| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Google Redirect VirusWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
28.07.2013, 17:36
| #1 |
 |  Google Redirect Virus Hallo zusammen, ich vermute, ich habe einen Suchmaschinen Redirect Virus, mein normaler Virenscanner (AntiVir) schlägt dabei leider nicht an. Ich bin daher froh dieses Forum gefunden zu haben und hoffe ihr könnt mir helfen, da der Rechner so für mich kaum noch nutzbar ist. Defogger habe ich installiert und aktiviert. Hier der Inhalt der OTL.txt OTL logfile created on: 28.07.2013 17:23:05 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Sony\Downloads 64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,86 Gb Total Physical Memory | 1,86 Gb Available Physical Memory | 48,24% Memory free 7,71 Gb Paging File | 5,14 Gb Available in Paging File | 66,68% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 452,32 Gb Total Space | 378,47 Gb Free Space | 83,67% Space Free | Partition Type: NTFS Computer Name: SONY-VAIO | User Name: Sony | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - File not found -- PRC - [2013.07.28 16:58:22 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Sony\Downloads\OTL.exe PRC - [2013.07.26 22:30:39 | 000,168,400 | ---- | M] (APN LLC.) -- C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe PRC - [2013.07.26 22:30:31 | 001,558,480 | ---- | M] (APN) -- C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe PRC - [2013.07.18 20:14:47 | 000,084,024 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2013.07.18 20:14:15 | 000,108,088 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2013.07.18 20:14:13 | 000,345,144 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2013.06.19 23:13:16 | 002,445,304 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe PRC - [2013.06.19 22:41:38 | 000,073,832 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe PRC - [2013.06.18 16:21:11 | 000,920,472 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe PRC - [2013.06.18 03:34:34 | 000,054,160 | ---- | M] (Check Point Software Technologies, Ltd.) -- C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe PRC - [2013.05.11 12:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2013.02.05 17:48:44 | 000,272,248 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe PRC - [2013.01.25 08:43:04 | 002,620,016 | ---- | M] (Iminent) -- C:\Program Files (x86)\Common Files\Umbrella\Umbrella.exe PRC - [2012.12.12 14:53:32 | 001,074,376 | ---- | M] (Iminent) -- C:\Program Files (x86)\Iminent\Iminent.exe PRC - [2012.12.12 14:53:32 | 000,884,936 | ---- | M] (Iminent) -- C:\Program Files (x86)\Iminent\Iminent.Messengers.exe PRC - [2012.11.05 10:50:12 | 000,377,800 | ---- | M] () -- C:\Program Files (x86)\VTech\DownloadManager\System\AgentMonitor.exe PRC - [2011.10.29 08:19:11 | 000,273,528 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe PRC - [2011.10.01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe PRC - [2011.10.01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe PRC - [2011.02.14 14:23:50 | 000,044,736 | ---- | M] (Sony Corporation) -- C:\Programme\Sony\VAIO Care\VCService.exe PRC - [2011.01.29 06:36:18 | 000,081,016 | ---- | M] (Sony of America Corporation) -- C:\Programme\Sony\VAIO Care\listener.exe PRC - [2010.07.19 19:57:32 | 002,231,616 | ---- | M] () -- C:\Program Files (x86)\devolo\dlan\devolonetsvc.exe PRC - [2010.06.08 23:55:16 | 000,013,600 | ---- | M] (Broadcom Corporation.) -- C:\Programme\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe PRC - [2010.06.01 03:01:56 | 000,367,456 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe PRC - [2010.06.01 03:01:54 | 000,600,928 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe PRC - [2010.05.31 19:18:32 | 000,217,968 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe PRC - [2010.05.31 19:18:32 | 000,120,176 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe PRC - [2010.05.31 17:01:52 | 000,673,136 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe PRC - [2010.05.28 22:02:57 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe PRC - [2010.05.28 22:02:38 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe PRC - [2010.03.04 05:16:06 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe PRC - [2010.03.04 05:16:04 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe PRC - [2009.03.03 13:45:11 | 000,296,400 | ---- | M] () -- C:\Program Files (x86)\Verbindungsassistent\WTGService.exe PRC - [2008.09.18 10:59:10 | 000,104,960 | ---- | M] (ArcSoft, Inc.) -- C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe PRC - [2008.08.25 12:29:52 | 000,225,280 | ---- | M] (Funkwerk Enterprise Communications GmbH) -- C:\Program Files (x86)\funkwerk WIN-Tools\Eumex 401 WIN-Tools V2.00\ControlCenter.exe ========== Modules (No Company Name) ========== MOD - [2013.06.18 16:21:30 | 003,285,912 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll MOD - [2013.02.13 15:49:05 | 000,148,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuratio#\12630df9abc4ebf7ff67de989b8e8123\System.Configuration.Install.ni.dll MOD - [2013.02.13 15:17:19 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\05682429807d34d6ff05a77ea153935f\System.Windows.Forms.ni.dll MOD - [2013.02.13 14:12:43 | 013,199,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\39f4c7717661667c68f9af8c4f6402b9\System.Windows.Forms.ni.dll MOD - [2013.01.10 11:28:14 | 001,078,272 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\c1b67737c13c99776cde5989ec2885c8\System.IdentityModel.ni.dll MOD - [2013.01.10 11:28:12 | 018,080,256 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\a0445401f2473a1aa4b66c9c0791c7f6\System.ServiceModel.ni.dll MOD - [2013.01.10 11:26:35 | 001,925,632 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Web.Services\da5ccd3bc4583fb68696cb0c8209daf4\System.Web.Services.ni.dll MOD - [2013.01.10 11:26:24 | 000,787,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\1d254fbc811d0de6c54a9d9c428c4497\System.EnterpriseServices.ni.dll MOD - [2013.01.10 11:26:24 | 000,236,032 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\1d254fbc811d0de6c54a9d9c428c4497\System.EnterpriseServices.Wrapper.dll MOD - [2013.01.10 11:26:23 | 001,021,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Dura#\e7b4706dfe18f29486dbaf5d35e01765\System.Runtime.DurableInstancing.ni.dll MOD - [2013.01.10 11:26:23 | 000,649,728 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Transactions\dcb0e7d56ffca14d7c483103235b11ad\System.Transactions.ni.dll MOD - [2013.01.10 11:26:22 | 002,647,040 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\910fe53ec2122cf3a2ad11c2b2f5cbfd\System.Runtime.Serialization.ni.dll MOD - [2013.01.10 11:26:22 | 000,143,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\ef7642a4f2724135d445e2ea36582e78\SMDiagnostics.ni.dll MOD - [2013.01.10 11:25:52 | 001,801,728 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\866894ebe5258bf9f45d6b063229e990\System.Xaml.ni.dll MOD - [2013.01.10 11:23:07 | 000,452,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\dd2d0cf72eac6e5b113a0059aeb3cab5\IAStorUtil.ni.dll MOD - [2013.01.10 11:04:49 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\01b47a246b4ec7bfec31bf4503aceda1\System.Runtime.Remoting.ni.dll MOD - [2013.01.10 11:04:16 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\e2ee5d77ebe0bd025e7a7a317a43d677\System.Drawing.ni.dll MOD - [2013.01.10 11:04:02 | 003,325,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\82a4c4666ad83c3a375210247e69646b\WindowsBase.ni.dll MOD - [2013.01.10 11:03:56 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\10aba2c167cc1119b80159fd9ac71ca8\System.Xml.ni.dll MOD - [2013.01.10 11:03:52 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\96a3b737db1e72adaf32d2b350e50c23\System.Configuration.ni.dll MOD - [2013.01.10 11:03:51 | 007,974,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\c54750e64ba10d0fb7b6a636fb3695ca\System.ni.dll MOD - [2013.01.10 11:03:46 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b0b8554c05f194f546a8ed531320760b\mscorlib.ni.dll MOD - [2013.01.09 22:28:02 | 018,002,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\14f511c47523f19ca591eb207e9e2084\PresentationFramework.ni.dll MOD - [2013.01.09 22:27:49 | 011,451,904 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\e10fd15441d278c04a03302880a3e231\PresentationCore.ni.dll MOD - [2013.01.09 22:27:49 | 006,815,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data\9071f089ab65d518d1bd7e8fa857a95f\System.Data.ni.dll MOD - [2013.01.09 22:27:41 | 007,069,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\27dcf04ed7a3506045597c02a5a1fc31\System.Core.ni.dll MOD - [2013.01.09 22:27:37 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\43cd41484df96d15df949eb17dd88152\System.Xml.ni.dll MOD - [2013.01.09 22:27:35 | 003,858,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\7a9ff5ce3a909d075179a2ac70d8f388\WindowsBase.ni.dll MOD - [2013.01.09 22:27:35 | 001,667,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\b573c6a62bb88df0ee2af59b6a8ca910\System.Drawing.ni.dll MOD - [2013.01.09 22:27:33 | 000,982,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\5de5d8c1c02e33789e3cf7e3f54c0ec9\System.Configuration.ni.dll MOD - [2013.01.09 22:27:31 | 009,094,656 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\15872842e3e63ddf0f720f406706198e\System.ni.dll MOD - [2013.01.09 22:27:26 | 014,412,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\3f95a6d480ed1ebe45cf27b770ba94ed\mscorlib.ni.dll MOD - [2012.11.05 10:50:12 | 000,377,800 | ---- | M] () -- C:\Program Files (x86)\VTech\DownloadManager\System\AgentMonitor.exe MOD - [2012.08.06 11:54:24 | 009,843,640 | ---- | M] () -- C:\Program Files (x86)\VTech\DownloadManager\System\QtWebKit4.dll MOD - [2010.11.11 11:24:31 | 000,028,160 | ---- | M] () -- C:\Program Files (x86)\VTech\DownloadManager\System\DACommCenter.dll MOD - [2010.07.29 23:05:14 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2010.07.29 23:05:11 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll MOD - [2010.07.13 15:07:23 | 007,826,432 | ---- | M] () -- C:\Program Files (x86)\VTech\DownloadManager\System\QtGui4.dll MOD - [2010.07.05 11:19:39 | 000,116,736 | ---- | M] () -- C:\Program Files (x86)\VTech\DownloadManager\System\QtSolutions_SOAP-2.7.dll MOD - [2010.06.24 03:16:19 | 002,150,400 | ---- | M] () -- C:\Program Files (x86)\VTech\DownloadManager\System\QtCore4.dll MOD - [2010.06.02 07:05:40 | 000,119,808 | ---- | M] () -- C:\Program Files (x86)\VTech\DownloadManager\System\imageformats\qjpeg4.dll MOD - [2010.06.02 04:56:04 | 000,232,960 | ---- | M] () -- C:\Program Files (x86)\VTech\DownloadManager\System\phonon4.dll MOD - [2010.06.02 04:54:24 | 002,530,816 | ---- | M] () -- C:\Program Files (x86)\VTech\DownloadManager\System\QtXmlPatterns4.dll MOD - [2010.06.02 04:29:22 | 000,934,912 | ---- | M] () -- C:\Program Files (x86)\VTech\DownloadManager\System\QtNetwork4.dll MOD - [2010.06.02 04:28:00 | 000,335,360 | ---- | M] () -- C:\Program Files (x86)\VTech\DownloadManager\System\QtXml4.dll ========== Services (SafeList) ========== SRV:64bit: - [2011.12.01 22:47:50 | 004,913,608 | ---- | M] (SafeNet Inc.) [Auto | Running] -- C:\Windows\SysNative\hasplms.exe -- (hasplms) SRV:64bit: - [2011.01.29 06:36:18 | 000,259,192 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Care\VCPerfService.exe -- (SampleCollector) SRV:64bit: - [2010.10.08 08:55:08 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV - [2013.07.26 22:30:39 | 000,168,400 | ---- | M] (APN LLC.) [Auto | Running] -- C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe -- (APNMCP) SRV - [2013.07.19 08:47:56 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013.07.18 20:14:47 | 000,084,024 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2013.07.18 20:14:23 | 000,589,368 | ---- | M] (Avira Operations GmbH & Co. KG) [Disabled | Stopped] -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService) SRV - [2013.07.18 20:14:15 | 000,108,088 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2013.06.20 20:33:08 | 000,366,600 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Programme\Microsoft Security Client\NisSrv.exe -- (NisSrv) SRV - [2013.06.20 20:33:08 | 000,023,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Programme\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc) SRV - [2013.06.19 23:13:16 | 002,445,304 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe -- (vsmon) SRV - [2013.06.18 16:21:21 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013.06.18 03:34:34 | 000,054,160 | ---- | M] (Check Point Software Technologies, Ltd.) [Auto | Running] -- C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe -- (ZAPrivacyService) SRV - [2013.05.11 12:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2013.02.05 17:48:00 | 000,235,216 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe -- (McComponentHostService) SRV - [2013.01.25 08:43:04 | 002,620,016 | ---- | M] (Iminent) [Auto | Running] -- C:\Program Files (x86)\Common Files\Umbrella\Umbrella.exe -- (SProtection) SRV - [2012.10.26 10:44:28 | 001,286,784 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Programme\Sony\VAIO Update\VUAgent.exe -- (VUAgent) SRV - [2012.07.13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2011.10.01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa) SRV - [2011.10.01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist) SRV - [2011.02.14 14:23:50 | 000,044,736 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Programme\Sony\VAIO Care\VCService.exe -- (VCService) SRV - [2010.08.11 09:46:06 | 000,845,312 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Programme\Sony\VAIO Smart Network\VSNService.exe -- (VSNService) SRV - [2010.07.29 13:22:44 | 000,867,080 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2010.07.19 19:57:32 | 002,231,616 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\devolo\dlan\devolonetsvc.exe -- (DevoloNetworkService) SRV - [2010.06.21 18:00:52 | 000,575,856 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Programme\Sony\VAIO Power Management\SPMService.exe -- (VAIO Power Management) SRV - [2010.06.20 21:47:18 | 000,108,400 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe -- (SOHCImp) SRV - [2010.06.20 21:47:16 | 000,067,952 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe -- (SOHDs) SRV - [2010.06.18 07:07:12 | 000,423,280 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe -- (SOHDms) SRV - [2010.06.17 12:44:10 | 000,851,824 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe -- (VCFw) SRV - [2010.06.09 15:57:16 | 000,101,232 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe -- (VcmXmlIfHelper) SRV - [2010.06.09 15:56:02 | 000,384,880 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe -- (VcmINSMgr) SRV - [2010.06.09 15:55:00 | 000,537,456 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe -- (VcmIAlzMgr) SRV - [2010.06.08 23:55:14 | 000,952,096 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins) SRV - [2010.06.06 22:13:46 | 000,304,496 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe -- (SpfService) SRV - [2010.06.01 03:01:56 | 000,367,456 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider) SRV - [2010.05.31 19:18:32 | 000,217,968 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe -- (VAIO Event Service) SRV - [2010.05.28 22:02:57 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) SRV - [2010.05.28 22:02:38 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.03.18 12:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon) SRV - [2010.03.04 05:16:06 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) SRV - [2010.01.09 22:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc) SRV - [2009.10.09 05:45:56 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor8.0) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2009.03.03 13:45:11 | 000,296,400 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Verbindungsassistent\WTGService.exe -- (WTGService) SRV - [2008.09.18 10:59:10 | 000,104,960 | ---- | M] (ArcSoft, Inc.) [Auto | Running] -- C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe -- (uCamMonitor) SRV - [2007.05.31 10:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm) SRV - [2007.05.31 10:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr) ========== Driver Services (SafeList) ========== DRV:64bit: - [2013.07.18 20:14:59 | 000,130,016 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2013.07.18 20:14:59 | 000,028,600 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2013.06.18 21:50:08 | 000,139,616 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv) DRV:64bit: - [2013.06.13 16:34:16 | 000,451,096 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vsdatant.sys -- (Vsdatant) DRV:64bit: - [2013.02.21 14:44:14 | 000,613,720 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\SysNative\drivers\klif.sys -- (KLIF) DRV:64bit: - [2013.02.12 16:02:24 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx) DRV:64bit: - [2012.11.15 21:06:04 | 000,458,584 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\kl1.sys -- (KL1) DRV:64bit: - [2012.03.01 08:54:38 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011.11.22 14:14:54 | 000,139,592 | ---- | M] (SafeNet Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aksfridge.sys -- (aksfridge) DRV:64bit: - [2011.11.22 14:14:54 | 000,078,208 | ---- | M] (SafeNet Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aksdf.sys -- (aksdf) DRV:64bit: - [2011.10.01 09:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol) DRV:64bit: - [2011.10.01 09:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay) DRV:64bit: - [2011.10.01 09:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir) DRV:64bit: - [2011.10.01 09:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs) DRV:64bit: - [2011.09.28 15:31:30 | 000,321,536 | ---- | M] (SafeNet Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\hardlock.sys -- (hardlock) DRV:64bit: - [2011.03.11 08:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 08:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011.01.05 12:25:28 | 000,115,328 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (hwdatacard) DRV:64bit: - [2010.10.08 08:55:08 | 006,661,120 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag) DRV:64bit: - [2010.10.08 08:55:08 | 006,661,120 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2010.10.08 08:55:08 | 000,195,584 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2010.06.24 22:34:53 | 000,271,872 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) DRV:64bit: - [2010.06.24 22:33:43 | 010,326,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2010.06.23 22:04:45 | 000,021,544 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid) DRV:64bit: - [2010.06.23 22:04:43 | 000,342,056 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwampfl.sys -- (btwampfl) DRV:64bit: - [2010.06.23 22:04:43 | 000,135,720 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt) DRV:64bit: - [2010.06.23 22:04:43 | 000,102,952 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio) DRV:64bit: - [2010.06.23 22:04:09 | 000,039,464 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap) DRV:64bit: - [2010.06.23 22:03:07 | 000,078,848 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\risdsne64.sys -- (risdsnpe) DRV:64bit: - [2010.06.23 22:02:59 | 000,094,208 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimssne64.sys -- (rimspci) DRV:64bit: - [2010.05.31 23:36:48 | 000,402,720 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7) DRV:64bit: - [2010.05.31 23:36:41 | 001,573,888 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr) DRV:64bit: - [2010.05.31 23:31:21 | 000,316,464 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP) DRV:64bit: - [2010.05.31 22:10:13 | 000,231,328 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService) DRV:64bit: - [2010.05.28 22:03:12 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd) DRV:64bit: - [2010.05.28 22:02:36 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) DRV:64bit: - [2010.04.26 22:20:29 | 000,012,032 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SFEP.sys -- (SFEP) DRV:64bit: - [2010.03.04 04:51:40 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2009.10.10 04:41:20 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.05.26 14:32:04 | 000,019,968 | ---- | M] (ArcSoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ArcSoftKsUFilter.sys -- (ArcSoftKsUFilter) DRV:64bit: - [2008.06.16 03:00:00 | 000,055,024 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64) DRV - [2010.06.10 13:32:14 | 000,034,048 | ---- | M] (CACE Technologies) [Kernel | Auto | Running] -- C:\Windows\SysWOW64\drivers\npf_devolo.sys -- (NPF_devolo) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) DRV - [2008.07.24 12:04:34 | 000,115,328 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\ewusbmdm.sys -- (hwdatacard) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=SVEE&bmod=SVEE IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.zonealarm.com/?src=hp&tbid=goughDev3&Lan=de&gu=88a3cebac53d4b5c934b50787c49ae65&tu=10G9z009E1B0CO0&sku=&tstsId=&ver=& IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7SVEE_deDE412DE412 IE - HKCU\..\SearchScopes\{C3961666-4863-431B-8216-70911F101CDA}: "URL" = hxxp://services.zinio.com/search?s={searchTerms}&rf=sonyslices IE - HKCU\..\SearchScopes\{CF856E5B-561E-465E-8CB1-A1B9646D46C1}: "URL" = hxxp://rover.ebay.com/rover/1/707-37276-16609-9/4?satitle={searchTerms} IE - HKCU\..\SearchScopes\{DCF6A7EE-08F2-45F4-B7CE-013965687E94}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000027&src=crm&q={searchTerms}&locale=de_DE&apn_ptnrs=^U3&apn_dtid=^OSJ000^YY^DE&apn_uid=30914DF7-E8FE-405D-9DD1-261D5AE7163A&apn_sauid=8BE26948-9CA5-4635-9AF2-D6B6AD5AA66C IE - HKCU\..\SearchScopes\{E0D8CAF3-3C12-4334-AB96-3940DA527B66}: "URL" = hxxp://de.shopping.com/?linkin_id=8056363 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "Google" FF - prefs.js..browser.search.defaultenginename: "Google" FF - prefs.js..browser.search.order.1: "Ask.com" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de" FF - prefs.js..extensions.enabledAddons: ffxtlbr%40zonealarm.com:1.6.0 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:22.0 FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll () FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.669: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.669: c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.669: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.669: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.669: c:\program files (x86)\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011.10.29 08:19:34 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.07.18 20:29:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sony\AppData\Roaming\mozilla\Extensions [2013.07.28 07:07:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sony\AppData\Roaming\mozilla\Firefox\Profiles\{DefaultProfilesFolder}\extensions [2013.07.26 20:54:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sony\AppData\Roaming\mozilla\Firefox\Profiles\wb55tb9o.default\extensions [2013.07.26 20:54:09 | 000,000,000 | ---D | M] (zonealarm.com) -- C:\Users\Sony\AppData\Roaming\mozilla\Firefox\Profiles\wb55tb9o.default\extensions\ffxtlbr@zonealarm.com [2013.07.26 22:31:20 | 000,713,729 | ---- | M] () (No name found) -- C:\Users\Sony\AppData\Roaming\mozilla\firefox\profiles\{DefaultProfilesFolder}\extensions\toolbar_AVIRA-V7@apn.ask.com.xpi [2013.03.21 09:15:42 | 000,007,919 | ---- | M] () (No name found) -- C:\Users\Sony\AppData\Roaming\mozilla\firefox\profiles\wb55tb9o.default\extensions\ffxtlbr@zonealarm.com\content\Abine\chrome\content\ff\view_expiry.j s [2013.07.26 20:41:15 | 000,001,502 | ---- | M] () -- C:\Users\Sony\AppData\Roaming\mozilla\firefox\profiles\wb55tb9o.default\searchplugins\zonealarm.xml [2013.07.18 20:27:11 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions [2013.07.18 20:27:11 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} ========== Chrome ========== CHR - homepage: hxxp://search.zonealarm.com/?src=hp&tbid=goughDev3&Lan=de&gu=88a3cebac53d4b5c934b50787c49ae65&tu=10G9z009E1B0CO0&sku=&tstsId=&ver=& O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.7.8313.1002\swg64.dll (Google Inc.) O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.) O2 - BHO: (Zonealarm Helper Object) - {2A841F7A-A014-4DA5-B6D9-8B913DFB7A8C} - C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.8.21.15\bh\zonealarm.dll (Check Point Software Technologies LTD) O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll (APN LLC.) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (IMinent WebBooster (BHO)) - {A09AB6EB-31B5-454C-97EC-9B294D92EE2A} - C:\Program Files (x86)\Iminent\Iminent.WebBooster.InternetExplorer.dll (Iminent) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll (Google Inc.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll (APN LLC.) O3 - HKLM\..\Toolbar: (ZoneAlarm Security Toolbar) - {438FAE3E-BDEF-44D3-AB8B-0C7C8350DF59} - C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.8.21.15\zonealarmTlbr.dll (Check Point Software Technologies LTD) O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (Avira SearchFree Toolbar plus Web Protection) - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll (APN LLC.) O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation) O4 - HKLM..\Run: [AgentMonitor] C:\Program Files (x86)\VTech\DownloadManager\System\AgentMonitor.exe () O4 - HKLM..\Run: [ApnTBMon] C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe (APN) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) O4 - HKLM..\Run: [Iminent] C:\Program Files (x86)\Iminent\Iminent.exe (Iminent) O4 - HKLM..\Run: [IminentMessenger] C:\Program Files (x86)\Iminent\Iminent.Messengers.exe (Iminent) O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe (Sony Corporation) O4 - HKLM..\Run: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.) O4 - HKLM..\Run: [ZoneAlarm] C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe (Check Point Software Technologies LTD) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeStartMenu = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogOff = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 0 O8:64bit: - Extra context menu item: Add to &Evernote - C:\Program Files (x86)\Evernote\Evernote3.5\enbar.dll (Evernote Corporation) O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html File not found O8 - Extra context menu item: Add to &Evernote - C:\Program Files (x86)\Evernote\Evernote3.5\enbar.dll (Evernote Corporation) O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html File not found O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra Button: Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - C:\Program Files (x86)\Evernote\Evernote3.5\enbar.dll (Evernote Corporation) O9 - Extra 'Tools' menuitem : Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - C:\Program Files (x86)\Evernote\Evernote3.5\enbar.dll (Evernote Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000020 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16:64bit: - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} hxxp://quickscan.bitdefender.com/qsax/qsax.cab (Bitdefender QuickScan Control) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://active.macromedia.com/flash2/cabs/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C3FA99C0-6D20-46D3-A571-87208C430CB4}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18 - Protocol\Handler\gopher - No CLSID value found O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{1b9b91c3-1af6-11e0-8fe8-c0cb38fe8018}\Shell - "" = AutoRun O33 - MountPoints2\{1b9b91c3-1af6-11e0-8fe8-c0cb38fe8018}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\{2255c756-1bdd-11e0-bfda-544249ef2dcf}\Shell - "" = AutoRun O33 - MountPoints2\{2255c756-1bdd-11e0-bfda-544249ef2dcf}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\{2255c75a-1bdd-11e0-bfda-544249ef2dcf}\Shell - "" = AutoRun O33 - MountPoints2\{2255c75a-1bdd-11e0-bfda-544249ef2dcf}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\{c1604838-18a2-11e0-9ceb-c0cb38fe8018}\Shell - "" = AutoRun O33 - MountPoints2\{c1604838-18a2-11e0-9ceb-c0cb38fe8018}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\{c160483d-18a2-11e0-9ceb-c0cb38fe8018}\Shell - "" = AutoRun O33 - MountPoints2\{c160483d-18a2-11e0-9ceb-c0cb38fe8018}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\D\Shell - "" = AutoRun O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\Setup.exe O33 - MountPoints2\F\Shell - "" = AutoRun O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\AutoRun.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.07.28 16:35:23 | 000,000,000 | ---D | C] -- C:\Users\Sony\Documents\Bluetooth-Exchange-Ordner [2013.07.28 13:38:33 | 000,000,000 | ---D | C] -- C:\Users\Sony\AppData\Local\DoNotTrackPlus [2013.07.28 13:38:30 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\microsoft [2013.07.28 07:07:53 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2013.07.26 21:35:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [2013.07.26 20:46:09 | 000,458,584 | ---- | C] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\kl1.sys [2013.07.26 20:45:56 | 000,613,720 | ---- | C] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\klif.sys [2013.07.26 20:45:56 | 000,089,944 | ---- | C] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\klflt.sys [2013.07.26 20:45:55 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\DRVSTORE [2013.07.26 20:45:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Check Point [2013.07.26 20:41:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Check Point Software Technologies LTD [2013.07.26 20:41:01 | 000,000,000 | ---D | C] -- C:\Users\Sony\AppData\Roaming\Check Point Software Technologies LTD [2013.07.26 20:40:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CheckPoint [2013.07.26 20:39:25 | 000,000,000 | ---D | C] -- C:\ProgramData\CheckPoint [2013.07.26 18:32:06 | 000,000,000 | ---D | C] -- C:\Users\Sony\4.0 [2013.07.26 18:32:04 | 000,000,000 | ---D | C] -- C:\Users\Sony\.tfo4 [2013.07.19 09:29:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus [2013.07.19 08:48:47 | 000,000,000 | ---D | C] -- C:\Users\Sony\AppData\Local\Macromedia [2013.07.19 08:48:07 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee Security Scan [2013.07.19 08:48:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\McAfee Security Scan [2013.07.18 20:28:17 | 000,000,000 | ---D | C] -- C:\Users\Sony\AppData\Local\Mozilla [2013.07.18 20:27:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla [2013.07.18 20:27:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service [2013.07.18 20:27:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2013.07.18 20:24:16 | 000,000,000 | ---D | C] -- C:\Users\Sony\AppData\Roaming\Avira [2013.07.18 20:23:59 | 000,083,672 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avnetflt.sys [2013.07.18 20:18:58 | 000,000,000 | ---D | C] -- C:\Users\Sony\AppData\Local\AskPartnerNetwork [2013.07.18 20:17:06 | 000,000,000 | ---D | C] -- C:\Users\Sony\AppData\Roaming\Mozilla [2013.07.18 20:17:05 | 000,000,000 | ---D | C] -- C:\ProgramData\AskPartnerNetwork [2013.07.18 20:17:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AskPartnerNetwork [2013.07.18 20:16:55 | 000,000,000 | ---D | C] -- C:\ProgramData\APN [2013.07.18 20:15:48 | 000,130,016 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys [2013.07.18 20:15:48 | 000,100,712 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys [2013.07.18 20:15:48 | 000,028,600 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys [2013.07.18 20:15:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2013.07.18 20:15:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira [2013.07.16 09:54:41 | 000,000,000 | ---D | C] -- C:\Users\Sony\AppData\Roaming\QuickScan [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.07.28 16:56:10 | 000,000,000 | ---- | M] () -- C:\Users\Sony\defogger_reenable [2013.07.28 16:53:00 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.07.28 16:42:37 | 000,013,872 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.07.28 16:42:37 | 000,013,872 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.07.28 16:42:15 | 001,615,028 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.07.28 16:42:15 | 000,697,550 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.07.28 16:42:15 | 000,652,828 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.07.28 16:42:15 | 000,148,556 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.07.28 16:42:15 | 000,121,502 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.07.28 16:40:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.07.28 16:34:59 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.07.28 16:34:51 | 000,000,306 | ---- | M] () -- C:\Windows\tasks\Ovoquq.job [2013.07.28 16:34:08 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.07.28 16:34:05 | 3106,480,128 | -HS- | M] () -- C:\hiberfil.sys [2013.07.26 21:34:22 | 000,002,070 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2013.07.26 20:50:57 | 000,417,513 | ---- | M] () -- C:\Windows\SysNative\drivers\vsconfig.xml [2013.07.26 20:45:03 | 000,000,762 | ---- | M] () -- C:\Users\Public\Desktop\Firewall.lnk [2013.07.19 09:29:52 | 000,002,046 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk [2013.07.19 09:29:52 | 000,002,046 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2013.07.18 20:27:32 | 000,001,151 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2013.07.18 20:23:59 | 000,083,672 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avnetflt.sys [2013.07.18 20:16:55 | 000,002,155 | ---- | M] () -- C:\Windows\epplauncher.mif [2013.07.18 20:14:59 | 000,130,016 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys [2013.07.18 20:14:59 | 000,100,712 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys [2013.07.18 20:14:59 | 000,028,600 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys [2013.06.30 17:32:54 | 000,233,472 | RHS- | M] () -- C:\Windows\SysWow64\KBDVNTCU.dll [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.07.28 16:56:10 | 000,000,000 | ---- | C] () -- C:\Users\Sony\defogger_reenable [2013.07.26 20:46:24 | 000,417,513 | ---- | C] () -- C:\Windows\SysNative\drivers\vsconfig.xml [2013.07.26 20:45:03 | 000,000,762 | ---- | C] () -- C:\Users\Public\Desktop\Firewall.lnk [2013.07.19 08:48:06 | 000,002,046 | ---- | C] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk [2013.07.19 08:48:06 | 000,002,046 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2013.07.18 20:27:32 | 000,001,163 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk [2013.07.18 20:27:32 | 000,001,151 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2013.07.18 20:16:07 | 000,002,070 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2013.06.30 17:32:54 | 000,233,472 | RHS- | C] () -- C:\Windows\SysWow64\KBDVNTCU.dll [2013.06.30 17:32:54 | 000,000,306 | ---- | C] () -- C:\Windows\tasks\Ovoquq.job [2012.12.25 21:41:05 | 000,005,632 | ---- | C] () -- C:\Users\Sony\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.12.25 19:17:48 | 000,000,581 | ---- | C] () -- C:\Users\Sony\AppData\Local\cookies.ini [2012.06.20 20:33:22 | 000,000,086 | ---- | C] () -- C:\Windows\Map Viewer.INI [2011.07.30 15:19:40 | 000,000,000 | ---- | C] () -- C:\Users\Sony\AppData\Local\{E64E0D98-2AA3-4C4D-8F98-EE5EB72D3A3A} ========== ZeroAccess Check ========== [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:30:56 | 014,165,504 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.07.14 03:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2013.07.26 22:16:49 | 000,000,000 | ---D | M] -- C:\Users\Sony\AppData\Roaming\Auslogics [2013.07.26 20:41:01 | 000,000,000 | ---D | M] -- C:\Users\Sony\AppData\Roaming\Check Point Software Technologies LTD [2013.01.04 20:53:16 | 000,000,000 | ---D | M] -- C:\Users\Sony\AppData\Roaming\Garmin [2012.12.25 20:33:54 | 000,000,000 | ---D | M] -- C:\Users\Sony\AppData\Roaming\Iminent [2013.07.16 09:54:41 | 000,000,000 | ---D | M] -- C:\Users\Sony\AppData\Roaming\QuickScan [2012.06.07 11:14:33 | 000,000,000 | ---D | M] -- C:\Users\Sony\AppData\Roaming\RavensburgerTipToi [2013.07.28 14:22:18 | 000,000,000 | ---D | M] -- C:\Users\Sony\AppData\Roaming\SoftGrid Client [2010.12.27 12:50:04 | 000,000,000 | ---D | M] -- C:\Users\Sony\AppData\Roaming\TP [2012.06.20 20:33:21 | 000,000,000 | ---D | M] -- C:\Users\Sony\AppData\Roaming\Trimble [2012.06.20 18:53:59 | 000,000,000 | ---D | M] -- C:\Users\Sony\AppData\Roaming\Trimble Navigation [2011.07.30 19:33:43 | 000,000,000 | ---D | M] -- C:\Users\Sony\AppData\Roaming\Verbindungsassistent ========== Purity Check ========== < End of report > Und die Extras.txt OTL Extras logfile created on: 28.07.2013 17:23:05 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Sony\Downloads 64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,86 Gb Total Physical Memory | 1,86 Gb Available Physical Memory | 48,24% Memory free 7,71 Gb Paging File | 5,14 Gb Available in Paging File | 66,68% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 452,32 Gb Total Space | 378,47 Gb Free Space | 83,67% Space Free | Partition Type: NTFS Computer Name: SONY-VAIO | User Name: Sony | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) .html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{01DECC3E-10B2-457E-A1D5-B5714E92C4FD}" = lport=2869 | protocol=6 | dir=in | name=tcp 2869 | "{0DE6169C-4B69-4C15-BE04-3BE09470F301}" = lport=2869 | protocol=6 | dir=in | app=system | "{16CE647B-ED5B-49F3-897E-70DDC2315643}" = rport=137 | protocol=17 | dir=out | app=system | "{19D550C6-4C6E-449B-9919-37C9248BFC98}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{1B5A8219-74EF-40AB-A945-CFCA5EC2F711}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{1DD3E1EC-2BD7-457E-8B39-7F269F84CE51}" = lport=10301 | protocol=17 | dir=in | app=c:\program files (x86)\devolo\dlan\devolonetsvc.exe | "{1E049670-556A-4CBA-9C2C-F8738A933571}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{25FB918B-8D74-4F16-A4E2-A7D532C10076}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{26D46CA6-1526-4BF1-8111-1B6B0B0A3118}" = lport=445 | protocol=6 | dir=in | app=system | "{26E035E6-AA1F-4D4A-8416-2971EE0CC55E}" = lport=1900 | protocol=17 | dir=in | name=udp 1900 | "{2944A12A-2887-42C8-A206-42D61F5FC05E}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{32515284-69F9-4BDB-A842-212AD73FDC88}" = lport=139 | protocol=6 | dir=in | app=system | "{3400FBC5-3F3D-4A3C-A84A-DA6C2480046D}" = rport=139 | protocol=6 | dir=out | app=system | "{35955400-0FA7-489C-9CAC-539E25B40CD1}" = lport=10300 | protocol=6 | dir=in | app=c:\program files (x86)\devolo\dlan\devolonetsvc.exe | "{414234B2-0567-41D5-8789-6E2628B6502F}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 | "{4266C652-91D2-4225-9E11-61E03A2771B7}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{5DE368B3-B7B8-4607-8863-395C548517FF}" = lport=138 | protocol=17 | dir=in | app=system | "{5F9E09C9-09AE-414A-9D38-6DEC5541909F}" = lport=10243 | protocol=6 | dir=in | app=system | "{67D7BBFA-AA1F-47B4-BD06-932D7F6ACDA6}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{70A8D09B-D005-44C0-BDBB-CB54E1EB5833}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{7CEABEBF-FCBB-4B57-822F-45C2232938E7}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 | "{88FF1B39-939A-4D33-A6EC-3AD577D7F149}" = rport=445 | protocol=6 | dir=out | app=system | "{89E753A3-715A-469D-9CAA-C432D188CFDD}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe | "{90DB80F8-5017-468F-8596-F1C7C1E573F3}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{92AD1567-4A3C-4960-AF6E-0EF6392AA6CB}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{96D7ED9C-396D-4694-8F87-6539D9691DD4}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | "{9924F2C5-9BB7-4D92-A007-E019D20614BB}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{9FF5756E-EA2B-45DE-924E-F6E123FA4146}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{A05CAC77-612C-43D8-8EEE-F95368E31B53}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{A85D77C2-46A7-4D2D-8200-44157EB8101C}" = rport=10243 | protocol=6 | dir=out | app=system | "{AE302ED7-D40E-484D-8001-D03D24BA6813}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{AE788829-0D33-4024-AEA1-5C1BC5136470}" = lport=2869 | protocol=6 | dir=in | app=system | "{B91405F4-E7C0-4704-92B4-C60C0A863B9B}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{CFFBF487-C9A9-4E05-BDE0-7C1B80B7CBBD}" = lport=137 | protocol=17 | dir=in | app=system | "{D06ADE72-EF05-4937-9FA9-2670EAEC3984}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{D695D7A8-7B41-4587-829E-20FF1E77EE0D}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{DACCB72C-036E-4377-8F55-64EBBAC8CDC2}" = rport=138 | protocol=17 | dir=out | app=system | "{F48A5F1A-8483-4362-8C13-E2D9C906DBB6}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe | "{F80A0473-222E-4E53-B9E8-AB4E22447856}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{FBE588E4-7882-4558-89A6-E580A4F1D81A}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe | "{FD7144C4-18DB-422C-A71B-128772ADA295}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{00C69679-B639-4096-B377-B05618989333}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{01153877-B6AD-4889-BBAB-697A575B6937}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{16ACAA28-0951-49E0-9D32-251F6AE95B94}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{1BF00AAE-DB32-4E00-BAE0-6BF234288449}" = protocol=6 | dir=out | app=system | "{1E71CD3C-2050-415F-B5CA-74C2F0623E33}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe | "{1EA3E2FC-C9CB-44B0-B6D4-1B873CE0F118}" = dir=in | app=c:\program files (x86)\iminent\iminent.messengers.exe | "{25457B7C-8E80-41A1-91B3-3838BA63B088}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{289984D0-4D0A-49B8-B95D-2E3137635FC9}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{2C3386CA-37BB-4FF7-AEF5-14A43E64EFD1}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{2DC9BBBA-ED46-470F-A891-BB02DB7FBCEC}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{3EED13AF-E1AD-47F5-87D7-53745C76017B}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{3F3236A1-6FDF-4A46-9FFD-B955FA5722D2}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{537DA932-89AA-4A9E-8AA3-E74BC434591E}" = dir=in | app=c:\windows\system32\hasplms.exe | "{58B12467-0C1F-4E8C-9C86-7F1DD08F5469}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{621693C0-CA5C-42B5-9CF4-7B2A1A872FD0}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{683763DA-C197-4C8A-B752-D64D2F5BEDAB}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe | "{699DFA17-6587-4F27-99EF-55E0015792DA}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{6D9DD64B-8180-4350-AC8D-979D98D17592}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{6DF2285B-9CDD-44D7-922D-10C0C9026897}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{6E5A6B02-65D8-45BF-BFC7-0DF048CAED9D}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | "{78F30D6A-2B15-468F-A29C-94045FD00CD6}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{871DF2A5-A05B-4ABF-8654-BD8EB65835FA}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{91FD36C4-5D16-493A-9319-19B57AEF4E85}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{9261099D-BE4A-408B-BE32-2CBC29F9739A}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{930071D9-CC50-407A-B078-1DCD754202A5}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{99884BE7-ABD1-47D7-886B-59ECF938B4AE}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{9B3203D0-6AA4-4E4A-A170-78132B361C77}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{A62E1299-36E3-4166-B688-A36D5F7BC65C}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{A9193DD3-A519-4787-9730-3E8E531B2E81}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{AEE4D755-56C6-40D8-9DC6-5DA61E8B9E0A}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{B49AEF2A-B2BB-4A02-B2A0-C9EF69787D0A}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{B4CE8058-C59E-43C7-8654-E94C34A8C2B7}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{BA8C399F-A647-47CE-B054-F298887B3B21}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{C77457CB-5D24-4C5D-BCA6-9C48DD110367}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{C99A0489-9A1D-4E6B-A63C-3E843686EA6C}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{CFBE20F2-06C1-4231-9E77-B8314BD9B8EE}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{D02C8844-1E72-418A-B541-D8B2369E7AF7}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{D895E64F-042E-48AD-A906-E909FA1A78A3}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{DF97735B-CEF0-47AB-8136-99FF171CCF45}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{F28693F4-05D0-4666-AACB-3FD32054C02E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{F3AA1043-D683-4ED3-A509-7D74CFB6B05F}" = dir=in | app=c:\program files (x86)\iminent\iminent.exe | "{F5779F9D-D42A-4EA2-83E1-7B6CDC0F7099}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{F6577912-E884-4D3D-813B-844E0C41CAD6}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "TCP Query User{0D30EE18-6799-4336-9646-5D0BDD08E1B0}C:\program files (x86)\trimble\trimble business center - heavy construction edition\businesscenterhce.exe" = protocol=6 | dir=in | app=c:\program files (x86)\trimble\trimble business center - heavy construction edition\businesscenterhce.exe | "TCP Query User{15F390C3-8CF1-4CC9-82EA-05B0AC2A675B}C:\program files (x86)\trimble\synchronizer\trimble.officesync.exe" = protocol=6 | dir=in | app=c:\program files (x86)\trimble\synchronizer\trimble.officesync.exe | "UDP Query User{5EA371A8-8512-4CA8-BBE0-FA428EA5F3CE}C:\program files (x86)\trimble\trimble business center - heavy construction edition\businesscenterhce.exe" = protocol=17 | dir=in | app=c:\program files (x86)\trimble\trimble business center - heavy construction edition\businesscenterhce.exe | "UDP Query User{90691232-7F70-4B6A-9EDD-B8C106F7E05B}C:\program files (x86)\trimble\synchronizer\trimble.officesync.exe" = protocol=17 | dir=in | app=c:\program files (x86)\trimble\synchronizer\trimble.officesync.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64) "{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{10E14C74-0638-4996-ABAD-BBF7A6CF1FAA}" = PMB VAIO Edition plug-in (Click to Disc) "{115B60D5-BBDB-490E-AF2E-064D37A3CE01}" = Media Gallery "{1280E900-35DA-4E08-A700-B79A5B2B8532}" = Microsoft Antimalware Service DE-DE Language Pack "{1E37FC84-799E-481B-9462-3489861E36C9}" = PMB VAIO Edition plug-in (Click to Disc) "{202B76AB-1B21-434E-A289-788D767D3A7C}" = Media Gallery "{237D687E-9E50-4A30-B810-262764CC491B}" = Garmin Communicator Plugin x64 "{259FD439-13B0-0136-D0A0-FA89BB05831D}" = ccc-utility64 "{26A24AE4-039D-4CA4-87B4-2F86416020FF}" = Java(TM) 6 Update 20 (64-bit) "{27726449-83B8-428D-92DE-101346C1E15C}" = Microsoft Security Client "{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}" = WIDCOMM Bluetooth Software "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 "{4DABD2B3-B67A-41B0-86FE-C11AAF5D158A}" = PMB VAIO Edition plug-in (VAIO Movie Story) "{5AC18E2C-7EAB-4F9E-BEEC-07FD722B28E3}" = PMB VAIO Edition plug-in (VAIO Movie Story) "{5AFD1F5C-8FDA-413C-AF38-F1E7BD10D72F}" = VAIO Media plus "{5BC83141-83DD-07BE-C940-04B385540F04}" = ATI Catalyst Install Manager "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}" = Windows Mobile-Gerätecenter "{6B7DE186-374B-4873-AEC1-7464DA337DD6}" = VU5x64 "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended "{90140000-006D-0407-1000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010 "{92DBCA36-9B41-4DD1-941A-AED149DD37F0}" = Windows Mobile-Gerätecenter: Treiberupdate "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{A3D964A6-411A-4817-9D58-5CB8808F494E}" = VAIO Media plus "{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64) "{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 "{DC911ADF-7B60-40F2-A112-FB1EB6402D07}" = Microsoft Security Client DE-DE Language Pack "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended "Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack "Microsoft Security Client" = Microsoft Security Essentials "SynTPDeinstKey" = Synaptics Pointing Device Driver [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{00B03993-F5A1-47B1-9C54-EC8FBDDDE17E}" = VAIO Care "{07441A52-E208-478A-92B7-5C337CA8C131}" = Remote Play mit PlayStation®3 "{07B7598E-1FB8-1A95-7A30-F534A55726B4}" = CCC Help Czech "{0899D75A-C2FC-42EA-A702-5B9A5F24EAD5}" = VAIO Smart Network "{0F4BDDAC-9C21-45CA-8E8A-4449E2656948}" = ZoneAlarm Antivirus "{159E5135-4BEA-52B7-8CDC-823F1ED6D8A5}" = CCC Help Spanish "{177AF091-7854-4615-8327-AC7518F62782}" = VAIO Media plus "{17DFE37C-064E-4834-AD8F-A4B2B4DF68F8}" = Adobe Photoshop Elements 8.0 "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{1873FFC1-FDCB-47E1-B7C7-F418211E3530}" = PMB VAIO Edition plug-in (VAIO Image Optimizer) "{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser "{20536917-E2DF-45D9-B41F-9AC0CAFFE48A}" = Media Gallery "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{265F0D95-A883-7162-0458-B78085B6B693}" = Catalyst Control Center Graphics Light "{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 25 "{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1 "{2F9D63BE-A891-4E39-AFB3-7402D486800C}" = VAIO Hardware Diagnostics "{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform "{339F9B4D-00CB-4C1C-BED8-EC86A9AB602A}" = PMB VAIO Edition Guide "{35111E7A-03B9-25EC-F434-A1CD976907FC}" = CCC Help Chinese Traditional "{36C5BBF0-E5BF-4DE1-B684-7E90B0C93FB5}" = VAIO Care "{3DB5EA77-4A14-4EC9-8BFC-73BC848BDE73}" = Media Gallery "{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology "{3E3A2325-7712-454A-AC84-7816C3F69C3D}" = ZoneAlarm Firewall "{40C4903E-EDFB-4CAE-A611-41FEBA585921}" = VTech Download Agent Library "{41564952-412D-5637-00A7-A758B70C0202}" = Avira SearchFree Toolbar plus Web Protection "{427E8AD0-A4B1-D225-836E-CCB6068B490A}" = CCC Help French "{44D25B45-5C0E-2187-6739-E2FA0E8AFE1D}" = CCC Help Portuguese "{4685A344-6718-4923-AA9D-158A0A2E1CFB}" = SmartSound Quicktracks for Premiere Elements 8.0 "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4B9DA746-5AE1-4BA0-9087-BDB162242890}" = VAIO Media plus "{4DCEA9C1-4D6E-41BF-A854-28CFA8B56DBF}" = PMB VAIO Edition plug-in (Click to Disc) "{4E6DF745-C99E-909F-BCF0-B7C24A51E56E}" = CCC Help Japanese "{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent "{52F9CDDA-26F6-4499-90E0-6DDDE6D2259C}" = VAIO Media plus "{5449FB4F-1802-4D5B-A6D8-087DB1142147}" = Realtek HDMI Audio Driver for ATI "{547C9EB4-4CA6-402F-9D1B-8BD30DC71E44}" = VAIO Sample Contents "{5736590B-36C7-4881-5EBE-F9B390F00774}" = Catalyst Control Center Core Implementation "{57B955CE-B5D3-495D-AF1B-FAEE0540BFEF}" = VAIO Data Restore Tool "{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync "{58BC9E49-2867-4153-A23F-6D62A3572599}" = Iminent "{596BED91-A1D8-4DF1-8CD1-1C777F7588AC}" = VAIO DVD Menu Data "{59C832EB-735F-4D89-9DBA-ECDB66A24FCF}" = funkwerk Eumex 401 TAPI V1.00 "{5A92468F-3ED8-4F96-A9E1-4F176C80EC29}" = VAIO Quick Web Access "{5DDAFB4B-C52E-468A-9E23-3B0CEEB671BF}" = VAIO-Support für Übertragungen "{619387A7-F174-457C-9A4F-AB68D928D1A2}" = funkwerk Eumex 401 WIN-Tools V2.00 "{61F569A3-1647-B6F4-08C8-40A011831827}" = CCC Help English "{647BB978-2876-487B-9B0E-FDB73F0EA4A2}" = Garmin Communicator Plugin "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components "{65B138AE-F636-4D4C-BA5D-A06E21E47C53}" = Remote-Tastatur mit PlayStation 3 "{6A3F204B-323C-7E32-F890-A7308768728D}" = CCC Help Russian "{6FA8BA2C-052B-4072-B8E2-2302C268BE9E}" = VAIO Movie Story Template Data "{7002773F-2A53-E9F2-E161-DB3DDA0F05BE}" = CCC Help Hungarian "{70991E0A-1108-437E-BA7D-085702C670C0}" = "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{72042FA6-5609-489F-A8EA-3C2DD650F667}" = VAIO Control Center "{734B6C6C-4740-476F-BB0C-F7AF469EDBB2}" = Remote Play with PlayStation 3 "{76DECE17-BCF5-9640-2854-3CA049834A40}" = CCC Help Chinese Standard "{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime "{7A63F0C4-6B2B-694C-ED72-D0670612BC29}" = CCC Help Swedish "{7BB90344-0647-468E-925A-7F69F7983421}" = ArcSoft Magic-i Visual Effects 2 "{803E4FA5-A940-4420-B89D-A8BC2E160247}" = "{8211C280-5B02-4E7E-B55F-845A207249BA}" = VAIO Data Restore Tool "{82F09B1C-F602-4552-9C40-5BD5F8EAF750}" = "{850C7BD3-9F3F-46AD-9396-E7985B38C55E}" = Windows Live Fotogalerie "{855DDD3C-131E-42A8-BCBD-F9581F80CACB}" = "{88001121-87E2-2104-F9F5-ECC15DFCA1E0}" = Catalyst Control Center Graphics Full Existing "{8DE50158-80AA-4FF2-9E9F-0A7C46F71FCD}" = VAIO Media plus "{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update "{8EB34C0B-AF54-F265-844C-3E6FA9AE2FCD}" = CCC Help German "{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch "{9238E8A4-BEBA-43A3-B926-769BDBF194C5}" = VAIO Media plus Opening Movie "{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010 "{9A7172F1-66F1-603F-7E54-35EBB9F6E2EC}" = dLAN Cockpit "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9C73041C-AB71-995D-EEC7-B4E940F93F36}" = CCC Help Finnish "{9D12A8B5-9D41-4465-BF11-70719EB0CD02}" = VU5x86 "{9FF95DA2-7DA1-4228-93B7-DED7EC02B6B2}" = VAIO Update "{A0E583D1-23F7-4C35-9620-B169D7715E4B}" = Adobe Premiere Elements 8.0 "{A20548C1-4B08-C41D-A3A8-FE8C933C2A00}" = Catalyst Control Center InstallProxy "{A7C30414-2382-4086-B0D6-01A88ABA21C3}" = VAIO Gate "{A7DA438C-2E43-4C20-BFDA-C1F4A6208558}" = "{A8D53A4E-77A1-E23E-A396-6D9C86A2F273}" = Catalyst Control Center Graphics Full New "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.03) - Deutsch "{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger "{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR "{B25563A0-41F4-4A81-A6C1-6DBC0911B1F3}" = PMB VAIO Edition plug-in (VAIO Movie Story) "{B2F21D11-631B-33C2-8E1A-73EA57FDFE33}" = Microsoft ReportViewer 2010 Redistributable - Language Pack - deu "{B6A98E5F-D6A7-46FB-9E9D-1F7BF443491C}" = PMB "{B7546697-2A80-4256-A24B-1C33163F535B}" = VAIO Gate Default "{B941F34C-F36A-4A6F-A97C-50B5948E451F}" = VAIO Media plus "{BFF37C6E-D735-4487-390C-271E030AA62C}" = CCC Help Italian "{C2E171F6-9B58-4CE1-7B8B-B69FA04EBAB8}" = Catalyst Control Center Graphics Previews Vista "{C36D1DB0-7343-44C3-BC57-3B9C06325399}" = Sentinel HASP Vendor Library "{C459D829-0FF0-C210-B2BF-83DB63FC1D61}" = CCC Help Korean "{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail "{C5529BC1-C2BF-44E8-B62A-01913D70081C}" = Catalyst Control Center - Branding "{C6E893E7-E5EA-4CD5-917C-5443E753FCBD}" = VAIO-Handbuch "{C7477742-DDB4-43E5-AC8D-0259E1E661B1}" = "{C83B7CBB-C736-BF46-9832-7A9D07E9D94C}" = CCC Help Polish "{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials "{CFB66DB0-00AC-4CBC-B99D-99EFEB03743C}" = PMB VAIO Edition plug-in (Click to Disc) "{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call "{D2D23D08-D10E-43D6-883C-78E0B2AC9CC6}" = VU5x86 "{D49989B0-7BC2-F7F1-8017-3257F617347A}" = Catalyst Control Center Graphics Previews Common "{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}" = Intel(R) Turbo Boost Technology Driver "{D6DEC295-88A0-5CFA-0B29-C8FDF091FFD3}" = CCC Help Dutch "{D8FF4505-5977-4116-8DE4-2AF7174E70AC}" = Media Gallery "{DD88F979-FA58-41AC-980C-A6E1A82B61D9}" = VAIO - Media Gallery "{DE8AAC73-6D8D-483E-96EA-CAEDDADB9079}" = ArcSoft WebCam Companion 3 "{DF693121-40C0-3020-D655-612E51616423}" = CCC Help Danish "{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer "{E63014A6-9E7B-46A5-B9FE-6E4B76072D1F}" = ZoneAlarm Security "{EBDDC3CC-343A-C0DD-79BA-8A12D0A2CA10}" = CCC Help Turkish "{ECF0D151-BCA0-8E6D-62DB-5D44DB4A3836}" = CCC Help Thai "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10 "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F1B95046-E9DA-CFEC-42A8-C8224646AA32}" = ccc-core-static "{F30FE437-0E45-D409-F629-5D86960A6591}" = CCC Help Norwegian "{F5CC9A13-6C57-4948-75A8-3A2C92A3183B}" = Catalyst Control Center Localization All "{F67C14C0-D73E-C55B-E132-B1904A1A709C}" = CCC Help Greek "{F761359C-9CED-45AE-9A51-9D6605CD55C4}" = Evernote "{F7E8DD1D-9BFD-38BB-86A5-BEF313B00C51}" = Catalyst Control Center InstallProxy "{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center "{FB77DB0C-6951-47B6-9D80-A0FDBEE0334C}" = "{FBB4411F-1328-4E36-A5B3-16AA8CFA8F9C}" = PMB VAIO Edition plug-in (VAIO Movie Story) "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Adobe Photoshop Elements 8.0" = Adobe Photoshop Elements 8.0 "Avira AntiVir Desktop" = Avira Free Antivirus "dlancockpit" = devolo dLAN Cockpit "FormatFactory" = FormatFactory 3.0.1 "Google Chrome" = Google Chrome "IMBoosterARP" = Iminent "InstallShield_{1873FFC1-FDCB-47E1-B7C7-F418211E3530}" = VAIO - PMB VAIO Edition plug-in (VAIO Image Optimizer) "InstallShield_{339F9B4D-00CB-4C1C-BED8-EC86A9AB602A}" = VAIO - PMB VAIO Edition Guide "InstallShield_{4685A344-6718-4923-AA9D-158A0A2E1CFB}" = SmartSound Quicktracks for Premiere Elements 8.0 "InstallShield_{4DCEA9C1-4D6E-41BF-A854-28CFA8B56DBF}" = VAIO - PMB VAIO Edition plug-in (Click to Disc) "InstallShield_{619387A7-F174-457C-9A4F-AB68D928D1A2}" = funkwerk Eumex 401 WIN-Tools V2.00 "InstallShield_{6FA8BA2C-052B-4072-B8E2-2302C268BE9E}" = VAIO Movie Story Template Data "InstallShield_{B25563A0-41F4-4A81-A6C1-6DBC0911B1F3}" = VAIO - PMB VAIO Edition plug-in (VAIO Movie Story) "McAfee Security Scan" = McAfee Security Scan Plus "Mozilla Firefox 22.0 (x86 de)" = Mozilla Firefox 22.0 (x86 de) "MozillaMaintenanceService" = Mozilla Maintenance Service "Office14.Click2Run" = Microsoft Office Klick-und-Los 2010 "PremElem80" = Adobe Premiere Elements 8.0 "Ravensburger tiptoi" = Ravensburger tiptoi "RealPlayer 12.0" = RealPlayer "splashtop" = VAIO Quick Web Access "VAIO Help and Support" = "VAIO screensaver" = VAIO screensaver "Verbindungsassistent" = Verbindungsassistent "VTechDownloadManager" = VTech Download Manager "WinLiveSuite_Wave3" = Windows Live Essentials "ZoneAlarm Free Antivirus + Firewall" = ZoneAlarm Free Antivirus + Firewall "ZoneAlarm Security Toolbar" = ZoneAlarm Security Toolbar ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 27.07.2013 02:14:01 | Computer Name = Sony-VAIO | Source = Application Virtualization Client | ID = 5009 Description = {hap=13:app=Microsoft Word Starter 2010 9014006604070000:tid=1E0C:usr=Sony} Application Virtualization Client konnte keine Verbindung mit der Datenstrom-URL 'hxxp://c2r.microsoft.com/ConsumerC2R/de-de/14.0.4763.1000/ConsumerC2R.de-de_14.0.6137.5006.sft' herstellen (Rückgabecode 00000729-00000020, ursprünglicher Rückgabecode 00000729-00000020). Error - 27.07.2013 02:14:01 | Computer Name = Sony-VAIO | Source = Application Virtualization Client | ID = 3008 Description = {hap=13:app=Microsoft Word Starter 2010 9014006604070000:tid=1E0C:usr=Sony} Der Client konnte keine Verbindung mit Application Virtualization Server herstellen (Rückgabecode 00000729-00000020). Error - 27.07.2013 02:14:25 | Computer Name = Sony-VAIO | Source = Application Virtualization Client | ID = 5009 Description = {hap=14:app=Microsoft Word Starter 2010 9014006604070000:tid=119C:usr=Sony} Application Virtualization Client konnte keine Verbindung mit der Datenstrom-URL 'hxxp://c2r.microsoft.com/ConsumerC2R/de-de/14.0.4763.1000/ConsumerC2R.de-de_14.0.6137.5006.sft' herstellen (Rückgabecode 00000729-00000020, ursprünglicher Rückgabecode 00000729-00000020). Error - 27.07.2013 02:14:25 | Computer Name = Sony-VAIO | Source = Application Virtualization Client | ID = 3008 Description = {hap=14:app=Microsoft Word Starter 2010 9014006604070000:tid=119C:usr=Sony} Der Client konnte keine Verbindung mit Application Virtualization Server herstellen (Rückgabecode 00000729-00000020). Error - 27.07.2013 04:15:14 | Computer Name = Sony-VAIO | Source = Customer Experience Improvement Program | ID = 1006 Description = Error - 27.07.2013 05:00:01 | Computer Name = Sony-VAIO | Source = Customer Experience Improvement Program | ID = 1006 Description = Error - 28.07.2013 01:10:58 | Computer Name = Sony-VAIO | Source = Customer Experience Improvement Program | ID = 1006 Description = Error - 28.07.2013 03:08:37 | Computer Name = Sony-VAIO | Source = SideBySide | ID = 16842832 Description = Fehler beim Generieren des Aktivierungskontexts für "c:\Users\Sony\downloads\SoftonicDownloader_fuer_format-factory.exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest. Komponente 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest. Error - 28.07.2013 07:29:23 | Computer Name = Sony-VAIO | Source = SideBySide | ID = 16842832 Description = Fehler beim Generieren des Aktivierungskontexts für "D:\Downloads\SoftonicDownloader_fuer_format-factory.exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest. Komponente 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest. Error - 28.07.2013 10:35:17 | Computer Name = Sony-VAIO | Source = Iminent | ID = 0 Description = [ Media Center Events ] Error - 04.12.2012 08:40:45 | Computer Name = Sony-VAIO | Source = MCUpdate | ID = 0 Description = 13:40:45 - Fehler beim Herstellen der Internetverbindung. 13:40:45 - Serververbindung konnte nicht hergestellt werden.. Error - 04.12.2012 08:41:01 | Computer Name = Sony-VAIO | Source = MCUpdate | ID = 0 Description = 13:40:51 - Fehler beim Herstellen der Internetverbindung. 13:40:51 - Serververbindung konnte nicht hergestellt werden.. [ System Events ] Error - 11.07.2013 11:48:30 | Computer Name = Sony-VAIO | Source = EventLog | ID = 6008 Description = Das System wurde zuvor am ?11.?07.?2013 um 12:55:13 unerwartet heruntergefahren. Error - 12.07.2013 02:32:01 | Computer Name = Sony-VAIO | Source = WMPNetworkSvc | ID = 866300 Description = Error - 13.07.2013 04:56:09 | Computer Name = Sony-VAIO | Source = Service Control Manager | ID = 7034 Description = Dienst "Google Update Service (gupdate)" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Error - 13.07.2013 06:39:50 | Computer Name = Sony-VAIO | Source = DCOM | ID = 10010 Description = Error - 18.07.2013 14:27:22 | Computer Name = Sony-VAIO | Source = Service Control Manager | ID = 7022 Description = Der Dienst "VAIO Care Performance Service" wurde nicht richtig gestartet. Error - 20.07.2013 13:35:33 | Computer Name = Sony-VAIO | Source = EventLog | ID = 6008 Description = Das System wurde zuvor am ?20.?07.?2013 um 19:33:04 unerwartet heruntergefahren. Error - 25.07.2013 02:32:20 | Computer Name = Sony-VAIO | Source = WMPNetworkSvc | ID = 866300 Description = Error - 26.07.2013 14:46:38 | Computer Name = Sony-VAIO | Source = Service Control Manager | ID = 7030 Description = Der Dienst "TrueVector Internet Monitor" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren. Error - 27.07.2013 03:08:33 | Computer Name = Sony-VAIO | Source = Disk | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden. Error - 27.07.2013 03:08:35 | Computer Name = Sony-VAIO | Source = Disk | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden. < End of report > Und die gmer.txt GMER 2.1.19163 - hxxp://www.gmer.net Rootkit scan 2013-07-28 18:24:26 Windows 6.1.7600 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 Hitachi_ rev.PB4O 465,76GB Running: gmer_2.1.19163.exe; Driver: C:\Users\Sony\AppData\Local\Temp\kxliipob.sys ---- User code sections - GMER 2.1 ---- .text C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe[1532] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076d21465 2 bytes [D2, 76] .text C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe[1532] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076d214bb 2 bytes [D2, 76] .text ... * 2 .text C:\Windows\SysWOW64\RunDll32.exe[2108] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076d21465 2 bytes [D2, 76] .text C:\Windows\SysWOW64\RunDll32.exe[2108] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076d214bb 2 bytes [D2, 76] .text ... * 2 .text C:\Program Files (x86)\funkwerk WIN-Tools\Eumex 401 WIN-Tools V2.00\ControlCenter.exe[3068] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076d21465 2 bytes [D2, 76] .text C:\Program Files (x86)\funkwerk WIN-Tools\Eumex 401 WIN-Tools V2.00\ControlCenter.exe[3068] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076d214bb 2 bytes [D2, 76] .text ... * 2 .text C:\Program Files (x86)\VTech\DownloadManager\System\AgentMonitor.exe[3180] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076d21465 2 bytes [D2, 76] .text C:\Program Files (x86)\VTech\DownloadManager\System\AgentMonitor.exe[3180] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076d214bb 2 bytes [D2, 76] .text ... * 2 .text C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe[3512] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076d21465 2 bytes [D2, 76] .text C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe[3512] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076d214bb 2 bytes [D2, 76] .text ... * 2 .text C:\Program Files (x86)\Common Files\Umbrella\Umbrella.exe[3908] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076d21465 2 bytes [D2, 76] .text C:\Program Files (x86)\Common Files\Umbrella\Umbrella.exe[3908] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076d214bb 2 bytes [D2, 76] .text ... * 2 .text C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe[2980] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076d21465 2 bytes [D2, 76] .text C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe[2980] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076d214bb 2 bytes [D2, 76] .text ... * 2 .text C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe[4224] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076d21465 2 bytes [D2, 76] .text C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe[4224] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076d214bb 2 bytes [D2, 76] .text ... * 2 .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[4756] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076d21465 2 bytes [D2, 76] .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[4756] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076d214bb 2 bytes [D2, 76] .text ... * 2 .text C:\Users\Sony\Downloads\gmer_2.1.19163.exe[5276] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076d21465 2 bytes [D2, 76] .text C:\Users\Sony\Downloads\gmer_2.1.19163.exe[5276] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076d214bb 2 bytes [D2, 76] .text ... * 2 ---- Threads - GMER 2.1 ---- Thread C:\Windows\SysWOW64\rundll32.exe [2412:2660] 00000000002af090 Thread C:\Windows\SysWOW64\rundll32.exe [2412:2664] 0000000000183a80 Thread C:\Windows\SysWOW64\rundll32.exe [2412:2460] 0000000000183a10 Thread C:\Windows\SysWOW64\rundll32.exe [2412:6964] 00000000004d96b7 Thread C:\Windows\SysWOW64\rundll32.exe [2412:6940] 00000000004d6874 Thread C:\Windows\SysWOW64\rundll32.exe [2412:6984] 00000000004d6dbc ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0c6076a27abb Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\c0cb38fe8018 Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\f07bcbe79202 Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0c6076a27abb (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\c0cb38fe8018 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\f07bcbe79202 (not active ControlSet) ---- EOF - GMER 2.1 ---- Falls ich noch irgendwas ergänzen muss, bin ich für jeden Hinweis dankbar.  im Vorfeldalbertoknox |
Baum-Darstellung