|
Plagegeister aller Art und deren Bekämpfung: Falsche Weiterleitung von google, malware findet keinen TrojanerWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
21.11.2010, 14:46 | #1 |
| Falsche Weiterleitung von google, malware findet keinen Trojaner Hallo. Ich habe das Problem das mich google seit ein paar Tagen immer auf falsche Seiten weiterleitet und ab und zu passiert das auch, wenn ich in die Adressleiste Adressen eingebe. Der Scan von malware hat nichts ergeben : Code:
ATTFilter Malwarebytes' Anti-Malware 1.41 Datenbank Version: 3062 Windows 6.0.6000 21.11.2010 14:09:58 mbam-log-2010-11-21 (14-09-57).txt Scan-Methode: Vollständiger Scan (C:\|D:\|E:\|F:\|) Durchsuchte Objekte: 237582 Laufzeit: 1 hour(s), 10 minute(s), 52 second(s) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) Code:
ATTFilter OTL logfile created on: 21.11.2010 14:11:23 - Run 2 OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\Anwender\Downloads Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 36,00% Memory free 4,00 Gb Paging File | 3,00 Gb Available in Paging File | 61,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 102,48 Gb Total Space | 48,65 Gb Free Space | 47,47% Space Free | Partition Type: NTFS Computer Name: ANWENDER-PC | User Name: Anwender | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2010.11.21 01:21:38 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Anwender\Downloads\OTL.exe PRC - [2010.09.11 22:11:20 | 000,202,256 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe PRC - [2010.04.04 13:06:47 | 000,307,672 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe PRC - [2009.10.30 13:10:00 | 000,039,408 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe PRC - [2009.10.12 21:24:50 | 002,000,112 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe PRC - [2009.08.05 16:55:44 | 000,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe PRC - [2009.06.09 15:27:12 | 000,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe PRC - [2009.05.19 10:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe PRC - [2009.04.17 13:34:32 | 001,006,264 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe PRC - [2009.04.17 13:14:10 | 002,923,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009.03.02 11:08:43 | 000,209,153 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe PRC - [2008.01.29 16:38:32 | 000,583,048 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe PRC - [2007.09.26 09:53:56 | 000,554,352 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe PRC - [2007.04.16 18:06:20 | 000,321,656 | ---- | M] (Sony Corporation) -- C:\Program Files\sony\ISB Utility\ISBMgr.exe PRC - [2007.04.03 09:21:30 | 000,923,768 | ---- | M] (Sony Corporation) -- C:\Program Files\sony\VAIO Power Management\SPMgr.exe PRC - [2007.04.02 15:49:30 | 000,411,768 | ---- | M] (Sony Corporation) -- C:\Program Files\sony\VAIO Camera Utility\VCUServe.exe PRC - [2007.03.24 04:02:09 | 000,166,680 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxext.exe PRC - [2007.02.27 08:50:42 | 000,469,112 | ---- | M] (Sony Corporation) -- C:\Program Files\sony\Wireless Switch Setting Utility\Switcher.exe PRC - [2007.02.13 14:19:48 | 000,182,392 | ---- | M] (Sony Corporation) -- C:\Program Files\sony\VAIO Event Service\VESMgr.exe PRC - [2007.02.13 14:19:48 | 000,100,472 | ---- | M] (Sony Corporation) -- C:\Program Files\sony\VAIO Event Service\VESMgrSub.exe PRC - [2007.02.02 20:38:14 | 002,756,608 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe PRC - [2007.02.02 13:56:52 | 000,118,784 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe PRC - [2007.01.12 21:41:40 | 000,278,528 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe PRC - [2007.01.04 18:48:52 | 000,112,152 | R--- | M] (InterVideo) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe PRC - [2006.12.22 06:31:50 | 000,108,712 | ---- | M] () -- C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe PRC - [2006.11.28 18:27:46 | 000,274,432 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe PRC - [2006.11.28 18:09:58 | 000,135,168 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe PRC - [2006.11.28 18:09:46 | 000,172,032 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe PRC - [2006.10.27 19:13:48 | 000,270,336 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe PRC - [2006.01.23 22:14:10 | 000,069,632 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe ========== Modules (SafeList) ========== MOD - [2010.11.21 01:21:38 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Anwender\Downloads\OTL.exe MOD - [2006.11.02 10:38:57 | 001,648,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll ========== Win32 Services (SafeList) ========== SRV - File not found [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (LiveUpdate Notice Ex) SRV - File not found [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (CLTNetCnService) SRV - [2009.08.05 22:48:42 | 000,704,864 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc) SRV - [2009.08.05 16:55:44 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2009.06.09 15:27:12 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2009.05.19 10:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort) SRV - [2009.04.17 13:34:31 | 000,265,912 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2008.01.29 16:38:32 | 000,583,048 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe -- (LiveUpdate Notice Service) SRV - [2007.09.26 09:53:56 | 002,999,664 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE -- (LiveUpdate) SRV - [2007.09.26 09:53:56 | 000,554,352 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe -- (Automatisches LiveUpdate - Scheduler) SRV - [2007.02.13 14:19:48 | 000,182,392 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\sony\VAIO Event Service\VESMgr.exe -- (VAIO Event Service) SRV - [2007.02.02 13:56:52 | 000,118,784 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service) SRV - [2007.01.24 15:56:24 | 000,075,320 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AvLib\SSScsiSV.exe -- (SSScsiSV) SRV - [2007.01.24 15:56:20 | 000,112,184 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AvLib\SsBeSvc.exe -- (SonicStage Back-End Service) SRV - [2007.01.16 13:05:00 | 002,523,136 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\sony\VAIO Media Integrated Server\VMISrv.exe -- (VAIOMediaPlatform-IntegratedServer-AppServer) SRV - [2007.01.16 13:05:00 | 001,089,536 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe -- (VAIOMediaPlatform-UCLS-UPnP) VAIO Media Content Collection (UPnP) SRV - [2007.01.16 13:05:00 | 001,089,536 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe -- (VAIOMediaPlatform-IntegratedServer-UPnP) VAIO Media Integrated Server (UPnP) SRV - [2007.01.10 15:51:06 | 000,745,472 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\sony\VAIO Media Integrated Server\UCLS.exe -- (VAIOMediaPlatform-UCLS-AppServer) SRV - [2007.01.10 09:43:24 | 000,073,728 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe -- (VAIO Entertainment TV Device Arbitration Service) SRV - [2007.01.08 16:06:40 | 000,397,312 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe -- (VAIOMediaPlatform-UCLS-HTTP) VAIO Media Content Collection (HTTP) SRV - [2007.01.08 16:06:40 | 000,397,312 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe -- (VAIOMediaPlatform-IntegratedServer-HTTP) VAIO Media Integrated Server (HTTP) SRV - [2007.01.08 16:01:34 | 000,491,520 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\sony\VAIO Media Integrated Server\Platform\VmGateway.exe -- (VAIOMediaPlatform-Mobile-Gateway) SRV - [2007.01.04 18:48:52 | 000,112,152 | R--- | M] (InterVideo) [Auto | Running] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr) SRV - [2006.12.22 06:31:50 | 000,108,712 | ---- | M] () [Auto | Running] -- C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor5.0) SRV - [2006.12.14 01:21:20 | 000,045,056 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AvLib\MSCSPTISRV.exe -- (MSCSPTISRV) SRV - [2006.12.14 01:02:08 | 000,069,632 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AvLib\SPTISRV.exe -- (SPTISRV) SRV - [2006.12.14 00:46:16 | 000,057,344 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AvLib\PACSPTISVR.exe -- (PACSPTISVR) SRV - [2006.11.28 18:27:46 | 000,274,432 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe -- (Vcsw) SRV - [2006.11.28 18:09:58 | 000,135,168 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe -- (VzFw) SRV - [2006.11.28 18:09:46 | 000,172,032 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe -- (VzCdbSvc) SRV - [2005.11.14 00:06:04 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp) DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\blbdrive.sys -- (blbdrive) DRV - [2009.12.07 22:11:08 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2009.10.12 21:24:56 | 000,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Running] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM) DRV - [2009.10.12 21:24:54 | 000,009,968 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV) DRV - [2009.10.12 21:24:52 | 000,074,480 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL) DRV - [2009.08.05 22:48:42 | 000,054,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\fssfltr.sys -- (fssfltr) DRV - [2009.06.09 15:27:13 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009.04.27 15:28:31 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2009.02.13 10:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio) DRV - [2007.04.23 03:25:18 | 000,070,144 | ---- | M] (Realtek Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169) DRV - [2007.04.06 12:03:23 | 001,761,696 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM) DRV - [2007.04.05 02:03:44 | 000,031,104 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SonyImgF.sys -- (SonyImgF) DRV - [2007.04.04 05:34:57 | 000,073,472 | ---- | M] (Ricoh) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\R5U870FLx86.sys -- (R5U870FLx86) DRV - [2007.04.04 05:34:57 | 000,043,904 | ---- | M] (Ricoh) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\R5U870FUx86.sys -- (R5U870FUx86) DRV - [2007.04.04 03:22:49 | 002,412,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag) DRV - [2007.03.24 04:02:08 | 001,669,632 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\igdkmd32.sys -- (igfx) DRV - [2007.03.08 22:05:56 | 000,181,560 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP) DRV - [2007.03.07 12:34:04 | 002,216,448 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Intel(R) DRV - [2007.03.02 13:42:18 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio) DRV - [2007.03.02 13:42:13 | 000,985,600 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_DPV.sys -- (HSF_DPV) DRV - [2007.03.02 13:42:11 | 000,659,968 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_CNXT.sys -- (winachsf) DRV - [2007.03.02 13:42:11 | 000,207,360 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWAZL.sys -- (HSXHWAZL) DRV - [2007.02.08 04:53:57 | 000,807,424 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ti21sony.sys -- (ti21sony) DRV - [2007.02.06 06:54:39 | 000,027,520 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SonyNC.sys -- (SNC) DRV - [2007.01.24 13:57:38 | 000,073,728 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Tosrfhid.sys -- (Tosrfhid) DRV - [2007.01.12 20:41:32 | 000,113,792 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfbd.sys -- (tosrfbd) DRV - [2007.01.12 20:16:54 | 000,040,576 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfusb.sys -- (tosrfusb) DRV - [2007.01.10 04:52:56 | 000,039,056 | ---- | M] (UPEK Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tcusb.sys -- (TcUsb) DRV - [2007.01.03 10:19:08 | 000,011,032 | ---- | M] (InterVideo) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\regi.sys -- (regi) DRV - [2006.11.20 16:55:16 | 000,036,480 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfbnp.sys -- (tosrfbnp) DRV - [2006.11.02 10:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300) DRV - [2006.11.02 10:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx) DRV - [2006.11.02 10:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor) DRV - [2006.11.02 10:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci) DRV - [2006.11.02 10:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci) DRV - [2006.11.02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV) DRV - [2006.11.02 10:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320) DRV - [2006.11.02 10:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2) DRV - [2006.11.02 10:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid) DRV - [2006.11.02 10:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx) DRV - [2006.11.02 10:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata) DRV - [2006.11.02 10:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m) DRV - [2006.11.02 10:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid) DRV - [2006.11.02 10:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960) DRV - [2006.11.02 10:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp) DRV - [2006.11.02 10:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4) DRV - [2006.11.02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor) DRV - [2006.11.02 10:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx) DRV - [2006.11.02 10:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas) DRV - [2006.11.02 10:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI) DRV - [2006.11.02 10:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2) DRV - [2006.11.02 10:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs) DRV - [2006.11.02 10:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc) DRV - [2006.11.02 10:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid) DRV - [2006.11.02 10:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi) DRV - [2006.11.02 10:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS) DRV - [2006.11.02 10:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx) DRV - [2006.11.02 10:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC) DRV - [2006.11.02 10:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3) DRV - [2006.11.02 10:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x) DRV - [2006.11.02 10:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi) DRV - [2006.11.02 10:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas) DRV - [2006.11.02 10:49:30 | 000,017,512 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide) DRV - [2006.11.02 10:49:28 | 000,016,488 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide) DRV - [2006.11.02 10:49:20 | 000,014,952 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide) DRV - [2006.11.02 09:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM) DRV - [2006.11.02 09:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer) DRV - [2006.11.02 09:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp) DRV - [2006.11.02 09:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo) DRV - [2006.11.02 09:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm) DRV - [2006.11.02 09:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm) DRV - [2006.11.02 08:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi) DRV - [2006.11.02 08:30:54 | 001,781,760 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel(R) DRV - [2006.11.02 08:30:54 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R) DRV - [2006.10.18 10:56:30 | 000,010,216 | ---- | M] (Sony Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\DMICall.sys -- (DMICall) DRV - [2006.10.10 18:33:00 | 000,041,600 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tosporte.sys -- (tosporte) DRV - [2005.08.01 15:45:00 | 000,064,896 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\tosrfcom.sys -- (Tosrfcom) DRV - [2005.01.06 12:42:00 | 000,018,612 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfnds.sys -- (tosrfnds) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.club-vaio.com IE - HKLM\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files\Winload\tbWinl.dll (Conduit Ltd.) IE - HKLM\..\URLSearchHook: {97ac393a-a525-4cd0-95cf-019b028cc7a4} - C:\Program Files\Peer2Peer-DE\tbPeer.dll (Conduit Ltd.) IE - HKLM\..\URLSearchHook: {fc01c2be-850b-4115-9b6b-9a427ddecc34} - C:\Program Files\jetztspielenob.de\tbjetz.dll File not found IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.club-vaio.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [Binary data over 100 bytes] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.club-vaio.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files\Winload\tbWinl.dll (Conduit Ltd.) IE - HKCU\..\URLSearchHook: {97ac393a-a525-4cd0-95cf-019b028cc7a4} - C:\Program Files\Peer2Peer-DE\tbPeer.dll (Conduit Ltd.) IE - HKCU\..\URLSearchHook: {fc01c2be-850b-4115-9b6b-9a427ddecc34} - C:\Program Files\jetztspielenob.de\tbjetz.dll File not found IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "bing" FF - prefs.js..browser.search.defaultthis.engineName: "Winload Customized Web Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.startup.homepage: "google.de" FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.5 FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010.09.11 22:12:37 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.09.11 22:12:25 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.09.11 22:12:43 | 000,000,000 | ---D | M] [2009.04.15 12:51:08 | 000,000,000 | ---D | M] -- C:\Users\Anwender\AppData\Roaming\mozilla\Extensions [2010.09.12 10:34:52 | 000,000,000 | ---D | M] -- C:\Users\Anwender\AppData\Roaming\mozilla\Firefox\Profiles\7nnl4ryx.default\extensions [2010.03.24 15:13:02 | 000,000,917 | ---- | M] () -- C:\Users\Anwender\AppData\Roaming\Mozilla\FireFox\Profiles\7nnl4ryx.default\searchplugins\conduit.xml [2009.04.15 12:50:55 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions [2008.09.04 01:11:24 | 000,054,600 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npbittorrent.dll [2010.01.13 16:01:54 | 000,001,392 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.02.25 08:40:10 | 000,000,955 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bingober23502736.gif [2010.05.04 15:53:12 | 000,000,181 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bingober23502736.src [2010.01.13 16:01:54 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-de.xml [2010.01.13 16:01:54 | 000,006,805 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.01.13 16:01:54 | 000,000,986 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.01.13 16:01:54 | 000,000,801 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (Winload Toolbar) - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files\Winload\tbWinl.dll (Conduit Ltd.) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation) O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Peer2Peer-DE Toolbar) - {97ac393a-a525-4cd0-95cf-019b028cc7a4} - C:\Program Files\Peer2Peer-DE\tbPeer.dll (Conduit Ltd.) O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.) O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Google BAE\BAE.dll (Your Company Name) O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O2 - BHO: (jetztspielenob.de Toolbar) - {fc01c2be-850b-4115-9b6b-9a427ddecc34} - C:\Program Files\jetztspielenob.de\tbjetz.dll File not found O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O3 - HKLM\..\Toolbar: (Winload Toolbar) - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files\Winload\tbWinl.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Peer2Peer-DE Toolbar) - {97ac393a-a525-4cd0-95cf-019b028cc7a4} - C:\Program Files\Peer2Peer-DE\tbPeer.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (jetztspielenob.de Toolbar) - {fc01c2be-850b-4115-9b6b-9a427ddecc34} - C:\Program Files\jetztspielenob.de\tbjetz.dll File not found O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (Peer2Peer-DE Toolbar) - {97AC393A-A525-4CD0-95CF-019B028CC7A4} - C:\Program Files\Peer2Peer-DE\tbPeer.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (jetztspielenob.de Toolbar) - {FC01C2BE-850B-4115-9B6B-9A427DDECC34} - C:\Program Files\jetztspielenob.de\tbjetz.dll File not found O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe (Sony Corporation) O4 - HKLM..\Run: [ Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [NBKeyScan] C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe File not found O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [Symantec PIF AlertEng] C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation) O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.) O4 - HKLM..\Run: [TrojanScanner] c:\desktop\Trjscan.exe (Simply Super Software) O4 - HKLM..\Run: [VAIOCameraUtility] C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe (Sony Corporation) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe File not found O4 - HKCU..\Run: [SearchEngineProtection] C:\Program Files\GamesBar\SearchEngineProtection.exe (Oberon Media ) O4 - HKCU..\Run: [siodfjisod.exe] C:\siodfjisod.exe\siodfjisod.exe () O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com) O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.) O4 - HKCU..\Run: [ugsoacgsco.exe] C:\ugsoacgsco.exe\ugsoacgsco.exe () O4 - HKCU..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll (Google Inc.) O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll (Sun Microsystems, Inc.) O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0) O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 195.50.140.180 195.50.140.114 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com) O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation) O20 - Winlogon\Notify\VESWinlogon: DllName - VESWinlogon.dll - C:\Windows\System32\VESWinlogon.dll (Sony Corporation) O22 - SharedTaskScheduler: {EC654325-1273-C2A9-2B7C-45D29BCE68FB} - Deskscapes - C:\Program Files\Stardock\Object Desktop\DeskScapes3\deskscapes.dll File not found O24 - Desktop WallPaper: C:\Users\Anwender\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\Anwender\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{4c137521-29a3-11de-9c0b-001a803ba6e5}\Shell - "" = AutoRun O33 - MountPoints2\{4c137521-29a3-11de-9c0b-001a803ba6e5}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -- File not found O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\Autorun.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010.11.21 01:50:41 | 000,000,000 | ---D | C] -- C:\Users\Anwender\Desktop\Facharbeit [2010.11.21 00:54:44 | 000,000,000 | ---D | C] -- C:\Users\Anwender\Documents\Simply Super Software [2010.11.21 00:54:17 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ztvcabinet.dll [2010.11.21 00:54:14 | 000,000,000 | ---D | C] -- C:\Users\Anwender\AppData\Roaming\Simply Super Software [2010.11.21 00:54:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Simply Super Software [2010.11.21 00:54:14 | 000,000,000 | ---D | C] -- C:\desktop [2010.11.17 18:38:58 | 000,000,000 | -H-D | C] -- C:\Users\Public\Documents\Windows [2010.11.17 18:38:54 | 000,000,000 | -H-D | C] -- C:\Users\Public\Documents\Server [2010.11.03 15:01:35 | 000,000,000 | ---D | C] -- C:\Users\Anwender\Desktop\work [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010.11.21 14:13:00 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2010.11.21 14:09:59 | 000,000,422 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{A97F0C33-E1A8-4830-85A8-3F559BC3C605}.job [2010.11.21 13:48:01 | 000,003,456 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2010.11.21 13:48:01 | 000,003,456 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2010.11.21 12:56:32 | 000,698,314 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2010.11.21 12:56:32 | 000,656,850 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2010.11.21 12:56:32 | 000,140,292 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2010.11.21 12:56:32 | 000,121,506 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2010.11.21 12:49:42 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2010.11.21 12:47:56 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010.11.21 12:47:50 | 2137,448,448 | -HS- | M] () -- C:\hiberfil.sys [2010.11.18 16:33:50 | 000,005,229 | ---- | M] () -- C:\Users\Anwender\Desktop\Dokument.rtf [2010.11.14 14:13:39 | 000,000,338 | ---- | M] () -- C:\Users\Anwender\Desktop\dvd wishlist.rtf [2010.10.27 18:55:32 | 000,186,880 | ---- | M] () -- C:\Users\Anwender\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2010.11.21 01:32:37 | 000,000,902 | ---- | C] () -- C:\Users\Anwender\Desktop\SUPERAntiSpyware Free Edition.lnk [2010.11.21 01:32:27 | 000,000,818 | ---- | C] () -- C:\Users\Anwender\Desktop\Malwarebytes' Anti-Malware.lnk [2010.11.21 00:54:17 | 000,162,304 | ---- | C] () -- C:\Windows\System32\ztvunrar36.dll [2010.11.21 00:54:17 | 000,077,312 | ---- | C] () -- C:\Windows\System32\ztvunace26.dll [2010.11.21 00:54:17 | 000,075,264 | ---- | C] () -- C:\Windows\System32\unacev2.dll [2010.11.21 00:54:16 | 000,153,088 | ---- | C] () -- C:\Windows\System32\UNRAR3.dll [2010.11.20 16:56:07 | 000,001,670 | ---- | C] () -- C:\Users\Anwender\Desktop\CCleaner.lnk [2010.11.14 00:37:47 | 000,000,338 | ---- | C] () -- C:\Users\Anwender\Desktop\dvd wishlist.rtf [2010.09.11 19:45:51 | 000,598,016 | ---- | C] () -- C:\Windows\System32\viscomqtde.dll [2010.09.11 19:45:51 | 000,262,144 | ---- | C] () -- C:\Windows\System32\lame_enc.dll [2010.09.11 18:35:37 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll [2010.06.28 19:25:43 | 000,017,408 | ---- | C] () -- C:\Users\Anwender\AppData\Local\WebpageIcons.db [2010.06.11 19:23:18 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2009.11.13 17:23:06 | 000,000,032 | ---- | C] () -- C:\Windows\Menu.INI [2009.09.30 13:24:11 | 000,011,474 | ---- | C] () -- C:\ProgramData\LUUnInstall.LiveUpdate [2009.05.11 22:17:19 | 000,000,036 | -H-- | C] () -- C:\Windows\System32\swk.ini [2008.12.23 20:10:27 | 000,000,395 | ---- | C] () -- C:\Windows\SIERRA.INI [2008.06.22 20:58:43 | 000,755,027 | ---- | C] () -- C:\Windows\System32\xvidcore.dll [2008.06.22 20:58:43 | 000,164,352 | ---- | C] () -- C:\Windows\System32\unrar.dll [2007.11.11 17:33:13 | 000,012,288 | ---- | C] () -- C:\Windows\impborl.dll [2007.10.11 15:43:34 | 000,000,000 | ---- | C] () -- C:\Windows\iPlayer.INI [2007.09.22 18:42:38 | 000,000,209 | ---- | C] () -- C:\Windows\ODBCINST.INI [2007.09.22 15:17:00 | 000,186,880 | ---- | C] () -- C:\Users\Anwender\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2007.09.21 18:07:32 | 000,000,680 | ---- | C] () -- C:\Users\Anwender\AppData\Local\d3d9caps.dat [2007.06.06 10:12:26 | 000,019,968 | ---- | C] () -- C:\Windows\System32\Cpuinf32.dll [2007.06.06 10:11:23 | 000,532,480 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Sony.dll [2007.04.13 19:35:49 | 000,910,304 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll [2007.04.13 19:35:49 | 000,249,856 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll [2007.04.13 19:35:49 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1230.dll [2007.04.13 19:35:47 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll [2007.04.13 19:34:51 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll [2007.04.13 13:54:44 | 000,000,000 | ---- | C] () -- C:\Windows\VAIOUpdt.INI [2007.04.13 10:53:18 | 000,163,840 | ---- | C] () -- C:\Windows\System32\WLANDLL.DLL [2007.03.16 08:16:12 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll [2007.03.16 08:16:12 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll [2007.03.16 08:15:25 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini [2006.12.05 12:05:06 | 000,114,688 | ---- | C] () -- C:\Windows\System32\TosBtAcc.dll [2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2005.07.22 20:30:20 | 000,065,536 | ---- | C] () -- C:\Windows\System32\TosCommAPI.dll ========== LOP Check ========== [2009.05.13 18:01:59 | 000,000,000 | -HSD | M] -- C:\Users\Anwender\AppData\Roaming\.# [2009.09.06 20:22:18 | 000,000,000 | ---D | M] -- C:\Users\Anwender\AppData\Roaming\BitTorrent [2009.04.11 20:20:08 | 000,000,000 | ---D | M] -- C:\Users\Anwender\AppData\Roaming\foobar2000 [2010.02.01 15:11:21 | 000,000,000 | ---D | M] -- C:\Users\Anwender\AppData\Roaming\HdO Adventure [2007.09.22 21:19:22 | 000,000,000 | ---D | M] -- C:\Users\Anwender\AppData\Roaming\InterVideo [2010.06.07 19:55:12 | 000,000,000 | ---D | M] -- C:\Users\Anwender\AppData\Roaming\Jetsetter [2008.11.04 20:59:39 | 000,000,000 | ---D | M] -- C:\Users\Anwender\AppData\Roaming\Mobipocket [2010.06.08 16:22:09 | 000,000,000 | ---D | M] -- C:\Users\Anwender\AppData\Roaming\NevoSoft Games [2010.05.15 20:03:00 | 000,000,000 | ---D | M] -- C:\Users\Anwender\AppData\Roaming\Playrix Entertainment [2009.05.13 17:33:48 | 000,000,000 | ---D | M] -- C:\Users\Anwender\AppData\Roaming\Shockwave [2010.11.21 00:54:14 | 000,000,000 | ---D | M] -- C:\Users\Anwender\AppData\Roaming\Simply Super Software [2010.02.01 15:10:30 | 000,000,000 | ---D | M] -- C:\Users\Anwender\AppData\Roaming\Zylom [2010.11.21 01:56:00 | 000,032,642 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2010.11.21 14:09:59 | 000,000,422 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{A97F0C33-E1A8-4830-85A8-3F559BC3C605}.job ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 99 bytes -> C:\ProgramData\TEMP:680086AB @Alternate Data Stream - 337 bytes -> C:\ProgramData\TEMP:E2533C29 @Alternate Data Stream - 290 bytes -> C:\ProgramData\TEMP:1387592D @Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:8F4589DC @Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:E98C5DD9 @Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:4D7FCCD3 @Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:C4967F48 @Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:33A7CC67 @Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:1E3397DC @Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:40546375 @Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:3FC4A10A @Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:CB0AACC9 @Alternate Data Stream - 106 bytes -> C:\ProgramData\TEMP:3B3A35EC @Alternate Data Stream - 100 bytes -> C:\ProgramData\TEMP:FB384C06 < End of report > Code:
ATTFilter OTL Extras logfile created on: 21.11.2010 14:11:23 - Run 2 OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\Anwender\Downloads Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 36,00% Memory free 4,00 Gb Paging File | 3,00 Gb Available in Paging File | 61,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 102,48 Gb Total Space | 48,65 Gb Free Space | 47,47% Space Free | Partition Type: NTFS Computer Name: ANWENDER-PC | User Name: Anwender | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 "DoNotAllowExceptions" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.) ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{4F550B9B-A06E-4511-BCCD-3721920F3993}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | "{823FA414-8A8E-427C-826D-225D7A7AFFB9}" = lport=2869 | protocol=6 | dir=in | app=system | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0397F209-2B17-4D9E-BB4C-0AA975755283}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{0DD55F49-8C2B-4321-952A-4DAD9B944580}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe | "{280FC063-7F47-48CA-B776-829A33240F30}" = protocol=6 | dir=in | app=c:\users\anwender\downloads\videoconverter_setup.exe | "{2C590BDB-C6F2-4315-A88C-F6F071B4D772}" = protocol=17 | dir=in | app=c:\users\anwender\downloads\videoconverter_setup.exe | "{3166F857-65DC-4495-A58E-2A65D9C960D3}" = protocol=17 | dir=in | app=c:\program files\google\google talk\googletalk.exe | "{3E8C76E0-F959-4456-8503-6C437934430B}" = protocol=6 | dir=in | app=c:\program files\google\google talk\googletalk.exe | "{43797E58-646A-4DB3-8490-55AA5B78EFB2}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{7765D68A-3BB6-4210-B46F-2F6C2B6C2CB0}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{7CE4DAC2-FD8C-4D90-8AA7-9D7A3FA46FF3}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | "{83A0190E-D55D-4748-B6A7-2CDA9958C9EC}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | "{8493B2E4-32DD-45FE-A3C9-B24BBD4CE4CB}" = protocol=17 | dir=in | app=c:\program files\dna\btdna.exe | "{8A788F21-9454-41F4-9AB9-12A235D01281}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{8D34A228-2075-46D6-925A-2F6891D422ED}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{B19E1A39-B6DB-4E5B-B60B-F3BC888956FC}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | "{B2F170F5-1006-4CCC-AE67-15E4A26EF9EE}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | "{D5BBF540-8E14-4333-A8F3-B0E542FBC105}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe | "{D6C75007-BAF1-4A48-8C7E-5CD2B984F2A9}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | "{D7F46666-9870-4E7F-A70B-6AA6F0B2A094}" = protocol=6 | dir=in | app=c:\users\anwender\downloads\flvplayer_setup.exe | "{E1F3FE5D-3F42-4E55-AF45-24D754641485}" = protocol=6 | dir=in | app=c:\program files\dna\btdna.exe | "{E3C6AD3C-098F-497D-9005-F99D5A0B2DFA}" = protocol=17 | dir=in | app=c:\users\anwender\downloads\flvplayer_setup.exe | "{F57AE497-106F-4DE4-ADA3-7125C04D1876}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | "{FACB5DF2-051F-4028-8DA6-A8C4798EEFDC}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe | "TCP Query User{04812492-70B1-4507-9243-71031003C6DF}C:\users\anwender\program files\dna\btdna.exe" = protocol=6 | dir=in | app=c:\users\anwender\program files\dna\btdna.exe | "TCP Query User{195D3C69-82BE-4D47-86E4-1039DC418EC7}C:\program files\itunes\itunes.exe" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe | "TCP Query User{468C35B4-B675-45D7-B322-6993129B5397}C:\programdata\a6549bc\wsa654.exe" = protocol=6 | dir=in | app=c:\programdata\a6549bc\wsa654.exe | "TCP Query User{9586110B-5D13-4482-B54A-83378134BFF6}C:\program files\activision\star trek elite force ii single player demo\ef2.exe" = protocol=6 | dir=in | app=c:\program files\activision\star trek elite force ii single player demo\ef2.exe | "TCP Query User{BE83E91B-C7E2-4906-97AE-73F6753C41A1}C:\programdata\a6549bc\wsa654.exe" = protocol=6 | dir=in | app=c:\programdata\a6549bc\wsa654.exe | "TCP Query User{C6F76CCC-37B0-48CB-BB03-CC64C19E4C91}C:\program files\bittorrent\bittorrent.exe" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe | "TCP Query User{CE015185-F21A-48C3-B491-83778048959E}C:\users\anwender\program files\dna\btdna.exe" = protocol=6 | dir=in | app=c:\users\anwender\program files\dna\btdna.exe | "TCP Query User{D6DEA613-5146-4719-9F62-46B0ABA0AE5E}C:\users\anwender\desktop\x-plane 9-demo\x-plane.exe" = protocol=6 | dir=in | app=c:\users\anwender\desktop\x-plane 9-demo\x-plane.exe | "TCP Query User{E7C013DE-7146-4405-BB64-7E36E97C4E5F}C:\program files\flightgear\bin\win32\fgfs.exe" = protocol=6 | dir=in | app=c:\program files\flightgear\bin\win32\fgfs.exe | "UDP Query User{19F0F815-8277-432D-88EF-D136F8ABDD5A}C:\users\anwender\program files\dna\btdna.exe" = protocol=17 | dir=in | app=c:\users\anwender\program files\dna\btdna.exe | "UDP Query User{1CF467F5-F537-4EBC-8A19-160ED4750758}C:\program files\bittorrent\bittorrent.exe" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe | "UDP Query User{2101C5B6-A5FF-4D58-9B31-52DB7FB704C3}C:\program files\itunes\itunes.exe" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe | "UDP Query User{56D06916-E511-4725-A4BF-682D43B3BA9E}C:\program files\flightgear\bin\win32\fgfs.exe" = protocol=17 | dir=in | app=c:\program files\flightgear\bin\win32\fgfs.exe | "UDP Query User{720454DC-676C-4F10-853F-06910B4E265C}C:\users\anwender\desktop\x-plane 9-demo\x-plane.exe" = protocol=17 | dir=in | app=c:\users\anwender\desktop\x-plane 9-demo\x-plane.exe | "UDP Query User{988B26CD-FD81-4B78-8B6C-46070B0C675E}C:\programdata\a6549bc\wsa654.exe" = protocol=17 | dir=in | app=c:\programdata\a6549bc\wsa654.exe | "UDP Query User{B71E067D-E4A5-42B3-B3E1-9F5A85B2942A}C:\program files\activision\star trek elite force ii single player demo\ef2.exe" = protocol=17 | dir=in | app=c:\program files\activision\star trek elite force ii single player demo\ef2.exe | "UDP Query User{E89CCFEE-C3A2-4A41-9FB6-9A2A0228483C}C:\users\anwender\program files\dna\btdna.exe" = protocol=17 | dir=in | app=c:\users\anwender\program files\dna\btdna.exe | "UDP Query User{E9C4C8A5-CFD4-492E-B1CA-2DD4CD9CA492}C:\programdata\a6549bc\wsa654.exe" = protocol=17 | dir=in | app=c:\programdata\a6549bc\wsa654.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{01FDC9FC-4D4F-4DB0-ACD1-D3E8E1D52902}" = Sony Video Shared Library "{028ED9C4-25EE-4DEE-9CF4-91034BC89B18}" = Microsoft SQL Server 2005 Express Edition (VAIO_VEDB) "{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour "{07629207-FAA0-4F1A-8092-BF5085BE511F}" = Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch) "{10798AE3-DCBB-43C3-9C93-C23512427E25}" = Die Sims Deluxe "{1417F599-1DBD-4499-9375-B2813E9F890C}" = VAIO Camera Utility "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{1966CFDC-5011-4480-B309-7FD59B91D10F}" = LEGO® Harry Potter™: Die Jahre 1-4 DEMO "{1BEF9285-5530-426B-A5F1-5836B95C7EB1}" = VAIO Original Screen Saver "{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = WinDVD for VAIO "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool "{2063C2E8-3812-4BBD-9998-6610F80C1DD4}" = VAIO Media AC3 Decoder 1.0 "{21206703-2882-4110-9A75-63A4803B6AE8}" = Magic Encyclopedia "{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only) "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{25569723-DC5A-4467-A639-79535BF01B71}" = Adobe Help Center 2.1 "{2A0F3EF9-68EE-49E9-A05B-ED5B82DF63E5}" = Wireless Switch Setting Utility "{2A2FF7F5-6F0E-4A5D-A881-39365E718BD6}" = VAIO Cozy Orange Wallpaper "{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie "{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java(TM) SE Runtime Environment 6 "{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup "{3A23120C-CD83-4CE6-B451-C5C998052522}" = Battery Care Function "{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform "{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = Browser Address Error Redirector "{3F50AF3B-8997-4916-0095-99D63DDB785A}" = Harry Potter TM "{41C5EDB3-BE78-4C29-AE83-EDD2B1B740F1}" = CSI: Dark Motives "{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger "{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth "{428A6DA3-FD56-44AE-B602-15DCCD6A7515}" = VAIO AV Mode Launcher "{48820099-ED7D-424B-890C-9A82EF00656D}" = VAIO Update 3 "{49E766E4-4B3F-40F7-B987-89F2DF6D524C}" = Moorhuhn Kart XXL "{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack "{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works "{500162A0-4DD5-460A-BAFD-895AAE48C532}" = VAIO Media Content Collection 6.0 "{500C3FDC-5E5F-485F-BDF5-2C445839CBE0}" = "{51E55DEA-DA24-5477-B9F1-099918E97573}" = Poker Superstars III "{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent "{55B781F0-060E-11D4-99D7-00C04FCCB775}" = "{560F6B2E-F0DF-44E5-8190-A4A161F0E205}" = VAIO Media 6.0 "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml "{57B955CE-B5D3-495D-AF1B-FAEE0540BFEF}" = VAIO Data Restore Tool "{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3 "{5855C127-1F20-404D-B7FB-1FD84D7EAB5E}" = VAIO Media Redistribution 6.0 "{5943B7F7-678B-477E-9AEE-6E4C6962322B}" = Sparwelt.de Gutschein Alarm "{59452470-A902-477F-9338-9B88101681BD}" = Setting Utility Series "{5E343EF6-D27C-4CFC-9FAE-9AAFB541BCEE}" = VAIO Photo 2007 "{5EFCBB42-36AB-4FF9-B90C-E78C7B9EE7B3}" = iTunes "{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call "{638BAD93-701B-482A-86C6-72DFF3E6FE51}" = "{654F0312-CB3D-4FE2-962C-6BB9752E9146}" = iPod for Windows 2005-06-26 "{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites "{68A69CFF-130D-4CDE-AB0E-7374ECB144C8}" = VAIO Video & Photo Suite "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update "{6B1F20F2-6321-4669-A58C-33DF8E7517FF}" = VAIO Entertainment Platform "{6D2576EC-A0E9-418A-A09A-409933A3B6F4}" = VAIO Camera Capture Utility "{70B7A167-0B88-445D-A3EA-97C73AA88CAC}" = Windows Live Toolbar "{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync "{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762 "{785EB1D4-ECEC-4195-99B4-73C47E187721}" = VAIO Media Integrated Server 6.0 "{7FB12670-0F93-4E1E-B2F5-4F339199A03A}" = Microsoft SQL Server Native Client "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115415417}" = Magic Encyclopedia First Story "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-118278727}" = Nora Roberts - Vision In White "{849A32C3-E75A-4791-9B11-E568BA3525A4}" = Microsoft SQL Server VSS Writer "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8A1033B0-EF33-4FB5-97A1-C47A7DCDD7E6}_is1" = ClipGrab 3.0.7 "{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86) "{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007 "{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1) "{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007 "{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1) "{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007 "{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1) "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{2AB528A5-BB1B-4EBE-8E51-AD0C4CD33CA9}" = 2007 Microsoft Office Suite Service Pack 1 (SP1) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{3EC77D26-799B-4CD8-914F-C1565E796173}" = 2007 Microsoft Office Suite Service Pack 1 (SP1) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{430971B1-C31E-45DA-81E0-72C095BAB72C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1) "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007 "{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{58FC5E37-DD28-4D4A-A549-125744C6763C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1) "{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{888B9AC7-8F5C-456B-A27A-157A6C310E52}" = 2007 Microsoft Office Suite Service Pack 1 (SP1) "{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007 "{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1) "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007 "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}" = 2007 Microsoft Office Suite Service Pack 1 (SP1) "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{97BCD719-6ECB-458F-97D6-F38D2E07375E}" = VAIO Aqua Breeze Wallpaper "{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster "{994223F3-A99B-4DDD-9E1D-0190A17C6860}" = Windows Live Family Safety "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9E319E96-ED8E-4B01-9775-C521A1869A25}" = VAIO Power Management "{9E407618-D9CD-4F39-9490-9ED45294073D}" = Click to DVD 2.0.05 Menu Data "{9FA8B5F5-4BDC-4CF4-9202-AA97FF79AE98}" = VAIO Media "{A0EB195B-5876-48E6-879D-33D4B2102610}" = SonicStage 4.3 "{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable "{A4F9E9FE-A9C7-43FC-8AB7-06A87C3CE368}" = Star Wars Republic Commando Demo "{A7B609FB-83D8-4FC3-8477-1BC65ECFE85B}" = Adobe Photoshop Elements 5.0 "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{A93944F2-D2D4-4750-BFE7-9A288FEAF2CF}" = Apple Application Support "{A947C2B3-7445-42C4-9063-EE704CACCB22}" = VAIO Hardware Diagnostics "{AC76BA86-7AD7-1031-7B44-A81300000003}" = Adobe Reader 8.1.3 - Deutsch "{AF9A04EB-7D8E-41DE-9EDE-4AB9BB2B71B6}" = VAIO Media Registration Tool 6.0 "{AFA20D47-69C3-4030-8DF8-D37466E70F13}" = Apple Mobile Device Support "{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player "{B7FB0C86-41A4-4402-9A33-912C462042A0}" = Roxio Easy Media Creator Home "{BBFFB027-7D53-4E1B-95BC-35A2216D1D60}" = VAIO Long Battery Life Wallpaper "{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86) "{C183A21C-395A-490F-99D4-CCAB35E32859}" = "{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail "{CCD663AE-610D-4BDF-AAB0-E914B044527D}" = OpenMG Secure Module 4.7.00 "{CD1513FC-273F-4744-8934-A6E5B1741E98}" = Star Wars JK II Jedi Outcast Demo "{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition "{CE72437E-0C5F-4E26-8C07-42AB0C9F7B1D}" = VAIO Video & Photo Suite "{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba "{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2 "{D1F6BB2F-E9A4-4233-BA03-BB62E8AED82A}" = Star Wars Jedi Knight Jedi Academy Demo "{D642E38E-0D24-486C-9A2D-E316DD696F4B}" = Microsoft XML Parser "{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}" = LiveUpdate Notice (Symantec Corporation) "{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer "{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update "{E6707034-D7A4-49B1-94D0-F5AACE46F06C}" = Instant Mode "{E809063C-51A3-4269-8984-D1EB742F2151}" = Click to DVD 2.6.00 "{E89D31F3-7F6C-47A3-8669-0A8DDE27B664}" = VAIO Media Registration Tool "{EB900AF8-CC61-4E15-871B-98D1EA3E8025}" = QuickTime "{EF3D45BB-2260-4008-88EA-492E7744A9DF}" = Sony Utilities DLL "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0D85ADD-DD61-4B43-87A0-6DA52A211A8B}" = VAIO Event Service "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0 "{F570A6CC-53ED-4AA9-8B08-551CD3E38D8B}" = "{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials "{FC37C108-821D-4EDE-8F40-D5B497586805}" = VAIO Control Center "{FCCB0B43-7A6D-49A4-A5B3-B10F592F4EB6}" = LAN-Express AS IEEE 802.11 Wireless LAN "AaaaaAAaaaAAAaaAAAAaAAAAA!!! - A Reckless Disreg~B653BC65_is1" = AaaaaAAaaaAAAaaAAAAaAAAAA!!! - A Reckless Disregard for Gravity "Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Adobe Photoshop Elements 5" = Adobe Photoshop Elements 5.0 "Adobe Shockwave Player" = Adobe Shockwave Player 11.5 "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus "CCleaner" = CCleaner "Clean Virus MSN_is1" = Clean Virus MSN "CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_104D0200" = HDAUDIO SoftV92 Data Fax Modem with SmartCP "De_Blob_EN" = De Blob (alleen verwijderen) "Drawn The Painted Tower" = Drawn The Painted Tower (remove only) "DreamMaker" = DreamMaker "Episode 104 - Abe Lincoln Must Die!" = Sam and Max - Season One - Sam and Max Episode 104 - Abe Lincoln Must Die! "foobar2000" = foobar2000 v0.9.4.5 "Free YouTube Download_is1" = Free YouTube Download 2.2 "Free YouTube to Mp3 Converter_is1" = Free YouTube to Mp3 Converter version 2.5 "GAME OF LIFE by Hasbro" = GAME OF LIFE by Hasbro (remove only) "GamesBar" = GamesBar 2.0.1.46 "HDMI" = Intel(R) Graphics Media Accelerator Driver "HOMESTUDENTR" = Microsoft Office Home and Student 2007 "InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = WinDVD for VAIO "InstallShield_{654F0312-CB3D-4FE2-962C-6BB9752E9146}" = iPod for Windows 2005-06-26 "InstallShield_{CCD663AE-610D-4BDF-AAB0-E914B044527D}" = OpenMG Secure Module 4.7.00 "InterActual Player" = InterActual Player "IrfanView" = IrfanView (remove only) "James Bond 007: Nightfire Demo" = James Bond 007: Nightfire Demo "jetztspielenob.de Toolbar" = jetztspielenob.de Toolbar "kaltkaltkalt" = kaltkaltkalt Screen Saver "KLiteCodecPack_is1" = K-Lite Codec Pack 3.8.0 Basic "LiveUpdate" = LiveUpdate 3.2 (Symantec Corporation) "Magic Encyclopedia_is1" = Magic Encyclopedia "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "Maniac Mansion Deluxe" = Maniac Mansion Deluxe "Microsoft SQL Server 2005" = Microsoft SQL Server 2005 "Mozilla Firefox (3.0.19)" = Mozilla Firefox (3.0.19) "OpenAL" = OpenAL "OpenMG HotFix4.7-07-13-22-01" = OpenMG Limited Patch 4.7-07-13-24-01 "Peer2Peer-DE Toolbar" = Peer2Peer-DE Toolbar "Picasa2" = Picasa 2 "Poker Superstars III" = Poker Superstars III (remove only) "RealPlayer 12.0" = RealPlayer "ShockwaveFlash" = Adobe Flash Player 9 ActiveX "SUPER ©" = SUPER © Version 2010.bld.38 (May 2, 2010) "SynTPDeinstKey" = Synaptics Pointing Device Driver "Trojan Remover_is1" = Trojan Remover 6.8.2 "Uninstall_is1" = Uninstall 1.0.0.1 "VLC media player" = VLC media player 1.1.0 "WinLiveSuite_Wave3" = Windows Live Essentials "Winload Toolbar" = Winload Toolbar "WinRAR archiver" = WinRAR ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 20.11.2010 19:34:27 | Computer Name = Anwender-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083 Description = Error - 20.11.2010 19:49:49 | Computer Name = Anwender-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083 Description = Error - 20.11.2010 19:53:12 | Computer Name = Anwender-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083 Description = Error - 20.11.2010 20:20:38 | Computer Name = Anwender-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083 Description = Error - 20.11.2010 20:25:30 | Computer Name = Anwender-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083 Description = Error - 20.11.2010 20:26:16 | Computer Name = Anwender-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083 Description = Error - 20.11.2010 20:26:32 | Computer Name = Anwender-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083 Description = Error - 20.11.2010 20:26:58 | Computer Name = Anwender-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083 Description = Error - 21.11.2010 07:49:19 | Computer Name = Anwender-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083 Description = Error - 21.11.2010 07:49:51 | Computer Name = Anwender-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083 Description = [ System Events ] Error - 18.11.2010 07:23:09 | Computer Name = Anwender-PC | Source = Service Control Manager | ID = 7000 Description = Error - 18.11.2010 09:39:09 | Computer Name = Anwender-PC | Source = EventLog | ID = 6008 Description = Das System wurde zuvor am 18.11.2010 um 14:37:19 unerwartet heruntergefahren. Error - 18.11.2010 09:40:43 | Computer Name = Anwender-PC | Source = Service Control Manager | ID = 7000 Description = Error - 19.11.2010 09:30:05 | Computer Name = Anwender-PC | Source = Service Control Manager | ID = 7000 Description = Error - 19.11.2010 10:51:02 | Computer Name = Anwender-PC | Source = Dhcp | ID = 1001 Description = Diesem Computer konnte keine Netzwerkadresse durch den DHCP-Server für die Netzwerkkarte mit der Netzwerkadresse 001B7797B193 zugeteilt werden. Der folgende Fehler ist aufgetreten: %%1223. Es wird weiterhin im Hintergrund versucht, eine Adresse vom Netzwerkadressserver (DHCP) zugeteilt zu bekommen. Error - 19.11.2010 21:29:41 | Computer Name = Anwender-PC | Source = DCOM | ID = 10010 Description = Error - 20.11.2010 09:57:47 | Computer Name = Anwender-PC | Source = Service Control Manager | ID = 7000 Description = Error - 20.11.2010 19:46:47 | Computer Name = Anwender-PC | Source = DCOM | ID = 10010 Description = Error - 20.11.2010 19:50:04 | Computer Name = Anwender-PC | Source = Service Control Manager | ID = 7000 Description = Error - 21.11.2010 07:49:34 | Computer Name = Anwender-PC | Source = Service Control Manager | ID = 7000 Description = < End of report > |
21.11.2010, 15:59 | #2 |
/// Malware-holic | Falsche Weiterleitung von google, malware findet keinen Trojaner • Starte bitte die OTL.exe
__________________• Kopiere nun das Folgende in die Textbox. :OTL O4 - HKCU..\Run: [ugsoacgsco.exe] C:\ugsoacgsco.exe\ugsoacgsco.exe () O4 - HKCU..\Run: [siodfjisod.exe] C:\siodfjisod.exe\siodfjisod.exe () :Files :Commands [purity] [EMPTYFLASH] [emptytemp] [Reboot] • Schliesse bitte nun alle Programme. • Klicke nun bitte auf den Fix Button. • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen. • Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort posten. öffne mein computer, c: dann _OTL dort rechtsklick auf moved files wähle zu moved files.rar oder zip hinzufügen. lade das archiv in unserem upload channel hoch. http://www.trojaner-board.de/54791-a...ner-board.html
__________________ |
21.11.2010, 18:40 | #3 |
| Falsche Weiterleitung von google, malware findet keinen Trojaner okay
__________________Code:
ATTFilter All processes killed ========== OTL ========== Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ugsoacgsco.exe deleted successfully. C:\ugsoacgsco.exe\ugsoacgsco.exe moved successfully. Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\siodfjisod.exe deleted successfully. C:\siodfjisod.exe\siodfjisod.exe moved successfully. ========== FILES ========== ========== COMMANDS ========== [EMPTYFLASH] User: All Users User: Anwender ->Flash cache emptied: 16865 bytes User: ***** ->Flash cache emptied: 521 bytes User: Default ->Flash cache emptied: 157 bytes User: Default User User: Public Total Flash Files Cleaned = 0,00 mb [EMPTYTEMP] User: All Users User: Anwender ->Temp folder emptied: 41295 bytes ->Temporary Internet Files folder emptied: 32902 bytes ->Java cache emptied: 17197007 bytes ->FireFox cache emptied: 88865685 bytes ->Flash cache emptied: 0 bytes User: ****** ->Temp folder emptied: 42632 bytes ->Temporary Internet Files folder emptied: 435359 bytes ->FireFox cache emptied: 13713888 bytes ->Flash cache emptied: 0 bytes User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes ->Flash cache emptied: 0 bytes User: Default User User: Public %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 38826 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 115,00 mb OTL by OldTimer - Version 3.2.17.3 log created on 11212010_182056 Files\Folders moved on Reboot... File\Folder C:\Windows\temp\JETA43A.tmp not found! Registry entries deleted on Reboot... |
21.11.2010, 18:44 | #4 |
/// Malware-holic | Falsche Weiterleitung von google, malware findet keinen Trojaner machst du onlinebanking /einkäufe?
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
21.11.2010, 18:48 | #5 |
| Falsche Weiterleitung von google, malware findet keinen Trojaner onlinebanking nein, einkaufen gelegentlich ebay... |
21.11.2010, 19:12 | #6 |
/// Malware-holic | Falsche Weiterleitung von google, malware findet keinen Trojaner hi, dein system ist schlecht gesichert, keine updates etc. dazu hast du einen der gefährlichsten trojaner dies im moment gibt. wir sollten von daher neu aufsetzen, das system von anfang an vernünftig absichern. dann wirds auch in zukunft schwieriger dir nen trojaner unterzujubeln.
__________________ --> Falsche Weiterleitung von google, malware findet keinen Trojaner |
21.11.2010, 19:21 | #7 |
| Falsche Weiterleitung von google, malware findet keinen Trojaner okay... das heißt also konfigurieren? (tut mir leid, für die dummen fragen, aber ich kenn mich echt nicht aus...) wie sichere ich denn mein system von anfang an gut ab? |
21.11.2010, 19:25 | #8 |
/// Malware-holic | Falsche Weiterleitung von google, malware findet keinen Trojaner na die anleitung bekommst du von mir. also du sicherst deine daten und suchst alle cds die du benötigst zusammen, dann sag mir, ob du ne windows oder recovery cd hast. ich gebe dir dann ne schritt für schritt anleitung. ist relativ einfach umzusetzen, und fragen kannst du immer!
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
Themen zu Falsche Weiterleitung von google, malware findet keinen Trojaner |
alternate, antivir, avgntflt.sys, avira, bho, bonjour, clipgrab, conduit, corp./icp, data restore, desktop, error, excel, falsche seite, firefox, flash player, google, home, home premium, install.exe, location, logfile, malware, microsoft office word, mozilla, mp3, nvstor.sys, oldtimer, otl logfile, picasa, plug-in, problem, programdata, realtek, registry, saver, scan, searchplugins, security, service pack 1, shell32.dll, skype.exe, software, svchost.exe, symantec, torrent.exe, tower, trojane, trojaner, vista, vlc media player, winload toolbar |