![]() |
Plagegeister aller Art und deren Bekämpfung: Trojahner kann nicht gelöscht werden. Googleseiten lassen sich nicht öffnenWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
![]() |
![]() | #1 |
| ![]() Trojahner kann nicht gelöscht werden. Googleseiten lassen sich nicht öffnen Hallo, lasse gerade OTL und Maleware durchlaufen. Ich habe lt. Maleware 14 Trojahner auf meinem Rechner und ich weiß nicht wie ich sie los werden soll:-( Ich kann keine googleseiten mehr aufrufen, da werde ich auf komische andere weitergeleitet... Leider habe ich keine besondere Ahnung von Computern. Kann mir jemand helfen??? Das wäre super! Danke:-) Hier mein OTL Bericht: OTL Logfile: Code:
ATTFilter OTL logfile created on: 29.07.2010 09:40:55 - Run 1 OTL by OldTimer - Version Folder = C:\Users\user\Downloads Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18928) Locale: ??? | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 42,00% Memory free 6,00 Gb Paging File | 4,00 Gb Available in Paging File | 67,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 176,29 Gb Total Space | 40,27 Gb Free Space | 22,84% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: USER-PC Current User Name: user Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Users\user\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Programme\Mozilla Firefox\plugin-container.exe (Mozilla Corporation) PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Users\user\AppData\Local\Temp\Ejd.exe (ConeXware, Inc.) PRC - C:\Programme\McAfee.com\Agent\mcagent.exe (McAfee, Inc.) PRC - C:\Programme\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) PRC - C:\Programme\DivX\DivX Update\DivXUpdate.exe () PRC - C:\Programme\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) PRC - C:\Programme\Common Files\Mcafee\SystemCore\mfefire.exe (McAfee, Inc.) PRC - C:\Programme\Common Files\Mcafee\SystemCore\mcshield.exe (McAfee, Inc.) PRC - C:\Programme\Common Files\Mcafee\SystemCore\mfevtps.exe (McAfee, Inc.) PRC - C:\Programme\Microsoft Office\Office12\WINWORD.EXE (Microsoft Corporation) PRC - C:\Programme\Mozilla Thunderbird\thunderbird.exe (Mozilla Corporation) PRC - C:\Programme\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe (Research In Motion Limited) PRC - C:\Programme\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.) PRC - C:\Programme\Application Updater\ApplicationUpdater.exe (Spigot, Inc.) PRC - C:\Programme\dvd43\DVD43_Tray.exe () PRC - C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe () PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Windows\System32\conime.exe (Microsoft Corporation) PRC - C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation) PRC - C:\Programme\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation) PRC - C:\Programme\Sony\VAIO Update 4\VAIOUpdt.exe (Sony Corporation) PRC - C:\Programme\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe (Vodafone) PRC - C:\Programme\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe (Vodafone) PRC - C:\Programme\Sony\Marketing Tools\MarketingTools.exe (Sony NSCE) PRC - C:\Programme\Duden\Duden Korrektor\DKTray.exe (Expert System S.p.A.) PRC - C:\Programme\Office-Bibliothek\officebib.exe (Bibliographisches Institut & F. A. Brockhaus AG) PRC - C:\Programme\Duden\Duden Korrektor\DKCore.exe (Expert System S.p.A.) PRC - C:\Programme\Sony\VAIO Power Management\SPMgr.exe (Sony Corporation) PRC - C:\Programme\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe (Sony Corporation) PRC - C:\Programme\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation) PRC - C:\Programme\Sony\VAIO Event Service\VESMgrSub.exe (Sony Corporation) PRC - C:\Programme\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe (Sony Corporation) PRC - C:\Programme\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe (Sony Corporation) PRC - C:\Programme\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe (Sony Corporation) PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation) PRC - C:\Programme\Sony\ISB Utility\ISBMgr.exe (Sony Corporation) PRC - C:\Programme\ArcSoft\Magic-i Visual Effects\uCamMonitor.exe (ArcSoft, Inc.) PRC - C:\Programme\WIDCOMM\Bluetooth Software\BTStackServer.exe (Broadcom Corporation.) PRC - C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.) PRC - C:\Programme\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe () PRC - C:\Programme\Sony\Wireless Switch Setting Utility\Switcher.exe (Sony Corporation) PRC - C:\Programme\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo) ========== Modules (SafeList) ========== MOD - C:\Users\user\Downloads\OTL.exe (OldTimer Tools) MOD - c:\Programme\McAfee\SiteAdvisor\sahook.dll (McAfee, Inc.) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation) MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) SRV - (mfefire) -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe (McAfee, Inc.) SRV - (McShield) -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe () SRV - (mfevtp) -- C:\Programme\Common Files\Mcafee\SystemCore\mfevtps.exe (McAfee, Inc.) SRV - (McODS) -- C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.) SRV - (WPFFontCache_v0400) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (McProxy) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.) SRV - (McNASvc) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.) SRV - (McNaiAnn) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.) SRV - (mcmscsvc) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.) SRV - (McMPFSvc) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.) SRV - (McAfee SiteAdvisor Service) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.) SRV - (Application Updater) -- C:\Program Files\Application Updater\ApplicationUpdater.exe (Spigot, Inc.) SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation) SRV - (OMSI download service) -- C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe () SRV - (VMCService) -- C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe (Vodafone) SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.) SRV - (SOHDs) -- C:\Program Files\Sony\VAIO Media plus\SOHDs.exe (Sony Corporation) SRV - (SOHDms) -- C:\Program Files\Sony\VAIO Media plus\SOHDms.exe (Sony Corporation) SRV - (SOHCImp) -- C:\Program Files\Sony\VAIO Media plus\SOHCImp.exe (Sony Corporation) SRV - (VcmIAlzMgr) -- C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe (Sony Corporation) SRV - (VcmXmlIfHelper) -- C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe (Sony Corporation) SRV - (VAIO Event Service) -- C:\Programme\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation) SRV - (VzFw) -- C:\Programme\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe (Sony Corporation) SRV - (VAIO Entertainment TV Device Arbitration Service) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe (Sony Corporation) SRV - (VzCdbSvc) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe (Sony Corporation) SRV - (Vcsw) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe (Sony Corporation) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (SPTISRV) -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe (Sony Corporation) SRV - (MSCSPTISRV) -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe (Sony Corporation) SRV - (PACSPTISVR) -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe (Sony Corporation) SRV - (uCamMonitor) -- C:\Programme\ArcSoft\Magic-i Visual Effects\uCamMonitor.exe (ArcSoft, Inc.) SRV - (AdobeActiveFileMonitor6.0) -- C:\Programme\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe () SRV - (IviRegMgr) -- C:\Programme\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo) ========== Driver Services (SafeList) ========== DRV - (UIUSys) -- C:\Windows\System32\DRIVERS\UIUSYS.SYS File not found DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found DRV - (igfx) -- C:\Windows\System32\DRIVERS\igdkmd32.sys File not found DRV - (MBAMSwissArmy) -- C:\Windows\System32\drivers\mbamswissarmy.sys (Malwarebytes Corporation) DRV - (mfehidk) -- C:\Windows\system32\drivers\mfehidk.sys (McAfee, Inc.) DRV - (mfefirek) -- C:\Windows\System32\drivers\mfefirek.sys (McAfee, Inc.) DRV - (mfewfpk) -- C:\Windows\System32\drivers\mfewfpk.sys (McAfee, Inc.) DRV - (mfeavfk) -- C:\Windows\System32\drivers\mfeavfk.sys (McAfee, Inc.) DRV - (mfeapfk) -- C:\Windows\System32\drivers\mfeapfk.sys (McAfee, Inc.) DRV - (mferkdet) -- C:\Windows\System32\drivers\mferkdet.sys (McAfee, Inc.) DRV - (mfenlfk) -- C:\Windows\System32\drivers\mfenlfk.sys (McAfee, Inc.) DRV - (cfwids) -- C:\Windows\System32\drivers\cfwids.sys (McAfee, Inc.) DRV - (mfebopk) -- C:\Windows\System32\drivers\mfebopk.sys (McAfee, Inc.) DRV - (dvd43llh) -- C:\Windows\System32\drivers\dvd43llh.sys (RIF) DRV - (atksgt) -- C:\Windows\System32\drivers\atksgt.sys () DRV - (lirsgt) -- C:\Windows\System32\drivers\lirsgt.sys () DRV - (s0016unic) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM) -- C:\Windows\System32\drivers\s0016unic.sys (MCCI Corporation) DRV - (s0016nd5) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS) -- C:\Windows\System32\drivers\s0016nd5.sys (MCCI Corporation) DRV - (s0016mdfl) -- C:\Windows\System32\drivers\s0016mdfl.sys (MCCI Corporation) DRV - (s0016mdm) -- C:\Windows\System32\drivers\s0016mdm.sys (MCCI Corporation) DRV - (s0016mgmt) Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM) -- C:\Windows\System32\drivers\s0016mgmt.sys (MCCI Corporation) DRV - (s0016obex) -- C:\Windows\System32\drivers\s0016obex.sys (MCCI Corporation) DRV - (s0016bus) Sony Ericsson Device 0016 driver (WDM) -- C:\Windows\System32\drivers\s0016bus.sys (MCCI Corporation) DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.) DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.) DRV - (R5U870FLx86) -- C:\Windows\System32\drivers\R5U870FLx86.sys (Ricoh) DRV - (R5U870FUx86) -- C:\Windows\System32\drivers\R5U870FUx86.sys (Ricoh) DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.) DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.) DRV - (HSF_DPV) -- C:\Windows\System32\drivers\HSX_DPV.sys (Conexant Systems, Inc.) DRV - (winachsf) -- C:\Windows\System32\drivers\HSX_CNXT.sys (Conexant Systems, Inc.) DRV - (HSXHWAZL) -- C:\Windows\System32\drivers\HSXHWAZL.sys (Conexant Systems, Inc.) DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation ) DRV - (btwrchid) -- C:\Windows\System32\drivers\btwrchid.sys (Broadcom Corporation.) DRV - (btwavdt) -- C:\Windows\System32\drivers\btwavdt.sys (Broadcom Corporation.) DRV - (btwaudio) -- C:\Windows\System32\drivers\btwaudio.sys (Broadcom Corporation.) DRV - (btwl2cap) -- C:\Windows\System32\drivers\btwl2cap.sys (Broadcom Corporation.) DRV - (ArcSoftKsUFilter) -- C:\Windows\System32\drivers\ArcSoftKsUFilter.sys (ArcSoft, Inc.) DRV - (MegaSR) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.) DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.) DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation) DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.) DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems) DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company) DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.) DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic) DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation) DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation) DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.) DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation) DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd) DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.) DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic) DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic) DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.) DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex) DRV - (HSFHWAZL) -- C:\Windows\System32\drivers\VSTAZL3.SYS (Conexant Systems, Inc.) DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.) DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation) DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation) DRV - (NETw3v32) Intel(R) -- C:\Windows\System32\drivers\NETw3v32.sys (Intel Corporation) DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.) DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.) DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.) DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.) DRV - (SFEP) -- C:\Windows\System32\drivers\SFEP.sys (Sony Corporation) DRV - (DMICall) -- C:\Windows\System32\drivers\DMICall.sys (Sony Corporation) DRV - (ti21sony) -- C:\Windows\System32\drivers\ti21sony.sys (Texas Instruments) DRV - (NETw4v32) Intel(R) -- C:\Windows\System32\drivers\NETw4v32.sys (Intel Corporation) DRV - (WimFltr) -- C:\Windows\System32\drivers\WimFltr.sys (Microsoft Corporation) DRV - (regi) -- C:\Windows\System32\drivers\regi.sys (InterVideo) DRV - (SynTP) -- C:\Windows\System32\drivers\SynTP.sys (Synaptics, Inc.) DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation) DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.) DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation) DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH) DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.) DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.) DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.) DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic) DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic) DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation) DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic) DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.) DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.) DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.) DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.) DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.) DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.) DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.club-vaio.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.club-vaio.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [Binary data over 100 bytes] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.club-vaio.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Programme\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) IE - HKCU\..\URLSearchHook: {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Programme\YouTube Downloader Toolbar\SearchSettings.dll (Spigot, Inc.) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Yahoo" FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=867034" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..extensions.enabledItems: twitternotifier@naan.net: FF - prefs.js..extensions.enabledItems: linkfilter@kaspersky.ru: FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com: FF - prefs.js..extensions.enabledItems: {9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e}:3.74 FF - prefs.js..keyword.URL: "hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=867034&p=" FF - HKLM\software\mozilla\Firefox\Extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files\Google\Google Gears\Firefox\ [2010.03.06 10:17:33 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010.04.02 19:45:41 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2010.06.23 18:38:54 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.07.28 18:46:13 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.07.28 18:46:13 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010.06.23 10:46:01 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2010.07.19 09:03:18 | 000,000,000 | ---D | M] [2009.02.21 10:27:21 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\mozilla\Extensions [2010.07.28 18:56:22 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\4lj2hhm2.default\extensions [2010.04.10 09:52:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\4lj2hhm2.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E} [2009.07.04 08:17:23 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\4lj2hhm2.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.04.05 17:41:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\4lj2hhm2.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822} [2010.02.06 10:27:41 | 000,000,000 | ---D | M] (Noia 2.0 (eXtreme)) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\4lj2hhm2.default\extensions\{9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e} [2010.03.08 22:47:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\4lj2hhm2.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7} [2009.06.30 09:34:52 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\4lj2hhm2.default\extensions\moveplayer@movenetworks.com [2010.03.24 19:54:42 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\4lj2hhm2.default\extensions\noia2_option@kk.noia [2010.05.05 18:33:22 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\4lj2hhm2.default\extensions\staged-xpis [2010.02.14 11:01:55 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\4lj2hhm2.default\extensions\twitternotifier@naan.net [2010.05.29 14:15:40 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions [2010.05.29 14:15:40 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2009.11.23 12:43:32 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions\linkfilter@kaspersky.ru [2010.04.27 17:16:24 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Programme\Mozilla Firefox\components\Scriptff.dll [2010.05.29 14:15:13 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll [2010.01.16 03:15:29 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.01.16 03:15:29 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2010.01.16 03:15:29 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.01.16 03:15:29 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.01.16 03:15:29 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: localhost O1 - Hosts: ::1 localhost O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Programme\HP\Digital Imaging\smart web printing\hpswp_printenhancer.dll (Hewlett-Packard Co.) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Programme\Common Files\Mcafee\SystemCore\ScriptSn.20100529110712.dll (McAfee, Inc.) O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Programme\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Programme\Google BAE\BAE.dll (Your Company Name) O2 - BHO: (Google Gears Helper) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Programme\Google\Google Gears\Internet Explorer\\gears.dll (Google Inc.) O2 - BHO: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Programme\YouTube Downloader Toolbar\SearchSettings.dll (Spigot, Inc.) O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Programme\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.) O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Programme\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O3 - HKLM\..\Toolbar: (no name) - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found. O4 - HKLM..\Run: [BlackBerryAutoUpdate] C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe (Research In Motion Limited) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [dvd43] C:\Programme\dvd43\DVD43_Tray.exe () O4 - HKLM..\Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe File not found O4 - HKLM..\Run: [IgfxTray] C:\Windows\System32\igfxtray.exe File not found O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe (Sony Corporation) O4 - HKLM..\Run: [MarketingTools] C:\Programme\Sony\Marketing Tools\MarketingTools.exe (Sony NSCE) O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.) O4 - HKLM..\Run: [MobileConnect] C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe (Vodafone) O4 - HKLM..\Run: [NBKeyScan] C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe File not found O4 - HKLM..\Run: [Persistence] C:\Windows\System32\igfxpers.exe File not found O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [SearchSettings] C:\Program Files\YouTube Downloader Toolbar\SearchSettings.exe (Spigot, Inc.) O4 - HKLM..\Run: [Skytel] C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [StartCCC] C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe () O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [5DR8ZAD8GX] C:\Users\user\AppData\Local\Temp\Ejd.exe (ConeXware, Inc.) O4 - HKCU..\Run: [Duden Korrektor SysTray] C:\Programme\Duden\Duden Korrektor\DKTray.exe (Expert System S.p.A.) O4 - HKCU..\Run: [Halo2] C:\Users\user\AppData\Local\Temp\sshnas21.DLL (ApexDC++ Development Team) O4 - HKCU..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe File not found O4 - HKCU..\Run: [ISUSPM] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation) O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : &Gears-Einstellungen - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Programme\Google\Google Gears\Internet Explorer\\gears.dll (Google Inc.) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: HP Smart Web Printing ein- oder ausblenden - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Programme\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab (Java Plug-in 1.6.0_04) O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {DAF7E6E6-D53A-439A-B28D-12271406B8A9} hxxp://mobileapps.blackberry.com/devicesoftware/AxLoader.cab (RIM AxLoader) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Programme\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Programme\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - File not found O20 - Winlogon\Notify\VESWinlogon: DllName - VESWinlogon.dll - C:\Windows\System32\VESWinlogon.dll (Sony Corporation) O24 - Desktop WallPaper: C:\Users\user\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\user\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{2b061cfc-7827-11de-af0c-001e3de2efc7}\Shell - "" = AutoRun O33 - MountPoints2\{2b061cfc-7827-11de-af0c-001e3de2efc7}\Shell\AutoRun\command - "" = G:\setup_vmc_lite.exe -- File not found O33 - MountPoints2\{2b061cfe-7827-11de-af0c-001e3de2efc7}\Shell - "" = AutoRun O33 - MountPoints2\{2b061cfe-7827-11de-af0c-001e3de2efc7}\Shell\AutoRun\command - "" = H:\setup_vmc_lite.exe -- File not found O33 - MountPoints2\{592a638f-7dcc-11de-afd5-001e3de2efc7}\Shell - "" = AutoRun O33 - MountPoints2\{592a638f-7dcc-11de-afd5-001e3de2efc7}\Shell\AutoRun\command - "" = G:\setup_vmc_lite.exe -- File not found O33 - MountPoints2\{592a6392-7dcc-11de-afd5-001e3de2efc7}\Shell - "" = AutoRun O33 - MountPoints2\{592a6392-7dcc-11de-afd5-001e3de2efc7}\Shell\AutoRun\command - "" = G:\setup_vmc_lite.exe -- File not found O33 - MountPoints2\{5e41e931-7158-11de-99ca-001e3de2efc7}\Shell - "" = AutoRun O33 - MountPoints2\{5e41e931-7158-11de-99ca-001e3de2efc7}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -- File not found O33 - MountPoints2\{f436c947-6cab-11de-98c8-001e3de2efc7}\Shell - "" = AutoRun O33 - MountPoints2\{f436c947-6cab-11de-98c8-001e3de2efc7}\Shell\AutoRun\command - "" = G:\setup_vmc_lite.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010.07.29 09:29:46 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Malwarebytes [2010.07.29 09:29:32 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2010.07.29 09:29:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2010.07.29 09:29:30 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2010.07.29 09:29:30 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2010.07.28 11:21:53 | 000,000,000 | ---D | C] -- C:\Users\user\Desktop\Friends SE 5 [2010.07.24 16:27:22 | 000,000,000 | ---D | C] -- C:\Programme\iPod [2010.07.24 16:27:17 | 000,000,000 | ---D | C] -- C:\Programme\iTunes [2010.07.17 10:36:14 | 000,000,000 | ---D | C] -- C:\Users\user\Desktop\Denise Hochzeit [2010.07.12 15:04:21 | 000,107,368 | ---- | C] (GEAR Software Inc.) -- C:\Windows\System32\GEARAspi.dll [2010.07.12 15:03:05 | 000,000,000 | ---D | C] -- C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521} [1 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010.07.29 09:41:00 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2010.07.29 09:40:21 | 002,883,584 | -HS- | M] () -- C:\Users\user\NTUSER.DAT [2010.07.29 09:31:01 | 000,000,282 | -H-- | M] () -- C:\Windows\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job [2010.07.29 09:29:35 | 000,000,818 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.07.29 08:54:10 | 000,000,282 | -H-- | M] () -- C:\Windows\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job [2010.07.29 08:48:32 | 000,009,873 | ---- | M] () -- C:\Users\user\Desktop\2200044,cco3qxjLvMXjAo3gDnzRhOFI61LbD0zPjeNoyonQG0j5walhszXVx_TSYDOnq50NF6S3UCsz8IOEplFCd2O8gg==.jpg [2010.07.29 08:36:10 | 000,001,735 | ---- | M] () -- C:\Users\Public\Desktop\McAfee AntiVirus Plus.lnk [2010.07.29 08:33:40 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2010.07.29 08:33:36 | 000,003,616 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2010.07.29 08:33:36 | 000,003,616 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2010.07.29 08:33:35 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010.07.29 08:33:31 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010.07.29 08:33:28 | 3217,489,920 | -HS- | M] () -- C:\hiberfil.sys [2010.07.28 22:09:41 | 000,001,076 | ---- | M] () -- C:\Windows\bthservsdp.dat [2010.07.28 22:09:28 | 000,524,288 | -HS- | M] () -- C:\Users\user\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms [2010.07.28 22:09:28 | 000,065,536 | -HS- | M] () -- C:\Users\user\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf [2010.07.28 22:08:55 | 002,038,190 | -H-- | M] () -- C:\Users\user\AppData\Local\IconCache.db [2010.07.28 09:12:28 | 000,001,086 | ---- | M] () -- C:\Users\user\Desktop\AVS4YOU Software Navigator.lnk [2010.07.28 09:11:47 | 000,001,037 | ---- | M] () -- C:\Users\user\Desktop\AVS Video Converter 6.lnk [2010.07.26 10:34:10 | 001,445,310 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI [2010.07.26 10:34:10 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2010.07.26 10:34:10 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2010.07.26 10:34:10 | 000,126,454 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2010.07.26 10:34:10 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2010.07.24 19:51:14 | 000,001,356 | ---- | M] () -- C:\Users\user\AppData\Local\d3d9caps.dat [2010.07.24 16:28:15 | 000,001,804 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk [2010.07.22 20:14:35 | 274,753,641 | ---- | M] () -- C:\Windows\MEMORY.DMP [2010.07.19 10:17:02 | 005,061,465 | ---- | M] () -- C:\Users\user\Desktop\Korte_-_Einfuehrung_id_systematische_Filmanalyse.pdf [2010.07.19 09:03:18 | 000,001,887 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk [2010.07.19 08:49:38 | 000,129,936 | ---- | M] () -- C:\Users\user\AppData\Local\GDIPFONTCACHEV1.DAT [2010.07.19 08:49:16 | 000,467,936 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2010.07.09 07:40:04 | 000,001,430 | ---- | M] () -- C:\Users\user\Desktop\DivX Movies.lnk [2010.07.09 07:39:30 | 000,000,917 | ---- | M] () -- C:\Users\Public\Desktop\DivX Plus Player.lnk [2010.07.03 10:53:58 | 000,001,426 | ---- | M] () -- C:\Users\user\AppData\Roaming\wklnhst.dat [2010.06.30 18:31:38 | 000,002,625 | ---- | M] () -- C:\Users\user\Desktop\Der Währungsrechner.lnk [1 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ] ========== Files Created - No Company Name ========== [2010.07.29 09:29:35 | 000,000,818 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.07.29 08:48:30 | 000,009,873 | ---- | C] () -- C:\Users\user\Desktop\2200044,cco3qxjLvMXjAo3gDnzRhOFI61LbD0zPjeNoyonQG0j5walhszXVx_TSYDOnq50NF6S3UCsz8IOEplFCd2O8gg==.jpg [2010.07.28 09:20:21 | 000,000,282 | -H-- | C] () -- C:\Windows\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job [2010.07.28 09:20:11 | 000,000,282 | -H-- | C] () -- C:\Windows\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job [2010.07.24 16:28:15 | 000,001,804 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk [2010.07.19 10:38:18 | 005,061,465 | ---- | C] () -- C:\Users\user\Desktop\Korte_-_Einfuehrung_id_systematische_Filmanalyse.pdf [2010.07.19 09:03:18 | 000,001,887 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk [2010.07.09 07:39:30 | 000,000,917 | ---- | C] () -- C:\Users\Public\Desktop\DivX Plus Player.lnk [2010.03.01 19:48:15 | 000,000,146 | ---- | C] () -- C:\Windows\WININIT.INI [2010.02.03 10:22:41 | 000,010,752 | ---- | C] () -- C:\Windows\System32\BASSMOD.dll [2010.01.20 16:08:55 | 000,000,067 | ---- | C] () -- C:\Windows\DVDRegionFreeLite.INI [2009.10.30 11:49:59 | 000,000,000 | ---- | C] () -- C:\Windows\Irremote.ini [2009.10.17 09:44:14 | 000,053,248 | ---- | C] () -- C:\Windows\System32\CommonDL.dll [2009.10.17 09:44:14 | 000,002,412 | ---- | C] () -- C:\Windows\System32\lgAxconfig.ini [2009.09.24 08:42:40 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2009.04.23 11:55:27 | 000,278,728 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys [2009.04.23 11:55:26 | 000,025,416 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys [2009.04.23 08:47:33 | 000,000,067 | ---- | C] () -- C:\Windows\DVDRegionFree.INI [2009.02.21 15:22:14 | 000,000,034 | ---- | C] () -- C:\Windows\cdplayer.ini [2009.02.20 18:37:23 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI [2008.05.16 11:09:17 | 000,000,000 | ---- | C] () -- C:\Windows\VAIOUpdt.INI [2008.05.16 11:02:54 | 000,344,064 | ---- | C] () -- C:\Windows\System32\SSMSIppCustom.dll [2008.04.02 20:21:38 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll [2008.02.05 02:09:01 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1295.dll [2007.10.30 10:44:52 | 000,393,216 | ---- | C] () -- C:\Windows\System32\btwhidcs.dll [2007.08.17 15:41:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll [2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2001.11.14 13:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll ========== Alternate Data Streams ========== @Alternate Data Stream - 76 bytes -> C:\Users\user\Documents\Symbolde.doc:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\user\Documents\Meine lieben.doc:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\user\Documents\Deutsche Telekom AG Göttingen.doc:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\user\Documents\bachblüten.pdf:Roxio EMC Stream @Alternate Data Stream - 165 bytes -> C:\ProgramData\TEMP:FB1B13D8 < End of report > OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 29.07.2010 09:40:55 - Run 1 OTL by OldTimer - Version Folder = C:\Users\user\Downloads Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18928) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 42,00% Memory free 6,00 Gb Paging File | 4,00 Gb Available in Paging File | 67,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 176,29 Gb Total Space | 40,27 Gb Free Space | 22,84% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: USER-PC Current User Name: user Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation) htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 1 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = Reg Error: Unknown registry data type -- File not found "VistaSp2" = Reg Error: Unknown registry data type -- File not found [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 0 "DisableNotifications" = 0 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{09A5F057-CF16-40A4-BA18-237917DC73EA}" = lport=137 | protocol=17 | dir=in | app=system | "{0CF10335-F3AE-4E5F-9EE8-B95476798F01}" = lport=138 | protocol=17 | dir=in | app=system | "{29E99F8B-29A9-4317-837D-2B150900C14F}" = rport=445 | protocol=6 | dir=out | app=system | "{2F293E40-5453-41BF-8259-6E47FA9C639D}" = rport=138 | protocol=17 | dir=out | app=system | "{67D2B1EA-9ED5-4AAF-815C-B2360F67727B}" = rport=137 | protocol=17 | dir=out | app=system | "{A7A6ED89-E08A-48A5-9790-2D16C1BEC3FB}" = rport=139 | protocol=6 | dir=out | app=system | "{C1B3163E-3BAA-4F6E-8056-9246AD1A3AD3}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{D3341AB0-1AC0-4C6C-A157-3B9A81CCD9E3}" = lport=445 | protocol=6 | dir=in | app=system | "{D87CB6E4-061D-4E2D-90F1-2FEFE4F78DB5}" = lport=139 | protocol=6 | dir=in | app=system | "{EDF93686-C880-49F2-86AE-870EE948137C}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{FC6C7407-B5F3-41D6-8033-2222B2818864}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{082A8891-16BE-4104-80ED-10963A36B3F8}" = dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | "{08CB4460-041B-4209-8C23-4E758F47E249}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{0A62E2D2-6D7B-4047-BC56-89CCBE73636F}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe | "{17F34310-CE35-42C2-B2D1-69A21ACB24CE}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqnrs08.exe | "{2F92F3B4-37ED-49B5-83F4-C7F97567BF0D}" = protocol=17 | dir=in | app=c:\program files\google\google talk\googletalk.exe | "{315A0D61-EF1C-4E10-83A8-61305F984CAB}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqscnvw.exe | "{3EA0F9A3-56B2-42E4-9BCB-5ED68E4F85D4}" = dir=in | app=c:\program files\common files\hp\digital imaging\bin\hpqphotocrm.exe | "{4AA88ECD-84D7-48AE-91E9-983AA3022894}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{4E5BF2C8-5DED-420C-8DB1-4B924D51B4D6}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpsapp.exe | "{538405BB-A6A3-4845-8469-D693FF9E6FA5}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{5484B3BD-E72B-404A-BE5C-8F6BB6662721}" = dir=in | app=c:\program files\hp\digital imaging\smart web printing\smartwebprintexe.exe | "{5C1656A7-3BCC-4805-8815-636B05562F3D}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{5D4112A6-B268-47FE-B670-2A162BD1F76D}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe | "{6509C1A4-BAA9-4CB2-AB7A-D03D17169E65}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe | "{66FF6179-2A74-4A57-86C5-F31567E5F9D2}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{7077D368-1BD6-43DC-840F-3F7B7432131A}" = protocol=6 | dir=in | app=c:\program files\google\google talk\googletalk.exe | "{9362A0FB-4749-4303-88C5-943261BC558B}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{A0830F93-5371-4E24-B3A0-6B9D9DDEF8F0}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe | "{A4B0EC18-8BA9-4F1C-91BE-F33F9E27E836}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{AF512A4C-802D-44F4-8781-F64FF3D5FF8D}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{B6C157DD-8742-4AC3-B23D-A38BEFC5E80E}" = dir=in | app=c:\program files\hp\hp software update\hpwucli.exe | "{BAC92956-074C-438A-9820-1E95CFF4973A}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{BEAFF715-C188-4757-BA5D-B3D650244C98}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe | "{C3DE37FC-C1A2-4B2D-9AC5-650332E79FA7}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | "{CF1A77A8-E7E7-4C73-B031-C3AC24812950}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpse.exe | "{D2B731C5-D693-4A07-B64D-DD8A9C720BA2}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | "{FF4A1802-8AC6-43F8-80C0-523F6A210B2F}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqcopy2.exe | "TCP Query User{115394FB-DCD3-45FB-9F4E-700FAC4E9F52}C:\program files\pidgin\pidgin.exe" = protocol=6 | dir=in | app=c:\program files\pidgin\pidgin.exe | "TCP Query User{2806B9FA-B708-4720-8130-4A1E54D588B2}C:\programdata\kaspersky lab setup files\kaspersky anti-virus 2009\german\setup.exe" = protocol=6 | dir=in | app=c:\programdata\kaspersky lab setup files\kaspersky anti-virus 2009\german\setup.exe | "TCP Query User{5042AF65-860A-4E9D-918B-4C263A1CAA12}C:\program files\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files\skype\phone\skype.exe | "TCP Query User{615CCFCC-1380-4654-ABAD-0C00851B4732}C:\program files\pidgin\pidgin.exe" = protocol=6 | dir=in | app=c:\program files\pidgin\pidgin.exe | "TCP Query User{94ACE739-27B8-42AF-95E6-9A5C7CDB7CA8}F:\d-link.exe" = protocol=6 | dir=in | app=f:\d-link.exe | "TCP Query User{C507701B-827E-403F-8F7F-63611561E931}C:\program files\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files\skype\phone\skype.exe | "UDP Query User{41A50936-4E2E-41FF-8AF8-E4C352EAA5FE}C:\program files\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files\skype\phone\skype.exe | "UDP Query User{53444954-18B7-4626-ABE5-CA90F2D74901}C:\program files\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files\skype\phone\skype.exe | "UDP Query User{71D5F03A-DDB3-46F5-BAD3-1147EEAA8514}F:\d-link.exe" = protocol=17 | dir=in | app=f:\d-link.exe | "UDP Query User{85209323-9DBD-446A-82D4-F8CA282FD1B3}C:\program files\pidgin\pidgin.exe" = protocol=17 | dir=in | app=c:\program files\pidgin\pidgin.exe | "UDP Query User{A4BAE391-844A-4C01-95FE-476B96F9DC11}C:\programdata\kaspersky lab setup files\kaspersky anti-virus 2009\german\setup.exe" = protocol=17 | dir=in | app=c:\programdata\kaspersky lab setup files\kaspersky anti-virus 2009\german\setup.exe | "UDP Query User{F56E0A42-BE08-4B19-ABF1-2FB6163D8BFC}C:\program files\pidgin\pidgin.exe" = protocol=17 | dir=in | app=c:\program files\pidgin\pidgin.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{004098A1-0362-4C42-A1C3-CAD436CFF4A1}" = YouTube Downloader Toolbar v1.0 "{00E3E16A-EF37-6F18-2501-821AAB6903AB}" = ccc-core-static "{01FDC9FC-4D4F-4DB0-ACD1-D3E8E1D52902}" = Sony Video Shared Library "{0289B35E-DC07-4c7a-9710-BBD686EA4B7D}" = Status "{0299E902-A8ED-7748-4A47-8080C42436F2}" = Catalyst Control Center Core Implementation "{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = WIDCOMM Bluetooth Software "{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu "{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour "{0D8189EB-8824-AA13-6A45-8201E3353AC8}" = CCC Help German "{1316AEF2-E086-46C7-B1FB-8C9A39A2ABF9}" = VAIO Media plus "{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter "{14F47992-EF70-16D9-1DD6-8A240073CD82}" = ATI Catalyst Install Manager "{15D5C238-4C2E-4AEA-A66D-D6989A4C586B}" = VAIO Launcher "{165E861A-D87F-5BED-190E-8EBC4ECCE65E}" = Catalyst Control Center Graphics Light "{1753255A-0AEB-4220-8C75-607B73F0C133}" = Copy "{17F8195F-91B9-35A7-E4B9-6E54C0B7B9B3}" = CCC Help Korean "{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YouTube Downloader 2.5.4 "{1E04F83B-2AB9-4301-9EF7-E86307F79C72}" = Google Earth "{1EDDE5D9-7455-3159-41BE-1BC8C76B8950}" = CCC Help Spanish "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = WinDVD for VAIO "{205A5182-EFC8-4C25-B61D-C164F8FF4048}" = BlackBerry Desktop Software 5.0.1 "{23825B69-36DF-4DAD-9CFD-118D11D80F16}" = VAIO Content Folder Setting "{248BF282-92C4-4C53-09F4-454E81503277}" = Catalyst Control Center Localization Italian "{2614F54E-A828-49FA-93BA-45A3F756BFAA}" = 32 Bit HP CIO Components Installer "{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 20 "{27A2ABE9-E4C4-45DD-B9A8-CEEEE380E7E1}" = VAIO Content Metadata Intelligent Analyzing Manager "{28B52CF6-FC4D-38E7-2438-62EB527780FD}" = Catalyst Control Center Graphics Full Existing "{29ADBAC3-97C3-1963-0F76-1687F73154D7}" = Catalyst Control Center Localization French "{29FA38B4-0AE4-4D0D-8A51-6165BB990BB0}" = WebReg "{2A0F3EF9-68EE-49E9-A05B-ED5B82DF63E5}" = Wireless Switch Setting Utility "{2C4A5877-21D1-4A15-9D20-24BA54A24093}" = Playlist tool "{2E0993DB-99D1-3D3D-FDD8-757F7C44BB7F}" = CCC Help French "{2E2F4CB9-70B3-B6BA-1241-BC53FE5BE5DA}" = Catalyst Control Center Localization Thai "{2F28B3C9-2C89-4206-8B33-8ADC9577C49B}" = Scan "{2FA41EBB-3F5A-35C3-85D6-51EC72A11FBD}" = Google Gears "{2FFE93F0-BB72-4E52-8761-354D1AAA9387}" = Sony Ericsson PC Suite "{31E6A959-22FA-51B9-4E5A-1E2D2C0C8F1E}" = CCC Help Hungarian "{3248F0A8-6813-11D6-A77B-00B0D0160040}" = Java(TM) 6 Update 4 "{326DC400-1FC4-4D7D-946D-06D1EAB93200}" = VAIO Guide "{356181AD-C50C-394F-20D8-C6CB0A961589}" = Catalyst Control Center Localization Portuguese "{36FDBE6E-6684-462B-AE98-9A39A1B200CC}" = HP Product Assistant "{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works "{3B416FDA-CB3E-4514-9616-763E5B0D1140}" = Geheimakte Tunguska "{3BB63799-E541-414A-8DCA-B89E6E9E3867}" = Der Währungsrechner 2.1 "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{3D9892BB-A751-4E48-ADC8-E4289956CE1D}" = QuickTime "{3E2C691B-B7E6-4053-B5C3-94B8BC407E7A}" = Adobe Premiere Elements 4.0 "{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = Browser Address Error Redirector "{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker "{46B9C26B-4370-C68D-1743-4F13AC12B4CD}" = CCC Help Turkish "{495B3F8D-06AA-216A-6159-C9EABA6B7D8E}" = CCC Help Chinese Traditional "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4A074D34-1F3D-B98F-CFF9-B2794DA33871}" = Catalyst Control Center Localization Danish "{4A790D47-EBBF-659B-96BD-46AF5D69730B}" = Catalyst Control Center Localization Chinese Traditional "{4DCEA9C1-4D6E-41BF-A854-28CFA8B56DBF}" = Click to Disc Editor "{4EA55D20-27FB-45D7-8726-147E8A5F6C62}" = VAIO MusicBox "{4FE475AA-C4CC-115A-1422-5DFB86FC806D}" = Catalyst Control Center Localization Hungarian "{543E938C-BDC4-4933-A612-01293996845F}" = UnloadSupport "{5463642B-44B3-34D3-E64E-0ACAA949BB5A}" = CCC Help Finnish "{568457D9-A55B-D9BC-13EC-14C84E69BD86}" = Catalyst Control Center Graphics Full New "{56A6F256-5323-4617-3AE8-45B28B559E37}" = CCC Help English "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml "{57A3A36F-626E-8848-D9E0-41FCDC92FECA}" = CCC Help Portuguese "{57B955CE-B5D3-495D-AF1B-FAEE0540BFEF}" = VAIO Data Restore Tool "{596BED91-A1D8-4DF1-8CD1-1C777F7588AC}" = VAIO DVD Menu Data Basic "{5C5EE8F2-0B38-4C13-AE4E-A87A237FE718}" = "{5C81B189-5456-40C4-9313-7FE6FA6DD64C}" = Office-Bibliothek "{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053 "{6332AFF1-9D9A-429C-AA03-F82749FA4F49}" = SonicStage Mastering Studio "{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder "{6788581C-ECDA-326B-EE71-F9BE4635355F}" = Catalyst Control Center Localization Korean "{689E0AB3-50B2-4E5A-9DCE-6DA9F5BE1314}" = BlackBerry® Media Sync "{68A69CFF-130D-4CDE-AB0E-7374ECB144C8}" = Click to Disc "{6B1F20F2-6321-4669-A58C-33DF8E7517FF}" = VAIO Entertainment Platform "{6CE464DB-CD52-F4F9-FB58-BC934702A499}" = CCC Help Japanese "{6FA8BA2C-052B-4072-B8E2-2302C268BE9E}" = VAIO Movie Story Template Data "{706BB40A-4102-4c89-8107-DC68C4EBD19B}" = HP Deskjet All-In-One Software 9.0 "{7193B0D6-65E4-6FB1-EB23-E9CE6D611BDC}" = CCC Help Czech "{72042FA6-5609-489F-A8EA-3C2DD650F667}" = VAIO Control Center "{757CC5BA-BF08-46A5-8D10-64C6FDF659C6}" = VAIO Content Metadata Manager Setting "{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update "{7B63B2922B174135AFC0E1377DD81EC2}" = "{7BB90344-0647-468E-925A-7F69F7983421}" = ArcSoft Magic-i Visual Effects "{7CB64BD2-0FB7-E037-6924-EA2B8BE44E7E}" = CCC Help Greek "{7F6C2F96-3302-784E-BF0D-65D794E39BC2}" = Catalyst Control Center Localization Norwegian "{802889F8-6AF5-45A5-9764-CA5B999E50FC}" = VAIO Power Management "{824D3839-DAA1-4315-A822-7AE3E620E528}" = VideoToolkit01 "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{8389382B-53BA-4A87-8854-91E3D80A5AC7}" = HP Photosmart Essential2.01 "{83CDA18E-0BF3-4ACA-872C-B4CDABF2360E}" = VAIO Update 4 "{84EA9BEB-AFF7-06C6-60DF-608807EA7DF2}" = Catalyst Control Center Localization German "{8550D6A8-0DBC-AC89-F12B-71167346845E}" = Catalyst Control Center Localization Dutch "{85991ED2-010C-4930-96FA-52F43C2CE98A}" = Apple Mobile Device Support "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8A2224A1-7C5F-170C-74B6-6EEF9F92FCC3}" = CCC Help Norwegian "{8ED3A392-28F1-4375-97AC-BF275B5855F9}" = OpenMG Secure Module 5.0.00 "{8EDBA74D-0686-4C99-BFDD-F894678E5102}" = Adobe Common File Installer "{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting "{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007 "{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007 "{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007 "{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007 "{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007 "{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007 "{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISER_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISER_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISER_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007 "{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISER_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007 "{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007 "{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISER_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007 "{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007 "{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90FF23FE-0E1B-40DF-A22E-B4C0372E5936}" = Iomega Product Registration "{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007 "{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581) "{91F7F3F3-CE80-48C3-8327-7D24A0A5716A}" = iTunes "{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German) "{963B65F9-89C7-48BB-8E40-E7583DEC7C8D}" = SonicStage Mastering Studio "{96D0B6C6-5A72-4B47-8583-A87E55F5FE81}" = "{96E425D4-2DB1-6B29-0944-7DC78E9EEF81}" = Catalyst Control Center Localization Finnish "{98FC7A64-774B-49B5-B046-4B4EBC053FA9}" = VAIO MusicBox Sample Music "{9973498D-EA29-4A68-BE0B-C88D6E03E928}" = ArcSoft WebCam Companion 2 "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9C1C8A04-F8CA-4472-A92D-4288CE32DE86}" = SonicStage Mastering Studio Plugins "{9C2D4047-0E40-499a-AC7A-C4B9BB12FE03}" = TrayApp "{9C71059E-6DDD-4958-9251-7A5F865B6BA0}" = VAIO Content Metadata Intelligent Analyzing Manager "{9E332EEA-DCFC-424B-E499-0D35FFAD4D76}" = Catalyst Control Center Localization Greek "{9F165569-C622-3F85-0F90-23CF9B0B7E50}" = Catalyst Control Center Localization Turkish "{A38F2A2D-F9AC-6303-A14D-DD2D77519627}" = Catalyst Control Center Localization Polish "{A3FD0CA9-884F-4525-97B8-0AE6179302E6}" = F2100 "{A4399CF4-7A3F-4E84-B763-AD352640203D}" = VAIO Content Metadata XML Interface Library "{A63E7492-A0BC-4BB9-89A7-352965222380}" = VAIO Original Function Setting "{A7DA438C-2E43-4C20-BFDA-C1F4A6208558}" = Setting Utility Series "{A8B28C6F-E1CE-402B-9B5B-261680082AE3}" = Cafe World Manager "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{A9C365A3-06C0-43b4-A2DB-EDF0A6079AA9}" = DJ_AIO_Software "{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder "{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3.3 - Deutsch "{AEA07F97-9088-497c-8821-0F36BD5DC251}" = HPProductAssistant "{AF7FC1CA-79DF-43c3-90A3-33EFEB9294CE}" = AIO_Scan "{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}" = HP Update "{B07FD2DE-87AB-976B-9E7E-9CD9598D1188}" = CCC Help Italian "{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter "{B24A47B6-1DE9-45FF-9DE8-D0EF46022CC3}" = Duden Korrektor kompakt "{B25563A0-41F4-4A81-A6C1-6DBC0911B1F3}" = VAIO Movie Story "{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support "{B2F3FB19-D848-479C-818E-130ABC9366DB}" = BlackBerry Device Software Updater "{B4B1F18B-5CED-4f8f-8A8F-1BD0503C222E}" = DJ_AIO_ProductContext "{B74686F4-939E-9D89-2C09-3B0FCB3C2B37}" = Catalyst Control Center Localization Japanese "{B7C03E84-AF46-42F4-809D-D4127D9086D0}" = VAIO Edit Components 6.4 "{B982D59B-B732-C911-51F3-CC962F906573}" = ccc-utility "{B98BE95C-E76F-4246-B8E6-BEB8EE791D06}" = Roxio Media Manager "{BCD6CD1A-0DBE-412E-9F25-3B500D1E6BA1}" = SolutionCenter "{BFCBC9EC-8ECC-2E8F-85DF-9D02C3B6E8AD}" = CCC Help Thai "{C1141112-2968-FB36-0DF7-9D61AE6A0DCF}" = CCC Help Chinese Standard "{C3ABE126-2BB2-4246-BFE1-6797679B3579}" = LG USB Modem Driver "{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update "{C656142F-EFE1-44CD-BFAD-6CBC6DCB9860}" = Vodafone Mobile Connect Lite "{C7477742-DDB4-43E5-AC8D-0259E1E661B1}" = VAIO Event Service "{C9B56B00-7A33-378D-E64E-E044BE535A46}" = Catalyst Control Center Localization Chinese Standard "{CC56A2CB-EC09-4175-B8BD-93E2440D410B}" = VAIO Content Metadata Manager Setting "{CDC7BEC8-D631-4e36-81D7-FC3689209AA6}" = F2100_Help "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D06F5884-B439-440B-A58D-6C057C2FF8EB}" = Click to Disc "{D0AE373E-C276-432B-9A95-F8DD356A8242}" = VAIO Movie Story "{D0E39A1D-0CEE-4D85-B4A2-E3BE990D075E}" = Destination Component "{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2 "{D60F97EC-EF06-4E1E-B0D1-C2CBABA62FA3}" = VAIO Wallpaper Contents "{D79FDDB3-D6DD-63CC-BA61-D5406F392979}" = Catalyst Control Center Localization Russian "{D90507A2-6183-497D-9075-951DC80362DA}" = VAIO Media plus "{DA3C6D93-6EB8-BF5C-2C14-2B1A08284DBD}" = Catalyst Control Center Graphics Previews Vista "{DEBA60A3-7CDE-48D7-993D-7C68663AEE68}" = VAIO Content Metadata Intelligent Analyzing Manager "{DEFB9CA4-6242-B988-E263-CD102219F54F}" = Skins "{DF02B276-8216-D2FC-1E3D-E6382F8F6D91}" = Catalyst Control Center Localization Swedish "{DF7DB916-90E5-40F2-9010-B8125EB5FD6F}" = SonicStage Mastering Studio Audio Filter "{E2662C24-B31E-4349-A084-32EB76E8B760}" = BufferChm "{E40EE28E-1009-B9B3-1E6B-635E878EAFF4}" = CCC Help Danish "{E626EA97-DC4B-B9C2-5120-F826D00623D5}" = Catalyst Control Center Localization Spanish "{E6707034-D7A4-49B1-94D0-F5AACE46F06C}" = Instant Mode "{E8EF1266-1D1F-C2FB-1E98-2FB9E71B3C7C}" = Catalyst Control Center Graphics Previews Common "{E9C18EBD-85BE-47D0-AA73-3FEDCC976B04}" = Toolbox "{EB48851B-96A4-489f-9F95-29F3731E9764}" = F2100_doccd "{EC37A846-53AC-4DA7-98FA-76A4E74AA900}" = Benutzerdefinierte Voreinstellungen für SonicStage Mastering Studio Audio Filter "{ED1273B9-C028-C97D-BBF4-B667AD1644AE}" = CCC Help Dutch "{EF1ADA5A-0B1A-4662-8C55-7475A61D8B65}" = DeviceDiscovery "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F1FD0F66-34CF-4555-8B13-BCFC96F3864C}" = Branding "{F2D89AED-46DA-3DAF-CE35-BEA81D3CCE4B}" = CCC Help Polish "{F536B64C-FA0C-AAEE-AE89-E15B12E7C659}" = CCC Help Swedish "{F54AC413-D2C6-4A24-B324-370C223C6250}" = Adobe Photoshop Elements 6.0 "{F56D6F46-1D62-4734-BF12-6457A1ED17BD}" = DJ_AIO_Software_min "{F570A6CC-53ED-4AA9-8B08-551CD3E38D8B}" = "{F72E2DDC-3DB8-4190-A21D-63883D955FE7}" = PSSWCORE "{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{F76F1E24-BFF9-9754-FDB4-595A7DFF8651}" = CCC Help Russian "{F85C7118-F3DC-4ED9-AB27-3E7931EA3D88}" = Adobe Premiere Elements 4.0 Templates "{F8ECA4D4-3CB6-3B1C-A20A-884D5744C0FF}" = Catalyst Control Center Localization Czech "{FACD3674-FC12-4B6C-A923-E1D687704E9B}" = VAIO Content Metadata XML Interface Library "7D6D030B3D73FCCA3D4E45319380F315DFBE7A54" = Windows-Treiberpaket - Infineon Technologies (FlashUSB) USB (04/16/2009 "Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Adobe Photoshop Elements 6" = Adobe Photoshop Elements 6.0 "Ashampoo Burning Studio 6 FREE_is1" = Ashampoo Burning Studio 6 FREE "Ashampoo Photo Commander 6_is1" = Ashampoo Photo Commander 6.60 "Atlantis - Sky Patrol" = Atlantis - Sky Patrol (remove only) "Audacity_is1" = Audacity 1.2.6 "Audiograbber" = Audiograbber 1.83 SE "Audiograbber-Lame" = Audiograbber Lame-MP3-Plugin "AVS Update Manager_is1" = AVS Update Manager 1.0 "AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.4 "AVS4YOU Video Converter 6_is1" = AVS Video Converter 6 "Big Fish Games Center" = Big Fish Games Center "BlackBerry_{205A5182-EFC8-4C25-B61D-C164F8FF4048}" = BlackBerry Desktop Software 5.0.1 "CCleaner" = CCleaner "CloneDVD 2.1_is1" = CloneDVD 2.1 "CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_104D0200" = HDAUDIO SoftV92 Data Fax Modem with SmartCP "DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters "DivX Setup.divx.com" = DivX-Setup "dt icon module" = "DVD43_is1" = DVD43 v4.6.0 "ENTERPRISER" = Microsoft Office Enterprise 2007 "gtfirstboot Setting Request" = "GTK 2.0" = GTK+ Runtime 2.14.7 rev a (nur entfernen) "HP Imaging Device Functions" = HP Imaging Device Functions 9.0 "HP Photosmart Essential" = HP Photosmart Essential 2.01 "HP Smart Web Printing" = HP Smart Web Printing 4.60 "HP Solution Center & Imaging Support Tools" = HP Solution Center 9.0 "Infineon USB driver_is1" = Infineon USB driver "InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = WinDVD for VAIO "InstallShield_{4DCEA9C1-4D6E-41BF-A854-28CFA8B56DBF}" = Click to Disc Editor "InstallShield_{8ED3A392-28F1-4375-97AC-BF275B5855F9}" = OpenMG Secure Module 5.0.00 "InstallShield_{B24A47B6-1DE9-45FF-9DE8-D0EF46022CC3}" = Duden Korrektor kompakt "LingoPad_is1" = LingoPad 2.6 (Build 360) "Mahjong Towers Eternity EU" = Mahjong Towers Eternity EU (remove only) "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "MarketingTools" = Vaio Marketing Tools "MFU Module" = "Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8) "Mozilla Thunderbird (" = Mozilla Thunderbird ( "MSC" = McAfee AntiVirus Plus "Mystery Case Files - Prime Suspects" = Mystery Case Files - Prime Suspects (remove only) "Picasa2" = Picasa 2 "Pidgin" = Pidgin "PremElem40" = Adobe Premiere Elements 4.0 "PremElem40Templates" = Adobe Premiere Elements 4.0 Templates "SynTPDeinstKey" = Synaptics Pointing Device Driver "VAIO Help and Support" = "VAIO_My Club VAIO" = My Club VAIO "Virtual Villagers" = Virtual Villagers (remove only) "VLC media player" = VLC media player 1.0.1 "WinRAR archiver" = WinRAR ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 03.07.2010 02:56:45 | Computer Name = user-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: Continuously busy for more than a second Error - 03.07.2010 02:56:45 | Computer Name = user-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 37939786 Error - 03.07.2010 02:56:45 | Computer Name = user-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 37939786 Error - 03.07.2010 02:56:46 | Computer Name = user-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: Continuously busy for more than a second Error - 03.07.2010 02:56:46 | Computer Name = user-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 37940847 Error - 03.07.2010 02:56:46 | Computer Name = user-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 37940847 Error - 03.07.2010 02:56:48 | Computer Name = user-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: Continuously busy for more than a second Error - 03.07.2010 02:56:48 | Computer Name = user-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 37942158 Error - 03.07.2010 02:56:48 | Computer Name = user-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 37942158 Error - 03.07.2010 02:56:49 | Computer Name = user-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: Continuously busy for more than a second [ System Events ] Error - 29.07.2010 03:29:22 | Computer Name = user-PC | Source = bowser | ID = 8003 Description = Error - 29.07.2010 03:30:52 | Computer Name = user-PC | Source = bowser | ID = 8003 Description = Error - 29.07.2010 03:32:23 | Computer Name = user-PC | Source = bowser | ID = 8003 Description = Error - 29.07.2010 03:33:53 | Computer Name = user-PC | Source = bowser | ID = 8003 Description = Error - 29.07.2010 03:35:23 | Computer Name = user-PC | Source = bowser | ID = 8003 Description = Error - 29.07.2010 03:36:53 | Computer Name = user-PC | Source = bowser | ID = 8003 Description = Error - 29.07.2010 03:38:23 | Computer Name = user-PC | Source = bowser | ID = 8003 Description = Error - 29.07.2010 03:39:53 | Computer Name = user-PC | Source = bowser | ID = 8003 Description = Error - 29.07.2010 03:41:24 | Computer Name = user-PC | Source = bowser | ID = 8003 Description = Error - 29.07.2010 03:42:54 | Computer Name = user-PC | Source = bowser | ID = 8003 Description = < End of report > |
![]() | #2 |
| ![]() Trojahner kann nicht gelöscht werden. Googleseiten lassen sich nicht öffnen Malware konnte nicht alles entfernen hier auch der Bericht:
__________________Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Datenbank Version: 4365 Windows 6.0.6002 Service Pack 2 Internet Explorer 8.0.6001.18928 29.07.2010 09:51:42 mbam-log-2010-07-29 (09-51-42).txt Art des Suchlaufs: Quick-Scan Durchsuchte Objekte: 146613 Laufzeit: 9 Minute(n), 38 Sekunde(n) Infizierte Speicherprozesse: 1 Infizierte Speichermodule: 1 Infizierte Registrierungsschlüssel: 4 Infizierte Registrierungswerte: 2 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 6 Infizierte Speicherprozesse: C:\Users\user\AppData\Local\Temp\Ejd.exe (Trojan.Downloader) -> Unloaded process successfully. Infizierte Speichermodule: C:\Users\user\AppData\Local\Temp\sshnas21.dll (Trojan.Downloader) -> Delete on reboot. Infizierte Registrierungsschlüssel: HKEY_CURRENT_USER\SOFTWARE\5DR8ZAD8GX (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\TG0PTF86JH (Trojan.FakeAlert) -> Quarantined and deleted successfully. Infizierte Registrierungswerte: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\halo2 (Trojan.Downloader) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\5dr8zad8gx (Trojan.Downloader) -> Quarantined and deleted successfully. Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: C:\Users\user\AppData\Local\Temp\sshnas21.dll (Trojan.Downloader) -> Delete on reboot. C:\Users\user\AppData\Local\Temp\Ejd.exe (Trojan.Downloader) -> Delete on reboot. C:\Users\user\AppData\Local\Temp\Ejb.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Users\user\AppData\Local\Temp\Ejc.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Windows\Tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job (Trojan.Downloader) -> Quarantined and deleted successfully. |
![]() |
Themen zu Trojahner kann nicht gelöscht werden. Googleseiten lassen sich nicht öffnen |
0 bytes, 0x00000001, 32 bit, alternate, antivirus, audacity, audiograbber, aufrufe, bho, bonjour, components, computer, converter, corp./icp, data restore, desktop, downloader, entfernen, error, excel.exe, exe.exe, firefox, firefox.exe, flash player, format, home, home premium, install.exe, local\temp, location, logfile, maleware, microsoft office word, mozilla, mozilla thunderbird, nicht öffnen, nvstor.sys, office 2007, oldtimer, otl.exe, picasa, plug-in, programdata, realtek, registry, rundll, saver, searchplugins, security, security update, shell32.dll, siteadvisor, skype.exe, software, spigot, super, systray, twitter, udp, usb, video converter, vista, vlc media player, vodafone, youtube downloader |