| |
| |||||||
Log-Analyse und Auswertung: pc langsam, firefox lässt sich nicht gleich öffnen...Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
30.06.2013, 21:01
| #1 |
| |  pc langsam, firefox lässt sich nicht gleich öffnen... Guten Tag, ich hoffe dass ich bei meinem ersten post alles richtig mache, falls nicht bitte ich um Verzeihung. Seit einiger Zeit ist mein Laptop sehr langsam geworden, firefox lässt sich manchmal fast gar nicht starten und seit kurzem kommen ungewollt überall auf jeder webseite die ich besuche unkontrollierte Werbeanzeigen. Ich habe heute eine yontoo toolbar glaube ich entdeckt und dann den spyhunter 4 runtergeladen was glaube ich nicht so eine gute Idee war wie ich hier lesen konnte  .Ich befürchte dass ich einige Viren und malware auf meinem Laptop habe. Ich hoffe dass Ihr mir weiterhelfen könnt. Vielen Dank, Gruß Tomi edit: ich hoffe dass meine log files in ordnung sind, Gmer.txt kann ich nicht posten da bei der anwendung zu erst ein fehler aufgetreten ist und sie beendet wurde und beim zweiten mal wurde mein Laptop einfach so unerwartet runtergefahren.OTL Logfile: Code:
ATTFilter OTL logfile created on: 30.06.2013 21:19:00 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\tomislav\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 7.0.6002.18005) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,97 Gb Total Physical Memory | 1,74 Gb Available Physical Memory | 58,65% Memory free 6,14 Gb Paging File | 4,91 Gb Available in Paging File | 80,07% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 223,07 Gb Total Space | 119,59 Gb Free Space | 53,61% Space Free | Partition Type: NTFS Computer Name: TOMISLAV-PC | User Name: tomislav | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.06.30 21:02:58 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\tomislav\Desktop\OTL.exe PRC - [2013.05.13 05:10:41 | 000,216,968 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.3.21.145\GoogleCrashHandler.exe PRC - [2013.05.10 09:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2013.04.17 03:17:26 | 000,042,784 | ---- | M] (Yontoo LLC) -- C:\Users\tomislav\AppData\Roaming\Yontoo\YontooDesktop.exe PRC - [2013.04.17 03:17:26 | 000,023,552 | ---- | M] (Microsoft) -- C:\Program Files\Yontoo\Y2Desktop.Updater.exe PRC - [2013.03.11 16:16:26 | 000,132,504 | ---- | M] (Symantec Corporation) -- C:\Program Files\Norton PC Checkup 3.0\SymcPCCULaunchSvc.exe PRC - [2010.04.11 22:19:40 | 000,604,488 | ---- | M] (TuneUp Software) -- C:\Windows\System32\TUProgSt.exe PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2008.11.05 18:32:28 | 000,203,624 | ---- | M] (Sony Corporation) -- C:\Program Files\sony\VAIO Event Service\VESMgr.exe PRC - [2008.11.05 18:32:28 | 000,100,472 | ---- | M] (Sony Corporation) -- C:\Program Files\sony\VAIO Event Service\VESMgrSub.exe PRC - [2008.11.05 16:53:56 | 000,303,104 | ---- | M] (Sony Corporation) -- C:\Program Files\sony\Network Utility\NSUService.exe PRC - [2008.10.20 22:18:26 | 000,071,096 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe PRC - [2008.10.17 12:50:42 | 000,104,992 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RTKAUDIOSERVICE.EXE PRC - [2008.09.18 10:59:10 | 000,104,960 | ---- | M] (ArcSoft, Inc.) -- C:\Program Files\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe PRC - [2008.09.11 19:28:26 | 000,446,464 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe PRC - [2008.09.08 09:59:54 | 000,192,512 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe PRC - [2008.09.08 09:59:52 | 000,279,848 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe PRC - [2008.09.05 11:56:58 | 000,411,488 | ---- | M] (Sony Corporation) -- C:\Program Files\sony\VAIO Power Management\SPMService.exe PRC - [2008.09.05 11:54:58 | 001,771,360 | ---- | M] (Sony Corporation) -- C:\Program Files\sony\VAIO Power Management\SPMgr.exe PRC - [2008.08.20 16:38:30 | 000,860,160 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe PRC - [2008.08.20 16:08:02 | 000,466,944 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe PRC - [2008.01.21 04:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe PRC - [2008.01.16 09:51:44 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe ========== Modules (No Company Name) ========== MOD - [2013.06.30 20:55:02 | 000,013,600 | ---- | M] () -- C:\Users\tomislav\AppData\Roaming\Yontoo\dat\Desktop.OS.Plugin.dll MOD - [2013.05.16 18:31:00 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\3da65115bf9debbf564861f6b123a2e4\System.Configuration.ni.dll MOD - [2013.05.16 18:23:18 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\e9ea3e70247b4aa4a8b260426db3aa6b\System.Windows.Forms.ni.dll MOD - [2013.01.10 15:30:12 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\b757806657fa5db2b1ed1a89b026b463\System.Xml.ni.dll MOD - [2013.01.10 15:29:01 | 001,593,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\78157a494dc9a7e52be8840decfcd9cc\System.Drawing.ni.dll MOD - [2013.01.10 15:26:45 | 007,977,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\cc149d08e75f8c53cd28ac926b38c370\System.ni.dll MOD - [2013.01.10 15:26:22 | 011,492,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\2227d1559f87943255069398608d5c56\mscorlib.ni.dll MOD - [2012.12.12 07:34:13 | 005,025,792 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll MOD - [2012.10.08 13:01:09 | 000,110,592 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\SMDiagnostics\3.0.0.0__b77a5c561934e089\SMDiagnostics.dll MOD - [2012.10.08 13:01:06 | 005,967,872 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.ServiceModel\3.0.0.0__b77a5c561934e089\System.ServiceModel.dll MOD - [2012.10.08 13:01:03 | 000,970,752 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Serialization\3.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll MOD - [2012.10.08 13:01:03 | 000,438,272 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.IdentityModel\3.0.0.0__b77a5c561934e089\System.IdentityModel.dll MOD - [2012.10.05 12:59:03 | 003,194,880 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll MOD - [2012.10.05 12:59:03 | 000,630,784 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll MOD - [2012.08.31 13:01:10 | 004,550,656 | ---- | M] () -- C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll MOD - [2011.12.27 04:51:23 | 005,251,072 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll MOD - [2010.07.04 23:32:38 | 000,010,752 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerCOM.dll MOD - [2009.12.09 08:54:50 | 000,495,616 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.ServiceModel.resources\3.0.0.0_de_b77a5c561934e089\System.ServiceModel.resources.dll MOD - [2009.03.30 06:42:20 | 002,048,000 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll MOD - [2009.03.30 06:42:19 | 000,261,632 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll MOD - [2009.03.30 06:42:19 | 000,114,688 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll MOD - [2009.03.30 06:42:18 | 000,372,736 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll MOD - [2009.03.30 06:42:17 | 000,425,984 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll MOD - [2009.03.30 06:42:11 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2009.03.30 06:42:10 | 000,010,752 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll MOD - [2009.02.18 20:38:39 | 000,126,976 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.IdentityModel.Selectors\3.0.0.0__b77a5c561934e089\System.IdentityModel.Selectors.dll MOD - [2008.10.23 14:39:57 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\SPMDam\3.1.0.6020__1b3c579b6925895f\SPMDam.dll MOD - [2008.10.23 14:39:51 | 000,086,016 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\SPMCommon\3.1.0.6020__e3c7096ba83f9295\SPMCommon.dll MOD - [2008.10.07 03:47:25 | 000,159,744 | ---- | M] () -- C:\Windows\System32\atitmmxx.dll MOD - [2008.09.16 20:18:06 | 000,132,608 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll ========== Services (SafeList) ========== SRV - File not found [Auto | Running] -- C:\Program Files\Yontoo\Y2Desktop.Updater.exe C:\Users\tomislav\AppData\Roaming\Yontoo\YontooDesktop.exe -- (Yontoo Desktop Updater) SRV - [2013.06.12 01:06:14 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013.05.10 09:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2013.03.27 04:16:39 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013.03.11 16:16:26 | 000,132,504 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton PC Checkup 3.0\SymcPCCULaunchSvc.exe -- (Norton PC Checkup Application Launcher) SRV - [2012.10.29 13:04:42 | 000,206,448 | ---- | M] (Kaspersky Lab ZAO) [Auto | Stopped] -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe -- (AVP) SRV - [2012.09.05 17:56:44 | 000,234,776 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\3.0.285\McCHSvc.exe -- (McComponentHostService) SRV - [2012.07.13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2010.04.11 22:19:40 | 000,604,488 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\System32\TUProgSt.exe -- (TuneUp.ProgramStatisticsSvc) SRV - [2010.04.11 22:19:40 | 000,361,288 | ---- | M] (TuneUp Software) [On_Demand | Stopped] -- C:\Windows\System32\TuneUpDefragService.exe -- (TuneUp.Defrag) SRV - [2010.03.18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon) SRV - [2009.07.15 11:48:20 | 000,029,000 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\System32\uxtuneup.dll -- (UxTuneUp) SRV - [2008.11.05 18:32:28 | 000,203,624 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\sony\VAIO Event Service\VESMgr.exe -- (VAIO Event Service) SRV - [2008.11.05 16:53:56 | 000,303,104 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\sony\Network Utility\NSUService.exe -- (NSUService) SRV - [2008.10.21 10:52:38 | 000,353,568 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\sony\VAIO Media plus\SOHDms.exe -- (SOHDms) SRV - [2008.10.21 10:52:38 | 000,062,752 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\sony\VAIO Media plus\SOHDs.exe -- (SOHDs) SRV - [2008.10.21 10:52:36 | 000,103,712 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\sony\VAIO Media plus\SOHCImp.exe -- (SOHCImp) SRV - [2008.10.20 22:18:26 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU) SRV - [2008.10.17 12:50:42 | 000,104,992 | ---- | M] (Realtek Semiconductor) [Auto | Running] -- C:\Windows\RTKAUDIOSERVICE.EXE -- (RtkAudioService) SRV - [2008.09.18 10:59:10 | 000,104,960 | ---- | M] (ArcSoft, Inc.) [Auto | Running] -- C:\Program Files\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe -- (uCamMonitor) SRV - [2008.09.11 19:28:26 | 000,446,464 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe -- (VCFw) SRV - [2008.09.08 09:59:56 | 000,073,728 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe -- (VAIO Entertainment TV Device Arbitration Service) SRV - [2008.09.08 09:59:54 | 000,192,512 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe -- (VzCdbSvc) SRV - [2008.09.08 09:59:52 | 000,279,848 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe -- (Vcsw) SRV - [2008.09.05 11:56:58 | 000,411,488 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\sony\VAIO Power Management\SPMService.exe -- (VAIO Power Management) SRV - [2008.08.20 16:38:30 | 000,860,160 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) SRV - [2008.08.20 16:08:02 | 000,466,944 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) SRV - [2008.06.11 23:13:24 | 000,337,184 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe -- (VcmIAlzMgr) SRV - [2008.06.11 23:10:48 | 000,083,232 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe -- (VcmXmlIfHelper) SRV - [2008.05.20 01:51:34 | 000,077,824 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV) SRV - [2008.05.20 01:49:04 | 000,053,248 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV) SRV - [2008.05.20 01:29:06 | 000,053,248 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR) SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2008.01.16 09:51:44 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | Disabled | Stopped] -- system32\DRIVERS\UIUSYS.SYS -- (UIUSys) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | Auto | Stopped] -- system32\DRIVERS\mdmxsdk.sys -- (mdmxsdk) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\igdkmd32.sys -- (igfx) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\HSXHWAZL.sys -- (HSXHWAZL) DRV - [2013.02.06 07:42:10 | 000,083,864 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudbus.sys -- (dg_ssudbus) DRV - [2011.04.20 15:50:14 | 000,570,160 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\System32\drivers\klif.sys -- (KLIF) DRV - [2011.03.10 19:36:18 | 000,023,856 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\System32\drivers\klim6.sys -- (KLIM6) DRV - [2011.03.04 14:23:20 | 000,011,352 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\System32\drivers\kl2.sys -- (kl2) DRV - [2011.03.04 14:23:14 | 000,133,208 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\kl1.sys -- (kl1) DRV - [2010.07.04 21:51:26 | 000,004,096 | ---- | M] () [Kernel | Unavailable | Unknown] -- C:\Program Files\Unlocker\UnlockerDriver5.sys -- (UnlockerDriver5) DRV - [2009.11.02 21:27:16 | 000,019,984 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\klmouflt.sys -- (klmouflt) DRV - [2009.05.04 07:00:01 | 000,077,004 | ---- | M] (Oak Technology Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\AFS.SYS -- (AFS) DRV - [2009.04.19 03:19:36 | 000,717,296 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sptd.sys -- (sptd) DRV - [2008.10.07 03:47:20 | 003,847,168 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag) DRV - [2008.10.03 02:00:56 | 000,046,592 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\risdptsk.sys -- (risdptsk) DRV - [2008.08.28 23:48:46 | 003,664,384 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) DRV - [2008.08.22 16:22:42 | 000,010,216 | ---- | M] (Sony Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\DMICall.sys -- (DMICall) DRV - [2008.08.22 02:06:22 | 000,009,344 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SFEP.sys -- (SFEP) DRV - [2008.06.28 02:33:45 | 000,068,608 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk) DRV - [2008.06.10 02:04:47 | 000,909,824 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\athr.sys -- (athr) DRV - [2008.06.07 02:02:55 | 000,131,000 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\WimFltr.sys -- (WimFltr) DRV - [2008.05.16 12:33:14 | 000,115,752 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016unic.sys -- (s0016unic) DRV - [2008.05.16 12:33:14 | 000,025,512 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016nd5.sys -- (s0016nd5) DRV - [2008.05.16 12:33:14 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016mdfl.sys -- (s0016mdfl) DRV - [2008.05.16 12:33:12 | 000,120,744 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016mdm.sys -- (s0016mdm) DRV - [2008.05.16 12:33:12 | 000,114,216 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016mgmt.sys -- (s0016mgmt) DRV - [2008.05.16 12:33:12 | 000,110,632 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016obex.sys -- (s0016obex) DRV - [2008.05.16 12:33:12 | 000,089,256 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016bus.sys -- (s0016bus) DRV - [2008.04.24 14:06:40 | 000,017,920 | ---- | M] (ArcSoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ArcSoftKsUFilter.sys -- (ArcSoftKsUFilter) DRV - [2008.01.09 13:28:34 | 000,027,632 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\seehcri.sys -- (seehcri) DRV - [2007.05.23 23:26:34 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BVRPMPR5.SYS -- (BVRPMPR5) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.club-vaio.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {D645DA1C-3672-4AE1-AD32-6ADE02A88FD2} IE - HKLM\..\SearchScopes\{D645DA1C-3672-4AE1-AD32-6ADE02A88FD2}: "URL" = hxxp://www.google.de/search?hl=de&q={searchTerms}&meta= IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.club-vaio.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.sonystyle-europe.com?cs [Binary data over 200 bytes] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb128\SearchSettings.dll (Spigot, Inc.) IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://www2.delta-search.com/?q={searchTerms}&affID=120519&babsrc=SP_ss&mntrId=9EA600215DEAB856 IE - HKCU\..\SearchScopes\{211C04C6-B620-4ECC-9FBE-9505793150E1}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=867034&p={searchTerms} IE - HKCU\..\SearchScopes\{D645DA1C-3672-4AE1-AD32-6ADE02A88FD2}: "URL" = hxxp://www.google.de/search?hl=de&q={searchTerms}&meta= IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.update: false FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "https://www.google.de/" FF - prefs.js..extensions.enabledAddons: toolbar%40web.de:2.6.1 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0 FF - prefs.js..extensions.enabledItems: {7b13ec3e-999a-4b70-b9cb-2617b8323822}:3.8.1.0 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: virtualKeyboard@kaspersky.ru:12.0.0.449 FF - prefs.js..extensions.enabledItems: linkfilter@kaspersky.ru:12.0.0.449 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\tomislav\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( ) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\FFExt\virtualKeyboard@kaspersky.ru [2012.10.29 13:04:55 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\linkfilter@kaspersky.ru: C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\FFExt\linkfilter@kaspersky.ru [2012.10.29 13:04:55 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.04.22 19:30:33 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.05.16 21:11:34 | 000,000,000 | ---D | M] [2013.04.04 16:53:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\tomislav\AppData\Roaming\mozilla\Extensions [2013.04.04 16:53:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\tomislav\AppData\Roaming\mozilla\Extensions\home2@tomtom.com [2013.06.30 20:07:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\tomislav\AppData\Roaming\mozilla\Firefox\Profiles\noa2du0z.default\extensions [2009.07.25 10:03:34 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\tomislav\AppData\Roaming\mozilla\Firefox\Profiles\noa2du0z.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}(463) [2013.02.09 16:57:59 | 000,000,000 | ---D | M] (Zynga Community Toolbar) -- C:\Users\tomislav\AppData\Roaming\mozilla\Firefox\Profiles\noa2du0z.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822} [2013.04.30 22:03:36 | 000,000,000 | ---D | M] (Yontoo) -- C:\Users\tomislav\AppData\Roaming\mozilla\Firefox\Profiles\noa2du0z.default\extensions\plugin@yontoo.com [2013.06.15 21:43:37 | 000,134,804 | ---- | M] () (No name found) -- C:\Users\tomislav\AppData\Roaming\mozilla\firefox\profiles\noa2du0z.default\extensions\adblockpopups@jessehakanen.net.xpi [2013.06.27 07:00:52 | 000,613,211 | ---- | M] () (No name found) -- C:\Users\tomislav\AppData\Roaming\mozilla\firefox\profiles\noa2du0z.default\extensions\toolbar@web.de.xpi [2013.06.15 21:40:42 | 000,013,345 | ---- | M] () (No name found) -- C:\Users\tomislav\AppData\Roaming\mozilla\firefox\profiles\noa2du0z.default\extensions\{4DC70064-89E2-4a55-8FC6-E8CDEAE3618C}.xpi [2013.06.16 15:06:28 | 000,870,680 | ---- | M] () (No name found) -- C:\Users\tomislav\AppData\Roaming\mozilla\firefox\profiles\noa2du0z.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2011.12.19 19:23:40 | 000,000,933 | ---- | M] () -- C:\Users\tomislav\AppData\Roaming\mozilla\firefox\profiles\noa2du0z.default\searchplugins\11-suche.xml [2013.05.01 22:59:03 | 000,006,473 | ---- | M] () -- C:\Users\tomislav\AppData\Roaming\mozilla\firefox\profiles\noa2du0z.default\searchplugins\babylon.xml [2011.12.19 19:23:40 | 000,002,419 | ---- | M] () -- C:\Users\tomislav\AppData\Roaming\mozilla\firefox\profiles\noa2du0z.default\searchplugins\englische-ergebnisse.xml [2011.12.19 19:23:40 | 000,010,525 | ---- | M] () -- C:\Users\tomislav\AppData\Roaming\mozilla\firefox\profiles\noa2du0z.default\searchplugins\gmx-suche.xml [2011.12.19 19:23:40 | 000,002,457 | ---- | M] () -- C:\Users\tomislav\AppData\Roaming\mozilla\firefox\profiles\noa2du0z.default\searchplugins\lastminute.xml [2009.05.29 04:50:28 | 000,001,768 | ---- | M] () -- C:\Users\tomislav\AppData\Roaming\mozilla\firefox\profiles\noa2du0z.default\searchplugins\search-the-web.xml [2011.12.19 19:23:40 | 000,005,508 | ---- | M] () -- C:\Users\tomislav\AppData\Roaming\mozilla\firefox\profiles\noa2du0z.default\searchplugins\webde-suche.xml [2013.04.22 19:30:26 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2012.09.07 16:01:34 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2012.01.31 18:46:53 | 000,000,000 | ---D | M] (Kaspersky URL Advisor) -- C:\Program Files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru_bak2 [2009.07.09 04:22:29 | 000,000,000 | ---D | M] (Search Settings Plugin) -- C:\Program Files\Mozilla Firefox\extensions\search@searchsettings.com [2013.04.22 19:30:26 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\distribution\extensions [2013.04.22 19:30:26 | 000,000,000 | ---D | M] (WEB.DE MailCheck) -- C:\Program Files\Mozilla Firefox\distribution\extensions\toolbar@web.de [2013.03.27 04:17:36 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2013.03.27 05:32:09 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2013.04.30 22:03:20 | 000,006,470 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml [2013.03.27 05:32:09 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2013.03.27 05:32:09 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2013.03.27 05:32:09 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2013.03.27 05:32:09 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2013.03.27 05:32:09 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - plugin: iTunes Application Detector (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll CHR - Extension: Google Docs = C:\Users\tomislav\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\ CHR - Extension: Google Drive = C:\Users\tomislav\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\ CHR - Extension: YouTube = C:\Users\tomislav\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Google-Suche = C:\Users\tomislav\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\ CHR - Extension: Modul zur Link-Untersuchung = C:\Users\tomislav\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.0.477_0\ CHR - Extension: Virtuelle Tastatur = C:\Users\tomislav\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\12.0.0.477_0\ CHR - Extension: Google Mail = C:\Users\tomislav\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ CHR - Extension: Anti-Banner = C:\Users\tomislav\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\12.0.0.374_0\ O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\ievkbd.dll (Kaspersky Lab ZAO) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (SearchSettings Class) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb128\SearchSettings.dll (Spigot, Inc.) O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\klwtbbho.dll (Kaspersky Lab ZAO) O3 - HKLM\..\Toolbar: (no name) - {82E1477C-B154-48D3-9891-33D83C26BCD3} - No CLSID value found. O3 - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found. O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe (Kaspersky Lab ZAO) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\tomislav\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm () O9 - Extra 'Tools' menuitem : Sun Java-Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found O9 - Extra Button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\ievkbd.dll (Kaspersky Lab ZAO) O9 - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\klwtbbho.dll (Kaspersky Lab ZAO) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab (Checkers Class) O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} hxxp://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab (Solitaire Showdown Class) O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/de/uno1/GAME_UNO1.cab (UnoCtrl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 10.21.2) O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 10.21.2) O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab (Minesweeper Flags Class) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{47EC32AA-0CAF-4FF3-851D-D740A701FFDE}: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - File not found O20 - Winlogon\Notify\klogon: DllName - (C:\Windows\system32\klogon.dll) - C:\Windows\System32\klogon.dll (Kaspersky Lab ZAO) O20 - Winlogon\Notify\VESWinlogon: DllName - (VESWinlogon.dll) - C:\Windows\System32\VESWinlogon.dll (Sony Corporation) O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\VAIO 08 img5 Wallpaper 1280x800.jpg O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\VAIO 08 img5 Wallpaper 1280x800.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{4f501048-2c80-11de-8d29-001dbaae2071}\Shell - "" = AutoRun O33 - MountPoints2\{4f501048-2c80-11de-8d29-001dbaae2071}\Shell\AutoRun\command - "" = G:\SETUP.EXE O33 - MountPoints2\{4f501048-2c80-11de-8d29-001dbaae2071}\Shell\configure\command - "" = G:\SETUP.EXE O33 - MountPoints2\{4f501048-2c80-11de-8d29-001dbaae2071}\Shell\install\command - "" = G:\SETUP.EXE O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2013.06.30 21:02:46 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\tomislav\Desktop\OTL.exe [2013.06.30 20:02:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner [2013.06.30 20:02:54 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2013.06.30 19:58:22 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group [2013.06.30 19:58:22 | 000,000,000 | ---D | C] -- C:\Users\tomislav\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller [2013.06.30 19:08:08 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group [2013.06.30 19:06:44 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard [2009.05.21 23:26:02 | 000,148,736 | ---- | C] (Avanquest Software) -- C:\ProgramData\hpe9704.dll [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.06.30 21:15:00 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.06.30 21:06:16 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.06.30 21:05:27 | 000,040,960 | ---- | M] () -- C:\Users\tomislav\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2013.06.30 21:02:58 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\tomislav\Desktop\OTL.exe [2013.06.30 21:00:34 | 000,000,522 | ---- | M] () -- C:\Windows\tasks\1-Klick-Wartung.job [2013.06.30 20:53:09 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.06.30 20:52:49 | 000,003,616 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2013.06.30 20:52:49 | 000,003,616 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2013.06.30 20:52:44 | 000,399,344 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2013.06.30 20:52:37 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.06.30 20:52:27 | 3186,659,328 | -HS- | M] () -- C:\hiberfil.sys [2013.06.30 20:50:13 | 000,000,020 | ---- | M] () -- C:\Users\tomislav\defogger_reenable [2013.06.30 20:47:26 | 000,050,477 | ---- | M] () -- C:\Users\tomislav\Desktop\Defogger.exe [2013.06.30 20:02:56 | 000,000,764 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2013.06.30 19:58:22 | 000,001,017 | ---- | M] () -- C:\Users\tomislav\Desktop\Revo Uninstaller.lnk [2013.06.27 14:56:24 | 000,689,472 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2013.06.27 14:56:24 | 000,645,858 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2013.06.27 14:56:24 | 000,151,240 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2013.06.27 14:56:24 | 000,122,686 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2013.06.27 07:19:40 | 000,001,931 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2013.06.12 14:02:22 | 000,145,412 | ---- | M] () -- C:\Users\tomislav\Desktop\RES CONFIRMATION(2).PDF [2013.06.05 15:19:47 | 000,145,101 | ---- | M] () -- C:\Users\tomislav\Desktop\RES CONFIRMATION(1).PDF [2013.06.05 14:22:48 | 000,145,101 | ---- | M] () -- C:\Users\tomislav\Desktop\RES CONFIRMATION.PDF [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.06.30 20:52:29 | 000,399,344 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2013.06.30 20:49:46 | 000,000,020 | ---- | C] () -- C:\Users\tomislav\defogger_reenable [2013.06.30 20:47:25 | 000,050,477 | ---- | C] () -- C:\Users\tomislav\Desktop\Defogger.exe [2013.06.30 20:02:56 | 000,000,764 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk [2013.06.30 19:58:22 | 000,001,017 | ---- | C] () -- C:\Users\tomislav\Desktop\Revo Uninstaller.lnk [2013.06.12 14:02:16 | 000,145,412 | ---- | C] () -- C:\Users\tomislav\Desktop\RES CONFIRMATION(2).PDF [2013.06.05 15:19:47 | 000,145,101 | ---- | C] () -- C:\Users\tomislav\Desktop\RES CONFIRMATION(1).PDF [2013.06.05 14:22:47 | 000,145,101 | ---- | C] () -- C:\Users\tomislav\Desktop\RES CONFIRMATION.PDF [2012.01.31 18:53:45 | 000,017,408 | ---- | C] () -- C:\Users\tomislav\AppData\Local\WebpageIcons.db [2011.08.30 13:34:56 | 000,005,810 | ---- | C] () -- C:\Users\tomislav\.recently-used.xbel [2009.08.24 23:52:22 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2009.05.04 07:44:03 | 000,000,235 | ---- | C] () -- C:\Users\tomislav\AppData\Roaming\devices.xml [2009.05.04 07:44:03 | 000,000,012 | ---- | C] () -- C:\Users\tomislav\AppData\Roaming\settings.xml [2009.04.19 03:50:15 | 000,040,960 | ---- | C] () -- C:\Users\tomislav\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009.04.19 02:36:08 | 000,002,032 | ---- | C] () -- C:\Users\tomislav\AppData\Local\d3d9caps.dat ========== ZeroAccess Check ========== [2006.11.02 14:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 19:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 08:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 08:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2013.04.20 20:52:53 | 000,000,000 | ---D | M] -- C:\Users\tomislav\AppData\Roaming\.minecraft [2009.04.19 03:45:53 | 000,000,000 | ---D | M] -- C:\Users\tomislav\AppData\Roaming\Ashampoo [2013.06.30 20:08:48 | 000,000,000 | ---D | M] -- C:\Users\tomislav\AppData\Roaming\Azureus [2013.04.30 22:03:14 | 000,000,000 | ---D | M] -- C:\Users\tomislav\AppData\Roaming\Babylon [2009.04.23 00:24:00 | 000,000,000 | ---D | M] -- C:\Users\tomislav\AppData\Roaming\Canneverbe_Limited [2009.04.19 03:25:46 | 000,000,000 | ---D | M] -- C:\Users\tomislav\AppData\Roaming\DAEMON Tools [2013.06.30 20:10:16 | 000,000,000 | ---D | M] -- C:\Users\tomislav\AppData\Roaming\DAEMON Tools Lite [2009.04.19 03:25:46 | 000,000,000 | ---D | M] -- C:\Users\tomislav\AppData\Roaming\DAEMON Tools Pro [2010.06.28 17:56:36 | 000,000,000 | ---D | M] -- C:\Users\tomislav\AppData\Roaming\DVDVideoSoftIEHelpers [2013.01.26 06:58:19 | 000,000,000 | ---D | M] -- C:\Users\tomislav\AppData\Roaming\elsterformular [2010.12.27 20:45:31 | 000,000,000 | ---D | M] -- C:\Users\tomislav\AppData\Roaming\Epson [2010.03.16 17:16:49 | 000,000,000 | ---D | M] -- C:\Users\tomislav\AppData\Roaming\Facebook [2011.08.30 13:34:56 | 000,000,000 | ---D | M] -- C:\Users\tomislav\AppData\Roaming\gtk-2.0 [2012.09.03 19:33:39 | 000,000,000 | ---D | M] -- C:\Users\tomislav\AppData\Roaming\log [2013.05.28 19:22:16 | 000,000,000 | ---D | M] -- C:\Users\tomislav\AppData\Roaming\PCCUStubInstaller [2009.06.15 16:51:28 | 000,000,000 | ---D | M] -- C:\Users\tomislav\AppData\Roaming\PlayFirst [2013.04.04 16:53:06 | 000,000,000 | ---D | M] -- C:\Users\tomislav\AppData\Roaming\TomTom [2009.04.19 04:07:01 | 000,000,000 | ---D | M] -- C:\Users\tomislav\AppData\Roaming\TuneUp Software [2013.05.02 15:22:14 | 000,000,000 | ---D | M] -- C:\Users\tomislav\AppData\Roaming\VSO [2013.06.30 20:55:04 | 000,000,000 | ---D | M] -- C:\Users\tomislav\AppData\Roaming\Yontoo ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 85 bytes -> C:\Users\tomislav\Desktop\SSL25762 [Desktop Auflösung].JPG:VsoSummaryInformation @Alternate Data Stream - 85 bytes -> C:\Users\tomislav\Desktop\SSL25759 [Desktop Auflösung].JPG:VsoSummaryInformation < End of report > OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 30.06.2013 21:04:15 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\tomislav\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,97 Gb Total Physical Memory | 1,61 Gb Available Physical Memory | 54,29% Memory free
6,14 Gb Paging File | 4,60 Gb Available in Paging File | 74,99% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 223,07 Gb Total Space | 119,59 Gb Free Space | 53,61% Space Free | Partition Type: NTFS
Computer Name: TOMISLAV-PC | User Name: tomislav | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- "%1" %*
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{27977C34-FF4B-454D-BE17-C18D63049BC6}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{47DAE14D-2FF6-45B7-B559-71D097758084}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{BDFE7AE0-8149-4784-9E07-DD0308589D0F}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{F10490A3-9BC0-4BEE-BB72-74E5EE10E23E}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{FE45AD25-A552-468F-BB0C-0438451D073C}" = lport=2869 | protocol=6 | dir=in | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{29488719-B77B-43D3-929C-0C35AC318253}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{2BFBB0AB-4A25-4828-8341-F076157C08AF}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{38C2D92D-0008-4D7C-AFFC-FF88B3D5DB24}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{631D0324-6A26-4A06-A66A-DB07B620ADCC}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{73F58DB8-26AF-4147-986A-40E82C91B7F2}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{78DF7B8F-DCE9-4280-95FB-842023B01CB0}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{79F99F8F-0E50-422B-839F-92EE12E5266C}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{94B8705B-2ACC-4982-97BA-6BFE4C8B708B}" = dir=in | app=c:\program files\windows live\mesh\moe.exe |
"{ACF0084A-D7E7-45FA-BA02-BF76FC184BCA}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{AE69F14F-654B-42EA-B256-F3A3A38FCCCC}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{CE1EBF7D-E293-4A7D-BBC6-8699D6A26F4B}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{DC9AD4CB-7661-4BFE-A185-5EBB06C76A70}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{F653BCA5-6899-4F53-9D31-CD0EAEBDFC81}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{FD0106C1-9BF1-4522-9AE2-C9460F66F870}" = protocol=6 | dir=in | app=c:\windows\temp\~os6b70.tmp\rlvknlg.exe |
"TCP Query User{388AC712-9E35-45A5-B455-19F651C2CA14}C:\program files\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe |
"TCP Query User{830ED324-2D54-4BD9-928B-F096404290BC}C:\programdata\kaspersky lab setup files\kaspersky anti-virus 2009\english\setup.exe" = protocol=6 | dir=in | app=c:\programdata\kaspersky lab setup files\kaspersky anti-virus 2009\english\setup.exe |
"TCP Query User{A4E269FD-0F64-472E-8901-5032927D80F8}C:\program files\java\jre7\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\java.exe |
"TCP Query User{B9D400C6-5CB7-4226-9D9D-02133CB60495}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{F5C806A0-36FD-42C4-A89B-BF951D3978D8}C:\programdata\kaspersky lab setup files\kaspersky internet security 2009\german\setup.exe" = protocol=6 | dir=in | app=c:\programdata\kaspersky lab setup files\kaspersky internet security 2009\german\setup.exe |
"UDP Query User{1EBD1D78-5F44-4381-8591-E90E548420CB}C:\program files\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe |
"UDP Query User{24177D00-2191-42D6-9DB5-1B8AED9BEE80}C:\programdata\kaspersky lab setup files\kaspersky internet security 2009\german\setup.exe" = protocol=17 | dir=in | app=c:\programdata\kaspersky lab setup files\kaspersky internet security 2009\german\setup.exe |
"UDP Query User{B6B128BD-E5EB-4626-A343-A07E5327C296}C:\program files\java\jre7\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\java.exe |
"UDP Query User{D9F85A9F-D0D0-4FE5-8F46-BF4AD2A3CF3E}C:\programdata\kaspersky lab setup files\kaspersky anti-virus 2009\english\setup.exe" = protocol=17 | dir=in | app=c:\programdata\kaspersky lab setup files\kaspersky anti-virus 2009\english\setup.exe |
"UDP Query User{F7A3F09C-93F8-4C52-90E4-A8385EE3B9F8}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{018F8F57-B46B-B9B9-C452-DE8F5618434F}" = Catalyst Control Center Graphics Full Existing
"{01FDC9FC-4D4F-4DB0-ACD1-D3E8E1D52902}" = Sony Video Shared Library
"{02602409-9189-4567-BC07-562605243B69}" = Windows Live Remote Client Resources
"{028ED9C4-25EE-4DEE-9CF4-91034BC89B18}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{03B8AA32-F23C-4178-B8E6-09ECD07EAA47}" = Epson Event Manager
"{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}" = Messenger Companion
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{07629207-FAA0-4F1A-8092-BF5085BE511F}" = Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)
"{07C93E59-2DE3-1565-28A9-8C848B26D0F5}" = CCC Help German
"{088C7311-A3BB-43C5-B046-C114D2F9728C}" = VAIO Media plus
"{0A6F9244-8C79-1296-3A43-097F67EB666A}" = Catalyst Control Center Localization Dutch
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0B1AAC97-8563-41D9-AE47-58E6A222F0E1}" = Search Settings 1.2.1
"{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support
"{14291118-0C19-45EA-A4FA-5C1C0F5FDE09}" = Primo
"{15D5C238-4C2E-4AEA-A66D-D6989A4C586B}" = VAIO Launcher
"{1790FDA2-938F-C886-8988-1ECB74E45517}" = Catalyst Control Center Localization Norwegian
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1C815731-19F3-0770-8776-D78D6BEBC291}" = Catalyst Control Center Localization Hungarian
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1EC06E70-BE43-DAAA-A217-E5C98869B1F8}" = Catalyst Control Center Localization Greek
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2018C019-30D9-4240-8C01-0865C10DCF5A}" = Unterstützung für VAIO-Präsentation
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{23825B69-36DF-4DAD-9CFD-118D11D80F16}" = VAIO Content Folder Setting
"{252E50FD-F27C-C8DD-C9E2-D2845A2DC399}" = ATI Catalyst Install Manager
"{25BA8D5A-228A-7192-6FA1-890D9F1C679F}" = CCC Help Korean
"{26A24AE4-039D-4CA4-87B4-2F83216035FF}" = Java(TM) 6 Update 35
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 21
"{2D6E3D97-1FDF-4993-AC75-72F59EC445C5}" = Windows Live Family Safety
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{327B75F0-92AF-420A-988F-FA596A218E0B}" = VAIO Content Folder Watcher
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{39F58DDB-B2B8-4B86-AF20-4706A80EB30D}" = Epson Easy Photo Print 2
"{3A65A74A-5B6E-451A-92D8-50F1182BBE9A}" = Windows Live Remote Service Resources
"{3B311FB9-5B6A-328C-D7AE-2445D639D886}" = CCC Help Norwegian
"{3B659FAD-E772-44A3-B7E7-560FF084669F}" = VAIO Smart Network
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D333C7C-102B-F474-9524-72AAA3F292B8}" = Catalyst Control Center Localization Danish
"{3EE51BAD-9916-49C7-90BA-3D500B031E0C}_is1" = VSO Image Resizer 2.2.0.4d
"{4412F224-3849-4461-A3E9-DEEF8D252790}" = Visual Studio C++ 10.0 Runtime
"{44A537A5-859C-43A6-8285-C0668142A090}" = iPod for Windows 2005-03-23
"{4529BC6B-16AE-6829-4946-36C33DBF8DD1}" = Catalyst Control Center Localization French
"{45E557D6-2271-4F13-8101-C620B4285AB0}" = Kaspersky Anti-Virus 2012
"{468D22C0-8080-11E2-B86E-B8AC6F98CCE3}" = Google Earth
"{46D7A7FB-305B-F77D-60F8-8FAE1C432374}" = Catalyst Control Center InstallProxy
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4cb9f93c-9edc-4be9-ae61-af128ddbecfa}" = Business Contact Manager für Outlook 2007 SP2
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{527EB2A4-BF51-B1B6-3F09-2032A861548E}" = Catalyst Control Center Graphics Light
"{52A7C6A6-6B88-47D1-922E-9F8A7E089E6A}" = Intel(R) PROSet/Wireless WiFi-Software
"{55A29068-F2CE-456C-9148-C869879E2357}" = TuneUp Utilities 2009
"{55C0F7C1-8B6D-CBBD-2B88-EE7261A87254}" = CCC Help Greek
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{57B955CE-B5D3-495D-AF1B-FAEE0540BFEF}" = VAIO Data Restore Tool
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{596BED91-A1D8-4DF1-8CD1-1C777F7588AC}" = VAIO DVD Menu Data Basic
"{5A9AA2C0-972F-4239-AA41-E409434194D5}" = MobileMe Control Panel
"{5C5EE8F2-0B38-4C13-AE4E-A87A237FE718}" =
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{5F5867F0-2D23-4338-A206-01A76C823924}" = VAIO Energie Verwaltung
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{629FD96D-5877-0832-2D31-0EFE781F870D}" = CCC Help Portuguese
"{652C5DED-9B9F-93D0-5E94-931B8C38EF0E}" = Catalyst Control Center Localization Thai
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{68A69CFF-130D-4CDE-AB0E-7374ECB144C8}" = Click to Disc
"{69C8B1E3-2665-4A0F-B049-67746E5C4CE3}" = Software Info for Me&My VAIO
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A54CB6A-59D1-6A3A-08F3-E34ECF8905A9}" = Catalyst Control Center Graphics Previews Vista
"{6AA6EEA5-BF09-932B-AC25-0E9CCA4B709A}" = CCC Help Danish
"{6AD9F5F3-5BD0-4000-BD9C-B536CF86D988}" = iTunes
"{6B1F20F2-6321-4669-A58C-33DF8E7517FF}" = VAIO Entertainment Platform
"{6C4EF0CA-A9DD-96CF-B722-CCDEB589DD26}" = Catalyst Control Center Localization Chinese Traditional
"{6C50525A-2D77-4C22-B058-9AA2F27ACFF2}" = VAIO Content Metadata Intelligent Analyzing Manager
"{6D4673B7-A982-43E5-82E9-13E037681478}" = Click to Disc
"{6ECB39BD-73C2-44DD-B1A0-898207C58D8B}" = HP Foto- und Bildbearbeitung 2.0 All-in-One Treiber
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{711D43D7-24FE-A2B7-CC52-A48BCAAF3926}" = Catalyst Control Center Graphics Previews Common
"{72042FA6-5609-489F-A8EA-3C2DD650F667}" = VAIO Control Center
"{73496381-83C9-7BE6-6EB6-4CF97C00E5FD}" = CCC Help Polish
"{75F52FAC-16CE-4A2A-B89A-9742F39A1864}" = VAIO Movie Story
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{76D7CCD6-8369-405C-B494-5F34FAE67249}" = Me&My VAIO
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{79BBD55C-9FF6-D496-8AE6-E2EC2829F974}" = Catalyst Control Center Localization Czech
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7BB90344-0647-468E-925A-7F69F7983421}" = ArcSoft Magic-i Visual Effects 2
"{7CC28423-465C-F4B9-9379-343DF715BE62}" = CCC Help Swedish
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{7E823DA5-43A2-46E8-A75E-5A2A0FDE81A1}" = VAIO Content Metadata Manager Setting
"{80828DF5-270E-F8E6-6274-55ACA4C7E229}" = Catalyst Control Center Localization Japanese
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{83CDA18E-0BF3-4ACA-872C-B4CDABF2360E}" = VAIO Update 4
"{84037798-D63A-F5CA-9FB2-829B362BF712}" = CCC Help Finnish
"{8470A1D9-536E-C7C1-AE2D-24B739B1665A}" = Catalyst Control Center Localization Russian
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{882683C6-8B60-5CBC-38A8-55ED185FD975}" = CCC Help Turkish
"{8843C5E1-51E5-DFA6-1AD8-757C8DCA7E37}" = CCC Help Russian
"{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo 2.052
"{88C596E4-6882-8E76-EBEF-AB739F5A3B69}" = Catalyst Control Center Localization Italian
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8C467DE1-6E04-0888-B281-172909C96F37}" = Skins
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8C7FB08D-7A84-22E0-F553-F6B827023E17}" = CCC Help Chinese Traditional
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8DE50158-80AA-4FF2-9E9F-0A7C46F71FCD}" = VAIO Media plus
"{8F1ADE4D-EFAC-4F5A-B346-23C2687FAF50}" = Apple Mobile Device Support
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0015-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}_PROHYBRIDR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}_PROHYBRIDR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}_PROHYBRIDR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90A40407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{91F2D688-B8CB-4461-A92D-6B35279DAE8F}" = VAIO Content Folder Watcher
"{9238E8A4-BEBA-43A3-B926-769BDBF194C5}" = VAIO Media plus Opening Movie
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{93F32124-BB54-C599-CF55-E1E57565BCE3}" = CCC Help Czech
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-007A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{96C951BB-47C8-8497-78F0-7D8D328B58E3}" = Catalyst Control Center Localization Portuguese
"{96D0B6C6-5A72-4B47-8583-A87E55F5FE81}" =
"{9867A917-5D17-40DE-83BA-BEA5293194B1}" = HP Foto- und Bildbearbeitung 2.0 - All-in-One
"{9973498D-EA29-4A68-BE0B-C88D6E03E928}" = ArcSoft WebCam Companion 2
"{99D8CD4E-A5D2-A9DF-A152-B28EB5A71F85}" = Catalyst Control Center Localization German
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9EAC0E21-510E-4259-A9C6-F5D5B8969036}" = Catalyst Control Center - Branding
"{A2052C95-48CC-4AC9-A8D4-FCD89DDD8F2C}" = VAIO Content Folder Watcher
"{A63E7492-A0BC-4BB9-89A7-352965222380}" = VAIO Original Function Setting
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A7DA438C-2E43-4C20-BFDA-C1F4A6208558}" = Setting Utility Series
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{A939F952-1C7E-CBF8-EE77-CFBD9C6A4ECC}" = ccc-core-static
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA75988E-9EC1-EECE-CE00-D5D935974528}" = CCC Help Dutch
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.7) - Deutsch
"{ACB5FD4A-6C58-972C-180C-9677C037E71D}" = Catalyst Control Center Localization Chinese Standard
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{ADBDB038-FF77-C672-04A1-7A0E67E8C73C}" = Catalyst Control Center Core Implementation
"{ADECE95F-585D-8B33-BF50-53C2BDA1E241}" = Catalyst Control Center Localization Korean
"{AE0FBCB5-3193-4583-C6CB-AA96F307EA70}" = ccc-utility
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{AFF10119-F154-4888-77F3-B149DE987976}" = Catalyst Control Center Localization Polish
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B25563A0-41F4-4A81-A6C1-6DBC0911B1F3}" = VAIO Movie Story
"{B2D55EB8-32C5-4B43-9006-9E97DECBA178}" = Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser)
"{B376402D-58EA-45EA-BD50-DD924EB67A70}" = HP Speicher-Disc
"{B513C7B0-024A-498F-B0F5-00C67E2440A9}" = VAIO Content Metadata Intelligent Analyzing Manager
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{C1083DBC-C541-4E8C-91EA-D92397AB9A2C}" = OpenMG Secure Module 5.1.00
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{C7477742-DDB4-43E5-AC8D-0259E1E661B1}" = VAIO Event Service
"{C767EE67-9AA4-1CBF-8FD4-87F52CBB041D}" = CCC Help Italian
"{C8E57F8C-64FE-28D7-0F65-7BE87AF49745}" = Catalyst Control Center Graphics Full New
"{CAE07D54-A400-DAF9-912B-306DD941B61C}" = Catalyst Control Center Localization Finnish
"{CB6CF566-E06F-2556-55EF-EE149FC6EE7F}" = CCC Help French
"{CB8A8696-93EC-414E-A752-850AB133F68A}" = VAIO Content Metadata XML Interface Library
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CFF8B8E8-E086-4DE0-935F-FE22CAB54F80}" = Microsoft Search Enhancement Pack
"{D355ECA7-DBF5-F22E-4E1A-BF69CFC5CED8}" = CCC Help Japanese
"{D44DF260-2D5A-3277-97D6-C97D1A806CF5}" = CCC Help Thai
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D5068583-D569-468B-9755-5FBF5848F46F}" = Sony Picture Utility
"{D5FBA9C1-21D3-4210-A604-CF9E38238F35}" = VAIO Entertainment Platform
"{D60F97EC-EF06-4E1E-B0D1-C2CBABA62FA3}" = VAIO Wallpaper Contents
"{D7019E24-BF07-3690-18C7-3D0DE87D09AB}" = CCC Help Chinese Standard
"{D7FFE7EB-1A15-864C-B335-E768BF623B84}" = Catalyst Control Center Localization Swedish
"{DA7DF8E2-4B8F-4286-97FE-DE3FFFE9B728}" = iCloud
"{DB0A8A2A-4EA7-4FE3-802E-8A6DEE32696C}_is1" = Orban/Coding Technologies AAC/aacPlus Player Plugin™ 1.0
"{DE1F799A-0A02-FF3B-8786-195E91D0DE94}" = CCC Help Spanish
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E31010F6-DE18-0E9F-E028-FC709306C6F1}" = Catalyst Control Center Localization Turkish
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E5BD6683-301D-B224-FB7C-320299CD51F9}" = CCC Help Hungarian
"{E9730C7A-E5DA-8222-45FE-2D71E810BE46}" = Catalyst Control Center Localization Spanish
"{EA39F1F5-D4A1-C02A-0865-7F6A95A33A56}" = CCC Help English
"{EE59BBF9-415C-45DB-8C4B-EE43CF635FEA}" = VAIO Content Metadata XML Interface Library
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F46E21DF-5BE1-48E2-8390-5EEA8B25E36A}" = Microsoft SQL Server Native Client
"{F5A4F780-DF0C-444F-BA82-637CCF5C8052}" = Windows Live Family Safety
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FD72E69E-CF34-4071-BFD6-FD081A365E2C}" = VAIO Content Metadata Intelligent Analyzing Manager
"{FDE96E86-7780-431C-92F7-679C6A7CEC51}" = Microsoft SQL Server VSS Writer
"{FE697886-F392-4E0D-A0C0-47587BF60992}" = VAIO Content Metadata Manager Setting
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Ashampoo Burning Studio 2009_is1" = Ashampoo Burning Studio 2009
"Business Contact Manager" = Business Contact Manager für Outlook 2007 SP2
"CCleaner" = CCleaner
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"Drakensang_Phileasson_is1" = Drakensang - Phileassons Geheimnis
"Drakensang_TRoT_is1" = Drakensang - Am Fluss der Zeit
"dt icon module" =
"ElsterFormular" = ElsterFormular
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EPSON Scanner" = EPSON Scan
"EPSON SX125 Series" = EPSON SX125 Series Printer Uninstall
"EPSON SX125 Series Manual" = EPSON SX125 Series Handbuch
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.3
"Free FLV Converter_is1" = Free FLV Converter V 6.6.1
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.5
"GhostMouse 2.0" = GhostMouse 2.0
"Google Chrome" = Google Chrome
"InstallShield_{44A537A5-859C-43A6-8285-C0668142A090}" = iPod for Windows 2005-03-23
"InstallShield_{C1083DBC-C541-4E8C-91EA-D92397AB9A2C}" = OpenMG Secure Module 5.1.00
"InstallWIX_{45E557D6-2271-4F13-8101-C620B4285AB0}" = Kaspersky Anti-Virus 2012
"KLiteCodecPack_is1" = K-Lite Codec Pack 4.8.0 (Basic)
"MarketingTools" = VAIO Marketing Tools
"McAfee Security Scan" = McAfee Security Scan Plus
"MFU Module" =
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Mozilla Firefox 20.0 (x86 de)" = Mozilla Firefox 20.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Norton PC Checkup_is1" = Norton PC Checkup
"Picasa2" = Picasa 2
"PROHYBRIDR" = 2007 Microsoft Office system
"ProInst" = Intel PROSet Wireless
"QuickTime" = QuickTime
"Revo Uninstaller" = Revo Uninstaller 1.94
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Unlocker" = Unlocker 1.9.0
"VAIO Help and Support" =
"Video Thumbnails Maker" = Video Thumbnails Maker by Scorp (remove only)
"VLC media player" = VLC media player 1.1.4
"WinGimp-2.0_is1" = GIMP 2.6.10
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"Xvid_is1" = Xvid 1.2.1 final uninstall
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Facebook Plug-In" = Facebook Plug-In
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 30.06.2013 09:20:29 | Computer Name = tomislav-PC | Source = WinMgmt | ID = 10
Description =
Error - 30.06.2013 13:59:22 | Computer Name = tomislav-PC | Source = VSS | ID = 8194
Description =
Error - 30.06.2013 14:04:00 | Computer Name = tomislav-PC | Source = VSS | ID = 8194
Description =
Error - 30.06.2013 14:05:47 | Computer Name = tomislav-PC | Source = VSS | ID = 8194
Description =
Error - 30.06.2013 14:12:52 | Computer Name = tomislav-PC | Source = VSS | ID = 8194
Description =
Error - 30.06.2013 14:17:48 | Computer Name = tomislav-PC | Source = VSS | ID = 8194
Description =
Error - 30.06.2013 14:22:21 | Computer Name = tomislav-PC | Source = VSS | ID = 8194
Description =
Error - 30.06.2013 14:24:23 | Computer Name = tomislav-PC | Source = MsiInstaller | ID = 11310
Description =
Error - 30.06.2013 14:54:07 | Computer Name = tomislav-PC | Source = WinMgmt | ID = 10
Description =
Error - 30.06.2013 14:54:53 | Computer Name = tomislav-PC | Source = VzCdbSvc | ID = 7
Description = Das Plug-In-Modul konnte nicht geladen werden. (GUID = {56F9312C-C989-4E04-8C23-299DEE3A36F5})
(Fehlercode = 0x80042019)
[ OSession Events ]
Error - 11.08.2010 15:53:25 | Computer Name = tomislav-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6535.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3
seconds with 0 seconds of active time. This session ended with a crash.
Error - 07.05.2011 12:28:01 | Computer Name = tomislav-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3
seconds with 0 seconds of active time. This session ended with a crash.
Error - 31.05.2011 09:21:06 | Computer Name = tomislav-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 25
seconds with 0 seconds of active time. This session ended with a crash.
Error - 18.08.2011 22:03:25 | Computer Name = tomislav-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 7
seconds with 0 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 19.04.2009 12:57:48 | Computer Name = tomislav-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 19.04.2009 19:19:01 | Computer Name = tomislav-PC | Source = DCOM | ID = 10005
Description =
Error - 19.04.2009 19:19:01 | Computer Name = tomislav-PC | Source = Service Control Manager | ID = 7009
Description =
Error - 19.04.2009 19:19:01 | Computer Name = tomislav-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 19.04.2009 19:19:01 | Computer Name = tomislav-PC | Source = Service Control Manager | ID = 7009
Description =
Error - 19.04.2009 19:19:01 | Computer Name = tomislav-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 19.04.2009 19:21:47 | Computer Name = tomislav-PC | Source = Service Control Manager | ID = 7009
Description =
Error - 19.04.2009 19:21:47 | Computer Name = tomislav-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 19.04.2009 19:21:48 | Computer Name = tomislav-PC | Source = Service Control Manager | ID = 7009
Description =
Error - 19.04.2009 19:21:48 | Computer Name = tomislav-PC | Source = Service Control Manager | ID = 7000
Description =
[ TuneUp Events ]
Error - 20.11.2012 13:48:12 | Computer Name = tomislav-PC | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: database disk image is malformed; when executing SQL: INSERT
INTO Applications (Exe, Started, Ended, State, Resumed) SELECT Exe, Started, Ended,
State, Resumed FROM MemApplications;DELETE FROM MemApplications;INSERT INTO Applications
(Exe, Started, Ended, State, Resumed) SELECT Exe, Started, '2012-11-20 18:48:12',
1, Resumed FROM ActiveApps;DELETE FROM ActiveApps
Error - 21.11.2012 03:50:07 | Computer Name = tomislav-PC | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: database disk image is malformed; when executing SQL: INSERT
INTO Applications (Exe, Started, Ended, State, Resumed) SELECT Exe, Started, Ended,
State, Resumed FROM MemApplications;DELETE FROM MemApplications;INSERT INTO Applications
(Exe, Started, Ended, State, Resumed) SELECT Exe, Started, '2012-11-21 08:50:07',
1, Resumed FROM ActiveApps;DELETE FROM ActiveApps
Error - 21.11.2012 14:06:45 | Computer Name = tomislav-PC | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: database disk image is malformed; when executing SQL: INSERT
INTO Applications (Exe, Started, Ended, State, Resumed) SELECT Exe, Started, Ended,
State, Resumed FROM MemApplications;DELETE FROM MemApplications;INSERT INTO Applications
(Exe, Started, Ended, State, Resumed) SELECT Exe, Started, '2012-11-21 19:06:45',
1, Resumed FROM ActiveApps;DELETE FROM ActiveApps
Error - 22.11.2012 10:37:18 | Computer Name = tomislav-PC | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: database disk image is malformed; when executing SQL: INSERT
INTO Applications (Exe, Started, Ended, State, Resumed) SELECT Exe, Started, Ended,
State, Resumed FROM MemApplications;DELETE FROM MemApplications;INSERT INTO Applications
(Exe, Started, Ended, State, Resumed) SELECT Exe, Started, '2012-11-22 15:37:18',
1, Resumed FROM ActiveApps;DELETE FROM ActiveApps
Error - 22.11.2012 15:30:41 | Computer Name = tomislav-PC | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: database disk image is malformed; when executing SQL: INSERT
INTO Applications (Exe, Started, Ended, State, Resumed) SELECT Exe, Started, Ended,
State, Resumed FROM MemApplications;DELETE FROM MemApplications;INSERT INTO Applications
(Exe, Started, Ended, State, Resumed) SELECT Exe, Started, '2012-11-22 20:30:41',
1, Resumed FROM ActiveApps;DELETE FROM ActiveApps
Error - 23.11.2012 02:16:22 | Computer Name = tomislav-PC | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: database disk image is malformed; when executing SQL: INSERT
INTO Applications (Exe, Started, Ended, State, Resumed) SELECT Exe, Started, Ended,
State, Resumed FROM MemApplications;DELETE FROM MemApplications;INSERT INTO Applications
(Exe, Started, Ended, State, Resumed) SELECT Exe, Started, '2012-11-23 07:16:22',
1, Resumed FROM ActiveApps;DELETE FROM ActiveApps
Error - 23.11.2012 09:10:41 | Computer Name = tomislav-PC | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: database disk image is malformed; when executing SQL: INSERT
INTO Applications (Exe, Started, Ended, State, Resumed) SELECT Exe, Started, Ended,
State, Resumed FROM MemApplications;DELETE FROM MemApplications;INSERT INTO Applications
(Exe, Started, Ended, State, Resumed) SELECT Exe, Started, '2012-11-23 14:10:40',
1, Resumed FROM ActiveApps;DELETE FROM ActiveApps
Error - 24.11.2012 09:18:00 | Computer Name = tomislav-PC | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: database disk image is malformed; when executing SQL: INSERT
INTO Applications (Exe, Started, Ended, State, Resumed) SELECT Exe, Started, Ended,
State, Resumed FROM MemApplications;DELETE FROM MemApplications;INSERT INTO Applications
(Exe, Started, Ended, State, Resumed) SELECT Exe, Started, '2012-11-24 14:18:00',
1, Resumed FROM ActiveApps;DELETE FROM ActiveApps
Error - 24.11.2012 18:55:12 | Computer Name = tomislav-PC | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: database disk image is malformed; when executing SQL: INSERT
INTO Applications (Exe, Started, Ended, State, Resumed) SELECT Exe, Started, Ended,
State, Resumed FROM MemApplications;DELETE FROM MemApplications;INSERT INTO Applications
(Exe, Started, Ended, State, Resumed) SELECT Exe, Started, '2012-11-24 23:55:12',
3, Resumed FROM ActiveApps;DELETE FROM ActiveApps
Error - 25.11.2012 09:42:37 | Computer Name = tomislav-PC | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: database disk image is malformed; when executing SQL: INSERT
INTO Applications (Exe, Started, Ended, State, Resumed) SELECT Exe, Started, Ended,
State, Resumed FROM MemApplications;DELETE FROM MemApplications;INSERT INTO Applications
(Exe, Started, Ended, State, Resumed) SELECT Exe, Started, '2012-11-25 14:42:37',
1, Resumed FROM ActiveApps;DELETE FROM ActiveApps
< End of report >
Geändert von karato (30.06.2013 um 21:39 Uhr) |
|
30.06.2013, 21:55
| #2 |
| /// Malwareteam / Visitor  | pc langsam, firefox lässt sich nicht gleich öffnen... Ich bin smeenk und ich werde versuchen dir zu helfen  Bitte lade dir zoek.exe von hier: http://hijackthis.nl/smeenk/
|
|
30.06.2013, 23:10
| #3 |
| | pc langsam, firefox lässt sich nicht gleich öffnen... Hallo Smeenk,
__________________ich bekomme folgenden Text. Zoek.exe Version 4.0.0.3 Updated 27-June-2013 Tool run by tomislav on 01.07.2013 at 0:08:35,82. Microsoft® Windows Vista™ Home Premium 6.0.6002 Service Pack 2 x86 Running in: Normal Mode Internet Access Detected zoek.hta failed by unknown error. Restart computer, and try again. If this error returns, use another tool. Beim zweiten Anlauf hats geklappt. Code:
ATTFilter Zoek.exe Version 4.0.0.3 Updated 27-June-2013
Tool run by tomislav on 01.07.2013 at 0:26:29,22.
Microsoft® Windows Vista™ Home Premium 6.0.6002 Service Pack 2 x86
Running in: Normal Mode Internet Access Detected
==== Older Logs ======================
C:\zoek-results01.07.2013-0009.log 397 bytes
==== Deleting CLSID Registry Keys ======================
HKEY_USERS\S-1-5-21-2861547508-2184014260-3141022536-1003\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} deleted successfully
HKEY_USERS\S-1-5-21-2861547508-2184014260-3141022536-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully
==== Deleting CLSID Registry Values ======================
HKEY_USERS\S-1-5-21-2861547508-2184014260-3141022536-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{82E1477C-B154-48D3-9891-33D83C26BCD3} deleted successfully
==== Running Processes ======================
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\RtkAudioService.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\Program Files\Norton PC Checkup 3.0\SymcPCCULaunchSvc.exe
C:\Program Files\sony\Network Utility\NSUService.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
C:\Program Files\sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Sony\VAIO Power Management\SPMService.exe
C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Windows\system32\DllHost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Yontoo\Y2Desktop.Updater.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Google\Update\1.3.21.145\GoogleCrashHandler.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files\sony\VAIO Event Service\VESMgrSub.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Users\tomislav\AppData\Roaming\Yontoo\YontooDesktop.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\taskeng.exe
C:\Users\tomislav\Desktop\zoek.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
==== Deleting Services ======================
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Yontoo Desktop Updater deleted successfully
==== FireFox Fix ======================
ProfilePath: C:\Users\tomislav\AppData\Roaming\Mozilla\Firefox\Profiles\noa2du0z.default
---- Lines CT2438727 removed from prefs.js ----
user_pref("CT2438727.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
user_pref("CT2438727.CTID", "CT2438727");
user_pref("CT2438727.CommunitiesChangesLastCheckTime", "0");
user_pref("CT2438727.CurrentServerDate", "4-5-2010");
user_pref("CT2438727.DialogsAlignMode", "LTR");
user_pref("CT2438727.FirstServerDate", "27-11-2009");
user_pref("CT2438727.FirstTime", true);
user_pref("CT2438727.FirstTimeFF3", true);
user_pref("CT2438727.GroupingInvalidateCache", false);
user_pref("CT2438727.GroupingLastCheckTime", "0");
user_pref("CT2438727.GroupingLastServerUpdateTime", "0");
user_pref("CT2438727.GroupingServerCheckInterval", 1440);
user_pref("CT2438727.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
user_pref("CT2438727.Initialize", true);
user_pref("CT2438727.InitializeCommonPrefs", true);
user_pref("CT2438727.InstalledDate", "Fri Nov 27 2009 07:36:21 GMT+0100");
user_pref("CT2438727.InvalidateCache", false);
user_pref("CT2438727.IsGrouping", false);
user_pref("CT2438727.IsMulticommunity", false);
user_pref("CT2438727.IsOpenThankYouPage", true);
user_pref("CT2438727.IsOpenUninstallPage", true);
user_pref("CT2438727.LanguagePackLastCheckTime", "Tue May 04 2010 17:03:58 GMT+0200");
user_pref("CT2438727.LanguagePackReloadIntervalMM", 1440);
user_pref("CT2438727.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx");
user_pref("CT2438727.LastLogin_2.5.2.4", "Sun Apr 25 2010 01:20:43 GMT+0200");
user_pref("CT2438727.LastLogin_2.5.8.6", "Tue May 04 2010 17:03:57 GMT+0200");
user_pref("CT2438727.LatestVersion", "2.1.0.18");
user_pref("CT2438727.Locale", "en");
user_pref("CT2438727.LoginCache", 4);
user_pref("CT2438727.MCDetectTooltipHeight", "83");
user_pref("CT2438727.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
user_pref("CT2438727.MCDetectTooltipWidth", "295");
user_pref("CT2438727.RadioLastCheckTime", "0");
user_pref("CT2438727.RadioLastUpdateIPServer", "0");
user_pref("CT2438727.RadioLastUpdateServer", "0");
user_pref("CT2438727.SHRINK_TOOLBAR", 1);
user_pref("CT2438727.SearchEngine", "Search||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TERM&ctid=CT2438727&octid=EB_ORIGINAL_CTID&SearchSource=1");
user_pref("CT2438727.SearchFromAddressBarIsInit", true);
user_pref("CT2438727.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2438727&q=");
user_pref("CT2438727.SearchInNewTabEnabled", true);
user_pref("CT2438727.SearchInNewTabIntervalMM", 1440);
user_pref("CT2438727.SearchInNewTabLastCheckTime", "Tue May 04 2010 17:03:58 GMT+0200");
user_pref("CT2438727.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_TOOLBAR_ID");
user_pref("CT2438727.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageService.asmx/UsersRequests?ctid=EB_TOOLBAR_ID");
user_pref("CT2438727.SettingsCheckIntervalMin", 120);
user_pref("CT2438727.SettingsLastCheckTime", "Tue May 04 2010 17:03:57 GMT+0200");
user_pref("CT2438727.SettingsLastUpdate", "1272193463");
user_pref("CT2438727.ThirdPartyComponentsInterval", 504);
user_pref("CT2438727.ThirdPartyComponentsLastCheck", "Fri Apr 16 2010 10:24:27 GMT+0200");
user_pref("CT2438727.ThirdPartyComponentsLastUpdate", "1269281492");
user_pref("CT2438727.TrusteLinkUrl", "hxxp://www.truste.org/pvr.php?page=validate&softwareProgramId=101&sealid=112");
user_pref("CT2438727.UserID", "UN44340014867871162");
user_pref("CT2438727.ValidationData_Toolbar", 2);
user_pref("CT2438727.alertChannelId", "832836");
user_pref("CT2438727.clientLogIsEnabled", false);
user_pref("CT2438727.clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent");
user_pref("CT2438727.myStuffEnabled", true);
user_pref("CT2438727.myStuffPublihserMinWidth", 400);
user_pref("CT2438727.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOrigin=29&ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID");
user_pref("CT2438727.myStuffServiceIntervalMM", 1440);
user_pref("CT2438727.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?ComponentId=EB_MY_STUFF_INSTANCE_GUID&lut=EB_MY_STUFF_LUT");
user_pref("CT2438727.uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation");
user_pref("CommunityToolbar.ToolbarsList", "CT2438727");
user_pref("CommunityToolbar.ToolbarsList2", "CT2438727");
---- Lines CT2438727 modified from prefs.js ----
---- Lines CT2438727 removed from user.js ----
---- Lines conduit removed from prefs.js ----
user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com");
user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");
---- Lines conduit modified from prefs.js ----
---- Lines conduit removed from user.js ----
---- Lines asktb removed from prefs.js ----
user_pref("extensions.snipit.askTbInstalled", true);
---- Lines asktb modified from prefs.js ----
---- Lines asktb removed from user.js ----
---- Lines y2layers removed from prefs.js ----
user_pref("extentions.y2layers.defaultEnableAppsList", "DropDownDeals,buzzdock,YontooNewOffers");
user_pref("extentions.y2layers.installId", "f467f040-3ed8-4893-a6bd-aeaae12c7e4e");
---- Lines y2layers modified from prefs.js ----
---- Lines y2layers removed from user.js ----
user_pref("yahoo.homepage.dontask", true);user_pref("extentions.y2layers.installId", "f467f040-3ed8-4893-a6bd-aeaae12c7e4e");
user_pref("extentions.y2layers.defaultEnableAppsList", "DropDownDeals,buzzdock,YontooNewOffers");
---- Lines yontoo removed from prefs.js ----
---- Lines yontoo modified from prefs.js ----
user_pref("extensions.installCache", "[{\"name\":\"winreg-app-global\",\"addons\":{\"{20a82645-c095-46ed-80e3-08825760534b}\":{\"descriptor\":\"c:\\\\Windows\\\\Microsoft.NET\\\\Framework\\\\v3.5\\\\Windows Presentation Foundation\\\\DotNetAssistantExtension\",\"mtime\":1246523094764},\"virtualKeyboard@kaspersky.ru\":{\"descriptor\":\"C:\\\\Program Files\\\\Kaspersky Lab\\\\Kaspersky Anti-Virus 2012\\\\FFExt\\\\virtualKeyboard@kaspersky.ru\",\"mtime\":1351508695864},\"linkfilter@kaspersky.ru\":{\"descriptor\":\"C:\\\\Program Files\\\\Kaspersky Lab\\\\Kaspersky Anti-Virus 2012\\\\FFExt\\\\linkfilter@kaspersky.ru\",\"mtime\":1351508695842}}},{\"name\":\"app-global\",\"addons\":{\"linkfilter@kaspersky.ru_bak2\":{\"descriptor\":\"C:\\\\Program Files\\\\Mozilla Firefox\\\\extensions\\\\linkfilter@kaspersky.ru_bak2\",\"mtime\":1328028413397},\"search@searchsettings.com\":{\"descriptor\":\"C:\\\\Program Files\\\\Mozilla Firefox\\\\extensions\\\\search@searchsettings.com\",\"mtime\":1247106149605},\"{972ce4c6-7e08-4474-a285-3208198ce6fd}\":{\"descriptor\":\"C:\\\\Program Files\\\\Mozilla Firefox\\\\extensions\\\\{972ce4c6-7e08-4474-a285-3208198ce6fd}\",\"mtime\":1366651826083},\"{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}\":{\"descriptor\":\"C:\\\\Program Files\\\\Mozilla Firefox\\\\extensions\\\\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}\",\"mtime\":1347026494201}}},{\"name\":\"app-profile\",\"addons\":{\"adblockpopups@jessehakanen.net\":{\"descriptor\":\"C:\\\\Users\\\\tomislav\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\noa2du0z.default\\\\extensions\\\\adblockpopups@jessehakanen.net.xpi\",\"mtime\":1371325417568},\"plugin@yontoo.com\":{\"descriptor\":\"C:\\\\Users\\\\tomislav\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\noa2du0z.default\\\\extensions\\\\plugin@yontoo.com\",\"mtime\":1367352216129},\"toolbar@web.de\":{\"descriptor\":\"C:\\\\Users\\\\tomislav\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\noa2du0z.default\\\\extensions\\\\toolbar@web.de.xpi\",\"mtime\":1372309252577},\"{4DC70064-89E2-4a55-8FC6-E8CDEAE3618C}\":{\"descriptor\":\"C:\\\\Users\\\\tomislav\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\noa2du0z.default\\\\extensions\\\\{4DC70064-89E2-4a55-8FC6-E8CDEAE3618C}.xpi\",\"mtime\":1371325242088},\"{7b13ec3e-999a-4b70-b9cb-2617b8323822}\":{\"descriptor\":\"C:\\\\Users\\\\tomislav\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\noa2du0z.default\\\\extensions\\\\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\",\"mtime\":1360421879511},\"{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}\":{\"descriptor\":\"C:\\\\Users\\\\tomislav\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\noa2du0z.default\\\\extensions\\\\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi\",\"mtime\":1371387988139}}}]");
---- Lines yontoo removed from user.js ----
---- Lines CommunityToolbar removed from prefs.js ----
user_pref("CommunityToolbar.alert.alertInfoInterval", 60);
user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Thu Mar 11 2010 16:37:25 GMT+0100");
user_pref("CommunityToolbar.alert.locale", "en");
user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);
user_pref("CommunityToolbar.alert.loginLastCheckTime", "Thu Mar 11 2010 07:05:23 GMT+0100");
user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1234796400");
user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);
user_pref("CommunityToolbar.alert.showTrayIcon", false);
user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);
user_pref("CommunityToolbar.alert.userId", "{30860e12-a9bd-4853-b95f-bb2c8b903a53}");
user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "hxxp://search.freecause.com/search?fr=freecause&ourmark=3&type=60089&ei=utf-8&yahoo_domain=search.yahoo.com&p=");
---- Lines CommunityToolbar modified from prefs.js ----
---- Lines CommunityToolbar removed from user.js ----
---- FireFox user.js and prefs.js backups ----
user__0035_.backup
prefs__0035_.backup
==== Registry Fix Code ======================
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"bProtectTabs"=-
==== Deleting Files \ Folders ======================
"C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml" deleted
"C:\Users\Public\sdelevURL.tmp" deleted
"C:\ProgramData\hpe9704.dll" deleted
"C:\Users\tomislav\AppData\Roaming\Mozilla\Firefox\Profiles\noa2du0z.default\searchplugins\babylon.xml" deleted
"C:\Users\tomislav\AppData\Roaming\Mozilla\Firefox\Profiles\noa2du0z.default\searchplugins\search-the-web.xml" deleted
"C:\Users\tomislav\AppData\Roaming\Mozilla\Firefox\Profiles\noa2du0z.default\bProtector_extensions.rdf" deleted
"C:\Users\tomislav\AppData\Roaming\Yontoo\YontooDesktop.exe" deleted
"C:\Users\tomislav\AppData\Roaming\Yontoo\dat\Desktop.OS.Plugin.dll" deleted
"C:\Program Files\Common Files\DVDVideoSoft\TB" deleted
"C:\Program Files\Yontoo" deleted
"C:\Program Files\Conduit" deleted
"C:\Users\tomislav\AppData\Roaming\DVDVideoSoftIEHelpers" deleted
"C:\Users\tomislav\AppData\Roaming\Babylon" deleted
"C:\Users\tomislav\AppData\Roaming\Yontoo" deleted
"C:\ProgramData\Tarma Installer" deleted
"C:\ProgramData\Babylon" deleted
"C:\Users\tomislav\AppData\LocalLow\Delta" deleted
"C:\Users\tomislav\AppData\LocalLow\Conduit" deleted
"C:\Users\tomislav\AppData\LocalLow\Search Settings" deleted
"C:\Users\tomislav\AppData\Roaming\Mozilla\Firefox\Profiles\noa2du0z.default\CT2438727" deleted
"C:\Users\tomislav\AppData\Roaming\Mozilla\Firefox\Profiles\noa2du0z.default\CT2438727" deleted
"C:\Users\tomislav\AppData\Roaming\Mozilla\Firefox\Profiles\noa2du0z.default\conduit" deleted
"C:\Users\tomislav\AppData\Roaming\Mozilla\Firefox\Profiles\noa2du0z.default\extensions\plugin@yontoo.com" deleted
"C:\Users\tomislav\AppData\Roaming\Yontoo\dat" deleted
==== System Specs ======================
Windows: Windows XP Home Edition Service Pack 2 (Build 2600)
Memory (RAM): 3039 MB
CPU Info: Intel(R) Core(TM)2 Duo CPU T6400 @ 2.00GHz
CPU Speed: 2013,4 MHz
Sound Card: Lautsprecher/Kopfhörer (Realtek |
Display Adapters: ATI Mobility Radeon HD 3430 | ATI Mobility Radeon HD 3430 | RDPDD Chained DD | RDP Encoder Mirror Driver
Monitors: 1x; PnP-Monitor (Standard) |
Screen Resolution: 1280 X 800 - 32 bit
Network: Network Present
Network Adapters: Intel(R) WiFi Link 5100 AGN | Marvell Yukon 88E8055 PCI-E Gigabit Ethernet Controller
CD / DVD Drives: 1x (F: | ) F: PIONEER DVD-RW DVRTD08
Ports: COM3 LPT Port NOT Present.
Mouse: 5 Button Wheel Mouse Present
Hard Disks: C: 223,1GB
Hard Disks - Free: C: 119,1GB
Manufacturer *: American Megatrends Inc.
BIOS Info: AT/AT COMPATIBLE | 05/09/08 | Sony - 20080918
Time Zone: Mitteleuropäische Zeit
Motherboard *: Sony Corporation VAIO
Internet Explorer Version: 7.0.6002.18005
Sun Java version: 1.7.0_21
Country: Deutschland
Language: DEU
==== Files Recently Created / Modified ======================
====== C:\Windows ====
2013-06-30 20:30:45 00DA230F5E53F2E76C5296E9A7BC6ACA 475449745 ----a-w- C:\Windows\MEMORY.DMP
====== C:\Users\tomislav\AppData\Local\Temp ====
2013-06-30 18:04:23 F3A10836603E03A28CAF404B29328F92 394320 ----a-w- C:\Users\tomislav\AppData\Local\Temp\uninst1.exe
2013-06-30 17:06:03 03EF087BE6876AB29AAF8F48391037A4 45217872 ----a-w- C:\Users\tomislav\AppData\Local\Temp\SHSetup.exe
====== C:\Windows\system32 =====
2013-06-30 18:52:29 D6C0B7DAC6C4471E86F6A57BB0871DF9 399344 ----a-w- C:\Windows\System32\FNTCACHE.DAT
====== C:\Windows\system32\drivers =====
2013-06-11 21:53:50 548E198BAE21EFC21F8B5F0C1728AD27 905576 ----a-w- C:\Windows\System32\drivers\tcpip.sys
====== C:\Windows\Tasks ======
2013-06-30 22:26:23 4992A9048E8140F9DC4D37E9061023BE 3044 ----a-w- C:\Windows\system32\Tasks\{1317B672-A152-4298-8D12-CF8C186EDEAA}
====== C:\Windows\Temp ======
======= C:\Program Files =====
2013-06-30 17:58:22 -------- d-----w- C:\Program Files\VS Revo Group
2013-06-30 17:08:08 -------- d-----w- C:\Program Files\Enigma Software Group
2013-06-30 17:06:44 -------- d-----w- C:\Program Files\Common Files\Wise Installation Wizard
======= C: =====
====== C:\Users\tomislav\AppData\Roaming ======
2013-06-30 18:54:16 62E5B21ABD8A24C485ADBBD5F71BC0B9 108128 ----a-w- C:\users\tomislav\AppData\Local\GDIPFONTCACHEV1.DAT
2013-06-30 17:58:22 -------- d-----w- C:\users\tomislav\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
====== C:\Users\tomislav ======
2013-06-30 20:02:13 60BF4AE8CC40B0E3E28613657ED2EED8 377856 ----a-w- C:\Users\tomislav\Desktop\gmer_2.1.19163.exe
2013-06-30 19:02:46 4ADCFEE16EE9978F06157634669D36FB 602112 ----a-w- C:\Users\tomislav\Desktop\OTL.exe
2013-06-30 18:49:46 F7C5B5C74D69EEA3549E3C6A8FD859B0 20 ----a-w- C:\Users\tomislav\defogger_reenable
2013-06-30 18:47:25 9146F21288AB749C4C729343F5F285A1 50477 ----a-w- C:\Users\tomislav\Desktop\Defogger.exe
====== C: exe-files ==
2013-06-30 20:02:13 60BF4AE8CC40B0E3E28613657ED2EED8 377856 ----a-w- C:\Users\tomislav\Desktop\gmer_2.1.19163.exe
2013-06-30 19:02:46 4ADCFEE16EE9978F06157634669D36FB 602112 ----a-w- C:\Users\tomislav\Desktop\OTL.exe
2013-06-30 19:02:11 F76EAAC80F4A027EFCD16B85CD21F29D 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-2861547508-2184014260-3141022536-1003\$IHXG3VH.exe
2013-06-30 18:47:25 9146F21288AB749C4C729343F5F285A1 50477 ----a-w- C:\Users\tomislav\Desktop\Defogger.exe
2013-06-30 18:04:23 F3A10836603E03A28CAF404B29328F92 394320 ----a-w- C:\Users\tomislav\AppData\Local\Temp\uninst1.exe
2013-06-30 18:02:13 0B18480A1813A3A817CD8C6F3B2A49C0 4396440 ----a-w- C:\$Recycle.Bin\S-1-5-21-2861547508-2184014260-3141022536-1003\$RHXG3VH.exe
2013-06-30 17:58:23 C91D2962373AE6B473C61C1F4B3596BD 87544 ----a-w- C:\Program Files\VS Revo Group\Revo Uninstaller\uninst.exe
2013-06-30 17:50:22 6B110E925294547A7D288F26DA19D199 179687 ----a-w- C:\Windows\E89498D814304A2BA76A4A71326981E9.TMP\WiseCustomCalla18.exe
2013-06-30 17:06:53 3EA9770BD2DC4F270E00AEDA2B6D640E 180902 ----a-w- C:\Windows\E89498D814304A2BA76A4A71326981E9.TMP\WiseCustomCalla22.exe
2013-06-30 17:06:03 03EF087BE6876AB29AAF8F48391037A4 45217872 ----a-w- C:\Users\tomislav\AppData\Local\Temp\SHSetup.exe
2013-06-27 05:15:21 80633916458CC8041D0F483B7633E9F6 1582944 ----a-w- C:\Program Files\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\27.0.1453.116\27.0.1453.116_27.0.1453.110_chrome_updater.exe
=== C: other files ==
==== Startup Registry Enabled ======================
[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]
"WindowsWelcomeCenter"="rundll32.exe oobefldr.dll,ShowWelcomeCenter"
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /detectMem"
[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]
"WindowsWelcomeCenter"="rundll32.exe oobefldr.dll,ShowWelcomeCenter"
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /detectMem"
[HKEY_USERS\S-1-5-21-2861547508-2184014260-3141022536-1003\Software\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe"
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
"Skytel"="Skytel.exe"
"SunJavaUpdateSched"="C:\Program Files\Common Files\Java\Java Update\jusched.exe"
"Adobe ARM"="C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"Windows Defender"="%ProgramFiles%\Windows Defender\MSASCui.exe -hide"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe"
==== Startup Registry Disabled ======================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe ARM]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Adobe ARM"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe\""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe Reader Speed Launcher]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Adobe Reader Speed Launcher"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Adobe\\Reader 9.0\\Reader\\Reader_sl.exe\""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AppleSyncNotifier]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="AppleSyncNotifier"
"hkey"="HKLM"
"command"="C:\\Program Files\\Common Files\\Apple\\Mobile Device Support\\AppleSyncNotifier.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\APSDaemon]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="APSDaemon"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Common Files\\Apple\\Apple Application Support\\APSDaemon.exe\""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\EEventManager]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="EEventManager"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Epson Software\\Event Manager\\EEventManager.exe\""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\EPSON SX125 Series]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="EPSON SX125 Series"
"hkey"="HKCU"
"command"="C:\\Windows\\system32\\spool\\DRIVERS\\W32X86\\3\\E_FATIGGE.EXE /FU \"C:\\Windows\\TEMP\\E_S9C98.tmp\" /EF \"HKCU\""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\iTunesHelper]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="iTunesHelper"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\MobileDocuments]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="MobileDocuments"
"hkey"="HKCU"
"command"="C:\\Program Files\\Common Files\\Apple\\Internet Services\\ubd.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\msnmsgr]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="msnmsgr"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe\" /background"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\NSUFloatingUI]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NSUFloatingUI"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Sony\\Network Utility\\LANUtil.exe\""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="QuickTime Task"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\QuickTime\\QTTask.exe\" -atboottime"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RtHDVCpl]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="RtHDVCpl"
"hkey"="HKLM"
"command"="RtHDVCpl.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SearchSettings]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SearchSettings"
"hkey"="HKLM"
"command"="C:\\Program Files\\Search Settings\\SearchSettings.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Sony Ericsson PC Suite]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Sony Ericsson PC Suite"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Sony Ericsson\\Sony Ericsson PC Suite\\SEPCSuite.exe\" /systray /nologon"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\StartCCC]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="StartCCC"
"hkey"="HKLM"
"command"="\"c:\\Program Files\\ATI Technologies\\ATI.ACE\\Core-Static\\CLIStart.exe\" MSRun"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SunJavaUpdateSched]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SunJavaUpdateSched"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Java\\jre6\\bin\\jusched.exe\""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SynTPEnh]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SynTPEnh"
"hkey"="HKLM"
"command"="C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Yontoo Desktop]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Yontoo Desktop"
"hkey"="HKCU"
"command"="\"C:\\Users\\tomislav\\AppData\\Roaming\\Yontoo\\YontooDesktop.exe\""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^hpoddt01.exe.lnk]
"path"="C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\hpoddt01.exe.lnk"
"backup"="C:\\Windows\\pss\\hpoddt01.exe.lnk.CommonStartup"
"backupExtension"=".CommonStartup"
"command"="C:\\PROGRA~1\\HEWLET~1\\DIGITA~1\\bin\\hpotdd01.exe "
"item"="hpoddt01.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk]
"path"="C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\McAfee Security Scan Plus.lnk"
"backup"="C:\\Windows\\pss\\McAfee Security Scan Plus.lnk.CommonStartup"
"backupExtension"=".CommonStartup"
"command"="C:\\PROGRA~1\\MCAFEE~1\\30D80A~1.285\\SSSCHE~1.EXE "
"item"="McAfee Security Scan Plus"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run-]
"ISBMgr.exe"="\"C:\\Program Files\\Sony\\ISB Utility\\ISBMgr.exe\""
"MarketingTools"="C:\\Program Files\\Sony\\Marketing Tools\\MarketingTools.exe"
"GrooveMonitor"="\"C:\\Program Files\\Microsoft Office\\Office12\\GrooveMonitor.exe\""
==== Task Scheduler Jobs ======================
C:\Windows\tasks\1-Klick-Wartung.job --a------ C:\Program Files\TuneUp Utilities 2009\OneClickStarter.exe [15.07.2009 12:07]
C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [12.06.2013 01:06]
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [25.03.2013 18:05]
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [25.03.2013 18:05]
==== Firefox Extensions ======================
ProfilePath: C:\Users\tomislav\AppData\Roaming\Mozilla\Firefox\Profiles\noa2du0z.default
- Microsoft .NET Framework Assistant - %ProfilePath%\extensions\{20a82645-c095-46ed-80e3-08825760534b}(463)
- Zynga Community Toolbar - %ProfilePath%\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
- Adblock Plus Pop-up Addon - %ProfilePath%\extensions\adblockpopups@jessehakanen.net.xpi
- WEB.DE MailCheck - %ProfilePath%\extensions\toolbar@web.de.xpi
- Updated Ad Blocker for Firefox 11 - %ProfilePath%\extensions\{4DC70064-89E2-4a55-8FC6-E8CDEAE3618C}.xpi
- Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
AppDir: C:\Program Files\Mozilla Firefox
- Kaspersky URL Advisor - %AppDir%\extensions\linkfilter@kaspersky.ru_bak2
- Search Settings Plugin - %AppDir%\extensions\search@searchsettings.com
- Default - %AppDir%\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
- Java Console - %AppDir%\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
==== Firefox Plugins ======================
Profilepath: C:\Users\tomislav\AppData\Roaming\Mozilla\Firefox\Profiles\noa2du0z.default
3D76B5C0E02ECC19C1F5756E8FD97F72 - C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll - Shockwave Flash
3D928B3FE97C403A33F803B3D1A260C9 - C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll - Google Update
F833DD5D8F959819F44BC98F47B1B6BB - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll - Adobe Acrobat
65D09D8BC91D74C8800725EB33D1EE1B - C:\Program Files\Adobe\Reader 10.0\Reader\browser\nppdf32.dll - Adobe Acrobat
65D09D8BC91D74C8800725EB33D1EE1B - C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll - Adobe Acrobat
8F24103AB984847AA2939F58F19CCC98 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll - Java(TM) Platform SE 7 U21
E971E06DDE68684CB3957C5D0E133CB0 - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll - Google Earth Plugin
A5C14075B571AF1C9592595BE724D9D2 - c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll - Silverlight Plug-In
6846D2CA7E1D5937AEE3F99BB7F5464B - C:\Windows\system32\Adobe\Director\np32dsw_1168638.dll - Shockwave for Director / Shockwave for Director
443A798C8F392A4BF6664719A3EE09F0 - C:\Program Files\QuickTime\Plugins\npqtplugin7.dll - QuickTime Plug-in 7.6.9
443A798C8F392A4BF6664719A3EE09F0 - C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll - QuickTime Plug-in 7.6.9
23748B1E486965DE08047401D0DED1A5 - C:\Program Files\QuickTime\Plugins\npqtplugin6.dll - QuickTime Plug-in 7.6.9
23748B1E486965DE08047401D0DED1A5 - C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll - QuickTime Plug-in 7.6.9
0C26352177343024AE09FAC7D37DC8DD - C:\Program Files\QuickTime\Plugins\npqtplugin5.dll - QuickTime Plug-in 7.6.9
0C26352177343024AE09FAC7D37DC8DD - C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll - QuickTime Plug-in 7.6.9
25507654E2246122F42F719B9B778095 - C:\Program Files\QuickTime\Plugins\npqtplugin4.dll - QuickTime Plug-in 7.6.9
25507654E2246122F42F719B9B778095 - C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll - QuickTime Plug-in 7.6.9
FD9A4AF98F46E8E97510807F41AE3D08 - C:\Program Files\QuickTime\Plugins\npqtplugin3.dll - QuickTime Plug-in 7.6.9
FD9A4AF98F46E8E97510807F41AE3D08 - C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll - QuickTime Plug-in 7.6.9
E4596D149E2BD2C5640CBA49020C18A4 - C:\Program Files\QuickTime\Plugins\npqtplugin2.dll - QuickTime Plug-in 7.6.9
E4596D149E2BD2C5640CBA49020C18A4 - C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll - QuickTime Plug-in 7.6.9
12F23B87BB0D2BFAEF112524B58DBC25 - C:\Program Files\QuickTime\Plugins\npqtplugin.dll - QuickTime Plug-in 7.6.9
12F23B87BB0D2BFAEF112524B58DBC25 - C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll - QuickTime Plug-in 7.6.9
D28AD1CB902AC6D228532812D3850C7D - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll - iTunes Application Detector
C517E5EA7CEE783F3681F62D2A362E5B - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll - Windows Live? Photo Gallery
31DA97B4682187C6639BBE2215814FDA - C:\Windows\system32\Adobe\Director\np32dsw.dll - Shockwave for Director / Shockwave for Director
24E990B1E6D55428001843CF7217DD81 - C:\Program Files\Microsoft\Office Live\npOLW.dll - Microsoft Office Live Plug-in for Firefox / Microsoft Office Live Plug-in for Firefox
D94C362E750F8C283BF52537D3DF28B5 - C:\Users\tomislav\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll - Facebook Plugin
E93467C5327C2760FCAB2B4670847496 - C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll - DivX Player Netscape Plugin
E93467C5327C2760FCAB2B4670847496 - C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll - DivX Player Netscape Plugin
1DE714BB4BB48B10BC94FF84C9BC6471 - C:\Program Files\DivX\DivX Web Player\npdivx32.dll - DivX Web Player
1DE714BB4BB48B10BC94FF84C9BC6471 - C:\Program Files\Mozilla Firefox\plugins\npdivx32.dll - DivX Web Player
AB87EEFFD18F2BAAFC274E7075EA6C67 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll - Windows Presentation Foundation / Windows Presentation Foundation
99F97C9FE748C37528C338A423577FCB - C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll - Microsoft® Windows Media Player Firefox Plugin
9A6101F29E2E9D41B99CBCC8F106E8FE - C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL - 2007 Microsoft Office system
2AA3703D87E1327A2290C9D416D89A28 - c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrlui.dll - Microsoft® Silverlight
==== Deleting Files \ Folders ======================
"C:\Users\tomislav\AppData\Roaming\Mozilla\Firefox\Profiles\noa2du0z.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}" deleted
==== Chrome Look ======================
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
dchlnpcodkpfdpacogkljefecpegganj - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\ChromeExt\urladvisor.crx[02.05.2012 13:55]
jagncdcchgajhfhijbbhecadmaiegcmh - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\ChromeExt\virtkbd.crx[02.05.2012 13:55]
niapdbllcanepiiimjjndipklodoedlc - C:\Program Files\Yontoo\YontooLayers.crx[]
pjldcfjmnllhmgjclecdnfampinooman - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\ChromeExt\ab.crx[25.04.2011 21:14]
Google Docs - tomislav - Default\Extensions\aohghmighlieiainnegkcijnfilokake
Google Drive - tomislav - Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
YouTube - tomislav - Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Search - tomislav - Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
Kaspersky URL Advisor - tomislav - Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj
Virtual Keyboard - tomislav - Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh
Gmail - tomislav - Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia
Anti-Banner - tomislav - Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman
==== Set IE to Default ======================
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="hxxp://www.google.de/"
"Default_Page_URL"="hxxp://www.club-vaio.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="hxxp://www.club-vaio.com"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}] not found
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="hxxp://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page"="hxxp://www.google.de/"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="hxxp://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"
==== All HKCU SearchScopes ======================
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{211C04C6-B620-4ECC-9FBE-9505793150E1} Yahoo//de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=867034&p={searchTerms}"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"
{D645DA1C-3672-4AE1-AD32-6ADE02A88FD2} Google Url="hxxp://www.google.de/search?hl=de&q={searchTerms}&meta="
==== Deleting Registry Keys ======================
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc deleted successfully
==== HijackThis Entries ======================
R3 - URLSearchHook: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb128\SearchSettings.dll
O1 - Hosts: ::1 localhost
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\ievkbd.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb128\SearchSettings.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\klwtbbho.dll
O3 - Toolbar: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\tomislav\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra 'Tools' menuitem: Sun Java-Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\ievkbd.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\klwtbbho.dll
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - hxxp://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/de/uno1/GAME_UNO1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Kaspersky Anti-Virus Service (AVP) - Kaspersky Lab ZAO - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe
O23 - Service: Dienst "Bonjour" (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: Google Update-Dienst (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update-Dienst (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\3.0.285\McCHSvc.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: Norton PC Checkup Application Launcher - Symantec Corporation - C:\Program Files\Norton PC Checkup 3.0\SymcPCCULaunchSvc.exe
O23 - Service: NSUService - Sony Corporation - C:\Program Files\sony\Network Utility\NSUService.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: Realtek Audio Service (RtkAudioService) - Realtek Semiconductor - C:\Windows\RtkAudioService.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: VAIO Media plus Content Importer (SOHCImp) - Sony Corporation - C:\Program Files\Sony\VAIO Media plus\SOHCImp.exe
O23 - Service: VAIO Media plus Digital Media Server (SOHDms) - Sony Corporation - C:\Program Files\Sony\VAIO Media plus\SOHDms.exe
O23 - Service: VAIO Media plus Device Searcher (SOHDs) - Sony Corporation - C:\Program Files\Sony\VAIO Media plus\SOHDs.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - C:\Windows\System32\TuneUpDefragService.exe
O23 - Service: @%SystemRoot%\System32\TUProgSt.exe,-1 (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\Windows\System32\TUProgSt.exe
O23 - Service: CamMonitor (uCamMonitor) - ArcSoft, Inc. - C:\Program Files\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Power Management - Sony Corporation - C:\Program Files\Sony\VAIO Power Management\SPMService.exe
O23 - Service: VAIO Content Folder Watcher (VCFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
O23 - Service: VAIO Content Metadata Intelligent Analyzing Manager (VcmIAlzMgr) - Sony Corporation - C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
O23 - Service: VAIO Content Metadata XML Interface (VcmXmlIfHelper) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
==== Empty IE Cache ======================
C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\tomislav\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Windows\serviceprofiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
==== Empty FireFox Cache ======================
C:\users\tomislav\AppData\Local\Mozilla\Firefox\Profiles\noa2du0z.default\Cache emptied successfully
==== Empty Chrome Cache ======================
C:\users\tomislav\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
==== Empty All Flash Cache ======================
Flash Cache Emptied Successfully
==== Empty All Java Cache ======================
Java Cache cleared successfully
==== After Reboot ======================
==== Empty Temp Folders ======================
C:\Windows\Temp successfully emptied
C:\Users\tomislav\AppData\Local\Temp successfully emptied
==== Empty Recycle Bin ======================
C:\$RECYCLE.BIN successfully emptied
==== Deleting Files / Folders ======================
"C:\Users\tomislav\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found
"C:\Windows\serviceprofiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found
==== EOF on 01.07.2013 at 0:45:52,83 ======================
Geändert von karato (30.06.2013 um 23:56 Uhr) |
|
01.07.2013, 07:05
| #4 |
| /// Malwareteam / Visitor | pc langsam, firefox lässt sich nicht gleich öffnen... Super dass es geklappt hat :}
Downloade Dir bitte  AdwCleaner auf deinen Desktop.
|
|
01.07.2013, 15:46
| #5 |
| | pc langsam, firefox lässt sich nicht gleich öffnen... Hallo Smeenk, Code:
ATTFilter Zoek.exe Version 4.0.0.3 Updated 27-June-2013
Tool run by tomislav on 01.07.2013 at 14:40:43,16.
Microsoft® Windows Vista™ Home Premium 6.0.6002 Service Pack 2 x86
Running in: Normal Mode Internet Access Detected
==== Older Logs ======================
C:\zoek-results01.07.2013-0009.log 397 bytes
C:\zoek-results01.07.2013-0045.log 50565 bytes
==== Registry Fix Code ======================
Windows Registry Editor Version 5.00
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Yontoo Desktop]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SearchSettings]
==== Deleting Files \ Folders ======================
"C:\Program Files\Search Settings" deleted
==== Firefox Extensions ======================
ProfilePath: C:\Users\tomislav\AppData\Roaming\Mozilla\Firefox\Profiles\noa2du0z.default
- Microsoft .NET Framework Assistant - %ProfilePath%\extensions\{20a82645-c095-46ed-80e3-08825760534b}(463)
- Adblock Plus Pop-up Addon - %ProfilePath%\extensions\adblockpopups@jessehakanen.net.xpi
- WEB.DE MailCheck - %ProfilePath%\extensions\toolbar@web.de.xpi
- Updated Ad Blocker for Firefox 11 - %ProfilePath%\extensions\{4DC70064-89E2-4a55-8FC6-E8CDEAE3618C}.xpi
- Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
AppDir: C:\Program Files\Mozilla Firefox
- Kaspersky URL Advisor - %AppDir%\extensions\linkfilter@kaspersky.ru_bak2
- Search Settings Plugin - %AppDir%\extensions\search@searchsettings.com
- Default - %AppDir%\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
- Java Console - %AppDir%\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
==== Firefox Plugins ======================
Profilepath: C:\Users\tomislav\AppData\Roaming\Mozilla\Firefox\Profiles\noa2du0z.default
3D76B5C0E02ECC19C1F5756E8FD97F72 - C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll - Shockwave Flash
3D928B3FE97C403A33F803B3D1A260C9 - C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll - Google Update
F833DD5D8F959819F44BC98F47B1B6BB - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll - Adobe Acrobat
65D09D8BC91D74C8800725EB33D1EE1B - C:\Program Files\Adobe\Reader 10.0\Reader\browser\nppdf32.dll - Adobe Acrobat
65D09D8BC91D74C8800725EB33D1EE1B - C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll - Adobe Acrobat
8F24103AB984847AA2939F58F19CCC98 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll - Java(TM) Platform SE 7 U21
E971E06DDE68684CB3957C5D0E133CB0 - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll - Google Earth Plugin
A5C14075B571AF1C9592595BE724D9D2 - c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll - Silverlight Plug-In
6846D2CA7E1D5937AEE3F99BB7F5464B - C:\Windows\system32\Adobe\Director\np32dsw_1168638.dll - Shockwave for Director / Shockwave for Director
443A798C8F392A4BF6664719A3EE09F0 - C:\Program Files\QuickTime\Plugins\npqtplugin7.dll - QuickTime Plug-in 7.6.9
443A798C8F392A4BF6664719A3EE09F0 - C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll - QuickTime Plug-in 7.6.9
23748B1E486965DE08047401D0DED1A5 - C:\Program Files\QuickTime\Plugins\npqtplugin6.dll - QuickTime Plug-in 7.6.9
23748B1E486965DE08047401D0DED1A5 - C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll - QuickTime Plug-in 7.6.9
0C26352177343024AE09FAC7D37DC8DD - C:\Program Files\QuickTime\Plugins\npqtplugin5.dll - QuickTime Plug-in 7.6.9
0C26352177343024AE09FAC7D37DC8DD - C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll - QuickTime Plug-in 7.6.9
25507654E2246122F42F719B9B778095 - C:\Program Files\QuickTime\Plugins\npqtplugin4.dll - QuickTime Plug-in 7.6.9
25507654E2246122F42F719B9B778095 - C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll - QuickTime Plug-in 7.6.9
FD9A4AF98F46E8E97510807F41AE3D08 - C:\Program Files\QuickTime\Plugins\npqtplugin3.dll - QuickTime Plug-in 7.6.9
FD9A4AF98F46E8E97510807F41AE3D08 - C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll - QuickTime Plug-in 7.6.9
E4596D149E2BD2C5640CBA49020C18A4 - C:\Program Files\QuickTime\Plugins\npqtplugin2.dll - QuickTime Plug-in 7.6.9
E4596D149E2BD2C5640CBA49020C18A4 - C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll - QuickTime Plug-in 7.6.9
12F23B87BB0D2BFAEF112524B58DBC25 - C:\Program Files\QuickTime\Plugins\npqtplugin.dll - QuickTime Plug-in 7.6.9
12F23B87BB0D2BFAEF112524B58DBC25 - C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll - QuickTime Plug-in 7.6.9
D28AD1CB902AC6D228532812D3850C7D - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll - iTunes Application Detector
C517E5EA7CEE783F3681F62D2A362E5B - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll - Windows Live? Photo Gallery
31DA97B4682187C6639BBE2215814FDA - C:\Windows\system32\Adobe\Director\np32dsw.dll - Shockwave for Director / Shockwave for Director
24E990B1E6D55428001843CF7217DD81 - C:\Program Files\Microsoft\Office Live\npOLW.dll - Microsoft Office Live Plug-in for Firefox / Microsoft Office Live Plug-in for Firefox
D94C362E750F8C283BF52537D3DF28B5 - C:\Users\tomislav\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll - Facebook Plugin
E93467C5327C2760FCAB2B4670847496 - C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll - DivX Player Netscape Plugin
E93467C5327C2760FCAB2B4670847496 - C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll - DivX Player Netscape Plugin
1DE714BB4BB48B10BC94FF84C9BC6471 - C:\Program Files\DivX\DivX Web Player\npdivx32.dll - DivX Web Player
1DE714BB4BB48B10BC94FF84C9BC6471 - C:\Program Files\Mozilla Firefox\plugins\npdivx32.dll - DivX Web Player
AB87EEFFD18F2BAAFC274E7075EA6C67 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll - Windows Presentation Foundation / Windows Presentation Foundation
99F97C9FE748C37528C338A423577FCB - C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll - Microsoft® Windows Media Player Firefox Plugin
9A6101F29E2E9D41B99CBCC8F106E8FE - C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL - 2007 Microsoft Office system
2AA3703D87E1327A2290C9D416D89A28 - c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrlui.dll - Microsoft® Silverlight
==== Deleting Files \ Folders ======================
"C:\Program Files\Mozilla Firefox\extensions\search@searchsettings.com" deleted
==== Deleting CLSID Registry Keys ======================
HKEY_USERS\S-1-5-21-2861547508-2184014260-3141022536-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E312764E-7706-43F1-8DAB-FCDD2B1E416D} deleted successfully
HKEY_CLASSES_ROOT\CLSID\{E312764E-7706-43F1-8DAB-FCDD2B1E416D} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E312764E-7706-43F1-8DAB-FCDD2B1E416D} deleted successfully
==== Deleting CLSID Registry Values ======================
HKEY_USERS\S-1-5-21-2861547508-2184014260-3141022536-1003\Software\Microsoft\Internet Explorer\URLSearchHooks\{E312764E-7706-43F1-8DAB-FCDD2B1E416D} deleted successfully
==== EOF on 01.07.2013 at 14:43:38,68 ======================
Code:
ATTFilter # AdwCleaner v2.303 - Datei am 01/07/2013 um 16:49:51 erstellt
# Aktualisiert am 08/06/2013 von Xplode
# Betriebssystem : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# Benutzer : tomislav - TOMISLAV-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\tomislav\Desktop\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Datei Gelöscht : C:\Users\tomislav\AppData\Roaming\Microsoft\Windows\Start Menu\eBay.lnk
Datei Gelöscht : C:\Users\tomislav\AppData\Roaming\Mozilla\Firefox\Profiles\noa2du0z.default\searchplugins\11-suche.xml
Ordner Gelöscht : C:\Users\tomislav\AppData\Roaming\Mozilla\Firefox\Profiles\noa2du0z.default\FCTB
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\BabylonToolbar
Schlüssel Gelöscht : HKCU\Software\DataMngr
Schlüssel Gelöscht : HKCU\Software\DataMngr_Toolbar
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\Search Settings
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{0B1AAC97-8563-41D9-AE47-58E6A222F0E1}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{201F27D4-3704-41D6-89C1-AA35E39143ED}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3041D03E-FD4B-44E0-B742-2D9B88305F98}
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\YahooPartnerToolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\52538fdfb23fbe14
Schlüssel Gelöscht : HKLM\Software\Babylon
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{7E84186E-B5DE-4226-8A66-6E49C6B511B4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{99066096-8989-4612-841F-621A01D54AD7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{9AFB8248-617F-460D-9366-D71CDEDA3179}
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Features\79CAA1B036589D14EA74856E2A220F1E
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Products\79CAA1B036589D14EA74856E2A220F1E
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D5A1EF9A-7948-435D-8B87-D6A598317288}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\SearchSettings.BHO
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\SearchSettings.BHO.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2438727
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{CD082CCA-086F-4FD8-8FD7-247A0DBBD1CC}
Schlüssel Gelöscht : HKLM\Software\Conduit
Schlüssel Gelöscht : HKLM\Software\DataMngr
Schlüssel Gelöscht : HKLM\Software\DomaIQ
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\79CAA1B036589D14EA74856E2A220F1E
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{0B1AAC97-8563-41D9-AE47-58E6A222F0E1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Schlüssel Gelöscht : HKLM\Software\Search Settings
Schlüssel Gelöscht : HKLM\Software\Tarma Installer
***** [Internet Browser] *****
-\\ Internet Explorer v7.0.6002.18005
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v20.0 (de)
Datei : C:\Users\tomislav\AppData\Roaming\Mozilla\Firefox\Profiles\noa2du0z.default\prefs.js
C:\Users\tomislav\AppData\Roaming\Mozilla\Firefox\Profiles\noa2du0z.default\user.js ... Gelöscht !
Gelöscht : user_pref("freecause8635b6a9854d4d28a1a0ccd2bb605e51.ClearCacheDate", 27);
Gelöscht : user_pref("freecause8635b6a9854d4d28a1a0ccd2bb605e51.helpUsImprove", true);
Gelöscht : user_pref("freecause8635b6a9854d4d28a1a0ccd2bb605e51.hideOthers", false);
Gelöscht : user_pref("freecause8635b6a9854d4d28a1a0ccd2bb605e51.processAddrBar", true);
Gelöscht : user_pref("freecause8635b6a9854d4d28a1a0ccd2bb605e51.restoreSearch", false);
Gelöscht : user_pref("freecause8635b6a9854d4d28a1a0ccd2bb605e51.searchHistory", true);
Gelöscht : user_pref("freecause8635b6a9854d4d28a1a0ccd2bb605e51.showFirstLaunchOptions", false);
Gelöscht : user_pref("freecause8635b6a9854d4d28a1a0ccd2bb605e51.tb_lang", "en");
Gelöscht : user_pref("freecause8635b6a9854d4d28a1a0ccd2bb605e51.yahooSearch", true);
-\\ Google Chrome v27.0.1453.116
Datei : C:\Users\tomislav\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] Die Datei ist sauber.
*************************
AdwCleaner[S1].txt - [4969 octets] - [01/07/2013 16:49:51]
########## EOF - C:\AdwCleaner[S1].txt - [5029 octets] ##########
Geändert von karato (01.07.2013 um 15:55 Uhr) |
|
01.07.2013, 16:11
| #6 |
| /// Malwareteam / Visitor | pc langsam, firefox lässt sich nicht gleich öffnen... Wir machen weiter Downloade dir bitte  Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers Downloade Dir bitte  SecurityCheck und:
|
|
02.07.2013, 18:12
| #7 |
| | pc langsam, firefox lässt sich nicht gleich öffnen... Hallo Smeenk, vielen Dank schonmal bis hierhin. Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.06.0.1004
www.malwarebytes.org
Database version: v2013.07.01.06
Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 7.0.6002.18005
tomislav :: TOMISLAV-PC [administrator]
01.07.2013 18:24:49
mbar-log-2013-07-01 (18-24-49).txt
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUM | P2P
Scan options disabled: PUP
Objects scanned: 222475
Time elapsed: 22 minute(s), 38 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
Physical Sectors Detected: 0
(No malicious items detected)
(end)
Code:
ATTFilter Results of screen317's Security Check version 0.99.68
Windows Vista Service Pack 2 x86 (UAC is enabled)
Internet Explorer 7 Out of date!
``````````````Antivirus/Firewall Check:``````````````
Kaspersky Anti-Virus
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
TuneUp Utilities 2009
CCleaner
Java(TM) 6 Update 35
Java 7 Update 21
Java(TM) 6 Update 7
Java version out of Date!
Adobe Flash Player 11.7.700.224
Adobe Reader 10.1.7 Adobe Reader out of Date!
Mozilla Firefox 20.0 Firefox out of Date!
Google Chrome 27.0.1453.110
Google Chrome 27.0.1453.116
````````Process Check: objlist.exe by Laurent````````
Windows Defender MSASCui.exe
Kaspersky Lab Kaspersky Anti-Virus 2012 avp.exe
Microsoft Small Business Business Contact Manager BcmSqlStartupSvc.exe
Windows Defender MSASCui.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: %
````````````````````End of Log``````````````````````
|
|
05.07.2013, 15:27
| #8 |
| /// Malwareteam / Visitor | pc langsam, firefox lässt sich nicht gleich öffnen... Mach diese Check: https://www.mozilla.org/de/plugincheck/ Veraltete Plugins aktualisieren lassen. Nachher eine neue Security Check Log-Datei erstellen und diese bitte hier posten |
|
05.07.2013, 17:14
| #9 |
| | pc langsam, firefox lässt sich nicht gleich öffnen... Hallo Smeenk, Code:
ATTFilter Results of screen317's Security Check version 0.99.68
Windows Vista Service Pack 2 x86 (UAC is enabled)
Internet Explorer 7 Out of date!
``````````````Antivirus/Firewall Check:``````````````
Kaspersky Anti-Virus
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
TuneUp Utilities 2009
CCleaner
Java(TM) 6 Update 35
Java 7 Update 25
Java(TM) 6 Update 7
Adobe Flash Player 11.7.700.224
Adobe Reader 10.1.7 Adobe Reader out of Date!
Mozilla Firefox (22.0)
Google Chrome 27.0.1453.110
Google Chrome 27.0.1453.116
````````Process Check: objlist.exe by Laurent````````
Windows Defender MSASCui.exe
Kaspersky Lab Kaspersky Anti-Virus 2012 avp.exe
Microsoft Small Business Business Contact Manager BcmSqlStartupSvc.exe
Windows Defender MSASCui.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: %
````````````````````End of Log``````````````````````
|
|
05.07.2013, 18:22
| #10 |
| /// Malwareteam / Visitor | pc langsam, firefox lässt sich nicht gleich öffnen... Es sieht wieder Prima aus  Merkst Du noch einige Probleme? |
|
| Themen zu pc langsam, firefox lässt sich nicht gleich öffnen... |
| bho, bonjour, cdburnerxp, converter, error, excel, firefox, flash player, google, home, install.exe, kaspersky, langsam, logfile, malware, microsoft office 2003, mp3, msiinstaller, picasa, plug-in, realtek, registry, scan, security, sehr langsam, software, starten, svchost.exe, symantec, tastatur, viren, vista, visual studio |
Linear-Darstellung
