| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Google Redirect VirusWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
28.07.2013, 17:36
| #1 |
 |  Google Redirect Virus Hallo zusammen, ich vermute, ich habe einen Suchmaschinen Redirect Virus, mein normaler Virenscanner (AntiVir) schlägt dabei leider nicht an. Ich bin daher froh dieses Forum gefunden zu haben und hoffe ihr könnt mir helfen, da der Rechner so für mich kaum noch nutzbar ist. Defogger habe ich installiert und aktiviert. Hier der Inhalt der OTL.txt OTL logfile created on: 28.07.2013 17:23:05 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Sony\Downloads 64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,86 Gb Total Physical Memory | 1,86 Gb Available Physical Memory | 48,24% Memory free 7,71 Gb Paging File | 5,14 Gb Available in Paging File | 66,68% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 452,32 Gb Total Space | 378,47 Gb Free Space | 83,67% Space Free | Partition Type: NTFS Computer Name: SONY-VAIO | User Name: Sony | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - File not found -- PRC - [2013.07.28 16:58:22 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Sony\Downloads\OTL.exe PRC - [2013.07.26 22:30:39 | 000,168,400 | ---- | M] (APN LLC.) -- C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe PRC - [2013.07.26 22:30:31 | 001,558,480 | ---- | M] (APN) -- C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe PRC - [2013.07.18 20:14:47 | 000,084,024 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2013.07.18 20:14:15 | 000,108,088 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2013.07.18 20:14:13 | 000,345,144 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2013.06.19 23:13:16 | 002,445,304 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe PRC - [2013.06.19 22:41:38 | 000,073,832 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe PRC - [2013.06.18 16:21:11 | 000,920,472 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe PRC - [2013.06.18 03:34:34 | 000,054,160 | ---- | M] (Check Point Software Technologies, Ltd.) -- C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe PRC - [2013.05.11 12:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2013.02.05 17:48:44 | 000,272,248 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe PRC - [2013.01.25 08:43:04 | 002,620,016 | ---- | M] (Iminent) -- C:\Program Files (x86)\Common Files\Umbrella\Umbrella.exe PRC - [2012.12.12 14:53:32 | 001,074,376 | ---- | M] (Iminent) -- C:\Program Files (x86)\Iminent\Iminent.exe PRC - [2012.12.12 14:53:32 | 000,884,936 | ---- | M] (Iminent) -- C:\Program Files (x86)\Iminent\Iminent.Messengers.exe PRC - [2012.11.05 10:50:12 | 000,377,800 | ---- | M] () -- C:\Program Files (x86)\VTech\DownloadManager\System\AgentMonitor.exe PRC - [2011.10.29 08:19:11 | 000,273,528 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe PRC - [2011.10.01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe PRC - [2011.10.01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe PRC - [2011.02.14 14:23:50 | 000,044,736 | ---- | M] (Sony Corporation) -- C:\Programme\Sony\VAIO Care\VCService.exe PRC - [2011.01.29 06:36:18 | 000,081,016 | ---- | M] (Sony of America Corporation) -- C:\Programme\Sony\VAIO Care\listener.exe PRC - [2010.07.19 19:57:32 | 002,231,616 | ---- | M] () -- C:\Program Files (x86)\devolo\dlan\devolonetsvc.exe PRC - [2010.06.08 23:55:16 | 000,013,600 | ---- | M] (Broadcom Corporation.) -- C:\Programme\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe PRC - [2010.06.01 03:01:56 | 000,367,456 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe PRC - [2010.06.01 03:01:54 | 000,600,928 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe PRC - [2010.05.31 19:18:32 | 000,217,968 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe PRC - [2010.05.31 19:18:32 | 000,120,176 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe PRC - [2010.05.31 17:01:52 | 000,673,136 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe PRC - [2010.05.28 22:02:57 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe PRC - [2010.05.28 22:02:38 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe PRC - [2010.03.04 05:16:06 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe PRC - [2010.03.04 05:16:04 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe PRC - [2009.03.03 13:45:11 | 000,296,400 | ---- | M] () -- C:\Program Files (x86)\Verbindungsassistent\WTGService.exe PRC - [2008.09.18 10:59:10 | 000,104,960 | ---- | M] (ArcSoft, Inc.) -- C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe PRC - [2008.08.25 12:29:52 | 000,225,280 | ---- | M] (Funkwerk Enterprise Communications GmbH) -- C:\Program Files (x86)\funkwerk WIN-Tools\Eumex 401 WIN-Tools V2.00\ControlCenter.exe ========== Modules (No Company Name) ========== MOD - [2013.06.18 16:21:30 | 003,285,912 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll MOD - [2013.02.13 15:49:05 | 000,148,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuratio#\12630df9abc4ebf7ff67de989b8e8123\System.Configuration.Install.ni.dll MOD - [2013.02.13 15:17:19 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\05682429807d34d6ff05a77ea153935f\System.Windows.Forms.ni.dll MOD - [2013.02.13 14:12:43 | 013,199,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\39f4c7717661667c68f9af8c4f6402b9\System.Windows.Forms.ni.dll MOD - [2013.01.10 11:28:14 | 001,078,272 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\c1b67737c13c99776cde5989ec2885c8\System.IdentityModel.ni.dll MOD - [2013.01.10 11:28:12 | 018,080,256 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\a0445401f2473a1aa4b66c9c0791c7f6\System.ServiceModel.ni.dll MOD - [2013.01.10 11:26:35 | 001,925,632 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Web.Services\da5ccd3bc4583fb68696cb0c8209daf4\System.Web.Services.ni.dll MOD - [2013.01.10 11:26:24 | 000,787,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\1d254fbc811d0de6c54a9d9c428c4497\System.EnterpriseServices.ni.dll MOD - [2013.01.10 11:26:24 | 000,236,032 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\1d254fbc811d0de6c54a9d9c428c4497\System.EnterpriseServices.Wrapper.dll MOD - [2013.01.10 11:26:23 | 001,021,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Dura#\e7b4706dfe18f29486dbaf5d35e01765\System.Runtime.DurableInstancing.ni.dll MOD - [2013.01.10 11:26:23 | 000,649,728 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Transactions\dcb0e7d56ffca14d7c483103235b11ad\System.Transactions.ni.dll MOD - [2013.01.10 11:26:22 | 002,647,040 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\910fe53ec2122cf3a2ad11c2b2f5cbfd\System.Runtime.Serialization.ni.dll MOD - [2013.01.10 11:26:22 | 000,143,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\ef7642a4f2724135d445e2ea36582e78\SMDiagnostics.ni.dll MOD - [2013.01.10 11:25:52 | 001,801,728 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\866894ebe5258bf9f45d6b063229e990\System.Xaml.ni.dll MOD - [2013.01.10 11:23:07 | 000,452,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\dd2d0cf72eac6e5b113a0059aeb3cab5\IAStorUtil.ni.dll MOD - [2013.01.10 11:04:49 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\01b47a246b4ec7bfec31bf4503aceda1\System.Runtime.Remoting.ni.dll MOD - [2013.01.10 11:04:16 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\e2ee5d77ebe0bd025e7a7a317a43d677\System.Drawing.ni.dll MOD - [2013.01.10 11:04:02 | 003,325,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\82a4c4666ad83c3a375210247e69646b\WindowsBase.ni.dll MOD - [2013.01.10 11:03:56 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\10aba2c167cc1119b80159fd9ac71ca8\System.Xml.ni.dll MOD - [2013.01.10 11:03:52 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\96a3b737db1e72adaf32d2b350e50c23\System.Configuration.ni.dll MOD - [2013.01.10 11:03:51 | 007,974,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\c54750e64ba10d0fb7b6a636fb3695ca\System.ni.dll MOD - [2013.01.10 11:03:46 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b0b8554c05f194f546a8ed531320760b\mscorlib.ni.dll MOD - [2013.01.09 22:28:02 | 018,002,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\14f511c47523f19ca591eb207e9e2084\PresentationFramework.ni.dll MOD - [2013.01.09 22:27:49 | 011,451,904 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\e10fd15441d278c04a03302880a3e231\PresentationCore.ni.dll MOD - [2013.01.09 22:27:49 | 006,815,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data\9071f089ab65d518d1bd7e8fa857a95f\System.Data.ni.dll MOD - [2013.01.09 22:27:41 | 007,069,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\27dcf04ed7a3506045597c02a5a1fc31\System.Core.ni.dll MOD - [2013.01.09 22:27:37 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\43cd41484df96d15df949eb17dd88152\System.Xml.ni.dll MOD - [2013.01.09 22:27:35 | 003,858,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\7a9ff5ce3a909d075179a2ac70d8f388\WindowsBase.ni.dll MOD - [2013.01.09 22:27:35 | 001,667,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\b573c6a62bb88df0ee2af59b6a8ca910\System.Drawing.ni.dll MOD - [2013.01.09 22:27:33 | 000,982,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\5de5d8c1c02e33789e3cf7e3f54c0ec9\System.Configuration.ni.dll MOD - [2013.01.09 22:27:31 | 009,094,656 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\15872842e3e63ddf0f720f406706198e\System.ni.dll MOD - [2013.01.09 22:27:26 | 014,412,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\3f95a6d480ed1ebe45cf27b770ba94ed\mscorlib.ni.dll MOD - [2012.11.05 10:50:12 | 000,377,800 | ---- | M] () -- C:\Program Files (x86)\VTech\DownloadManager\System\AgentMonitor.exe MOD - [2012.08.06 11:54:24 | 009,843,640 | ---- | M] () -- C:\Program Files (x86)\VTech\DownloadManager\System\QtWebKit4.dll MOD - [2010.11.11 11:24:31 | 000,028,160 | ---- | M] () -- C:\Program Files (x86)\VTech\DownloadManager\System\DACommCenter.dll MOD - [2010.07.29 23:05:14 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2010.07.29 23:05:11 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll MOD - [2010.07.13 15:07:23 | 007,826,432 | ---- | M] () -- C:\Program Files (x86)\VTech\DownloadManager\System\QtGui4.dll MOD - [2010.07.05 11:19:39 | 000,116,736 | ---- | M] () -- C:\Program Files (x86)\VTech\DownloadManager\System\QtSolutions_SOAP-2.7.dll MOD - [2010.06.24 03:16:19 | 002,150,400 | ---- | M] () -- C:\Program Files (x86)\VTech\DownloadManager\System\QtCore4.dll MOD - [2010.06.02 07:05:40 | 000,119,808 | ---- | M] () -- C:\Program Files (x86)\VTech\DownloadManager\System\imageformats\qjpeg4.dll MOD - [2010.06.02 04:56:04 | 000,232,960 | ---- | M] () -- C:\Program Files (x86)\VTech\DownloadManager\System\phonon4.dll MOD - [2010.06.02 04:54:24 | 002,530,816 | ---- | M] () -- C:\Program Files (x86)\VTech\DownloadManager\System\QtXmlPatterns4.dll MOD - [2010.06.02 04:29:22 | 000,934,912 | ---- | M] () -- C:\Program Files (x86)\VTech\DownloadManager\System\QtNetwork4.dll MOD - [2010.06.02 04:28:00 | 000,335,360 | ---- | M] () -- C:\Program Files (x86)\VTech\DownloadManager\System\QtXml4.dll ========== Services (SafeList) ========== SRV:64bit: - [2011.12.01 22:47:50 | 004,913,608 | ---- | M] (SafeNet Inc.) [Auto | Running] -- C:\Windows\SysNative\hasplms.exe -- (hasplms) SRV:64bit: - [2011.01.29 06:36:18 | 000,259,192 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Care\VCPerfService.exe -- (SampleCollector) SRV:64bit: - [2010.10.08 08:55:08 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV - [2013.07.26 22:30:39 | 000,168,400 | ---- | M] (APN LLC.) [Auto | Running] -- C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe -- (APNMCP) SRV - [2013.07.19 08:47:56 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013.07.18 20:14:47 | 000,084,024 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2013.07.18 20:14:23 | 000,589,368 | ---- | M] (Avira Operations GmbH & Co. KG) [Disabled | Stopped] -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService) SRV - [2013.07.18 20:14:15 | 000,108,088 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2013.06.20 20:33:08 | 000,366,600 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Programme\Microsoft Security Client\NisSrv.exe -- (NisSrv) SRV - [2013.06.20 20:33:08 | 000,023,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Programme\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc) SRV - [2013.06.19 23:13:16 | 002,445,304 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe -- (vsmon) SRV - [2013.06.18 16:21:21 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013.06.18 03:34:34 | 000,054,160 | ---- | M] (Check Point Software Technologies, Ltd.) [Auto | Running] -- C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe -- (ZAPrivacyService) SRV - [2013.05.11 12:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2013.02.05 17:48:00 | 000,235,216 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe -- (McComponentHostService) SRV - [2013.01.25 08:43:04 | 002,620,016 | ---- | M] (Iminent) [Auto | Running] -- C:\Program Files (x86)\Common Files\Umbrella\Umbrella.exe -- (SProtection) SRV - [2012.10.26 10:44:28 | 001,286,784 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Programme\Sony\VAIO Update\VUAgent.exe -- (VUAgent) SRV - [2012.07.13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2011.10.01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa) SRV - [2011.10.01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist) SRV - [2011.02.14 14:23:50 | 000,044,736 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Programme\Sony\VAIO Care\VCService.exe -- (VCService) SRV - [2010.08.11 09:46:06 | 000,845,312 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Programme\Sony\VAIO Smart Network\VSNService.exe -- (VSNService) SRV - [2010.07.29 13:22:44 | 000,867,080 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2010.07.19 19:57:32 | 002,231,616 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\devolo\dlan\devolonetsvc.exe -- (DevoloNetworkService) SRV - [2010.06.21 18:00:52 | 000,575,856 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Programme\Sony\VAIO Power Management\SPMService.exe -- (VAIO Power Management) SRV - [2010.06.20 21:47:18 | 000,108,400 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe -- (SOHCImp) SRV - [2010.06.20 21:47:16 | 000,067,952 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe -- (SOHDs) SRV - [2010.06.18 07:07:12 | 000,423,280 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe -- (SOHDms) SRV - [2010.06.17 12:44:10 | 000,851,824 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe -- (VCFw) SRV - [2010.06.09 15:57:16 | 000,101,232 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe -- (VcmXmlIfHelper) SRV - [2010.06.09 15:56:02 | 000,384,880 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe -- (VcmINSMgr) SRV - [2010.06.09 15:55:00 | 000,537,456 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe -- (VcmIAlzMgr) SRV - [2010.06.08 23:55:14 | 000,952,096 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins) SRV - [2010.06.06 22:13:46 | 000,304,496 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe -- (SpfService) SRV - [2010.06.01 03:01:56 | 000,367,456 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider) SRV - [2010.05.31 19:18:32 | 000,217,968 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe -- (VAIO Event Service) SRV - [2010.05.28 22:02:57 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) SRV - [2010.05.28 22:02:38 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.03.18 12:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon) SRV - [2010.03.04 05:16:06 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) SRV - [2010.01.09 22:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc) SRV - [2009.10.09 05:45:56 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor8.0) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2009.03.03 13:45:11 | 000,296,400 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Verbindungsassistent\WTGService.exe -- (WTGService) SRV - [2008.09.18 10:59:10 | 000,104,960 | ---- | M] (ArcSoft, Inc.) [Auto | Running] -- C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe -- (uCamMonitor) SRV - [2007.05.31 10:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm) SRV - [2007.05.31 10:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr) ========== Driver Services (SafeList) ========== DRV:64bit: - [2013.07.18 20:14:59 | 000,130,016 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2013.07.18 20:14:59 | 000,028,600 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2013.06.18 21:50:08 | 000,139,616 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv) DRV:64bit: - [2013.06.13 16:34:16 | 000,451,096 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vsdatant.sys -- (Vsdatant) DRV:64bit: - [2013.02.21 14:44:14 | 000,613,720 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\SysNative\drivers\klif.sys -- (KLIF) DRV:64bit: - [2013.02.12 16:02:24 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx) DRV:64bit: - [2012.11.15 21:06:04 | 000,458,584 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\kl1.sys -- (KL1) DRV:64bit: - [2012.03.01 08:54:38 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011.11.22 14:14:54 | 000,139,592 | ---- | M] (SafeNet Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aksfridge.sys -- (aksfridge) DRV:64bit: - [2011.11.22 14:14:54 | 000,078,208 | ---- | M] (SafeNet Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aksdf.sys -- (aksdf) DRV:64bit: - [2011.10.01 09:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol) DRV:64bit: - [2011.10.01 09:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay) DRV:64bit: - [2011.10.01 09:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir) DRV:64bit: - [2011.10.01 09:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs) DRV:64bit: - [2011.09.28 15:31:30 | 000,321,536 | ---- | M] (SafeNet Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\hardlock.sys -- (hardlock) DRV:64bit: - [2011.03.11 08:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 08:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011.01.05 12:25:28 | 000,115,328 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (hwdatacard) DRV:64bit: - [2010.10.08 08:55:08 | 006,661,120 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag) DRV:64bit: - [2010.10.08 08:55:08 | 006,661,120 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2010.10.08 08:55:08 | 000,195,584 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2010.06.24 22:34:53 | 000,271,872 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) DRV:64bit: - [2010.06.24 22:33:43 | 010,326,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2010.06.23 22:04:45 | 000,021,544 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid) DRV:64bit: - [2010.06.23 22:04:43 | 000,342,056 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwampfl.sys -- (btwampfl) DRV:64bit: - [2010.06.23 22:04:43 | 000,135,720 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt) DRV:64bit: - [2010.06.23 22:04:43 | 000,102,952 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio) DRV:64bit: - [2010.06.23 22:04:09 | 000,039,464 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap) DRV:64bit: - [2010.06.23 22:03:07 | 000,078,848 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\risdsne64.sys -- (risdsnpe) DRV:64bit: - [2010.06.23 22:02:59 | 000,094,208 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimssne64.sys -- (rimspci) DRV:64bit: - [2010.05.31 23:36:48 | 000,402,720 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7) DRV:64bit: - [2010.05.31 23:36:41 | 001,573,888 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr) DRV:64bit: - [2010.05.31 23:31:21 | 000,316,464 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP) DRV:64bit: - [2010.05.31 22:10:13 | 000,231,328 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService) DRV:64bit: - [2010.05.28 22:03:12 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd) DRV:64bit: - [2010.05.28 22:02:36 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) DRV:64bit: - [2010.04.26 22:20:29 | 000,012,032 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SFEP.sys -- (SFEP) DRV:64bit: - [2010.03.04 04:51:40 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2009.10.10 04:41:20 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.05.26 14:32:04 | 000,019,968 | ---- | M] (ArcSoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ArcSoftKsUFilter.sys -- (ArcSoftKsUFilter) DRV:64bit: - [2008.06.16 03:00:00 | 000,055,024 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64) DRV - [2010.06.10 13:32:14 | 000,034,048 | ---- | M] (CACE Technologies) [Kernel | Auto | Running] -- C:\Windows\SysWOW64\drivers\npf_devolo.sys -- (NPF_devolo) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) DRV - [2008.07.24 12:04:34 | 000,115,328 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\ewusbmdm.sys -- (hwdatacard) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=SVEE&bmod=SVEE IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.zonealarm.com/?src=hp&tbid=goughDev3&Lan=de&gu=88a3cebac53d4b5c934b50787c49ae65&tu=10G9z009E1B0CO0&sku=&tstsId=&ver=& IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7SVEE_deDE412DE412 IE - HKCU\..\SearchScopes\{C3961666-4863-431B-8216-70911F101CDA}: "URL" = hxxp://services.zinio.com/search?s={searchTerms}&rf=sonyslices IE - HKCU\..\SearchScopes\{CF856E5B-561E-465E-8CB1-A1B9646D46C1}: "URL" = hxxp://rover.ebay.com/rover/1/707-37276-16609-9/4?satitle={searchTerms} IE - HKCU\..\SearchScopes\{DCF6A7EE-08F2-45F4-B7CE-013965687E94}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000027&src=crm&q={searchTerms}&locale=de_DE&apn_ptnrs=^U3&apn_dtid=^OSJ000^YY^DE&apn_uid=30914DF7-E8FE-405D-9DD1-261D5AE7163A&apn_sauid=8BE26948-9CA5-4635-9AF2-D6B6AD5AA66C IE - HKCU\..\SearchScopes\{E0D8CAF3-3C12-4334-AB96-3940DA527B66}: "URL" = hxxp://de.shopping.com/?linkin_id=8056363 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "Google" FF - prefs.js..browser.search.defaultenginename: "Google" FF - prefs.js..browser.search.order.1: "Ask.com" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de" FF - prefs.js..extensions.enabledAddons: ffxtlbr%40zonealarm.com:1.6.0 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:22.0 FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll () FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.669: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.669: c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.669: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.669: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.669: c:\program files (x86)\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011.10.29 08:19:34 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.07.18 20:29:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sony\AppData\Roaming\mozilla\Extensions [2013.07.28 07:07:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sony\AppData\Roaming\mozilla\Firefox\Profiles\{DefaultProfilesFolder}\extensions [2013.07.26 20:54:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sony\AppData\Roaming\mozilla\Firefox\Profiles\wb55tb9o.default\extensions [2013.07.26 20:54:09 | 000,000,000 | ---D | M] (zonealarm.com) -- C:\Users\Sony\AppData\Roaming\mozilla\Firefox\Profiles\wb55tb9o.default\extensions\ffxtlbr@zonealarm.com [2013.07.26 22:31:20 | 000,713,729 | ---- | M] () (No name found) -- C:\Users\Sony\AppData\Roaming\mozilla\firefox\profiles\{DefaultProfilesFolder}\extensions\toolbar_AVIRA-V7@apn.ask.com.xpi [2013.03.21 09:15:42 | 000,007,919 | ---- | M] () (No name found) -- C:\Users\Sony\AppData\Roaming\mozilla\firefox\profiles\wb55tb9o.default\extensions\ffxtlbr@zonealarm.com\content\Abine\chrome\content\ff\view_expiry.j s [2013.07.26 20:41:15 | 000,001,502 | ---- | M] () -- C:\Users\Sony\AppData\Roaming\mozilla\firefox\profiles\wb55tb9o.default\searchplugins\zonealarm.xml [2013.07.18 20:27:11 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions [2013.07.18 20:27:11 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} ========== Chrome ========== CHR - homepage: hxxp://search.zonealarm.com/?src=hp&tbid=goughDev3&Lan=de&gu=88a3cebac53d4b5c934b50787c49ae65&tu=10G9z009E1B0CO0&sku=&tstsId=&ver=& O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.7.8313.1002\swg64.dll (Google Inc.) O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.) O2 - BHO: (Zonealarm Helper Object) - {2A841F7A-A014-4DA5-B6D9-8B913DFB7A8C} - C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.8.21.15\bh\zonealarm.dll (Check Point Software Technologies LTD) O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll (APN LLC.) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (IMinent WebBooster (BHO)) - {A09AB6EB-31B5-454C-97EC-9B294D92EE2A} - C:\Program Files (x86)\Iminent\Iminent.WebBooster.InternetExplorer.dll (Iminent) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll (Google Inc.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll (APN LLC.) O3 - HKLM\..\Toolbar: (ZoneAlarm Security Toolbar) - {438FAE3E-BDEF-44D3-AB8B-0C7C8350DF59} - C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.8.21.15\zonealarmTlbr.dll (Check Point Software Technologies LTD) O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (Avira SearchFree Toolbar plus Web Protection) - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll (APN LLC.) O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation) O4 - HKLM..\Run: [AgentMonitor] C:\Program Files (x86)\VTech\DownloadManager\System\AgentMonitor.exe () O4 - HKLM..\Run: [ApnTBMon] C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe (APN) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) O4 - HKLM..\Run: [Iminent] C:\Program Files (x86)\Iminent\Iminent.exe (Iminent) O4 - HKLM..\Run: [IminentMessenger] C:\Program Files (x86)\Iminent\Iminent.Messengers.exe (Iminent) O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe (Sony Corporation) O4 - HKLM..\Run: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.) O4 - HKLM..\Run: [ZoneAlarm] C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe (Check Point Software Technologies LTD) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeStartMenu = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogOff = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 0 O8:64bit: - Extra context menu item: Add to &Evernote - C:\Program Files (x86)\Evernote\Evernote3.5\enbar.dll (Evernote Corporation) O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html File not found O8 - Extra context menu item: Add to &Evernote - C:\Program Files (x86)\Evernote\Evernote3.5\enbar.dll (Evernote Corporation) O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html File not found O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra Button: Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - C:\Program Files (x86)\Evernote\Evernote3.5\enbar.dll (Evernote Corporation) O9 - Extra 'Tools' menuitem : Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - C:\Program Files (x86)\Evernote\Evernote3.5\enbar.dll (Evernote Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000020 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16:64bit: - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} hxxp://quickscan.bitdefender.com/qsax/qsax.cab (Bitdefender QuickScan Control) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://active.macromedia.com/flash2/cabs/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C3FA99C0-6D20-46D3-A571-87208C430CB4}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18 - Protocol\Handler\gopher - No CLSID value found O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{1b9b91c3-1af6-11e0-8fe8-c0cb38fe8018}\Shell - "" = AutoRun O33 - MountPoints2\{1b9b91c3-1af6-11e0-8fe8-c0cb38fe8018}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\{2255c756-1bdd-11e0-bfda-544249ef2dcf}\Shell - "" = AutoRun O33 - MountPoints2\{2255c756-1bdd-11e0-bfda-544249ef2dcf}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\{2255c75a-1bdd-11e0-bfda-544249ef2dcf}\Shell - "" = AutoRun O33 - MountPoints2\{2255c75a-1bdd-11e0-bfda-544249ef2dcf}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\{c1604838-18a2-11e0-9ceb-c0cb38fe8018}\Shell - "" = AutoRun O33 - MountPoints2\{c1604838-18a2-11e0-9ceb-c0cb38fe8018}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\{c160483d-18a2-11e0-9ceb-c0cb38fe8018}\Shell - "" = AutoRun O33 - MountPoints2\{c160483d-18a2-11e0-9ceb-c0cb38fe8018}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\D\Shell - "" = AutoRun O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\Setup.exe O33 - MountPoints2\F\Shell - "" = AutoRun O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\AutoRun.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.07.28 16:35:23 | 000,000,000 | ---D | C] -- C:\Users\Sony\Documents\Bluetooth-Exchange-Ordner [2013.07.28 13:38:33 | 000,000,000 | ---D | C] -- C:\Users\Sony\AppData\Local\DoNotTrackPlus [2013.07.28 13:38:30 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\microsoft [2013.07.28 07:07:53 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2013.07.26 21:35:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [2013.07.26 20:46:09 | 000,458,584 | ---- | C] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\kl1.sys [2013.07.26 20:45:56 | 000,613,720 | ---- | C] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\klif.sys [2013.07.26 20:45:56 | 000,089,944 | ---- | C] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\klflt.sys [2013.07.26 20:45:55 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\DRVSTORE [2013.07.26 20:45:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Check Point [2013.07.26 20:41:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Check Point Software Technologies LTD [2013.07.26 20:41:01 | 000,000,000 | ---D | C] -- C:\Users\Sony\AppData\Roaming\Check Point Software Technologies LTD [2013.07.26 20:40:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CheckPoint [2013.07.26 20:39:25 | 000,000,000 | ---D | C] -- C:\ProgramData\CheckPoint [2013.07.26 18:32:06 | 000,000,000 | ---D | C] -- C:\Users\Sony\4.0 [2013.07.26 18:32:04 | 000,000,000 | ---D | C] -- C:\Users\Sony\.tfo4 [2013.07.19 09:29:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus [2013.07.19 08:48:47 | 000,000,000 | ---D | C] -- C:\Users\Sony\AppData\Local\Macromedia [2013.07.19 08:48:07 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee Security Scan [2013.07.19 08:48:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\McAfee Security Scan [2013.07.18 20:28:17 | 000,000,000 | ---D | C] -- C:\Users\Sony\AppData\Local\Mozilla [2013.07.18 20:27:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla [2013.07.18 20:27:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service [2013.07.18 20:27:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2013.07.18 20:24:16 | 000,000,000 | ---D | C] -- C:\Users\Sony\AppData\Roaming\Avira [2013.07.18 20:23:59 | 000,083,672 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avnetflt.sys [2013.07.18 20:18:58 | 000,000,000 | ---D | C] -- C:\Users\Sony\AppData\Local\AskPartnerNetwork [2013.07.18 20:17:06 | 000,000,000 | ---D | C] -- C:\Users\Sony\AppData\Roaming\Mozilla [2013.07.18 20:17:05 | 000,000,000 | ---D | C] -- C:\ProgramData\AskPartnerNetwork [2013.07.18 20:17:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AskPartnerNetwork [2013.07.18 20:16:55 | 000,000,000 | ---D | C] -- C:\ProgramData\APN [2013.07.18 20:15:48 | 000,130,016 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys [2013.07.18 20:15:48 | 000,100,712 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys [2013.07.18 20:15:48 | 000,028,600 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys [2013.07.18 20:15:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2013.07.18 20:15:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira [2013.07.16 09:54:41 | 000,000,000 | ---D | C] -- C:\Users\Sony\AppData\Roaming\QuickScan [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.07.28 16:56:10 | 000,000,000 | ---- | M] () -- C:\Users\Sony\defogger_reenable [2013.07.28 16:53:00 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.07.28 16:42:37 | 000,013,872 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.07.28 16:42:37 | 000,013,872 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.07.28 16:42:15 | 001,615,028 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.07.28 16:42:15 | 000,697,550 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.07.28 16:42:15 | 000,652,828 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.07.28 16:42:15 | 000,148,556 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.07.28 16:42:15 | 000,121,502 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.07.28 16:40:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.07.28 16:34:59 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.07.28 16:34:51 | 000,000,306 | ---- | M] () -- C:\Windows\tasks\Ovoquq.job [2013.07.28 16:34:08 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.07.28 16:34:05 | 3106,480,128 | -HS- | M] () -- C:\hiberfil.sys [2013.07.26 21:34:22 | 000,002,070 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2013.07.26 20:50:57 | 000,417,513 | ---- | M] () -- C:\Windows\SysNative\drivers\vsconfig.xml [2013.07.26 20:45:03 | 000,000,762 | ---- | M] () -- C:\Users\Public\Desktop\Firewall.lnk [2013.07.19 09:29:52 | 000,002,046 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk [2013.07.19 09:29:52 | 000,002,046 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2013.07.18 20:27:32 | 000,001,151 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2013.07.18 20:23:59 | 000,083,672 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avnetflt.sys [2013.07.18 20:16:55 | 000,002,155 | ---- | M] () -- C:\Windows\epplauncher.mif [2013.07.18 20:14:59 | 000,130,016 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys [2013.07.18 20:14:59 | 000,100,712 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys [2013.07.18 20:14:59 | 000,028,600 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys [2013.06.30 17:32:54 | 000,233,472 | RHS- | M] () -- C:\Windows\SysWow64\KBDVNTCU.dll [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.07.28 16:56:10 | 000,000,000 | ---- | C] () -- C:\Users\Sony\defogger_reenable [2013.07.26 20:46:24 | 000,417,513 | ---- | C] () -- C:\Windows\SysNative\drivers\vsconfig.xml [2013.07.26 20:45:03 | 000,000,762 | ---- | C] () -- C:\Users\Public\Desktop\Firewall.lnk [2013.07.19 08:48:06 | 000,002,046 | ---- | C] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk [2013.07.19 08:48:06 | 000,002,046 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2013.07.18 20:27:32 | 000,001,163 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk [2013.07.18 20:27:32 | 000,001,151 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2013.07.18 20:16:07 | 000,002,070 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2013.06.30 17:32:54 | 000,233,472 | RHS- | C] () -- C:\Windows\SysWow64\KBDVNTCU.dll [2013.06.30 17:32:54 | 000,000,306 | ---- | C] () -- C:\Windows\tasks\Ovoquq.job [2012.12.25 21:41:05 | 000,005,632 | ---- | C] () -- C:\Users\Sony\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.12.25 19:17:48 | 000,000,581 | ---- | C] () -- C:\Users\Sony\AppData\Local\cookies.ini [2012.06.20 20:33:22 | 000,000,086 | ---- | C] () -- C:\Windows\Map Viewer.INI [2011.07.30 15:19:40 | 000,000,000 | ---- | C] () -- C:\Users\Sony\AppData\Local\{E64E0D98-2AA3-4C4D-8F98-EE5EB72D3A3A} ========== ZeroAccess Check ========== [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:30:56 | 014,165,504 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.07.14 03:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2013.07.26 22:16:49 | 000,000,000 | ---D | M] -- C:\Users\Sony\AppData\Roaming\Auslogics [2013.07.26 20:41:01 | 000,000,000 | ---D | M] -- C:\Users\Sony\AppData\Roaming\Check Point Software Technologies LTD [2013.01.04 20:53:16 | 000,000,000 | ---D | M] -- C:\Users\Sony\AppData\Roaming\Garmin [2012.12.25 20:33:54 | 000,000,000 | ---D | M] -- C:\Users\Sony\AppData\Roaming\Iminent [2013.07.16 09:54:41 | 000,000,000 | ---D | M] -- C:\Users\Sony\AppData\Roaming\QuickScan [2012.06.07 11:14:33 | 000,000,000 | ---D | M] -- C:\Users\Sony\AppData\Roaming\RavensburgerTipToi [2013.07.28 14:22:18 | 000,000,000 | ---D | M] -- C:\Users\Sony\AppData\Roaming\SoftGrid Client [2010.12.27 12:50:04 | 000,000,000 | ---D | M] -- C:\Users\Sony\AppData\Roaming\TP [2012.06.20 20:33:21 | 000,000,000 | ---D | M] -- C:\Users\Sony\AppData\Roaming\Trimble [2012.06.20 18:53:59 | 000,000,000 | ---D | M] -- C:\Users\Sony\AppData\Roaming\Trimble Navigation [2011.07.30 19:33:43 | 000,000,000 | ---D | M] -- C:\Users\Sony\AppData\Roaming\Verbindungsassistent ========== Purity Check ========== < End of report > Und die Extras.txt OTL Extras logfile created on: 28.07.2013 17:23:05 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Sony\Downloads 64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,86 Gb Total Physical Memory | 1,86 Gb Available Physical Memory | 48,24% Memory free 7,71 Gb Paging File | 5,14 Gb Available in Paging File | 66,68% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 452,32 Gb Total Space | 378,47 Gb Free Space | 83,67% Space Free | Partition Type: NTFS Computer Name: SONY-VAIO | User Name: Sony | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) .html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{01DECC3E-10B2-457E-A1D5-B5714E92C4FD}" = lport=2869 | protocol=6 | dir=in | name=tcp 2869 | "{0DE6169C-4B69-4C15-BE04-3BE09470F301}" = lport=2869 | protocol=6 | dir=in | app=system | "{16CE647B-ED5B-49F3-897E-70DDC2315643}" = rport=137 | protocol=17 | dir=out | app=system | "{19D550C6-4C6E-449B-9919-37C9248BFC98}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{1B5A8219-74EF-40AB-A945-CFCA5EC2F711}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{1DD3E1EC-2BD7-457E-8B39-7F269F84CE51}" = lport=10301 | protocol=17 | dir=in | app=c:\program files (x86)\devolo\dlan\devolonetsvc.exe | "{1E049670-556A-4CBA-9C2C-F8738A933571}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{25FB918B-8D74-4F16-A4E2-A7D532C10076}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{26D46CA6-1526-4BF1-8111-1B6B0B0A3118}" = lport=445 | protocol=6 | dir=in | app=system | "{26E035E6-AA1F-4D4A-8416-2971EE0CC55E}" = lport=1900 | protocol=17 | dir=in | name=udp 1900 | "{2944A12A-2887-42C8-A206-42D61F5FC05E}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{32515284-69F9-4BDB-A842-212AD73FDC88}" = lport=139 | protocol=6 | dir=in | app=system | "{3400FBC5-3F3D-4A3C-A84A-DA6C2480046D}" = rport=139 | protocol=6 | dir=out | app=system | "{35955400-0FA7-489C-9CAC-539E25B40CD1}" = lport=10300 | protocol=6 | dir=in | app=c:\program files (x86)\devolo\dlan\devolonetsvc.exe | "{414234B2-0567-41D5-8789-6E2628B6502F}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 | "{4266C652-91D2-4225-9E11-61E03A2771B7}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{5DE368B3-B7B8-4607-8863-395C548517FF}" = lport=138 | protocol=17 | dir=in | app=system | "{5F9E09C9-09AE-414A-9D38-6DEC5541909F}" = lport=10243 | protocol=6 | dir=in | app=system | "{67D7BBFA-AA1F-47B4-BD06-932D7F6ACDA6}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{70A8D09B-D005-44C0-BDBB-CB54E1EB5833}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{7CEABEBF-FCBB-4B57-822F-45C2232938E7}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 | "{88FF1B39-939A-4D33-A6EC-3AD577D7F149}" = rport=445 | protocol=6 | dir=out | app=system | "{89E753A3-715A-469D-9CAA-C432D188CFDD}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe | "{90DB80F8-5017-468F-8596-F1C7C1E573F3}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{92AD1567-4A3C-4960-AF6E-0EF6392AA6CB}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{96D7ED9C-396D-4694-8F87-6539D9691DD4}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | "{9924F2C5-9BB7-4D92-A007-E019D20614BB}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{9FF5756E-EA2B-45DE-924E-F6E123FA4146}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{A05CAC77-612C-43D8-8EEE-F95368E31B53}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{A85D77C2-46A7-4D2D-8200-44157EB8101C}" = rport=10243 | protocol=6 | dir=out | app=system | "{AE302ED7-D40E-484D-8001-D03D24BA6813}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{AE788829-0D33-4024-AEA1-5C1BC5136470}" = lport=2869 | protocol=6 | dir=in | app=system | "{B91405F4-E7C0-4704-92B4-C60C0A863B9B}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{CFFBF487-C9A9-4E05-BDE0-7C1B80B7CBBD}" = lport=137 | protocol=17 | dir=in | app=system | "{D06ADE72-EF05-4937-9FA9-2670EAEC3984}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{D695D7A8-7B41-4587-829E-20FF1E77EE0D}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{DACCB72C-036E-4377-8F55-64EBBAC8CDC2}" = rport=138 | protocol=17 | dir=out | app=system | "{F48A5F1A-8483-4362-8C13-E2D9C906DBB6}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe | "{F80A0473-222E-4E53-B9E8-AB4E22447856}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{FBE588E4-7882-4558-89A6-E580A4F1D81A}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe | "{FD7144C4-18DB-422C-A71B-128772ADA295}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{00C69679-B639-4096-B377-B05618989333}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{01153877-B6AD-4889-BBAB-697A575B6937}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{16ACAA28-0951-49E0-9D32-251F6AE95B94}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{1BF00AAE-DB32-4E00-BAE0-6BF234288449}" = protocol=6 | dir=out | app=system | "{1E71CD3C-2050-415F-B5CA-74C2F0623E33}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe | "{1EA3E2FC-C9CB-44B0-B6D4-1B873CE0F118}" = dir=in | app=c:\program files (x86)\iminent\iminent.messengers.exe | "{25457B7C-8E80-41A1-91B3-3838BA63B088}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{289984D0-4D0A-49B8-B95D-2E3137635FC9}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{2C3386CA-37BB-4FF7-AEF5-14A43E64EFD1}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{2DC9BBBA-ED46-470F-A891-BB02DB7FBCEC}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{3EED13AF-E1AD-47F5-87D7-53745C76017B}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{3F3236A1-6FDF-4A46-9FFD-B955FA5722D2}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{537DA932-89AA-4A9E-8AA3-E74BC434591E}" = dir=in | app=c:\windows\system32\hasplms.exe | "{58B12467-0C1F-4E8C-9C86-7F1DD08F5469}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{621693C0-CA5C-42B5-9CF4-7B2A1A872FD0}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{683763DA-C197-4C8A-B752-D64D2F5BEDAB}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe | "{699DFA17-6587-4F27-99EF-55E0015792DA}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{6D9DD64B-8180-4350-AC8D-979D98D17592}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{6DF2285B-9CDD-44D7-922D-10C0C9026897}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{6E5A6B02-65D8-45BF-BFC7-0DF048CAED9D}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | "{78F30D6A-2B15-468F-A29C-94045FD00CD6}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{871DF2A5-A05B-4ABF-8654-BD8EB65835FA}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{91FD36C4-5D16-493A-9319-19B57AEF4E85}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{9261099D-BE4A-408B-BE32-2CBC29F9739A}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{930071D9-CC50-407A-B078-1DCD754202A5}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{99884BE7-ABD1-47D7-886B-59ECF938B4AE}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{9B3203D0-6AA4-4E4A-A170-78132B361C77}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{A62E1299-36E3-4166-B688-A36D5F7BC65C}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{A9193DD3-A519-4787-9730-3E8E531B2E81}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{AEE4D755-56C6-40D8-9DC6-5DA61E8B9E0A}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{B49AEF2A-B2BB-4A02-B2A0-C9EF69787D0A}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{B4CE8058-C59E-43C7-8654-E94C34A8C2B7}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{BA8C399F-A647-47CE-B054-F298887B3B21}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{C77457CB-5D24-4C5D-BCA6-9C48DD110367}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{C99A0489-9A1D-4E6B-A63C-3E843686EA6C}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{CFBE20F2-06C1-4231-9E77-B8314BD9B8EE}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{D02C8844-1E72-418A-B541-D8B2369E7AF7}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{D895E64F-042E-48AD-A906-E909FA1A78A3}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{DF97735B-CEF0-47AB-8136-99FF171CCF45}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{F28693F4-05D0-4666-AACB-3FD32054C02E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{F3AA1043-D683-4ED3-A509-7D74CFB6B05F}" = dir=in | app=c:\program files (x86)\iminent\iminent.exe | "{F5779F9D-D42A-4EA2-83E1-7B6CDC0F7099}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{F6577912-E884-4D3D-813B-844E0C41CAD6}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "TCP Query User{0D30EE18-6799-4336-9646-5D0BDD08E1B0}C:\program files (x86)\trimble\trimble business center - heavy construction edition\businesscenterhce.exe" = protocol=6 | dir=in | app=c:\program files (x86)\trimble\trimble business center - heavy construction edition\businesscenterhce.exe | "TCP Query User{15F390C3-8CF1-4CC9-82EA-05B0AC2A675B}C:\program files (x86)\trimble\synchronizer\trimble.officesync.exe" = protocol=6 | dir=in | app=c:\program files (x86)\trimble\synchronizer\trimble.officesync.exe | "UDP Query User{5EA371A8-8512-4CA8-BBE0-FA428EA5F3CE}C:\program files (x86)\trimble\trimble business center - heavy construction edition\businesscenterhce.exe" = protocol=17 | dir=in | app=c:\program files (x86)\trimble\trimble business center - heavy construction edition\businesscenterhce.exe | "UDP Query User{90691232-7F70-4B6A-9EDD-B8C106F7E05B}C:\program files (x86)\trimble\synchronizer\trimble.officesync.exe" = protocol=17 | dir=in | app=c:\program files (x86)\trimble\synchronizer\trimble.officesync.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64) "{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{10E14C74-0638-4996-ABAD-BBF7A6CF1FAA}" = PMB VAIO Edition plug-in (Click to Disc) "{115B60D5-BBDB-490E-AF2E-064D37A3CE01}" = Media Gallery "{1280E900-35DA-4E08-A700-B79A5B2B8532}" = Microsoft Antimalware Service DE-DE Language Pack "{1E37FC84-799E-481B-9462-3489861E36C9}" = PMB VAIO Edition plug-in (Click to Disc) "{202B76AB-1B21-434E-A289-788D767D3A7C}" = Media Gallery "{237D687E-9E50-4A30-B810-262764CC491B}" = Garmin Communicator Plugin x64 "{259FD439-13B0-0136-D0A0-FA89BB05831D}" = ccc-utility64 "{26A24AE4-039D-4CA4-87B4-2F86416020FF}" = Java(TM) 6 Update 20 (64-bit) "{27726449-83B8-428D-92DE-101346C1E15C}" = Microsoft Security Client "{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}" = WIDCOMM Bluetooth Software "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 "{4DABD2B3-B67A-41B0-86FE-C11AAF5D158A}" = PMB VAIO Edition plug-in (VAIO Movie Story) "{5AC18E2C-7EAB-4F9E-BEEC-07FD722B28E3}" = PMB VAIO Edition plug-in (VAIO Movie Story) "{5AFD1F5C-8FDA-413C-AF38-F1E7BD10D72F}" = VAIO Media plus "{5BC83141-83DD-07BE-C940-04B385540F04}" = ATI Catalyst Install Manager "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}" = Windows Mobile-Gerätecenter "{6B7DE186-374B-4873-AEC1-7464DA337DD6}" = VU5x64 "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended "{90140000-006D-0407-1000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010 "{92DBCA36-9B41-4DD1-941A-AED149DD37F0}" = Windows Mobile-Gerätecenter: Treiberupdate "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{A3D964A6-411A-4817-9D58-5CB8808F494E}" = VAIO Media plus "{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64) "{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 "{DC911ADF-7B60-40F2-A112-FB1EB6402D07}" = Microsoft Security Client DE-DE Language Pack "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended "Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack "Microsoft Security Client" = Microsoft Security Essentials "SynTPDeinstKey" = Synaptics Pointing Device Driver [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{00B03993-F5A1-47B1-9C54-EC8FBDDDE17E}" = VAIO Care "{07441A52-E208-478A-92B7-5C337CA8C131}" = Remote Play mit PlayStation®3 "{07B7598E-1FB8-1A95-7A30-F534A55726B4}" = CCC Help Czech "{0899D75A-C2FC-42EA-A702-5B9A5F24EAD5}" = VAIO Smart Network "{0F4BDDAC-9C21-45CA-8E8A-4449E2656948}" = ZoneAlarm Antivirus "{159E5135-4BEA-52B7-8CDC-823F1ED6D8A5}" = CCC Help Spanish "{177AF091-7854-4615-8327-AC7518F62782}" = VAIO Media plus "{17DFE37C-064E-4834-AD8F-A4B2B4DF68F8}" = Adobe Photoshop Elements 8.0 "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{1873FFC1-FDCB-47E1-B7C7-F418211E3530}" = PMB VAIO Edition plug-in (VAIO Image Optimizer) "{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser "{20536917-E2DF-45D9-B41F-9AC0CAFFE48A}" = Media Gallery "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{265F0D95-A883-7162-0458-B78085B6B693}" = Catalyst Control Center Graphics Light "{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 25 "{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1 "{2F9D63BE-A891-4E39-AFB3-7402D486800C}" = VAIO Hardware Diagnostics "{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform "{339F9B4D-00CB-4C1C-BED8-EC86A9AB602A}" = PMB VAIO Edition Guide "{35111E7A-03B9-25EC-F434-A1CD976907FC}" = CCC Help Chinese Traditional "{36C5BBF0-E5BF-4DE1-B684-7E90B0C93FB5}" = VAIO Care "{3DB5EA77-4A14-4EC9-8BFC-73BC848BDE73}" = Media Gallery "{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology "{3E3A2325-7712-454A-AC84-7816C3F69C3D}" = ZoneAlarm Firewall "{40C4903E-EDFB-4CAE-A611-41FEBA585921}" = VTech Download Agent Library "{41564952-412D-5637-00A7-A758B70C0202}" = Avira SearchFree Toolbar plus Web Protection "{427E8AD0-A4B1-D225-836E-CCB6068B490A}" = CCC Help French "{44D25B45-5C0E-2187-6739-E2FA0E8AFE1D}" = CCC Help Portuguese "{4685A344-6718-4923-AA9D-158A0A2E1CFB}" = SmartSound Quicktracks for Premiere Elements 8.0 "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4B9DA746-5AE1-4BA0-9087-BDB162242890}" = VAIO Media plus "{4DCEA9C1-4D6E-41BF-A854-28CFA8B56DBF}" = PMB VAIO Edition plug-in (Click to Disc) "{4E6DF745-C99E-909F-BCF0-B7C24A51E56E}" = CCC Help Japanese "{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent "{52F9CDDA-26F6-4499-90E0-6DDDE6D2259C}" = VAIO Media plus "{5449FB4F-1802-4D5B-A6D8-087DB1142147}" = Realtek HDMI Audio Driver for ATI "{547C9EB4-4CA6-402F-9D1B-8BD30DC71E44}" = VAIO Sample Contents "{5736590B-36C7-4881-5EBE-F9B390F00774}" = Catalyst Control Center Core Implementation "{57B955CE-B5D3-495D-AF1B-FAEE0540BFEF}" = VAIO Data Restore Tool "{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync "{58BC9E49-2867-4153-A23F-6D62A3572599}" = Iminent "{596BED91-A1D8-4DF1-8CD1-1C777F7588AC}" = VAIO DVD Menu Data "{59C832EB-735F-4D89-9DBA-ECDB66A24FCF}" = funkwerk Eumex 401 TAPI V1.00 "{5A92468F-3ED8-4F96-A9E1-4F176C80EC29}" = VAIO Quick Web Access "{5DDAFB4B-C52E-468A-9E23-3B0CEEB671BF}" = VAIO-Support für Übertragungen "{619387A7-F174-457C-9A4F-AB68D928D1A2}" = funkwerk Eumex 401 WIN-Tools V2.00 "{61F569A3-1647-B6F4-08C8-40A011831827}" = CCC Help English "{647BB978-2876-487B-9B0E-FDB73F0EA4A2}" = Garmin Communicator Plugin "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components "{65B138AE-F636-4D4C-BA5D-A06E21E47C53}" = Remote-Tastatur mit PlayStation 3 "{6A3F204B-323C-7E32-F890-A7308768728D}" = CCC Help Russian "{6FA8BA2C-052B-4072-B8E2-2302C268BE9E}" = VAIO Movie Story Template Data "{7002773F-2A53-E9F2-E161-DB3DDA0F05BE}" = CCC Help Hungarian "{70991E0A-1108-437E-BA7D-085702C670C0}" = "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{72042FA6-5609-489F-A8EA-3C2DD650F667}" = VAIO Control Center "{734B6C6C-4740-476F-BB0C-F7AF469EDBB2}" = Remote Play with PlayStation 3 "{76DECE17-BCF5-9640-2854-3CA049834A40}" = CCC Help Chinese Standard "{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime "{7A63F0C4-6B2B-694C-ED72-D0670612BC29}" = CCC Help Swedish "{7BB90344-0647-468E-925A-7F69F7983421}" = ArcSoft Magic-i Visual Effects 2 "{803E4FA5-A940-4420-B89D-A8BC2E160247}" = "{8211C280-5B02-4E7E-B55F-845A207249BA}" = VAIO Data Restore Tool "{82F09B1C-F602-4552-9C40-5BD5F8EAF750}" = "{850C7BD3-9F3F-46AD-9396-E7985B38C55E}" = Windows Live Fotogalerie "{855DDD3C-131E-42A8-BCBD-F9581F80CACB}" = "{88001121-87E2-2104-F9F5-ECC15DFCA1E0}" = Catalyst Control Center Graphics Full Existing "{8DE50158-80AA-4FF2-9E9F-0A7C46F71FCD}" = VAIO Media plus "{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update "{8EB34C0B-AF54-F265-844C-3E6FA9AE2FCD}" = CCC Help German "{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch "{9238E8A4-BEBA-43A3-B926-769BDBF194C5}" = VAIO Media plus Opening Movie "{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010 "{9A7172F1-66F1-603F-7E54-35EBB9F6E2EC}" = dLAN Cockpit "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9C73041C-AB71-995D-EEC7-B4E940F93F36}" = CCC Help Finnish "{9D12A8B5-9D41-4465-BF11-70719EB0CD02}" = VU5x86 "{9FF95DA2-7DA1-4228-93B7-DED7EC02B6B2}" = VAIO Update "{A0E583D1-23F7-4C35-9620-B169D7715E4B}" = Adobe Premiere Elements 8.0 "{A20548C1-4B08-C41D-A3A8-FE8C933C2A00}" = Catalyst Control Center InstallProxy "{A7C30414-2382-4086-B0D6-01A88ABA21C3}" = VAIO Gate "{A7DA438C-2E43-4C20-BFDA-C1F4A6208558}" = "{A8D53A4E-77A1-E23E-A396-6D9C86A2F273}" = Catalyst Control Center Graphics Full New "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.03) - Deutsch "{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger "{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR "{B25563A0-41F4-4A81-A6C1-6DBC0911B1F3}" = PMB VAIO Edition plug-in (VAIO Movie Story) "{B2F21D11-631B-33C2-8E1A-73EA57FDFE33}" = Microsoft ReportViewer 2010 Redistributable - Language Pack - deu "{B6A98E5F-D6A7-46FB-9E9D-1F7BF443491C}" = PMB "{B7546697-2A80-4256-A24B-1C33163F535B}" = VAIO Gate Default "{B941F34C-F36A-4A6F-A97C-50B5948E451F}" = VAIO Media plus "{BFF37C6E-D735-4487-390C-271E030AA62C}" = CCC Help Italian "{C2E171F6-9B58-4CE1-7B8B-B69FA04EBAB8}" = Catalyst Control Center Graphics Previews Vista "{C36D1DB0-7343-44C3-BC57-3B9C06325399}" = Sentinel HASP Vendor Library "{C459D829-0FF0-C210-B2BF-83DB63FC1D61}" = CCC Help Korean "{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail "{C5529BC1-C2BF-44E8-B62A-01913D70081C}" = Catalyst Control Center - Branding "{C6E893E7-E5EA-4CD5-917C-5443E753FCBD}" = VAIO-Handbuch "{C7477742-DDB4-43E5-AC8D-0259E1E661B1}" = "{C83B7CBB-C736-BF46-9832-7A9D07E9D94C}" = CCC Help Polish "{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials "{CFB66DB0-00AC-4CBC-B99D-99EFEB03743C}" = PMB VAIO Edition plug-in (Click to Disc) "{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call "{D2D23D08-D10E-43D6-883C-78E0B2AC9CC6}" = VU5x86 "{D49989B0-7BC2-F7F1-8017-3257F617347A}" = Catalyst Control Center Graphics Previews Common "{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}" = Intel(R) Turbo Boost Technology Driver "{D6DEC295-88A0-5CFA-0B29-C8FDF091FFD3}" = CCC Help Dutch "{D8FF4505-5977-4116-8DE4-2AF7174E70AC}" = Media Gallery "{DD88F979-FA58-41AC-980C-A6E1A82B61D9}" = VAIO - Media Gallery "{DE8AAC73-6D8D-483E-96EA-CAEDDADB9079}" = ArcSoft WebCam Companion 3 "{DF693121-40C0-3020-D655-612E51616423}" = CCC Help Danish "{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer "{E63014A6-9E7B-46A5-B9FE-6E4B76072D1F}" = ZoneAlarm Security "{EBDDC3CC-343A-C0DD-79BA-8A12D0A2CA10}" = CCC Help Turkish "{ECF0D151-BCA0-8E6D-62DB-5D44DB4A3836}" = CCC Help Thai "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10 "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F1B95046-E9DA-CFEC-42A8-C8224646AA32}" = ccc-core-static "{F30FE437-0E45-D409-F629-5D86960A6591}" = CCC Help Norwegian "{F5CC9A13-6C57-4948-75A8-3A2C92A3183B}" = Catalyst Control Center Localization All "{F67C14C0-D73E-C55B-E132-B1904A1A709C}" = CCC Help Greek "{F761359C-9CED-45AE-9A51-9D6605CD55C4}" = Evernote "{F7E8DD1D-9BFD-38BB-86A5-BEF313B00C51}" = Catalyst Control Center InstallProxy "{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center "{FB77DB0C-6951-47B6-9D80-A0FDBEE0334C}" = "{FBB4411F-1328-4E36-A5B3-16AA8CFA8F9C}" = PMB VAIO Edition plug-in (VAIO Movie Story) "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Adobe Photoshop Elements 8.0" = Adobe Photoshop Elements 8.0 "Avira AntiVir Desktop" = Avira Free Antivirus "dlancockpit" = devolo dLAN Cockpit "FormatFactory" = FormatFactory 3.0.1 "Google Chrome" = Google Chrome "IMBoosterARP" = Iminent "InstallShield_{1873FFC1-FDCB-47E1-B7C7-F418211E3530}" = VAIO - PMB VAIO Edition plug-in (VAIO Image Optimizer) "InstallShield_{339F9B4D-00CB-4C1C-BED8-EC86A9AB602A}" = VAIO - PMB VAIO Edition Guide "InstallShield_{4685A344-6718-4923-AA9D-158A0A2E1CFB}" = SmartSound Quicktracks for Premiere Elements 8.0 "InstallShield_{4DCEA9C1-4D6E-41BF-A854-28CFA8B56DBF}" = VAIO - PMB VAIO Edition plug-in (Click to Disc) "InstallShield_{619387A7-F174-457C-9A4F-AB68D928D1A2}" = funkwerk Eumex 401 WIN-Tools V2.00 "InstallShield_{6FA8BA2C-052B-4072-B8E2-2302C268BE9E}" = VAIO Movie Story Template Data "InstallShield_{B25563A0-41F4-4A81-A6C1-6DBC0911B1F3}" = VAIO - PMB VAIO Edition plug-in (VAIO Movie Story) "McAfee Security Scan" = McAfee Security Scan Plus "Mozilla Firefox 22.0 (x86 de)" = Mozilla Firefox 22.0 (x86 de) "MozillaMaintenanceService" = Mozilla Maintenance Service "Office14.Click2Run" = Microsoft Office Klick-und-Los 2010 "PremElem80" = Adobe Premiere Elements 8.0 "Ravensburger tiptoi" = Ravensburger tiptoi "RealPlayer 12.0" = RealPlayer "splashtop" = VAIO Quick Web Access "VAIO Help and Support" = "VAIO screensaver" = VAIO screensaver "Verbindungsassistent" = Verbindungsassistent "VTechDownloadManager" = VTech Download Manager "WinLiveSuite_Wave3" = Windows Live Essentials "ZoneAlarm Free Antivirus + Firewall" = ZoneAlarm Free Antivirus + Firewall "ZoneAlarm Security Toolbar" = ZoneAlarm Security Toolbar ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 27.07.2013 02:14:01 | Computer Name = Sony-VAIO | Source = Application Virtualization Client | ID = 5009 Description = {hap=13:app=Microsoft Word Starter 2010 9014006604070000:tid=1E0C:usr=Sony} Application Virtualization Client konnte keine Verbindung mit der Datenstrom-URL 'hxxp://c2r.microsoft.com/ConsumerC2R/de-de/14.0.4763.1000/ConsumerC2R.de-de_14.0.6137.5006.sft' herstellen (Rückgabecode 00000729-00000020, ursprünglicher Rückgabecode 00000729-00000020). Error - 27.07.2013 02:14:01 | Computer Name = Sony-VAIO | Source = Application Virtualization Client | ID = 3008 Description = {hap=13:app=Microsoft Word Starter 2010 9014006604070000:tid=1E0C:usr=Sony} Der Client konnte keine Verbindung mit Application Virtualization Server herstellen (Rückgabecode 00000729-00000020). Error - 27.07.2013 02:14:25 | Computer Name = Sony-VAIO | Source = Application Virtualization Client | ID = 5009 Description = {hap=14:app=Microsoft Word Starter 2010 9014006604070000:tid=119C:usr=Sony} Application Virtualization Client konnte keine Verbindung mit der Datenstrom-URL 'hxxp://c2r.microsoft.com/ConsumerC2R/de-de/14.0.4763.1000/ConsumerC2R.de-de_14.0.6137.5006.sft' herstellen (Rückgabecode 00000729-00000020, ursprünglicher Rückgabecode 00000729-00000020). Error - 27.07.2013 02:14:25 | Computer Name = Sony-VAIO | Source = Application Virtualization Client | ID = 3008 Description = {hap=14:app=Microsoft Word Starter 2010 9014006604070000:tid=119C:usr=Sony} Der Client konnte keine Verbindung mit Application Virtualization Server herstellen (Rückgabecode 00000729-00000020). Error - 27.07.2013 04:15:14 | Computer Name = Sony-VAIO | Source = Customer Experience Improvement Program | ID = 1006 Description = Error - 27.07.2013 05:00:01 | Computer Name = Sony-VAIO | Source = Customer Experience Improvement Program | ID = 1006 Description = Error - 28.07.2013 01:10:58 | Computer Name = Sony-VAIO | Source = Customer Experience Improvement Program | ID = 1006 Description = Error - 28.07.2013 03:08:37 | Computer Name = Sony-VAIO | Source = SideBySide | ID = 16842832 Description = Fehler beim Generieren des Aktivierungskontexts für "c:\Users\Sony\downloads\SoftonicDownloader_fuer_format-factory.exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest. Komponente 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest. Error - 28.07.2013 07:29:23 | Computer Name = Sony-VAIO | Source = SideBySide | ID = 16842832 Description = Fehler beim Generieren des Aktivierungskontexts für "D:\Downloads\SoftonicDownloader_fuer_format-factory.exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest. Komponente 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest. Error - 28.07.2013 10:35:17 | Computer Name = Sony-VAIO | Source = Iminent | ID = 0 Description = [ Media Center Events ] Error - 04.12.2012 08:40:45 | Computer Name = Sony-VAIO | Source = MCUpdate | ID = 0 Description = 13:40:45 - Fehler beim Herstellen der Internetverbindung. 13:40:45 - Serververbindung konnte nicht hergestellt werden.. Error - 04.12.2012 08:41:01 | Computer Name = Sony-VAIO | Source = MCUpdate | ID = 0 Description = 13:40:51 - Fehler beim Herstellen der Internetverbindung. 13:40:51 - Serververbindung konnte nicht hergestellt werden.. [ System Events ] Error - 11.07.2013 11:48:30 | Computer Name = Sony-VAIO | Source = EventLog | ID = 6008 Description = Das System wurde zuvor am ?11.?07.?2013 um 12:55:13 unerwartet heruntergefahren. Error - 12.07.2013 02:32:01 | Computer Name = Sony-VAIO | Source = WMPNetworkSvc | ID = 866300 Description = Error - 13.07.2013 04:56:09 | Computer Name = Sony-VAIO | Source = Service Control Manager | ID = 7034 Description = Dienst "Google Update Service (gupdate)" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Error - 13.07.2013 06:39:50 | Computer Name = Sony-VAIO | Source = DCOM | ID = 10010 Description = Error - 18.07.2013 14:27:22 | Computer Name = Sony-VAIO | Source = Service Control Manager | ID = 7022 Description = Der Dienst "VAIO Care Performance Service" wurde nicht richtig gestartet. Error - 20.07.2013 13:35:33 | Computer Name = Sony-VAIO | Source = EventLog | ID = 6008 Description = Das System wurde zuvor am ?20.?07.?2013 um 19:33:04 unerwartet heruntergefahren. Error - 25.07.2013 02:32:20 | Computer Name = Sony-VAIO | Source = WMPNetworkSvc | ID = 866300 Description = Error - 26.07.2013 14:46:38 | Computer Name = Sony-VAIO | Source = Service Control Manager | ID = 7030 Description = Der Dienst "TrueVector Internet Monitor" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren. Error - 27.07.2013 03:08:33 | Computer Name = Sony-VAIO | Source = Disk | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden. Error - 27.07.2013 03:08:35 | Computer Name = Sony-VAIO | Source = Disk | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden. < End of report > Und die gmer.txt GMER 2.1.19163 - hxxp://www.gmer.net Rootkit scan 2013-07-28 18:24:26 Windows 6.1.7600 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 Hitachi_ rev.PB4O 465,76GB Running: gmer_2.1.19163.exe; Driver: C:\Users\Sony\AppData\Local\Temp\kxliipob.sys ---- User code sections - GMER 2.1 ---- .text C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe[1532] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076d21465 2 bytes [D2, 76] .text C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe[1532] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076d214bb 2 bytes [D2, 76] .text ... * 2 .text C:\Windows\SysWOW64\RunDll32.exe[2108] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076d21465 2 bytes [D2, 76] .text C:\Windows\SysWOW64\RunDll32.exe[2108] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076d214bb 2 bytes [D2, 76] .text ... * 2 .text C:\Program Files (x86)\funkwerk WIN-Tools\Eumex 401 WIN-Tools V2.00\ControlCenter.exe[3068] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076d21465 2 bytes [D2, 76] .text C:\Program Files (x86)\funkwerk WIN-Tools\Eumex 401 WIN-Tools V2.00\ControlCenter.exe[3068] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076d214bb 2 bytes [D2, 76] .text ... * 2 .text C:\Program Files (x86)\VTech\DownloadManager\System\AgentMonitor.exe[3180] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076d21465 2 bytes [D2, 76] .text C:\Program Files (x86)\VTech\DownloadManager\System\AgentMonitor.exe[3180] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076d214bb 2 bytes [D2, 76] .text ... * 2 .text C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe[3512] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076d21465 2 bytes [D2, 76] .text C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe[3512] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076d214bb 2 bytes [D2, 76] .text ... * 2 .text C:\Program Files (x86)\Common Files\Umbrella\Umbrella.exe[3908] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076d21465 2 bytes [D2, 76] .text C:\Program Files (x86)\Common Files\Umbrella\Umbrella.exe[3908] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076d214bb 2 bytes [D2, 76] .text ... * 2 .text C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe[2980] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076d21465 2 bytes [D2, 76] .text C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe[2980] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076d214bb 2 bytes [D2, 76] .text ... * 2 .text C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe[4224] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076d21465 2 bytes [D2, 76] .text C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe[4224] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076d214bb 2 bytes [D2, 76] .text ... * 2 .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[4756] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076d21465 2 bytes [D2, 76] .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[4756] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076d214bb 2 bytes [D2, 76] .text ... * 2 .text C:\Users\Sony\Downloads\gmer_2.1.19163.exe[5276] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076d21465 2 bytes [D2, 76] .text C:\Users\Sony\Downloads\gmer_2.1.19163.exe[5276] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076d214bb 2 bytes [D2, 76] .text ... * 2 ---- Threads - GMER 2.1 ---- Thread C:\Windows\SysWOW64\rundll32.exe [2412:2660] 00000000002af090 Thread C:\Windows\SysWOW64\rundll32.exe [2412:2664] 0000000000183a80 Thread C:\Windows\SysWOW64\rundll32.exe [2412:2460] 0000000000183a10 Thread C:\Windows\SysWOW64\rundll32.exe [2412:6964] 00000000004d96b7 Thread C:\Windows\SysWOW64\rundll32.exe [2412:6940] 00000000004d6874 Thread C:\Windows\SysWOW64\rundll32.exe [2412:6984] 00000000004d6dbc ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0c6076a27abb Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\c0cb38fe8018 Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\f07bcbe79202 Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0c6076a27abb (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\c0cb38fe8018 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\f07bcbe79202 (not active ControlSet) ---- EOF - GMER 2.1 ---- Falls ich noch irgendwas ergänzen muss, bin ich für jeden Hinweis dankbar.  im Vorfeldalbertoknox |
|
28.07.2013, 18:26
| #2 |
| /// the machine /// TB-Ausbilder    | Google Redirect Virus hi,
__________________Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
 So funktioniert es:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ |
|
28.07.2013, 18:38
| #3 |
| | Google Redirect Virus Hallo schrauber,
__________________Danke das du mir hilfst! Hier die gewünschten Dateien: FRST.txt FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 28-07-2013
Ran by Sony (administrator) on 28-07-2013 19:32:07
Running from C:\Users\Sony\Downloads
Windows 7 Home Premium (X64) OS Language: German Standard
Internet Explorer Version 8
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(AMD) C:\Windows\system32\atiesrxx.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Check Point Software Technologies LTD) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Google Inc.) C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Gate\VAIO Gate.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Sony Corporation) C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
(APN LLC.) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Iminent) C:\Program Files (x86)\Iminent\Iminent.exe
(Funkwerk Enterprise Communications GmbH) C:\Program Files (x86)\funkwerk WIN-Tools\Eumex 401 WIN-Tools V2.00\ControlCenter.exe
(Iminent) C:\Program Files (x86)\Iminent\Iminent.Messengers.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe
() C:\Program Files (x86)\VTech\DownloadManager\System\AgentMonitor.exe
() C:\Program Files (x86)\devolo\dlan\devolonetsvc.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(SafeNet Inc.) C:\Windows\system32\hasplms.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(APN) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
(Check Point Software Technologies LTD) C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Iminent) C:\Program Files (x86)\Common Files\Umbrella\Umbrella.exe
(ArcSoft, Inc.) C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Smart Network\VSNService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\DllHost.exe
() C:\Program Files (x86)\Verbindungsassistent\WTGService.exe
(Check Point Software Technologies, Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
(Microsoft Corporation) c:\Program Files\Microsoft Security Client\NisSrv.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Update\VUAgent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCPerfService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Power Management\SPMService.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCsystray.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCService.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCAgent.exe
(Microsoft Corporation) C:\Windows\System32\vds.exe
(Microsoft Corporation) C:\Windows\system32\prevhost.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\Admload.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Sony of America Corporation) C:\Program Files\Sony\VAIO Care\listener.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10775584 2010-05-31] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2040352 2010-05-31] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2057000 2010-05-31] (Synaptics Incorporated)
HKLM\...\Run: [MSC] - c:\Program Files\Microsoft Security Client\msseces.exe [1356240 2013-06-20] (Microsoft Corporation)
HKLM\...\Run: [Windows Mobile Device Center] - C:\Windows\WindowsMobile\wmdc.exe [660360 2007-05-31] (Microsoft Corporation)
HKCU\...\Run: [swg] - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2010-07-29] (Google Inc.)
HKCU\...\Policies\system: [DisableLockWorkstation] 0
HKCU\...\Policies\system: [DisableChangePassword] 0
MountPoints2: D - D:\Setup.exe
MountPoints2: F - F:\AutoRun.exe
MountPoints2: {1b9b91c3-1af6-11e0-8fe8-c0cb38fe8018} - E:\AutoRun.exe
MountPoints2: {2255c756-1bdd-11e0-bfda-544249ef2dcf} - E:\AutoRun.exe
MountPoints2: {2255c75a-1bdd-11e0-bfda-544249ef2dcf} - E:\AutoRun.exe
MountPoints2: {c1604838-18a2-11e0-9ceb-c0cb38fe8018} - E:\AutoRun.exe
MountPoints2: {c160483d-18a2-11e0-9ceb-c0cb38fe8018} - E:\AutoRun.exe
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2010-03-04] (Intel Corporation)
HKLM-x32\...\Run: [ISBMgr.exe] - C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe [673136 2010-05-31] (Sony Corporation)
HKLM-x32\...\Run: [PMBVolumeWatcher] - C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe [600928 2010-06-01] (Sony Corporation)
HKLM-x32\...\Run: [TkBellExe] - C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe [273528 2011-10-29] (RealNetworks, Inc.)
HKLM-x32\...\Run: [Iminent] - C:\Program Files (x86)\Iminent\Iminent.exe [1074376 2012-12-12] (Iminent)
HKLM-x32\...\Run: [IminentMessenger] - C:\Program Files (x86)\Iminent\Iminent.Messengers.exe [884936 2012-12-12] (Iminent)
HKLM-x32\...\Run: [AgentMonitor] - C:\Program Files (x86)\VTech\DownloadManager\System\AgentMonitor.exe [377800 2012-11-05] ()
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [102400 2010-09-20] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [345144 2013-07-18] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [ApnTBMon] - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe [1558480 2013-07-26] (APN)
HKLM-x32\...\Run: [ZoneAlarm] - C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe [73832 2013-06-19] (Check Point Software Technologies LTD)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Control Center.lnk
ShortcutTarget: Control Center.lnk -> C:\Program Files (x86)\funkwerk WIN-Tools\Eumex 401 WIN-Tools V2.00\ControlCenter.exe (Funkwerk Enterprise Communications GmbH)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe (McAfee, Inc.)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.zonealarm.com/?src=hp&tbid=goughDev3&Lan=de&gu=88a3cebac53d4b5c934b50787c49ae65&tu=10G9z009E1B0CO0&sku=&tstsId=&ver=&
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=SVEE&bmod=SVEE
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - {C3961666-4863-431B-8216-70911F101CDA} URL = hxxp://services.zinio.com/search?s={searchTerms}&rf=sonyslices
SearchScopes: HKCU - {CF856E5B-561E-465E-8CB1-A1B9646D46C1} URL = hxxp://rover.ebay.com/rover/1/707-37276-16609-9/4?satitle={searchTerms}
SearchScopes: HKCU - {DCF6A7EE-08F2-45F4-B7CE-013965687E94} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000027&src=crm&q={searchTerms}&locale=de_DE&apn_ptnrs=^U3&apn_dtid=^OSJ000^YY^DE&apn_uid=30914DF7-E8FE-405D-9DD1-261D5AE7163A&apn_sauid=8BE26948-9CA5-4635-9AF2-D6B6AD5AA66C
SearchScopes: HKCU - {E0D8CAF3-3C12-4334-AB96-3940DA527B66} URL = hxxp://de.shopping.com/?linkin_id=8056363
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg64.dll (Google Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: Zonealarm Helper Object - {2A841F7A-A014-4DA5-B6D9-8B913DFB7A8C} - C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.8.21.15\bh\zonealarm.dll (Check Point Software Technologies LTD)
BHO-x32: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
BHO-x32: Avira SearchFree Toolbar plus Web Protection - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll (APN LLC.)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: IMinent WebBooster (BHO) - {A09AB6EB-31B5-454C-97EC-9B294D92EE2A} - C:\Program Files (x86)\Iminent\Iminent.WebBooster.InternetExplorer.dll (Iminent)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll (Google Inc.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM-x32 - Avira SearchFree Toolbar plus Web Protection - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll (APN LLC.)
Toolbar: HKLM-x32 - ZoneAlarm Security Toolbar - {438FAE3E-BDEF-44D3-AB8B-0C7C8350DF59} - C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.8.21.15\zonealarmTlbr.dll (Check Point Software Technologies LTD)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
Toolbar: HKCU - No Name - {41564952-412D-5637-00A7-7A786E7484D7} - No File
DPF: HKLM-x32 {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} hxxp://quickscan.bitdefender.com/qsax/qsax.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://active.macromedia.com/flash2/cabs/swflash.cab
Handler: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\system32\urlmon.dll (Microsoft Corporation)
Handler-x32: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - No File
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
FireFox:
========
FF ProfilePath: C:\Users\Sony\AppData\Roaming\Mozilla\Firefox\Profiles\wb55tb9o.default
FF user.js: detected! => C:\Users\Sony\AppData\Roaming\Mozilla\Firefox\Profiles\wb55tb9o.default\user.js
FF SelectedSearchEngine: Google
FF Homepage: hxxp://www.google.de
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin-x32: @garmin.com/GpsControl - C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8117.0416 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @real.com/nppl3260;version=12.0.1.669 - c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprjplug;version=12.0.1.669 - c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpchromebrowserrecordext;version=12.0.1.669 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprphtml5videoshim;version=12.0.1.669 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpjplug;version=12.0.1.669 - c:\program files (x86)\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Sony\AppData\Roaming\Mozilla\Firefox\Profiles\wb55tb9o.default\searchplugins\zonealarm.xml
FF Extension: zonealarm.com - C:\Users\Sony\AppData\Roaming\Mozilla\Firefox\Profiles\wb55tb9o.default\Extensions\ffxtlbr@zonealarm.com
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF Extension: RealPlayer Browser Record Plugin - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [aaaaacalgebmfelllfiaoknifldpngjh] - C:\ProgramData\AskPartnerNetwork\Toolbar\AVIRA-V7\CRX\ToolbarCR.crx
CHR HKLM-x32\...\Chrome\Extension: [igdhbblpcellaljokkpfhcjlagemhgjl] - C:\Program Files (x86)\Iminent\Iminent.crx
CHR HKLM-x32\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx
==================== Services (Whitelisted) =================
S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [84024 2013-07-18] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [108088 2013-07-18] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [589368 2013-07-18] (Avira Operations GmbH & Co. KG)
R2 APNMCP; C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [168400 2013-07-26] (APN LLC.)
R2 DevoloNetworkService; C:\Program Files (x86)\devolo\dlan\devolonetsvc.exe [2231616 2010-07-19] ()
R2 hasplms; C:\Windows\system32\hasplms.exe [4913608 2011-12-01] (SafeNet Inc.)
S3 McComponentHostService; C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe [235216 2013-02-05] (McAfee, Inc.)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-06-20] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366600 2013-06-20] (Microsoft Corporation)
R2 SampleCollector; C:\Program Files\Sony\VAIO Care\VCPerfService.exe [259192 2011-01-29] (Sony Corporation)
R2 SProtection; C:\Program Files (x86)\Common Files\Umbrella\Umbrella.exe [2620016 2013-01-25] (Iminent)
R2 uCamMonitor; C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [104960 2008-09-18] (ArcSoft, Inc.)
S3 VCFw; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [851824 2010-06-17] (Sony Corporation)
R2 vsmon; C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe [2445304 2013-06-19] (Check Point Software Technologies LTD)
R3 VUAgent; C:\Program Files\Sony\VAIO Update\VUAgent.exe [1286784 2012-10-26] (Sony Corporation)
R2 WTGService; C:\Program Files (x86)\Verbindungsassistent\WTGService.exe [296400 2009-03-03] ()
R2 ZAPrivacyService; C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe [54160 2013-06-18] (Check Point Software Technologies, Ltd.)
==================== Drivers (Whitelisted) ====================
R3 ArcSoftKsUFilter; C:\Windows\System32\DRIVERS\ArcSoftKsUFilter.sys [19968 2009-05-26] (ArcSoft, Inc.)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130016 2013-07-18] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-07-18] (Avira Operations GmbH & Co. KG)
R2 hardlock; C:\Windows\system32\drivers\hardlock.sys [321536 2011-09-28] (SafeNet Inc.)
R0 KL1; C:\Windows\System32\DRIVERS\kl1.sys [458584 2012-11-15] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [613720 2013-02-21] (Kaspersky Lab)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [247216 2013-06-18] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [139616 2013-06-18] (Microsoft Corporation)
R2 NPF_devolo; C:\Windows\sysWOW64\drivers\npf_devolo.sys [34048 2010-06-10] (CACE Technologies)
R1 Vsdatant; C:\Windows\System32\DRIVERS\vsdatant.sys [451096 2013-06-13] (Check Point Software Technologies LTD)
U3 kxliipob; \??\C:\Users\Sony\AppData\Local\Temp\kxliipob.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-07-28 19:31 - 2013-07-28 19:31 - 01780547 _____ (Farbar) C:\Users\Sony\Downloads\FRST64.exe
2013-07-28 19:31 - 2013-07-28 19:31 - 00000000 ____D C:\FRST
2013-07-28 18:24 - 2013-07-28 18:24 - 00007954 _____ C:\Users\Sony\Desktop\gmer.log
2013-07-28 17:33 - 2013-07-28 17:33 - 00377856 _____ C:\Users\Sony\Downloads\gmer_2.1.19163.exe
2013-07-28 17:12 - 2013-07-28 17:31 - 00075910 _____ C:\Users\Sony\Downloads\Extras.Txt
2013-07-28 17:10 - 2013-07-28 17:30 - 00129480 _____ C:\Users\Sony\Downloads\OTL.Txt
2013-07-28 16:58 - 2013-07-28 16:58 - 00602112 _____ (OldTimer Tools) C:\Users\Sony\Downloads\OTL.exe
2013-07-28 16:58 - 2013-07-28 16:58 - 00000352 _____ C:\Users\Sony\Desktop\posting.txt
2013-07-28 16:56 - 2013-07-28 16:56 - 00000470 _____ C:\Users\Sony\Downloads\defogger_disable.log
2013-07-28 16:56 - 2013-07-28 16:56 - 00000000 _____ C:\Users\Sony\defogger_reenable
2013-07-28 16:55 - 2013-07-28 16:55 - 00050477 _____ C:\Users\Sony\Downloads\Defogger.exe
2013-07-28 16:35 - 2013-07-28 16:35 - 00000000 ____D C:\Users\Sony\Documents\Bluetooth-Exchange-Ordner
2013-07-28 13:38 - 2013-07-28 13:38 - 00000000 ____D C:\Users\Sony\AppData\Local\DoNotTrackPlus
2013-07-27 12:53 - 2013-07-28 16:34 - 00000168 _____ C:\Windows\setupact.log
2013-07-27 12:53 - 2013-07-27 12:53 - 00000000 _____ C:\Windows\setuperr.log
2013-07-27 12:52 - 2013-07-27 12:52 - 00004284 _____ C:\Windows\PFRO.log
2013-07-26 20:46 - 2013-07-26 20:50 - 00417513 _____ C:\Windows\system32\Drivers\vsconfig.xml
2013-07-26 20:46 - 2012-11-15 21:06 - 00458584 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\kl1.sys
2013-07-26 20:45 - 2013-07-26 20:45 - 00000762 _____ C:\Users\Public\Desktop\Firewall.lnk
2013-07-26 20:45 - 2013-02-21 14:44 - 00613720 _____ (Kaspersky Lab) C:\Windows\system32\Drivers\klif.sys
2013-07-26 20:45 - 2013-02-21 14:44 - 00089944 _____ (Kaspersky Lab) C:\Windows\system32\Drivers\klflt.sys
2013-07-26 20:41 - 2013-07-26 20:41 - 00000000 ____D C:\Users\Sony\AppData\Roaming\Check Point Software Technologies LTD
2013-07-26 20:41 - 2013-07-26 20:41 - 00000000 ____D C:\Program Files (x86)\Check Point Software Technologies LTD
2013-07-26 20:40 - 2013-07-26 20:44 - 00000000 ____D C:\Program Files (x86)\CheckPoint
2013-07-26 20:39 - 2013-07-26 20:39 - 00000000 ____D C:\ProgramData\CheckPoint
2013-07-26 18:32 - 2013-07-26 18:32 - 00000000 ____D C:\Users\Sony\4.0
2013-07-26 18:32 - 2013-07-26 18:32 - 00000000 ____D C:\Users\Sony\.tfo4
2013-07-19 08:48 - 2013-07-19 09:29 - 00002046 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2013-07-19 08:48 - 2013-07-19 09:29 - 00000000 ____D C:\Program Files (x86)\McAfee Security Scan
2013-07-19 08:48 - 2013-07-19 08:48 - 00000000 ____D C:\Users\Sony\AppData\Local\Macromedia
2013-07-19 08:48 - 2013-07-19 08:48 - 00000000 ____D C:\ProgramData\McAfee Security Scan
2013-07-18 20:28 - 2013-07-18 20:28 - 00000000 ____D C:\Users\Sony\AppData\Local\Mozilla
2013-07-18 20:27 - 2013-07-26 22:20 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-07-18 20:27 - 2013-07-18 20:27 - 00001151 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-07-18 20:27 - 2013-07-18 20:27 - 00000000 ____D C:\ProgramData\Mozilla
2013-07-18 20:27 - 2013-07-18 20:27 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-07-18 20:24 - 2013-07-18 20:24 - 00000000 ____D C:\Users\Sony\AppData\Roaming\Avira
2013-07-18 20:23 - 2013-07-18 20:23 - 00083672 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2013-07-18 20:18 - 2013-07-18 20:18 - 00000000 ____D C:\Users\Sony\AppData\Local\AskPartnerNetwork
2013-07-18 20:17 - 2013-07-18 20:29 - 00000000 ____D C:\Users\Sony\AppData\Roaming\Mozilla
2013-07-18 20:17 - 2013-07-18 20:17 - 00000000 ____D C:\ProgramData\AskPartnerNetwork
2013-07-18 20:17 - 2013-07-18 20:17 - 00000000 ____D C:\Program Files (x86)\AskPartnerNetwork
2013-07-18 20:16 - 2013-07-26 21:34 - 00002070 _____ C:\Users\Public\Desktop\Avira Control Center.lnk
2013-07-18 20:16 - 2013-07-18 20:16 - 00000000 ____D C:\ProgramData\APN
2013-07-18 20:15 - 2013-07-26 21:37 - 00000000 ____D C:\ProgramData\Avira
2013-07-18 20:15 - 2013-07-18 20:15 - 00000000 ____D C:\Program Files (x86)\Avira
2013-07-18 20:15 - 2013-07-18 20:14 - 00130016 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2013-07-18 20:15 - 2013-07-18 20:14 - 00100712 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2013-07-18 20:15 - 2013-07-18 20:14 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2013-07-16 09:54 - 2013-07-16 09:54 - 00000000 ____D C:\Users\Sony\AppData\Roaming\QuickScan
2013-06-30 17:32 - 2013-07-28 16:34 - 00000306 _____ C:\Windows\Tasks\Ovoquq.job
2013-06-30 17:32 - 2013-06-30 17:32 - 00233472 __RSH C:\Windows\SysWOW64\KBDVNTCU.dll
2013-06-30 17:32 - 2013-06-30 17:32 - 00002586 _____ C:\Windows\System32\Tasks\Ovoquq
==================== One Month Modified Files and Folders =======
2013-07-28 19:31 - 2013-07-28 19:31 - 01780547 _____ (Farbar) C:\Users\Sony\Downloads\FRST64.exe
2013-07-28 19:31 - 2013-07-28 19:31 - 00000000 ____D C:\FRST
2013-07-28 18:53 - 2010-07-29 13:31 - 00001124 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-07-28 18:48 - 2010-11-30 15:48 - 01901671 _____ C:\Windows\WindowsUpdate.log
2013-07-28 18:40 - 2012-04-07 08:00 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-07-28 18:25 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\NDF
2013-07-28 18:24 - 2013-07-28 18:24 - 00007954 _____ C:\Users\Sony\Desktop\gmer.log
2013-07-28 17:33 - 2013-07-28 17:33 - 00377856 _____ C:\Users\Sony\Downloads\gmer_2.1.19163.exe
2013-07-28 17:31 - 2013-07-28 17:12 - 00075910 _____ C:\Users\Sony\Downloads\Extras.Txt
2013-07-28 17:30 - 2013-07-28 17:10 - 00129480 _____ C:\Users\Sony\Downloads\OTL.Txt
2013-07-28 16:58 - 2013-07-28 16:58 - 00602112 _____ (OldTimer Tools) C:\Users\Sony\Downloads\OTL.exe
2013-07-28 16:58 - 2013-07-28 16:58 - 00000352 _____ C:\Users\Sony\Desktop\posting.txt
2013-07-28 16:56 - 2013-07-28 16:56 - 00000470 _____ C:\Users\Sony\Downloads\defogger_disable.log
2013-07-28 16:56 - 2013-07-28 16:56 - 00000000 _____ C:\Users\Sony\defogger_reenable
2013-07-28 16:56 - 2010-11-30 15:49 - 00000000 ____D C:\Users\Sony
2013-07-28 16:55 - 2013-07-28 16:55 - 00050477 _____ C:\Users\Sony\Downloads\Defogger.exe
2013-07-28 16:42 - 2010-07-29 23:06 - 00697550 _____ C:\Windows\system32\perfh007.dat
2013-07-28 16:42 - 2010-07-29 23:06 - 00148556 _____ C:\Windows\system32\perfc007.dat
2013-07-28 16:42 - 2009-07-14 07:13 - 01615028 _____ C:\Windows\system32\PerfStringBackup.INI
2013-07-28 16:42 - 2009-07-14 06:45 - 00013872 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-28 16:42 - 2009-07-14 06:45 - 00013872 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-28 16:35 - 2013-07-28 16:35 - 00000000 ____D C:\Users\Sony\Documents\Bluetooth-Exchange-Ordner
2013-07-28 16:34 - 2013-07-27 12:53 - 00000168 _____ C:\Windows\setupact.log
2013-07-28 16:34 - 2013-06-30 17:32 - 00000306 _____ C:\Windows\Tasks\Ovoquq.job
2013-07-28 16:34 - 2010-07-29 13:31 - 00001120 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-07-28 16:34 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-07-28 14:22 - 2010-12-27 12:49 - 00000000 ____D C:\Users\Sony\AppData\Roaming\SoftGrid Client
2013-07-28 14:04 - 2013-06-23 10:08 - 00000000 ____D C:\Firefox
2013-07-28 14:04 - 2012-02-10 10:00 - 00003340 _____ C:\Windows\System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-2543720412-3401914931-1110669274-1000
2013-07-28 14:04 - 2011-10-24 10:03 - 00003204 _____ C:\Windows\System32\Tasks\RealUpgradeLogonTaskS-1-5-21-2543720412-3401914931-1110669274-1000
2013-07-28 14:00 - 2012-06-20 18:41 - 00000000 ____D C:\Program Files (x86)\Trimble
2013-07-28 13:38 - 2013-07-28 13:38 - 00000000 ____D C:\Users\Sony\AppData\Local\DoNotTrackPlus
2013-07-28 12:39 - 2013-03-13 12:14 - 00000000 ____D C:\Users\Sony\Documents\Bewerbung
2013-07-28 12:14 - 2010-07-13 20:20 - 00000000 ___RD C:\Users\Public\Recorded TV
2013-07-27 12:53 - 2013-07-27 12:53 - 00000000 _____ C:\Windows\setuperr.log
2013-07-27 12:52 - 2013-07-27 12:52 - 00004284 _____ C:\Windows\PFRO.log
2013-07-26 22:20 - 2013-07-18 20:27 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-07-26 22:16 - 2010-12-31 10:42 - 00000000 ____D C:\Users\Sony\AppData\Roaming\Auslogics
2013-07-26 21:37 - 2013-07-18 20:15 - 00000000 ____D C:\ProgramData\Avira
2013-07-26 21:34 - 2013-07-18 20:16 - 00002070 _____ C:\Users\Public\Desktop\Avira Control Center.lnk
2013-07-26 20:50 - 2013-07-26 20:46 - 00417513 _____ C:\Windows\system32\Drivers\vsconfig.xml
2013-07-26 20:45 - 2013-07-26 20:45 - 00000762 _____ C:\Users\Public\Desktop\Firewall.lnk
2013-07-26 20:44 - 2013-07-26 20:40 - 00000000 ____D C:\Program Files (x86)\CheckPoint
2013-07-26 20:41 - 2013-07-26 20:41 - 00000000 ____D C:\Users\Sony\AppData\Roaming\Check Point Software Technologies LTD
2013-07-26 20:41 - 2013-07-26 20:41 - 00000000 ____D C:\Program Files (x86)\Check Point Software Technologies LTD
2013-07-26 20:39 - 2013-07-26 20:39 - 00000000 ____D C:\ProgramData\CheckPoint
2013-07-26 18:32 - 2013-07-26 18:32 - 00000000 ____D C:\Users\Sony\4.0
2013-07-26 18:32 - 2013-07-26 18:32 - 00000000 ____D C:\Users\Sony\.tfo4
2013-07-20 14:23 - 2009-07-14 07:08 - 00032632 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-07-19 09:29 - 2013-07-19 08:48 - 00002046 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2013-07-19 09:29 - 2013-07-19 08:48 - 00000000 ____D C:\Program Files (x86)\McAfee Security Scan
2013-07-19 08:48 - 2013-07-19 08:48 - 00000000 ____D C:\Users\Sony\AppData\Local\Macromedia
2013-07-19 08:48 - 2013-07-19 08:48 - 00000000 ____D C:\ProgramData\McAfee Security Scan
2013-07-19 08:48 - 2011-01-02 16:18 - 00000000 ____D C:\Users\Sony\AppData\Local\Adobe
2013-07-19 08:48 - 2010-07-29 13:17 - 00000000 ____D C:\ProgramData\McAfee
2013-07-19 08:47 - 2012-04-07 08:00 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-07-19 08:47 - 2012-04-07 08:00 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-07-19 08:47 - 2012-02-24 22:02 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-07-18 20:29 - 2013-07-18 20:17 - 00000000 ____D C:\Users\Sony\AppData\Roaming\Mozilla
2013-07-18 20:28 - 2013-07-18 20:28 - 00000000 ____D C:\Users\Sony\AppData\Local\Mozilla
2013-07-18 20:27 - 2013-07-18 20:27 - 00001151 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-07-18 20:27 - 2013-07-18 20:27 - 00000000 ____D C:\ProgramData\Mozilla
2013-07-18 20:27 - 2013-07-18 20:27 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-07-18 20:24 - 2013-07-18 20:24 - 00000000 ____D C:\Users\Sony\AppData\Roaming\Avira
2013-07-18 20:23 - 2013-07-18 20:23 - 00083672 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2013-07-18 20:18 - 2013-07-18 20:18 - 00000000 ____D C:\Users\Sony\AppData\Local\AskPartnerNetwork
2013-07-18 20:17 - 2013-07-18 20:17 - 00000000 ____D C:\ProgramData\AskPartnerNetwork
2013-07-18 20:17 - 2013-07-18 20:17 - 00000000 ____D C:\Program Files (x86)\AskPartnerNetwork
2013-07-18 20:16 - 2013-07-18 20:16 - 00000000 ____D C:\ProgramData\APN
2013-07-18 20:16 - 2012-03-07 20:58 - 00002155 _____ C:\Windows\epplauncher.mif
2013-07-18 20:16 - 2012-03-07 20:38 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2013-07-18 20:16 - 2012-03-07 20:37 - 00000000 ____D C:\Program Files\Microsoft Security Client
2013-07-18 20:15 - 2013-07-18 20:15 - 00000000 ____D C:\Program Files (x86)\Avira
2013-07-18 20:14 - 2013-07-18 20:15 - 00130016 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2013-07-18 20:14 - 2013-07-18 20:15 - 00100712 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2013-07-18 20:14 - 2013-07-18 20:15 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2013-07-16 09:54 - 2013-07-16 09:54 - 00000000 ____D C:\Users\Sony\AppData\Roaming\QuickScan
2013-07-15 20:48 - 2010-07-29 13:31 - 00004120 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-07-15 20:48 - 2010-07-29 13:31 - 00003868 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-07-11 10:14 - 2013-06-23 10:16 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-07-11 10:14 - 2013-06-23 10:16 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-07-03 09:56 - 2011-06-21 20:33 - 00000000 ____D C:\Update
2013-06-30 17:32 - 2013-06-30 17:32 - 00233472 __RSH C:\Windows\SysWOW64\KBDVNTCU.dll
2013-06-30 17:32 - 2013-06-30 17:32 - 00002586 _____ C:\Windows\System32\Tasks\Ovoquq
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-07-25 09:53
==================== End Of Log ============================
--- --- --- Addition.txt Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 28-07-2013
Ran by Sony at 2013-07-28 19:32:39
Running from C:\Users\Sony\Downloads
Boot Mode: Normal
==========================================================
==================== Installed Programs =======================
Adobe AIR (x32 Version: 2.0.2.12610)
Adobe Flash Player 11 ActiveX (x32 Version: 11.7.700.224)
Adobe Flash Player 11 Plugin (x32 Version: 11.8.800.94)
Adobe Photoshop Elements 8.0 (x32 Version: 8.0)
Adobe Premiere Elements 8.0 (x32 Version: 8.0)
Adobe Reader XI (11.0.03) - Deutsch (x32 Version: 11.0.03)
ArcSoft Magic-i Visual Effects 2 (x32 Version: 2.0.1.115)
ArcSoft WebCam Companion 3 (x32 Version: 3.0.21.368)
ATI Catalyst Install Manager (Version: 3.0.769.0)
Avira Free Antivirus (x32 Version: 13.0.0.3884)
Avira SearchFree Toolbar plus Web Protection (x32 Version: 12.2.2.663)
Catalyst Control Center - Branding (x32 Version: 1.00.0000)
Catalyst Control Center Core Implementation (x32 Version: 2010.0920.2143.37117)
Catalyst Control Center Graphics Full Existing (x32 Version: 2010.0920.2143.37117)
Catalyst Control Center Graphics Full New (x32 Version: 2010.0920.2143.37117)
Catalyst Control Center Graphics Light (x32 Version: 2010.0920.2143.37117)
Catalyst Control Center Graphics Previews Common (x32 Version: 2010.0920.2143.37117)
Catalyst Control Center Graphics Previews Vista (x32 Version: 2010.0920.2143.37117)
Catalyst Control Center InstallProxy (x32 Version: 2010.0209.16.306)
Catalyst Control Center InstallProxy (x32 Version: 2010.0920.2143.37117)
Catalyst Control Center Localization All (x32 Version: 2010.0920.2143.37117)
CCC Help Chinese Standard (x32 Version: 2010.0920.2142.37117)
CCC Help Chinese Traditional (x32 Version: 2010.0920.2142.37117)
CCC Help Czech (x32 Version: 2010.0920.2142.37117)
CCC Help Danish (x32 Version: 2010.0920.2142.37117)
CCC Help Dutch (x32 Version: 2010.0920.2142.37117)
CCC Help English (x32 Version: 2010.0920.2142.37117)
CCC Help Finnish (x32 Version: 2010.0920.2142.37117)
CCC Help French (x32 Version: 2010.0920.2142.37117)
CCC Help German (x32 Version: 2010.0920.2142.37117)
CCC Help Greek (x32 Version: 2010.0920.2142.37117)
CCC Help Hungarian (x32 Version: 2010.0920.2142.37117)
CCC Help Italian (x32 Version: 2010.0920.2142.37117)
CCC Help Japanese (x32 Version: 2010.0920.2142.37117)
CCC Help Korean (x32 Version: 2010.0920.2142.37117)
CCC Help Norwegian (x32 Version: 2010.0920.2142.37117)
CCC Help Polish (x32 Version: 2010.0920.2142.37117)
CCC Help Portuguese (x32 Version: 2010.0920.2142.37117)
CCC Help Russian (x32 Version: 2010.0920.2142.37117)
CCC Help Spanish (x32 Version: 2010.0920.2142.37117)
CCC Help Swedish (x32 Version: 2010.0920.2142.37117)
CCC Help Thai (x32 Version: 2010.0920.2142.37117)
CCC Help Turkish (x32 Version: 2010.0920.2142.37117)
ccc-core-static (x32 Version: 2010.0920.2143.37117)
ccc-utility64 (Version: 2010.0920.2143.37117)
devolo dLAN Cockpit (x32 Version: 1.0)
dLAN Cockpit (x32 Version: 1.19.07)
Evernote (x32 Version: 3.5.4.2224)
FormatFactory 3.0.1 (x32 Version: 3.0.1)
funkwerk Eumex 401 TAPI V1.00 (x32 Version: 1.00.0000)
funkwerk Eumex 401 WIN-Tools V2.00 (x32 Version: 2.00.0000)
Garmin Communicator Plugin (x32 Version: 4.0.4)
Garmin Communicator Plugin x64 (Version: 4.0.4)
Google Chrome (x32 Version: 28.0.1500.72)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0)
Google Toolbar for Internet Explorer (x32 Version: 7.5.4209.2358)
Google Update Helper (x32 Version: 1.3.21.153)
Iminent (x32 Version: 5.51.31.0)
Intel(R) Control Center (x32 Version: 1.2.1.1007)
Intel(R) Management Engine Components (x32 Version: 6.0.0.1179)
Intel(R) Rapid Storage Technology (x32 Version: 9.6.0.1014)
Intel(R) Turbo Boost Technology Driver (x32 Version: 01.02.00.1002)
Java 7 Update 25 (x32 Version: 7.0.250)
Java Auto Updater (x32 Version: 2.1.9.5)
Java(TM) 6 Update 20 (64-bit) (Version: 6.0.200)
Junk Mail filter update (x32 Version: 14.0.8117.416)
McAfee Security Scan Plus (x32 Version: 3.0.318.3)
Media Gallery (Version: 1.3.0)
Media Gallery (x32 Version: 1.3.0.06230)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended DEU Language Pack (Version: 4.0.30319)
Microsoft Antimalware Service DE-DE Language Pack (Version: 3.0.8402.2)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Choice Guard (x32 Version: 2.0.48.0)
Microsoft Office 2010 (x32 Version: 14.0.4763.1000)
Microsoft Office Klick-und-Los 2010 (Version: 14.0.4763.1000)
Microsoft Office Klick-und-Los 2010 (x32 Version: 14.0.4763.1000)
Microsoft Office Starter 2010 - Deutsch (x32 Version: 14.0.4763.1000)
Microsoft ReportViewer 2010 Redistributable - Language Pack - deu (x32 Version: 10.0.40219)
Microsoft ReportViewer 2010 SP1 Redistributable (KB2549864) (x32 Version: 10.0.40220)
Microsoft Security Client (Version: 4.3.0215.0)
Microsoft Security Client DE-DE Language Pack (Version: 2.1.1116.0)
Microsoft Security Essentials (Version: 4.3.215.0)
Microsoft Silverlight (Version: 5.1.20513.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (Version: 8.0.51011)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Mozilla Firefox 22.0 (x86 de) (x32 Version: 22.0)
Mozilla Maintenance Service (x32 Version: 22.0)
MSVCRT (x32 Version: 14.0.1468.721)
MSXML 4.0 SP3 Parser (KB2721691) (x32 Version: 4.30.2114.0)
MSXML 4.0 SP3 Parser (KB2758694) (x32 Version: 4.30.2117.0)
MSXML 4.0 SP3 Parser (KB973685) (x32 Version: 4.30.2107.0)
MSXML 4.0 SP3 Parser (x32 Version: 4.30.2100.0)
PMB (x32 Version: 5.3.00.06040)
PMB VAIO Edition plug-in (Click to Disc) (Version: 3.3.00)
PMB VAIO Edition plug-in (Click to Disc) (x32 Version: 3.3.00)
PMB VAIO Edition plug-in (VAIO Movie Story) (Version: 2.3.00)
PMB VAIO Edition plug-in (VAIO Movie Story) (x32 Version: 2.3.00)
Ravensburger tiptoi (x32)
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0)
RealPlayer (x32)
Realtek HDMI Audio Driver for ATI (x32 Version: 6.0.1.6034)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6098)
RealUpgrade 1.1 (x32 Version: 1.1.0)
Remote Play mit PlayStation®3 (x32 Version: 1.0.2.06210)
Remote Play with PlayStation 3 (x32 Version: 1.0.2.06210)
Remote-Tastatur mit PlayStation 3 (x32 Version: 1.0.2.06170)
rosoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Sentinel HASP Vendor Library (x32 Version: 1.50.1.14055)
Skype™ 5.10 (x32 Version: 5.10.116)
SmartSound Quicktracks for Premiere Elements 8.0 (x32 Version: 3.11.3090)
Synaptics Pointing Device Driver (Version: 15.0.9.0)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1)
VAIO - Media Gallery (x32 Version: 1.3.0.06230)
VAIO - PMB VAIO Edition Guide (x32 Version: 1.5.00.03020)
VAIO - PMB VAIO Edition plug-in (Click to Disc) (x32 Version: 3.3.00.06180)
VAIO - PMB VAIO Edition plug-in (VAIO Image Optimizer) (x32 Version: 1.3.00.06110)
VAIO - PMB VAIO Edition plug-in (VAIO Movie Story) (x32 Version: 2.3.00.06180)
VAIO Care (x32 Version: 6.4.2.11150)
VAIO Control Center (x32 Version: 4.3.0.05310)
VAIO Data Restore Tool (x32 Version: 1.4.0.05240)
VAIO DVD Menu Data (x32 Version: 2.2.00.05120)
VAIO Gate (x32 Version: 2.2.0.06080)
VAIO Gate Default (x32 Version: 2.2.0.07020)
VAIO Hardware Diagnostics (x32 Version: 4.0.0.06230)
VAIO Media plus (Version: 2.1.0)
VAIO Media plus (x32 Version: 2.1.0.18210)
VAIO Media plus Opening Movie (x32 Version: 2.1.0.13220)
VAIO Movie Story Template Data (x32 Version: 2.3.00.06040)
VAIO Quick Web Access (x32 Version: 1.3.4.2)
VAIO Sample Contents (x32 Version: 1.3.0.06041)
VAIO screensaver (x32 Version: 1.0.0.0)
VAIO Smart Network (x32 Version: 3.3.1.08110)
VAIO Update (x32 Version: 6.1.1.10250)
VAIO-Handbuch (x32 Version: 1.1.0.05280)
VAIO-Support für Übertragungen (x32 Version: 1.2.0.06230)
Verbindungsassistent (x32 Version: 2.1)
VTech Download Agent Library (x32 Version: 1.00.0000)
VTech Download Manager (x32)
VU5x64 (Version: 1.1.0)
VU5x86 (x32 Version: 1.0.0)
VU5x86 (x32 Version: 1.1.0)
WIDCOMM Bluetooth Software (Version: 6.3.0.5600)
Windows Live Anmelde-Assistent (x32 Version: 5.000.818.5)
Windows Live Call (x32 Version: 14.0.8117.0416)
Windows Live Communications Platform (x32 Version: 14.0.8117.416)
Windows Live Essentials (x32 Version: 14.0.8117.0416)
Windows Live Essentials (x32 Version: 14.0.8117.416)
Windows Live Fotogalerie (x32 Version: 14.0.8117.416)
Windows Live Mail (x32 Version: 14.0.8117.0416)
Windows Live Messenger (x32 Version: 14.0.8117.0416)
Windows Live Sync (x32 Version: 14.0.8117.416)
Windows Live Writer (x32 Version: 14.0.8117.0416)
Windows Live-Uploadtool (x32 Version: 14.0.8014.1029)
Windows Mobile-Gerätecenter (Version: 6.1.6965.0)
Windows Mobile-Gerätecenter: Treiberupdate (Version: 6.1.6965.0)
ZoneAlarm Antivirus (x32 Version: 11.0.768.000)
ZoneAlarm Firewall (x32 Version: 11.0.768.000)
ZoneAlarm Free Antivirus + Firewall (x32 Version: 11.0.768.000)
ZoneAlarm Security (x32 Version: 11.0.768.000)
ZoneAlarm Security Toolbar (x32 Version: 1.8.21.15)
==================== Restore Points =========================
15-05-2013 10:11:07 Windows Update
18-05-2013 20:01:39 Windows Update
21-05-2013 20:25:07 Windows Update
25-05-2013 07:57:32 Windows Update
28-05-2013 17:38:43 Windows Update
01-06-2013 06:05:23 Windows Update
04-06-2013 19:02:01 Windows Update
07-06-2013 20:15:07 Windows Update
11-06-2013 07:02:36 Windows Update
12-06-2013 11:35:53 Windows Update
15-06-2013 19:35:59 Windows Update
20-06-2013 06:33:34 Windows Update
23-06-2013 08:04:03 Removed Java(TM) 6 Update 20
24-06-2013 20:18:53 Windows Update
29-06-2013 12:48:18 Windows Update
==================== Hosts content: ==========================
2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
Task: {025BA733-F222-4694-9CED-A324EEDD6EFE} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-07-19] (Adobe Systems Incorporated)
Task: {0885AE72-75F9-43DF-BDBD-589259EB1DF0} - System32\Tasks\SONY\VAIO Power Management\VPM Session Change => C:\Program Files\Sony\VAIO Power Management\SPMgr.exe [2010-06-21] (Sony Corporation)
Task: {103B60C3-D8A3-4BEB-9037-925A2A2AF263} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\System32\browserchoice.exe [2010-02-23] (Microsoft Corporation)
Task: {116A989E-8B6D-44F2-B835-91085E8DDE60} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-2543720412-3401914931-1110669274-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2011-09-27] (RealNetworks, Inc.)
Task: {15C2BA37-1546-45E1-A823-DCB117AFB4AE} - System32\Tasks\SONY\VAIO Power Management\VPM Unlock => C:\Program Files\Sony\VAIO Power Management\SPMgr.exe [2010-06-21] (Sony Corporation)
Task: {3D49D3E4-413D-4EB3-BEDD-12F74716C209} - System32\Tasks\SONY\VAIO Gate\StartExecuteProxy => C:\Program Files\Sony\VAIO Gate\ExecutionProxy.exe [2010-06-08] (Sony Corporation)
Task: {4DCF84FA-23B9-4F0B-BBD7-5E6B235494A5} - System32\Tasks\Sony Corporation\VAIO Update\VAIO Update => C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe [2012-10-26] (Sony Corporation)
Task: {50B4CC8A-9918-4DA9-9FC6-825633BC21CE} - System32\Tasks\Microsoft\Windows\WindowsBackup\Windows Backup Monitor => C:\Windows\system32\sdclt.exe [2009-07-14] (Microsoft Corporation)
Task: {55F972AD-B2C8-4B37-84F0-26ED9E6974EF} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\MpCmdRun.exe [2013-06-20] (Microsoft Corporation)
Task: {631487AC-3611-401D-BB7E-06E6D6E6E68E} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-2543720412-3401914931-1110669274-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2011-09-27] (RealNetworks, Inc.)
Task: {718CA5EF-5025-4873-9A4A-F1482051EDD4} - System32\Tasks\Sony Corporation\VAIO Care\VAIO Care => C:\Program Files\Sony\VAIO Care\VCsystray.exe [2011-02-16] (Sony Corporation)
Task: {98A14FD7-960E-431F-9DBA-498C5E112EC7} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => C:\Windows\system32\rundll32.exe [2009-07-14] (Microsoft Corporation)
Task: {99FA66A0-F744-4377-8CD7-C9EF2C3D2016} - System32\Tasks\SONY\VAIO Gate\VAIO Gate => C:\Program Files\Sony\VAIO Gate\VAIO Gate.exe [2010-06-08] (Sony Corporation)
Task: {9EC6B91C-4B6F-4981-BD86-F137041709B4} - System32\Tasks\Ovoquq => C:\Windows\system32\rundll32.exe [2009-07-14] (Microsoft Corporation)
Task: {A4505AFF-878F-4C97-A59F-254C66794343} - System32\Tasks\Sony Corporation\VAIO Care\VCOneClick => C:\Program Files\Sony\VAIO Care\VCOneClick.exe [2011-02-16] (Sony Corporation)
Task: {A5B7A4D3-48C9-4435-BCAF-DA2EE7848A30} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-07-29] (Google Inc.)
Task: {AE31F376-8A3F-4597-AD1C-D5CE26B921B2} - System32\Tasks\SONY\VAIO Power Management\VPM Logon Start => C:\Program Files\Sony\VAIO Power Management\SPMgr.exe [2010-06-21] (Sony Corporation)
Task: {B9DAA0EE-E094-4821-81A1-EE02053390D4} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-07-29] (Google Inc.)
Task: {C4BAEDB3-0B76-4051-9413-B60C8ABF1B13} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe [2010-08-04] (Microsoft Corporation)
Task: {D04F9636-7D65-4AAB-AD44-356BCF1430DE} - System32\Tasks\SONY\VAIO Wallpaper Setting Tool\VAIO Wallpaper Setting Tool => C:\Program Files (x86)\Sony\VAIO Wallpaper Setting Tool\VWSet.exe No File
Task: {DB8BCBD7-53AB-47C2-841D-BB3D4CE92F7A} - System32\Tasks\SONY\SUS-BCF\Level4Month => C:\Program Files (x86)\Sony\Setting Utility Series\WBCBatteryCare.exe [2010-05-31] (Sony Corporation)
Task: {DD529932-CF27-4DE8-8F28-F548B9E95C17} - System32\Tasks\SONY\Remote Keyboard with PlayStation 3\Remote Keyboard with PlayStation 3 => C:\Program Files\Sony\Remote Keyboard with PlayStation 3\VBTKBUtil.exe [2010-06-17] (Sony Corporation)
Task: {E40BAD4A-5293-4C99-B2DB-6FB60A0193DA} - System32\Tasks\Sony Corporation\VAIO Update\VAIO Update Self Repair => C:\Program Files\Sony\VAIO Update\VUSR.exe [2012-10-26] (Sony Corporation)
Task: {EC9B56C2-5659-45AE-912D-41969BB0862C} - System32\Tasks\SONY\SUS-BCF\Level4Daily => C:\Program Files (x86)\Sony\Setting Utility Series\WBCBatteryCare.exe [2010-05-31] (Sony Corporation)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\Ovoquq.job => C:\Windows\system32\rundll32.exe
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (07/28/2013 07:00:01 PM) (Source: Windows Backup) (User: )
Description: Die Sicherung wurde aufgrund eines Fehlers beim Schreiben am Sicherungsspeicherort "F:\" nicht abgeschlossen. Fehler: "Der Sicherungsort wurde nicht gefunden oder ist ungültig. Überprüfen Sie die Sicherungseinstellungen und den Sicherungsort. (0x81000006)"
Error: (07/28/2013 06:25:01 PM) (Source: RasClient) (User: )
Description: CoID={A9957620-40E8-40E6-B032-FC1513D5023B}: Der Benutzer "Sony-VAIO\Sony" hat eine Verbindung mit dem Namen "Verbindungsassistent" gewählt, die Verbindung konnte jedoch nicht hergestellt werden. Der durch den Fehler zurückgegebene Ursachencode lautet: 797.
Error: (07/28/2013 06:24:36 PM) (Source: RasClient) (User: )
Description: CoID={A0F63192-2212-4E3C-B1A2-9766E3F588DC}: Der Benutzer "Sony-VAIO\Sony" hat eine Verbindung mit dem Namen "Verbindungsassistent" gewählt, die Verbindung konnte jedoch nicht hergestellt werden. Der durch den Fehler zurückgegebene Ursachencode lautet: 797.
Error: (07/28/2013 04:35:17 PM) (Source: Iminent) (User: )
Description: Unexpected exception.
System.Reflection.TargetInvocationException: Ein Aufrufziel hat einen Ausnahmefehler verursacht. ---> System.NullReferenceException: Der Objektverweis wurde nicht auf eine Objektinstanz festgelegt.
bei Iminent.Mediator.Server.ApplicationService.<>c__DisplayClassa.<WarmUp>b__9(Composite composite)
--- Ende der internen Ausnahmestapelüberwachung ---
bei System.RuntimeMethodHandle._InvokeMethodFast(IRuntimeMethodInfo method, Object target, Object[] arguments, SignatureStruct& sig, MethodAttributes methodAttributes, RuntimeType typeOwner)
bei System.RuntimeMethodHandle.InvokeMethodFast(IRuntimeMethodInfo method, Object target, Object[] arguments, Signature sig, MethodAttributes methodAttributes, RuntimeType typeOwner)
bei System.Reflection.RuntimeMethodInfo.Invoke(Object obj, BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture, Boolean skipVisibilityChecks)
bei System.Delegate.DynamicInvokeImpl(Object[] args)
bei System.Windows.Threading.ExceptionWrapper.InternalRealCall(Delegate callback, Object args, Int32 numArgs)
bei MS.Internal.Threading.ExceptionFilterHelper.TryCatchWhen(Object source, Delegate method, Object args, Int32 numArgs, Delegate catchHandler)
Error: (07/28/2013 01:29:23 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest2" in Zeile C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.
Error: (07/28/2013 09:08:37 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest2" in Zeile C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.
Error: (07/28/2013 07:10:58 AM) (Source: Customer Experience Improvement Program) (User: )
Description: 80004005
Error: (07/27/2013 11:00:01 AM) (Source: Customer Experience Improvement Program) (User: )
Description: 80004005
Error: (07/27/2013 10:15:14 AM) (Source: Customer Experience Improvement Program) (User: )
Description: 80004005
Error: (07/27/2013 08:14:25 AM) (Source: Application Virtualization Client) (User: )
Description: {hap=14:app=Microsoft Word Starter 2010 9014006604070000:tid=119C:usr=Sony}
Der Client konnte keine Verbindung mit Application Virtualization Server herstellen (Rückgabecode 00000729-00000020).
System errors:
=============
Error: (07/27/2013 09:08:35 AM) (Source: Disk) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
Error: (07/27/2013 09:08:33 AM) (Source: Disk) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
Error: (07/26/2013 08:46:38 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "TrueVector Internet Monitor" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
Error: (07/25/2013 08:32:20 AM) (Source: WMPNetworkSvc) (User: )
Description: WMPNetworkSvc0x80004005
Error: (07/20/2013 07:35:33 PM) (Source: EventLog) (User: )
Description: Das System wurde zuvor am 20.07.2013 um 19:33:04 unerwartet heruntergefahren.
Error: (07/18/2013 08:27:22 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "VAIO Care Performance Service" wurde nicht richtig gestartet.
Error: (07/13/2013 00:39:50 PM) (Source: DCOM) (User: )
Description: {4EB61BAC-A3B6-4760-9581-655041EF4D69}
Error: (07/13/2013 10:56:09 AM) (Source: Service Control Manager) (User: )
Description: Dienst "Google Update Service (gupdate)" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (07/12/2013 08:32:01 AM) (Source: WMPNetworkSvc) (User: )
Description: WMPNetworkSvc0x80004005
Error: (07/11/2013 05:48:30 PM) (Source: EventLog) (User: )
Description: Das System wurde zuvor am 11.07.2013 um 12:55:13 unerwartet heruntergefahren.
Microsoft Office Sessions:
=========================
Error: (07/28/2013 07:00:01 PM) (Source: Windows Backup)(User: )
Description: F:\Der Sicherungsort wurde nicht gefunden oder ist ungültig. Überprüfen Sie die Sicherungseinstellungen und den Sicherungsort. (0x81000006)
Error: (07/28/2013 06:25:01 PM) (Source: RasClient)(User: )
Description: {A9957620-40E8-40E6-B032-FC1513D5023B}Sony-VAIO\SonyVerbindungsassistent797
Error: (07/28/2013 06:24:36 PM) (Source: RasClient)(User: )
Description: {A0F63192-2212-4E3C-B1A2-9766E3F588DC}Sony-VAIO\SonyVerbindungsassistent797
Error: (07/28/2013 04:35:17 PM) (Source: Iminent)(User: )
Description: Unexpected exception.
System.Reflection.TargetInvocationException: Ein Aufrufziel hat einen Ausnahmefehler verursacht. ---> System.NullReferenceException: Der Objektverweis wurde nicht auf eine Objektinstanz festgelegt.
bei Iminent.Mediator.Server.ApplicationService.<>c__DisplayClassa.<WarmUp>b__9(Composite composite)
--- Ende der internen Ausnahmestapelüberwachung ---
bei System.RuntimeMethodHandle._InvokeMethodFast(IRuntimeMethodInfo method, Object target, Object[] arguments, SignatureStruct& sig, MethodAttributes methodAttributes, RuntimeType typeOwner)
bei System.RuntimeMethodHandle.InvokeMethodFast(IRuntimeMethodInfo method, Object target, Object[] arguments, Signature sig, MethodAttributes methodAttributes, RuntimeType typeOwner)
bei System.Reflection.RuntimeMethodInfo.Invoke(Object obj, BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture, Boolean skipVisibilityChecks)
bei System.Delegate.DynamicInvokeImpl(Object[] args)
bei System.Windows.Threading.ExceptionWrapper.InternalRealCall(Delegate callback, Object args, Int32 numArgs)
bei MS.Internal.Threading.ExceptionFilterHelper.TryCatchWhen(Object source, Delegate method, Object args, Int32 numArgs, Delegate catchHandler)
Error: (07/28/2013 01:29:23 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifestC:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifestD:\Downloads\SoftonicDownloader_fuer_format-factory.exe
Error: (07/28/2013 09:08:37 AM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifestC:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifestc:\Users\Sony\downloads\SoftonicDownloader_fuer_format-factory.exe
Error: (07/28/2013 07:10:58 AM) (Source: Customer Experience Improvement Program)(User: )
Description: 80004005
Error: (07/27/2013 11:00:01 AM) (Source: Customer Experience Improvement Program)(User: )
Description: 80004005
Error: (07/27/2013 10:15:14 AM) (Source: Customer Experience Improvement Program)(User: )
Description: 80004005
Error: (07/27/2013 08:14:25 AM) (Source: Application Virtualization Client)(User: )
Description: {hap=14:app=Microsoft Word Starter 2010 9014006604070000:tid=119C:usr=Sony}
00000729-00000020
==================== Memory info ===========================
Percentage of memory in use: 55%
Total physical RAM: 3950.1 MB
Available physical RAM: 1751.75 MB
Total Pagefile: 7898.33 MB
Available Pagefile: 4725.04 MB
Total Virtual: 8192 MB
Available Virtual: 8191.79 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:452.32 GB) (Free:378.36 GB) NTFS (Disk=0 Partition=3)
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: AA1C306D)
Partition 1: (Not Active) - (Size=13 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=452 GB) - (Type=07 NTFS)
==================== End Of Log ============================
|
|
29.07.2013, 07:51
| #4 | |
| /// the machine /// TB-Ausbilder | Google Redirect VirusCombofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!Downloade dir bitte Combofix vom folgenden Downloadspiegel Link 1 WICHTIG - Speichere Combofix auf deinem Desktop
Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort. Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten Zitat:
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
29.07.2013, 09:58
| #5 |
| | Google Redirect Virus Hallo schrauber, ich habe die combofix.exe nun ausgeführt. Vorweg: Es gab Probleme mit der Deaktivierung der Virenscanner, ich hoffe das dies das Ergebnis nicht beeinträchtigt hat. Andernfalls kann ich die Virenscanner zur Not auch deinstallieren und combofix nochmal anwerfen, sofern das sinnvoll ist? Hier erstmal das Log: Code:
ATTFilter ComboFix 13-07-27.01 - Sony 29.07.2013 9:58.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.49.1031.18.3950.2329 [GMT 2:00]
ausgeführt von:: c:\users\Sony\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Enabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: Microsoft Security Essentials *Enabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Sony\4.0
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-06-28 bis 2013-07-29 ))))))))))))))))))))))))))))))
.
.
2013-07-29 08:42 . 2013-07-29 08:42 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2013-07-29 08:42 . 2013-07-29 08:42 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-07-26 18:46 . 2012-11-15 19:06 458584 ----a-w- c:\windows\system32\drivers\kl1.sys
2013-07-26 18:45 . 2013-02-21 12:44 89944 ----a-w- c:\windows\system32\drivers\klflt.sys
2013-07-26 18:45 . 2013-02-21 12:44 613720 ----a-w- c:\windows\system32\drivers\klif.sys
2013-07-26 18:45 . 2013-07-26 18:46 -------- dc----w- c:\windows\system32\DRVSTORE
2013-07-26 18:41 . 2013-07-26 18:41 -------- d-----w- c:\program files (x86)\Check Point Software Technologies LTD
2013-07-26 18:41 . 2013-07-26 18:41 -------- d-----w- c:\users\Sony\AppData\Roaming\Check Point Software Technologies LTD
2013-07-26 18:40 . 2013-07-26 18:44 -------- d-----w- c:\program files (x86)\CheckPoint
2013-07-26 18:39 . 2013-07-26 18:39 -------- d-----w- c:\programdata\CheckPoint
2013-07-26 16:32 . 2013-07-26 16:32 -------- d-----w- c:\users\Sony\.tfo4
2013-07-19 06:48 . 2013-07-19 06:48 -------- d-----w- c:\users\Sony\AppData\Local\Macromedia
2013-07-19 06:48 . 2013-07-19 06:48 -------- d-----w- c:\programdata\McAfee Security Scan
2013-07-19 06:48 . 2013-07-19 07:29 -------- d-----w- c:\program files (x86)\McAfee Security Scan
2013-07-18 18:28 . 2013-07-18 18:28 -------- d-----w- c:\users\Sony\AppData\Local\Mozilla
2013-07-18 18:27 . 2013-07-18 18:27 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2013-07-18 18:24 . 2013-07-18 18:24 -------- d-----w- c:\users\Sony\AppData\Roaming\Avira
2013-07-18 18:23 . 2013-07-18 18:23 83672 ----a-w- c:\windows\system32\drivers\avnetflt.sys
2013-07-18 18:18 . 2013-07-18 18:18 -------- d-----w- c:\users\Sony\AppData\Local\AskPartnerNetwork
2013-07-18 18:17 . 2013-07-18 18:17 -------- d-----w- c:\programdata\AskPartnerNetwork
2013-07-18 18:17 . 2013-07-18 18:17 -------- d-----w- c:\program files (x86)\AskPartnerNetwork
2013-07-18 18:16 . 2013-07-18 18:16 -------- d-----w- c:\programdata\APN
2013-07-18 18:15 . 2013-07-18 18:14 28600 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2013-07-18 18:15 . 2013-07-18 18:14 130016 ----a-w- c:\windows\system32\drivers\avipbb.sys
2013-07-18 18:15 . 2013-07-18 18:14 100712 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2013-07-18 18:15 . 2013-07-26 19:37 -------- d-----w- c:\programdata\Avira
2013-07-18 18:15 . 2013-07-18 18:15 -------- d-----w- c:\program files (x86)\Avira
2013-07-16 07:54 . 2013-07-16 07:54 -------- d-----w- c:\users\Sony\AppData\Roaming\QuickScan
2013-06-30 15:32 . 2013-06-30 15:32 233472 --sha-r- c:\windows\SysWow64\KBDVNTCU.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-07-19 06:47 . 2012-04-07 06:00 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-07-19 06:47 . 2012-02-24 20:02 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-23 22:57 . 2011-04-30 07:38 78277128 ----a-w- c:\windows\system32\MRT.exe
2013-06-23 08:05 . 2013-06-23 08:05 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-06-23 08:05 . 2013-06-23 08:05 867240 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2013-06-23 08:05 . 2010-07-29 11:47 789416 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-06-13 14:34 . 2013-06-13 14:34 451096 ----a-w- c:\windows\system32\drivers\vsdatant.sys
2013-05-02 15:29 . 2011-04-16 06:54 278800 ------w- c:\windows\system32\MpSigStub.exe
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{41564952-412D-5637-00A7-7A786E7484D7}]
2013-07-26 20:30 12240 ----a-w- c:\program files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{41564952-412D-5637-00A7-7A786E7484D7}"= "c:\program files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll" [2013-07-26 12240]
.
[HKEY_CLASSES_ROOT\clsid\{41564952-412d-5637-00a7-7a786e7484d7}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-07-29 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-03-04 284696]
"ISBMgr.exe"="c:\program files (x86)\Sony\ISB Utility\ISBMgr.exe" [2010-05-31 673136]
"PMBVolumeWatcher"="c:\program files (x86)\Sony\PMB\PMBVolumeWatcher.exe" [2010-06-01 600928]
"TkBellExe"="c:\program files (x86)\Real\RealPlayer\update\realsched.exe" [2011-10-29 273528]
"Iminent"="c:\program files (x86)\Iminent\Iminent.exe" [2012-12-12 1074376]
"IminentMessenger"="c:\program files (x86)\Iminent\Iminent.Messengers.exe" [2012-12-12 884936]
"AgentMonitor"="c:\program files (x86)\VTech\DownloadManager\System\AgentMonitor.exe" [2012-11-05 377800]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-09-20 102400]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2013-07-18 345144]
"ApnTBMon"="c:\program files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe" [2013-07-26 1558480]
"ZoneAlarm"="c:\program files (x86)\CheckPoint\ZoneAlarm\zatray.exe" [2013-06-19 73832]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2010-6-8 1128224]
Control Center.lnk - c:\program files (x86)\funkwerk WIN-Tools\Eumex 401 WIN-Tools V2.00\ControlCenter.exe [2008-8-25 225280]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;c:\program files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe;c:\program files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [x]
R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys;c:\windows\SYSNATIVE\drivers\Impcd.sys [x]
R3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe;c:\program files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe [x]
R3 SOHCImp;VAIO Media plus Content Importer;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [x]
R3 SOHDms;VAIO Media plus Digital Media Server;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [x]
R3 SOHDs;VAIO Media plus Device Searcher;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [x]
R3 SpfService;VAIO Entertainment Common Service;c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe;c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe [x]
R3 VCFw;VAIO Content Folder Watcher;c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe;c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [x]
R3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [x]
R3 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;c:\program files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe;c:\program files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [x]
R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 AntiVirWebService;Avira Browser-Schutz;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S2 aksdf;aksdf;c:\windows\system32\drivers\aksdf.sys;c:\windows\SYSNATIVE\drivers\aksdf.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
S2 APNMCP;Ask Aktualisierungsdienst;c:\program files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe;c:\program files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 DevoloNetworkService;devolo Network Service;c:\program files (x86)\devolo\dlan\devolonetsvc.exe;c:\program files (x86)\devolo\dlan\devolonetsvc.exe [x]
S2 hasplms;Sentinel Local License Manager;c:\windows\system32\hasplms.exe -run;c:\windows\SYSNATIVE\hasplms.exe -run [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 NPF_devolo;NetGroup Packet Filter Driver (devolo);c:\windows\sysWOW64\drivers\npf_devolo.sys;c:\windows\sysWOW64\drivers\npf_devolo.sys [x]
S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe;c:\program files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [x]
S2 rimspci;rimspci;c:\windows\system32\drivers\rimssne64.sys;c:\windows\SYSNATIVE\drivers\rimssne64.sys [x]
S2 risdsnpe;risdsnpe;c:\windows\system32\drivers\risdsne64.sys;c:\windows\SYSNATIVE\drivers\risdsne64.sys [x]
S2 SampleCollector;VAIO Care Performance Service;c:\program files\Sony\VAIO Care\VCPerfService.exe;c:\program files\Sony\VAIO Care\VCPerfService.exe [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
S2 SProtection;SProtection;c:\program files (x86)\Common Files\Umbrella\Umbrella.exe;c:\program files (x86)\Common Files\Umbrella\Umbrella.exe [x]
S2 uCamMonitor;CamMonitor;c:\program files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe;c:\program files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [x]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S2 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe;c:\program files\Sony\VAIO Power Management\SPMService.exe [x]
S2 VSNService;VSNService;c:\program files\Sony\VAIO Smart Network\VSNService.exe;c:\program files\Sony\VAIO Smart Network\VSNService.exe [x]
S2 WTGService;WTGService;c:\program files (x86)\Verbindungsassistent\WTGService.exe;c:\program files (x86)\Verbindungsassistent\WTGService.exe [x]
S2 ZAPrivacyService;ZoneAlarm Privacy Service;c:\program files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe;c:\program files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe [x]
S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys;c:\windows\SYSNATIVE\DRIVERS\ArcSoftKsUFilter.sys [x]
S3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys;c:\windows\SYSNATIVE\drivers\btwampfl.sys [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\drivers\HECIx64.sys;c:\windows\SYSNATIVE\drivers\HECIx64.sys [x]
S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\drivers\SFEP.sys;c:\windows\SYSNATIVE\drivers\SFEP.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
S3 VCService;VCService;c:\program files\Sony\VAIO Care\VCService.exe;c:\program files\Sony\VAIO Care\VCService.exe [x]
S3 VUAgent;VUAgent;c:\program files\Sony\VAIO Update\VUAgent.exe;c:\program files\Sony\VAIO Update\VUAgent.exe [x]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys;c:\windows\SYSNATIVE\DRIVERS\yk62x64.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*Deregistered* - NisDrv
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-07-13 10:40 1173456 ----a-w- c:\program files (x86)\Google\Chrome\Application\28.0.1500.72\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2013-07-29 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-07 06:47]
.
2013-07-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-29 11:31]
.
2013-07-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-29 11:31]
.
2013-07-29 c:\windows\Tasks\Ovoquq.job
- c:\windows\system32\rundll32.exe [2009-07-13 01:14]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-05-31 10775584]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2010-05-31 2040352]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 660360]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://search.zonealarm.com/?src=hp&tbid=goughDev3&Lan=de&gu=88a3cebac53d4b5c934b50787c49ae65&tu=10G9z009E1B0CO0&sku=&tstsId=&ver=&
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
IE: Add to &Evernote - c:\program files (x86)\Evernote\Evernote3.5\enbar.dll/2000
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
LSP: c:\program files (x86)\Avira\AntiVir Desktop\avsda.dll
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Sony\AppData\Roaming\Mozilla\Firefox\Profiles\wb55tb9o.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de
FF - ExtSQL: 2013-07-26 20:54; ffxtlbr@zonealarm.com; c:\users\Sony\AppData\Roaming\Mozilla\Firefox\Profiles\wb55tb9o.default\extensions\ffxtlbr@zonealarm.com
FF - user.js: extensions.zonealarm.hpOld0 -
FF - user.js: extensions.zonealarm.tlbrSrchUrl - hxxp://search.zonealarm.com/search?src=tb&tbid=goughDev3&Lan={dfltLng}&gu=88a3cebac53d4b5c934b50787c49ae65&tu=10G9z009E1B0CO0&sku=&tstsId=&ver=&&q=
FF - user.js: extensions.zonealarm.id - 5470724a0000000000004a0f6ee248c3
FF - user.js: extensions.zonealarm.appId - {C56C48A0-DA4E-46F6-9859-1553DC865F84}
FF - user.js: extensions.zonealarm.instlDay - 15912
FF - user.js: extensions.zonealarm.vrsn - 1.8.21.15
FF - user.js: extensions.zonealarm.vrsni - 1.8.21.15
FF - user.js: extensions.zonealarm.vrsnTs - 1.8.21.1520:41
FF - user.js: extensions.zonealarm.prtnrId - checkpoint
FF - user.js: extensions.zonealarm.prdct - zonealarm
FF - user.js: extensions.zonealarm.aflt - 1001
FF - user.js: extensions.zonealarm.smplGrp - none
FF - user.js: extensions.zonealarm.tlbrId - goughDev3
FF - user.js: extensions.zonealarm.instlRef - ZLN119062920362394-1001
FF - user.js: extensions.zonealarm.dfltLng - de
FF - user.js: extensions.zonealarm.excTlbr - false
FF - user.js: extensions.zonealarm.ffxUnstlRst - false
FF - user.js: extensions.zonealarm.admin - false
FF - user.js: extensions.zonealarm.autoRvrt - false
FF - user.js: extensions.zonealarm.rvrt - true
FF - user.js: extensions.zonealarm.hmpg - true
FF - user.js: extensions.zonealarm.hmpgUrl - hxxp://search.zonealarm.com/?src=hp&tbid=goughDev3&Lan=de&gu=88a3cebac53d4b5c934b50787c49ae65&tu=10G9z009E1B0CO0&sku=&tstsId=&ver=&
FF - user.js: extensions.zonealarm.newTab - true
FF - user.js: extensions.zonealarm.newTabUrl - hxxp://search.zonealarm.com/?src=nt&tbid=goughDev3&Lan=de&gu=88a3cebac53d4b5c934b50787c49ae65&tu=10G9z009E1B0CO0&sku=&tstsId=&ver=&
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
WebBrowser-{41564952-412D-5637-00A7-7A786E7484D7} - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SampleCollector]
"ImagePath"="\"c:\program files\Sony\VAIO Care\VCPerfService.exe\" \"/service\" \"/sstates\" \"/sampleinterval=5000\" \"/procinterval=5\" \"/dllinterval=120\" \"/counter=\Processor(_Total)\% Processor Time:1/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:1\" \"/counter=\Network Interface(*)\Bytes Total/sec:1\" \"/expandcounter=\Processor Information(*)\Processor Frequency:1\" \"/expandcounter=\Processor(*)\% Idle Time:1\" \"/expandcounter=\Processor(*)\% C1 Time:1\" \"/expandcounter=\Processor(*)\% C2 Time:1\" \"/expandcounter=\Processor(*)\% C3 Time:1\" \"/expandcounter=\Processor(*)\% Processor Time:1\" \"/directory=c:\programdata\Sony Corporation\VAIO Care\inteldata\""
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-07-29 10:44:24
ComboFix-quarantined-files.txt 2013-07-29 08:44
.
Vor Suchlauf: 14 Verzeichnis(se), 420.199.088.128 Bytes frei
Nach Suchlauf: 20 Verzeichnis(se), 420.069.994.496 Bytes frei
.
- - End Of File - - 00F5055C67EB8A4AE6D1C8BA3E10511E
D41D8CD98F00B204E9800998ECF8427E
|
|
29.07.2013, 11:04
| #6 |
| /// the machine /// TB-Ausbilder | Google Redirect Virus Downloade Dir bitte  Malwarebytes Anti-Malware
Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ --> Google Redirect Virus |
|
29.07.2013, 18:38
| #7 |
| | Google Redirect Virus Hi schrauber, hier die Ergebnisse - Malwarebytes 17 Funde - alle entfernt: Code:
ATTFilter Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2013.07.29.05 Windows 7 x64 NTFS Internet Explorer 8.0.7600.16385 Sony :: SONY-VAIO [Administrator] 29.07.2013 18:42:39 mbam-log-2013-07-29 (18-42-39).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 224336 Laufzeit: 6 Minute(n), 23 Sekunde(n) Infizierte Speicherprozesse: 2 C:\Program Files (x86)\Common Files\Umbrella\Umbrella.exe (PUP.Optional.Iminent.A) -> 3288 -> Löschen bei Neustart. C:\Program Files (x86)\Iminent\Iminent.Messengers.exe (PUP.Optional.Iminent.A) -> 2360 -> Löschen bei Neustart. Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 1 HKLM\SYSTEM\CurrentControlSet\Services\SProtection (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Registrierungswerte: 3 HKLM\SYSTEM\CurrentControlSet\Services\SProtection|ImagePath (PUP.Optional.Iminent.A) -> Daten: C:\Program Files (x86)\Common Files\Umbrella\Umbrella.exe -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\Software\Microsoft\Windows\CurrentVersion\Run|Iminent (PUP.Optional.Iminent.A) -> Daten: C:\Program Files (x86)\Iminent\Iminent.exe /warmup "F77F87E5-A6BD-4922-A530-EDF63D7E9F8C" -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\Software\Microsoft\Windows\CurrentVersion\Run|IminentMessenger (PUP.Optional.Iminent.A) -> Daten: C:\Program Files (x86)\Iminent\Iminent.Messengers.exe -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 6 C:\ProgramData\Iminent\Mediator (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\Iminent\Mediator\Datas (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\Iminent\Mediator\Datas\Cache (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\Iminent\Mediator\Datas\Cache\apix.iminent.com (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Sony\AppData\Roaming\Iminent\Mediator (PUP.Optional.Iminent.A) -> Löschen bei Neustart. C:\Users\Sony\AppData\Roaming\Iminent\Mediator\Datas (PUP.Optional.Iminent.A) -> Löschen bei Neustart. Infizierte Dateien: 5 C:\Program Files (x86)\Common Files\Umbrella\Umbrella.exe (PUP.Optional.Iminent.A) -> Löschen bei Neustart. C:\Program Files (x86)\Iminent\Iminent.Messengers.exe (PUP.Optional.Iminent.A) -> Löschen bei Neustart. C:\ProgramData\Iminent\Mediator\Datas\Cache\apix.iminent.com\1031.11575f00-7bdc-4181-ba0a-b298aeab228c.dat (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Sony\AppData\Roaming\Iminent\Mediator\Datas\globalcache.dat (PUP.Optional.Iminent.A) -> Löschen bei Neustart. C:\Users\Sony\AppData\Roaming\Iminent\Mediator\Datas\user.dat (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Code:
ATTFilter # AdwCleaner v2.306 - Datei am 29/07/2013 um 19:14:54 erstellt
# Aktualisiert am 19/07/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium (64 bits)
# Benutzer : Sony - SONY-VAIO
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Sony\Desktop\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
Gestoppt & Gelöscht : SProtection
***** [Dateien / Ordner] *****
Datei Gelöscht : C:\Users\Sony\AppData\Roaming\Mozilla\Firefox\Profiles\wb55tb9o.default\searchplugins\zonealarm.xml
Ordner Gelöscht : C:\Program Files (x86)\Common Files\Umbrella
Ordner Gelöscht : C:\Program Files (x86)\Iminent
Ordner Gelöscht : C:\ProgramData\APN
Ordner Gelöscht : C:\ProgramData\Ask
Ordner Gelöscht : C:\ProgramData\Iminent
Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Iminent
Ordner Gelöscht : C:\ProgramData\Partner
Ordner Gelöscht : C:\Users\Sony\AppData\Local\PackageAware
Ordner Gelöscht : C:\Users\Sony\AppData\Local\Temp\APN
Ordner Gelöscht : C:\Users\Sony\AppData\Roaming\Iminent
Ordner Gelöscht : C:\Windows\Installer\{58BC9E49-2867-4153-A23F-6D62A3572599}
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKCU\Software\Iminent
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\YahooPartnerToolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{01994268-3C10-4044-A1EA-7A9C1B739A11}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\Iminent.WebBooster.InternetExplorer.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\escort.escortIEPane
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Iminent
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Iminent.Business.Tinyfying.DownloadArgs
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Iminent.Business.Tinyfying.LinkToPromoteArgs
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Iminent.Business.Tinyfying.RawDataArgs
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Iminent.Business.Tinyfying.TinyUrlArgs
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Iminent.Business.Tinyfying.ViralLinkArgs
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.ClientCallback
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.ContractBase
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.AddToUserContentCommand
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.CheckLoginStatusCommand
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.CleanCacheCommand
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.GameOverCallback
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.GetCreditCommand
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.GetInstallationContextCommand
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.GetLoginStatusCommand
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.GetLoginStatusResult
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.GetVariableCommand
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.GetVariableResult
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.InstallationContextResult
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.LoadContentCommand
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.LoadContentCommandResult
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.LoginCommand
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.LoginStatusChangedCallback
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.LogoutCommand
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.MergeIdentityCommand
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.MyAccountCommand
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.PlayContentCommand
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.PostContentCallback
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.RecycleViewsCommand
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.SetVariableCommand
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.ShowBrowserWindowCommand
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.ShowControlCenterCommand
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.ShowPluginWindowCommand
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.TestContentCommand
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.UserContentChangedCallback
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.VariableChangedCallback
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.WarmUpCommand
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.WelcomeCommand
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.ServerCommand
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.ServerResult
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Iminent.Mediator.LightContent
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Iminent.Mediator.LightUri
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Iminent.Mediator.MediatorServiceProxy
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\IminentWebBooster.ActiveContentHandle.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\IminentWebBooster.ActiveContentHandler
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\IminentWebBooster.BrowserHelperObject
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\IminentWebBooster.BrowserHelperObject.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\IminentWebBooster.ScriptExtender
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\IminentWebBooster.ScriptExtender.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\IminentWebBooster.TinyUrlHandler
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\IminentWebBooster.TinyUrlHandler.1
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Features\94E9CB85768235142AF3D6263A755299
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Products\94E9CB85768235142AF3D6263A755299
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ScriptHost.Tool
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ScriptHost.Tool.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{212C2C4F-C845-4FBC-9561-C833A13D8DCE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{3C5D1D57-16C8-473C-A552-37B8D88596FE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{4A115D8A-6A7B-4C72-92B1-2E2D01F36979}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{99DF8440-814E-497F-BDDD-FB93E9E9DF96}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{A9CAF365-EA35-45DA-BD8B-2EFA09D374AC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}
Schlüssel Gelöscht : HKLM\Software\DeviceVM
Schlüssel Gelöscht : HKLM\Software\Iminent
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASMANCS
Schlüssel Gelöscht : HKLM\Software\Umbrella
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{01A602A0-D0B9-445B-8081-719E4177C4A7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{02C9C7B0-C7C8-4AAC-A9E4-55295BF60F8F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{0398B101-6DA7-473F-A290-17D2FBC88CC0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{0CC36196-8589-4B80-A771-D659411D7F90}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{143D96F9-EB64-48B3-B192-91C2C41A1F43}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{14F7D91F-F669-45C9-9F42-BACBFDB86EAD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{187A6488-6E71-4A2A-B118-7BEFBFE58257}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{19D2F415-D58B-46BC-9390-C03DCBC21EB2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{26C9BBE4-6D45-4AB6-A5B4-E068C9F5EF6D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{2D065204-A024-4C39-8A38-EE7078EC7ACF}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{30F5476C-677B-4DB0-B397-51F5BFD86840}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3223F2FB-D9B9-45FC-9D66-CD717FFA4EE5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{351798B1-C1D2-45AB-92B4-4D6C2D6AB5AF}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3AEA1BEF-6195-46F4-ACA2-0ED14F7EFA1B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3D7F9AC3-BAC3-4E51-81D7-D121D79E550A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{4498C5E9-93C6-4142-B6BE-F0C6DC48B77A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{479BF2D6-E362-4A99-B1AB-BC764D7B97AE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{492A108F-51D0-4BD8-899D-AD4AB2893064}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{4B6D6E60-FBD2-4E79-BF4B-886BC98F1797}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{5C176BA0-6FC0-4EBD-8ACF-24AC592506B6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{60893E02-2E5B-43F9-A93A-BAD60C2DF6EF}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{6D39931F-451E-4BDD-BAF4-37FB96DBBA5D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{6E45F3E8-2683-4824-A6BE-08108022FB36}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{76C684D2-C35D-4284-976A-D862F53ADB81}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{796D822A-C3F9-4A97-BAAB-42FE7628EA63}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{79EF3691-EC1A-4705-A01A-D2E36EC11758}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{82F41418-8E64-47EB-A7F1-4702A974D289}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{85D920CE-63A7-46DC-8992-41D1D2E07FAD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{895ED5E8-ABB4-40C3-A0CA-2571964268E2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{8AAC123A-1959-4A45-BFC5-E2D50783098A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{9F0F16DD-4E76-4049-A9B1-7A91E48F0323}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A07956CD-81F8-4A03-B524-5D87E690DC83}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B5E3B26B-6E5C-4865-A63D-58D04B10E245}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B84D2DC5-42B2-4E5E-BF61-7B48152FF8EF}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B89D5309-0367-4494-A92F-3D4C94F88307}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{C014EBF8-8854-448B-B5A4-557C4090EDCE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{C31191DB-2F64-464C-B97C-6AC81ACB7AAC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{C342C7A7-F622-4EF3-8B7F-ABB9FBE73F14}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{C4765B07-BC2F-477B-925C-B2BF24887823}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{C875C0A1-09E3-48D5-9F8E-BD337796FD14}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CD126DA6-FF5B-4181-AC13-54A62240D2FA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D8F01233-2DE6-4EE7-8988-37263F00651B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DD438708-AAB4-422D-A322-B619589F5680}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E812AE43-7799-4E67-8CF8-4104297A2D16}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F0BAAEC7-9AE0-49FF-9C4B-86E774FF397F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F4288797-CB12-49CE-9DF8-7CDFA1143BEA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F92193FD-2243-4401-9ACC-49FF30885898}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FD21B8A2-910B-45AC-9C10-45E6A8B84984}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{7D86A08B-0A8F-4BE0-B693-F05E6947E780}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{ACA608DB-A210-4253-B799-3FD24E9A7BF5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C58D664A-3DBC-4925-AE74-0382007DF113}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C776D7F4-BA85-4B75-AAFC-3A0A11FE6E36}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0AF350D9-3916-454B-AC53-0B0B65F41301}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{83CAD530-387D-40FD-82EA-B9E863D92A9B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{58BC9E49-2867-4153-A23F-6D62A3572599}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\IMBoosterARP
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{ACA608DB-A210-4253-B799-3FD24E9A7BF5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C58D664A-3DBC-4925-AE74-0382007DF113}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C776D7F4-BA85-4B75-AAFC-3A0A11FE6E36}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
***** [Internet Browser] *****
-\\ Internet Explorer v8.0.7600.17267
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v22.0 (de)
Datei : C:\Users\Sony\AppData\Roaming\Mozilla\Firefox\Profiles\wb55tb9o.default\prefs.js
C:\Users\Sony\AppData\Roaming\Mozilla\Firefox\Profiles\wb55tb9o.default\user.js ... Gelöscht !
Gelöscht : user_pref("browser.search.order.1", "Ask.com");
-\\ Google Chrome v28.0.1500.72
Datei : C:\Users\Sony\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] Die Datei ist sauber.
*************************
AdwCleaner[S1].txt - [25281 octets] - [29/07/2013 19:14:54]
########## EOF - C:\AdwCleaner[S1].txt - [25342 octets] ##########
Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.2.7 (07.29.2013:1)
OS: Windows 7 Home Premium x64
Ran by Sony on 29.07.2013 at 19:19:49,43
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{DCF6A7EE-08F2-45F4-B7CE-013965687E94}
~~~ Files
~~~ Folders
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 29.07.2013 at 19:30:06,21
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 28-07-2013
Ran by Sony (administrator) on 29-07-2013 19:35:56
Running from C:\Users\Sony\Desktop
Windows 7 Home Premium (X64) OS Language: German Standard
Internet Explorer Version 8
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(AMD) C:\Windows\system32\atiesrxx.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Check Point Software Technologies LTD) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Gate\VAIO Gate.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Funkwerk Enterprise Communications GmbH) C:\Program Files (x86)\funkwerk WIN-Tools\Eumex 401 WIN-Tools V2.00\ControlCenter.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Sony Corporation) C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
() C:\Program Files (x86)\VTech\DownloadManager\System\AgentMonitor.exe
() C:\Program Files (x86)\devolo\dlan\devolonetsvc.exe
(SafeNet Inc.) C:\Windows\system32\hasplms.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Check Point Software Technologies LTD) C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(ArcSoft, Inc.) C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Smart Network\VSNService.exe
() C:\Program Files (x86)\Verbindungsassistent\WTGService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\DllHost.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe
(Check Point Software Technologies, Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Update\VUAgent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCPerfService.exe
(Sony of America Corporation) C:\Program Files\Sony\VAIO Care\listener.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Power Management\SPMService.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCsystray.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCService.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCAgent.exe
(Microsoft Corporation) C:\Windows\System32\vds.exe
(Google Inc.) C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10775584 2010-05-31] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2040352 2010-05-31] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2057000 2010-05-31] (Synaptics Incorporated)
HKLM\...\Run: [Windows Mobile Device Center] - C:\Windows\WindowsMobile\wmdc.exe [660360 2007-05-31] (Microsoft Corporation)
HKCU\...\Run: [swg] - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2010-07-29] (Google Inc.)
HKCU\...\Policies\system: [DisableLockWorkstation] 0
HKCU\...\Policies\system: [DisableChangePassword] 0
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2010-03-04] (Intel Corporation)
HKLM-x32\...\Run: [ISBMgr.exe] - C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe [673136 2010-05-31] (Sony Corporation)
HKLM-x32\...\Run: [PMBVolumeWatcher] - C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe [600928 2010-06-01] (Sony Corporation)
HKLM-x32\...\Run: [TkBellExe] - C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe [273528 2011-10-29] (RealNetworks, Inc.)
HKLM-x32\...\Run: [AgentMonitor] - C:\Program Files (x86)\VTech\DownloadManager\System\AgentMonitor.exe [377800 2012-11-05] ()
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [102400 2010-09-20] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM-x32\...\Run: [ZoneAlarm] - C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe [73832 2013-06-19] (Check Point Software Technologies LTD)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Control Center.lnk
ShortcutTarget: Control Center.lnk -> C:\Program Files (x86)\funkwerk WIN-Tools\Eumex 401 WIN-Tools V2.00\ControlCenter.exe (Funkwerk Enterprise Communications GmbH)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.zonealarm.com/?src=hp&tbid=goughDev3&Lan=de&gu=88a3cebac53d4b5c934b50787c49ae65&tu=10G9z009E1B0CO0&sku=&tstsId=&ver=&
StartMenuInternet: IEXPLORE.EXE - "C:\Program Files (x86)\Internet Explorer\iexplore.exe"
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {C3961666-4863-431B-8216-70911F101CDA} URL = hxxp://services.zinio.com/search?s={searchTerms}&rf=sonyslices
SearchScopes: HKCU - {CF856E5B-561E-465E-8CB1-A1B9646D46C1} URL = hxxp://rover.ebay.com/rover/1/707-37276-16609-9/4?satitle={searchTerms}
SearchScopes: HKCU - {E0D8CAF3-3C12-4334-AB96-3940DA527B66} URL = hxxp://de.shopping.com/?linkin_id=8056363
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg64.dll (Google Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: Zonealarm Helper Object - {2A841F7A-A014-4DA5-B6D9-8B913DFB7A8C} - C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.8.21.15\bh\zonealarm.dll (Check Point Software Technologies LTD)
BHO-x32: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll (Google Inc.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM-x32 - ZoneAlarm Security Toolbar - {438FAE3E-BDEF-44D3-AB8B-0C7C8350DF59} - C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.8.21.15\zonealarmTlbr.dll (Check Point Software Technologies LTD)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKCU - No Name - {41564952-412D-5637-00A7-7A786E7484D7} - No File
DPF: HKLM-x32 {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} hxxp://quickscan.bitdefender.com/qsax/qsax.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://active.macromedia.com/flash2/cabs/swflash.cab
Handler: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\system32\urlmon.dll (Microsoft Corporation)
Handler-x32: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - No File
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
FireFox:
========
FF ProfilePath: C:\Users\Sony\AppData\Roaming\Mozilla\Firefox\Profiles\wb55tb9o.default
FF SelectedSearchEngine: Google
FF Homepage: hxxp://www.google.de
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin-x32: @garmin.com/GpsControl - C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8117.0416 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @real.com/nppl3260;version=12.0.1.669 - c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprjplug;version=12.0.1.669 - c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpchromebrowserrecordext;version=12.0.1.669 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprphtml5videoshim;version=12.0.1.669 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpjplug;version=12.0.1.669 - c:\program files (x86)\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: zonealarm.com - C:\Users\Sony\AppData\Roaming\Mozilla\Firefox\Profiles\wb55tb9o.default\Extensions\ffxtlbr@zonealarm.com
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF Extension: RealPlayer Browser Record Plugin - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx
==================== Services (Whitelisted) =================
S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 DevoloNetworkService; C:\Program Files (x86)\devolo\dlan\devolonetsvc.exe [2231616 2010-07-19] ()
R2 hasplms; C:\Windows\system32\hasplms.exe [4913608 2011-12-01] (SafeNet Inc.)
R2 SampleCollector; C:\Program Files\Sony\VAIO Care\VCPerfService.exe [259192 2011-01-29] (Sony Corporation)
R2 uCamMonitor; C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [104960 2008-09-18] (ArcSoft, Inc.)
S3 VCFw; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [851824 2010-06-17] (Sony Corporation)
R2 vsmon; C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe [2445304 2013-06-19] (Check Point Software Technologies LTD)
R3 VUAgent; C:\Program Files\Sony\VAIO Update\VUAgent.exe [1286784 2012-10-26] (Sony Corporation)
R2 WTGService; C:\Program Files (x86)\Verbindungsassistent\WTGService.exe [296400 2009-03-03] ()
R2 ZAPrivacyService; C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe [54160 2013-06-18] (Check Point Software Technologies, Ltd.)
==================== Drivers (Whitelisted) ====================
R3 ArcSoftKsUFilter; C:\Windows\System32\DRIVERS\ArcSoftKsUFilter.sys [19968 2009-05-26] (ArcSoft, Inc.)
R2 hardlock; C:\Windows\system32\drivers\hardlock.sys [321536 2011-09-28] (SafeNet Inc.)
R0 KL1; C:\Windows\System32\DRIVERS\kl1.sys [458584 2012-11-15] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [613720 2013-02-21] (Kaspersky Lab)
R2 NPF_devolo; C:\Windows\sysWOW64\drivers\npf_devolo.sys [34048 2010-06-10] (CACE Technologies)
R1 Vsdatant; C:\Windows\System32\DRIVERS\vsdatant.sys [451096 2013-06-13] (Check Point Software Technologies LTD)
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-07-29 19:35 - 2013-07-28 19:31 - 01780547 _____ (Farbar) C:\Users\Sony\Desktop\FRST64.exe
2013-07-29 19:30 - 2013-07-29 19:30 - 00000771 _____ C:\Users\Sony\Desktop\JRT.txt
2013-07-29 19:19 - 2013-07-29 19:19 - 00000000 ____D C:\Windows\ERUNT
2013-07-29 19:19 - 2013-07-29 19:18 - 00562353 _____ (Oleg N. Scherbakov) C:\Users\Sony\Desktop\JRT.exe
2013-07-29 19:18 - 2013-07-29 19:18 - 00562353 _____ (Oleg N. Scherbakov) C:\Users\Sony\Downloads\JRT.exe
2013-07-29 19:14 - 2013-07-29 19:15 - 00025320 _____ C:\AdwCleaner[S1].txt
2013-07-29 19:14 - 2013-07-29 19:13 - 00666633 _____ C:\Users\Sony\Desktop\adwcleaner.exe
2013-07-29 19:13 - 2013-07-29 19:34 - 00058902 _____ C:\Users\Sony\Desktop\posting.txt
2013-07-29 19:13 - 2013-07-29 19:13 - 00666633 _____ C:\Users\Sony\Downloads\adwcleaner.exe
2013-07-29 18:40 - 2013-07-29 18:40 - 00001113 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-07-29 18:40 - 2013-07-29 18:40 - 00000000 ____D C:\Users\Sony\AppData\Roaming\Malwarebytes
2013-07-29 18:40 - 2013-07-29 18:40 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-07-29 18:40 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-07-29 18:39 - 2013-07-29 18:40 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-07-29 18:39 - 2013-07-29 18:39 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Sony\Downloads\mbam-setup-1.75.0.1300.exe
2013-07-29 10:44 - 2013-07-29 10:44 - 00026424 _____ C:\ComboFix.txt
2013-07-29 09:56 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2013-07-29 09:56 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2013-07-29 09:56 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-07-29 09:56 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-07-29 09:56 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-07-29 09:56 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2013-07-29 09:56 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2013-07-29 09:56 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2013-07-29 09:48 - 2013-07-29 10:44 - 00000000 ____D C:\Qoobox
2013-07-29 09:47 - 2013-07-29 10:42 - 00000000 ____D C:\Windows\erdnt
2013-07-29 09:42 - 2013-07-29 09:42 - 05095176 ____R (Swearware) C:\Users\Sony\Downloads\ComboFix.exe
2013-07-28 19:33 - 2013-07-28 19:33 - 00035581 _____ C:\Users\Sony\Downloads\FRST.txt
2013-07-28 19:32 - 2013-07-28 19:33 - 00027339 _____ C:\Users\Sony\Downloads\Addition.txt
2013-07-28 19:31 - 2013-07-28 19:31 - 01780547 _____ (Farbar) C:\Users\Sony\Downloads\FRST64.exe
2013-07-28 19:31 - 2013-07-28 19:31 - 00000000 ____D C:\FRST
2013-07-28 18:24 - 2013-07-28 18:24 - 00007954 _____ C:\Users\Sony\Desktop\gmer.log
2013-07-28 17:33 - 2013-07-28 17:33 - 00377856 _____ C:\Users\Sony\Downloads\gmer_2.1.19163.exe
2013-07-28 17:12 - 2013-07-28 17:31 - 00075910 _____ C:\Users\Sony\Downloads\Extras.Txt
2013-07-28 17:10 - 2013-07-28 17:30 - 00129480 _____ C:\Users\Sony\Downloads\OTL.Txt
2013-07-28 16:58 - 2013-07-28 16:58 - 00602112 _____ (OldTimer Tools) C:\Users\Sony\Downloads\OTL.exe
2013-07-28 16:56 - 2013-07-28 16:56 - 00000470 _____ C:\Users\Sony\Downloads\defogger_disable.log
2013-07-28 16:56 - 2013-07-28 16:56 - 00000000 _____ C:\Users\Sony\defogger_reenable
2013-07-28 16:55 - 2013-07-28 16:55 - 00050477 _____ C:\Users\Sony\Downloads\Defogger.exe
2013-07-28 16:35 - 2013-07-28 16:35 - 00000000 ____D C:\Users\Sony\Documents\Bluetooth-Exchange-Ordner
2013-07-28 13:38 - 2013-07-28 13:38 - 00000000 ____D C:\Users\Sony\AppData\Local\DoNotTrackPlus
2013-07-27 12:53 - 2013-07-29 19:16 - 00000336 _____ C:\Windows\setupact.log
2013-07-27 12:53 - 2013-07-27 12:53 - 00000000 _____ C:\Windows\setuperr.log
2013-07-27 12:52 - 2013-07-29 19:16 - 00010324 _____ C:\Windows\PFRO.log
2013-07-26 20:46 - 2013-07-26 20:50 - 00417513 _____ C:\Windows\system32\Drivers\vsconfig.xml
2013-07-26 20:46 - 2012-11-15 21:06 - 00458584 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\kl1.sys
2013-07-26 20:45 - 2013-07-26 20:45 - 00000762 _____ C:\Users\Public\Desktop\Firewall.lnk
2013-07-26 20:45 - 2013-02-21 14:44 - 00613720 _____ (Kaspersky Lab) C:\Windows\system32\Drivers\klif.sys
2013-07-26 20:45 - 2013-02-21 14:44 - 00089944 _____ (Kaspersky Lab) C:\Windows\system32\Drivers\klflt.sys
2013-07-26 20:41 - 2013-07-26 20:41 - 00000000 ____D C:\Users\Sony\AppData\Roaming\Check Point Software Technologies LTD
2013-07-26 20:41 - 2013-07-26 20:41 - 00000000 ____D C:\Program Files (x86)\Check Point Software Technologies LTD
2013-07-26 20:40 - 2013-07-26 20:44 - 00000000 ____D C:\Program Files (x86)\CheckPoint
2013-07-26 20:39 - 2013-07-26 20:39 - 00000000 ____D C:\ProgramData\CheckPoint
2013-07-26 18:32 - 2013-07-26 18:32 - 00000000 ____D C:\Users\Sony\.tfo4
2013-07-19 08:48 - 2013-07-19 08:48 - 00000000 ____D C:\Users\Sony\AppData\Local\Macromedia
2013-07-18 20:28 - 2013-07-18 20:28 - 00000000 ____D C:\Users\Sony\AppData\Local\Mozilla
2013-07-18 20:27 - 2013-07-26 22:20 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-07-18 20:27 - 2013-07-18 20:27 - 00001151 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-07-18 20:27 - 2013-07-18 20:27 - 00000000 ____D C:\ProgramData\Mozilla
2013-07-18 20:27 - 2013-07-18 20:27 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-07-18 20:17 - 2013-07-18 20:29 - 00000000 ____D C:\Users\Sony\AppData\Roaming\Mozilla
2013-07-18 20:15 - 2013-07-29 18:32 - 00000000 ____D C:\ProgramData\Avira
2013-07-16 09:54 - 2013-07-16 09:54 - 00000000 ____D C:\Users\Sony\AppData\Roaming\QuickScan
2013-06-30 17:32 - 2013-07-29 19:23 - 00000306 _____ C:\Windows\Tasks\Ovoquq.job
2013-06-30 17:32 - 2013-06-30 17:32 - 00233472 __RSH C:\Windows\SysWOW64\KBDVNTCU.dll
2013-06-30 17:32 - 2013-06-30 17:32 - 00002586 _____ C:\Windows\System32\Tasks\Ovoquq
==================== One Month Modified Files and Folders =======
2013-07-29 19:34 - 2013-07-29 19:13 - 00058902 _____ C:\Users\Sony\Desktop\posting.txt
2013-07-29 19:30 - 2013-07-29 19:30 - 00000771 _____ C:\Users\Sony\Desktop\JRT.txt
2013-07-29 19:24 - 2009-07-14 06:45 - 00013872 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-29 19:24 - 2009-07-14 06:45 - 00013872 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-29 19:23 - 2013-06-30 17:32 - 00000306 _____ C:\Windows\Tasks\Ovoquq.job
2013-07-29 19:23 - 2010-07-29 23:06 - 00697550 _____ C:\Windows\system32\perfh007.dat
2013-07-29 19:23 - 2010-07-29 23:06 - 00148556 _____ C:\Windows\system32\perfc007.dat
2013-07-29 19:23 - 2009-07-14 07:13 - 01615028 _____ C:\Windows\system32\PerfStringBackup.INI
2013-07-29 19:21 - 2012-02-10 10:00 - 00003340 _____ C:\Windows\System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-2543720412-3401914931-1110669274-1000
2013-07-29 19:21 - 2011-10-24 10:03 - 00003204 _____ C:\Windows\System32\Tasks\RealUpgradeLogonTaskS-1-5-21-2543720412-3401914931-1110669274-1000
2013-07-29 19:20 - 2010-11-30 15:48 - 01955146 _____ C:\Windows\WindowsUpdate.log
2013-07-29 19:19 - 2013-07-29 19:19 - 00000000 ____D C:\Windows\ERUNT
2013-07-29 19:18 - 2013-07-29 19:19 - 00562353 _____ (Oleg N. Scherbakov) C:\Users\Sony\Desktop\JRT.exe
2013-07-29 19:18 - 2013-07-29 19:18 - 00562353 _____ (Oleg N. Scherbakov) C:\Users\Sony\Downloads\JRT.exe
2013-07-29 19:16 - 2013-07-27 12:53 - 00000336 _____ C:\Windows\setupact.log
2013-07-29 19:16 - 2013-07-27 12:52 - 00010324 _____ C:\Windows\PFRO.log
2013-07-29 19:16 - 2010-07-29 13:31 - 00001120 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-07-29 19:16 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-07-29 19:15 - 2013-07-29 19:14 - 00025320 _____ C:\AdwCleaner[S1].txt
2013-07-29 19:13 - 2013-07-29 19:14 - 00666633 _____ C:\Users\Sony\Desktop\adwcleaner.exe
2013-07-29 19:13 - 2013-07-29 19:13 - 00666633 _____ C:\Users\Sony\Downloads\adwcleaner.exe
2013-07-29 18:53 - 2010-07-29 13:31 - 00001124 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-07-29 18:40 - 2013-07-29 18:40 - 00001113 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-07-29 18:40 - 2013-07-29 18:40 - 00000000 ____D C:\Users\Sony\AppData\Roaming\Malwarebytes
2013-07-29 18:40 - 2013-07-29 18:40 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-07-29 18:40 - 2013-07-29 18:39 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-07-29 18:40 - 2012-04-07 08:00 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-07-29 18:39 - 2013-07-29 18:39 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Sony\Downloads\mbam-setup-1.75.0.1300.exe
2013-07-29 18:32 - 2013-07-18 20:15 - 00000000 ____D C:\ProgramData\Avira
2013-07-29 10:44 - 2013-07-29 10:44 - 00026424 _____ C:\ComboFix.txt
2013-07-29 10:44 - 2013-07-29 09:48 - 00000000 ____D C:\Qoobox
2013-07-29 10:44 - 2009-07-14 05:20 - 00000000 __RHD C:\Users\Default
2013-07-29 10:42 - 2013-07-29 09:47 - 00000000 ____D C:\Windows\erdnt
2013-07-29 10:42 - 2009-07-14 04:34 - 00000215 _____ C:\Windows\system.ini
2013-07-29 10:41 - 2010-11-30 15:49 - 00000000 ____D C:\Users\Sony
2013-07-29 09:56 - 2012-03-07 20:58 - 00001912 _____ C:\Windows\epplauncher.mif
2013-07-29 09:42 - 2013-07-29 09:42 - 05095176 ____R (Swearware) C:\Users\Sony\Downloads\ComboFix.exe
2013-07-28 19:33 - 2013-07-28 19:33 - 00035581 _____ C:\Users\Sony\Downloads\FRST.txt
2013-07-28 19:33 - 2013-07-28 19:32 - 00027339 _____ C:\Users\Sony\Downloads\Addition.txt
2013-07-28 19:31 - 2013-07-29 19:35 - 01780547 _____ (Farbar) C:\Users\Sony\Desktop\FRST64.exe
2013-07-28 19:31 - 2013-07-28 19:31 - 01780547 _____ (Farbar) C:\Users\Sony\Downloads\FRST64.exe
2013-07-28 19:31 - 2013-07-28 19:31 - 00000000 ____D C:\FRST
2013-07-28 18:25 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\NDF
2013-07-28 18:24 - 2013-07-28 18:24 - 00007954 _____ C:\Users\Sony\Desktop\gmer.log
2013-07-28 17:33 - 2013-07-28 17:33 - 00377856 _____ C:\Users\Sony\Downloads\gmer_2.1.19163.exe
2013-07-28 17:31 - 2013-07-28 17:12 - 00075910 _____ C:\Users\Sony\Downloads\Extras.Txt
2013-07-28 17:30 - 2013-07-28 17:10 - 00129480 _____ C:\Users\Sony\Downloads\OTL.Txt
2013-07-28 16:58 - 2013-07-28 16:58 - 00602112 _____ (OldTimer Tools) C:\Users\Sony\Downloads\OTL.exe
2013-07-28 16:56 - 2013-07-28 16:56 - 00000470 _____ C:\Users\Sony\Downloads\defogger_disable.log
2013-07-28 16:56 - 2013-07-28 16:56 - 00000000 _____ C:\Users\Sony\defogger_reenable
2013-07-28 16:55 - 2013-07-28 16:55 - 00050477 _____ C:\Users\Sony\Downloads\Defogger.exe
2013-07-28 16:35 - 2013-07-28 16:35 - 00000000 ____D C:\Users\Sony\Documents\Bluetooth-Exchange-Ordner
2013-07-28 14:22 - 2010-12-27 12:49 - 00000000 ____D C:\Users\Sony\AppData\Roaming\SoftGrid Client
2013-07-28 14:04 - 2013-06-23 10:08 - 00000000 ____D C:\Firefox
2013-07-28 14:00 - 2012-06-20 18:41 - 00000000 ____D C:\Program Files (x86)\Trimble
2013-07-28 13:38 - 2013-07-28 13:38 - 00000000 ____D C:\Users\Sony\AppData\Local\DoNotTrackPlus
2013-07-28 12:39 - 2013-03-13 12:14 - 00000000 ____D C:\Users\Sony\Documents\Bewerbung
2013-07-28 12:14 - 2010-07-13 20:20 - 00000000 ___RD C:\Users\Public\Recorded TV
2013-07-27 12:53 - 2013-07-27 12:53 - 00000000 _____ C:\Windows\setuperr.log
2013-07-26 22:20 - 2013-07-18 20:27 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-07-26 22:16 - 2010-12-31 10:42 - 00000000 ____D C:\Users\Sony\AppData\Roaming\Auslogics
2013-07-26 20:50 - 2013-07-26 20:46 - 00417513 _____ C:\Windows\system32\Drivers\vsconfig.xml
2013-07-26 20:45 - 2013-07-26 20:45 - 00000762 _____ C:\Users\Public\Desktop\Firewall.lnk
2013-07-26 20:44 - 2013-07-26 20:40 - 00000000 ____D C:\Program Files (x86)\CheckPoint
2013-07-26 20:41 - 2013-07-26 20:41 - 00000000 ____D C:\Users\Sony\AppData\Roaming\Check Point Software Technologies LTD
2013-07-26 20:41 - 2013-07-26 20:41 - 00000000 ____D C:\Program Files (x86)\Check Point Software Technologies LTD
2013-07-26 20:39 - 2013-07-26 20:39 - 00000000 ____D C:\ProgramData\CheckPoint
2013-07-26 18:32 - 2013-07-26 18:32 - 00000000 ____D C:\Users\Sony\.tfo4
2013-07-20 14:23 - 2009-07-14 07:08 - 00032632 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-07-19 08:48 - 2013-07-19 08:48 - 00000000 ____D C:\Users\Sony\AppData\Local\Macromedia
2013-07-19 08:48 - 2011-01-02 16:18 - 00000000 ____D C:\Users\Sony\AppData\Local\Adobe
2013-07-19 08:48 - 2010-07-29 13:17 - 00000000 ____D C:\ProgramData\McAfee
2013-07-19 08:47 - 2012-04-07 08:00 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-07-19 08:47 - 2012-04-07 08:00 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-07-19 08:47 - 2012-02-24 22:02 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-07-18 20:29 - 2013-07-18 20:17 - 00000000 ____D C:\Users\Sony\AppData\Roaming\Mozilla
2013-07-18 20:28 - 2013-07-18 20:28 - 00000000 ____D C:\Users\Sony\AppData\Local\Mozilla
2013-07-18 20:27 - 2013-07-18 20:27 - 00001151 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-07-18 20:27 - 2013-07-18 20:27 - 00000000 ____D C:\ProgramData\Mozilla
2013-07-18 20:27 - 2013-07-18 20:27 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-07-16 09:54 - 2013-07-16 09:54 - 00000000 ____D C:\Users\Sony\AppData\Roaming\QuickScan
2013-07-15 20:48 - 2010-07-29 13:31 - 00004120 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-07-15 20:48 - 2010-07-29 13:31 - 00003868 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-07-11 10:14 - 2013-06-23 10:16 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-07-11 10:14 - 2013-06-23 10:16 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-07-03 09:56 - 2011-06-21 20:33 - 00000000 ____D C:\Update
2013-06-30 17:32 - 2013-06-30 17:32 - 00233472 __RSH C:\Windows\SysWOW64\KBDVNTCU.dll
2013-06-30 17:32 - 2013-06-30 17:32 - 00002586 _____ C:\Windows\System32\Tasks\Ovoquq
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-07-25 09:53
==================== End Of Log ============================
--- --- --- |
|
29.07.2013, 20:04
| #8 |
| /// the machine /// TB-Ausbilder | Google Redirect VirusESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
udn ein frisches FRST log bitte. Noch Probleme? 
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
29.07.2013, 21:07
| #9 | |
| | Google Redirect Virus Hi, Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=26c473fe85083c478cb9edf3cc057b4e
# engine=0
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-07-29 07:53:09
# local_time=2013-07-29 09:53:09 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7600 NT
# compatibility_mode=5893 16776574 100 94 44108958 126757439 0 0
# compatibility_mode=9217 16776573 100 13 263245 3453095 0 0
# scanned=0
# found=0
# cleaned=0
# scan_time=1168
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=26c473fe85083c478cb9edf3cc057b4e
# engine=0
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-07-29 07:59:18
# local_time=2013-07-29 09:59:18 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7600 NT
# compatibility_mode=5893 16776574 100 94 44109327 126757808 0 0
# compatibility_mode=9217 16776893 100 13 263614 3453464 0 0
# scanned=0
# found=0
# cleaned=0
# scan_time=278
Code:
ATTFilter UNSUPPORTED OPERATING SYSTEM! ABORTED!
FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 28-07-2013
Ran by Sony (administrator) on 29-07-2013 22:04:19
Running from C:\Users\Sony\Desktop
Windows 7 Home Premium (X64) OS Language: German Standard
Internet Explorer Version 8
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(AMD) C:\Windows\system32\atiesrxx.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Gate\VAIO Gate.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Funkwerk Enterprise Communications GmbH) C:\Program Files (x86)\funkwerk WIN-Tools\Eumex 401 WIN-Tools V2.00\ControlCenter.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Sony Corporation) C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
() C:\Program Files (x86)\VTech\DownloadManager\System\AgentMonitor.exe
() C:\Program Files (x86)\devolo\dlan\devolonetsvc.exe
(SafeNet Inc.) C:\Windows\system32\hasplms.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(ArcSoft, Inc.) C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Smart Network\VSNService.exe
() C:\Program Files (x86)\Verbindungsassistent\WTGService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\DllHost.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe
(Check Point Software Technologies, Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Update\VUAgent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCPerfService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Power Management\SPMService.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCsystray.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCService.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCAgent.exe
(Microsoft Corporation) C:\Windows\System32\vds.exe
(Google Inc.) C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Sony of America Corporation) C:\Program Files\Sony\VAIO Care\listener.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\Admload.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10775584 2010-05-31] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2040352 2010-05-31] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2057000 2010-05-31] (Synaptics Incorporated)
HKLM\...\Run: [Windows Mobile Device Center] - C:\Windows\WindowsMobile\wmdc.exe [660360 2007-05-31] (Microsoft Corporation)
HKCU\...\Run: [swg] - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2010-07-29] (Google Inc.)
HKCU\...\Policies\system: [DisableLockWorkstation] 0
HKCU\...\Policies\system: [DisableChangePassword] 0
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2010-03-04] (Intel Corporation)
HKLM-x32\...\Run: [ISBMgr.exe] - C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe [673136 2010-05-31] (Sony Corporation)
HKLM-x32\...\Run: [PMBVolumeWatcher] - C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe [600928 2010-06-01] (Sony Corporation)
HKLM-x32\...\Run: [TkBellExe] - C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe [273528 2011-10-29] (RealNetworks, Inc.)
HKLM-x32\...\Run: [AgentMonitor] - C:\Program Files (x86)\VTech\DownloadManager\System\AgentMonitor.exe [377800 2012-11-05] ()
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [102400 2010-09-20] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM-x32\...\Run: [ZoneAlarm] - C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe [73832 2013-06-19] (Check Point Software Technologies LTD)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Control Center.lnk
ShortcutTarget: Control Center.lnk -> C:\Program Files (x86)\funkwerk WIN-Tools\Eumex 401 WIN-Tools V2.00\ControlCenter.exe (Funkwerk Enterprise Communications GmbH)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.zonealarm.com/?src=hp&tbid=goughDev3&Lan=de&gu=88a3cebac53d4b5c934b50787c49ae65&tu=10G9z009E1B0CO0&sku=&tstsId=&ver=&
StartMenuInternet: IEXPLORE.EXE - "C:\Program Files (x86)\Internet Explorer\iexplore.exe"
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {C3961666-4863-431B-8216-70911F101CDA} URL = hxxp://services.zinio.com/search?s={searchTerms}&rf=sonyslices
SearchScopes: HKCU - {CF856E5B-561E-465E-8CB1-A1B9646D46C1} URL = hxxp://rover.ebay.com/rover/1/707-37276-16609-9/4?satitle={searchTerms}
SearchScopes: HKCU - {E0D8CAF3-3C12-4334-AB96-3940DA527B66} URL = hxxp://de.shopping.com/?linkin_id=8056363
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg64.dll (Google Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: Zonealarm Helper Object - {2A841F7A-A014-4DA5-B6D9-8B913DFB7A8C} - C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.8.21.15\bh\zonealarm.dll (Check Point Software Technologies LTD)
BHO-x32: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll (Google Inc.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM-x32 - ZoneAlarm Security Toolbar - {438FAE3E-BDEF-44D3-AB8B-0C7C8350DF59} - C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.8.21.15\zonealarmTlbr.dll (Check Point Software Technologies LTD)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKCU - No Name - {41564952-412D-5637-00A7-7A786E7484D7} - No File
DPF: HKLM-x32 {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} hxxp://quickscan.bitdefender.com/qsax/qsax.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://active.macromedia.com/flash2/cabs/swflash.cab
Handler: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\system32\urlmon.dll (Microsoft Corporation)
Handler-x32: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - No File
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
FireFox:
========
FF ProfilePath: C:\Users\Sony\AppData\Roaming\Mozilla\Firefox\Profiles\wb55tb9o.default
FF SelectedSearchEngine: Google
FF Homepage: hxxp://www.google.de
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin-x32: @garmin.com/GpsControl - C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8117.0416 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @real.com/nppl3260;version=12.0.1.669 - c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprjplug;version=12.0.1.669 - c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpchromebrowserrecordext;version=12.0.1.669 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprphtml5videoshim;version=12.0.1.669 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpjplug;version=12.0.1.669 - c:\program files (x86)\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: zonealarm.com - C:\Users\Sony\AppData\Roaming\Mozilla\Firefox\Profiles\wb55tb9o.default\Extensions\ffxtlbr@zonealarm.com
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF Extension: RealPlayer Browser Record Plugin - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx
==================== Services (Whitelisted) =================
S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 DevoloNetworkService; C:\Program Files (x86)\devolo\dlan\devolonetsvc.exe [2231616 2010-07-19] ()
R2 hasplms; C:\Windows\system32\hasplms.exe [4913608 2011-12-01] (SafeNet Inc.)
R2 SampleCollector; C:\Program Files\Sony\VAIO Care\VCPerfService.exe [259192 2011-01-29] (Sony Corporation)
R2 uCamMonitor; C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [104960 2008-09-18] (ArcSoft, Inc.)
S3 VCFw; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [851824 2010-06-17] (Sony Corporation)
S2 vsmon; C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe [2445304 2013-06-19] (Check Point Software Technologies LTD)
R3 VUAgent; C:\Program Files\Sony\VAIO Update\VUAgent.exe [1286784 2012-10-26] (Sony Corporation)
R2 WTGService; C:\Program Files (x86)\Verbindungsassistent\WTGService.exe [296400 2009-03-03] ()
R2 ZAPrivacyService; C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe [54160 2013-06-18] (Check Point Software Technologies, Ltd.)
==================== Drivers (Whitelisted) ====================
R3 ArcSoftKsUFilter; C:\Windows\System32\DRIVERS\ArcSoftKsUFilter.sys [19968 2009-05-26] (ArcSoft, Inc.)
R2 hardlock; C:\Windows\system32\drivers\hardlock.sys [321536 2011-09-28] (SafeNet Inc.)
R0 KL1; C:\Windows\System32\DRIVERS\kl1.sys [458584 2012-11-15] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [613720 2013-02-21] (Kaspersky Lab)
R2 NPF_devolo; C:\Windows\sysWOW64\drivers\npf_devolo.sys [34048 2010-06-10] (CACE Technologies)
R1 Vsdatant; C:\Windows\System32\DRIVERS\vsdatant.sys [451096 2013-06-13] (Check Point Software Technologies LTD)
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-07-29 22:02 - 2013-07-29 22:02 - 00891098 _____ C:\Users\Sony\Desktop\SecurityCheck.exe
2013-07-29 21:34 - 2013-07-29 21:59 - 00000000 ____D C:\Users\Sony\Desktop\Viren Entfernung
2013-07-29 19:35 - 2013-07-28 19:31 - 01780547 _____ (Farbar) C:\Users\Sony\Desktop\FRST64.exe
2013-07-29 19:19 - 2013-07-29 19:19 - 00000000 ____D C:\Windows\ERUNT
2013-07-29 19:14 - 2013-07-29 19:15 - 00025320 _____ C:\AdwCleaner[S1].txt
2013-07-29 18:40 - 2013-07-29 18:40 - 00000000 ____D C:\Users\Sony\AppData\Roaming\Malwarebytes
2013-07-29 18:40 - 2013-07-29 18:40 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-07-29 18:40 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-07-29 18:39 - 2013-07-29 18:40 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-07-29 10:44 - 2013-07-29 10:44 - 00026424 _____ C:\ComboFix.txt
2013-07-29 09:56 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2013-07-29 09:56 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2013-07-29 09:56 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-07-29 09:56 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-07-29 09:56 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-07-29 09:56 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2013-07-29 09:56 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2013-07-29 09:56 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2013-07-29 09:48 - 2013-07-29 10:44 - 00000000 ____D C:\Qoobox
2013-07-29 09:47 - 2013-07-29 10:42 - 00000000 ____D C:\Windows\erdnt
2013-07-28 19:31 - 2013-07-28 19:31 - 00000000 ____D C:\FRST
2013-07-28 16:56 - 2013-07-28 16:56 - 00000000 _____ C:\Users\Sony\defogger_reenable
2013-07-28 16:35 - 2013-07-28 16:35 - 00000000 ____D C:\Users\Sony\Documents\Bluetooth-Exchange-Ordner
2013-07-28 13:38 - 2013-07-28 13:38 - 00000000 ____D C:\Users\Sony\AppData\Local\DoNotTrackPlus
2013-07-27 12:53 - 2013-07-29 19:16 - 00000336 _____ C:\Windows\setupact.log
2013-07-27 12:53 - 2013-07-27 12:53 - 00000000 _____ C:\Windows\setuperr.log
2013-07-27 12:52 - 2013-07-29 19:16 - 00010324 _____ C:\Windows\PFRO.log
2013-07-26 20:46 - 2013-07-26 20:50 - 00417513 _____ C:\Windows\system32\Drivers\vsconfig.xml
2013-07-26 20:46 - 2012-11-15 21:06 - 00458584 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\kl1.sys
2013-07-26 20:45 - 2013-07-26 20:45 - 00000762 _____ C:\Users\Public\Desktop\Firewall.lnk
2013-07-26 20:45 - 2013-02-21 14:44 - 00613720 _____ (Kaspersky Lab) C:\Windows\system32\Drivers\klif.sys
2013-07-26 20:45 - 2013-02-21 14:44 - 00089944 _____ (Kaspersky Lab) C:\Windows\system32\Drivers\klflt.sys
2013-07-26 20:41 - 2013-07-26 20:41 - 00000000 ____D C:\Users\Sony\AppData\Roaming\Check Point Software Technologies LTD
2013-07-26 20:41 - 2013-07-26 20:41 - 00000000 ____D C:\Program Files (x86)\Check Point Software Technologies LTD
2013-07-26 20:40 - 2013-07-26 20:44 - 00000000 ____D C:\Program Files (x86)\CheckPoint
2013-07-26 20:39 - 2013-07-26 20:39 - 00000000 ____D C:\ProgramData\CheckPoint
2013-07-26 18:32 - 2013-07-26 18:32 - 00000000 ____D C:\Users\Sony\.tfo4
2013-07-19 08:48 - 2013-07-19 08:48 - 00000000 ____D C:\Users\Sony\AppData\Local\Macromedia
2013-07-18 20:28 - 2013-07-18 20:28 - 00000000 ____D C:\Users\Sony\AppData\Local\Mozilla
2013-07-18 20:27 - 2013-07-26 22:20 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-07-18 20:27 - 2013-07-18 20:27 - 00001151 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-07-18 20:27 - 2013-07-18 20:27 - 00000000 ____D C:\ProgramData\Mozilla
2013-07-18 20:27 - 2013-07-18 20:27 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-07-18 20:17 - 2013-07-18 20:29 - 00000000 ____D C:\Users\Sony\AppData\Roaming\Mozilla
2013-07-18 20:15 - 2013-07-29 18:32 - 00000000 ____D C:\ProgramData\Avira
2013-07-16 09:54 - 2013-07-16 09:54 - 00000000 ____D C:\Users\Sony\AppData\Roaming\QuickScan
2013-06-30 17:32 - 2013-07-29 19:23 - 00000306 _____ C:\Windows\Tasks\Ovoquq.job
2013-06-30 17:32 - 2013-06-30 17:32 - 00233472 __RSH C:\Windows\SysWOW64\KBDVNTCU.dll
2013-06-30 17:32 - 2013-06-30 17:32 - 00002586 _____ C:\Windows\System32\Tasks\Ovoquq
==================== One Month Modified Files and Folders =======
2013-07-29 22:02 - 2013-07-29 22:02 - 00891098 _____ C:\Users\Sony\Desktop\SecurityCheck.exe
2013-07-29 21:59 - 2013-07-29 21:34 - 00000000 ____D C:\Users\Sony\Desktop\Viren Entfernung
2013-07-29 21:53 - 2010-07-29 13:31 - 00001124 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-07-29 21:40 - 2012-04-07 08:00 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-07-29 20:59 - 2012-02-10 10:00 - 00003340 _____ C:\Windows\System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-2543720412-3401914931-1110669274-1000
2013-07-29 20:59 - 2011-10-24 10:03 - 00003204 _____ C:\Windows\System32\Tasks\RealUpgradeLogonTaskS-1-5-21-2543720412-3401914931-1110669274-1000
2013-07-29 20:53 - 2010-07-29 13:31 - 00001120 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-07-29 19:24 - 2009-07-14 06:45 - 00013872 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-29 19:24 - 2009-07-14 06:45 - 00013872 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-29 19:23 - 2013-06-30 17:32 - 00000306 _____ C:\Windows\Tasks\Ovoquq.job
2013-07-29 19:23 - 2010-07-29 23:06 - 00697550 _____ C:\Windows\system32\perfh007.dat
2013-07-29 19:23 - 2010-07-29 23:06 - 00148556 _____ C:\Windows\system32\perfc007.dat
2013-07-29 19:23 - 2009-07-14 07:13 - 01615028 _____ C:\Windows\system32\PerfStringBackup.INI
2013-07-29 19:20 - 2010-11-30 15:48 - 01955976 _____ C:\Windows\WindowsUpdate.log
2013-07-29 19:19 - 2013-07-29 19:19 - 00000000 ____D C:\Windows\ERUNT
2013-07-29 19:16 - 2013-07-27 12:53 - 00000336 _____ C:\Windows\setupact.log
2013-07-29 19:16 - 2013-07-27 12:52 - 00010324 _____ C:\Windows\PFRO.log
2013-07-29 19:16 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-07-29 19:15 - 2013-07-29 19:14 - 00025320 _____ C:\AdwCleaner[S1].txt
2013-07-29 18:40 - 2013-07-29 18:40 - 00000000 ____D C:\Users\Sony\AppData\Roaming\Malwarebytes
2013-07-29 18:40 - 2013-07-29 18:40 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-07-29 18:40 - 2013-07-29 18:39 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-07-29 18:32 - 2013-07-18 20:15 - 00000000 ____D C:\ProgramData\Avira
2013-07-29 10:44 - 2013-07-29 10:44 - 00026424 _____ C:\ComboFix.txt
2013-07-29 10:44 - 2013-07-29 09:48 - 00000000 ____D C:\Qoobox
2013-07-29 10:44 - 2009-07-14 05:20 - 00000000 __RHD C:\Users\Default
2013-07-29 10:42 - 2013-07-29 09:47 - 00000000 ____D C:\Windows\erdnt
2013-07-29 10:42 - 2009-07-14 04:34 - 00000215 _____ C:\Windows\system.ini
2013-07-29 10:41 - 2010-11-30 15:49 - 00000000 ____D C:\Users\Sony
2013-07-29 09:56 - 2012-03-07 20:58 - 00001912 _____ C:\Windows\epplauncher.mif
2013-07-28 19:31 - 2013-07-29 19:35 - 01780547 _____ (Farbar) C:\Users\Sony\Desktop\FRST64.exe
2013-07-28 19:31 - 2013-07-28 19:31 - 00000000 ____D C:\FRST
2013-07-28 18:25 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\NDF
2013-07-28 16:56 - 2013-07-28 16:56 - 00000000 _____ C:\Users\Sony\defogger_reenable
2013-07-28 16:35 - 2013-07-28 16:35 - 00000000 ____D C:\Users\Sony\Documents\Bluetooth-Exchange-Ordner
2013-07-28 14:22 - 2010-12-27 12:49 - 00000000 ____D C:\Users\Sony\AppData\Roaming\SoftGrid Client
2013-07-28 14:04 - 2013-06-23 10:08 - 00000000 ____D C:\Firefox
2013-07-28 14:00 - 2012-06-20 18:41 - 00000000 ____D C:\Program Files (x86)\Trimble
2013-07-28 13:38 - 2013-07-28 13:38 - 00000000 ____D C:\Users\Sony\AppData\Local\DoNotTrackPlus
2013-07-28 12:39 - 2013-03-13 12:14 - 00000000 ____D C:\Users\Sony\Documents\Bewerbung
2013-07-28 12:14 - 2010-07-13 20:20 - 00000000 ___RD C:\Users\Public\Recorded TV
2013-07-27 12:53 - 2013-07-27 12:53 - 00000000 _____ C:\Windows\setuperr.log
2013-07-26 22:20 - 2013-07-18 20:27 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-07-26 22:16 - 2010-12-31 10:42 - 00000000 ____D C:\Users\Sony\AppData\Roaming\Auslogics
2013-07-26 20:50 - 2013-07-26 20:46 - 00417513 _____ C:\Windows\system32\Drivers\vsconfig.xml
2013-07-26 20:45 - 2013-07-26 20:45 - 00000762 _____ C:\Users\Public\Desktop\Firewall.lnk
2013-07-26 20:44 - 2013-07-26 20:40 - 00000000 ____D C:\Program Files (x86)\CheckPoint
2013-07-26 20:41 - 2013-07-26 20:41 - 00000000 ____D C:\Users\Sony\AppData\Roaming\Check Point Software Technologies LTD
2013-07-26 20:41 - 2013-07-26 20:41 - 00000000 ____D C:\Program Files (x86)\Check Point Software Technologies LTD
2013-07-26 20:39 - 2013-07-26 20:39 - 00000000 ____D C:\ProgramData\CheckPoint
2013-07-26 18:32 - 2013-07-26 18:32 - 00000000 ____D C:\Users\Sony\.tfo4
2013-07-20 14:23 - 2009-07-14 07:08 - 00032632 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-07-19 08:48 - 2013-07-19 08:48 - 00000000 ____D C:\Users\Sony\AppData\Local\Macromedia
2013-07-19 08:48 - 2011-01-02 16:18 - 00000000 ____D C:\Users\Sony\AppData\Local\Adobe
2013-07-19 08:48 - 2010-07-29 13:17 - 00000000 ____D C:\ProgramData\McAfee
2013-07-19 08:47 - 2012-04-07 08:00 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-07-19 08:47 - 2012-04-07 08:00 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-07-19 08:47 - 2012-02-24 22:02 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-07-18 20:29 - 2013-07-18 20:17 - 00000000 ____D C:\Users\Sony\AppData\Roaming\Mozilla
2013-07-18 20:28 - 2013-07-18 20:28 - 00000000 ____D C:\Users\Sony\AppData\Local\Mozilla
2013-07-18 20:27 - 2013-07-18 20:27 - 00001151 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-07-18 20:27 - 2013-07-18 20:27 - 00000000 ____D C:\ProgramData\Mozilla
2013-07-18 20:27 - 2013-07-18 20:27 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-07-16 09:54 - 2013-07-16 09:54 - 00000000 ____D C:\Users\Sony\AppData\Roaming\QuickScan
2013-07-15 20:48 - 2010-07-29 13:31 - 00004120 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-07-15 20:48 - 2010-07-29 13:31 - 00003868 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-07-11 10:14 - 2013-06-23 10:16 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-07-11 10:14 - 2013-06-23 10:16 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-07-03 09:56 - 2011-06-21 20:33 - 00000000 ____D C:\Update
2013-06-30 17:32 - 2013-06-30 17:32 - 00233472 __RSH C:\Windows\SysWOW64\KBDVNTCU.dll
2013-06-30 17:32 - 2013-06-30 17:32 - 00002586 _____ C:\Windows\System32\Tasks\Ovoquq
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-07-25 09:53
==================== End Of Log ============================
--- --- --- Zitat:
|
|
30.07.2013, 07:15
| #10 |
| /// the machine /// TB-Ausbilder | Google Redirect Virus Ja teste und berichte
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
30.07.2013, 17:48
| #11 |
| |  Google Redirect Virus Hi schrauber, ich habe es jetzt getestet, es finden leider weiterhin unerwünschte Redirects statt (fast bei jedem beliebigen Aufruf einer URL aus Google). Gibt's noch etwas, was ich nun sinnvollerweise machen kann? |
|
31.07.2013, 08:12
| #12 |
| /// the machine /// TB-Ausbilder | Google Redirect Virus in welchem Browser? auch mit anderen getestet?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
31.07.2013, 18:43
| #13 |
| | Google Redirect Virus Zunächst getestet im Firefox (22.0), dort trat es auf. Jetzt getestet im Chrome (Version 28.0.1500.72 m), dort leider ebenfalls. Kurze Zwischenfrage: Würde eine Formatierung diese Probleme aus der Welt schaffen? |
|
31.07.2013, 19:59
| #14 |
| /// the machine /// TB-Ausbilder | Google Redirect Virus Klar würde es das. Sag mir nur ob wir weiter machen sollen
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
31.07.2013, 21:35
| #15 |
| | Google Redirect Virus Wenn du noch Wege kennst, mit denen sich eine Formatierung eventuell vermeiden lässt, würde ich das sehr gern probieren. |
|
Linear-Darstellung
