Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Falsche Weiterleitung von google, malware findet keinen Trojaner

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 21.11.2010, 14:46   #1
kado
 
Falsche Weiterleitung von google, malware findet keinen Trojaner - Standard

Falsche Weiterleitung von google, malware findet keinen Trojaner



Hallo.
Ich habe das Problem das mich google seit ein paar Tagen immer auf falsche Seiten weiterleitet und ab und zu passiert das auch, wenn ich in die Adressleiste Adressen eingebe.

Der Scan von malware hat nichts ergeben :
Code:
ATTFilter
Malwarebytes' Anti-Malware 1.41
Datenbank Version: 3062
Windows 6.0.6000

21.11.2010 14:09:58
mbam-log-2010-11-21 (14-09-57).txt

Scan-Methode: Vollständiger Scan (C:\|D:\|E:\|F:\|)
Durchsuchte Objekte: 237582
Laufzeit: 1 hour(s), 10 minute(s), 52 second(s)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
         
und das sind die logs von OTL:

Code:
ATTFilter
OTL logfile created on: 21.11.2010 14:11:23 - Run 2
OTL by OldTimer - Version 3.2.17.3     Folder = C:\Users\Anwender\Downloads
Windows Vista Home Premium Edition  (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 36,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 61,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 102,48 Gb Total Space | 48,65 Gb Free Space | 47,47% Space Free | Partition Type: NTFS
 
Computer Name: ANWENDER-PC | User Name: Anwender | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2010.11.21 01:21:38 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Anwender\Downloads\OTL.exe
PRC - [2010.09.11 22:11:20 | 000,202,256 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2010.04.04 13:06:47 | 000,307,672 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009.10.30 13:10:00 | 000,039,408 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2009.10.12 21:24:50 | 002,000,112 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2009.08.05 16:55:44 | 000,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2009.06.09 15:27:12 | 000,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2009.05.19 10:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2009.04.17 13:34:32 | 001,006,264 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2009.04.17 13:14:10 | 002,923,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.03.02 11:08:43 | 000,209,153 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2008.01.29 16:38:32 | 000,583,048 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
PRC - [2007.09.26 09:53:56 | 000,554,352 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
PRC - [2007.04.16 18:06:20 | 000,321,656 | ---- | M] (Sony Corporation) -- C:\Program Files\sony\ISB Utility\ISBMgr.exe
PRC - [2007.04.03 09:21:30 | 000,923,768 | ---- | M] (Sony Corporation) -- C:\Program Files\sony\VAIO Power Management\SPMgr.exe
PRC - [2007.04.02 15:49:30 | 000,411,768 | ---- | M] (Sony Corporation) -- C:\Program Files\sony\VAIO Camera Utility\VCUServe.exe
PRC - [2007.03.24 04:02:09 | 000,166,680 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxext.exe
PRC - [2007.02.27 08:50:42 | 000,469,112 | ---- | M] (Sony Corporation) -- C:\Program Files\sony\Wireless Switch Setting Utility\Switcher.exe
PRC - [2007.02.13 14:19:48 | 000,182,392 | ---- | M] (Sony Corporation) -- C:\Program Files\sony\VAIO Event Service\VESMgr.exe
PRC - [2007.02.13 14:19:48 | 000,100,472 | ---- | M] (Sony Corporation) -- C:\Program Files\sony\VAIO Event Service\VESMgrSub.exe
PRC - [2007.02.02 20:38:14 | 002,756,608 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
PRC - [2007.02.02 13:56:52 | 000,118,784 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
PRC - [2007.01.12 21:41:40 | 000,278,528 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
PRC - [2007.01.04 18:48:52 | 000,112,152 | R--- | M] (InterVideo) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
PRC - [2006.12.22 06:31:50 | 000,108,712 | ---- | M] () -- C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
PRC - [2006.11.28 18:27:46 | 000,274,432 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
PRC - [2006.11.28 18:09:58 | 000,135,168 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
PRC - [2006.11.28 18:09:46 | 000,172,032 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
PRC - [2006.10.27 19:13:48 | 000,270,336 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe
PRC - [2006.01.23 22:14:10 | 000,069,632 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2010.11.21 01:21:38 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Anwender\Downloads\OTL.exe
MOD - [2006.11.02 10:38:57 | 001,648,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (LiveUpdate Notice Ex)
SRV - File not found [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (CLTNetCnService)
SRV - [2009.08.05 22:48:42 | 000,704,864 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
SRV - [2009.08.05 16:55:44 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009.06.09 15:27:12 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2009.05.19 10:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2009.04.17 13:34:31 | 000,265,912 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008.01.29 16:38:32 | 000,583,048 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe -- (LiveUpdate Notice Service)
SRV - [2007.09.26 09:53:56 | 002,999,664 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE -- (LiveUpdate)
SRV - [2007.09.26 09:53:56 | 000,554,352 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe -- (Automatisches LiveUpdate - Scheduler)
SRV - [2007.02.13 14:19:48 | 000,182,392 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\sony\VAIO Event Service\VESMgr.exe -- (VAIO Event Service)
SRV - [2007.02.02 13:56:52 | 000,118,784 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)
SRV - [2007.01.24 15:56:24 | 000,075,320 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AvLib\SSScsiSV.exe -- (SSScsiSV)
SRV - [2007.01.24 15:56:20 | 000,112,184 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AvLib\SsBeSvc.exe -- (SonicStage Back-End Service)
SRV - [2007.01.16 13:05:00 | 002,523,136 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\sony\VAIO Media Integrated Server\VMISrv.exe -- (VAIOMediaPlatform-IntegratedServer-AppServer)
SRV - [2007.01.16 13:05:00 | 001,089,536 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe -- (VAIOMediaPlatform-UCLS-UPnP) VAIO Media Content Collection (UPnP)
SRV - [2007.01.16 13:05:00 | 001,089,536 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe -- (VAIOMediaPlatform-IntegratedServer-UPnP) VAIO Media Integrated Server (UPnP)
SRV - [2007.01.10 15:51:06 | 000,745,472 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\sony\VAIO Media Integrated Server\UCLS.exe -- (VAIOMediaPlatform-UCLS-AppServer)
SRV - [2007.01.10 09:43:24 | 000,073,728 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe -- (VAIO Entertainment TV Device Arbitration Service)
SRV - [2007.01.08 16:06:40 | 000,397,312 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe -- (VAIOMediaPlatform-UCLS-HTTP) VAIO Media Content Collection (HTTP)
SRV - [2007.01.08 16:06:40 | 000,397,312 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe -- (VAIOMediaPlatform-IntegratedServer-HTTP) VAIO Media Integrated Server (HTTP)
SRV - [2007.01.08 16:01:34 | 000,491,520 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\sony\VAIO Media Integrated Server\Platform\VmGateway.exe -- (VAIOMediaPlatform-Mobile-Gateway)
SRV - [2007.01.04 18:48:52 | 000,112,152 | R--- | M] (InterVideo) [Auto | Running] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
SRV - [2006.12.22 06:31:50 | 000,108,712 | ---- | M] () [Auto | Running] -- C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor5.0)
SRV - [2006.12.14 01:21:20 | 000,045,056 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AvLib\MSCSPTISRV.exe -- (MSCSPTISRV)
SRV - [2006.12.14 01:02:08 | 000,069,632 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AvLib\SPTISRV.exe -- (SPTISRV)
SRV - [2006.12.14 00:46:16 | 000,057,344 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AvLib\PACSPTISVR.exe -- (PACSPTISVR)
SRV - [2006.11.28 18:27:46 | 000,274,432 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe -- (Vcsw)
SRV - [2006.11.28 18:09:58 | 000,135,168 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe -- (VzFw)
SRV - [2006.11.28 18:09:46 | 000,172,032 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe -- (VzCdbSvc)
SRV - [2005.11.14 00:06:04 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2009.12.07 22:11:08 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009.10.12 21:24:56 | 000,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Running] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2009.10.12 21:24:54 | 000,009,968 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009.10.12 21:24:52 | 000,074,480 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2009.08.05 22:48:42 | 000,054,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\fssfltr.sys -- (fssfltr)
DRV - [2009.06.09 15:27:13 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.04.27 15:28:31 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2009.02.13 10:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2007.04.23 03:25:18 | 000,070,144 | ---- | M] (Realtek Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2007.04.06 12:03:23 | 001,761,696 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007.04.05 02:03:44 | 000,031,104 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SonyImgF.sys -- (SonyImgF)
DRV - [2007.04.04 05:34:57 | 000,073,472 | ---- | M] (Ricoh) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\R5U870FLx86.sys -- (R5U870FLx86)
DRV - [2007.04.04 05:34:57 | 000,043,904 | ---- | M] (Ricoh) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\R5U870FUx86.sys -- (R5U870FUx86)
DRV - [2007.04.04 03:22:49 | 002,412,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2007.03.24 04:02:08 | 001,669,632 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\igdkmd32.sys -- (igfx)
DRV - [2007.03.08 22:05:56 | 000,181,560 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)
DRV - [2007.03.07 12:34:04 | 002,216,448 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Intel(R)
DRV - [2007.03.02 13:42:18 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007.03.02 13:42:13 | 000,985,600 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_DPV.sys -- (HSF_DPV)
DRV - [2007.03.02 13:42:11 | 000,659,968 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_CNXT.sys -- (winachsf)
DRV - [2007.03.02 13:42:11 | 000,207,360 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWAZL.sys -- (HSXHWAZL)
DRV - [2007.02.08 04:53:57 | 000,807,424 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ti21sony.sys -- (ti21sony)
DRV - [2007.02.06 06:54:39 | 000,027,520 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SonyNC.sys -- (SNC)
DRV - [2007.01.24 13:57:38 | 000,073,728 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Tosrfhid.sys -- (Tosrfhid)
DRV - [2007.01.12 20:41:32 | 000,113,792 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfbd.sys -- (tosrfbd)
DRV - [2007.01.12 20:16:54 | 000,040,576 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfusb.sys -- (tosrfusb)
DRV - [2007.01.10 04:52:56 | 000,039,056 | ---- | M] (UPEK Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tcusb.sys -- (TcUsb)
DRV - [2007.01.03 10:19:08 | 000,011,032 | ---- | M] (InterVideo) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\regi.sys -- (regi)
DRV - [2006.11.20 16:55:16 | 000,036,480 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfbnp.sys -- (tosrfbnp)
DRV - [2006.11.02 10:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2006.11.02 10:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2006.11.02 10:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2006.11.02 10:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2006.11.02 10:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2006.11.02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2006.11.02 10:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2006.11.02 10:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2006.11.02 10:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2006.11.02 10:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006.11.02 10:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006.11.02 10:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2006.11.02 10:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2006.11.02 10:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006.11.02 10:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006.11.02 10:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2006.11.02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2006.11.02 10:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006.11.02 10:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2006.11.02 10:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2006.11.02 10:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2)
DRV - [2006.11.02 10:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2006.11.02 10:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2006.11.02 10:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006.11.02 10:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006.11.02 10:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2006.11.02 10:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006.11.02 10:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2006.11.02 10:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006.11.02 10:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006.11.02 10:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006.11.02 10:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2006.11.02 10:49:30 | 000,017,512 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2006.11.02 10:49:28 | 000,016,488 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2006.11.02 10:49:20 | 000,014,952 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2006.11.02 09:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006.11.02 09:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006.11.02 09:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006.11.02 09:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006.11.02 09:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006.11.02 09:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006.11.02 08:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006.11.02 08:30:54 | 001,781,760 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel(R)
DRV - [2006.11.02 08:30:54 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
DRV - [2006.10.18 10:56:30 | 000,010,216 | ---- | M] (Sony Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\DMICall.sys -- (DMICall)
DRV - [2006.10.10 18:33:00 | 000,041,600 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tosporte.sys -- (tosporte)
DRV - [2005.08.01 15:45:00 | 000,064,896 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\tosrfcom.sys -- (Tosrfcom)
DRV - [2005.01.06 12:42:00 | 000,018,612 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfnds.sys -- (tosrfnds)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.club-vaio.com
IE - HKLM\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files\Winload\tbWinl.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {97ac393a-a525-4cd0-95cf-019b028cc7a4} - C:\Program Files\Peer2Peer-DE\tbPeer.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {fc01c2be-850b-4115-9b6b-9a427ddecc34} - C:\Program Files\jetztspielenob.de\tbjetz.dll File not found
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.club-vaio.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [Binary data over 100 bytes]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.club-vaio.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files\Winload\tbWinl.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {97ac393a-a525-4cd0-95cf-019b028cc7a4} - C:\Program Files\Peer2Peer-DE\tbPeer.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {fc01c2be-850b-4115-9b6b-9a427ddecc34} - C:\Program Files\jetztspielenob.de\tbjetz.dll File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "bing"
FF - prefs.js..browser.search.defaultthis.engineName: "Winload Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "google.de"
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.5
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010.09.11 22:12:37 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.09.11 22:12:25 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.09.11 22:12:43 | 000,000,000 | ---D | M]
 
[2009.04.15 12:51:08 | 000,000,000 | ---D | M] -- C:\Users\Anwender\AppData\Roaming\mozilla\Extensions
[2010.09.12 10:34:52 | 000,000,000 | ---D | M] -- C:\Users\Anwender\AppData\Roaming\mozilla\Firefox\Profiles\7nnl4ryx.default\extensions
[2010.03.24 15:13:02 | 000,000,917 | ---- | M] () -- C:\Users\Anwender\AppData\Roaming\Mozilla\FireFox\Profiles\7nnl4ryx.default\searchplugins\conduit.xml
[2009.04.15 12:50:55 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2008.09.04 01:11:24 | 000,054,600 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npbittorrent.dll
[2010.01.13 16:01:54 | 000,001,392 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.02.25 08:40:10 | 000,000,955 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bingober23502736.gif
[2010.05.04 15:53:12 | 000,000,181 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bingober23502736.src
[2010.01.13 16:01:54 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.01.13 16:01:54 | 000,006,805 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.01.13 16:01:54 | 000,000,986 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.01.13 16:01:54 | 000,000,801 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Winload Toolbar) - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files\Winload\tbWinl.dll (Conduit Ltd.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Peer2Peer-DE Toolbar) - {97ac393a-a525-4cd0-95cf-019b028cc7a4} - C:\Program Files\Peer2Peer-DE\tbPeer.dll (Conduit Ltd.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Google BAE\BAE.dll (Your Company Name)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O2 - BHO: (jetztspielenob.de Toolbar) - {fc01c2be-850b-4115-9b6b-9a427ddecc34} - C:\Program Files\jetztspielenob.de\tbjetz.dll File not found
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Winload Toolbar) - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files\Winload\tbWinl.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Peer2Peer-DE Toolbar) - {97ac393a-a525-4cd0-95cf-019b028cc7a4} - C:\Program Files\Peer2Peer-DE\tbPeer.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (jetztspielenob.de Toolbar) - {fc01c2be-850b-4115-9b6b-9a427ddecc34} - C:\Program Files\jetztspielenob.de\tbjetz.dll File not found
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Peer2Peer-DE Toolbar) - {97AC393A-A525-4CD0-95CF-019B028CC7A4} - C:\Program Files\Peer2Peer-DE\tbPeer.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (jetztspielenob.de Toolbar) - {FC01C2BE-850B-4115-9B6B-9A427DDECC34} - C:\Program Files\jetztspielenob.de\tbjetz.dll File not found
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [ Malwarebytes Anti-Malware  (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NBKeyScan] C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe File not found
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Symantec PIF AlertEng] C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [TrojanScanner] c:\desktop\Trjscan.exe (Simply Super Software)
O4 - HKLM..\Run: [VAIOCameraUtility] C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe (Sony Corporation)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe File not found
O4 - HKCU..\Run: [SearchEngineProtection] C:\Program Files\GamesBar\SearchEngineProtection.exe (Oberon Media )
O4 - HKCU..\Run: [siodfjisod.exe] C:\siodfjisod.exe\siodfjisod.exe ()
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKCU..\Run: [ugsoacgsco.exe] C:\ugsoacgsco.exe\ugsoacgsco.exe ()
O4 - HKCU..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll (Google Inc.)
O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll (Sun Microsystems, Inc.)
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 195.50.140.180 195.50.140.114
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\VESWinlogon: DllName - VESWinlogon.dll - C:\Windows\System32\VESWinlogon.dll (Sony Corporation)
O22 - SharedTaskScheduler: {EC654325-1273-C2A9-2B7C-45D29BCE68FB} - Deskscapes - C:\Program Files\Stardock\Object Desktop\DeskScapes3\deskscapes.dll File not found
O24 - Desktop WallPaper: C:\Users\Anwender\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Anwender\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{4c137521-29a3-11de-9c0b-001a803ba6e5}\Shell - "" = AutoRun
O33 - MountPoints2\{4c137521-29a3-11de-9c0b-001a803ba6e5}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -- File not found
O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\Autorun.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.11.21 01:50:41 | 000,000,000 | ---D | C] -- C:\Users\Anwender\Desktop\Facharbeit
[2010.11.21 00:54:44 | 000,000,000 | ---D | C] -- C:\Users\Anwender\Documents\Simply Super Software
[2010.11.21 00:54:17 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ztvcabinet.dll
[2010.11.21 00:54:14 | 000,000,000 | ---D | C] -- C:\Users\Anwender\AppData\Roaming\Simply Super Software
[2010.11.21 00:54:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Simply Super Software
[2010.11.21 00:54:14 | 000,000,000 | ---D | C] -- C:\desktop
[2010.11.17 18:38:58 | 000,000,000 | -H-D | C] -- C:\Users\Public\Documents\Windows
[2010.11.17 18:38:54 | 000,000,000 | -H-D | C] -- C:\Users\Public\Documents\Server
[2010.11.03 15:01:35 | 000,000,000 | ---D | C] -- C:\Users\Anwender\Desktop\work
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2010.11.21 14:13:00 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010.11.21 14:09:59 | 000,000,422 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{A97F0C33-E1A8-4830-85A8-3F559BC3C605}.job
[2010.11.21 13:48:01 | 000,003,456 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.11.21 13:48:01 | 000,003,456 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.11.21 12:56:32 | 000,698,314 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.11.21 12:56:32 | 000,656,850 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.11.21 12:56:32 | 000,140,292 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.11.21 12:56:32 | 000,121,506 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.11.21 12:49:42 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010.11.21 12:47:56 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.11.21 12:47:50 | 2137,448,448 | -HS- | M] () -- C:\hiberfil.sys
[2010.11.18 16:33:50 | 000,005,229 | ---- | M] () -- C:\Users\Anwender\Desktop\Dokument.rtf
[2010.11.14 14:13:39 | 000,000,338 | ---- | M] () -- C:\Users\Anwender\Desktop\dvd wishlist.rtf
[2010.10.27 18:55:32 | 000,186,880 | ---- | M] () -- C:\Users\Anwender\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2010.11.21 01:32:37 | 000,000,902 | ---- | C] () -- C:\Users\Anwender\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010.11.21 01:32:27 | 000,000,818 | ---- | C] () -- C:\Users\Anwender\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.11.21 00:54:17 | 000,162,304 | ---- | C] () -- C:\Windows\System32\ztvunrar36.dll
[2010.11.21 00:54:17 | 000,077,312 | ---- | C] () -- C:\Windows\System32\ztvunace26.dll
[2010.11.21 00:54:17 | 000,075,264 | ---- | C] () -- C:\Windows\System32\unacev2.dll
[2010.11.21 00:54:16 | 000,153,088 | ---- | C] () -- C:\Windows\System32\UNRAR3.dll
[2010.11.20 16:56:07 | 000,001,670 | ---- | C] () -- C:\Users\Anwender\Desktop\CCleaner.lnk
[2010.11.14 00:37:47 | 000,000,338 | ---- | C] () -- C:\Users\Anwender\Desktop\dvd wishlist.rtf
[2010.09.11 19:45:51 | 000,598,016 | ---- | C] () -- C:\Windows\System32\viscomqtde.dll
[2010.09.11 19:45:51 | 000,262,144 | ---- | C] () -- C:\Windows\System32\lame_enc.dll
[2010.09.11 18:35:37 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll
[2010.06.28 19:25:43 | 000,017,408 | ---- | C] () -- C:\Users\Anwender\AppData\Local\WebpageIcons.db
[2010.06.11 19:23:18 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009.11.13 17:23:06 | 000,000,032 | ---- | C] () -- C:\Windows\Menu.INI
[2009.09.30 13:24:11 | 000,011,474 | ---- | C] () -- C:\ProgramData\LUUnInstall.LiveUpdate
[2009.05.11 22:17:19 | 000,000,036 | -H-- | C] () -- C:\Windows\System32\swk.ini
[2008.12.23 20:10:27 | 000,000,395 | ---- | C] () -- C:\Windows\SIERRA.INI
[2008.06.22 20:58:43 | 000,755,027 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2008.06.22 20:58:43 | 000,164,352 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2007.11.11 17:33:13 | 000,012,288 | ---- | C] () -- C:\Windows\impborl.dll
[2007.10.11 15:43:34 | 000,000,000 | ---- | C] () -- C:\Windows\iPlayer.INI
[2007.09.22 18:42:38 | 000,000,209 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2007.09.22 15:17:00 | 000,186,880 | ---- | C] () -- C:\Users\Anwender\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007.09.21 18:07:32 | 000,000,680 | ---- | C] () -- C:\Users\Anwender\AppData\Local\d3d9caps.dat
[2007.06.06 10:12:26 | 000,019,968 | ---- | C] () -- C:\Windows\System32\Cpuinf32.dll
[2007.06.06 10:11:23 | 000,532,480 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Sony.dll
[2007.04.13 19:35:49 | 000,910,304 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll
[2007.04.13 19:35:49 | 000,249,856 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2007.04.13 19:35:49 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1230.dll
[2007.04.13 19:35:47 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2007.04.13 19:34:51 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2007.04.13 13:54:44 | 000,000,000 | ---- | C] () -- C:\Windows\VAIOUpdt.INI
[2007.04.13 10:53:18 | 000,163,840 | ---- | C] () -- C:\Windows\System32\WLANDLL.DLL
[2007.03.16 08:16:12 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
[2007.03.16 08:16:12 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll
[2007.03.16 08:15:25 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
[2006.12.05 12:05:06 | 000,114,688 | ---- | C] () -- C:\Windows\System32\TosBtAcc.dll
[2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2005.07.22 20:30:20 | 000,065,536 | ---- | C] () -- C:\Windows\System32\TosCommAPI.dll
 
========== LOP Check ==========
 
[2009.05.13 18:01:59 | 000,000,000 | -HSD | M] -- C:\Users\Anwender\AppData\Roaming\.#
[2009.09.06 20:22:18 | 000,000,000 | ---D | M] -- C:\Users\Anwender\AppData\Roaming\BitTorrent
[2009.04.11 20:20:08 | 000,000,000 | ---D | M] -- C:\Users\Anwender\AppData\Roaming\foobar2000
[2010.02.01 15:11:21 | 000,000,000 | ---D | M] -- C:\Users\Anwender\AppData\Roaming\HdO Adventure
[2007.09.22 21:19:22 | 000,000,000 | ---D | M] -- C:\Users\Anwender\AppData\Roaming\InterVideo
[2010.06.07 19:55:12 | 000,000,000 | ---D | M] -- C:\Users\Anwender\AppData\Roaming\Jetsetter
[2008.11.04 20:59:39 | 000,000,000 | ---D | M] -- C:\Users\Anwender\AppData\Roaming\Mobipocket
[2010.06.08 16:22:09 | 000,000,000 | ---D | M] -- C:\Users\Anwender\AppData\Roaming\NevoSoft Games
[2010.05.15 20:03:00 | 000,000,000 | ---D | M] -- C:\Users\Anwender\AppData\Roaming\Playrix Entertainment
[2009.05.13 17:33:48 | 000,000,000 | ---D | M] -- C:\Users\Anwender\AppData\Roaming\Shockwave
[2010.11.21 00:54:14 | 000,000,000 | ---D | M] -- C:\Users\Anwender\AppData\Roaming\Simply Super Software
[2010.02.01 15:10:30 | 000,000,000 | ---D | M] -- C:\Users\Anwender\AppData\Roaming\Zylom
[2010.11.21 01:56:00 | 000,032,642 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010.11.21 14:09:59 | 000,000,422 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{A97F0C33-E1A8-4830-85A8-3F559BC3C605}.job
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 99 bytes -> C:\ProgramData\TEMP:680086AB
@Alternate Data Stream - 337 bytes -> C:\ProgramData\TEMP:E2533C29
@Alternate Data Stream - 290 bytes -> C:\ProgramData\TEMP:1387592D
@Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:8F4589DC
@Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:E98C5DD9
@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:4D7FCCD3
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:C4967F48
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:33A7CC67
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:1E3397DC
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:40546375
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:3FC4A10A
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:CB0AACC9
@Alternate Data Stream - 106 bytes -> C:\ProgramData\TEMP:3B3A35EC
@Alternate Data Stream - 100 bytes -> C:\ProgramData\TEMP:FB384C06

< End of report >
         

Code:
ATTFilter
OTL Extras logfile created on: 21.11.2010 14:11:23 - Run 2
OTL by OldTimer - Version 3.2.17.3     Folder = C:\Users\Anwender\Downloads
Windows Vista Home Premium Edition  (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 36,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 61,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 102,48 Gb Total Space | 48,65 Gb Free Space | 47,47% Space Free | Partition Type: NTFS
 
Computer Name: ANWENDER-PC | User Name: Anwender | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
"DoNotAllowExceptions" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{4F550B9B-A06E-4511-BCCD-3721920F3993}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{823FA414-8A8E-427C-826D-225D7A7AFFB9}" = lport=2869 | protocol=6 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0397F209-2B17-4D9E-BB4C-0AA975755283}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{0DD55F49-8C2B-4321-952A-4DAD9B944580}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{280FC063-7F47-48CA-B776-829A33240F30}" = protocol=6 | dir=in | app=c:\users\anwender\downloads\videoconverter_setup.exe | 
"{2C590BDB-C6F2-4315-A88C-F6F071B4D772}" = protocol=17 | dir=in | app=c:\users\anwender\downloads\videoconverter_setup.exe | 
"{3166F857-65DC-4495-A58E-2A65D9C960D3}" = protocol=17 | dir=in | app=c:\program files\google\google talk\googletalk.exe | 
"{3E8C76E0-F959-4456-8503-6C437934430B}" = protocol=6 | dir=in | app=c:\program files\google\google talk\googletalk.exe | 
"{43797E58-646A-4DB3-8490-55AA5B78EFB2}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{7765D68A-3BB6-4210-B46F-2F6C2B6C2CB0}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{7CE4DAC2-FD8C-4D90-8AA7-9D7A3FA46FF3}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | 
"{83A0190E-D55D-4748-B6A7-2CDA9958C9EC}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{8493B2E4-32DD-45FE-A3C9-B24BBD4CE4CB}" = protocol=17 | dir=in | app=c:\program files\dna\btdna.exe | 
"{8A788F21-9454-41F4-9AB9-12A235D01281}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{8D34A228-2075-46D6-925A-2F6891D422ED}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{B19E1A39-B6DB-4E5B-B60B-F3BC888956FC}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{B2F170F5-1006-4CCC-AE67-15E4A26EF9EE}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{D5BBF540-8E14-4333-A8F3-B0E542FBC105}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe | 
"{D6C75007-BAF1-4A48-8C7E-5CD2B984F2A9}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{D7F46666-9870-4E7F-A70B-6AA6F0B2A094}" = protocol=6 | dir=in | app=c:\users\anwender\downloads\flvplayer_setup.exe | 
"{E1F3FE5D-3F42-4E55-AF45-24D754641485}" = protocol=6 | dir=in | app=c:\program files\dna\btdna.exe | 
"{E3C6AD3C-098F-497D-9005-F99D5A0B2DFA}" = protocol=17 | dir=in | app=c:\users\anwender\downloads\flvplayer_setup.exe | 
"{F57AE497-106F-4DE4-ADA3-7125C04D1876}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{FACB5DF2-051F-4028-8DA6-A8C4798EEFDC}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe | 
"TCP Query User{04812492-70B1-4507-9243-71031003C6DF}C:\users\anwender\program files\dna\btdna.exe" = protocol=6 | dir=in | app=c:\users\anwender\program files\dna\btdna.exe | 
"TCP Query User{195D3C69-82BE-4D47-86E4-1039DC418EC7}C:\program files\itunes\itunes.exe" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe | 
"TCP Query User{468C35B4-B675-45D7-B322-6993129B5397}C:\programdata\a6549bc\wsa654.exe" = protocol=6 | dir=in | app=c:\programdata\a6549bc\wsa654.exe | 
"TCP Query User{9586110B-5D13-4482-B54A-83378134BFF6}C:\program files\activision\star trek elite force ii single player demo\ef2.exe" = protocol=6 | dir=in | app=c:\program files\activision\star trek elite force ii single player demo\ef2.exe | 
"TCP Query User{BE83E91B-C7E2-4906-97AE-73F6753C41A1}C:\programdata\a6549bc\wsa654.exe" = protocol=6 | dir=in | app=c:\programdata\a6549bc\wsa654.exe | 
"TCP Query User{C6F76CCC-37B0-48CB-BB03-CC64C19E4C91}C:\program files\bittorrent\bittorrent.exe" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe | 
"TCP Query User{CE015185-F21A-48C3-B491-83778048959E}C:\users\anwender\program files\dna\btdna.exe" = protocol=6 | dir=in | app=c:\users\anwender\program files\dna\btdna.exe | 
"TCP Query User{D6DEA613-5146-4719-9F62-46B0ABA0AE5E}C:\users\anwender\desktop\x-plane 9-demo\x-plane.exe" = protocol=6 | dir=in | app=c:\users\anwender\desktop\x-plane 9-demo\x-plane.exe | 
"TCP Query User{E7C013DE-7146-4405-BB64-7E36E97C4E5F}C:\program files\flightgear\bin\win32\fgfs.exe" = protocol=6 | dir=in | app=c:\program files\flightgear\bin\win32\fgfs.exe | 
"UDP Query User{19F0F815-8277-432D-88EF-D136F8ABDD5A}C:\users\anwender\program files\dna\btdna.exe" = protocol=17 | dir=in | app=c:\users\anwender\program files\dna\btdna.exe | 
"UDP Query User{1CF467F5-F537-4EBC-8A19-160ED4750758}C:\program files\bittorrent\bittorrent.exe" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe | 
"UDP Query User{2101C5B6-A5FF-4D58-9B31-52DB7FB704C3}C:\program files\itunes\itunes.exe" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe | 
"UDP Query User{56D06916-E511-4725-A4BF-682D43B3BA9E}C:\program files\flightgear\bin\win32\fgfs.exe" = protocol=17 | dir=in | app=c:\program files\flightgear\bin\win32\fgfs.exe | 
"UDP Query User{720454DC-676C-4F10-853F-06910B4E265C}C:\users\anwender\desktop\x-plane 9-demo\x-plane.exe" = protocol=17 | dir=in | app=c:\users\anwender\desktop\x-plane 9-demo\x-plane.exe | 
"UDP Query User{988B26CD-FD81-4B78-8B6C-46070B0C675E}C:\programdata\a6549bc\wsa654.exe" = protocol=17 | dir=in | app=c:\programdata\a6549bc\wsa654.exe | 
"UDP Query User{B71E067D-E4A5-42B3-B3E1-9F5A85B2942A}C:\program files\activision\star trek elite force ii single player demo\ef2.exe" = protocol=17 | dir=in | app=c:\program files\activision\star trek elite force ii single player demo\ef2.exe | 
"UDP Query User{E89CCFEE-C3A2-4A41-9FB6-9A2A0228483C}C:\users\anwender\program files\dna\btdna.exe" = protocol=17 | dir=in | app=c:\users\anwender\program files\dna\btdna.exe | 
"UDP Query User{E9C4C8A5-CFD4-492E-B1CA-2DD4CD9CA492}C:\programdata\a6549bc\wsa654.exe" = protocol=17 | dir=in | app=c:\programdata\a6549bc\wsa654.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FDC9FC-4D4F-4DB0-ACD1-D3E8E1D52902}" = Sony Video Shared Library
"{028ED9C4-25EE-4DEE-9CF4-91034BC89B18}" = Microsoft SQL Server 2005 Express Edition (VAIO_VEDB)
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{07629207-FAA0-4F1A-8092-BF5085BE511F}" = Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)
"{10798AE3-DCBB-43C3-9C93-C23512427E25}" = Die Sims Deluxe 
"{1417F599-1DBD-4499-9375-B2813E9F890C}" = VAIO Camera Utility
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1966CFDC-5011-4480-B309-7FD59B91D10F}" = LEGO® Harry Potter™: Die Jahre 1-4 DEMO
"{1BEF9285-5530-426B-A5F1-5836B95C7EB1}" = VAIO Original Screen Saver
"{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = WinDVD for VAIO
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{2063C2E8-3812-4BBD-9998-6610F80C1DD4}" = VAIO Media AC3 Decoder 1.0
"{21206703-2882-4110-9A75-63A4803B6AE8}" = Magic Encyclopedia
"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{25569723-DC5A-4467-A639-79535BF01B71}" = Adobe Help Center 2.1
"{2A0F3EF9-68EE-49E9-A05B-ED5B82DF63E5}" = Wireless Switch Setting Utility
"{2A2FF7F5-6F0E-4A5D-A881-39365E718BD6}" = VAIO Cozy Orange Wallpaper
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java(TM) SE Runtime Environment 6
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{3A23120C-CD83-4CE6-B451-C5C998052522}" = Battery Care Function
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = Browser Address Error Redirector
"{3F50AF3B-8997-4916-0095-99D63DDB785A}" = Harry Potter TM
"{41C5EDB3-BE78-4C29-AE83-EDD2B1B740F1}" = CSI: Dark Motives
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{428A6DA3-FD56-44AE-B602-15DCCD6A7515}" = VAIO AV Mode Launcher
"{48820099-ED7D-424B-890C-9A82EF00656D}" = VAIO Update 3
"{49E766E4-4B3F-40F7-B987-89F2DF6D524C}" = Moorhuhn Kart XXL
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works
"{500162A0-4DD5-460A-BAFD-895AAE48C532}" = VAIO Media Content Collection 6.0
"{500C3FDC-5E5F-485F-BDF5-2C445839CBE0}" = 
"{51E55DEA-DA24-5477-B9F1-099918E97573}" = Poker Superstars III
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{55B781F0-060E-11D4-99D7-00C04FCCB775}" = 
"{560F6B2E-F0DF-44E5-8190-A4A161F0E205}" = VAIO Media 6.0
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57B955CE-B5D3-495D-AF1B-FAEE0540BFEF}" = VAIO Data Restore Tool
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{5855C127-1F20-404D-B7FB-1FD84D7EAB5E}" = VAIO Media Redistribution 6.0
"{5943B7F7-678B-477E-9AEE-6E4C6962322B}" = Sparwelt.de Gutschein Alarm
"{59452470-A902-477F-9338-9B88101681BD}" = Setting Utility Series
"{5E343EF6-D27C-4CFC-9FAE-9AAFB541BCEE}" = VAIO Photo 2007
"{5EFCBB42-36AB-4FF9-B90C-E78C7B9EE7B3}" = iTunes
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{638BAD93-701B-482A-86C6-72DFF3E6FE51}" = 
"{654F0312-CB3D-4FE2-962C-6BB9752E9146}" = iPod for Windows 2005-06-26
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{68A69CFF-130D-4CDE-AB0E-7374ECB144C8}" = VAIO Video & Photo Suite
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6B1F20F2-6321-4669-A58C-33DF8E7517FF}" = VAIO Entertainment Platform
"{6D2576EC-A0E9-418A-A09A-409933A3B6F4}" = VAIO Camera Capture Utility
"{70B7A167-0B88-445D-A3EA-97C73AA88CAC}" = Windows Live Toolbar
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{785EB1D4-ECEC-4195-99B4-73C47E187721}" = VAIO Media Integrated Server 6.0
"{7FB12670-0F93-4E1E-B2F5-4F339199A03A}" = Microsoft SQL Server Native Client
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115415417}" = Magic Encyclopedia First Story
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-118278727}" = Nora Roberts - Vision In White
"{849A32C3-E75A-4791-9B11-E568BA3525A4}" = Microsoft SQL Server VSS Writer
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A1033B0-EF33-4FB5-97A1-C47A7DCDD7E6}_is1" = ClipGrab 3.0.7
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{2AB528A5-BB1B-4EBE-8E51-AD0C4CD33CA9}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{3EC77D26-799B-4CD8-914F-C1565E796173}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{430971B1-C31E-45DA-81E0-72C095BAB72C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{58FC5E37-DD28-4D4A-A549-125744C6763C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{888B9AC7-8F5C-456B-A27A-157A6C310E52}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{97BCD719-6ECB-458F-97D6-F38D2E07375E}" = VAIO Aqua Breeze Wallpaper
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{994223F3-A99B-4DDD-9E1D-0190A17C6860}" = Windows Live Family Safety
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9E319E96-ED8E-4B01-9775-C521A1869A25}" = VAIO Power Management
"{9E407618-D9CD-4F39-9490-9ED45294073D}" = Click to DVD 2.0.05 Menu Data
"{9FA8B5F5-4BDC-4CF4-9202-AA97FF79AE98}" = VAIO Media
"{A0EB195B-5876-48E6-879D-33D4B2102610}" = SonicStage 4.3
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A4F9E9FE-A9C7-43FC-8AB7-06A87C3CE368}" = Star Wars Republic Commando Demo
"{A7B609FB-83D8-4FC3-8477-1BC65ECFE85B}" = Adobe Photoshop Elements 5.0
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A93944F2-D2D4-4750-BFE7-9A288FEAF2CF}" = Apple Application Support
"{A947C2B3-7445-42C4-9063-EE704CACCB22}" = VAIO Hardware Diagnostics
"{AC76BA86-7AD7-1031-7B44-A81300000003}" = Adobe Reader 8.1.3 - Deutsch
"{AF9A04EB-7D8E-41DE-9EDE-4AB9BB2B71B6}" = VAIO Media Registration Tool 6.0
"{AFA20D47-69C3-4030-8DF8-D37466E70F13}" = Apple Mobile Device Support
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B7FB0C86-41A4-4402-9A33-912C462042A0}" = Roxio Easy Media Creator Home
"{BBFFB027-7D53-4E1B-95BC-35A2216D1D60}" = VAIO Long Battery Life Wallpaper
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C183A21C-395A-490F-99D4-CCAB35E32859}" = 
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{CCD663AE-610D-4BDF-AAB0-E914B044527D}" = OpenMG Secure Module 4.7.00
"{CD1513FC-273F-4744-8934-A6E5B1741E98}" = Star Wars JK II Jedi Outcast Demo
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE72437E-0C5F-4E26-8C07-42AB0C9F7B1D}" = VAIO Video & Photo  Suite
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D1F6BB2F-E9A4-4233-BA03-BB62E8AED82A}" = Star Wars Jedi Knight Jedi Academy Demo
"{D642E38E-0D24-486C-9A2D-E316DD696F4B}" = Microsoft XML Parser
"{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}" = LiveUpdate Notice (Symantec Corporation)
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E6707034-D7A4-49B1-94D0-F5AACE46F06C}" = Instant Mode
"{E809063C-51A3-4269-8984-D1EB742F2151}" = Click to DVD 2.6.00
"{E89D31F3-7F6C-47A3-8669-0A8DDE27B664}" = VAIO Media Registration Tool
"{EB900AF8-CC61-4E15-871B-98D1EA3E8025}" = QuickTime
"{EF3D45BB-2260-4008-88EA-492E7744A9DF}" = Sony Utilities DLL
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0D85ADD-DD61-4B43-87A0-6DA52A211A8B}" = VAIO Event Service
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0
"{F570A6CC-53ED-4AA9-8B08-551CD3E38D8B}" = 
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{FC37C108-821D-4EDE-8F40-D5B497586805}" = VAIO Control Center
"{FCCB0B43-7A6D-49A4-A5B3-B10F592F4EB6}" = LAN-Express AS IEEE 802.11 Wireless LAN
"AaaaaAAaaaAAAaaAAAAaAAAAA!!! - A Reckless Disreg~B653BC65_is1" = AaaaaAAaaaAAAaaAAAAaAAAAA!!! - A Reckless Disregard for Gravity
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop Elements 5" = Adobe Photoshop Elements 5.0
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CCleaner" = CCleaner
"Clean Virus MSN_is1" = Clean Virus MSN
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_104D0200" = HDAUDIO SoftV92 Data Fax Modem with SmartCP
"De_Blob_EN" = De Blob (alleen verwijderen)
"Drawn The Painted Tower" = Drawn The Painted Tower (remove only)
"DreamMaker" = DreamMaker
"Episode 104 - Abe Lincoln Must Die!" = Sam and Max - Season One - Sam and Max Episode 104 - Abe Lincoln Must Die!
"foobar2000" = foobar2000 v0.9.4.5
"Free YouTube Download_is1" = Free YouTube Download 2.2
"Free YouTube to Mp3 Converter_is1" = Free YouTube to Mp3 Converter version 2.5
"GAME OF LIFE by Hasbro" = GAME OF LIFE by Hasbro (remove only)
"GamesBar" = GamesBar 2.0.1.46
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = WinDVD for VAIO
"InstallShield_{654F0312-CB3D-4FE2-962C-6BB9752E9146}" = iPod for Windows 2005-06-26
"InstallShield_{CCD663AE-610D-4BDF-AAB0-E914B044527D}" = OpenMG Secure Module 4.7.00
"InterActual Player" = InterActual Player
"IrfanView" = IrfanView (remove only)
"James Bond 007: Nightfire Demo" = James Bond 007: Nightfire Demo
"jetztspielenob.de Toolbar" = jetztspielenob.de Toolbar
"kaltkaltkalt" = kaltkaltkalt  Screen Saver
"KLiteCodecPack_is1" = K-Lite Codec Pack 3.8.0 Basic
"LiveUpdate" = LiveUpdate 3.2 (Symantec Corporation)
"Magic Encyclopedia_is1" = Magic Encyclopedia
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Maniac Mansion Deluxe" = Maniac Mansion Deluxe
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Mozilla Firefox (3.0.19)" = Mozilla Firefox (3.0.19)
"OpenAL" = OpenAL
"OpenMG HotFix4.7-07-13-22-01" = OpenMG Limited Patch 4.7-07-13-24-01
"Peer2Peer-DE Toolbar" = Peer2Peer-DE Toolbar
"Picasa2" = Picasa 2
"Poker Superstars III" = Poker Superstars III (remove only)
"RealPlayer 12.0" = RealPlayer
"ShockwaveFlash" = Adobe Flash Player 9 ActiveX
"SUPER ©" = SUPER © Version 2010.bld.38 (May 2, 2010)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Trojan Remover_is1" = Trojan Remover 6.8.2
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VLC media player 1.1.0
"WinLiveSuite_Wave3" = Windows Live Essentials
"Winload Toolbar" = Winload Toolbar
"WinRAR archiver" = WinRAR
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 20.11.2010 19:34:27 | Computer Name = Anwender-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 20.11.2010 19:49:49 | Computer Name = Anwender-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 20.11.2010 19:53:12 | Computer Name = Anwender-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 20.11.2010 20:20:38 | Computer Name = Anwender-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 20.11.2010 20:25:30 | Computer Name = Anwender-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 20.11.2010 20:26:16 | Computer Name = Anwender-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 20.11.2010 20:26:32 | Computer Name = Anwender-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 20.11.2010 20:26:58 | Computer Name = Anwender-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 21.11.2010 07:49:19 | Computer Name = Anwender-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 21.11.2010 07:49:51 | Computer Name = Anwender-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
[ System Events ]
Error - 18.11.2010 07:23:09 | Computer Name = Anwender-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 18.11.2010 09:39:09 | Computer Name = Anwender-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 18.11.2010 um 14:37:19 unerwartet heruntergefahren.
 
Error - 18.11.2010 09:40:43 | Computer Name = Anwender-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 19.11.2010 09:30:05 | Computer Name = Anwender-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 19.11.2010 10:51:02 | Computer Name = Anwender-PC | Source = Dhcp | ID = 1001
Description = Diesem Computer konnte keine Netzwerkadresse durch den DHCP-Server
 für die Netzwerkkarte mit der Netzwerkadresse 001B7797B193 zugeteilt werden. Der
 folgende Fehler ist aufgetreten:   %%1223. Es wird weiterhin im Hintergrund versucht,
 eine Adresse vom Netzwerkadressserver (DHCP) zugeteilt zu bekommen.
 
Error - 19.11.2010 21:29:41 | Computer Name = Anwender-PC | Source = DCOM | ID = 10010
Description = 
 
Error - 20.11.2010 09:57:47 | Computer Name = Anwender-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 20.11.2010 19:46:47 | Computer Name = Anwender-PC | Source = DCOM | ID = 10010
Description = 
 
Error - 20.11.2010 19:50:04 | Computer Name = Anwender-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 21.11.2010 07:49:34 | Computer Name = Anwender-PC | Source = Service Control Manager | ID = 7000
Description = 
 
 
< End of report >
         
Ich bin ein Laie wenn es um solche Sachen geht und bin etwas verzweifelt. Ich hoffe, dass mir jemand helfen kann...

Alt 21.11.2010, 15:59   #2
markusg
/// Malware-holic
 
Falsche Weiterleitung von google, malware findet keinen Trojaner - Standard

Falsche Weiterleitung von google, malware findet keinen Trojaner



• Starte bitte die OTL.exe
• Kopiere nun das Folgende in die Textbox.

:OTL
O4 - HKCU..\Run: [ugsoacgsco.exe] C:\ugsoacgsco.exe\ugsoacgsco.exe ()
O4 - HKCU..\Run: [siodfjisod.exe] C:\siodfjisod.exe\siodfjisod.exe ()

:Files
:Commands
[purity]
[EMPTYFLASH]
[emptytemp]
[Reboot]

• Schliesse bitte nun alle Programme.
• Klicke nun bitte auf den Fix Button.
• OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
• Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort posten.


öffne mein computer, c: dann _OTL
dort rechtsklick auf moved files
wähle zu moved files.rar oder zip hinzufügen.
lade das archiv in unserem upload channel hoch.
http://www.trojaner-board.de/54791-a...ner-board.html
__________________

__________________

Alt 21.11.2010, 18:40   #3
kado
 
Falsche Weiterleitung von google, malware findet keinen Trojaner - Standard

Falsche Weiterleitung von google, malware findet keinen Trojaner



okay

Code:
ATTFilter
All processes killed
========== OTL ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ugsoacgsco.exe deleted successfully.
C:\ugsoacgsco.exe\ugsoacgsco.exe moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\siodfjisod.exe deleted successfully.
C:\siodfjisod.exe\siodfjisod.exe moved successfully.
========== FILES ==========
========== COMMANDS ==========
 
[EMPTYFLASH]
 
User: All Users
 
User: Anwender
->Flash cache emptied: 16865 bytes
 
User: *****
->Flash cache emptied: 521 bytes
 
User: Default
->Flash cache emptied: 157 bytes
 
User: Default User
 
User: Public
 
Total Flash Files Cleaned = 0,00 mb
 
 
[EMPTYTEMP]
 
User: All Users
 
User: Anwender
->Temp folder emptied: 41295 bytes
->Temporary Internet Files folder emptied: 32902 bytes
->Java cache emptied: 17197007 bytes
->FireFox cache emptied: 88865685 bytes
->Flash cache emptied: 0 bytes
 
User: ******
->Temp folder emptied: 42632 bytes
->Temporary Internet Files folder emptied: 435359 bytes
->FireFox cache emptied: 13713888 bytes
->Flash cache emptied: 0 bytes
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes
 
User: Default User
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 38826 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 115,00 mb
 
 
OTL by OldTimer - Version 3.2.17.3 log created on 11212010_182056

Files\Folders moved on Reboot...
File\Folder C:\Windows\temp\JETA43A.tmp not found!

Registry entries deleted on Reboot...
         
__________________

Alt 21.11.2010, 18:44   #4
markusg
/// Malware-holic
 
Falsche Weiterleitung von google, malware findet keinen Trojaner - Standard

Falsche Weiterleitung von google, malware findet keinen Trojaner



machst du onlinebanking /einkäufe?
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 21.11.2010, 18:48   #5
kado
 
Falsche Weiterleitung von google, malware findet keinen Trojaner - Standard

Falsche Weiterleitung von google, malware findet keinen Trojaner



onlinebanking nein, einkaufen gelegentlich ebay...


Alt 21.11.2010, 19:12   #6
markusg
/// Malware-holic
 
Falsche Weiterleitung von google, malware findet keinen Trojaner - Standard

Falsche Weiterleitung von google, malware findet keinen Trojaner



hi,
dein system ist schlecht gesichert, keine updates etc.
dazu hast du einen der gefährlichsten trojaner dies im moment gibt.
wir sollten von daher neu aufsetzen, das system von anfang an vernünftig absichern.
dann wirds auch in zukunft schwieriger dir nen trojaner unterzujubeln.
__________________
--> Falsche Weiterleitung von google, malware findet keinen Trojaner

Alt 21.11.2010, 19:21   #7
kado
 
Falsche Weiterleitung von google, malware findet keinen Trojaner - Standard

Falsche Weiterleitung von google, malware findet keinen Trojaner



okay... das heißt also konfigurieren? (tut mir leid, für die dummen fragen, aber ich kenn mich echt nicht aus...)
wie sichere ich denn mein system von anfang an gut ab?

Alt 21.11.2010, 19:25   #8
markusg
/// Malware-holic
 
Falsche Weiterleitung von google, malware findet keinen Trojaner - Standard

Falsche Weiterleitung von google, malware findet keinen Trojaner



na die anleitung bekommst du von mir.
also du sicherst deine daten und suchst alle cds die du benötigst zusammen, dann sag mir, ob du ne windows oder recovery cd hast.
ich gebe dir dann ne schritt für schritt anleitung.
ist relativ einfach umzusetzen, und fragen kannst du immer!
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Antwort

Themen zu Falsche Weiterleitung von google, malware findet keinen Trojaner
alternate, antivir, avgntflt.sys, avira, bho, bonjour, clipgrab, conduit, corp./icp, data restore, desktop, error, excel, falsche seite, firefox, flash player, google, home, home premium, install.exe, location, logfile, malware, microsoft office word, mozilla, mp3, nvstor.sys, oldtimer, otl logfile, picasa, plug-in, problem, programdata, realtek, registry, saver, scan, searchplugins, security, service pack 1, shell32.dll, skype.exe, software, svchost.exe, symantec, torrent.exe, tower, trojane, trojaner, vista, vlc media player, winload toolbar




Ähnliche Themen: Falsche Weiterleitung von google, malware findet keinen Trojaner


  1. Weiterleitung auf falsche links bei google
    Plagegeister aller Art und deren Bekämpfung - 17.08.2013 (3)
  2. Google! Falsche Weiterleitung http://www.ihavenet.com
    Log-Analyse und Auswertung - 02.06.2013 (16)
  3. Google-Suchergebnisse: Falsche Weiterleitung
    Plagegeister aller Art und deren Bekämpfung - 28.05.2013 (11)
  4. falsche Weiterleitung bei Google-Suchergebnissen
    Log-Analyse und Auswertung - 13.12.2012 (11)
  5. Falsche google Weiterleitung
    Log-Analyse und Auswertung - 09.12.2012 (21)
  6. Firefox Google - falsche Weiterleitung
    Plagegeister aller Art und deren Bekämpfung - 09.06.2012 (8)
  7. Falsche Link-Weiterleitung bei Google - Trojaner?
    Log-Analyse und Auswertung - 17.01.2012 (30)
  8. Windows findet keinen Speicherplatz,Festplatten nicht sichtbar,Trojaner,Malware
    Log-Analyse und Auswertung - 06.01.2012 (8)
  9. Falsche weiterleitung durch Google und co.
    Log-Analyse und Auswertung - 16.11.2011 (5)
  10. Falsche Weiterleitung bei Google-Links
    Log-Analyse und Auswertung - 10.06.2011 (7)
  11. Google Trojaner (falsche Weiterleitung)
    Log-Analyse und Auswertung - 25.11.2010 (33)
  12. Google-Ergebnisse - falsche Weiterleitung
    Plagegeister aller Art und deren Bekämpfung - 23.12.2009 (2)
  13. Falsche Weiterleitung bei Google
    Log-Analyse und Auswertung - 11.03.2009 (39)
  14. Falsche Weiterleitung bei Google-Links
    Plagegeister aller Art und deren Bekämpfung - 10.02.2009 (15)
  15. Google Suchergebnisse - falsche Weiterleitung
    Plagegeister aller Art und deren Bekämpfung - 10.12.2007 (0)
  16. Falsche Weiterleitung bei Google
    Log-Analyse und Auswertung - 07.03.2007 (3)
  17. Falsche Weiterleitung bei google
    Mülltonne - 05.10.2006 (1)

Zum Thema Falsche Weiterleitung von google, malware findet keinen Trojaner - Hallo. Ich habe das Problem das mich google seit ein paar Tagen immer auf falsche Seiten weiterleitet und ab und zu passiert das auch, wenn ich in die Adressleiste Adressen - Falsche Weiterleitung von google, malware findet keinen Trojaner...
Archiv
Du betrachtest: Falsche Weiterleitung von google, malware findet keinen Trojaner auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.