | 000,292,152 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe -- (VcmIAlzMgr)
SRV - [2007.06.28 08:53:04 | 000,073,728 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe -- (VAIO Entertainment TV Device Arbitration Service)
SRV - [2007.06.28 08:52:48 | 000,274,432 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe -- (Vcsw)
SRV - [2007.06.20 15:35:06 | 002,523,136 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe -- (VAIOMediaPlatform-IntegratedServer-AppServer)
SRV - [2007.06.20 15:34:52 | 000,499,712 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe -- (VAIOMediaPlatform-Mobile-Gateway)
SRV - [2007.06.20 15:34:50 | 001,089,536 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe -- (VAIOMediaPlatform-UCLS-UPnP)
SRV - [2007.06.20 15:34:50 | 001,089,536 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe -- (VAIOMediaPlatform-IntegratedServer-UPnP)
SRV - [2007.06.20 15:34:50 | 000,397,312 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe -- (VAIOMediaPlatform-UCLS-HTTP)
SRV - [2007.06.20 15:34:50 | 000,397,312 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe -- (VAIOMediaPlatform-IntegratedServer-HTTP)
SRV - [2007.01.10 16:51:06 | 000,745,472 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\UCLS.exe -- (VAIOMediaPlatform-UCLS-AppServer)
SRV - [2006.12.14 02:21:20 | 000,045,056 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV)
SRV - [2006.12.14 02:02:08 | 000,069,632 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV)
SRV - [2006.12.14 01:46:16 | 000,057,344 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\tsmpkt.sys -- (TSMPacket)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Osteria\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - File not found [Kernel | On_Demand | Unknown] --  -- (ai8vd0xc)
DRV - [2013.03.06 16:13:37 | 000,037,352 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2013.02.27 13:22:36 | 000,135,136 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2013.02.27 13:22:36 | 000,084,744 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2012.08.27 15:50:24 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.12.08 21:19:22 | 000,113,664 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbnet.sys -- (ewusbnet)
DRV - [2009.12.07 20:53:18 | 000,103,168 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2009.10.14 08:24:44 | 000,010,064 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv)
DRV - [2009.10.12 16:22:56 | 000,101,120 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbdev.sys -- (hwusbdev)
DRV - [2008.11.22 21:26:06 | 000,716,272 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV - [2008.06.04 08:34:08 | 000,122,024 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018mdm.sys -- (s1018mdm)
DRV - [2008.06.04 08:34:08 | 000,115,368 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018mgmt.sys -- (s1018mgmt)
DRV - [2008.06.04 08:34:08 | 000,090,408 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018bus.sys -- (s1018bus)
DRV - [2008.06.04 08:34:08 | 000,025,768 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018nd5.sys -- (s1018nd5)
DRV - [2008.06.04 08:34:06 | 000,117,544 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018unic.sys -- (s1018unic)
DRV - [2008.06.04 08:34:06 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018mdfl.sys -- (s1018mdfl)
DRV - [2008.01.19 08:14:59 | 000,016,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV - [2007.09.13 15:46:06 | 000,330,240 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2007.08.01 02:18:30 | 007,115,072 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2007.07.13 08:14:36 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007.06.30 13:04:34 | 002,222,080 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32)
DRV - [2007.06.27 19:29:58 | 000,010,216 | ---- | M] (Sony Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\DMICall.sys -- (DMICall)
DRV - [2007.06.06 02:00:39 | 000,812,544 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ti21sony.sys -- (ti21sony)
DRV - [2007.04.20 02:00:55 | 000,073,472 | ---- | M] (Ricoh) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\R5U870FLx86.sys -- (R5U870FLx86)
DRV - [2007.04.20 02:00:55 | 000,043,904 | ---- | M] (Ricoh) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\R5U870FUx86.sys -- (R5U870FUx86)
DRV - [2007.02.13 19:06:36 | 000,128,104 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\WimFltr.sys -- (WimFltr)
DRV - [2006.11.06 10:29:32 | 000,027,520 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SonyNC.sys -- (SNC)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = Reg Error: Value error.
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{14676E70-1FBF-474F-9D1D-F9C033049E91}: "URL" = hxxp://www.amazon.de/gp/search?ie=UTF8&keywords={searchTerms}&tag=interactivemesuche-21&index=blended&linkCode=ur2&camp=1638&creative=6742
IE - HKLM\..\SearchScopes\{229098C5-56E2-4EED-914C-85018578CD62}: "URL" = hxxp://suche.t-online.de/fast-cgi/tsc?mandant=toi&device=html&portallanguage=de&userlanguage=de&dia=suche&context=internet-tab&tpc=internet&ptl=std&classification=internet-tab_internet_std&q={searchTerms}&br=ie7-toi
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{E88E0043-C9D4-4e33-8555-FEE4F5B63060}: "URL" = hxxp://go.mail.ru/search?q={searchTerms}&utf8in=1&lang=ru
IE - HKLM\..\SearchScopes\{FC89D558-A166-406E-82DA-ADF0DC064F0E}: "URL" = hxxp://suche.t-online.de/fast-cgi/tsc?mandant=toi&device=html&portallanguage=de&userlanguage=de&dia=suche&context=wiki-tab&tpc=internet&ptl=std&classification=wiki-tab_internet_std&q={searchTerms}&br=ie7-toi
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.google.de/ [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = 
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{3E9F47F1-B56F-463C-A805-B77F1129C950}: "URL" = hxxp://go.web.de/suchbox/ie_amazon/?keywords={searchTerms}
IE - HKCU\..\SearchScopes\{3EB9D85D-B2CB-4D57-B5E4-2555FB1CCE91}: "URL" = hxxp://wa.ui-portal.de/webde/webde/s?produkte.browser.link.ebaysuche&s_brand=webde&t_link=ebaysuche&ns_type=clickin&ns_url=hxxp://rover.ebay.com/rover/1/707-52222-30040-5/4?mpre=hxxp://shop.ebay.de/?_sacat=See-All-Categories&_nkw={searchTerms}
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rlz=1I7GGIE_de&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKCU\..\SearchScopes\{7FEF4122-3BEE-4E15-9A80-49B32AC89399}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IEFM1&src=IE-SearchBox
IE - HKCU\..\SearchScopes\{8B9A1316-BC57-4547-BFFE-C9B988A95EB8}: "URL" = hxxp://suche.web.de/search/web/?su={searchTerms}&origin=searchplugin
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "homepage.am"
FF - prefs.js..browser.search.defaulturl: "hxxp://homepage.am/?q="
FF - prefs.js..browser.search.order.1: "Ask"
FF - prefs.js..browser.search.selectedEngine: "mail.ru: ????? ? ?????????"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://google.ru/"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0
FF - prefs.js..extensions.enabledItems: {37964A3C-4EE8-47b1-8321-34DE2C39BA4D}:2.2.0.34
FF - prefs.js..extensions.enabledItems: maps@ovi.com:4.0.12.11
FF - prefs.js..extensions.enabledItems: {79AB5E93-0AE2-4759-891A-3F1B322F9F9A}:1.0.0.0
FF - prefs.js..extensions.enabledItems: {76aeea42-e04a-4b62-83ab-df4b2be2541e}:2.7.1.3
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.5
FF - prefs.js..extensions.enabledItems: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065}:2.7.1.3
FF - prefs.js..extensions.enabledItems: {EEE6C361-6118-11DC-9C72-001320C79847}:1.0.0.10
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..keyword.URL: "hxxp://go.mail.ru/search?utf8in=1&fr=fftbUFix&q="
FF - prefs.js..network.proxy.no_proxies_on: "localhost,127.0.0.1"
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.669: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.669: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.669: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.669: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.669: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.0.5.0: C:\Program Files\Kartina.TV\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Osteria\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{79AB5E93-0AE2-4759-891A-3F1B322F9F9A}: C:\Program Files\Kartina.TV\VLC\npvlc.dll [2010.02.17 17:00:04 | 000,235,184 | ---- | M] (the VideoLAN Team)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2013.06.27 20:02:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.06.29 19:20:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.06.29 18:55:22 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.06.29 19:20:48 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.06.29 18:55:22 | 000,000,000 | ---D | M]
 
[2008.08.29 10:23:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Osteria\AppData\Roaming\mozilla\Extensions
[2013.06.29 17:12:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Osteria\AppData\Roaming\mozilla\Firefox\Profiles\b9sabiz4.default\extensions
[2010.05.25 15:44:33 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Osteria\AppData\Roaming\mozilla\Firefox\Profiles\b9sabiz4.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.07.02 16:30:51 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\Osteria\AppData\Roaming\mozilla\Firefox\Profiles\b9sabiz4.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2013.04.04 22:20:11 | 000,000,000 | ---D | M] (Ð¡Ð¿ÑƒÑ‚Ð½Ð¸Ðº @Mail.Ru) -- C:\Users\Osteria\AppData\Roaming\mozilla\Firefox\Profiles\b9sabiz4.default\extensions\{37964A3C-4EE8-47b1-8321-34DE2C39BA4D}
[2010.05.25 15:40:31 | 000,000,000 | ---D | M] (VLC Mozilla plugin) -- C:\Users\Osteria\AppData\Roaming\mozilla\Firefox\Profiles\b9sabiz4.default\extensions\{79AB5E93-0AE2-4759-891A-3F1B322F9F9A}
[2010.03.19 18:55:01 | 000,000,000 | ---D | M] (Ovi maps browser plugin) -- C:\Users\Osteria\AppData\Roaming\mozilla\Firefox\Profiles\b9sabiz4.default\extensions\maps@ovi.com
[2012.03.01 21:11:49 | 000,000,000 | ---D | M] ("Ð‘Ð°Ñ€ Ð·Ð½Ð°ÐºÐ¾Ð¼ÑÑ‚Ð²") -- C:\Users\Osteria\AppData\Roaming\mozilla\Firefox\Profiles\b9sabiz4.default\extensions\toolbar@mamba.ru
[2009.03.21 00:38:26 | 000,001,632 | ---- | M] () -- C:\Users\Osteria\AppData\Roaming\mozilla\firefox\profiles\b9sabiz4.default\searchplugins\live-search.xml
[2011.11.09 10:54:58 | 000,001,533 | ---- | M] () -- C:\Users\Osteria\AppData\Roaming\mozilla\firefox\profiles\b9sabiz4.default\searchplugins\mailru---.xml
[2010.04.17 00:15:28 | 000,001,455 | ---- | M] () -- C:\Users\Osteria\AppData\Roaming\mozilla\firefox\profiles\b9sabiz4.default\searchplugins\mailru.xml
[2013.05.24 15:35:19 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions
[2013.05.24 15:35:08 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\mozilla firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2013.05.24 15:35:19 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\browser\extensions
[2013.05.24 15:35:19 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2012.03.15 23:53:54 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010.12.03 20:05:02 | 000,001,945 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\torgmailru.xml
 
O1 HOSTS File: ([2013.06.27 20:39:50 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (PlusIEEventHelper Class) - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll (Zeon Corporation)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {09900DE8-1DCA-443F-9243-26FF581438AF} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {25F97EB4-1C02-45BA-BA0C-E67AACE64D4A} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C424171E-592A-415A-9EB1-DFD6D95D3530} - No CLSID value found.
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [BrStsMon00] C:\Program Files\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [ControlCenter4] C:\Program Files\ControlCenter4\BrCcBoot.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKCU..\Run: [SealOne] C:\Users\Osteria\AppData\Roaming\Seal One\SealOne.exe (Seal One AG)
O4 - Startup: C:\Users\Osteria\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Audio Filter.lnk = C:\Program Files\Sony\SonicStage Mastering Studio\Audio Filter\SSMSFilter.exe (Sony Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoMSAppLogo5ChannelNotify = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoBandCustomize = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe File not found
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} hxxp://messenger.zone.msn.com/DE-DE/a-UNO1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1211222955877 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} hxxp://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/PhtPkMSN.cab (PhotoPickConvert Class)
O16 - DPF: {A1F2F2CE-06AF-483C-9F12-D3BAA72477D6} hxxp://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/DigWXMSN.cab (BatchDownloader Class)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6205A2CE-2A8E-4058-9D82-E4B274EB6CAB}: DhcpNameServer = 193.189.244.225 193.189.244.206
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8A75E139-7BFF-4853-963B-48705599B5AF}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\VESWinlogon: DllName - (VESWinlogon.dll) - C:\Windows\System32\VESWinlogon.dll (Sony Corporation)
O24 - Desktop WallPaper: C:\Users\Osteria\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Osteria\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2011.05.16 11:14:31 | 000,000,139 | RH-- | M] () - I:\autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.06.29 19:41:47 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Osteria\Desktop\OTL.exe
[2013.06.29 18:55:21 | 000,000,000 | ---D | C] -- C:\Users\Osteria\Documents\Eigene Google Gadgets
[2013.06.29 17:31:55 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013.06.29 17:31:25 | 000,000,000 | ---D | C] -- C:\JRT
[2013.06.29 16:52:02 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013.06.29 16:42:30 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013.06.29 16:39:15 | 000,000,000 | ---D | C] -- C:\Users\Osteria\AppData\Local\temp
[2013.06.29 16:24:46 | 000,000,000 | ---D | C] -- C:\ComboFix
[2013.06.28 03:06:54 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013.06.28 03:06:53 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013.06.28 03:06:52 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013.06.28 03:06:52 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2013.06.28 03:06:52 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013.06.28 03:06:51 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013.06.28 03:06:50 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2013.06.28 03:06:49 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2013.06.27 20:19:16 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013.06.27 20:19:16 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013.06.27 20:19:16 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013.06.27 20:18:52 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.06.27 20:17:39 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013.06.27 20:13:58 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printcom.dll
[2013.06.27 20:13:52 | 000,812,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\certutil.exe
[2013.06.27 20:13:51 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\certenc.dll
[2013.06.27 20:13:43 | 003,603,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2013.06.27 20:13:42 | 003,551,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2013.06.27 20:13:28 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cryptdlg.dll
[2013.06.27 16:44:43 | 000,000,000 | ---D | C] -- C:\FRST
[2013.06.25 12:31:02 | 000,000,000 | ---D | C] -- C:\e4c96dea219e64f8c868cace7c
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.06.29 19:44:19 | 000,165,376 | ---- | M] () -- C:\Users\Osteria\Desktop\SystemLook_x64.exe
[2013.06.29 19:41:47 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Osteria\Desktop\OTL.exe
[2013.06.29 19:24:15 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.06.29 19:13:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.06.29 19:11:32 | 000,100,595 | ---- | M] () -- C:\Users\Osteria\AppData\Roaming\nvModes.001
[2013.06.29 19:10:20 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.06.29 19:09:32 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013.06.29 19:09:32 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013.06.29 19:09:24 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.06.29 19:09:18 | 2145,837,056 | -HS- | M] () -- C:\hiberfil.sys
[2013.06.29 19:04:00 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2013.06.29 18:46:01 | 000,001,146 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-723902195-3043266244-887298501-1000UA.job
[2013.06.29 12:46:04 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-723902195-3043266244-887298501-1000Core.job
[2013.06.28 22:08:40 | 005,507,736 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.06.28 22:08:40 | 002,106,908 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.06.28 22:08:40 | 001,731,466 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.06.28 22:08:40 | 001,554,886 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.06.27 23:24:51 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013.06.27 23:24:51 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013.06.27 20:39:50 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2013.06.21 21:39:29 | 000,057,109 | ---- | M] () -- C:\Users\Osteria\bolshe-0038.jpg
[2013.06.21 21:16:58 | 000,051,645 | ---- | M] () -- C:\Users\Osteria\awesome_photo_31.jpg
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.06.29 19:44:19 | 000,165,376 | ---- | C] () -- C:\Users\Osteria\Desktop\SystemLook_x64.exe
[2013.06.27 20:19:16 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013.06.27 20:19:16 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013.06.27 20:19:16 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013.06.27 20:19:16 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013.06.27 20:19:16 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013.06.27 15:20:03 | 2145,837,056 | -HS- | C] () -- C:\hiberfil.sys
[2013.06.21 21:39:28 | 000,057,109 | ---- | C] () -- C:\Users\Osteria\bolshe-0038.jpg
[2013.06.21 21:16:55 | 000,051,645 | ---- | C] () -- C:\Users\Osteria\awesome_photo_31.jpg
[2013.04.05 22:35:49 | 000,031,387 | ---- | C] () -- C:\Users\Osteria\smeshnie_kartinki_1359098085250120131911.jpg
[2013.04.05 22:28:27 | 000,022,389 | ---- | C] () -- C:\Users\Osteria\getImage_photoId_485251026329_photoType_0.jpg
[2013.03.01 23:24:44 | 000,000,000 | ---- | C] () -- C:\Windows\BRPARAM.INI
[2013.03.01 21:04:47 | 000,045,056 | ---- | C] () -- C:\Windows\System32\BRTCPCON.DLL
[2013.03.01 21:04:43 | 000,000,114 | ---- | C] () -- C:\Windows\System32\BRLMW03A.INI
[2013.03.01 19:44:33 | 000,000,064 | ---- | C] () -- C:\Windows\brpcfx.ini
[2013.03.01 19:44:32 | 000,000,248 | ---- | C] () -- C:\Windows\Brpfx04a.ini
[2013.03.01 19:41:54 | 000,000,066 | ---- | C] () -- C:\Windows\Brfaxrx.ini
[2013.03.01 19:41:53 | 000,000,000 | ---- | C] () -- C:\Windows\brdfxspd.dat
[2012.08.06 17:40:09 | 000,016,384 | ---- | C] () -- C:\Windows\System32\FileOps.exe
[2012.08.04 19:10:34 | 000,000,752 | ---- | C] () -- C:\Users\Osteria\AppData\Local\recently-used.xbel
[2012.02.05 22:26:50 | 000,059,710 | ---- | C] () -- C:\Users\Osteria\22092010126.jpg
[2011.10.13 10:30:23 | 000,000,127 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2011.07.23 14:06:57 | 000,000,000 | ---- | C] () -- C:\Users\Osteria\AppData\Local\{F801315B-3A8A-4B33-9579-619C263FBCAC}
[2010.01.09 19:15:26 | 000,028,688 | ---- | C] () -- C:\ProgramData\sixth wma defy.xep15
[2010.01.09 19:15:21 | 000,344,080 | ---- | C] () -- C:\ProgramData\Data Date Date.2gtdk4
[2010.01.09 19:15:21 | 000,028,688 | ---- | C] () -- C:\ProgramData\Data Date Date.bt9qlaw
[2009.11.17 01:23:08 | 000,188,432 | ---- | C] () -- C:\ProgramData\Web Fork Okay.bdr6v
[2009.11.17 01:22:52 | 000,024,592 | ---- | C] () -- C:\ProgramData\Data Date Date.h9m6k
[2009.10.15 22:36:51 | 000,000,092 | ---- | C] () -- C:\Users\Osteria\AppData\Local\xiscnxar.bat
[2009.09.09 18:56:44 | 000,000,093 | ---- | C] () -- C:\Users\Osteria\AppData\Local\jmxddilo.bat
[2009.01.22 17:03:33 | 000,003,435 | ---- | C] () -- C:\Users\Osteria\AppData\Local\eigouse.dat
[2009.01.04 23:24:17 | 000,000,000 | ---- | C] () -- C:\Users\Osteria\AppData\Roaming\wklnhst.dat
[2008.11.18 14:47:31 | 000,000,092 | ---- | C] () -- C:\Users\Osteria\AppData\Local\msafciou.bat
[2008.09.27 17:34:02 | 000,000,898 | ---- | C] () -- C:\Users\Osteria\Gran Canarien2008.lnk
[2008.01.05 03:46:53 | 000,025,773 | ---- | C] () -- C:\Users\Osteria\AppData\Roaming\UserTile.png
[2008.01.03 19:06:38 | 000,000,032 | ---- | C] () -- C:\ProgramData\ezsid.dat
[2007.12.21 07:33:22 | 000,000,305 | ---- | C] () -- C:\ProgramData\addr_file.html
[2007.12.18 23:00:44 | 000,065,024 | ---- | C] () -- C:\Users\Osteria\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007.12.18 23:00:44 | 000,007,592 | ---- | C] () -- C:\Users\Osteria\AppData\Local\d3d9caps.dat
[2007.12.18 23:00:31 | 000,100,595 | ---- | C] () -- C:\Users\Osteria\AppData\Roaming\nvModes.dat
[2007.12.18 23:00:31 | 000,100,595 | ---- | C] () -- C:\Users\Osteria\AppData\Roaming\nvModes.001
 
========== ZeroAccess Check ==========
 
[2006.11.02 14:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 19:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 08:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 08:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== Files - Unicode (All) ==========
[2012.01.15 22:37:45 | 000,068,185 | ---- | M] ()(C:\Users\Osteria\????0022.jpg) -- C:\Users\Osteria\Фото0022.jpg
[2012.01.15 22:37:44 | 000,068,185 | ---- | C] ()(C:\Users\Osteria\????0022.jpg) -- C:\Users\Osteria\Фото0022.jpg
[2009.06.16 00:32:31 | 000,000,000 | ---D | M](C:\Users\Osteria\Documents\?????????? ?????) -- C:\Users\Osteria\Documents\Полученные файлы
[2009.06.16 00:32:31 | 000,000,000 | ---D | C](C:\Users\Osteria\Documents\?????????? ?????) -- C:\Users\Osteria\Documents\Полученные файлы

< End of report >

OTL Extras

Code:

ATTFilter

OTL Extras logfile created on: 29.06.2013 19:42:15 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Osteria\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,10 Gb Available Physical Memory | 54,93% Memory free
4,23 Gb Paging File | 3,12 Gb Available in Paging File | 73,77% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 177,40 Gb Total Space | 92,62 Gb Free Space | 52,21% Space Free | Partition Type: NTFS
Drive I: | 1,48 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: OSTERIA-PC | User Name: Osteria | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L"
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0DE273E9-B2CB-412D-82E7-F83AEC641AAE}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{283C8ACB-7D52-4F39-B593-913CB60DEC0B}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{2A0AB20F-276C-4F33-BDB7-1EACE36FFB8A}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{2EA58A98-3175-4529-AB51-5E1D86B3FF76}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{3FF7ADCB-7D08-4876-8AD9-945C8501F5F0}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{4AE4733B-978E-4EE2-BABC-C7A2F36BA2F7}" = rport=10244 | protocol=6 | dir=out | app=system | 
"{4BFFDFEF-E057-41BC-981B-AA5CAFB85FA7}" = lport=3390 | protocol=6 | dir=in | app=system | 
"{5A6F1207-CDCC-48A1-8DF3-B420C934FB2B}" = lport=10244 | protocol=6 | dir=in | app=system | 
"{63E8812A-FC7C-460B-B122-A099E5340C4F}" = lport=3390 | protocol=6 | dir=in | app=system | 
"{65339D8C-4711-4DF3-83D2-F9BBC3FCE5C7}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{66A606AC-8DF7-4383-B1B3-9F76EFCC91FA}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe | 
"{68BC54E4-16FD-4350-A7A1-5BB39B81F65D}" = rport=10244 | protocol=6 | dir=out | app=system | 
"{6B220E00-1588-4A50-9032-3966B83936E1}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{70D0FCB6-D165-460D-970B-4C431683AE5C}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{78245475-C3B8-4A2A-ADBE-1C870DA9E647}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{8EEEB8F8-E41E-4837-B4AA-0B249E978492}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{8F5DA208-C864-4267-BCD5-BDBE51D7F17F}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{91EBC06B-8895-44CF-ABB3-634CEEB70313}" = lport=54925 | protocol=17 | dir=in | name=brothernetwork scanner | 
"{9DFD11FD-488E-4E9F-9516-5B972E49C398}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe | 
"{A399F4F0-763F-4916-834C-F516F0C2C53B}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{A72AFEF6-332F-494A-9453-68EBB228053A}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{AA07C166-CC1B-45FF-835A-222D791C2DA7}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{AE22CD2F-4694-47E5-BE56-D081E5B14D90}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{B417C030-5167-4FB3-B1C2-D9FDFF61C001}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{C820E783-BB5E-475A-9857-D1E123205BED}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe | 
"{CA9E86B8-D59B-4391-8414-C0DDB2B75FC0}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{CDA6E1E4-39FD-445B-B0B4-2366BD903356}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{D61C991D-0543-4E80-82B3-6F10FB04A04A}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{D6421730-4020-464B-BBB7-B2A0B095D423}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{E0FFC809-8B1D-4D81-AE12-92E3D389A788}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{E2938912-777D-463A-9A2C-36CE2DD0C476}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{ED615D6B-4914-431C-A3B8-596533AEB3F5}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{F7174C0B-AD35-4C01-AD86-995C819ECE92}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe | 
"{FF9156A6-C13B-43CB-8B58-6BAA3DDD7CF1}" = lport=10244 | protocol=6 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00D458A0-C290-4BED-9611-3396E7A3887C}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{0D6D65CC-5774-4B54-821A-28FDFA7352D3}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{0DC4DC6A-BD18-4CBC-B9BA-B0CEB8FB077A}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{1012F961-AB27-4C5C-8EC0-7B591C2F0666}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\empire total war demo\empire.exe | 
"{1086C55F-05DB-46DB-90B3-3C5B2BA86B0F}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe | 
"{112158AF-9DBD-46E0-AC16-ACB7F1680744}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{1ED8FB30-A5D7-43DF-8C16-D049ED805353}" = protocol=17 | dir=in | app=c:\program files\brother\brmfl10g\faxrx.exe | 
"{22B1A053-F00B-4555-BEAE-6726F74BDC56}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe | 
"{2986EAE6-C53E-423E-90D2-766BFBAE7046}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | 
"{299D2D9A-215E-4ED9-9A71-69CC6786220F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{2A5C397B-72BD-4209-9236-88BAEDAB5478}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{3460BF26-9CDC-4EDD-8700-FF95554F2A5E}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{3A348111-AC40-43E6-87CE-6462951BEB62}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe | 
"{3D65F362-1A3C-4F6D-B3CB-E88A507AAAF2}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe | 
"{4D7CAB54-8F63-4C7F-9990-41A5C5DD54E1}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{4DAFF504-641C-4975-871A-772E8D3DE6E1}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{4DEF3CCE-A098-4E5F-BCA6-EA4F0506C99D}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe | 
"{53666F33-28E0-4099-AED5-DE283281BBAD}" = protocol=17 | dir=in | app=c:\program files\abbyy finereader 6.0 sprint\scan\scanman6.exe | 
"{60760AAB-BBB9-4C2E-87CA-D70431FDC127}" = protocol=6 | dir=in | app=c:\program files\abbyy finereader 6.0 sprint\scan\scanman6.exe | 
"{62FCB93B-5E60-43C9-BF6C-6C123EEB7BEF}" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe | 
"{6500980D-3216-4178-873C-ECCC712E89D8}" = protocol=17 | dir=in | app=c:\program files\sony ericsson\sony ericsson media manager\mediamanager.exe | 
"{66B41546-01EF-48A7-B7BC-3A07C4243A3D}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe | 
"{67FB968C-A14A-4854-8D85-2451AD48D43B}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe | 
"{6D10B504-B956-427C-8BA3-6A4F23F6074D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{74CD7487-D843-4D91-895F-D2026EEBAE3F}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{7958A1AB-2E4F-4C94-8BBF-38D35EBB1147}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe | 
"{7AA4841A-66AE-4383-8ABF-97712899FC2D}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe | 
"{7D408FEA-5322-44F6-820C-7DABAC3CF43E}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe | 
"{877723F4-CEF1-4865-9CA2-127D7958DA3F}" = protocol=6 | dir=in | app=c:\program files\brother\brmfl10g\faxrx.exe | 
"{9154AEFB-479D-447B-9331-EAE48FB50A57}" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe | 
"{93AD5143-0A54-45DB-9092-D1057A3865B0}" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe | 
"{9D24778F-3CEC-4ED5-B160-067773E1C04E}" = dir=in | app=c:\users\osteria\appdata\local\facebook\video\skype\facebookvideocalling.exe | 
"{9E83A95B-5122-439E-BEBF-F608A54C43B6}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe | 
"{A2D549EC-5BC3-49F2-B484-FD9FE45B5EA3}" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe | 
"{C06DAF55-BB16-4174-B514-5817F5927AC2}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{D2238ED8-5C86-4525-A9DC-2A00A44211D1}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\empire total war demo\empire.exe | 
"{D556AF65-177F-43DF-BCA5-63AACB7B195D}" = protocol=6 | dir=in | app=c:\program files\sony ericsson\sony ericsson media manager\mediamanager.exe | 
"{E2337BA7-581C-44AD-8BB7-770A0B42DB3B}" = protocol=6 | dir=out | app=system | 
"{E264E545-0CB4-489F-A261-ECC04FD18E85}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{ED98360D-822A-46F1-B855-11C1F462AFF9}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{F8F7B21A-3EDE-4673-B466-9883DD11DA67}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{FE2A1740-C805-4910-BC8F-171D86121327}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe | 
"TCP Query User{0A35A0F2-55E8-4527-9638-085B80411FBA}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"TCP Query User{273A99C8-3B9C-4B4E-94CA-AFACB0E8CCB6}C:\program files\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files\real\realplayer\realplay.exe | 
"TCP Query User{2F584AE3-28A4-4592-ACC7-5A2D8F5CD3FD}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"TCP Query User{3EA356BF-A9D1-4AA5-9233-255C078E4B53}C:\windows\system32\taskeng.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskeng.exe | 
"TCP Query User{CF0BC741-6973-45E0-8BF5-040790FF4B57}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | 
"TCP Query User{EB165B71-4653-4612-89B1-3E1EE00464B2}C:\program files\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files\real\realplayer\realplay.exe | 
"TCP Query User{F3E33FF7-2217-4E38-9DDE-962E28010D03}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe | 
"TCP Query User{F6530E7F-6BD9-4F1F-B3F3-755B03C94E17}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"UDP Query User{087DE222-B484-4AA4-A613-8623D3820A09}C:\program files\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files\real\realplayer\realplay.exe | 
"UDP Query User{1BA1DE04-24A7-42C9-8EB8-6A4869CD421F}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe | 
"UDP Query User{2DBB666F-8FC0-4633-9AF5-4D91D0041BCA}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"UDP Query User{875F791A-4B87-4BDD-B922-FE2476C53BE0}C:\program files\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files\real\realplayer\realplay.exe | 
"UDP Query User{9392FEA1-2730-414C-BC89-020F823ED9FB}C:\windows\system32\taskeng.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskeng.exe | 
"UDP Query User{D65E8D0F-33D8-4F2D-9442-7D6A3CB50D0A}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"UDP Query User{E35E5AC7-0B8F-4F3E-B698-7758323A85F0}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"UDP Query User{E47E50F8-AE2C-4B9F-AF72-EC1AB03205B9}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{009E7FB7-1775-4D89-8956-F5C9A1C019FC}" = DSD Playback Plug-in
"{01FDC9FC-4D4F-4DB0-ACD1-D3E8E1D52902}" = Sony Video Shared Library
"{0312BD0D-A1FE-4E1A-9208-D436F566D867}" = VAIO Azure Float Wallpaper
"{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = WIDCOMM Bluetooth Software 6.1.0.1205
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{068724F8-D8BE-4B43-8DDD-B9FE9E49FD76}" = Scansoft PDF Professional
"{07D8511D-C9FE-4A93-933F-EAA5C8F20095}" = IDT Audio
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID-Anmelde-Assistent
"{09A84598-E18A-4E7B-A49A-E19BB8D5C648}" = AppMon Utility
"{10812DE7-2E57-4740-B226-6B3BE34AF9D7}" = Lexmark Tools for Office
"{12D0BE8D-538C-4AB1-86DE-C540308F50DA}" = VAIO Content Metadata Manager Settings
"{15D5C238-4C2E-4AEA-A66D-D6989A4C586B}" = VAIO Launcher
"{17795164-3BC1-4D4F-8ADA-65C895EBFC9A}" = Brother MFL-Pro Suite MFC-J6510DW
"{18510937-0146-417B-95D8-14706649C384}" = VAIO Content Metadata Manager Settings
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1AE46C09-2AB8-4EE5-88FB-08CD0FF7F2DF}" = Bing Bar
"{1BEF9285-5530-426B-A5F1-5836B95C7EB1}" = VAIO Original Screen Saver
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{2063C2E8-3812-4BBD-9998-6610F80C1DD4}" = VAIO Media AC3 Decoder 1.0
"{206FD69B-F9FE-4164-81BD-D52552BC9C23}" = GearDrvs
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{23825B69-36DF-4DAD-9CFD-118D11D80F16}" = VAIO Content Folder Setting
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 22
"{28656860-4728-433C-8AD4-D1A930437BC8}" = Nuance PDF Viewer Plus
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{291FB4BF-EEC7-4CF9-8469-F39ED1DBC4D8}" = VAIO Content Metadata XML Interface Library
"{295C31E5-3F91-498E-9623-DA24D2FA2B6A}" = T-Online WLAN-Access Finder
"{2A0F3EF9-68EE-49E9-A05B-ED5B82DF63E5}" = Wireless Switch Setting Utility
"{2A2FF7F5-6F0E-4A5D-A881-39365E718BD6}" = VAIO Cozy Orange Wallpaper
"{2CCBABCB-6427-4A55-B091-49864623C43F}" = Google Toolbar for Firefox
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{468D22C0-8080-11E2-B86E-B8AC6F98CCE3}" = Google Earth
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{4937160D-9A3B-429C-A82E-645116A4EB17}" = VLC TV Player
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CDE3168-D060-4b7c-BC74-4D8F9BB01AFD}" = Python 3.2.2
"{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works
"{4EA55D20-27FB-45D7-8726-147E8A5F6C62}" = VAIO MusicBox
"{500162A0-4DD5-460A-BAFD-895AAE48C532}" = VAIO Media Content Collection 6.0
"{533D0A8A-D7E7-4F15-BC9E-FF2916A6BAA7}" = DSD Direct Player
"{560F6B2E-F0DF-44E5-8190-A4A161F0E205}" = VAIO Media 6.0
"{57B955CE-B5D3-495D-AF1B-FAEE0540BFEF}" = VAIO Data Restore Tool
"{5855C127-1F20-404D-B7FB-1FD84D7EAB5E}" = VAIO Media Redistribution 6.0
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{5888428E-699C-4E71-BF71-94EE06B497DA}" = TuneUp Utilities 2008
"{5F12E9D1-402C-4672-86D7-52E86A3A1411}" = VAIO Content Importer  VAIO Content Exporter
"{6110F38A-5BE6-4199-AC96-D2DD6B4A3ADE}" = VAIO Content Metadata Intelligent Analyzing Manager
"{6332AFF1-9D9A-429C-AA03-F82749FA4F49}" = SonicStage Mastering Studio
"{63A6E9A9-A190-46D4-9430-2DB28654AFD8}" = Norton 360
"{68A69CFF-130D-4CDE-AB0E-7374ECB144C8}" = VAIO Content Importer / VAIO Content Exporter
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6B1F20F2-6321-4669-A58C-33DF8E7517FF}" = VAIO Entertainment Platform
"{6C0A559F-8583-4B5A-8B50-20BEE15D8E64}" = Nuance PaperPort 12
"{6D2576EC-A0E9-418A-A09A-409933A3B6F4}" = VAIO Camera Capture Utility
"{6FA8BA2C-052B-4072-B8E2-2302C268BE9E}" = VAIO Movie Story Template Data
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser und SDK
"{72042FA6-5609-489F-A8EA-3C2DD650F667}" = VAIO Control Center
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{785EB1D4-ECEC-4195-99B4-73C47E187721}" = VAIO Media Integrated Server 6.1
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7C404084-C5A6-42FF-B731-0BAC79A6E134}" = VAIO Original Funktion Einstellungen
"{7EE873AF-46BB-4B5D-BA6F-CFE4B0566E22}" = TuneUp Utilities Language Pack (de-DE)
"{802889F8-6AF5-45A5-9764-CA5B999E50FC}" = VAIO Power Management
"{82D5BACA-3619-4D34-99DB-3A65CFB4DA33}" = DSD Direct
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{850C7BD3-9F3F-46AD-9396-E7985B38C55E}" = Windows Live Fotogalerie
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{91A4AD99-69CE-4745-97B7-0E0DFBECFDE5}" = Adobe Illustrator CS
"{934A3213-1CB6-4264-84A2-EE080C017BCA}" = VAIO Tender Green Wallpaper
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95229EF6-F4A1-413A-BA50-668311FAFE19}" = VAIO Original Function Settings
"{97BCD719-6ECB-458F-97D6-F38D2E07375E}" = VAIO Aqua Breeze Wallpaper
"{98EA51C9-B0B0-45BC-8641-3E119EA47D7B}" = Sony Ericsson Media Manager 1.2
"{98FC7A64-774B-49B5-B046-4B4EBC053FA9}" = VAIO MusicBox Sample Music
"{99ECF41F-5CCA-42BD-B8B8-A8333E2E2944}" = iTunes
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9AB83A3C-604D-4B4F-AA25-A23A3FC39844}" = ArcSoft Magic-i Visual Effects Installer
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C1C8A04-F8CA-4472-A92D-4288CE32DE86}" = SonicStage Mastering Studio Plugins
"{9CF4A37B-A8C4-44D7-8C53-13B9D9594BB2}" = Paint.NET v3.5.8
"{9D12A8B5-9D41-4465-BF11-70719EB0CD02}" = VU5x86
"{9E407618-D9CD-4F39-9490-9ED45294073D}" = Click to DVD 2.0.05 Menu Data
"{9FA8B5F5-4BDC-4CF4-9202-AA97FF79AE98}" = VAIO Media
"{9FF95DA2-7DA1-4228-93B7-DED7EC02B6B2}" = VAIO Update
"{A3563827-B0DB-44DC-B037-15CC4E5E692F}" = VAIO Content Metadata XML Interface Library
"{A7DA438C-2E43-4C20-BFDA-C1F4A6208558}" = Setting Utility Series
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.4)
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{AF9A04EB-7D8E-41DE-9EDE-4AB9BB2B71B6}" = VAIO Media Registration Tool 6.0
"{AFBA0609-EB70-43CB-B11C-294EDADFA101}" = 
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B7FB0C86-41A4-4402-9A33-912C462042A0}" = Roxio Easy Media Creator Home
"{B92C5909-1D37-4C51-8397-A28BB28E5DC3}" = Facebook Video Calling 1.2.0.287
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CCD663AE-610D-4BDF-AAB0-E914B044527D}" = OpenMG Secure Module 4.7.00
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}" = TuneUp Utilities
"{DF7DB916-90E5-40F2-9010-B8125EB5FD6F}" = SonicStage Mastering Studio Audio Filter
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E4D96ABB-E0D8-4CA4-856E-A2703F5490F0}" = VAIO Content Metadata Intelligent Analyzing Manager
"{E66BB7B9-EC7B-45A6-B479-AD43A9B32AA0}" = SonicStage Mastering Studio
"{E809063C-51A3-4269-8984-D1EB742F2151}" = Click to DVD 2.6.00
"{E89D31F3-7F6C-47A3-8669-0A8DDE27B664}" = VAIO Media Registration Tool
"{EC37A846-53AC-4DA7-98FA-76A4E74AA900}" = Benutzerdefinierte Voreinstellungen für SonicStage Mastering Studio Audio Filter
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{EFCEF949-9821-4759-A573-3EB8C857DF46}" = Windows Live Family Safety
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0D85ADD-DD61-4B43-87A0-6DA52A211A8B}" = VAIO Event Service
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FAA6B94E-78A7-489C-B2DB-050D9FEBFADA}" = VAIO Content Metadata Intelligent Analyzing Manager
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe SVG Viewer" = Adobe SVG Viewer 3.0
"Alice Software" = Alice Software 4.9.2
"Avira AntiVir Desktop" = Avira Free Antivirus
"CCleaner" = CCleaner
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_104D0200" = HDAUDIO SoftV92 Data Fax Modem with SmartCP
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"doPDF 6  printer_is1" = doPDF 6.2  printer
"dt icon module" = 
"eBay HTML" = 
"Free FLV Converter_is1" = Free FLV Converter V 4.9
"gtfirstboot Setting Request" = 
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"Inkscape" = Inkscape 0.48.3.1
"InstallShield_{CCD663AE-610D-4BDF-AAB0-E914B044527D}" = OpenMG Secure Module 4.7.00
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mobile Partner" = Mobile Partner
"Mozilla Firefox 21.0 (x86 ru)" = Mozilla Firefox 21.0 (x86 ru)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIA Drivers" = NVIDIA Drivers
"OpenMG HotFix4.7-07-13-22-01" = OpenMG Limited Patch 4.7-07-15-19-01
"Opera 12.15.1748" = Opera 12.15
"Premiere Internet TV_is1" = Premiere Internet TV Version 1.3.0
"RealPlayer 12.0" = RealPlayer
"Steam App 10620" = Empire: Total War Demo
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TuneUp Utilities" = TuneUp Utilities
"VAIO Help and Support" = 
"VAIO MFU Module" = 
"VAIO Xblack Contents" = VAIO Xblack Contents
"WinLiveSuite_Wave3" = Windows Live Essentials
"WOLAPI" = Gemeinsam genutzte Internet-Komponenten von Westwood
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Game Organizer" = EasyBits GO
"JNLP" = JNLP
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 29.06.2013 11:40:48 | Computer Name = Osteria-PC | Source = VzCdbSvc | ID = 7
Description = Das Plug-In-Modul konnte nicht geladen werden. (GUID = {56F9312C-C989-4E04-8C23-299DEE3A36F5})
 (Fehlercode = 0x80042019)
 
Error - 29.06.2013 13:09:53 | Computer Name = Osteria-PC | Source = VzCdbSvc | ID = 7
Description = Das Plug-In-Modul konnte nicht geladen werden. (GUID = {56F9312C-C989-4E04-8C23-299DEE3A36F5})
 (Fehlercode = 0x80042019)
 
[ OSession Events ]
Error - 29.08.2011 12:42:52 | Computer Name = Osteria-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 2
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 29.08.2011 12:47:34 | Computer Name = Osteria-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 2
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 04.10.2011 13:26:51 | Computer Name = Osteria-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 2
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 07.11.2011 13:19:03 | Computer Name = Osteria-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 2
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 04.08.2012 12:39:49 | Computer Name = Osteria-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 9
 seconds with 0 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 29.06.2013 11:40:46 | Computer Name = Osteria-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 29.06.2013 13:09:52 | Computer Name = Osteria-PC | Source = Service Control Manager | ID = 7000
Description = 
 
 
< End of report >

ponglenis · 29.06.2013, 19:10

SystemLook:

Code:

ATTFilter

SystemLook 30.07.11 by jpshortstuff
Log created at 19:55 on 29/06/2013 by Osteria
Administrator - Elevation successful

========== filefind ==========

Searching for "*oovootoolbar*"
No files found.

Searching for "*AskSearch*"
No files found.

Searching for "*Conduit*"
No files found.

Searching for "*SweetIM*"
No files found.

Searching for "*FunWebProducts*"
C:\ProgramData\Spybot - Search & Destroy\Recovery\FunWebProducts.zip	--a---- 185644 bytes	[17:15 17/03/2008]	[17:16 17/03/2008] 42CF0B58998ED8BECB61ECB7F0D7EECB
C:\ProgramData\Spybot - Search & Destroy\Recovery\FunWebProducts1.zip	--a---- 701 bytes	[22:34 19/08/2009]	[22:34 19/08/2009] 305DB99AFD64C9E73C83EE7796930D48
C:\ProgramData\Spybot - Search & Destroy\Recovery\FunWebProducts10.zip	--a---- 701 bytes	[22:37 19/08/2009]	[22:37 19/08/2009] 58CD9894BC57C4AE2DDBB132483D97CF
C:\ProgramData\Spybot - Search & Destroy\Recovery\FunWebProducts11.zip	--a---- 321 bytes	[22:37 19/08/2009]	[22:37 19/08/2009] E32956789157D6EAA873E61A266F1715
C:\ProgramData\Spybot - Search & Destroy\Recovery\FunWebProducts12.zip	--a---- 325 bytes	[22:37 19/08/2009]	[22:37 19/08/2009] D8D0533B53FA8A68B2EF44D235A10492
C:\ProgramData\Spybot - Search & Destroy\Recovery\FunWebProducts13.zip	--a---- 700 bytes	[21:11 03/09/2009]	[21:11 03/09/2009] 60DC7C154B9BFA6007EAD4D5CCF4DDAD
C:\ProgramData\Spybot - Search & Destroy\Recovery\FunWebProducts14.zip	--a---- 321 bytes	[21:11 03/09/2009]	[21:11 03/09/2009] 38462116915DE5481A4C6D3B35B72690
C:\ProgramData\Spybot - Search & Destroy\Recovery\FunWebProducts15.zip	--a---- 325 bytes	[21:11 03/09/2009]	[21:11 03/09/2009] 8D9F9537CDA79311090F1484BF855C56
C:\ProgramData\Spybot - Search & Destroy\Recovery\FunWebProducts16.zip	--a---- 701 bytes	[21:12 03/09/2009]	[21:12 03/09/2009] A184EB4680AFD22900382E580159E451
C:\ProgramData\Spybot - Search & Destroy\Recovery\FunWebProducts17.zip	--a---- 322 bytes	[21:12 03/09/2009]	[21:12 03/09/2009] 843A89A5BED81A02E1FF8A6F6B484399
C:\ProgramData\Spybot - Search & Destroy\Recovery\FunWebProducts18.zip	--a---- 326 bytes	[21:12 03/09/2009]	[21:12 03/09/2009] CD54455C7D29BF8CCA255097FE9FD2DC
C:\ProgramData\Spybot - Search & Destroy\Recovery\FunWebProducts19.zip	--a---- 702 bytes	[21:18 12/10/2009]	[21:18 12/10/2009] 09F8033E7270C1E06F9D7E909C3FC776
C:\ProgramData\Spybot - Search & Destroy\Recovery\FunWebProducts2.zip	--a---- 320 bytes	[22:34 19/08/2009]	[22:34 19/08/2009] 01B4D5247DE592F69816AD94FA5BE17B
C:\ProgramData\Spybot - Search & Destroy\Recovery\FunWebProducts20.zip	--a---- 321 bytes	[21:18 12/10/2009]	[21:18 12/10/2009] 6F47F37A1CE5CB93BE76A3A604228B34
C:\ProgramData\Spybot - Search & Destroy\Recovery\FunWebProducts21.zip	--a---- 326 bytes	[21:18 12/10/2009]	[21:18 12/10/2009] 1D3979CEB85BC16A9CD99D4CBA789407
C:\ProgramData\Spybot - Search & Destroy\Recovery\FunWebProducts22.zip	--a---- 701 bytes	[21:20 12/10/2009]	[21:20 12/10/2009] 92485DECC6765447ACAA8C4746725E71
C:\ProgramData\Spybot - Search & Destroy\Recovery\FunWebProducts23.zip	--a---- 320 bytes	[21:20 12/10/2009]	[21:20 12/10/2009] 6B0F08316995F798E769C06C94D17594
C:\ProgramData\Spybot - Search & Destroy\Recovery\FunWebProducts24.zip	--a---- 325 bytes	[21:20 12/10/2009]	[21:20 12/10/2009] 44EBBBB7428101F51ADD69D7A883761F
C:\ProgramData\Spybot - Search & Destroy\Recovery\FunWebProducts25.zip	--a---- 701 bytes	[21:21 12/10/2009]	[21:21 12/10/2009] 2733C8AD7D7F3180D12F801E8A312A61
C:\ProgramData\Spybot - Search & Destroy\Recovery\FunWebProducts26.zip	--a---- 321 bytes	[21:21 12/10/2009]	[21:21 12/10/2009] F155E89AD3B97DB4A179223AF7DEFF69
C:\ProgramData\Spybot - Search & Destroy\Recovery\FunWebProducts27.zip	--a---- 325 bytes	[21:21 12/10/2009]	[21:21 12/10/2009] 8828805B7353AF60754A00BCEDEDD0E2
C:\ProgramData\Spybot - Search & Destroy\Recovery\FunWebProducts28.zip	--a---- 703 bytes	[14:21 30/10/2009]	[14:21 30/10/2009] EC471B102C17130D123F4B09F0C3DB3C
C:\ProgramData\Spybot - Search & Destroy\Recovery\FunWebProducts3.zip	--a---- 325 bytes	[22:34 19/08/2009]	[22:34 19/08/2009] AD70CC4491C8FA7AE0A4F9B491DCFFCE
C:\ProgramData\Spybot - Search & Destroy\Recovery\FunWebProducts4.zip	--a---- 701 bytes	[22:35 19/08/2009]	[22:35 19/08/2009] B9DF74EC1DA1F9FA420309BB8DCBA3BF
C:\ProgramData\Spybot - Search & Destroy\Recovery\FunWebProducts5.zip	--a---- 321 bytes	[22:35 19/08/2009]	[22:35 19/08/2009] 7549A46C7ADE5EEF22AA9A02F45E0D0C
C:\ProgramData\Spybot - Search & Destroy\Recovery\FunWebProducts6.zip	--a---- 325 bytes	[22:35 19/08/2009]	[22:35 19/08/2009] E5FDE0C620079D42096D318DEE38EE8E
C:\ProgramData\Spybot - Search & Destroy\Recovery\FunWebProducts7.zip	--a---- 701 bytes	[22:36 19/08/2009]	[22:36 19/08/2009] 96DABB0AB72AF26EAC3A8897FB5396C1
C:\ProgramData\Spybot - Search & Destroy\Recovery\FunWebProducts8.zip	--a---- 320 bytes	[22:36 19/08/2009]	[22:36 19/08/2009] 66B6F1D830A2AFD5A8E838E668CA89AB
C:\ProgramData\Spybot - Search & Destroy\Recovery\FunWebProducts9.zip	--a---- 324 bytes	[22:36 19/08/2009]	[22:36 19/08/2009] 627028A026E1EAB330213AE372A1C0D4

Searching for "*MyWebSearch*"
C:\ProgramData\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch.zip	--a---- 17723 bytes	[17:16 17/03/2008]	[17:16 17/03/2008] 0ADAA9E941B24EE2B21C54C42FDFAFF5
C:\ProgramData\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch1.zip	--a---- 783 bytes	[02:41 31/05/2008]	[02:41 31/05/2008] A861913497719FD5B433FD7B3B04AA18
C:\ProgramData\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch10.zip	--a---- 412 bytes	[17:16 17/03/2008]	[17:16 17/03/2008] 26EBF5834A6F3DE40E76786D27AA5913
C:\ProgramData\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch100.zip	--a---- 320 bytes	[21:20 12/10/2009]	[21:20 12/10/2009] AACCECCB9D46572CF64AB799E967BCFC
C:\ProgramData\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch101.zip	--a---- 324 bytes	[21:20 12/10/2009]	[21:20 12/10/2009] F792F134D03EFB1C6013D394917F8D5A
C:\ProgramData\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch102.zip	--a---- 318 bytes	[21:21 12/10/2009]	[21:21 12/10/2009] A1C036790CE15E4FDB2A59F71E9AB424
C:\ProgramData\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch103.zip	--a---- 570 bytes	[21:21 12/10/2009]	[21:21 12/10/2009] 01CA4C666024A1AC086592EE0281CA51
C:\ProgramData\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch104.zip	--a---- 551 bytes	[21:21 12/10/2009]	[21:21 12/10/2009] B32C609B689B6CFB54F3DE8E6972D579
C:\ProgramData\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch105.zip	--a---- 333 bytes	[21:21 12/10/2009]	[21:21 12/10/2009] 03DE28BCBC3826E361176202EE322F97
C:\ProgramData\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch106.zip	--a---- 325 bytes	[21:21 12/10/2009]	[21:21 12/10/2009] 7BF8ECC6CDFA50AD844369B5E25439FF
C:\ProgramData\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch107.zip	--a---- 334 bytes	[21:21 12/10/2009]	[21:21 12/10/2009] BAE7B7DA504724A68B0438D68ED7EBD7
C:\ProgramData\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch108.zip	--a---- 326 bytes	[21:21 12/10/2009]	[21:21 12/10/2009] 8D25007F92A51DA129C601DC969B3E0F
C:\ProgramData\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch109.zip	--a---- 322 bytes	[21:21 12/10/2009]	[21:21 12/10/2009] 57C6AD413002C41471FAFBFEE14DC3A8
C:\ProgramData\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch11.zip	--a---- 411 bytes	[19:31 21/03/2008]	[19:31 21/03/2008] ABF37DB52FB07E4616E71B97D9656E49
C:\ProgramData\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch110.zip	--a---- 324 bytes	[21:21 12/10/2009]	[21:21 12/10/2009] 3966663F7979F6173E60B311D92D9697
C:\ProgramData\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch111.zip	--a---- 320 bytes	[14:21 30/10/2009]	[14:21 30/10/2009] 48A2DE4D23E630035F7F5C9419703F5F
C:\ProgramData\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch112.zip	--a---- 569 bytes	[14:21 30/10/2009]	[14:21 30/10/2009] BEF3FCBBABAE9CB040271AFB2630D6D5
C:\ProgramData\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch113.zip	--a---- 550 bytes	[14:21 30/10/2009]	[14:21 30/10/2009] 14DD4EA801A17A45B6DD2E7739EF6025
C:\ProgramData\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch12.zip	--a---- 412 bytes	[02:42 31/05/2008]	[02:42 31/05/2008] 81CC883CFFE68B86EDDA018825521CBF
C:\ProgramData\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch13.zip	--a---- 413 bytes	[11:59 21/07/2008]	[11:59 21/07/2008] 38407F7D5CEC4A79D28CE9456BC416A7
C:\ProgramData\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch14.zip	--a---- 413 bytes	[13:56 09/08/2008]	[13:56 09/08/2008] CDB02906FF719279EF164785AC3BC8F5
C:\ProgramData\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch15.zip	--a---- 413 bytes	[11:08 24/08/2008]	[11:08 24/08/2008] 63F41163F0FE42B5C864F96C7AF086D4
C:\ProgramData\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch16.zip	--a---- 412 bytes	[21:12 27/10/2008]	[21:12 27/10/2008] FAF89574320601C86D8978F8061EEFB4
C:\ProgramData\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch17.zip	--a---- 411 bytes	[00:41 13/11/2008]	[00:41 13/11/2008] 5D3188E51EB1BDB7475E0663E15034C1
C:\ProgramData\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch18.zip	--a---- 412 bytes	[16:56 23/11/2008]	[16:56 23/11/2008] 3E529659759C2B97A048EBE66F9A54C1
C:\ProgramData\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch19.zip	--a---- 413 bytes	[16:56 23/11/2008]	[16:56 23/11/2008] B9B7C3B0A8B151958BA93684E5A6C591
C:\ProgramData\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch2.zip	--a---- 948 bytes	[02:41 31/05/2008]	[02:41 31/05/2008] 2EF15921CE270F5A7EC05123C28B9E40
C:\ProgramData\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch20.zip	--a---- 412 bytes	[00:25 30/11/2008]	[00:25 30/11/2008] 79872D717EF1EC672A187E5A853EED0C
C:\ProgramData\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch21.zip	--a---- 412 bytes	[00:25 30/11/2008]	[00:25 30/11/2008] 918F4A215CE0A321C8A0BC954FF0A4A0
C:\ProgramData\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch22.zip	--a---- 412 bytes	[12:55 07/01/2009]	[12:55 07/01/2009] B51CF40FDCDD8B8235F48F9E82D116FC
C:\ProgramData\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch23.zip	--a---- 411 bytes	[12:55 07/01/2009]	[12:55 07/01/2009] EBDD0ADFBC8A0F78A3CF9FD9F1814622
C:\ProgramData\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch24.zip	--a---- 412 bytes	[00:54 17/01/2009]	[00:54 17/01/2009] C1C9BAABED97E4AC8BEBEE2E60EABB69
C:\ProgramData\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch25.zip	--a---- 412 bytes	[22:57 26/01/2009]	[22:57 26/01/2009] FAB64F31010F3694AB13DDCDE9F89B6B
C:\ProgramData\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch26.zip	--a---- 412 bytes	[13:12 14/03/2009]	[13:12 14/03/2009] 4328006800C180E97311D81C08755752
C:\ProgramData\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch27.zip	--a---- 412 bytes	[20:59 30/03/2009]	[20:59 30/03/2009] 99704B64D943C8A9AF38255222738EEF
C:\ProgramData\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch28.zip	--a---- 412 bytes	[08:03 26/05/2009]	[08:03 26/05/2009] 41082E40771F087D3C0DFC18EE8CE636
C:\ProgramData\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch29.zip	--a---- 319 bytes	[22:34 19/08/2009]	[22:34 19/08/2009] D68755E1C2B85D19C12449235C90A3FD
C:\ProgramData\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch3.zip	--a---- 679 bytes	[02:41 31/05/2008]	[02:41 31/05/2008] F70016536F11F10E38D8074022787228
C:\ProgramData\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch30.zip	--a---- 571 bytes	[22:34 19/08/2009]	[22:34 19/08/2009] 24237D7EE39D08F90707E1EB4032C2BE
C:\ProgramData\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch31.zip	--a---- 551 bytes	[22:34 19/08/2009]	[22:34 19/08/2009] 1AD1A483DDCA60B29CF21B7FE9BB6DCD
C:\ProgramData\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch32.zip	--a---- 332 bytes	[22:34 19/08/2009]	[22:34 19/08/2009] 7A9475E2953DCC87A28C69AC0E875E5B
C:\ProgramData\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch33.zip	--a---- 324 bytes	[22:34 19/08/2009]	[22:34 19/08/2009] 87EBCBA313435CB19A05DEF204498106
C:\ProgramData\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch34.zip	--a---- 332 bytes	[22:34 19/08/2009]	[22:34 19/08/2009] E6C81AFF185444178EE944BF7E724AEF
C:\ProgramData\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch35.zip	--a---- 325 bytes	[22:34 19/08/2009]	[22:34 19/08/2009] 4962F382B55358C034B1FD71A8072D87
C:\ProgramData\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch36.zip	--a---- 571 bytes	[22:34 19/08/2009]	[22:34 19/08/2009] A59C10D86F4001B1D4D11F2E98FC5787
C:\ProgramData\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch37.zip	--a---- 321 bytes	[22:34 19/08/2009]	[22:34 19/08/2009] 5DE10ADDA9F2B0C9C8E9BB249DB51195
C:\ProgramData\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch38.zip	--a---- 324 bytes	[22:34 19/08/2009]	[22:34 19/08/2009] 987CA26E801F76BB94584E2CFDFF3FC2
C:\ProgramData\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch39.zip	--a---- 319 bytes	[22:35 19/08/2009]	[22:35 19/08/2009] 522E408702619EEE07B4A42DBA921301
C:\ProgramData\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch4.zip	--a---- 631 bytes	[02:41 31/05/2008]	[02:41 31/05/2008] A702DADC28E046F0DFD43E72A4B2108C
C:\ProgramData\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch40.zip	--a---- 569 bytes	[22:35 19/08/2009]	[22:35 19/08/2009] 5DD1D26835C02F0F7C62BD9DBD794D1A
C:\ProgramData\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch41.zip	--a---- 551 bytes	[22:35 19/08/2009]	[22:35 19/08/2009] 7B189CF4371312D491D3E004F21FF663
C:\ProgramData\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch42.zip	--a---- 332 bytes	[22:35 19/08/2009]	[22:35 19/08/2009] C99617FEEA337043E0375E053FFB34BC
C:\ProgramData\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch43.zip	--a---- 324 bytes	[22:35 19/08/2009]	[22:35 19/08/2009] 7DE9DBF94CFBB3741F954447B54EE7B0
C:\ProgramData\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch44.zip	--a---- 332 bytes	[22:35 19/08/2009]	[22:35 19/08/2009] 0DAF27FA9A91E9DE6BA0E1918D7C7F40
C:\ProgramData\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch45.zip	--a---- 325 bytes	[22:35 19/08/2009]	[22:35 19/08/2009] 74050C2BA04708304700B773EDDADA8B
C:\ProgramData\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch46.zip	--a---- 321 bytes	[22:35 19/08/2009]	[22:35 19/08/2009] 67B2D66244BD9393CB551BBBC35E8D0B
C:\ProgramData\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch47.zip	--a---- 324 bytes	[22:35 19/08/2009]	[22:35 19/08/2009] 49082A06D4DBA88FAFA4B3E199A93DB6
C:\ProgramData\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch48.zip	--a---- 319 bytes	[22:36 19/08/2009]	[22:36 19/08/2009] 1BE39889D612E18862DB69DF3EC3ACEB
C:\ProgramData\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch49.zip	--a---- 570 bytes	[22:36 19/08/2009]	[22:36 19/08/2009] A63D1A1A614628F97D94E37E4D548AE9
C:\ProgramData\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch5.zip	--a---- 786 bytes	[02:41 31/05/2008]	[02:41 31/05/2008] AE3E0BDFBFB4168A5D75159725ACCA6D
C:\ProgramData\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch50.zip	--a---- 551 bytes	[22:36 19/08/2009]	[22:36 19/08/2009] 0017833BF439AFD3D240E77CB94398EC
C:\ProgramData\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch51.zip	--a---- 331 bytes	[22:36 19/08/2009]	[22:36 19/08/2009] 68EF899FE22486A22DABFB0E766EBA21
C:\ProgramData\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch52.zip	--a---- 327 bytes	[22:36 19/08/2009]	[22:36 19/08/2009] 78B4F3CA7AA75B03AD7607010D38B428
C:\ProgramData\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch53.zip	--a---- 332 bytes	[22:36 19/08/2009]	[22:36 19/08/2009] 6D57BF13AEAF358B2AC747F0C7F10793
C:\ProgramData\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch54.zip	--a---- 328 bytes	[22:36 19/08/2009]	[22:36 19/08/2009] 0ECA7BC1203D5B5BC1D40EA195C019D7
C:\ProgramData\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch55.zip	--a---- 321 bytes	[22:36 19/08/2009]	[22:36 19/08/2009] F69417029EA2A93738799A585089C477
C:\ProgramData\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch56.zip	--a---- 324 bytes	[22:36 19/08/2009]	[22:36 19/08/2009] 815D457261400EE25ADC3CB735942411
C:\ProgramData\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch57.zip	--a---- 319 bytes	[22:37 19/08/2009]	[22:37 19/08/2009] F730C563205C3830326D8F24E522F610
C:\ProgramData\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch58.zip	--a---- 570 bytes	[22:37 19/08/2009]	[22:37 19/08/2009] 1618038427D8135A69E60ACFBED2819B
C:\ProgramData\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch59.zip	--a---- 551 bytes	[22:37 19/08/2009]	[22:37 19/08/2009] FD1D98C021419EA163B0E730CE90D97E
C:\ProgramData\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch6.zip	--a---- 610 bytes	[02:41 31/05/2008]	[02:41 31/05/2008] 54EA061D4642E5A9276FDA9AE6625547
C:\ProgramData\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch60.zip	--a---- 332 bytes	[22:37 19/08/2009]	[22:37 19/08/2009] 44B3003D65BFAE029C9D12FA0952F8C2
C:\ProgramData\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch61.zip	--a---- 326 bytes	[22:37 19/08/2009]	[22:37 19/08/2009] D3461EA40A677FB526869D841252CF65
C:\ProgramData\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch62.zip	--a---- 333 bytes	[22:37 19/08/2009]	[22:37 19/08/2009] A0DE37C3FFE62B22ADDCFCDB42D95953
C:\ProgramData\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch63.zip	--a---- 325 bytes	[22:37 19/08/2009]	[22:37 19/08/2009] A924B552035ECA17E98225B88F789A05
C:\ProgramData\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch64.zip	--a---- 321 bytes	[22:37 19/08/2009]	[22:37 19/08/2009] F74355FC7768B686043582606CF27CF4
C:\ProgramData\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch65.zip	--a---- 328 bytes	[22:37 19/08/2009]	[22:37 19/08/2009] 296B4AF6EB74B06B3C3841BA2463AD88
C:\ProgramData\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch66.zip	--a---- 319 bytes	[21:11 03/09/2009]	[21:11 03/09/2009] 407615385F70B103AB4B8AFE58EACDDE
C:\ProgramData\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch67.zip	--a---- 570 bytes	[21:11 03/09/2009]	[21:11 03/09/2009] 9CD540FB8DDB748E0381AADA1FD7ECB5
C:\ProgramData\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch68.zip	--a---- 550 bytes	[21:11 03/09/2009]	[21:11 03/09/2009] 89E0BFC05D2431C96CA80CC124FF0D41
C:\ProgramData\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch69.zip	--a---- 331 bytes	[21:11 03/09/2009]	[21:11 03/09/2009] 8C99103315D425A03F8D1B33B6E8C02D
C:\ProgramData\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch7.zip	--a---- 412 bytes	[02:41 31/05/2008]	[02:41 31/05/2008] 047153C8BF55B29750D995A26D2B7C86
C:\ProgramData\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch70.zip	--a---- 324 bytes	[21:11 03/09/2009]	[21:11 03/09/2009] DE8DDE8DDBCEDDE7BC66CA3D38F5293B
C:\ProgramData\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch71.zip	--a---- 331 bytes	[21:11 03/09/2009]	[21:11 03/09/2009] EFC3F31818E5804ED40545B2257413B0
C:\ProgramData\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch72.zip	--a---- 324 bytes	[21:11 03/09/2009]	[21:11 03/09/2009] 210B97AAB038A2B0A3A2F93DE14C3347
C:\ProgramData\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch73.zip	--a---- 321 bytes	[21:11 03/09/2009]	[21:11 03/09/2009] AAEBDAACBE45884EC2A2FE124DDFE466
C:\ProgramData\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch74.zip	--a---- 324 bytes	[21:11 03/09/2009]	[21:11 03/09/2009] 1D41CA369EF22E60F7080E204ECF0920
C:\ProgramData\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch75.zip	--a---- 319 bytes	[21:12 03/09/2009]	[21:12 03/09/2009] 9DF9B0BDACE31D73C45EC89894481332
C:\ProgramData\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch76.zip	--a---- 570 bytes	[21:12 03/09/2009]	[21:12 03/09/2009] E78D66A7293958F01FC1B4925964294D
C:\ProgramData\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch77.zip	--a---- 550 bytes	[21:12 03/09/2009]	[21:12 03/09/2009] 5474727C0E7CFD25DF284A76D11216BC
C:\ProgramData\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch78.zip	--a---- 333 bytes	[21:12 03/09/2009]	[21:12 03/09/2009] 7B1015E9609A39FCB8FBCB61A060C98B
C:\ProgramData\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch79.zip	--a---- 324 bytes	[21:12 03/09/2009]	[21:12 03/09/2009] E66F1BA229358E05095B128BA6C51052
C:\ProgramData\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch8.zip	--a---- 26508 bytes	[17:16 17/03/2008]	[17:16 17/03/2008] E763EF79DC1FCF9FFD2BF820E1E7B0EA
C:\ProgramData\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch80.zip	--a---- 332 bytes	[21:12 03/09/2009]	[21:12 03/09/2009] C469F361021DB94B448E8040DBAF8601
C:\ProgramData\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch81.zip	--a---- 325 bytes	[21:12 03/09/2009]	[21:12 03/09/2009] 2677CB69D94CBA100A69C77713319E7C
C:\ProgramData\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch82.zip	--a---- 321 bytes	[21:12 03/09/2009]	[21:12 03/09/2009] 85FA5F4AC38F6EE899668EF072979197
C:\ProgramData\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch83.zip	--a---- 324 bytes	[21:12 03/09/2009]	[21:12 03/09/2009] AB40A4AD61B135D0B0D9B06FB130366D
C:\ProgramData\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch84.zip	--a---- 319 bytes	[21:18 12/10/2009]	[21:18 12/10/2009] 6A795584C50CD9904BAF1C6488D20CCC
C:\ProgramData\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch85.zip	--a---- 570 bytes	[21:18 12/10/2009]	[21:18 12/10/2009] A640D4F2B73EDB481C5717A73AF10435
C:\ProgramData\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch86.zip	--a---- 551 bytes	[21:18 12/10/2009]	[21:18 12/10/2009] E4C1CAF25486BBC35382611A73474D4F
C:\ProgramData\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch87.zip	--a---- 332 bytes	[21:18 12/10/2009]	[21:18 12/10/2009] AE8116A6823D7C5D36EFDEA4FBA75835
C:\ProgramData\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch88.zip	--a---- 327 bytes	[21:18 12/10/2009]	[21:18 12/10/2009] E9F593ADAA794B889B90D3EA67A809C5
C:\ProgramData\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch89.zip	--a---- 332 bytes	[21:18 12/10/2009]	[21:18 12/10/2009] 19FBCAA0A94E1DABC56FFC937E3F82A3
C:\ProgramData\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch9.zip	--a---- 411 bytes	[02:41 31/05/2008]	[02:41 31/05/2008] 4CFA4DD028123B1D4A231528F78D6071
C:\ProgramData\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch90.zip	--a---- 325 bytes	[21:18 12/10/2009]	[21:18 12/10/2009] 7CF40B58925148B0EFC4470A31FF63BE
C:\ProgramData\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch91.zip	--a---- 321 bytes	[21:18 12/10/2009]	[21:18 12/10/2009] 306F14ACD15B22BDD5AC05A38E5AF25D
C:\ProgramData\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch92.zip	--a---- 324 bytes	[21:18 12/10/2009]	[21:18 12/10/2009] 01AF01FE19F233C4987C6E604B513EEE
C:\ProgramData\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch93.zip	--a---- 319 bytes	[21:20 12/10/2009]	[21:20 12/10/2009] CA68D8FE12D9476FC087AD7782907705
C:\ProgramData\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch94.zip	--a---- 570 bytes	[21:20 12/10/2009]	[21:20 12/10/2009] D4B33AE5988F1853B33C2E678D47CF22
C:\ProgramData\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch95.zip	--a---- 550 bytes	[21:20 12/10/2009]	[21:20 12/10/2009] A70FBA196661463C8AF794749A7E8336
C:\ProgramData\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch96.zip	--a---- 330 bytes	[21:20 12/10/2009]	[21:20 12/10/2009] 68FEB8682E993AA5D3E627FB18CBA599
C:\ProgramData\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch97.zip	--a---- 324 bytes	[21:20 12/10/2009]	[21:20 12/10/2009] FF95639B7FEBD3BC102E825F25E98ACB
C:\ProgramData\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch98.zip	--a---- 331 bytes	[21:20 12/10/2009]	[21:20 12/10/2009] 8C17180AFFFD604AB544C6153DEA5A0F
C:\ProgramData\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch99.zip	--a---- 323 bytes	[21:20 12/10/2009]	[21:20 12/10/2009] BD680EA69108E78E140B7CD706272C92
C:\ProgramData\Spybot - Search & Destroy\Recovery\MyWebSearch.zip	--a---- 647 bytes	[17:16 17/03/2008]	[17:16 17/03/2008] 58792555741ADB51A1D840702580FD85
C:\ProgramData\Spybot - Search & Destroy\Recovery\MyWebSearch1.zip	--a---- 671 bytes	[17:16 17/03/2008]	[17:16 17/03/2008] 08E05EBA0CF91BF8FFF5A318951C09F6
C:\ProgramData\Spybot - Search & Destroy\Recovery\MyWebSearch2.zip	--a---- 668 bytes	[17:16 17/03/2008]	[17:16 17/03/2008] B42DB734576DCFD16F68B4FB204B0CDF

Searching for "*PriceGong*"
No files found.

Searching for "*Softonic*"
C:\Users\Osteria\Downloads\SoftonicDownloader_fuer_internet-explorer-9.exe	--a---- 284928 bytes	[07:11 10/08/2011]	[07:11 10/08/2011] B889D9C1EF5220307B17F2D29F80748D

========== folderfind ==========

Searching for "*oovootoolbar*"
No folders found.

Searching for "*AskSearch*"
No folders found.

Searching for "*Conduit*"
No folders found.

Searching for "*SweetIM*"
No folders found.

Searching for "*FunWebProducts*"
No folders found.

Searching for "*MyWebSearch*"
No folders found.

Searching for "*PriceGong*"
No folders found.

Searching for "*Softonic*"
No folders found.

========== regfind ==========

Searching for "oovootoolbar"
[HKEY_CURRENT_USER\S-1-5-21-723902195-3043266244-887298501-1000\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-723902195-3043266244-887298501-1000\Software\oovooToolbar]
[HKEY_USERS\S-1-5-21-723902195-3043266244-887298501-1000\S-1-5-21-723902195-3043266244-887298501-1000\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-723902195-3043266244-887298501-1000\Software\oovooToolbar]

Searching for "AskSearch"
No data found.

Searching for "Conduit"
No data found.

Searching for "SweetIM"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-723902195-3043266244-887298501-1000\Software\SweetIM]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-723902195-3043266244-887298501-1000\Software\SweetIM\Toolbars\Internet Explorer\Data]
"toolbar_version"="<TOOLBAR version="1.0" name="SweetIM For Internet Explorer"/>"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-723902195-3043266244-887298501-1000\Software\SweetIM\Toolbars\Internet Explorer\Data]
"AutoSearch"="hxxp://search.sweetim.com/search.asp?src=2&q=%s"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-723902195-3043266244-887298501-1000\Software\SweetIM\Toolbars\Internet Explorer\Data]
"Toolbar Path"="C:\Program Files\SweetIM\Toolbars\Internet Explorer\"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-723902195-3043266244-887298501-1000\Software\SweetIM\Toolbars\Internet Explorer\Data]
"OldCachePath"="C:\Users\Osteria\AppData\LocalLow\SweetIM\Toolbars\Internet Explorer\cache\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\2AC2CC6A977201F488FB3A9CBE78C442]
"ProductName"="SweetIM Toolbar for Internet Explorer 3.9"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\5588DE80E2C4B9248A871F921E6F42AF]
"ProductName"="SweetIM for Messenger 3.2"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\5588DE80E2C4B9248A871F921E6F42AF\SourceList]
"PackageName"="SweetIMSetup.msi"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\SweetIM\Messenger\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\SweetIM\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\SweetIM\Messenger\data\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files\SweetIM\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\SweetIM\Messenger\data\contentdb\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files\SweetIM\Toolbars\Internet Explorer\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files\SweetIM\Toolbars\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files\SweetIM\Toolbars\Internet Explorer\Microsoft.VC90.CRT\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files\SweetIM\Messenger\resources\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files\SweetIM\Messenger\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\SweetIM\Messenger\logs\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\SweetIM\Messenger\update\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\SweetIM\Messenger\conf\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\SweetIM\Messenger\conf\users\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files\SweetIM\Messenger\resources\images\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files\SweetIM\Toolbars\Internet Explorer\conf\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094]
"5588DE80E2C4B9248A871F921E6F42AF"="C:\Program Files\SweetIM\Messenger\msvcr71.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1AC67655DD68F8240B2860F2D511EBD8]
"5588DE80E2C4B9248A871F921E6F42AF"="C:\Program Files\SweetIM\Messenger\mgIEPlayer.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536]
"5588DE80E2C4B9248A871F921E6F42AF"="C:\Program Files\SweetIM\Messenger\msvcp71.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5D19F074C042AD34BAB463D4175A062E]
"5588DE80E2C4B9248A871F921E6F42AF"="C:\Program Files\SweetIM\Messenger\mgAIMAuto.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E337925F629CF4C4FB08F3D9674DD839]
"5588DE80E2C4B9248A871F921E6F42AF"="C:\Program Files\SweetIM\Messenger\mgAIMMessengerAdapter.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\2AC2CC6A977201F488FB3A9CBE78C442\InstallProperties]
"Contact"="SweetIM Technical Support Department"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\2AC2CC6A977201F488FB3A9CBE78C442\InstallProperties]
"HelpLink"="hxxp://www.sweetim.com"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\2AC2CC6A977201F488FB3A9CBE78C442\InstallProperties]
"InstallLocation"="C:\Program Files\SweetIM\Toolbars\Internet Explorer\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\2AC2CC6A977201F488FB3A9CBE78C442\InstallProperties]
"Publisher"="SweetIM Technologies Ltd."
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\2AC2CC6A977201F488FB3A9CBE78C442\InstallProperties]
"URLInfoAbout"="hxxp://www.sweetim.com"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\2AC2CC6A977201F488FB3A9CBE78C442\InstallProperties]
"URLUpdateInfo"="hxxp://www.sweetim.com"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\2AC2CC6A977201F488FB3A9CBE78C442\InstallProperties]
"DisplayName"="SweetIM Toolbar for Internet Explorer 3.9"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\5588DE80E2C4B9248A871F921E6F42AF\InstallProperties]
"Contact"="SweetIM Technical Support Department"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\5588DE80E2C4B9248A871F921E6F42AF\InstallProperties]
"HelpLink"="hxxp://www.sweetim.com"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\5588DE80E2C4B9248A871F921E6F42AF\InstallProperties]
"InstallLocation"="C:\Program Files\SweetIM\Messenger\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\5588DE80E2C4B9248A871F921E6F42AF\InstallProperties]
"Publisher"="SweetIM Technologies Ltd."
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\5588DE80E2C4B9248A871F921E6F42AF\InstallProperties]
"URLInfoAbout"="hxxp://www.sweetim.com"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\5588DE80E2C4B9248A871F921E6F42AF\InstallProperties]
"URLUpdateInfo"="hxxp://www.sweetim.com"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\5588DE80E2C4B9248A871F921E6F42AF\InstallProperties]
"DisplayName"="SweetIM for Messenger 3.2"
[HKEY_USERS\S-1-5-21-723902195-3043266244-887298501-1000\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-723902195-3043266244-887298501-1000\Software\SweetIM]
[HKEY_USERS\S-1-5-21-723902195-3043266244-887298501-1000\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-723902195-3043266244-887298501-1000\Software\SweetIM\Toolbars\Internet Explorer\Data]
"toolbar_version"="<TOOLBAR version="1.0" name="SweetIM For Internet Explorer"/>"
[HKEY_USERS\S-1-5-21-723902195-3043266244-887298501-1000\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-723902195-3043266244-887298501-1000\Software\SweetIM\Toolbars\Internet Explorer\Data]
"AutoSearch"="hxxp://search.sweetim.com/search.asp?src=2&q=%s"
[HKEY_USERS\S-1-5-21-723902195-3043266244-887298501-1000\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-723902195-3043266244-887298501-1000\Software\SweetIM\Toolbars\Internet Explorer\Data]
"Toolbar Path"="C:\Program Files\SweetIM\Toolbars\Internet Explorer\"
[HKEY_USERS\S-1-5-21-723902195-3043266244-887298501-1000\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-723902195-3043266244-887298501-1000\Software\SweetIM\Toolbars\Internet Explorer\Data]
"OldCachePath"="C:\Users\Osteria\AppData\LocalLow\SweetIM\Toolbars\Internet Explorer\cache\"

Searching for "FunWebProducts"
No data found.

Searching for "MyWebSearch"
No data found.

Searching for "PriceGong"
No data found.

Searching for "Softonic"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\1b3ad6a5_0]
@="{0.0.0.00000000}.{37e67724-851b-4f90-9635-ba10226219d8}|\Device\HarddiskVolume2\Users\Osteria\Downloads\SoftonicDownloader_fuer_internet-explorer-9.exe%b{00000000-0000-0000-0000-000000000000}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\bff4d753-0877-4705-8ab9-c98883bdd3c2]
"AppPath"="C:\Program Files\softonic-de3"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\bff4d753-0877-4705-8ab9-c98883bdd3c2]
"AppName"="softonic-de3ToolbarHelper.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\df660428-c685-4caa-81e4-388b5c0a921f]
"AppPath"="C:\Program Files\softonic-de3"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\df660428-c685-4caa-81e4-388b5c0a921f]
"AppName"="softonic-de3ToolbarHelper.exe"
[HKEY_USERS\S-1-5-21-723902195-3043266244-887298501-1000\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\1b3ad6a5_0]
@="{0.0.0.00000000}.{37e67724-851b-4f90-9635-ba10226219d8}|\Device\HarddiskVolume2\Users\Osteria\Downloads\SoftonicDownloader_fuer_internet-explorer-9.exe%b{00000000-0000-0000-0000-000000000000}"

Searching for "         "
[HKEY_CURRENT_USER\Software\LexmarkInkjet\App List Manager v2]
"AppList"="     <DESTINATION>
          <APP>
               <FRIENDLY_NAME>Fotogalerie</FRIENDLY_NAME>
               <PATH>C:\Program Files\Windows Photo Gallery\WindowsPhotoGallery.EXE</PATH>
               <DEFAULT_FILE_TYPE>JPG</DEFAULT_FILE_TYPE>
          </APP>
     </DESTINATION>
     <DESTINATION>
          <APP>
               <FRIENDLY_NAME>MS Paint</FRIENDLY_NAME>
               <PATH>C:\Windows\system32\mspaint.exe</PATH>
               <DEFAULT_FILE_TYPE>JPG</DEFAULT_FILE_TYPE>
          </APP>
     </DESTINATION>
     <DESTINATION>
          <APP>
               <FRIENDLY_NAME>MS Word</FRIENDLY_NAME>
               <PATH>C:\Program Files\Microsoft Office\Office12\WINWORD.EXE</PATH>
               <DEFAULT_FILE_TYPE>RTF</DEFAULT_FILE_TYPE>
          </APP>
     </DESTINATION>
     <DESTINATION>
          <APP>
               <FRIENDLY_NAME>MS Works</FRIENDLY_NAME>
               <PATH>C:\Program Files\Micros
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\PhotoPrintingWizard\Lexmark Pro200 Series (Netzwerk)]
"PrintCapabilites"="<?xml version="1.0"?>
<psf:PrintCapabilities version="1" xmlns:xsl="hxxp://www.w3.org/1999/XSL/Transform" xmlns:xs="hxxp://www.w3.org/2001/XMLSchema" xmlns:xsd="hxxp://www.w3.org/2001/XMLSchema" xmlns:xsi="hxxp://www.w3.org/2001/XMLSchema-instance" xmlns:psk="hxxp://schemas.microsoft.com/windows/2003/08/printing/printschemakeywords" xmlns:psf="hxxp://schemas.microsoft.com/windows/2003/08/printing/printschemaframework" xmlns:cfg="hxxp://schemas.lexmark.com/2006/01/config" xmlns:lps="hxxp://schemas.lexmark.com/2006/01/lexmarkprintschema"><psf:Feature name="psk:JobCollateAllDocuments">
		<psf:Option name="psk:Collated">
			<psf:Property name="lps:Default"/>
			<psf:Property name="lps:DMValue">
				<psf:Value xsi:type="xs:integer">1</psf:Value>
			</psf:Property>
			<psf:Property name="psk:DisplayName"><psf:Value xsi:type="xs:string">Ein</psf:Value></psf:Property>
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\PhotoPrintingWizard\Lexmark Pro700 Series (Netzwerk)]
"PrintCapabilites"="<?xml version="1.0"?>
<psf:PrintCapabilities version="1" xmlns:xsl="hxxp://www.w3.org/1999/XSL/Transform" xmlns:xs="hxxp://www.w3.org/2001/XMLSchema" xmlns:xsd="hxxp://www.w3.org/2001/XMLSchema" xmlns:xsi="hxxp://www.w3.org/2001/XMLSchema-instance" xmlns:psk="hxxp://schemas.microsoft.com/windows/2003/08/printing/printschemakeywords" xmlns:psf="hxxp://schemas.microsoft.com/windows/2003/08/printing/printschemaframework" xmlns:cfg="hxxp://schemas.lexmark.com/2006/01/config" xmlns:lps="hxxp://schemas.lexmark.com/2006/01/lexmarkprintschema"><psf:Feature name="psk:JobCollateAllDocuments">
		<psf:Option name="psk:Collated">
			<psf:Property name="lps:Default"/>
			<psf:Property name="lps:DMValue">
				<psf:Value xsi:type="xs:integer">1</psf:Value>
			</psf:Property>
			<psf:Property name="psk:DisplayName"><psf:Value xsi:type="xs:string">Ein</psf:Value></psf:Property>
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\PhotoPrintingWizard\Lexmark Pro700 Series (Netzwerk) (Kopie 1)]
"PrintCapabilites"="<?xml version="1.0"?>
<psf:PrintCapabilities version="1" xmlns:xsl="hxxp://www.w3.org/1999/XSL/Transform" xmlns:xs="hxxp://www.w3.org/2001/XMLSchema" xmlns:xsd="hxxp://www.w3.org/2001/XMLSchema" xmlns:xsi="hxxp://www.w3.org/2001/XMLSchema-instance" xmlns:psk="hxxp://schemas.microsoft.com/windows/2003/08/printing/printschemakeywords" xmlns:psf="hxxp://schemas.microsoft.com/windows/2003/08/printing/printschemaframework" xmlns:cfg="hxxp://schemas.lexmark.com/2006/01/config" xmlns:lps="hxxp://schemas.lexmark.com/2006/01/lexmarkprintschema"><psf:Feature name="psk:JobCollateAllDocuments">
		<psf:Option name="psk:Collated">
			<psf:Property name="lps:Default"/>
			<psf:Property name="lps:DMValue">
				<psf:Value xsi:type="xs:integer">1</psf:Value>
			</psf:Property>
			<psf:Property name="psk:DisplayName"><psf:Value xsi:type="xs:string">Ein</psf:Value></psf
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\JNLP]
"Comments"="JNLP                                                        "
[HKEY_LOCAL_MACHINE\HARDWARE\DEVICEMAP\Scsi\Scsi Port 4\Scsi Bus 0\Target Id 0\Logical Unit Id 0]
"Identifier"="IF2382U RVE620T         2.0B"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\GameUX\Games\{A3DD820C-F022-4A8C-ADC1-F8B1DF42D0B4}]
"RatingsInfo"="<Ratings xmlns="urn:schemas-microsoft-com:GameDescription.v1">
            <Rating ratingSystemID="{768BD93D-63BE-46A9-8994-0B53C4B5248F}" ratingID="{18CD34B7-7AA3-42b9-A303-5A729B2FF228}"/>
            <Rating ratingSystemID="{36798944-B235-48ac-BF21-E25671F597EE}" ratingID="{044D131F-D763-4975-9BB4-8C24CC331063}"/>
            <Rating ratingSystemID="{5B39D1B8-ED49-4055-8A47-04B29A579AD6}" ratingID="{79F6B936-0C8F-4d67-90A6-B7B2E0F37973}"/>
            <Rating ratingSystemID="{C705DCF4-6AFE-4f4f-BC51-21807E4E5CFB}" ratingID="{B3F8E60B-DF77-4104-88AC-F5919C64649A}"/>
            <Rating ratingSystemID="{EC290BBB-D618-4cb9-9963-1CAAE515443E}" ratingID="{997B7D18-2AFA-49dc-847B-0E8A69723040}"/>
        </Ratings>"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN\Plugin\Microsoft.PowerShell]
"ConfigXML"="             <PlugInConfiguration xmlns="hxxp://schemas.microsoft.com/wbem/wsman/1/config/PluginConfiguration" Name="microsoft.powershell" Filename="%windir%\system32\pwrshplugin.dll" SDKVersion="1" XmlRenderingType="text" >                 <InitializationParameters>                     <Param Name="PSVersion" Value="2.0"/>                 </InitializationParameters>                 <Resources>                     <Resource ResourceUri="hxxp://schemas.microsoft.com/powershell/microsoft.powershell" SupportsOptions="true" ExactMatch="true">                         <Security xmlns="hxxp://schemas.microsoft.com/wbem/wsman/1/config/PluginConfiguration" Uri="hxxp://schemas.microsoft.com/powershell/microsoft.powershell" ExactMatch="true" Sddl="O:NSG:BAD:P(A;;GA;;;BA)S:P(AU;FA;GA;;;WD)(AU;SA;GXGW;;;WD)"/>                         <Capability Type="Shell"/>                     </Resource>                 </Res
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{EEC5AD98-8080-425F-922A-DABF3DE3F69A}\0009]
"FriendlyName"="USB             "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\WpdBusEnumRoot\UMB\2&37c186b&2&STORAGE#VOLUME#1&19F7E59C&0&_??_USBSTOR#DISK&VEN_&PROD_&REV_#11101417000440&0#]
"DeviceDesc"="                "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\WpdBusEnumRoot\UMB\2&37c186b&2&STORAGE#VOLUME#1&19F7E59C&0&_??_USBSTOR#DISK&VEN_&PROD_USB_2.0&REV_1.0#2008101616585415607&0#]
"DeviceDesc"="USB 2.0         "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\WpdBusEnumRoot\UMB\2&37c186b&2&STORAGE#VOLUME#1&19F7E59C&0&_??_USBSTOR#DISK&VEN_INTENSO&PROD_RAINBOW&REV_#11081100018395&0#]
"DeviceDesc"="Rainbow         "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\WpdBusEnumRoot\UMB\2&37c186b&2&STORAGE#VOLUME#1&19F7E59C&0&_??_USBSTOR#DISK&VEN_INTENSO&PROD_USB&REV_1100#AA04012900007595&0#]
"DeviceDesc"="USB             "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\WpdBusEnumRoot\UMB\2&37c186b&2&STORAGE#VOLUME#1&19F7E59C&0&_??_USBSTOR#DISK&VEN_NOKIA&PROD_S60&REV_1.0#356064038401036&0#]
"DeviceDesc"="S60             "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\WpdBusEnumRoot\UMB\2&37c186b&2&STORAGE#VOLUME#1&19F7E59C&0&_??_USBSTOR#DISK&VEN_NOKIA&PROD_S60&REV_1.0#356064038401036&1#]
"DeviceDesc"="S60             "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\WpdBusEnumRoot\UMB\2&37c186b&2&STORAGE#VOLUME#1&19F7E59C&0&_??_USBSTOR#DISK&VEN_USB&PROD_DISK&REV_PMAP#90BA1900E1C00458&0#]
"DeviceDesc"="DISK            "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{EEC5AD98-8080-425F-922A-DABF3DE3F69A}\0009]
"FriendlyName"="USB             "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\WpdBusEnumRoot\UMB\2&37c186b&2&STORAGE#VOLUME#1&19F7E59C&0&_??_USBSTOR#DISK&VEN_&PROD_&REV_#11101417000440&0#]
"DeviceDesc"="                "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\WpdBusEnumRoot\UMB\2&37c186b&2&STORAGE#VOLUME#1&19F7E59C&0&_??_USBSTOR#DISK&VEN_&PROD_USB_2.0&REV_1.0#2008101616585415607&0#]
"DeviceDesc"="USB 2.0         "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\WpdBusEnumRoot\UMB\2&37c186b&2&STORAGE#VOLUME#1&19F7E59C&0&_??_USBSTOR#DISK&VEN_INTENSO&PROD_RAINBOW&REV_#11081100018395&0#]
"DeviceDesc"="Rainbow         "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\WpdBusEnumRoot\UMB\2&37c186b&2&STORAGE#VOLUME#1&19F7E59C&0&_??_USBSTOR#DISK&VEN_INTENSO&PROD_USB&REV_1100#AA04012900007595&0#]
"DeviceDesc"="USB             "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\WpdBusEnumRoot\UMB\2&37c186b&2&STORAGE#VOLUME#1&19F7E59C&0&_??_USBSTOR#DISK&VEN_NOKIA&PROD_S60&REV_1.0#356064038401036&0#]
"DeviceDesc"="S60             "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\WpdBusEnumRoot\UMB\2&37c186b&2&STORAGE#VOLUME#1&19F7E59C&0&_??_USBSTOR#DISK&VEN_NOKIA&PROD_S60&REV_1.0#356064038401036&1#]
"DeviceDesc"="S60             "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\WpdBusEnumRoot\UMB\2&37c186b&2&STORAGE#VOLUME#1&19F7E59C&0&_??_USBSTOR#DISK&VEN_USB&PROD_DISK&REV_PMAP#90BA1900E1C00458&0#]
"DeviceDesc"="DISK            "
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{EEC5AD98-8080-425F-922A-DABF3DE3F69A}\0009]
"FriendlyName"="USB             "
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\WpdBusEnumRoot\UMB\2&37c186b&2&STORAGE#VOLUME#1&19F7E59C&0&_??_USBSTOR#DISK&VEN_&PROD_&REV_#11101417000440&0#]
"DeviceDesc"="                "
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\WpdBusEnumRoot\UMB\2&37c186b&2&STORAGE#VOLUME#1&19F7E59C&0&_??_USBSTOR#DISK&VEN_&PROD_USB_2.0&REV_1.0#2008101616585415607&0#]
"DeviceDesc"="USB 2.0         "
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\WpdBusEnumRoot\UMB\2&37c186b&2&STORAGE#VOLUME#1&19F7E59C&0&_??_USBSTOR#DISK&VEN_INTENSO&PROD_RAINBOW&REV_#11081100018395&0#]
"DeviceDesc"="Rainbow         "
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\WpdBusEnumRoot\UMB\2&37c186b&2&STORAGE#VOLUME#1&19F7E59C&0&_??_USBSTOR#DISK&VEN_INTENSO&PROD_USB&REV_1100#AA04012900007595&0#]
"DeviceDesc"="USB             "
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\WpdBusEnumRoot\UMB\2&37c186b&2&STORAGE#VOLUME#1&19F7E59C&0&_??_USBSTOR#DISK&VEN_NOKIA&PROD_S60&REV_1.0#356064038401036&0#]
"DeviceDesc"="S60             "
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\WpdBusEnumRoot\UMB\2&37c186b&2&STORAGE#VOLUME#1&19F7E59C&0&_??_USBSTOR#DISK&VEN_NOKIA&PROD_S60&REV_1.0#356064038401036&1#]
"DeviceDesc"="S60             "
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\WpdBusEnumRoot\UMB\2&37c186b&2&STORAGE#VOLUME#1&19F7E59C&0&_??_USBSTOR#DISK&VEN_USB&PROD_DISK&REV_PMAP#90BA1900E1C00458&0#]
"DeviceDesc"="DISK            "
[HKEY_USERS\S-1-5-21-723902195-3043266244-887298501-1000\Software\LexmarkInkjet\App List Manager v2]
"AppList"="     <DESTINATION>
          <APP>
               <FRIENDLY_NAME>Fotogalerie</FRIENDLY_NAME>
               <PATH>C:\Program Files\Windows Photo Gallery\WindowsPhotoGallery.EXE</PATH>
               <DEFAULT_FILE_TYPE>JPG</DEFAULT_FILE_TYPE>
          </APP>
     </DESTINATION>
     <DESTINATION>
          <APP>
               <FRIENDLY_NAME>MS Paint</FRIENDLY_NAME>
               <PATH>C:\Windows\system32\mspaint.exe</PATH>
               <DEFAULT_FILE_TYPE>JPG</DEFAULT_FILE_TYPE>
          </APP>
     </DESTINATION>
     <DESTINATION>
          <APP>
               <FRIENDLY_NAME>MS Word</FRIENDLY_NAME>
               <PATH>C:\Program Files\Microsoft Office\Office12\WINWORD.EXE</PATH>
               <DEFAULT_FILE_TYPE>RTF</DEFAULT_FILE_TYPE>
          </APP>
     </DESTINATION>
     <DESTINATION>
          <APP>
               <FRIENDLY_NAME>MS Works</FRIENDLY_NAME>
      
[HKEY_USERS\S-1-5-21-723902195-3043266244-887298501-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\PhotoPrintingWizard\Lexmark Pro200 Series (Netzwerk)]
"PrintCapabilites"="<?xml version="1.0"?>
<psf:PrintCapabilities version="1" xmlns:xsl="hxxp://www.w3.org/1999/XSL/Transform" xmlns:xs="hxxp://www.w3.org/2001/XMLSchema" xmlns:xsd="hxxp://www.w3.org/2001/XMLSchema" xmlns:xsi="hxxp://www.w3.org/2001/XMLSchema-instance" xmlns:psk="hxxp://schemas.microsoft.com/windows/2003/08/printing/printschemakeywords" xmlns:psf="hxxp://schemas.microsoft.com/windows/2003/08/printing/printschemaframework" xmlns:cfg="hxxp://schemas.lexmark.com/2006/01/config" xmlns:lps="hxxp://schemas.lexmark.com/2006/01/lexmarkprintschema"><psf:Feature name="psk:JobCollateAllDocuments">
		<psf:Option name="psk:Collated">
			<psf:Property name="lps:Default"/>
			<psf:Property name="lps:DMValue">
				<psf:Value xsi:type="xs:integer">1</psf:Value>
			</psf:Property>
			<psf:Property name="psk:DisplayName"><psf:Value xsi:type="xs:
[HKEY_USERS\S-1-5-21-723902195-3043266244-887298501-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\PhotoPrintingWizard\Lexmark Pro700 Series (Netzwerk)]
"PrintCapabilites"="<?xml version="1.0"?>
<psf:PrintCapabilities version="1" xmlns:xsl="hxxp://www.w3.org/1999/XSL/Transform" xmlns:xs="hxxp://www.w3.org/2001/XMLSchema" xmlns:xsd="hxxp://www.w3.org/2001/XMLSchema" xmlns:xsi="hxxp://www.w3.org/2001/XMLSchema-instance" xmlns:psk="hxxp://schemas.microsoft.com/windows/2003/08/printing/printschemakeywords" xmlns:psf="hxxp://schemas.microsoft.com/windows/2003/08/printing/printschemaframework" xmlns:cfg="hxxp://schemas.lexmark.com/2006/01/config" xmlns:lps="hxxp://schemas.lexmark.com/2006/01/lexmarkprintschema"><psf:Feature name="psk:JobCollateAllDocuments">
		<psf:Option name="psk:Collated">
			<psf:Property name="lps:Default"/>
			<psf:Property name="lps:DMValue">
				<psf:Value xsi:type="xs:integer">1</psf:Value>
			</psf:Property>
			<psf:Property name="psk:DisplayName"><psf:Value xsi:type="xs:
[HKEY_USERS\S-1-5-21-723902195-3043266244-887298501-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\PhotoPrintingWizard\Lexmark Pro700 Series (Netzwerk) (Kopie 1)]
"PrintCapabilites"="<?xml version="1.0"?>
<psf:PrintCapabilities version="1" xmlns:xsl="hxxp://www.w3.org/1999/XSL/Transform" xmlns:xs="hxxp://www.w3.org/2001/XMLSchema" xmlns:xsd="hxxp://www.w3.org/2001/XMLSchema" xmlns:xsi="hxxp://www.w3.org/2001/XMLSchema-instance" xmlns:psk="hxxp://schemas.microsoft.com/windows/2003/08/printing/printschemakeywords" xmlns:psf="hxxp://schemas.microsoft.com/windows/2003/08/printing/printschemaframework" xmlns:cfg="hxxp://schemas.lexmark.com/2006/01/config" xmlns:lps="hxxp://schemas.lexmark.com/2006/01/lexmarkprintschema"><psf:Feature name="psk:JobCollateAllDocuments">
		<psf:Option name="psk:Collated">
			<psf:Property name="lps:Default"/>
			<psf:Property name="lps:DMValue">
				<psf:Value xsi:type="xs:integer">1</psf:Value>
			</psf:Property>
			<psf:Property name="psk:DisplayName"><psf:Value xsi
[HKEY_USERS\S-1-5-21-723902195-3043266244-887298501-1000\Software\Microsoft\Windows\CurrentVersion\Uninstall\JNLP]
"Comments"="JNLP                                                        "

-= EOF =-

Keine Probleme mit sonstiger Malware
Notebook läuft gefühlte 5x flüssiger, als wäre er neu

Aufjedenfall dickes

27.06.2013, 19:54	#7
M-K-D-B /// TB-Ausbilder	GVU Trojaner, entsperren/entfernen mit Farbar-Programm Servus, Rechner komplett ausschalten und neu starten. Ggf. im abgesicherten Modus starten, wenn der normale Modus nicht funktioniert. Berichte mir, ob sich eine Besserung ergeben hat.

GVU Trojaner, entsperren/entfernen mit Farbar-Programm

Plagegeister aller Art und deren Bekämpfung: GVU Trojaner, entsperren/entfernen mit Farbar-Programm