Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   GVU-Trojaner erkannt und z. T. gelöscht (https://www.trojaner-board.de/129053-gvu-trojaner-erkannt-z-t-geloescht.html)

wolfk 05.01.2013 00:16
GVU-Trojaner erkannt und z. T. gelöscht
 
Liste der Anhänge anzeigen (Anzahl: 1)
Hi,

es ist schon ein paar Tage her (23.12.), da erwischte mich der GVU-Trojaner wahrscheinlich beim Surfen innerhalb des Programms "The Godfather". Der Laptop-PC wurde gesperrt und gleichzeitig die Kamera aktiviert. Mein erstes
Handeln lief darauf hinaus, dass ich zunächst versuchte, durch einen Neustart
das Problem zu lösen. Ein Fehlschlag. Nach minimaler Normalsequenz bei der
Bildschirmanzeige versperrte mir wieder der GVU-Hinweis mit aktivierter Kamera
jegliche Aktion.

Ich ging nun her und fotografierte den Bildschirm mit meiner Kamera und als
nächstes bedeckte ich das Laptop-Kameraobjektiv mit einem Klebestreifen.
Nun ging ich er und lud von einem anderen PC eine Rescue-Disk von F-Secure
herunter und ließ sie im abgesicherten Modus laufen. Damit erreichte ich den
Zugang zum Bildschirm, allerding kam kurze Zeit später die Nachricht "wgsdgsdgdsgsd.exe Modul nicht gefunden".

Jetzt ging ich davon aus, daß nur ein Teil des "Ungemachs" gelöscht worden
ist. Ich ließ nacheinander meinen Virenscanner von F-Secure laufen mit dem
Ergebnis 2 Trojaner und 1 Exploit und Malwarebyte mit dem Ergebnis 2 Trojaner, 1 Exploit und 1 PUPWireless (s.Protokoll-jpeg). Dies erschütterte
mich so sehr, daß ich noch ein bis zwei andere, u. a. ESET, Programme laufen ließ, um noch mehr zu finden.

Anscheinend jedoch ist die Sache mittlerweile "im Griff". Nur traue ich dem
Braten nicht so recht. Ich bin leider auch nicht der EDV-Experte, der mit den vielen Logs etwas anfangen kann.

Insofern hoffe ich ab hier auch auf Ihre/Eure/Deine Hilfe und bin dafür sehr
dankbar, dass sich jemand meines Problems annimmt.

Schöne Grüße

wolfk

cosinus 05.01.2013 15:49
Hallo und :hallo:

Mal eine kurze Frage, das ist jetzt nichts speziell gegen dich, ich hätte auch jeden anderen fragen können der die Logs so postet - wo bitte steht, dass die Logs in den Anhang gelegt werden sollen bzw. wo genau hast du das herausgelesen?

Logfiles im Anhang erschweren die Auswertung massivst

Bitte um Erläuterung damit man die Textstelle in der Anleitung für alle Neulinge mal gezielt ändern/verbessern kann. Danke.

Zudem versteh ich nicht, warum die Logs von Malwarebytes und das OTL.txt weglässt. Logfiles in Screenshots sind noch schlimmer als die, die in den Anhang gelegt worden.

Bitte beachten => http://www.trojaner-board.de/125889-...tml#post941520

Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Zitat:
Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
http://www.trojaner-board.de/picture...&pictureid=307

wolfk 05.01.2013 22:53
Hallo Cosinus,

vielen Dank für Deine Antwort und die Hinweise. Die Weitergabe der Logs habe ich von "DaGuRu vom 12.09.2010", der sagt "Logfiles als Anhang posten" und letztlich auch intuitiv
gemacht, als ich die linke Seite Anlagen versenden sah. Ich gebe zu, ich habe es mir ein
wenig einfach gemacht. Allerdings war auch so viel zu lesen, dass mir der Kopf schwirrte.

Die Logs von Malwarebyte habe ich schlichtweg vergessen zu senden und die OTL.txt
war wegen der Größe nicht als Anlage beizufügen. Dies hätte mir allerdings zu denken
geben sollen.

Nun als Anlage die fehlenden Logs. Bitte sieh mir nach, dass ich mit den Code-Tags nicht
klar komme. Ich habe konventionell gearbeitet.

Vielen Dank für Dein Verständnis.

wolfk

Code:
Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Datenbank Version: v2013.01.02.10

Windows XP Service Pack 3 x86 FAT32
Internet Explorer 8.0.6001.18702
Wolfgang :: LAPTOP-PC [Administrator]

03.01.2013 00:37:07
mbam-log-2013-01-03 (00-37-07).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|F:\|G:\|J:\|N:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 646941
Laufzeit: 12 Stunde(n), 52 Minute(n), 37 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 4
c:\system volume information\_restore{2c76fb69-9053-4b39-942f-cba82e44f704}\rp102\a0020447.dll.vir (Trojan.FakeMS) -> Erfolgreich gelöscht und in Quarantäne gestellt.
N:\Laptop-Dateien\Laufwerk G\Eigene Programme\WirelessNetView 1.37 dt\wirelessnetview137dt\wirelessnetview\WirelessNetView.exe (PUP.WirelessNetworkTool) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\dsgsdgdsgdsgw.pad (Exploit.Drop.GSA) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Dokumente und Einstellungen\Wolfgang\Startmenü\Programme\Autostart\runctf.lnk (Trojan.Ransom.SUGen) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
Code:
Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Datenbank Version: v2013.01.02.10

Windows XP Service Pack 3 x86 FAT32
Internet Explorer 8.0.6001.18702
Wolfgang :: LAPTOP-PC [Administrator]

03.01.2013 00:37:07
mbam-log-2013-01-03 (00-37-07).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|F:\|G:\|J:\|N:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 646941
Laufzeit: 12 Stunde(n), 52 Minute(n), 37 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 4
c:\system volume information\_restore{2c76fb69-9053-4b39-942f-cba82e44f704}\rp102\a0020447.dll.vir (Trojan.FakeMS) -> Erfolgreich gelöscht und in Quarantäne gestellt.
N:\Laptop-Dateien\Laufwerk G\Eigene Programme\WirelessNetView 1.37 dt\wirelessnetview137dt\wirelessnetview\WirelessNetView.exe (PUP.WirelessNetworkTool) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\dsgsdgdsgdsgw.pad (Exploit.Drop.GSA) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Dokumente und Einstellungen\Wolfgang\Startmenü\Programme\Autostart\runctf.lnk (Trojan.Ransom.SUGen) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
Code:
Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Datenbank Version: v2013.01.02.10

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Wolfgang :: LAPTOP-PC [Administrator]

03.01.2013 16:03:55
mbam-log-2013-01-03 (16-03-55).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 251057
Laufzeit: 11 Minute(n), 25 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
Code:
OTL logfile created on: 04.01.2013 23:13:57 - Run 3
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Dokumente und Einstellungen\Wolfgang\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,10 Gb Available Physical Memory | 54,83% Memory free
3,85 Gb Paging File | 2,85 Gb Available in Paging File | 74,01% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 48,83 Gb Total Space | 21,29 Gb Free Space | 43,61% Space Free | Partition Type: NTFS
Drive D: | 140,58 Gb Total Space | 125,18 Gb Free Space | 89,05% Space Free | Partition Type: FAT32
Drive F: | 48,83 Gb Total Space | 35,30 Gb Free Space | 72,30% Space Free | Partition Type: NTFS
Drive G: | 75,89 Gb Total Space | 68,82 Gb Free Space | 90,68% Space Free | Partition Type: NTFS
Drive J: | 50,27 Gb Total Space | 50,27 Gb Free Space | 100,00% Space Free | Partition Type: FAT32
Drive K: | 14,98 Gb Total Space | 9,46 Gb Free Space | 63,13% Space Free | Partition Type: FAT32
Drive N: | 465,73 Gb Total Space | 115,08 Gb Free Space | 24,71% Space Free | Partition Type: NTFS
 
Computer Name: LAPTOP-PC | User Name: Wolfgang | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Dokumente und Einstellungen\Wolfgang\Desktop\wd4c1uoj.exe ()
PRC - C:\Dokumente und Einstellungen\Wolfgang\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Box Sync\BoxSyncHelper.exe (Box, Inc.)
PRC - C:\Programme\Box Sync\BoxSync.exe (Box, Inc.)
PRC - C:\Programme\ubuntuone\dist\ubuntu-sso-login.exe ()
PRC - C:\Programme\ubuntuone\dist\ubuntuone-syncdaemon.exe ()
PRC - C:\Programme\ubuntuone\dist\ubuntuone-proxy-tunnel.exe ()
PRC - C:\Programme\ubuntuone\dist\ubuntuone-control-panel-qt.exe ()
PRC - G:\Programme\mozilla firefox\firefox.exe (Mozilla Corporation)
PRC - G:\Eigene Programme\F-Secure\Anti-Virus\fssm32.exe (F-Secure Corporation)
PRC - G:\Eigene Programme\F-Secure\Anti-Virus\fsgk32.exe (F-Secure Corporation)
PRC - C:\Programme\Twonky\TwonkyServer\twonkyproxy.exe ()
PRC - C:\Programme\Twonky\TwonkyServer\twonkywebdav.exe ()
PRC - C:\Programme\Twonky\TwonkyServer\twonkytray.exe (PacketVideo)
PRC - C:\Programme\Java\jre7\bin\jqs.exe (Oracle Corporation)
PRC - G:\Programme\PDF24\pdf24.exe (Geek Software GmbH)
PRC - G:\Programme\Notepad++\notepad++.exe (Don HO don.h@free.fr)
PRC - C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
PRC - G:\hardcopy\hardcopy.exe (sw4you, Siegfried Weckmann)
PRC - C:\Programme\Ask.com\Updater\Updater.exe (Ask)
PRC - G:\Programme\STRATO AG\STRATO HiDrive\STRATO HiDrive Service.exe (STRATO)
PRC - C:\Programme\Software Informer\softinfo.exe (Informer Technologies, Inc.)
PRC - C:\Programme\Nero\Update\NASvc.exe (Nero AG)
PRC - G:\Eigene Programme\F-Secure\Common\FSMA32.EXE (F-Secure Corporation)
PRC - G:\Eigene Programme\F-Secure\Common\FSLAUNCH.EXE (F-Secure Corporation)
PRC - G:\Eigene Programme\F-Secure\Anti-Virus\fsgk32st.exe (F-Secure Corporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Gemeinsame Dateien\Ulead Systems\AutoDetector\Monitor.exe (Ulead Systems, Inc.)
PRC - C:\Programme\Sony\VAIO Camera Utility\VCUServe.exe (Sony Corporation)
PRC - C:\Programme\Sony\VAIO Power Management\SPMgr.exe (Sony Corporation)
PRC - C:\Programme\Sony\Wireless Switch Setting Utility\Switcher.exe (Sony Corporation)
PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.)
PRC - C:\Programme\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe ()
PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe (TOSHIBA CORPORATION.)
PRC - C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe (Sony Corporation)
PRC - C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe (Sony Corporation)
PRC - C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe (Sony Corporation)
PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe (TOSHIBA CORPORATION.)
PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe (TOSHIBA CORPORATION.)
PRC - C:\Programme\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation)
PRC - C:\Programme\Adobe\Acrobat 7.0\Distillr\acrotray.exe (Adobe Systems Inc.)
PRC - C:\Programme\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
PRC - C:\Programme\Apoint\ApntEx.exe (Alps Electric Co., Ltd.)
PRC - C:\Programme\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
PRC - C:\WINDOWS\system32\ico.exe (Primax Electronics Ltd.)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Dokumente und Einstellungen\Wolfgang\Desktop\wd4c1uoj.exe ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\BoxSyncHelper\94b864b0f3c08d190baa835e139a9af6\BoxSyncHelper.ni.exe ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Newtonsoft.Json.Net#\f036e7f2d403433ff0ae401164e4d8a8\Newtonsoft.Json.Net20.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Python.Runtime\f8968c2a5011f08e10a21ccb1a362602\Python.Runtime.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\BoxUtils\e7c273fee95b3a5e65d6df13dcf75b6c\BoxUtils.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\ZetaLongPaths\07c49628972389d4124c4f1d10c81fba\ZetaLongPaths.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\BoxSync\0c60dc4c236b8686c8cb948836bba188\BoxSync.ni.exe ()
MOD - C:\Programme\ubuntuone\dist\ubuntu-sso-login.exe ()
MOD - C:\Programme\ubuntuone\dist\ubuntuone-syncdaemon.exe ()
MOD - C:\Programme\ubuntuone\dist\ubuntuone-proxy-tunnel.exe ()
MOD - C:\Programme\ubuntuone\dist\ubuntuone-control-panel-qt.exe ()
MOD - G:\Programme\mozilla firefox\mozjs.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Management\d8ca3b9fefcda19eeecd55c239f504ba\System.Management.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\0049820f680f609298f91b15f455a86d\System.Configuration.Install.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\b809681da85a58046cb39f268b6697ad\System.Web.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\d7ec47c4afad694faa491abd6b45928a\System.Runtime.Remoting.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Transactions\43b92a8dac90d1d6426274274abb69a6\System.Transactions.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data\d309c7e5107b3aed78e097659f94543b\System.Data.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Accessibility\b5af2249e2d550f2752176a75c7a7656\Accessibility.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6585a5fcaaa1b49b9a1bd9ca5c5c306e\System.Windows.Forms.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\da4bcb702feb770ce40cf1371b0c4d02\System.Drawing.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Security\e564bacf8526a85451e0eaaf5b1137bb\System.Security.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\87d1ae5ebf716823e0e0251c9b2464a7\System.Data.SqlXml.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\d35b50eb6bb7b1bfb6592419d9feba47\System.Xml.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\41cac4885974d07de06f0b4fec9883f0\System.Configuration.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\90ad0c96693527ae685ff40019bb33b0\System.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\3add69b075f3da012fb97ce00cd795c0\mscorlib.ni.dll ()
MOD - C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll ()
MOD - C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll ()
MOD - C:\Programme\Twonky\TwonkyServer\twonkyproxy.exe ()
MOD - C:\Programme\Twonky\TwonkyServer\twonkywebdav.exe ()
MOD - C:\Programme\ubuntuone\dist\zope.interface._zope_interface_coptimizations.pyd ()
MOD - C:\Programme\ubuntuone\dist\OpenSSL.crypto.pyd ()
MOD - C:\Programme\ubuntuone\dist\OpenSSL.SSL.pyd ()
MOD - C:\Programme\ubuntuone\dist\OpenSSL.rand.pyd ()
MOD - C:\Programme\ubuntuone\dist\Crypto.Cipher.AES.pyd ()
MOD - C:\Programme\ubuntuone\dist\twisted.python._initgroups.pyd ()
MOD - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.DEU ()
MOD - C:\Programme\Box Sync\_ssl.pyd ()
MOD - C:\Programme\Box Sync\unicodedata.pyd ()
MOD - C:\Programme\Box Sync\sqlite3.dll ()
MOD - C:\Programme\Box Sync\_hashlib.pyd ()
MOD - C:\Programme\Box Sync\pyexpat.pyd ()
MOD - C:\Programme\Box Sync\win32file.pyd ()
MOD - C:\Programme\Box Sync\pywintypes27.dll ()
MOD - C:\Programme\Box Sync\win32security.pyd ()
MOD - C:\Programme\Box Sync\win32api.pyd ()
MOD - C:\Programme\Box Sync\_elementtree.pyd ()
MOD - C:\Programme\Box Sync\_ctypes.pyd ()
MOD - C:\Programme\Box Sync\_sqlite3.pyd ()
MOD - C:\Programme\Box Sync\_socket.pyd ()
MOD - C:\Programme\Box Sync\_testcapi.pyd ()
MOD - C:\Programme\Box Sync\_win32sysloader.pyd ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Core\a2b1103ad3d9f329e0c9164994137c81\System.Core.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml\21071fcc838660d96f10920c4c3cd206\System.Xml.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Configuration\363b05dd092178671e56531a9c4999b6\System.Configuration.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System\3ff4657a86a0e14b4be577969e0ec762\System.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\mscorlib\52f4f785f7cf45a64606a8e13c8cf04c\mscorlib.ni.dll ()
MOD - C:\Programme\ubuntuone\dist\PyQt4.QtNetwork.pyd ()
MOD - C:\Programme\ubuntuone\dist\PyQt4.QtGui.pyd ()
MOD - C:\Programme\ubuntuone\dist\PyQt4.QtCore.pyd ()
MOD - C:\Programme\ubuntuone\dist\sip.pyd ()
MOD - G:\Eigene Programme\F-Secure\Anti-Virus\minifilter\hashlib_x86.dll ()
MOD - G:\Eigene Programme\F-Secure\Anti-Virus\fm4av.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - G:\Programme\Notepad++\NppShell_05.dll ()
MOD - G:\hardcopy\HcDllS.dll ()
MOD - C:\Programme\ubuntuone\dist\_ssl.pyd ()
MOD - C:\Programme\ubuntuone\dist\_hashlib.pyd ()
MOD - C:\Programme\ubuntuone\dist\_ctypes.pyd ()
MOD - C:\Programme\ubuntuone\dist\select.pyd ()
MOD - C:\Programme\ubuntuone\dist\unicodedata.pyd ()
MOD - C:\Programme\ubuntuone\dist\_socket.pyd ()
MOD - G:\hardcopy\HcDLL2_36_Win32.dll ()
MOD - C:\Programme\ubuntuone\dist\win32com.shell.shell.pyd ()
MOD - C:\Programme\ubuntuone\dist\pythoncom27.dll ()
MOD - C:\Programme\ubuntuone\dist\win32gui.pyd ()
MOD - C:\Programme\ubuntuone\dist\win32api.pyd ()
MOD - C:\Programme\ubuntuone\dist\win32trace.pyd ()
MOD - C:\Programme\ubuntuone\dist\win32security.pyd ()
MOD - C:\Programme\ubuntuone\dist\win32process.pyd ()
MOD - C:\Programme\ubuntuone\dist\win32pipe.pyd ()
MOD - C:\Programme\ubuntuone\dist\win32event.pyd ()
MOD - C:\Programme\ubuntuone\dist\win32file.pyd ()
MOD - C:\Programme\ubuntuone\dist\pywintypes27.dll ()
MOD - G:\hardcopy\hardcopy_04.dll ()
MOD - G:\Programme\Notepad++\plugins\NppFTP.dll ()
MOD - G:\Programme\Notepad++\plugins\NppExport.dll ()
MOD - C:\WINDOWS\system32\sbe.dll ()
MOD - G:\Eigene Programme\F-Secure\Spam Control\fsas.dll ()
MOD - \\?\g:\eigene programme\f-secure\hips\fsumi.dll ()
MOD - C:\WINDOWS\system32\msdmo.dll ()
MOD - C:\Programme\Gemeinsame Dateien\Ulead Systems\AutoDetector\DetMethod.dll ()
MOD - C:\WINDOWS\system32\msjetoledb40.dll ()
MOD - C:\Programme\Sony\VAIO Camera Utility\VCULib.dll ()
MOD - C:\Programme\Intel\Wireless\Bin\Libeay32.dll ()
MOD - C:\Programme\Intel\Wireless\Bin\iWMSProv.dll ()
MOD - C:\Programme\Intel\Wireless\Bin\IntStngs.dll ()
MOD - C:\Programme\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe ()
MOD - C:\WINDOWS\system32\TosCommAPI.dll ()
MOD - C:\Programme\Sony\VAIO Event Service\VESBasePS.dll ()
MOD - C:\Programme\Adobe\Acrobat 7.0\Distillr\AdistRes.DEU ()
MOD - C:\WINDOWS\system32\TosBtHcrpAPI.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (HidServ) -- %SystemRoot%\System32\hidserv.dll File not found
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (TwonkyProxy) -- C:\Programme\Twonky\TwonkyServer\twonkyproxy.exe ()
SRV - (TwonkyWebDav) -- C:\Programme\Twonky\TwonkyServer\twonkywebdav.exe ()
SRV - (JavaQuickStarterService) -- C:\Programme\Java\jre7\bin\jqs.exe (Oracle Corporation)
SRV - (FSORSPClient) -- G:\Eigene Programme\F-Secure\ORSP Client\fsorsp.exe (F-Secure Corporation)
SRV - (VUAgent) -- C:\Programme\Sony\VAIO Update Common\VUAgent.exe (Sony Corporation)
SRV - (STRATO HiDrive Service) -- G:\Programme\STRATO AG\STRATO HiDrive\STRATO HiDrive Service.exe (STRATO)
SRV - (NAUpdate) -- C:\Programme\Nero\Update\NASvc.exe (Nero AG)
SRV - (FSMA) -- G:\Eigene Programme\F-Secure\Common\FSMA32.EXE (F-Secure Corporation)
SRV - (FSDFWD) -- G:\Eigene Programme\F-Secure\FWES\program\fsdfwd.exe (F-Secure Corporation)
SRV - (F-Secure Gatekeeper Handler Starter) -- G:\Eigene Programme\F-Secure\Anti-Virus\fsgk32st.exe (F-Secure Corporation)
SRV - (VAIOMediaPlatform-IntegratedServer-AppServer) -- C:\Programme\Sony\VAIO Media Integrated Server\VMISrv.exe (Sony Corporation)
SRV - (VAIOMediaPlatform-IntegratedServer-UPnP) -- C:\Programme\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe (Sony Corporation)
SRV - (VAIOMediaPlatform-IntegratedServer-HTTP) -- C:\Programme\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe (Sony Corporation)
SRV - (VAIOMediaPlatform-Mobile-Gateway) -- C:\Programme\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe (Sony Corporation)
SRV - (VAIO Entertainment TV Device Arbitration Service) -- C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe (Sony Corporation)
SRV - (SSScsiSV) -- C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\SSScsiSV.exe (Sony Corporation)
SRV - (AdobeActiveFileMonitor4.0) -- C:\Programme\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe ()
SRV - (VzCdbSvc) -- C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe (Sony Corporation)
SRV - (VzFw) -- C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe (Sony Corporation)
SRV - (Vcsw) -- C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe (Sony Corporation)
SRV - (MSCSPTISRV) -- C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\MSCSPTISRV.exe (Sony Corporation)
SRV - (PACSPTISVR) -- C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\PACSPTISVR.exe (Sony Corporation)
SRV - (SPTISRV) -- C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\SPTISRV.exe (Sony Corporation)
SRV - (Image Converter video recording monitor for VAIO Entertainment) -- C:\Programme\Sony\Image Converter 2\IcVzMon.exe (Sony Corporation)
SRV - (VAIO Event Service) -- C:\Programme\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation)
SRV - (VCI) -- C:\Programme\Sony\VAIO Cooperated Initialisation\VCI_svc.exe (Sony Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (WDICA) --  File not found
DRV - (uwryrpow) -- C:\DOKUME~1\Wolfgang\LOKALE~1\Temp\uwryrpow.sys File not found
DRV - (PDRFRAME) --  File not found
DRV - (PDRELI) --  File not found
DRV - (PDFRAME) --  File not found
DRV - (PDCOMP) --  File not found
DRV - (PCIDump) --  File not found
DRV - (lbrtfdc) --  File not found
DRV - (i2omgmt) --  File not found
DRV - (Changer) --  File not found
DRV - (F-Secure Gatekeeper) -- G:\Eigene Programme\F-Secure\Anti-Virus\minifilter\fsgk.sys ()
DRV - (fsbts) -- C:\WINDOWS\system32\drivers\fsbts.sys ()
DRV - (NBVol) -- C:\WINDOWS\system32\drivers\NBVol.sys (Nero AG)
DRV - (NBVolUp) -- C:\WINDOWS\system32\drivers\NBVolUp.sys (Nero AG)
DRV - (tap0901) -- C:\WINDOWS\system32\drivers\tap0901.sys (The OpenVPN Project)
DRV - (F-Secure HIPS) -- G:\Eigene Programme\F-Secure\HIPS\drivers\fshs.sys (F-Secure Corporation)
DRV - (FSFW) -- C:\WINDOWS\system32\drivers\fsdfw.sys (F-Secure Corporation)
DRV - (F-Secure Filter) -- G:\Eigene Programme\F-Secure\Anti-Virus\win2k\fsfilter.sys ()
DRV - (F-Secure Recognizer) -- G:\Eigene Programme\F-Secure\Anti-Virus\win2k\fsrec.sys ()
DRV - (WDC_SAM) -- C:\WINDOWS\system32\drivers\wdcsam.sys (Western Digital Technologies)
DRV - (SonyImgF) -- C:\WINDOWS\system32\drivers\SonyImgF.sys (Sony Corporation)
DRV - (s24trans) -- C:\WINDOWS\system32\drivers\s24trans.sys (Intel Corporation)
DRV - (w39n51) -- C:\WINDOWS\system32\drivers\w39n51.sys (Intel® Corporation)
DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (SigmaTel, Inc.)
DRV - (Tosrfusb) -- C:\WINDOWS\system32\drivers\tosrfusb.sys (TOSHIBA CORPORATION)
DRV - (TosRfSnd) -- C:\WINDOWS\system32\drivers\tosrfsnd.sys (TOSHIBA Corporation)
DRV - (usbvm321) -- C:\WINDOWS\system32\drivers\usbvm321.sys (Vimicro Corporation)
DRV - (HSF_DPV) -- C:\WINDOWS\system32\drivers\HSF_DPV.sys (Conexant Systems, Inc.)
DRV - (HSFHWAZL) -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (Tosrfbd) -- C:\WINDOWS\system32\drivers\tosrfbd.sys (TOSHIBA CORPORATION)
DRV - (Tosrfhid) -- C:\WINDOWS\system32\drivers\tosrfhid.sys (TOSHIBA Corporation.)
DRV - (ti21sony) -- C:\WINDOWS\system32\drivers\ti21sony.sys (Texas Instruments)
DRV - (SI3132) -- C:\WINDOWS\system32\drivers\SI3132.sys (Silicon Image, Inc.)
DRV - (SiRemFil) -- C:\WINDOWS\system32\drivers\SiRemFil.sys (Silicon Image, Inc.)
DRV - (tosporte) -- C:\WINDOWS\system32\drivers\tosporte.sys (TOSHIBA Corporation)
DRV - (Tosrfbnp) -- C:\WINDOWS\system32\drivers\tosrfbnp.sys (TOSHIBA Corporation)
DRV - (Tosrfcom) -- C:\WINDOWS\system32\drivers\tosrfcom.sys (TOSHIBA Corporation)
DRV - (toshidpt) -- C:\WINDOWS\system32\drivers\toshidpt.sys (TOSHIBA Corporation.)
DRV - (tosrfnds) -- C:\WINDOWS\system32\drivers\tosrfnds.sys (TOSHIBA Corporation.)
DRV - (ApfiltrService) -- C:\WINDOWS\system32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (SiFilter) -- C:\WINDOWS\system32\drivers\SiWinAcc.sys (Silicon Image, Inc.)
DRV - (DMICall) -- C:\WINDOWS\system32\drivers\DMICall.sys (Sony Corporation)
DRV - (SNC) -- C:\WINDOWS\system32\drivers\SonyNC.sys (Sony Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
 
 
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.club-vaio.com/de/
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.club-vaio.com/de/
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.club-vaio.com/de/
 
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.club-vaio.com/de/
 
IE - HKU\S-1-5-21-2067509887-573568312-3817669188-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
IE - HKU\S-1-5-21-2067509887-573568312-3817669188-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.ask.com/?l=dis&o=100000013&gct=hp
IE - HKU\S-1-5-21-2067509887-573568312-3817669188-1006\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKU\S-1-5-21-2067509887-573568312-3817669188-1006\..\SearchScopes,DefaultScope = {AF0B3699-313C-47CE-B187-97C181997C92}
IE - HKU\S-1-5-21-2067509887-573568312-3817669188-1006\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-2067509887-573568312-3817669188-1006\..\SearchScopes\{0F9E37E5-7094-4B2A-BA63-45728792B28B}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=FKR&o=100000013&src=crm&q={searchTerms}&locale=&apn_ptnrs=2T&apn_dtid=YYYYYYYYDE&apn_uid=20f87da0-8a57-4582-a7cf-f83df4dd67e0&apn_sauid=E6103EC5-827E-45F3-9103-1CA704EF6625
IE - HKU\S-1-5-21-2067509887-573568312-3817669188-1006\..\SearchScopes\{AF0B3699-313C-47CE-B187-97C181997C92}: "URL" = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKU\S-1-5-21-2067509887-573568312-3817669188-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "hxxp://www.kottowski.de"
FF - prefs.js..extensions.enabledAddons: spam%40trashmail.net:2.6.2
FF - prefs.js..extensions.enabledAddons: litmus-ff%40f-secure.com:1.10
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1
FF - prefs.js..keyword.URL: "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=FKR&o=100000013&locale=de_DE&apn_uid=20f87da0-8a57-4582-a7cf-f83df4dd67e0&apn_ptnrs=2T&apn_sauid=E6103EC5-827E-45F3-9103-1CA704EF6625&apn_dtid=YYYYYYYYDE&&q="
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_135.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Programme\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Nero.com/KM: C:\PROGRA~1\GEMEIN~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.4: G:\Programme\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: G:\Programme\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101753.dll (Amazon.com, Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\litmus-ff@f-secure.com: G:\Eigene Programme\F-Secure\NRS\litmus-ff@f-secure.com [2013.01.03 20:18:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: g:\programme\mozilla firefox\components [2012.12.02 19:34:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: g:\programme\mozilla firefox\plugins
 
[2012.06.10 19:48:52 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Wolfgang\Anwendungsdaten\Mozilla\Extensions
[2012.12.02 20:03:37 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Wolfgang\Anwendungsdaten\Mozilla\Firefox\Profiles\jp8vstay.default\extensions
[2012.10.24 21:55:03 | 000,000,000 | ---D | M] (Fotosketcher Toolbar) -- C:\Dokumente und Einstellungen\Wolfgang\Anwendungsdaten\Mozilla\Firefox\Profiles\jp8vstay.default\extensions\toolbar@ask.com
[2012.12.02 20:03:37 | 000,217,069 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\Wolfgang\Anwendungsdaten\Mozilla\Firefox\Profiles\jp8vstay.default\extensions\spam@trashmail.net.xpi
[2012.10.24 21:55:04 | 000,002,331 | ---- | M] () -- C:\Dokumente und Einstellungen\Wolfgang\Anwendungsdaten\Mozilla\Firefox\Profiles\jp8vstay.default\searchplugins\askcom.xml
[2013.01.03 20:18:32 | 000,000,000 | ---D | M] ("urn:mozilla:install-manifest" em:creator="(c) 2007 by F-Secure" em:description="Browsing Protection Toolbar" em:homepageURL="hxxp://www.f-secure.com/" em:iconURL="chrome://litmus-ff/skin/logo.png" em:id="litmus-ff@f-secure.com" em:name="Browsing Protection" em:updateURL="https://10.70.0.25/fireup/update.rdf" em:version="1.10">) -- G:\EIGENE PROGRAMME\F-SECURE\NRS\LITMUS-FF@F-SECURE.COM
 
O1 HOSTS File: ([2004.08.10 13:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Programme\Google\GoogleToolbar1.dll (Google Inc.)
O2 - BHO: (Browsing Protection Class) - {C6867EB7-8350-4856-877F-93CF8AE3DC9C} - G:\Eigene Programme\F-Secure\NRS\iescript\baselitmus.dll (F-Secure Corporation)
O2 - BHO: (Fotosketcher Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Programme\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Browsing Protection Toolbar) - {265EEE8E-3228-44D3-AEA5-F7FDF5860049} - G:\Eigene Programme\F-Secure\NRS\iescript\baselitmus.dll (F-Secure Corporation)
O3 - HKLM\..\Toolbar: (Fotosketcher Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKU\S-1-5-21-2067509887-573568312-3817669188-1006\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-21-2067509887-573568312-3817669188-1006\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKU\S-1-5-21-2067509887-573568312-3817669188-1006\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Programme\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKU\S-1-5-21-2067509887-573568312-3817669188-1006\..\Toolbar\WebBrowser: (Fotosketcher Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Acrobat Assistant 7.0] C:\Programme\Adobe\Acrobat 7.0\Distillr\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ApnUpdater] C:\Programme\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [Apoint] C:\Programme\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [BoxSyncHelper] C:\Programme\Box Sync\BoxSyncHelper.exe (Box, Inc.)
O4 - HKLM..\Run: [F-Secure Manager] G:\Eigene Programme\F-Secure\Common\FSM32.EXE (F-Secure Corporation)
O4 - HKLM..\Run: [F-Secure TNB] G:\Eigene Programme\F-Secure\FSGUI\TNBUtil.exe (F-Secure Corporation)
O4 - HKLM..\Run: [ISBMgr.exe] C:\Programme\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [Mouse Suite 98 Daemon] C:\WINDOWS\System32\ico.exe (Primax Electronics Ltd.)
O4 - HKLM..\Run: [NBAgent] C:\Programme\Nero\Nero 11\Nero BackItUp\NBAgent.exe (Nero AG)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [PDFPrint] G:\Programme\PDF24\pdf24.exe (Geek Software GmbH)
O4 - HKLM..\Run: [SonyPowerCfg] C:\Programme\Sony\VAIO Power Management\SPMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Switcher.exe] C:\Programme\Sony\Wireless Switch Setting Utility\Switcher.exe (Sony Corporation)
O4 - HKLM..\Run: [Ulead AutoDetector v2] C:\Programme\Gemeinsame Dateien\Ulead Systems\AutoDetector\Monitor.exe (Ulead Systems, Inc.)
O4 - HKLM..\Run: [VAIO Update 5] C:\Programme\Sony\VAIO Update 5\VAIOUpdt.exe (Sony Corporation)
O4 - HKLM..\Run: [VAIOCameraUtility] C:\Programme\Sony\VAIO Camera Utility\VCUServe.exe (Sony Corporation)
O4 - HKU\S-1-5-21-2067509887-573568312-3817669188-1006..\Run: [fsm]  File not found
O4 - HKU\S-1-5-21-2067509887-573568312-3817669188-1006..\Run: [Software Informer] C:\Programme\Software Informer\softinfo.exe (Informer Technologies, Inc.)
O4 - HKU\S-1-5-21-2067509887-573568312-3817669188-1006..\Run: [Ubuntu One] C:\Programme\ubuntuone\dist\ubuntuone-syncdaemon.exe ()
O4 - HKU\S-1-5-21-2067509887-573568312-3817669188-1006..\Run: [Ubuntu One Icon] C:\Programme\ubuntuone\dist\ubuntuone-control-panel-qt.exe ()
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Bluetooth Manager.lnk = C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe ()
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Box Sync.lnk = C:\Programme\Box Sync\BoxSync.exe (Box, Inc.)
O4 - Startup: C:\Dokumente und Einstellungen\Wolfgang\Startmenü\Programme\Autostart\Hardcopy.LNK = G:\hardcopy\hardcopy.exe (sw4you, Siegfried Weckmann)
O4 - Startup: C:\Dokumente und Einstellungen\Wolfgang\Startmenü\Programme\Autostart\Twonky 7.1.lnk = C:\Programme\Twonky\TwonkyServer\twonkytray.exe (PacketVideo)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2067509887-573568312-3817669188-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 91 00 00 00  [binary data]
O8 - Extra context menu item: &Google-Suche - C:\Programme\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: &Ins Deutsche übersetzen - C:\Programme\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Ähnliche Seiten - C:\Programme\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Im Cache gespeicherte Seite - C:\Programme\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Verweisseiten - C:\Programme\Google\GoogleToolbar1.dll (Google Inc.)
O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_05\bin\NPJPI150_05.dll (Sun Microsystems, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - G:\Eigene Programme\F-Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - G:\Eigene Programme\F-Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - G:\Eigene Programme\F-Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - G:\Eigene Programme\F-Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O15 - HKU\.DEFAULT\..Trusted Domains: sony-europe.com ([] in Lokales Intranet)
O15 - HKU\.DEFAULT\..Trusted Domains: sony-europe.com ([]* in Vertrauenswürdige Sites)
O15 - HKU\.DEFAULT\..Trusted Domains: sonystyle-europe.com ([] in Lokales Intranet)
O15 - HKU\.DEFAULT\..Trusted Domains: sonystyle-europe.com ([]* in Vertrauenswürdige Sites)
O15 - HKU\.DEFAULT\..Trusted Domains: vaio-link.com ([] in Lokales Intranet)
O15 - HKU\.DEFAULT\..Trusted Domains: vaio-link.com ([]* in Vertrauenswürdige Sites)
O15 - HKU\S-1-5-18\..Trusted Domains: sony-europe.com ([] in Lokales Intranet)
O15 - HKU\S-1-5-18\..Trusted Domains: sony-europe.com ([]* in Vertrauenswürdige Sites)
O15 - HKU\S-1-5-18\..Trusted Domains: sonystyle-europe.com ([] in Lokales Intranet)
O15 - HKU\S-1-5-18\..Trusted Domains: sonystyle-europe.com ([]* in Vertrauenswürdige Sites)
O15 - HKU\S-1-5-18\..Trusted Domains: vaio-link.com ([] in Lokales Intranet)
O15 - HKU\S-1-5-18\..Trusted Domains: vaio-link.com ([]* in Vertrauenswürdige Sites)
O15 - HKU\S-1-5-21-2067509887-573568312-3817669188-1006\..Trusted Domains: sony-europe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-2067509887-573568312-3817669188-1006\..Trusted Domains: sonystyle-europe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-2067509887-573568312-3817669188-1006\..Trusted Domains: vaio-link.com ([]* in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab (Java Plug-in 1.5.0_05)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D736588D-959B-4DE4-8835-3D3DDD703445}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\VESWinlogon: DllName - (VESWinlogon.dll) - C:\WINDOWS\System32\VESWinlogon.dll (Sony Corporation)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\WINDOWS\VAIO Sea Wallpaper TrueColor 1280x800.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\VAIO Sea Wallpaper TrueColor 1280x800.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005.12.12 17:40:12 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - F:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2012.03.28 04:27:12 | 000,000,143 | ---- | M] () - K:\autorun.inf -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.01.04 18:58:43 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\OTL.exe
[2013.01.03 21:53:20 | 000,000,000 | ---D | C] -- C:\Programme\ESET
[2013.01.03 00:30:55 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Wolfgang\Anwendungsdaten\Malwarebytes
[2013.01.03 00:30:32 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware
[2013.01.03 00:30:29 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
[2013.01.03 00:30:25 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2013.01.03 00:30:25 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2013.01.02 22:16:19 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Wolfgang\Anwendungsdaten\F-Secure
[2012.12.22 19:33:58 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Wolfgang\Startmenü\Programme\The GodFather
[2012.12.22 01:54:27 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Wolfgang\Pictures - GT-P5100
[2012.12.22 00:34:45 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Wolfgang\Ubuntu One
[2012.12.22 00:34:43 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Wolfgang\Lokale Einstellungen\Anwendungsdaten\ubuntuone
[2012.12.22 00:34:31 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Wolfgang\Lokale Einstellungen\Anwendungsdaten\xdg
[2012.12.22 00:34:31 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ubuntuone-storageprotocol
[2012.12.22 00:34:31 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ubuntuone
[2012.12.22 00:34:22 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Ubuntu One
[2012.12.22 00:34:10 | 000,000,000 | ---D | C] -- C:\Programme\ubuntuone
[2012.12.21 20:51:21 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Box Sync
[2012.12.21 01:26:56 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen\Wolfgang\IECompatCache
[2012.12.20 23:59:17 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Wolfgang\Lokale Einstellungen\Anwendungsdaten\IsolatedStorage
[2012.12.20 23:57:37 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Western Digital
[2012.12.20 23:37:20 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\WD Link
[2012.12.20 21:16:52 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Wolfgang\Anwendungsdaten\TwonkyServer
[2012.12.20 21:15:50 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\twonkyserver
[2012.12.20 21:15:45 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Wolfgang\Startmenü\Programme\Twonky 7.1
[2012.12.20 21:15:32 | 000,000,000 | ---D | C] -- C:\Programme\Twonky
[2012.12.20 20:39:37 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Wolfgang\Anwendungsdaten\MioNetApplet
[2012.12.17 00:56:12 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\VideoLAN
[2012.12.15 22:17:44 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Wolfgang\Anwendungsdaten\Try2
[2012.12.15 22:17:44 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Try2
[2012.12.15 22:15:51 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\rondomedia
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.01.04 23:19:00 | 000,000,232 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2013.01.04 22:38:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013.01.04 20:02:54 | 000,357,376 | ---- | M] () -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\wd4c1uoj.exe
[2013.01.04 18:49:59 | 000,000,000 | ---- | M] () -- C:\Dokumente und Einstellungen\Wolfgang\defogger_reenable
[2013.01.04 18:41:40 | 000,050,477 | ---- | M] () -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\Defogger.exe
[2013.01.04 18:09:02 | 000,041,156 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2013.01.04 18:08:44 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013.01.04 18:08:40 | 2145,570,816 | -HS- | M] () -- C:\hiberfil.sys
[2013.01.04 18:08:40 | 000,381,632 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013.01.03 16:25:54 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\OTL.exe
[2013.01.03 00:30:32 | 000,000,763 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2013.01.02 21:54:44 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012.12.23 00:00:41 | 000,003,027 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\dsgsdgdsgdsgw.js
[2012.12.22 23:57:40 | 000,000,000 | ---- | M] () -- C:\1.htm
[2012.12.22 23:39:23 | 000,007,026 | ---- | M] () -- C:\WINDOWS\cdplayer.ini
[2012.12.22 19:40:20 | 000,000,609 | ---- | M] () -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\TheGodFather.lnk
[2012.12.22 00:34:23 | 000,001,743 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Ubuntu One.lnk
[2012.12.21 20:52:03 | 000,001,333 | ---- | M] () -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\My Box Files.lnk
[2012.12.21 20:51:21 | 000,001,616 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Box Sync.lnk
[2012.12.21 20:28:19 | 000,532,878 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2012.12.21 20:28:19 | 000,506,794 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012.12.21 20:28:19 | 000,090,702 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012.12.21 20:28:18 | 000,108,784 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2012.12.20 23:57:37 | 000,001,807 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\My Net View.lnk
[2012.12.20 23:37:20 | 000,001,001 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\WD Link.lnk
[2012.12.20 21:16:10 | 000,000,804 | ---- | M] () -- C:\Dokumente und Einstellungen\Wolfgang\Startmenü\Programme\Autostart\Twonky 7.1.lnk
[2012.12.20 21:15:52 | 000,000,792 | ---- | M] () -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\Twonky 7.1.lnk
[2012.12.17 00:56:12 | 000,000,603 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\VLC media player.lnk
[2012.12.16 13:23:59 | 000,290,560 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\dllcache\atmfd.dll
[2012.12.16 13:23:59 | 000,290,560 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\atmfd.dll
[2012.12.15 22:15:51 | 000,000,926 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Jewel Empire - Hidden Secrets.lnk
[2012.12.14 16:49:28 | 000,021,104 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012.12.11 23:33:57 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012.12.11 22:38:30 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2012.12.11 22:38:30 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.01.04 20:02:56 | 000,357,376 | ---- | C] () -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\wd4c1uoj.exe
[2013.01.04 18:49:59 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\Wolfgang\defogger_reenable
[2013.01.04 18:41:44 | 000,050,477 | ---- | C] () -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\Defogger.exe
[2013.01.03 00:30:32 | 000,000,763 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012.12.23 00:00:41 | 000,003,027 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\dsgsdgdsgdsgw.js
[2012.12.22 23:57:05 | 000,000,000 | ---- | C] () -- C:\1.htm
[2012.12.22 19:40:20 | 000,000,609 | ---- | C] () -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\TheGodFather.lnk
[2012.12.22 00:34:23 | 000,001,743 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Ubuntu One.lnk
[2012.12.21 20:51:21 | 000,001,616 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Box Sync.lnk
[2012.12.20 23:57:37 | 000,001,807 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\My Net View.lnk
[2012.12.20 23:37:20 | 000,001,001 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\WD Link.lnk
[2012.12.20 21:16:10 | 000,000,804 | ---- | C] () -- C:\Dokumente und Einstellungen\Wolfgang\Startmenü\Programme\Autostart\Twonky 7.1.lnk
[2012.12.20 21:15:52 | 000,000,792 | ---- | C] () -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\Twonky 7.1.lnk
[2012.12.17 00:56:12 | 000,000,603 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\VLC media player.lnk
[2012.12.15 22:15:51 | 000,000,926 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Jewel Empire - Hidden Secrets.lnk
[2012.11.07 22:23:10 | 000,003,396 | ---- | C] () -- C:\Dokumente und Einstellungen\Wolfgang\Lokale Einstellungen\Anwendungsdaten\recently-used.xbel
[2012.10.10 21:11:33 | 000,001,158 | ---- | C] () -- C:\Dokumente und Einstellungen\Wolfgang\Anwendungsdaten\ShiftN.ini
[2012.10.01 23:04:30 | 000,345,366 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\WPFFontCache_v0400-S-1-5-21-2067509887-573568312-3817669188-1007-0.dat
[2012.07.23 22:16:08 | 013,476,602 | ---- | C] () -- C:\Dokumente und Einstellungen\Wolfgang\ZDFneo-Der_Adler_-_Codename__Sisyphus-120705_adler_sisyphus_neo.asx.asf
[2012.07.22 20:14:51 | 000,000,030 | ---- | C] () -- C:\WINDOWS\Iedit_.INI
[2012.07.22 19:51:26 | 000,120,200 | ---- | C] () -- C:\WINDOWS\System32\DLLDEV32i.dll
[2012.07.22 19:46:39 | 000,007,119 | ---- | C] () -- C:\WINDOWS\mgxoschk.ini
[2012.07.08 00:46:34 | 000,002,352 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\FontCache3.0.0.0.dat
[2012.06.28 15:06:13 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012.06.28 01:39:10 | 000,891,902 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\WPFFontCache_v0400-S-1-5-21-2067509887-573568312-3817669188-1006-0.dat
[2012.06.28 01:39:08 | 000,345,366 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\WPFFontCache_v0400-System.dat
[2012.06.26 21:04:22 | 000,007,026 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2012.06.26 20:09:31 | 000,044,240 | ---- | C] () -- C:\WINDOWS\System32\drivers\fsbts.sys
[2012.06.10 20:11:28 | 000,000,166 | ---- | C] () -- C:\Dokumente und Einstellungen\Wolfgang\Anwendungsdaten\wklnhst.dat
[2012.06.10 16:58:38 | 000,004,608 | ---- | C] () -- C:\Dokumente und Einstellungen\Wolfgang\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.06.10 16:36:14 | 000,000,272 | ---- | C] () -- C:\Dokumente und Einstellungen\Wolfgang\Anwendungsdaten\.backup.dm
[2012.06.09 21:25:28 | 000,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2012.06.09 21:16:26 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\Cpuinf32.dll
[2012.06.09 21:12:07 | 000,000,059 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2012.06.09 21:05:27 | 000,000,146 | ---- | C] () -- C:\Dokumente und Einstellungen\Wolfgang\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
 
========== ZeroAccess Check ==========
 
[2005.12.12 17:36:51 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2012.04.20 20:29:44 | 001,510,400 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009.02.09 11:51:44 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008.04.14 03:22:32 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2012.07.07 23:21:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ClubSanDisk
[2012.07.22 20:20:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\espionServerData
[2012.06.12 21:26:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\expLauncher
[2012.06.26 20:09:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\F-Secure
[2012.06.26 20:07:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\fssg
[2012.07.22 19:51:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MAGIX
[2012.10.03 14:12:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\tmp
[2012.12.15 22:17:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Try2
[2013.01.04 18:09:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\twonkyserver
[2012.12.22 00:34:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ubuntuone
[2012.12.22 00:34:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ubuntuone-storageprotocol
[2012.07.10 19:33:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ulead Systems
[2012.10.10 21:31:05 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{7E365CC2-534E-4C8D-B11C-02B771C3B82B}
[2012.10.10 21:30:49 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{802DB52C-80D7-4701-8846-73B3AEA244E6}
[2012.09.11 20:08:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\sony
[2012.12.23 23:22:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Petra\Anwendungsdaten\Box Desktop
[2012.12.23 23:22:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Petra\Anwendungsdaten\Box Sync
[2012.10.03 17:15:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Petra\Anwendungsdaten\Ulead Systems
[2012.11.23 23:08:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Wolfgang\Anwendungsdaten\Amazon
[2012.12.05 20:56:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Wolfgang\Anwendungsdaten\Box Desktop
[2013.01.04 18:11:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Wolfgang\Anwendungsdaten\Box Sync
[2012.08.22 21:03:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Wolfgang\Anwendungsdaten\calibre
[2012.06.26 20:49:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Wolfgang\Anwendungsdaten\EAC
[2012.10.10 21:40:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Wolfgang\Anwendungsdaten\Exif Viewer
[2013.01.02 22:16:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Wolfgang\Anwendungsdaten\F-Secure
[2012.08.01 20:42:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Wolfgang\Anwendungsdaten\inkscape
[2012.07.01 20:58:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Wolfgang\Anwendungsdaten\InterVideo
[2012.10.10 21:47:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Wolfgang\Anwendungsdaten\JPEGsnoop
[2012.07.07 21:05:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Wolfgang\Anwendungsdaten\Leadertech
[2012.08.01 20:47:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Wolfgang\Anwendungsdaten\LibreOffice
[2012.11.07 21:28:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Wolfgang\Anwendungsdaten\Mael
[2012.07.22 19:51:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Wolfgang\Anwendungsdaten\MAGIX
[2012.12.20 20:40:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Wolfgang\Anwendungsdaten\MioNetApplet
[2012.10.10 21:19:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Wolfgang\Anwendungsdaten\net.tw.air.ShrinkOMatic.7C34F9BA9FAD6689FAABBE85F1F5B46BA5A32DE5.1
[2012.08.01 20:45:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Wolfgang\Anwendungsdaten\Notepad++
[2012.07.23 19:09:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Wolfgang\Anwendungsdaten\Oracle
[2012.06.10 16:38:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Wolfgang\Anwendungsdaten\SanDisk SecureAccess
[2013.01.04 16:13:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Wolfgang\Anwendungsdaten\Software Informer
[2012.09.02 21:53:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Wolfgang\Anwendungsdaten\sony
[2012.07.31 20:54:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Wolfgang\Anwendungsdaten\STRATO
[2012.06.10 20:36:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Wolfgang\Anwendungsdaten\Template
[2012.12.15 22:17:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Wolfgang\Anwendungsdaten\Try2
[2013.01.04 18:09:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Wolfgang\Anwendungsdaten\TwonkyServer
[2012.07.10 19:34:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Wolfgang\Anwendungsdaten\Ulead Systems
 
========== Purity Check ==========
 
 

< End of report >

cosinus 06.01.2013 02:17
Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
  • Lies dir meine Anleitungen, die ich im Laufe dieses Strangs hier posten werde, aufmerksam durch. Frag umgehend nach, wenn dir irgendetwas unklar sein sollte, bevor du anfängst meine Anleitungen umzusetzen.

  • Solltest du bei einem Schritt Probleme haben, stoppe dort und beschreib mir das Problem so gut du kannst. Manchmal erfordert ein Schritt den vorhergehenden.

  • Bitte nur Scans durchführen zu denen du von einem Helfer aufgefordert wurdest! Installiere / Deinstalliere keine Software ohne Aufforderung!

  • Poste die Logfiles direkt in deinen Thread (bitte in CODE-Tags) und nicht als Anhang, ausser du wurdest dazu aufgefordert. Logs in Anhängen erschweren mir das Auswerten!

  • Beachte bitte auch => Löschen von Logfiles und andere Anfragen

Note:
Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread.
Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards.

1. aswMBR

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.

Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehlalarm!
  • Starte die aswMBR.exe Vista und Win7 User aswMBR per Rechtsklick "als Administrator ausführen"
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen) Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort. Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit.

Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes:
Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.


2. TDSS-Killer

Download TDSS-Killer auf Desktop siehe => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.

Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition ( meistens Laufwerk C: ) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

http://saved.im/mtg4nzy0ywy5/settings_2012-09-04.png

wolfk 06.01.2013 18:52
Hallo Cosinus,

zunächst grundsätzliches. Ich werde künftig nur das tun wozu ich aufgefordert werde,
also keine eigenmächtigen Aktionen. Nur so ist ein erfolgreiches Arbeiten möglich.
Mittlerweile habe ich den Begriff "Code-Tags" auch untergebracht.

Nun zu Punkt 1:

-Download aswMBR.exe und Datei auf Desktop gespeichert
Virenscanner abgstellt
-Start aswMBR.exe als Administrator mit der aktuellen Virendefinition
-Scan finished successfully
-Save Log und speichern des Logs auf dem Desktop.
-Posten der aswMBR.txt in der nächsten Antwort.

Punkt 2

-Download TDSS-Killer auf Desktop (Virenscanner abgestellt)
-Das Tool so eingestellt wie unten im Bild angegeben
-Start Scan geklickt und nach Durchlauf auf den Button Report geklickt
um das Log anzuzeigen. Dieses ist zu posten.

Anbei die Logs.

Vielen Dank für die Hilfe.

wolfk

Code:
aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2013-01-06 17:17:12
-----------------------------
17:17:12.171    OS Version: Windows 5.1.2600 Service Pack 3
17:17:12.171    Number of processors: 2 586 0xE08
17:17:12.171    ComputerName: LAPTOP-PC  UserName:
17:17:12.437    Initialize success
17:21:52.703    AVAST engine defs: 13010600
17:25:12.406    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e
17:25:12.406    Disk 0 Vendor: WDC_WD5000BEVT-00ZAT0 01.01A01 Size: 476940MB BusType: 3
17:25:12.406    Disk 1  \Device\Harddisk1\DR14 -> \Device\0000008e
17:25:12.406    Disk 1 Vendor: (  Size: 476940MB BusType: 0
17:25:12.421    Disk 0 MBR read successfully
17:25:12.421    Disk 0 MBR scan
17:25:12.453    Disk 0 unknown MBR code
17:25:12.453    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS        50006 MB offset 63
17:25:12.468    Disk 0 Partition 2 00    07    HPFS/NTFS NTFS        49999 MB offset 102414375
17:25:12.484    Disk 0 Partition 3 00    07    HPFS/NTFS NTFS        77711 MB offset 204812685
17:25:12.484    Disk 0 Partition - 00    0F Extended LBA            298114 MB offset 363968701
17:25:12.500    Disk 0 Partition 4 00    0B        FAT32 MSWIN4.1    51497 MB offset 363968703
17:25:12.500    Disk 0 Partition - 00    05    Extended            144020 MB offset 469435365
17:25:12.515    Disk 0 Partition 5 00    0B        FAT32            144020 MB offset 469435428
17:25:12.515    Disk 0 Partition - 00    05    Extended            30718 MB offset 869855429
17:25:12.531    Disk 0 Partition 6 00    83        Linux            30718 MB offset 764389376
17:25:12.546    Disk 0 Partition - 00    05    Extended              5122 MB offset 1227719904
17:25:12.562    Disk 0 Partition 7 00    82  Linux swap              5121 MB offset 827301888
17:25:12.562    Disk 0 Partition - 00    05    Extended            19072 MB offset 1301120889
17:25:12.578    Disk 0 Partition 8 00    83        Linux            19072 MB offset 837791744
17:25:12.593    Disk 0 Partition - 00    05    Extended              4768 MB offset 1350672249
17:25:13.625    Disk 0 Partition 9 00    82  Linux swap              4767 MB offset 876853248
17:25:13.625    Disk 0 Partition - 00    05    Extended            14305 MB offset 1399498563
17:25:13.656    Disk 0 Partition 10 00    83        Linux            14304 MB offset 886618112
17:25:13.656    Disk 0 Partition - 00    05    Extended              4767 MB offset 1438561208
17:25:13.687    Disk 0 Partition 11 00    82  Linux swap              4767 MB offset 915914752
17:25:13.687    Disk 0 Partition - 00    05    Extended            19073 MB offset 1477622712
17:25:13.718    Disk 0 Partition 12 00    83        Linux            19072 MB offset 925679616
17:25:13.718    Disk 0 Partition - 00    05    Extended              4769 MB offset 1526447939
17:25:13.750    Disk 0 Partition 13 00    82  Linux swap              4768 MB offset 964741120
17:25:13.781    Disk 0 scanning sectors +974506745
17:25:13.859    Disk 0 scanning C:\WINDOWS\system32\drivers
17:25:24.281    Service scanning
17:25:41.109    Modules scanning
17:25:44.890    Disk 0 trace - called modules:
17:25:44.906    ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
17:25:44.906    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a5feab8]
17:25:44.906    3 CLASSPNP.SYS[ba108fd7] -> nt!IofCallDriver -> \Device\00000086[0x8a64f9e8]
17:25:44.906    5 ACPI.sys[b9f7e620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-e[0x8a64fd98]
17:25:45.468    AVAST engine scan C:\WINDOWS
17:26:07.625    AVAST engine scan C:\WINDOWS\system32
17:29:02.359    AVAST engine scan C:\WINDOWS\system32\drivers
17:29:17.953    AVAST engine scan C:\Dokumente und Einstellungen\Administrator
17:29:23.250    AVAST engine scan C:\Dokumente und Einstellungen\All Users
17:30:26.078    Scan finished successfully
17:32:30.062    Disk 0 MBR has been saved successfully to "C:\Dokumente und Einstellungen\Wolfgang\Desktop\MBR.dat"
17:32:30.062    The log file has been saved successfully to "C:\Dokumente und Einstellungen\Wolfgang\Desktop\aswMBR.txt"
Code:
18:01:32.0359 5136  TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
18:01:34.0359 5136  ============================================================
18:01:34.0359 5136  Current date / time: 2013/01/06 18:01:34.0359
18:01:34.0359 5136  SystemInfo:
18:01:34.0359 5136 
18:01:34.0359 5136  OS Version: 5.1.2600 ServicePack: 3.0
18:01:34.0359 5136  Product type: Workstation
18:01:34.0359 5136  ComputerName: LAPTOP-PC
18:01:34.0359 5136  UserName: Wolfgang
18:01:34.0359 5136  Windows directory: C:\WINDOWS
18:01:34.0359 5136  System windows directory: C:\WINDOWS
18:01:34.0359 5136  Processor architecture: Intel x86
18:01:34.0359 5136  Number of processors: 2
18:01:34.0359 5136  Page size: 0x1000
18:01:34.0359 5136  Boot type: Normal boot
18:01:34.0359 5136  ============================================================
18:01:35.0515 5136  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
18:01:35.0515 5136  Drive \Device\Harddisk2\DR16 - Size: 0x3C1200000 (15.02 Gb), SectorSize: 0x200, Cylinders: 0x7A8, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
18:01:35.0515 5136  Drive \Device\Harddisk3\DR17 - Size: 0x746EC00000 (465.73 Gb), SectorSize: 0x200, Cylinders: 0xED7D, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
18:01:39.0375 5136  ============================================================
18:01:39.0375 5136  \Device\Harddisk0\DR0:
18:01:39.0375 5136  MBR partitions:
18:01:39.0375 5136  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x61AB7E8
18:01:39.0375 5136  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x61AB827, BlocksNum 0x61A7966
18:01:39.0375 5136  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0xC35318D, BlocksNum 0x97C7E73
18:01:39.0406 5136  \Device\Harddisk0\DR0\Partition4: MBR, Type 0xB, StartLBA 0x15B1B8BF, BlocksNum 0x6494B26
18:01:39.0421 5136  \Device\Harddisk0\DR0\Partition5: MBR, Type 0xB, StartLBA 0x1BFB0424, BlocksNum 0x1194A179
18:01:39.0515 5136  \Device\Harddisk2\DR16:
18:01:39.0515 5136  MBR partitions:
18:01:39.0515 5136  \Device\Harddisk2\DR16\Partition1: MBR, Type 0xC, StartLBA 0x2FD0, BlocksNum 0x1E06030
18:01:39.0515 5136  \Device\Harddisk3\DR17:
18:01:39.0515 5136  MBR partitions:
18:01:39.0515 5136  \Device\Harddisk3\DR17\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x3A375800
18:01:39.0515 5136  ============================================================
18:01:39.0562 5136  C: <-> \Device\Harddisk0\DR0\Partition1
18:01:39.0562 5136  D: <-> \Device\Harddisk0\DR0\Partition5
18:01:39.0625 5136  F: <-> \Device\Harddisk0\DR0\Partition2
18:01:39.0640 5136  G: <-> \Device\Harddisk0\DR0\Partition3
18:01:39.0640 5136  J: <-> \Device\Harddisk0\DR0\Partition4
18:01:39.0734 5136  N: <-> \Device\Harddisk3\DR17\Partition1
18:01:39.0734 5136  ============================================================
18:01:39.0734 5136  Initialize success
18:01:39.0734 5136  ============================================================
18:05:23.0609 4124  ============================================================
18:05:23.0609 4124  Scan started
18:05:23.0609 4124  Mode: Manual; SigCheck; TDLFS;
18:05:23.0609 4124  ============================================================
18:05:24.0671 4124  ================ Scan system memory ========================
18:05:28.0250 4124  System memory - ok
18:05:28.0250 4124  ================ Scan services =============================
18:05:28.0328 4124  Abiosdsk - ok
18:05:28.0343 4124  abp480n5 - ok
18:05:28.0375 4124  [ AC407F1A62C3A300B4F2B5A9F1D55B2C ] ACPI            C:\WINDOWS\system32\DRIVERS\ACPI.sys
18:05:28.0703 4124  ACPI - ok
18:05:28.0765 4124  [ 9E1CA3160DAFB159CA14F83B1E317F75 ] ACPIEC          C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
18:05:28.0890 4124  ACPIEC - ok
18:05:29.0031 4124  [ 2486C8E3F14496341E90CF2AB8BC82ED ] AdobeActiveFileMonitor4.0 C:\Programme\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
18:05:29.0046 4124  AdobeActiveFileMonitor4.0 ( UnsignedFile.Multi.Generic ) - warning
18:05:29.0046 4124  AdobeActiveFileMonitor4.0 - detected UnsignedFile.Multi.Generic (1)
18:05:29.0109 4124  [ 95CE557D16A75606CCC2D7F3B0B0BCCB ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
18:05:29.0140 4124  AdobeFlashPlayerUpdateSvc - ok
18:05:29.0140 4124  adpu160m - ok
18:05:29.0156 4124  [ 8BED39E3C35D6A489438B8141717A557 ] aec            C:\WINDOWS\system32\drivers\aec.sys
18:05:29.0296 4124  aec - ok
18:05:29.0312 4124  [ 12DAFD934641DCF61E446313BC261EC2 ] AegisP          C:\WINDOWS\system32\DRIVERS\AegisP.sys
18:05:29.0328 4124  AegisP ( UnsignedFile.Multi.Generic ) - warning
18:05:29.0328 4124  AegisP - detected UnsignedFile.Multi.Generic (1)
18:05:29.0359 4124  [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD            C:\WINDOWS\System32\drivers\afd.sys
18:05:29.0421 4124  AFD - ok
18:05:29.0421 4124  Aha154x - ok
18:05:29.0421 4124  aic78u2 - ok
18:05:29.0437 4124  aic78xx - ok
18:05:29.0468 4124  [ 738D80CC01D7BC7584BE917B7F544394 ] Alerter        C:\WINDOWS\system32\alrsvc.dll
18:05:29.0593 4124  Alerter - ok
18:05:29.0609 4124  [ 190CD73D4984F94D823F9444980513E5 ] ALG            C:\WINDOWS\System32\alg.exe
18:05:29.0734 4124  ALG - ok
18:05:29.0734 4124  AliIde - ok
18:05:29.0734 4124  amsint - ok
18:05:29.0796 4124  [ B21FCBC58CB13BAC70F74B5AC5DA7409 ] ApfiltrService  C:\WINDOWS\system32\DRIVERS\Apfiltr.sys
18:05:29.0843 4124  ApfiltrService - ok
18:05:29.0875 4124  [ D45960BE52C3C610D361977057F98C54 ] AppMgmt        C:\WINDOWS\System32\appmgmts.dll
18:05:30.0000 4124  AppMgmt - ok
18:05:30.0031 4124  [ B5B8A80875C1DEDEDA8B02765642C32F ] Arp1394        C:\WINDOWS\system32\DRIVERS\arp1394.sys
18:05:30.0156 4124  Arp1394 - ok
18:05:30.0156 4124  asc - ok
18:05:30.0156 4124  asc3350p - ok
18:05:30.0171 4124  asc3550 - ok
18:05:30.0281 4124  [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state    C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
18:05:30.0296 4124  aspnet_state - ok
18:05:30.0312 4124  [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac        C:\WINDOWS\system32\DRIVERS\asyncmac.sys
18:05:30.0453 4124  AsyncMac - ok
18:05:30.0468 4124  [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi          C:\WINDOWS\system32\DRIVERS\atapi.sys
18:05:30.0593 4124  atapi - ok
18:05:30.0593 4124  Atdisk - ok
18:05:30.0625 4124  [ 9916C1225104BA14794209CFA8012159 ] Atmarpc        C:\WINDOWS\system32\DRIVERS\atmarpc.sys
18:05:30.0734 4124  Atmarpc - ok
18:05:30.0765 4124  [ 58ED0D5452DF7BE732193E7999C6B9A4 ] AudioSrv        C:\WINDOWS\System32\audiosrv.dll
18:05:30.0906 4124  AudioSrv - ok
18:05:30.0921 4124  [ D9F724AA26C010A217C97606B160ED68 ] audstub        C:\WINDOWS\system32\DRIVERS\audstub.sys
18:05:31.0046 4124  audstub - ok
18:05:31.0093 4124  [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep            C:\WINDOWS\system32\drivers\Beep.sys
18:05:31.0218 4124  Beep - ok
18:05:31.0265 4124  [ D6F603772A789BB3228F310D650B8BD1 ] BITS            C:\WINDOWS\system32\qmgr.dll
18:05:31.0390 4124  BITS - ok
18:05:31.0437 4124  [ B71549F23736ADF83A571061C47777FD ] Browser        C:\WINDOWS\System32\browser.dll
18:05:31.0500 4124  Browser - ok
18:05:31.0531 4124  [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k        C:\WINDOWS\system32\drivers\cbidf2k.sys
18:05:31.0734 4124  cbidf2k - ok
18:05:31.0765 4124  [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE        C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
18:05:31.0890 4124  CCDECODE - ok
18:05:31.0890 4124  cd20xrnt - ok
18:05:31.0921 4124  [ C1B486A7658353D33A10CC15211A873B ] Cdaudio        C:\WINDOWS\system32\drivers\Cdaudio.sys
18:05:32.0062 4124  Cdaudio - ok
18:05:32.0093 4124  [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs            C:\WINDOWS\system32\drivers\Cdfs.sys
18:05:32.0234 4124  Cdfs - ok
18:05:32.0250 4124  [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom          C:\WINDOWS\system32\DRIVERS\cdrom.sys
18:05:32.0390 4124  Cdrom - ok
18:05:32.0390 4124  Changer - ok
18:05:32.0453 4124  [ 28E3040D1F1CA2008CD6B29DFEBC9A5E ] CiSvc          C:\WINDOWS\system32\cisvc.exe
18:05:32.0562 4124  CiSvc - ok
18:05:32.0578 4124  [ 778A30ED3C134EB7E406AFC407E9997D ] ClipSrv        C:\WINDOWS\system32\clipsrv.exe
18:05:32.0750 4124  ClipSrv - ok
18:05:32.0796 4124  [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:05:32.0828 4124  clr_optimization_v2.0.50727_32 - ok
18:05:32.0890 4124  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
18:05:32.0906 4124  clr_optimization_v4.0.30319_32 - ok
18:05:32.0921 4124  [ 0F6C187D38D98F8DF904589A5F94D411 ] CmBatt          C:\WINDOWS\system32\DRIVERS\CmBatt.sys
18:05:33.0062 4124  CmBatt - ok
18:05:33.0062 4124  CmdIde - ok
18:05:33.0078 4124  [ 6E4C9F21F0FAE8940661144F41B13203 ] Compbatt        C:\WINDOWS\system32\DRIVERS\compbatt.sys
18:05:33.0203 4124  Compbatt - ok
18:05:33.0203 4124  COMSysApp - ok
18:05:33.0218 4124  Cpqarray - ok
18:05:33.0234 4124  [ 611F824E5C703A5A899F84C5F1699E4D ] CryptSvc        C:\WINDOWS\System32\cryptsvc.dll
18:05:33.0359 4124  CryptSvc - ok
18:05:33.0359 4124  dac2w2k - ok
18:05:33.0375 4124  dac960nt - ok
18:05:33.0421 4124  [ 3127AFBF2C1ED0AB14A1BBB7AAECB85B ] DcomLaunch      C:\WINDOWS\system32\rpcss.dll
18:05:33.0500 4124  DcomLaunch - ok
18:05:33.0546 4124  [ C29A1C9B75BA38FA37F8C44405DEC360 ] Dhcp            C:\WINDOWS\System32\dhcpcsvc.dll
18:05:33.0671 4124  Dhcp - ok
18:05:33.0671 4124  [ 044452051F3E02E7963599FC8F4F3E25 ] Disk            C:\WINDOWS\system32\DRIVERS\disk.sys
18:05:33.0812 4124  Disk - ok
18:05:33.0828 4124  dmadmin - ok
18:05:33.0875 4124  [ 0DCFC8395A99FECBB1EF771CEC7FE4EA ] dmboot          C:\WINDOWS\system32\drivers\dmboot.sys
18:05:34.0031 4124  dmboot - ok
18:05:34.0078 4124  [ 526192BF7696F72E29777BF4A180513A ] DMICall        C:\WINDOWS\system32\DRIVERS\DMICall.sys
18:05:34.0218 4124  DMICall - ok
18:05:34.0234 4124  [ 53720AB12B48719D00E327DA470A619A ] dmio            C:\WINDOWS\system32\drivers\dmio.sys
18:05:34.0359 4124  dmio - ok
18:05:34.0390 4124  [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload          C:\WINDOWS\system32\drivers\dmload.sys
18:05:34.0515 4124  dmload - ok
18:05:34.0562 4124  [ 25C83FFBBA13B554EB6D59A9B2E2EE78 ] dmserver        C:\WINDOWS\System32\dmserver.dll
18:05:34.0671 4124  dmserver - ok
18:05:34.0703 4124  [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic          C:\WINDOWS\system32\drivers\DMusic.sys
18:05:34.0812 4124  DMusic - ok
18:05:34.0843 4124  [ 407F3227AC618FD1CA54B335B083DE07 ] Dnscache        C:\WINDOWS\System32\dnsrslvr.dll
18:05:34.0937 4124  Dnscache - ok
18:05:34.0968 4124  [ 676E36C4FF5BCEA1900F44182B9723E6 ] Dot3svc        C:\WINDOWS\System32\dot3svc.dll
18:05:35.0078 4124  Dot3svc - ok
18:05:35.0093 4124  dpti2o - ok
18:05:35.0109 4124  [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud        C:\WINDOWS\system32\drivers\drmkaud.sys
18:05:35.0234 4124  drmkaud - ok
18:05:35.0265 4124  [ D57A8FC800B501AC05B10D00F66D127A ] E100B          C:\WINDOWS\system32\DRIVERS\e100b325.sys
18:05:35.0328 4124  E100B - ok
18:05:35.0359 4124  [ 389CF2CDED384BE477C3B3F15747D495 ] e1express      C:\WINDOWS\system32\DRIVERS\e1e5132.sys
18:05:35.0390 4124  e1express - ok
18:05:35.0437 4124  [ 4E4F2FDDAB0A0736D7671134DCCE91FB ] EapHost        C:\WINDOWS\System32\eapsvc.dll
18:05:35.0562 4124  EapHost - ok
18:05:35.0609 4124  [ 8301243BDE5B6CD316D79C0191D50D9A ] ehRecvr        C:\WINDOWS\eHome\ehRecvr.exe
18:05:35.0640 4124  ehRecvr - ok
18:05:35.0656 4124  [ 877C18558D70587AA7823A1A308AC96B ] ERSvc          C:\WINDOWS\System32\ersvc.dll
18:05:35.0781 4124  ERSvc - ok
18:05:35.0890 4124  esihdrv - ok
18:05:35.0921 4124  [ A3EDBE9053889FB24AB22492472B39DC ] Eventlog        C:\WINDOWS\system32\services.exe
18:05:35.0984 4124  Eventlog - ok
18:05:36.0000 4124  [ AF4F6B5739D18CA7972AB53E091CBC74 ] EventSystem    C:\WINDOWS\system32\es.dll
18:05:36.0031 4124  EventSystem - ok
18:05:36.0078 4124  [ 56DED3ADE453272E6A0AD582D945D1A4 ] EvtEng          C:\Programme\Intel\Wireless\Bin\EvtEng.exe
18:05:36.0109 4124  EvtEng ( UnsignedFile.Multi.Generic ) - warning
18:05:36.0109 4124  EvtEng - detected UnsignedFile.Multi.Generic (1)
18:05:36.0218 4124  [ C42B0105E09B1ECE2DD75141CF64AFD6 ] F-Secure Filter G:\Eigene Programme\F-Secure\Anti-Virus\Win2K\FSfilter.sys
18:05:36.0312 4124  F-Secure Filter - ok
18:05:36.0343 4124  [ C5D80C3A419BA6BED9AAB9385031A308 ] F-Secure Gatekeeper G:\Eigene Programme\F-Secure\Anti-Virus\minifilter\fsgk.sys
18:05:36.0375 4124  F-Secure Gatekeeper - ok
18:05:36.0390 4124  [ 2346842F07E2AB64D1DC83A67FCCDFA1 ] F-Secure Gatekeeper Handler Starter G:\Eigene Programme\F-Secure\Anti-Virus\fsgk32st.exe
18:05:36.0421 4124  F-Secure Gatekeeper Handler Starter - ok
18:05:36.0468 4124  [ DC0720248DC4D1F303DF94CCC3ADFF96 ] F-Secure HIPS  G:\Eigene Programme\F-Secure\HIPS\drivers\fshs.sys
18:05:36.0484 4124  F-Secure HIPS - ok
18:05:36.0484 4124  [ 17B22D1BB6770D8A86573387345C1738 ] F-Secure Recognizer G:\Eigene Programme\F-Secure\Anti-Virus\Win2K\FSrec.sys
18:05:36.0500 4124  F-Secure Recognizer - ok
18:05:36.0531 4124  [ 38D332A6D56AF32635675F132548343E ] Fastfat        C:\WINDOWS\system32\drivers\Fastfat.sys
18:05:36.0656 4124  Fastfat - ok
18:05:36.0703 4124  [ 2DB7D303C36DDD055215052F118E8E75 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
18:05:36.0750 4124  FastUserSwitchingCompatibility - ok
18:05:36.0781 4124  [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc            C:\WINDOWS\system32\drivers\Fdc.sys
18:05:36.0890 4124  Fdc - ok
18:05:36.0921 4124  [ B0678A548587C5F1967B0D70BACAD6C1 ] Fips            C:\WINDOWS\system32\drivers\Fips.sys
18:05:37.0046 4124  Fips - ok
18:05:37.0062 4124  [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk        C:\WINDOWS\system32\drivers\Flpydisk.sys
18:05:37.0187 4124  Flpydisk - ok
18:05:37.0203 4124  [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr          C:\WINDOWS\system32\drivers\fltmgr.sys
18:05:37.0343 4124  FltMgr - ok
18:05:37.0406 4124  [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
18:05:37.0421 4124  FontCache3.0.0.0 - ok
18:05:37.0453 4124  [ 18DA737DD5122A475DA4948ED4643675 ] fsbts          C:\WINDOWS\system32\Drivers\fsbts.sys
18:05:37.0468 4124  fsbts - ok
18:05:37.0531 4124  [ 7CD27E80DFD22F02FBDA47B706ABA0F2 ] FSDFWD          G:\Eigene Programme\F-Secure\FWES\Program\fsdfwd.exe
18:05:37.0578 4124  FSDFWD - ok
18:05:37.0578 4124  [ FE5918F5C839F7BBF74FB91743DD4262 ] FSFW            C:\WINDOWS\system32\drivers\fsdfw.sys
18:05:37.0609 4124  FSFW - ok
18:05:37.0687 4124  [ 8A556A81E9FF95BD9EB7207783E8FCF4 ] FSMA            G:\Eigene Programme\F-Secure\Common\FSMA32.EXE
18:05:37.0718 4124  FSMA - ok
18:05:37.0750 4124  [ 42AEF6A385354ACA65FC210CE7CE4D7C ] FSORSPClient    G:\Eigene Programme\F-Secure\ORSP Client\fsorsp.exe
18:05:37.0765 4124  FSORSPClient - ok
18:05:37.0812 4124  [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec          C:\WINDOWS\system32\drivers\Fs_Rec.sys
18:05:37.0937 4124  Fs_Rec - ok
18:05:37.0984 4124  [ 8F1955CE42E1484714B542F341647778 ] Ftdisk          C:\WINDOWS\system32\DRIVERS\ftdisk.sys
18:05:38.0109 4124  Ftdisk - ok
18:05:38.0140 4124  [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc            C:\WINDOWS\system32\DRIVERS\msgpc.sys
18:05:38.0265 4124  Gpc - ok
18:05:38.0296 4124  [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus        C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
18:05:38.0437 4124  HDAudBus - ok
18:05:38.0468 4124  [ CB66BF85BF599BEFD6C6A57C2E20357F ] helpsvc        C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
18:05:38.0609 4124  helpsvc - ok
18:05:38.0609 4124  HidServ - ok
18:05:38.0656 4124  [ ED29F14101523A6E0E808107405D452C ] hkmsvc          C:\WINDOWS\System32\kmsvc.dll
18:05:38.0781 4124  hkmsvc - ok
18:05:38.0796 4124  hpn - ok
18:05:38.0828 4124  [ ACC46DDA7FECE95A253AE88CEA172E12 ] HSFHWAZL        C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys
18:05:38.0875 4124  HSFHWAZL - ok
18:05:38.0906 4124  [ C9F4E7DA78A02623ABF78A4A34CE79B1 ] HSF_DPV        C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
18:05:38.0984 4124  HSF_DPV - ok
18:05:39.0015 4124  [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP            C:\WINDOWS\system32\Drivers\HTTP.sys
18:05:39.0078 4124  HTTP - ok
18:05:39.0109 4124  [ 9E4ADB854CEBCFB81A4B36718FEECD16 ] HTTPFilter      C:\WINDOWS\System32\w3ssl.dll
18:05:39.0234 4124  HTTPFilter - ok
18:05:39.0250 4124  i2omgmt - ok
18:05:39.0250 4124  i2omp - ok
18:05:39.0281 4124  [ E283B97CFBEB86C1D86BAED5F7846A92 ] i8042prt        C:\WINDOWS\system32\DRIVERS\i8042prt.sys
18:05:39.0406 4124  i8042prt - ok
18:05:39.0515 4124  [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc          C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
18:05:39.0593 4124  idsvc - ok
18:05:39.0671 4124  [ A16DEDF58C40D8236578F0FBB520EA6D ] Image Converter video recording monitor for VAIO Entertainment C:\Programme\Sony\Image Converter 2\IcVzMon.exe
18:05:39.0687 4124  Image Converter video recording monitor for VAIO Entertainment ( UnsignedFile.Multi.Generic ) - warning
18:05:39.0687 4124  Image Converter video recording monitor for VAIO Entertainment - detected UnsignedFile.Multi.Generic (1)
18:05:39.0703 4124  [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi          C:\WINDOWS\system32\DRIVERS\imapi.sys
18:05:39.0828 4124  Imapi - ok
18:05:39.0859 4124  [ D4B413AA210C21E46AEDD2BA5B68D38E ] ImapiService    C:\WINDOWS\system32\imapi.exe
18:05:39.0984 4124  ImapiService - ok
18:05:40.0000 4124  ini910u - ok
18:05:40.0000 4124  IntelIde - ok
18:05:40.0031 4124  [ 4C7D2750158ED6E7AD642D97BFFAE351 ] intelppm        C:\WINDOWS\system32\DRIVERS\intelppm.sys
18:05:40.0171 4124  intelppm - ok
18:05:40.0218 4124  [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw          C:\WINDOWS\system32\drivers\ip6fw.sys
18:05:40.0343 4124  Ip6Fw - ok
18:05:40.0359 4124  [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver  C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
18:05:40.0484 4124  IpFilterDriver - ok
18:05:40.0515 4124  [ B87AB476DCF76E72010632B5550955F5 ] IpInIp          C:\WINDOWS\system32\DRIVERS\ipinip.sys
18:05:40.0625 4124  IpInIp - ok
18:05:40.0640 4124  [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat          C:\WINDOWS\system32\DRIVERS\ipnat.sys
18:05:40.0781 4124  IpNat - ok
18:05:40.0812 4124  [ 23C74D75E36E7158768DD63D92789A91 ] IPSec          C:\WINDOWS\system32\DRIVERS\ipsec.sys
18:05:40.0937 4124  IPSec - ok
18:05:40.0953 4124  [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM          C:\WINDOWS\system32\DRIVERS\irenum.sys
18:05:41.0062 4124  IRENUM - ok
18:05:41.0093 4124  [ 6DFB88F64135C525433E87648BDA30DE ] isapnp          C:\WINDOWS\system32\DRIVERS\isapnp.sys
18:05:41.0218 4124  isapnp - ok
18:05:41.0312 4124  [ B591E761161D1EF547D76EF236EAA6A5 ] JavaQuickStarterService C:\Programme\Java\jre7\bin\jqs.exe
18:05:41.0343 4124  JavaQuickStarterService - ok
18:05:41.0359 4124  [ 1704D8C4C8807B889E43C649B478A452 ] Kbdclass        C:\WINDOWS\system32\DRIVERS\kbdclass.sys
18:05:41.0484 4124  Kbdclass - ok
18:05:41.0515 4124  [ 692BCF44383D056AED41B045A323D378 ] kmixer          C:\WINDOWS\system32\drivers\kmixer.sys
18:05:41.0640 4124  kmixer - ok
18:05:41.0671 4124  [ B467646C54CC746128904E1654C750C1 ] KSecDD          C:\WINDOWS\system32\drivers\KSecDD.sys
18:05:41.0718 4124  KSecDD - ok
18:05:41.0765 4124  [ 2BBDCB79900990F0716DFCB714E72DE7 ] lanmanserver    C:\WINDOWS\System32\srvsvc.dll
18:05:41.0796 4124  lanmanserver - ok
18:05:41.0812 4124  [ 1869B14B06B44B44AF70548E1EA3303F ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
18:05:41.0859 4124  lanmanworkstation - ok
18:05:41.0859 4124  lbrtfdc - ok
18:05:41.0890 4124  [ 636714B7D43C8D0C80449123FD266920 ] LmHosts        C:\WINDOWS\System32\lmhsvc.dll
18:05:42.0015 4124  LmHosts - ok
18:05:42.0046 4124  [ 52404CC76E9D53843BDF97564BB16BED ] McrdSvc        C:\WINDOWS\ehome\mcrdsvc.exe
18:05:42.0078 4124  McrdSvc - ok
18:05:42.0109 4124  [ E246A32C445056996074A397DA56E815 ] mdmxsdk        C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
18:05:42.0125 4124  mdmxsdk - ok
18:05:42.0156 4124  [ B7550A7107281D170CE85524B1488C98 ] Messenger      C:\WINDOWS\System32\msgsvc.dll
18:05:42.0281 4124  Messenger - ok
18:05:42.0343 4124  [ DED60230E3019C508769EC3C15BCDA44 ] MHN            C:\WINDOWS\System32\mhn.dll
18:05:42.0359 4124  MHN ( UnsignedFile.Multi.Generic ) - warning
18:05:42.0359 4124  MHN - detected UnsignedFile.Multi.Generic (1)
18:05:42.0375 4124  [ 7F2F1D2815A6449D346FCCCBC569FBD6 ] MHNDRV          C:\WINDOWS\system32\DRIVERS\mhndrv.sys
18:05:42.0390 4124  MHNDRV ( UnsignedFile.Multi.Generic ) - warning
18:05:42.0390 4124  MHNDRV - detected UnsignedFile.Multi.Generic (1)
18:05:42.0406 4124  [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd          C:\WINDOWS\system32\drivers\mnmdd.sys
18:05:42.0546 4124  mnmdd - ok
18:05:42.0578 4124  [ C2F1D365FD96791B037EE504868065D3 ] mnmsrvc        C:\WINDOWS\system32\mnmsrvc.exe
18:05:42.0718 4124  mnmsrvc - ok
18:05:42.0750 4124  [ 6FB74EBD4EC57A6F1781DE3852CC3362 ] Modem          C:\WINDOWS\system32\drivers\Modem.sys
18:05:42.0859 4124  Modem - ok
18:05:42.0890 4124  [ B24CE8005DEAB254C0251E15CB71D802 ] Mouclass        C:\WINDOWS\system32\DRIVERS\mouclass.sys
18:05:43.0000 4124  Mouclass - ok
18:05:43.0031 4124  [ 66A6F73C74E1791464160A7065CE711A ] mouhid          C:\WINDOWS\system32\DRIVERS\mouhid.sys
18:05:43.0140 4124  mouhid - ok
18:05:43.0171 4124  [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr        C:\WINDOWS\system32\drivers\MountMgr.sys
18:05:43.0296 4124  MountMgr - ok
18:05:43.0328 4124  [ 8C7336950F1E69CDFD811CBBD9CF00A2 ] MozillaMaintenance C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe
18:05:43.0359 4124  MozillaMaintenance - ok
18:05:43.0359 4124  mraid35x - ok
18:05:43.0375 4124  [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV          C:\WINDOWS\system32\DRIVERS\mrxdav.sys
18:05:43.0500 4124  MRxDAV - ok
18:05:43.0531 4124  [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb          C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
18:05:43.0609 4124  MRxSmb - ok
18:05:43.0687 4124  [ FB29C32AFA6F1FA887764323F06711D0 ] MSCSPTISRV      C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\MSCSPTISRV.exe
18:05:43.0703 4124  MSCSPTISRV ( UnsignedFile.Multi.Generic ) - warning
18:05:43.0703 4124  MSCSPTISRV - detected UnsignedFile.Multi.Generic (1)
18:05:43.0718 4124  [ 35A031AF38C55F92D28AA03EE9F12CC9 ] MSDTC          C:\WINDOWS\system32\msdtc.exe
18:05:43.0843 4124  MSDTC - ok
18:05:43.0859 4124  [ C941EA2454BA8350021D774DAF0F1027 ] Msfs            C:\WINDOWS\system32\drivers\Msfs.sys
18:05:43.0968 4124  Msfs - ok
18:05:43.0984 4124  MSIServer - ok
18:05:44.0000 4124  [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV        C:\WINDOWS\system32\drivers\MSKSSRV.sys
18:05:44.0125 4124  MSKSSRV - ok
18:05:44.0156 4124  [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK        C:\WINDOWS\system32\drivers\MSPCLOCK.sys
18:05:44.0265 4124  MSPCLOCK - ok
18:05:44.0296 4124  [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM          C:\WINDOWS\system32\drivers\MSPQM.sys
18:05:44.0406 4124  MSPQM - ok
18:05:44.0437 4124  [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios        C:\WINDOWS\system32\DRIVERS\mssmbios.sys
18:05:44.0546 4124  mssmbios - ok
18:05:44.0562 4124  MSSQL$VAIO_VEDB - ok
18:05:44.0609 4124  [ CB7524C21727404BD3140DCA32DEB7DE ] MSSQLServerADHelper C:\Programme\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe
18:05:44.0625 4124  MSSQLServerADHelper ( UnsignedFile.Multi.Generic ) - warning
18:05:44.0625 4124  MSSQLServerADHelper - detected UnsignedFile.Multi.Generic (1)
18:05:44.0640 4124  [ E53736A9E30C45FA9E7B5EAC55056D1D ] MSTEE          C:\WINDOWS\system32\drivers\MSTEE.sys
18:05:44.0765 4124  MSTEE - ok
18:05:44.0796 4124  [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup            C:\WINDOWS\system32\drivers\Mup.sys
18:05:44.0859 4124  Mup - ok
18:05:44.0890 4124  [ 5B50F1B2A2ED47D560577B221DA734DB ] NABTSFEC        C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
18:05:45.0015 4124  NABTSFEC - ok
18:05:45.0046 4124  [ 46BB15AE2AC7D025D6D2567B876817BD ] napagent        C:\WINDOWS\System32\qagentrt.dll
18:05:45.0171 4124  napagent - ok
18:05:45.0250 4124  [ 1BBBF640BC0E0B750537BAECE8D66C18 ] NAUpdate        C:\Programme\Nero\Update\NASvc.exe
18:05:45.0312 4124  NAUpdate - ok
18:05:45.0312 4124  [ E240F3204E86B7B6CCF266B2A2AD32B4 ] NBVol          C:\WINDOWS\system32\DRIVERS\NBVol.sys
18:05:45.0343 4124  NBVol - ok
18:05:45.0343 4124  [ C0CF3CCCCE3C75F7280C89029AB47866 ] NBVolUp        C:\WINDOWS\system32\DRIVERS\NBVolUp.sys
18:05:45.0359 4124  NBVolUp - ok
18:05:45.0375 4124  [ 1DF7F42665C94B825322FAE71721130D ] NDIS            C:\WINDOWS\system32\drivers\NDIS.sys
18:05:45.0500 4124  NDIS - ok
18:05:45.0531 4124  [ 7FF1F1FD8609C149AA432F95A8163D97 ] NdisIP          C:\WINDOWS\system32\DRIVERS\NdisIP.sys
18:05:45.0656 4124  NdisIP - ok
18:05:45.0687 4124  [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi        C:\WINDOWS\system32\DRIVERS\ndistapi.sys
18:05:45.0734 4124  NdisTapi - ok
18:05:45.0765 4124  [ F927A4434C5028758A842943EF1A3849 ] Ndisuio        C:\WINDOWS\system32\DRIVERS\ndisuio.sys
18:05:45.0890 4124  Ndisuio - ok
18:05:45.0890 4124  [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan        C:\WINDOWS\system32\DRIVERS\ndiswan.sys
18:05:46.0015 4124  NdisWan - ok
18:05:46.0062 4124  [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy        C:\WINDOWS\system32\drivers\NDProxy.sys
18:05:46.0125 4124  NDProxy - ok
18:05:46.0125 4124  [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS        C:\WINDOWS\system32\DRIVERS\netbios.sys
18:05:46.0265 4124  NetBIOS - ok
18:05:46.0312 4124  [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT          C:\WINDOWS\system32\DRIVERS\netbt.sys
18:05:46.0453 4124  NetBT - ok
18:05:46.0484 4124  [ 8ACE4251BFFD09CE75679FE940E996CC ] NetDDE          C:\WINDOWS\system32\netdde.exe
18:05:46.0609 4124  NetDDE - ok
18:05:46.0609 4124  [ 8ACE4251BFFD09CE75679FE940E996CC ] NetDDEdsdm      C:\WINDOWS\system32\netdde.exe
18:05:46.0734 4124  NetDDEdsdm - ok
18:05:46.0750 4124  [ AFB8261B56CBA0D86AEB6DF682AF9785 ] Netlogon        C:\WINDOWS\system32\lsass.exe
18:05:46.0875 4124  Netlogon - ok
18:05:46.0890 4124  [ E6D88F1F6745BF00B57E7855A2AB696C ] Netman          C:\WINDOWS\System32\netman.dll
18:05:47.0015 4124  Netman - ok
18:05:47.0046 4124  [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
18:05:47.0062 4124  NetTcpPortSharing - ok
18:05:47.0078 4124  [ E9E47CFB2D461FA0FC75B7A74C6383EA ] NIC1394        C:\WINDOWS\system32\DRIVERS\nic1394.sys
18:05:47.0203 4124  NIC1394 - ok
18:05:47.0234 4124  [ F1B67B6B0751AE0E6E964B02821206A3 ] Nla            C:\WINDOWS\System32\mswsock.dll
18:05:47.0296 4124  Nla - ok
18:05:47.0312 4124  [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs            C:\WINDOWS\system32\drivers\Npfs.sys
18:05:47.0421 4124  Npfs - ok
18:05:47.0468 4124  [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs            C:\WINDOWS\system32\drivers\Ntfs.sys
18:05:47.0625 4124  Ntfs - ok
18:05:47.0640 4124  [ AFB8261B56CBA0D86AEB6DF682AF9785 ] NtLmSsp        C:\WINDOWS\system32\lsass.exe
18:05:47.0750 4124  NtLmSsp - ok
18:05:47.0796 4124  [ 56AF4064996FA5BAC9C449B1514B4770 ] NtmsSvc        C:\WINDOWS\system32\ntmssvc.dll
18:05:47.0953 4124  NtmsSvc - ok
18:05:47.0984 4124  [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null            C:\WINDOWS\system32\drivers\Null.sys
18:05:48.0109 4124  Null - ok
18:05:48.0218 4124  [ 16EE81F89C97D15DA2B0DADB594FFC62 ] nv              C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
18:05:48.0437 4124  nv - ok
18:05:48.0468 4124  [ 33B9A917354CE3090560EB96663771E6 ] NVSvc          C:\WINDOWS\system32\nvsvc32.exe
18:05:48.0484 4124  NVSvc - ok
18:05:48.0515 4124  [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt        C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
18:05:48.0656 4124  NwlnkFlt - ok
18:05:48.0671 4124  [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd        C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
18:05:48.0796 4124  NwlnkFwd - ok
18:05:48.0812 4124  [ CA33832DF41AFB202EE7AEB05145922F ] ohci1394        C:\WINDOWS\system32\DRIVERS\ohci1394.sys
18:05:48.0953 4124  ohci1394 - ok
18:05:48.0984 4124  [ F61E92A1E27044053E124F9F3BE18514 ] PACSPTISVR      C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\PACSPTISVR.exe
18:05:48.0984 4124  PACSPTISVR ( UnsignedFile.Multi.Generic ) - warning
18:05:48.0984 4124  PACSPTISVR - detected UnsignedFile.Multi.Generic (1)
18:05:49.0046 4124  [ F84785660305B9B903FB3BCA8BA29837 ] Parport        C:\WINDOWS\system32\drivers\Parport.sys
18:05:49.0171 4124  Parport - ok
18:05:49.0171 4124  [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr        C:\WINDOWS\system32\drivers\PartMgr.sys
18:05:49.0296 4124  PartMgr - ok
18:05:49.0343 4124  [ C2BF987829099A3EAA2CA6A0A90ECB4F ] ParVdm          C:\WINDOWS\system32\drivers\ParVdm.sys
18:05:49.0484 4124  ParVdm - ok
18:05:49.0484 4124  [ 387E8DEDC343AA2D1EFBC30580273ACD ] PCI            C:\WINDOWS\system32\DRIVERS\pci.sys
18:05:49.0609 4124  PCI - ok
18:05:49.0609 4124  PCIDump - ok
18:05:49.0625 4124  [ 59BA86D9A61CBCF4DF8E598C331F5B82 ] PCIIde          C:\WINDOWS\system32\DRIVERS\pciide.sys
18:05:49.0765 4124  PCIIde - ok
18:05:49.0781 4124  [ A2A966B77D61847D61A3051DF87C8C97 ] Pcmcia          C:\WINDOWS\system32\DRIVERS\pcmcia.sys
18:05:49.0906 4124  Pcmcia - ok
18:05:49.0921 4124  PDCOMP - ok
18:05:49.0921 4124  PDFRAME - ok
18:05:49.0937 4124  PDRELI - ok
18:05:49.0937 4124  PDRFRAME - ok
18:05:49.0937 4124  perc2 - ok
18:05:49.0953 4124  perc2hib - ok
18:05:49.0984 4124  [ A3EDBE9053889FB24AB22492472B39DC ] PlugPlay        C:\WINDOWS\system32\services.exe
18:05:50.0015 4124  PlugPlay - ok
18:05:50.0031 4124  [ AFB8261B56CBA0D86AEB6DF682AF9785 ] PolicyAgent    C:\WINDOWS\system32\lsass.exe
18:05:50.0140 4124  PolicyAgent - ok
18:05:50.0171 4124  [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport    C:\WINDOWS\system32\DRIVERS\raspptp.sys
18:05:50.0296 4124  PptpMiniport - ok
18:05:50.0312 4124  [ AFB8261B56CBA0D86AEB6DF682AF9785 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
18:05:50.0421 4124  ProtectedStorage - ok
18:05:50.0437 4124  [ 09298EC810B07E5D582CB3A3F9255424 ] PSched          C:\WINDOWS\system32\DRIVERS\psched.sys
18:05:50.0546 4124  PSched - ok
18:05:50.0562 4124  [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink        C:\WINDOWS\system32\DRIVERS\ptilink.sys
18:05:50.0671 4124  Ptilink - ok
18:05:50.0718 4124  [ 1FFD5F718638FBEA6C1EAAD3349D479E ] PxHelp20        C:\WINDOWS\system32\Drivers\PxHelp20.sys
18:05:50.0734 4124  PxHelp20 ( UnsignedFile.Multi.Generic ) - warning
18:05:50.0734 4124  PxHelp20 - detected UnsignedFile.Multi.Generic (1)
18:05:50.0734 4124  ql1080 - ok
18:05:50.0734 4124  Ql10wnt - ok
18:05:50.0750 4124  ql12160 - ok
18:05:50.0750 4124  ql1240 - ok
18:05:50.0765 4124  ql1280 - ok
18:05:50.0796 4124  [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd          C:\WINDOWS\system32\DRIVERS\rasacd.sys
18:05:50.0921 4124  RasAcd - ok
18:05:50.0953 4124  [ F5BA6CACCDB66C8F048E867563203246 ] RasAuto        C:\WINDOWS\System32\rasauto.dll
18:05:51.0078 4124  RasAuto - ok
18:05:51.0093 4124  [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp        C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
18:05:51.0203 4124  Rasl2tp - ok
18:05:51.0250 4124  [ F9A7B66EA345726EDB5862A46B1ECCD5 ] RasMan          C:\WINDOWS\System32\rasmans.dll
18:05:51.0375 4124  RasMan - ok
18:05:51.0375 4124  [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe        C:\WINDOWS\system32\DRIVERS\raspppoe.sys
18:05:51.0500 4124  RasPppoe - ok
18:05:51.0515 4124  [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti          C:\WINDOWS\system32\DRIVERS\raspti.sys
18:05:51.0656 4124  Raspti - ok
18:05:51.0656 4124  [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss          C:\WINDOWS\system32\DRIVERS\rdbss.sys
18:05:51.0796 4124  Rdbss - ok
18:05:51.0812 4124  [ 4912D5B403614CE99C28420F75353332 ] RDPCDD          C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
18:05:51.0937 4124  RDPCDD - ok
18:05:51.0968 4124  [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr          C:\WINDOWS\system32\DRIVERS\rdpdr.sys
18:05:52.0093 4124  rdpdr - ok
18:05:52.0125 4124  [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD          C:\WINDOWS\system32\drivers\RDPWD.sys
18:05:52.0156 4124  RDPWD - ok
18:05:52.0187 4124  [ 263AF18AF0F3DB99F574C95F284CCEC9 ] RDSessMgr      C:\WINDOWS\system32\sessmgr.exe
18:05:52.0296 4124  RDSessMgr - ok
18:05:52.0312 4124  [ ED761D453856F795A7FE056E42C36365 ] redbook        C:\WINDOWS\system32\DRIVERS\redbook.sys
18:05:52.0437 4124  redbook - ok
18:05:52.0484 4124  [ 1B2857EF12D79A9F9ADBA14B0637CBF8 ] RegSrvc        C:\Programme\Intel\Wireless\Bin\RegSrvc.exe
18:05:52.0484 4124  RegSrvc ( UnsignedFile.Multi.Generic ) - warning
18:05:52.0484 4124  RegSrvc - detected UnsignedFile.Multi.Generic (1)
18:05:52.0546 4124  [ 0E97EC96D6942CEEC2D188CC2EB69A01 ] RemoteAccess    C:\WINDOWS\System32\mprdim.dll
18:05:52.0671 4124  RemoteAccess - ok
18:05:52.0703 4124  [ E4CD1F3D84E1C2CA0B8CF7501E201593 ] RemoteRegistry  C:\WINDOWS\system32\regsvc.dll
18:05:52.0828 4124  RemoteRegistry - ok
18:05:52.0843 4124  [ 2A02E21867497DF20B8FC95631395169 ] RpcLocator      C:\WINDOWS\system32\locator.exe
18:05:52.0968 4124  RpcLocator - ok
18:05:52.0984 4124  [ 3127AFBF2C1ED0AB14A1BBB7AAECB85B ] RpcSs          C:\WINDOWS\system32\rpcss.dll
18:05:53.0031 4124  RpcSs - ok
18:05:53.0046 4124  [ 4BDD71B4B521521499DFD14735C4F398 ] RSVP            C:\WINDOWS\system32\rsvp.exe
18:05:53.0187 4124  RSVP - ok
18:05:53.0234 4124  [ 6C5155CC0E805C7BE6028BFF7AC14524 ] S24EventMonitor C:\Programme\Intel\Wireless\Bin\S24EvMon.exe
18:05:53.0265 4124  S24EventMonitor ( UnsignedFile.Multi.Generic ) - warning
18:05:53.0265 4124  S24EventMonitor - detected UnsignedFile.Multi.Generic (1)
18:05:53.0281 4124  [ 1CC074E0D48383D4E9BFFC6A26C2A58A ] s24trans        C:\WINDOWS\system32\DRIVERS\s24trans.sys
18:05:53.0281 4124  s24trans ( UnsignedFile.Multi.Generic ) - warning
18:05:53.0281 4124  s24trans - detected UnsignedFile.Multi.Generic (1)
18:05:53.0296 4124  [ AFB8261B56CBA0D86AEB6DF682AF9785 ] SamSs          C:\WINDOWS\system32\lsass.exe
18:05:53.0421 4124  SamSs - ok
18:05:53.0421 4124  [ DCEC079FAD95D36C8DD5CB6D779DFE32 ] SCardSvr        C:\WINDOWS\System32\SCardSvr.exe
18:05:53.0578 4124  SCardSvr - ok
18:05:53.0593 4124  [ A050194A44D7FA8D7186ED2F4E8367AE ] Schedule        C:\WINDOWS\system32\schedsvc.dll
18:05:53.0718 4124  Schedule - ok
18:05:53.0750 4124  [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv          C:\WINDOWS\system32\DRIVERS\secdrv.sys
18:05:53.0875 4124  Secdrv - ok
18:05:53.0890 4124  [ BEE4CFD1D48C23B44CF4B974B0B79B2B ] seclogon        C:\WINDOWS\System32\seclogon.dll
18:05:54.0015 4124  seclogon - ok
18:05:54.0046 4124  [ 2AAC9B6ED9EDDFFB721D6452E34D67E3 ] SENS            C:\WINDOWS\system32\sens.dll
18:05:54.0156 4124  SENS - ok
18:05:54.0203 4124  [ CF24EB4F0412C82BCD1F4F35A025E31D ] Serial          C:\WINDOWS\system32\drivers\Serial.sys
18:05:54.0328 4124  Serial - ok
18:05:54.0359 4124  [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy        C:\WINDOWS\system32\drivers\Sfloppy.sys
18:05:54.0468 4124  Sfloppy - ok
18:05:54.0500 4124  [ CAD058D5F8B889A87CA3EB3CF624DCEF ] SharedAccess    C:\WINDOWS\System32\ipnathlp.dll
18:05:54.0656 4124  SharedAccess - ok
18:05:54.0671 4124  [ 2DB7D303C36DDD055215052F118E8E75 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
18:05:54.0687 4124  ShellHWDetection - ok
18:05:54.0718 4124  [ 716A724A447C559F122EA140D636FA48 ] SI3132          C:\WINDOWS\system32\DRIVERS\SI3132.sys
18:05:54.0750 4124  SI3132 - ok
18:05:54.0750 4124  [ 72CF151FB410E544904DBC7D7F29B796 ] SiFilter        C:\WINDOWS\system32\DRIVERS\SiWinAcc.sys
18:05:54.0781 4124  SiFilter - ok
18:05:54.0796 4124  Simbad - ok
18:05:54.0796 4124  [ 62FD549ACF2943F89612A8777295FA57 ] SiRemFil        C:\WINDOWS\system32\DRIVERS\SiRemFil.sys
18:05:54.0828 4124  SiRemFil - ok
18:05:54.0843 4124  [ 866D538EBE33709A5C9F5C62B73B7D14 ] SLIP            C:\WINDOWS\system32\DRIVERS\SLIP.sys
18:05:54.0968 4124  SLIP - ok
18:05:55.0000 4124  [ BE6038E0A7D2E2FE69107E41A0265831 ] SNC            C:\WINDOWS\system32\Drivers\SonyNC.sys
18:05:55.0031 4124  SNC - ok
18:05:55.0062 4124  [ B98BE9C307A7F6695203A294276F9CD8 ] SonyImgF        C:\WINDOWS\system32\DRIVERS\SonyImgF.sys
18:05:55.0062 4124  SonyImgF ( UnsignedFile.Multi.Generic ) - warning
18:05:55.0062 4124  SonyImgF - detected UnsignedFile.Multi.Generic (1)
18:05:55.0078 4124  Sparrow - ok
18:05:55.0109 4124  [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter        C:\WINDOWS\system32\drivers\splitter.sys
18:05:55.0234 4124  splitter - ok
18:05:55.0265 4124  [ 60784F891563FB1B767F70117FC2428F ] Spooler        C:\WINDOWS\system32\spoolsv.exe
18:05:55.0312 4124  Spooler - ok
18:05:55.0343 4124  [ 6F5FE741900108660DEDCC704B7191CF ] SPTISRV        C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\SPTISRV.exe
18:05:55.0359 4124  SPTISRV ( UnsignedFile.Multi.Generic ) - warning
18:05:55.0359 4124  SPTISRV - detected UnsignedFile.Multi.Generic (1)
18:05:55.0359 4124  SQLAgent$VAIO_VEDB - ok
18:05:55.0375 4124  [ 50FA898F8C032796D3B1B9951BB5A90F ] sr              C:\WINDOWS\system32\DRIVERS\sr.sys
18:05:55.0500 4124  sr - ok
18:05:55.0515 4124  [ FE77A85495065F3AD59C5C65B6C54182 ] srservice      C:\WINDOWS\system32\srsvc.dll
18:05:55.0640 4124  srservice - ok
18:05:55.0687 4124  [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv            C:\WINDOWS\system32\DRIVERS\srv.sys
18:05:55.0734 4124  Srv - ok
18:05:55.0750 4124  [ 4DF5B05DFAEC29E13E1ED6F6EE12C500 ] SSDPSRV        C:\WINDOWS\System32\ssdpsrv.dll
18:05:55.0859 4124  SSDPSRV - ok
18:05:55.0906 4124  [ 1A05BC50D258307C9B96E4E05FDBA3D4 ] SSScsiSV        C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\SSScsiSV.exe
18:05:55.0906 4124  SSScsiSV ( UnsignedFile.Multi.Generic ) - warning
18:05:55.0906 4124  SSScsiSV - detected UnsignedFile.Multi.Generic (1)
18:05:55.0953 4124  [ BBBC5BF9A5F1FB5D57E91B944D2E51A5 ] STHDA          C:\WINDOWS\system32\drivers\sthda.sys
18:05:56.0046 4124  STHDA - ok
18:05:56.0078 4124  [ BC2C5985611C5356B24AEB370953DED9 ] stisvc          C:\WINDOWS\system32\wiaservc.dll
18:05:56.0203 4124  stisvc - ok
18:05:56.0265 4124  [ DD7F11E64E90043B895724DBDC668CD7 ] STRATO HiDrive Service G:\Programme\STRATO AG\STRATO HiDrive\STRATO HiDrive Service.exe
18:05:56.0296 4124  STRATO HiDrive Service ( UnsignedFile.Multi.Generic ) - warning
18:05:56.0296 4124  STRATO HiDrive Service - detected UnsignedFile.Multi.Generic (1)
18:05:56.0328 4124  [ 77813007BA6265C4B6098187E6ED79D2 ] streamip        C:\WINDOWS\system32\DRIVERS\StreamIP.sys
18:05:56.0437 4124  streamip - ok
18:05:56.0468 4124  [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum          C:\WINDOWS\system32\DRIVERS\swenum.sys
18:05:56.0640 4124  swenum - ok
18:05:56.0671 4124  [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi          C:\WINDOWS\system32\drivers\swmidi.sys
18:05:56.0796 4124  swmidi - ok
18:05:56.0796 4124  SwPrv - ok
18:05:56.0812 4124  symc810 - ok
18:05:56.0828 4124  symc8xx - ok
18:05:56.0828 4124  sym_hi - ok
18:05:56.0828 4124  sym_u3 - ok
18:05:56.0859 4124  [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio        C:\WINDOWS\system32\drivers\sysaudio.sys
18:05:56.0984 4124  sysaudio - ok
18:05:57.0015 4124  [ 2903FFFA2523926D6219428040DCE6B9 ] SysmonLog      C:\WINDOWS\system32\smlogsvc.exe
18:05:57.0125 4124  SysmonLog - ok
18:05:57.0171 4124  [ 5C7C939BBD03784FE58C80578D065CC9 ] tap0901        C:\WINDOWS\system32\DRIVERS\tap0901.sys
18:05:57.0187 4124  tap0901 ( UnsignedFile.Multi.Generic ) - warning
18:05:57.0187 4124  tap0901 - detected UnsignedFile.Multi.Generic (1)
18:05:57.0218 4124  [ 05903CAC4B98908D55EA5774775B382E ] TapiSrv        C:\WINDOWS\System32\tapisrv.dll
18:05:57.0343 4124  TapiSrv - ok
18:05:57.0390 4124  [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip          C:\WINDOWS\system32\DRIVERS\tcpip.sys
18:05:57.0468 4124  Tcpip - ok
18:05:57.0500 4124  [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE          C:\WINDOWS\system32\drivers\TDPIPE.sys
18:05:57.0609 4124  TDPIPE - ok
18:05:57.0640 4124  [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP          C:\WINDOWS\system32\drivers\TDTCP.sys
18:05:57.0765 4124  TDTCP - ok
18:05:57.0765 4124  [ 88155247177638048422893737429D9E ] TermDD          C:\WINDOWS\system32\DRIVERS\termdd.sys
18:05:57.0890 4124  TermDD - ok
18:05:57.0953 4124  [ B7DE02C863D8F5A005A7BF375375A6A4 ] TermService    C:\WINDOWS\System32\termsrv.dll
18:05:58.0093 4124  TermService - ok
18:05:58.0109 4124  [ 2DB7D303C36DDD055215052F118E8E75 ] Themes          C:\WINDOWS\System32\shsvcs.dll
18:05:58.0125 4124  Themes - ok
18:05:58.0171 4124  [ 403D3ED8B7F5E5A47E1E51FE5297C640 ] ti21sony        C:\WINDOWS\system32\drivers\ti21sony.sys
18:05:58.0218 4124  ti21sony - ok
18:05:58.0250 4124  [ 03681A1CE77F51586903869A5AB1DEAB ] TlntSvr        C:\WINDOWS\system32\tlntsvr.exe
18:05:58.0390 4124  TlntSvr - ok
18:05:58.0421 4124  [ E362D54FD394999C4178936396664E57 ] toshidpt        C:\WINDOWS\system32\drivers\Toshidpt.sys
18:05:58.0421 4124  toshidpt ( UnsignedFile.Multi.Generic ) - warning
18:05:58.0421 4124  toshidpt - detected UnsignedFile.Multi.Generic (1)
18:05:58.0421 4124  TosIde - ok
18:05:58.0453 4124  [ 6A404454C6133E749BE33892EB6FFA35 ] tosporte        C:\WINDOWS\system32\DRIVERS\tosporte.sys
18:05:58.0468 4124  tosporte ( UnsignedFile.Multi.Generic ) - warning
18:05:58.0468 4124  tosporte - detected UnsignedFile.Multi.Generic (1)
18:05:58.0500 4124  [ E4901804C4D8D613FA3560DE2C2E0261 ] Tosrfbd        C:\WINDOWS\system32\Drivers\tosrfbd.sys
18:05:58.0515 4124  Tosrfbd ( UnsignedFile.Multi.Generic ) - warning
18:05:58.0515 4124  Tosrfbd - detected UnsignedFile.Multi.Generic (1)
18:05:58.0531 4124  [ 613E09572F4C5B92CA6BE8BDC4CC5B7D ] Tosrfbnp        C:\WINDOWS\system32\Drivers\tosrfbnp.sys
18:05:58.0562 4124  Tosrfbnp ( UnsignedFile.Multi.Generic ) - warning
18:05:58.0562 4124  Tosrfbnp - detected UnsignedFile.Multi.Generic (1)
18:05:58.0578 4124  [ 5BA1CA3B3CDDB1DDC67DF473F05D1EC2 ] Tosrfcom        C:\WINDOWS\system32\Drivers\tosrfcom.sys
18:05:58.0593 4124  Tosrfcom ( UnsignedFile.Multi.Generic ) - warning
18:05:58.0593 4124  Tosrfcom - detected UnsignedFile.Multi.Generic (1)
18:05:58.0609 4124  [ 7726332391D8FCA1A491A17F592FD6B3 ] Tosrfhid        C:\WINDOWS\system32\DRIVERS\Tosrfhid.sys
18:05:58.0609 4124  Tosrfhid ( UnsignedFile.Multi.Generic ) - warning
18:05:58.0609 4124  Tosrfhid - detected UnsignedFile.Multi.Generic (1)
18:05:58.0625 4124  [ C52FD27B9ADF3A1F22CB90E6BCF9B0CB ] tosrfnds        C:\WINDOWS\system32\DRIVERS\tosrfnds.sys
18:05:58.0640 4124  tosrfnds ( UnsignedFile.Multi.Generic ) - warning
18:05:58.0640 4124  tosrfnds - detected UnsignedFile.Multi.Generic (1)
18:05:58.0671 4124  [ 0D86D15CAFF2B3203C785D604EC7C942 ] TosRfSnd        C:\WINDOWS\system32\drivers\TosRfSnd.sys
18:05:58.0687 4124  TosRfSnd ( UnsignedFile.Multi.Generic ) - warning
18:05:58.0687 4124  TosRfSnd - detected UnsignedFile.Multi.Generic (1)
18:05:58.0703 4124  [ 7414A6461BC83A22B0AE009ACE3E375B ] Tosrfusb        C:\WINDOWS\system32\Drivers\tosrfusb.sys
18:05:58.0703 4124  Tosrfusb ( UnsignedFile.Multi.Generic ) - warning
18:05:58.0703 4124  Tosrfusb - detected UnsignedFile.Multi.Generic (1)
18:05:58.0750 4124  [ 626504572B175867F30F3215C04B3E2F ] TrkWks          C:\WINDOWS\system32\trkwks.dll
18:05:58.0875 4124  TrkWks - ok
18:05:58.0921 4124  TwonkyProxy - ok
18:05:58.0921 4124  TwonkyWebDav - ok
18:05:58.0937 4124  [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs            C:\WINDOWS\system32\drivers\Udfs.sys
18:05:59.0093 4124  Udfs - ok
18:05:59.0093 4124  ultra - ok
18:05:59.0125 4124  [ 9651E5D850B6F6BD7C77C70AA06F02BF ] UMWdf          C:\WINDOWS\system32\wdfmgr.exe
18:05:59.0187 4124  UMWdf - ok
18:05:59.0250 4124  [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update          C:\WINDOWS\system32\DRIVERS\update.sys
18:05:59.0406 4124  Update - ok
18:05:59.0468 4124  [ 1DFD8975D8C89214B98D9387C1125B49 ] upnphost        C:\WINDOWS\System32\upnphost.dll
18:05:59.0593 4124  upnphost - ok
18:05:59.0609 4124  [ 9B11E6118958E63E1FEF129466E2BDA7 ] UPS            C:\WINDOWS\System32\ups.exe
18:05:59.0734 4124  UPS - ok
18:05:59.0765 4124  [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci        C:\WINDOWS\system32\DRIVERS\usbehci.sys
18:05:59.0890 4124  usbehci - ok
18:05:59.0921 4124  [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub          C:\WINDOWS\system32\DRIVERS\usbhub.sys
18:06:00.0046 4124  usbhub - ok
18:06:00.0062 4124  [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR        C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
18:06:00.0171 4124  USBSTOR - ok
18:06:00.0203 4124  [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci        C:\WINDOWS\system32\DRIVERS\usbuhci.sys
18:06:00.0328 4124  usbuhci - ok
18:06:00.0343 4124  [ F9D550545AFEC1D581D2539F3488C4CD ] usbvm321        C:\WINDOWS\system32\Drivers\usbvm321.sys
18:06:00.0375 4124  usbvm321 - ok
18:06:00.0453 4124  [ EB2066F9D426F91E853D59D51F39F99F ] VAIO Entertainment TV Device Arbitration Service C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
18:06:00.0468 4124  VAIO Entertainment TV Device Arbitration Service ( UnsignedFile.Multi.Generic ) - warning
18:06:00.0468 4124  VAIO Entertainment TV Device Arbitration Service - detected UnsignedFile.Multi.Generic (1)
18:06:00.0515 4124  [ 2B0EAC2B6E5F1C5E007DABAE101028B0 ] VAIO Event Service C:\Programme\Sony\VAIO Event Service\VESMgr.exe
18:06:00.0531 4124  VAIO Event Service ( UnsignedFile.Multi.Generic ) - warning
18:06:00.0531 4124  VAIO Event Service - detected UnsignedFile.Multi.Generic (1)
18:06:00.0609 4124  [ 6EBAF49A67C492F3E8EE3EE7610B1D2B ] VAIOMediaPlatform-IntegratedServer-AppServer C:\Programme\Sony\VAIO Media Integrated Server\VMISrv.exe
18:06:00.0750 4124  VAIOMediaPlatform-IntegratedServer-AppServer ( UnsignedFile.Multi.Generic ) - warning
18:06:00.0750 4124  VAIOMediaPlatform-IntegratedServer-AppServer - detected UnsignedFile.Multi.Generic (1)
18:06:00.0781 4124  [ B74A27540B0B7FE393A882B94B0D2188 ] VAIOMediaPlatform-IntegratedServer-HTTP C:\Programme\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
18:06:00.0796 4124  VAIOMediaPlatform-IntegratedServer-HTTP ( UnsignedFile.Multi.Generic ) - warning
18:06:00.0796 4124  VAIOMediaPlatform-IntegratedServer-HTTP - detected UnsignedFile.Multi.Generic (1)
18:06:00.0812 4124  [ 4914B65DCCF68CB95C2D1303C7264C8C ] VAIOMediaPlatform-IntegratedServer-UPnP C:\Programme\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
18:06:00.0890 4124  VAIOMediaPlatform-IntegratedServer-UPnP ( UnsignedFile.Multi.Generic ) - warning
18:06:00.0890 4124  VAIOMediaPlatform-IntegratedServer-UPnP - detected UnsignedFile.Multi.Generic (1)
18:06:00.0890 4124  [ 8719BF5EC31DDAAA8372A54A520C9226 ] VAIOMediaPlatform-Mobile-Gateway C:\Programme\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe
18:06:00.0906 4124  VAIOMediaPlatform-Mobile-Gateway ( UnsignedFile.Multi.Generic ) - warning
18:06:00.0906 4124  VAIOMediaPlatform-Mobile-Gateway - detected UnsignedFile.Multi.Generic (1)
18:06:00.0968 4124  [ 55A47A048E5FD13977CA47DF39CBA5FF ] VCI            C:\Programme\Sony\VAIO Cooperated Initialisation\VCI_SVC.exe
18:06:01.0000 4124  VCI ( UnsignedFile.Multi.Generic ) - warning
18:06:01.0000 4124  VCI - detected UnsignedFile.Multi.Generic (1)
18:06:01.0031 4124  [ FCE98C43B5C5DB8E0DA8EA0E2B45E044 ] VClone          C:\WINDOWS\system32\DRIVERS\VClone.sys
18:06:01.0046 4124  VClone ( UnsignedFile.Multi.Generic ) - warning
18:06:01.0046 4124  VClone - detected UnsignedFile.Multi.Generic (1)
18:06:01.0062 4124  Vcsw - ok
18:06:01.0078 4124  [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave        C:\WINDOWS\System32\drivers\vga.sys
18:06:01.0203 4124  VgaSave - ok
18:06:01.0218 4124  ViaIde - ok
18:06:01.0234 4124  [ A5A712F4E880874A477AF790B5186E1D ] VolSnap        C:\WINDOWS\system32\drivers\VolSnap.sys
18:06:01.0359 4124  VolSnap - ok
18:06:01.0390 4124  [ 68F106273BE29E7B7EF8266977268E78 ] VSS            C:\WINDOWS\System32\vssvc.exe
18:06:01.0531 4124  VSS - ok
18:06:01.0578 4124  [ BDB755F9B3E01BF33993C10C007202DF ] VUAgent        C:\Programme\Sony\VAIO Update Common\VUAgent.exe
18:06:01.0656 4124  VUAgent - ok
18:06:01.0703 4124  [ 0BD64CCEA7B4BF25CA2FB9BF1444DFD9 ] VzCdbSvc        C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
18:06:01.0718 4124  VzCdbSvc ( UnsignedFile.Multi.Generic ) - warning
18:06:01.0718 4124  VzCdbSvc - detected UnsignedFile.Multi.Generic (1)
18:06:01.0734 4124  [ E81E8C7DC7EBC6CEDE156EAAD5EF9C8E ] VzFw            C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
18:06:01.0765 4124  VzFw ( UnsignedFile.Multi.Generic ) - warning
18:06:01.0765 4124  VzFw - detected UnsignedFile.Multi.Generic (1)
18:06:01.0781 4124  [ 7B353059E665F8B7AD2BBEAEF597CF45 ] W32Time        C:\WINDOWS\system32\w32time.dll
18:06:01.0921 4124  W32Time - ok
18:06:02.0031 4124  [ 73395A19FC86461A151D3C330604E8B3 ] w39n51          C:\WINDOWS\system32\DRIVERS\w39n51.sys
18:06:02.0140 4124  w39n51 - ok
18:06:02.0171 4124  [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp          C:\WINDOWS\system32\DRIVERS\wanarp.sys
18:06:02.0312 4124  Wanarp - ok
18:06:02.0343 4124  [ D6EFAF429FD30C5DF613D220E344CCE7 ] WDC_SAM        C:\WINDOWS\system32\DRIVERS\wdcsam.sys
18:06:02.0359 4124  WDC_SAM - ok
18:06:02.0375 4124  WDICA - ok
18:06:02.0406 4124  [ 6768ACF64B18196494413695F0C3A00F ] wdmaud          C:\WINDOWS\system32\drivers\wdmaud.sys
18:06:02.0531 4124  wdmaud - ok
18:06:02.0562 4124  [ 81727C9873E3905A2FFC1EBD07265002 ] WebClient      C:\WINDOWS\System32\webclnt.dll
18:06:02.0703 4124  WebClient - ok
18:06:02.0750 4124  [ C1D5CBD8AA0D674DA1BA1BB189696396 ] winachsf        C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
18:06:02.0796 4124  winachsf - ok
18:06:02.0828 4124  [ B9715B9C18BC6C8F4B66733D208CC9F7 ] WmdmPmSN        C:\WINDOWS\system32\MsPMSNSv.dll
18:06:02.0859 4124  WmdmPmSN - ok
18:06:02.0890 4124  [ FFA4D901D46D07A5BAB2D8307FBB51A6 ] Wmi            C:\WINDOWS\System32\advapi32.dll
18:06:03.0000 4124  Wmi - ok
18:06:03.0078 4124  [ 93908111BA57A6E60EC2FA2DE202105C ] WmiApSrv        C:\WINDOWS\system32\wbem\wmiapsrv.exe
18:06:03.0187 4124  WmiApSrv - ok
18:06:03.0218 4124  [ BBAEACA1FFA3C86361CF0998474F6C3A ] WpdUsb          C:\WINDOWS\system32\Drivers\wpdusb.sys
18:06:03.0250 4124  WpdUsb - ok
18:06:03.0359 4124  [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
18:06:03.0421 4124  WPFFontCache_v0400 - ok
18:06:03.0453 4124  [ 300B3E84FAF1A5C1F791C159BA28035D ] wscsvc          C:\WINDOWS\system32\wscsvc.dll
18:06:03.0578 4124  wscsvc - ok
18:06:03.0609 4124  [ C98B39829C2BBD34E454150633C62C78 ] WSTCODEC        C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
18:06:03.0718 4124  WSTCODEC - ok
18:06:03.0750 4124  [ 7B4FE05202AA6BF9F4DFD0E6A0D8A085 ] wuauserv        C:\WINDOWS\system32\wuauserv.dll
18:06:03.0875 4124  wuauserv - ok
18:06:03.0906 4124  [ C4F109C005F6725162D2D12CA751E4A7 ] WZCSVC          C:\WINDOWS\System32\wzcsvc.dll
18:06:04.0062 4124  WZCSVC - ok
18:06:04.0109 4124  [ 0ADA34871A2E1CD2CAAFED1237A47750 ] xmlprov        C:\WINDOWS\System32\xmlprov.dll
18:06:04.0234 4124  xmlprov - ok
18:06:04.0250 4124  ================ Scan global ===============================
18:06:04.0296 4124  [ 2C60091CA5F67C3032EAB3B30390C27F ] C:\WINDOWS\system32\basesrv.dll
18:06:04.0312 4124  [ A28CE25B59C90E12743001A1F2AE3613 ] C:\WINDOWS\system32\winsrv.dll
18:06:04.0328 4124  [ A28CE25B59C90E12743001A1F2AE3613 ] C:\WINDOWS\system32\winsrv.dll
18:06:04.0359 4124  [ A3EDBE9053889FB24AB22492472B39DC ] C:\WINDOWS\system32\services.exe
18:06:04.0359 4124  [Global] - ok
18:06:04.0359 4124  ================ Scan MBR ==================================
18:06:04.0375 4124  [ 33BFCC798679ACEC828D67B744B81251 ] \Device\Harddisk0\DR0
18:06:04.0500 4124  \Device\Harddisk0\DR0 - ok
18:06:04.0500 4124  [ 23B571400A29918F5392F6E85EEB756E ] \Device\Harddisk2\DR16
18:06:04.0718 4124  \Device\Harddisk2\DR16 - ok
18:06:04.0734 4124  [ 4C54042F5B2569C9DDCF173120D730F9 ] \Device\Harddisk3\DR17
18:06:05.0000 4124  \Device\Harddisk3\DR17 - ok
18:06:05.0000 4124  ================ Scan VBR ==================================
18:06:05.0015 4124  [ 16B188DD64B89BA23139398D3B064805 ] \Device\Harddisk0\DR0\Partition1
18:06:05.0015 4124  \Device\Harddisk0\DR0\Partition1 - ok
18:06:05.0046 4124  [ BE564D5973B0B3275892A329FD6C0097 ] \Device\Harddisk0\DR0\Partition2
18:06:05.0046 4124  \Device\Harddisk0\DR0\Partition2 - ok
18:06:05.0062 4124  [ FF7776F777AEAF38BC7CEAA53D2378B6 ] \Device\Harddisk0\DR0\Partition3
18:06:05.0078 4124  \Device\Harddisk0\DR0\Partition3 - ok
18:06:05.0078 4124  [ 14ACD9C837D9EC21874F44F971851219 ] \Device\Harddisk0\DR0\Partition4
18:06:05.0078 4124  \Device\Harddisk0\DR0\Partition4 - ok
18:06:05.0093 4124  [ 97237FC5D073A9AC26E154A8C1511D75 ] \Device\Harddisk0\DR0\Partition5
18:06:05.0093 4124  \Device\Harddisk0\DR0\Partition5 - ok
18:06:05.0093 4124  [ 92DA6B0DCF2B651C17551052A6AD041D ] \Device\Harddisk2\DR16\Partition1
18:06:05.0093 4124  \Device\Harddisk2\DR16\Partition1 - ok
18:06:05.0140 4124  [ E164AB8671C941BE3D308AA6E0E547D4 ] \Device\Harddisk3\DR17\Partition1
18:06:05.0140 4124  \Device\Harddisk3\DR17\Partition1 - ok
18:06:05.0140 4124  ============================================================
18:06:05.0140 4124  Scan finished
18:06:05.0140 4124  ============================================================
18:06:05.0250 4960  Detected object count: 37
18:06:05.0250 4960  Actual detected object count: 37
18:09:12.0234 4960  AdobeActiveFileMonitor4.0 ( UnsignedFile.Multi.Generic ) - skipped by user
18:09:12.0234 4960  AdobeActiveFileMonitor4.0 ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:09:12.0234 4960  AegisP ( UnsignedFile.Multi.Generic ) - skipped by user
18:09:12.0234 4960  AegisP ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:09:12.0234 4960  EvtEng ( UnsignedFile.Multi.Generic ) - skipped by user
18:09:12.0234 4960  EvtEng ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:09:12.0234 4960  Image Converter video recording monitor for VAIO Entertainment ( UnsignedFile.Multi.Generic ) - skipped by user
18:09:12.0234 4960  Image Converter video recording monitor for VAIO Entertainment ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:09:12.0250 4960  MHN ( UnsignedFile.Multi.Generic ) - skipped by user
18:09:12.0250 4960  MHN ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:09:12.0250 4960  MHNDRV ( UnsignedFile.Multi.Generic ) - skipped by user
18:09:12.0250 4960  MHNDRV ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:09:12.0250 4960  MSCSPTISRV ( UnsignedFile.Multi.Generic ) - skipped by user
18:09:12.0250 4960  MSCSPTISRV ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:09:12.0250 4960  MSSQLServerADHelper ( UnsignedFile.Multi.Generic ) - skipped by user
18:09:12.0250 4960  MSSQLServerADHelper ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:09:12.0250 4960  PACSPTISVR ( UnsignedFile.Multi.Generic ) - skipped by user
18:09:12.0250 4960  PACSPTISVR ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:09:12.0250 4960  PxHelp20 ( UnsignedFile.Multi.Generic ) - skipped by user
18:09:12.0250 4960  PxHelp20 ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:09:12.0250 4960  RegSrvc ( UnsignedFile.Multi.Generic ) - skipped by user
18:09:12.0250 4960  RegSrvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:09:12.0265 4960  S24EventMonitor ( UnsignedFile.Multi.Generic ) - skipped by user
18:09:12.0265 4960  S24EventMonitor ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:09:12.0265 4960  s24trans ( UnsignedFile.Multi.Generic ) - skipped by user
18:09:12.0265 4960  s24trans ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:09:12.0265 4960  SonyImgF ( UnsignedFile.Multi.Generic ) - skipped by user
18:09:12.0265 4960  SonyImgF ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:09:12.0281 4960  SPTISRV ( UnsignedFile.Multi.Generic ) - skipped by user
18:09:12.0281 4960  SPTISRV ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:09:12.0281 4960  SSScsiSV ( UnsignedFile.Multi.Generic ) - skipped by user
18:09:12.0281 4960  SSScsiSV ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:09:12.0296 4960  STRATO HiDrive Service ( UnsignedFile.Multi.Generic ) - skipped by user
18:09:12.0296 4960  STRATO HiDrive Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:09:12.0296 4960  tap0901 ( UnsignedFile.Multi.Generic ) - skipped by user
18:09:12.0296 4960  tap0901 ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:09:12.0296 4960  toshidpt ( UnsignedFile.Multi.Generic ) - skipped by user
18:09:12.0296 4960  toshidpt ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:09:12.0296 4960  tosporte ( UnsignedFile.Multi.Generic ) - skipped by user
18:09:12.0296 4960  tosporte ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:09:12.0296 4960  Tosrfbd ( UnsignedFile.Multi.Generic ) - skipped by user
18:09:12.0296 4960  Tosrfbd ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:09:12.0312 4960  Tosrfbnp ( UnsignedFile.Multi.Generic ) - skipped by user
18:09:12.0312 4960  Tosrfbnp ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:09:12.0312 4960  Tosrfcom ( UnsignedFile.Multi.Generic ) - skipped by user
18:09:12.0312 4960  Tosrfcom ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:09:12.0312 4960  Tosrfhid ( UnsignedFile.Multi.Generic ) - skipped by user
18:09:12.0312 4960  Tosrfhid ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:09:12.0312 4960  tosrfnds ( UnsignedFile.Multi.Generic ) - skipped by user
18:09:12.0312 4960  tosrfnds ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:09:12.0312 4960  TosRfSnd ( UnsignedFile.Multi.Generic ) - skipped by user
18:09:12.0312 4960  TosRfSnd ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:09:12.0312 4960  Tosrfusb ( UnsignedFile.Multi.Generic ) - skipped by user
18:09:12.0312 4960  Tosrfusb ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:09:12.0328 4960  VAIO Entertainment TV Device Arbitration Service ( UnsignedFile.Multi.Generic ) - skipped by user
18:09:12.0328 4960  VAIO Entertainment TV Device Arbitration Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:09:12.0328 4960  VAIO Event Service ( UnsignedFile.Multi.Generic ) - skipped by user
18:09:12.0328 4960  VAIO Event Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:09:12.0328 4960  VAIOMediaPlatform-IntegratedServer-AppServer ( UnsignedFile.Multi.Generic ) - skipped by user
18:09:12.0328 4960  VAIOMediaPlatform-IntegratedServer-AppServer ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:09:12.0343 4960  VAIOMediaPlatform-IntegratedServer-HTTP ( UnsignedFile.Multi.Generic ) - skipped by user
18:09:12.0343 4960  VAIOMediaPlatform-IntegratedServer-HTTP ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:09:12.0343 4960  VAIOMediaPlatform-IntegratedServer-UPnP ( UnsignedFile.Multi.Generic ) - skipped by user
18:09:12.0343 4960  VAIOMediaPlatform-IntegratedServer-UPnP ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:09:12.0343 4960  VAIOMediaPlatform-Mobile-Gateway ( UnsignedFile.Multi.Generic ) - skipped by user
18:09:12.0343 4960  VAIOMediaPlatform-Mobile-Gateway ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:09:12.0343 4960  VCI ( UnsignedFile.Multi.Generic ) - skipped by user
18:09:12.0343 4960  VCI ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:09:12.0343 4960  VClone ( UnsignedFile.Multi.Generic ) - skipped by user
18:09:12.0343 4960  VClone ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:09:12.0343 4960  VzCdbSvc ( UnsignedFile.Multi.Generic ) - skipped by user
18:09:12.0343 4960  VzCdbSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:09:12.0359 4960  VzFw ( UnsignedFile.Multi.Generic ) - skipped by user
18:09:12.0359 4960  VzFw ( UnsignedFile.Multi.Generic ) - User select action: Skip

cosinus 07.01.2013 21:10
Wie viele Partitionen hast du denn da eingerichtet? :wtf:
Hast du Linux parallel installiert? Warum soo viele Partitionen? :confused:

wolfk 08.01.2013 00:47
Hallo Cosinus,

ich habe den PC mit der neuen Festplatte vor ca. 2 Jahren so eingerichtet, dass ich mehrere Betriebssysteme parallel installieren kann. Ich habe z. Z. Windows XP,
Windows 7 und als Linuxfan Ubuntu, Debian, OpenSuse und Linux Mint parallel
installiert. Es sollte einfach sein, die Programme sollten jederzeit im Zugriff sein.
Die Windows-Systeme belegen die Partition Nr. 1 bis 5 des aswMBR-Logs und
die Linux-Programme die Partition Nr. 6 bis einschließlich Nr. 13

Wie gesagt, die Installationen dienten der "Einfachheit". Heute würde ich mich
sicher auf zwei Linux-Programme beschränken. Es ist ja auch so, dass jedes
Programm gewartet und auf den neuesten Stand gebracht werden muss. Der
Zeitaufwand ist einfach enorm. Zusätzlich kann ich mir vorstellen dass die
Vielzahl der Installationen meine Situation nicht gerade vereinfacht.

Gruß

wolfk

cosinus 08.01.2013 19:42
Achso du hast mehrere Linuxe drauf, ja dann ist das folgerichtig

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

wolfk 08.01.2013 23:23
Hi Cosinus,

wie von Dir beschrieben, habe ich

-ComboFix auf meinen Desktop heruntergeladen
-alle Programme incl. Antivirenprogramm und Browser geschlossen
-ComboFix gestartet und die Warnmeldungen bestätigt
-die Wiederherstellungskonsole installieren lassen und das System
durchsuchen lassen
-Während des Scans vermied ich alle Aktionen
-Anbei nun der Inhalt der ComboFix.txt

Vielen Dank für Deine Bemühungen.

Gruß

wolfk

Code:
ComboFix 13-01-08.01 - Wolfgang 08.01.2013  22:51:35.1.2 - x86
ausgeführt von:: c:\dokumente und einstellungen\Wolfgang\Desktop\ComboFix.exe
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\setupapi.log
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\fusion.dll
c:\windows\system32\URTTemp\mscoree.dll
c:\windows\system32\URTTemp\mscoree.dll.local
c:\windows\system32\URTTemp\mscorsn.dll
c:\windows\system32\URTTemp\mscorwks.dll
c:\windows\system32\URTTemp\msvcr71.dll
c:\windows\system32\URTTemp\regtlib.exe
.
.
(((((((((((((((((((((((  Dateien erstellt von 2012-12-08 bis 2013-01-08  ))))))))))))))))))))))))))))))
.
.
2013-01-08 21:11 . 2013-01-08 21:11        --------        d-----w-        c:\windows\LastGood
2013-01-06 16:32 . 2013-01-06 16:32        --------        d-----w-        c:\dokumente und einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Box Sync
2013-01-06 16:18 . 2013-01-06 16:18        --------        d-sh--w-        c:\dokumente und einstellungen\Administrator\IETldCache
2013-01-05 22:08 . 2013-01-05 22:18        --------        d-----w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\boost_interprocess
2013-01-03 20:53 . 2013-01-03 20:53        --------        d-----w-        c:\programme\ESET
2013-01-02 23:30 . 2013-01-02 23:30        --------        d-----w-        c:\dokumente und einstellungen\Wolfgang\Anwendungsdaten\Malwarebytes
2013-01-02 23:30 . 2013-01-02 23:30        --------        d-----w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes
2013-01-02 23:30 . 2013-01-02 23:30        --------        d-----w-        c:\programme\Malwarebytes' Anti-Malware
2013-01-02 23:30 . 2012-12-14 15:49        21104        ----a-w-        c:\windows\system32\drivers\mbam.sys
2013-01-02 21:16 . 2013-01-02 21:16        --------        d-----w-        c:\dokumente und einstellungen\Wolfgang\Anwendungsdaten\F-Secure
2012-12-22 23:00 . 2012-12-22 23:00        3027        ----a-w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\dsgsdgdsgdsgw.js
2012-12-22 00:54 . 2013-01-03 01:12        --------        d-----w-        c:\dokumente und einstellungen\Wolfgang\Pictures - GT-P5100
2012-12-21 23:34 . 2012-12-22 00:53        --------        d-----w-        c:\dokumente und einstellungen\Wolfgang\Ubuntu One
2012-12-21 23:34 . 2012-12-21 23:34        --------        d-----w-        c:\dokumente und einstellungen\Wolfgang\Lokale Einstellungen\Anwendungsdaten\ubuntuone
2012-12-21 23:34 . 2012-12-21 23:34        --------        d-----w-        c:\dokumente und einstellungen\Wolfgang\Lokale Einstellungen\Anwendungsdaten\xdg
2012-12-21 23:34 . 2012-12-21 23:34        --------        d-----w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\ubuntuone
2012-12-21 23:34 . 2012-12-21 23:34        --------        d-----w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\ubuntuone-storageprotocol
2012-12-21 23:34 . 2012-12-21 23:34        --------        d-----w-        c:\programme\ubuntuone
2012-12-21 00:26 . 2012-12-21 00:26        --------        d-sh--w-        c:\dokumente und einstellungen\Wolfgang\IECompatCache
2012-12-20 22:59 . 2012-12-20 22:59        --------        d-----w-        c:\dokumente und einstellungen\Wolfgang\Lokale Einstellungen\Anwendungsdaten\IsolatedStorage
2012-12-20 20:16 . 2013-01-08 18:36        --------        d-----w-        c:\dokumente und einstellungen\Wolfgang\Anwendungsdaten\TwonkyServer
2012-12-20 20:15 . 2013-01-08 21:55        --------        d-----w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\twonkyserver
2012-12-20 20:15 . 2012-12-20 20:15        --------        d-----w-        c:\programme\Twonky
2012-12-20 19:39 . 2012-12-20 19:40        --------        d-----w-        c:\dokumente und einstellungen\Wolfgang\Anwendungsdaten\MioNetApplet
2012-12-15 21:17 . 2012-12-15 21:17        --------        d-----w-        c:\dokumente und einstellungen\Wolfgang\Anwendungsdaten\Try2
2012-12-15 21:17 . 2012-12-15 21:17        --------        d-----w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\Try2
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-16 12:23 . 2005-12-12 08:22        290560        ----a-w-        c:\windows\system32\atmfd.dll
2012-12-11 21:38 . 2012-07-12 19:28        697272        ----a-w-        c:\windows\system32\FlashPlayerApp.exe
2012-12-11 21:38 . 2012-06-27 21:26        73656        ----a-w-        c:\windows\system32\FlashPlayerCPLApp.cpl
2012-11-13 11:55 . 2005-12-12 08:23        1866496        ----a-w-        c:\windows\system32\win32k.sys
2012-11-02 02:02 . 2005-12-12 08:22        375296        ----a-w-        c:\windows\system32\dpnet.dll
2012-11-01 12:17 . 2005-12-12 08:23        916992        ----a-w-        c:\windows\system32\wininet.dll
2012-11-01 12:17 . 2005-12-12 08:22        43520        ------w-        c:\windows\system32\licmgr10.dll
2012-11-01 12:17 . 2005-12-12 08:22        1469440        ------w-        c:\windows\system32\inetcpl.cpl
2012-11-01 00:35 . 2005-12-12 08:22        385024        ------w-        c:\windows\system32\html.iec
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\programme\Ask.com\GenericAskToolbar.dll" [2012-05-04 1519272]
.
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\000BoxDesktopFileLocked]
@="{C253B817-3A00-475f-A5A3-6F2DD704B48D}"
[HKEY_CLASSES_ROOT\CLSID\{C253B817-3A00-475f-A5A3-6F2DD704B48D}]
2010-03-18 08:09        297808        ----a-w-        c:\windows\system32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\000BoxDesktopNotSynced]
@="{19ACC806-F7AA-46AA-A80A-726A07CA6637}"
[HKEY_CLASSES_ROOT\CLSID\{19ACC806-F7AA-46AA-A80A-726A07CA6637}]
2010-03-18 08:09        297808        ----a-w-        c:\windows\system32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\000BoxDesktopNotSyncedCollabs]
@="{337D9DE0-3F8B-4430-AF0F-FFC24A95AE8F}"
[HKEY_CLASSES_ROOT\CLSID\{337D9DE0-3F8B-4430-AF0F-FFC24A95AE8F}]
2010-03-18 08:09        297808        ----a-w-        c:\windows\system32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\000BoxDesktopSynced]
@="{B7AC9C6D-F15B-4B1A-A88D-F518D13861D9}"
[HKEY_CLASSES_ROOT\CLSID\{B7AC9C6D-F15B-4B1A-A88D-F518D13861D9}]
2010-03-18 08:09        297808        ----a-w-        c:\windows\system32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\000BoxDesktopSyncedCollab]
@="{9E48C232-F601-4E41-BB3E-16CBAF317AA4}"
[HKEY_CLASSES_ROOT\CLSID\{9E48C232-F601-4E41-BB3E-16CBAF317AA4}]
2010-03-18 08:09        297808        ----a-w-        c:\windows\system32\mscoree.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Software Informer"="c:\programme\Software Informer\softinfo.exe" [2011-10-27 2920517]
"Ubuntu One"="c:\programme\ubuntuone\dist\ubuntuone-syncdaemon.exe" [2012-12-11 137408]
"Ubuntu One Icon"="c:\programme\ubuntuone\dist\ubuntuone-control-panel-qt.exe" [2012-12-11 129728]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-11-29 7335936]
"Apoint"="c:\programme\Apoint\Apoint.exe" [2004-11-17 118784]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"Mouse Suite 98 Daemon"="ICO.EXE" [2002-03-14 45056]
"SonyPowerCfg"="c:\programme\Sony\VAIO Power Management\SPMgr.exe" [2005-11-28 217088]
"ISBMgr.exe"="c:\programme\Sony\ISB Utility\ISBMgr.exe" [2004-02-20 32768]
"Switcher.exe"="c:\programme\Sony\Wireless Switch Setting Utility\Switcher.exe" [2005-11-24 167936]
"VAIOCameraUtility"="c:\programme\Sony\VAIO Camera Utility\VCUServe.exe" [2005-12-01 69632]
"Acrobat Assistant 7.0"="c:\programme\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2005-03-03 483328]
"Adobe ARM"="c:\programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"F-Secure Manager"="g:\eigene programme\F-Secure\Common\FSM32.EXE" [2009-11-18 201128]
"F-Secure TNB"="g:\eigene programme\F-Secure\FSGUI\TNBUtil.exe" [2009-11-18 1655208]
"NBAgent"="c:\programme\Nero\Nero 11\Nero BackItUp\NBAgent.exe" [2011-09-20 1493288]
"VAIO Update 5"="c:\programme\Sony\VAIO Update 5\VAIOUpdt.exe" [2012-01-17 1015912]
"Ulead AutoDetector v2"="c:\programme\Gemeinsame Dateien\Ulead Systems\AutoDetector\monitor.exe" [2007-08-02 95504]
"SunJavaUpdateSched"="c:\programme\Gemeinsame Dateien\Java\Java Update\jusched.exe" [2012-07-03 252848]
"PDFPrint"="g:\programme\PDF24\pdf24.exe" [2012-09-06 162408]
"ApnUpdater"="c:\programme\Ask.com\Updater\Updater.exe" [2012-05-04 1561768]
"BoxSyncHelper"="c:\programme\Box Sync\BoxSyncHelper.exe" [2012-12-19 393216]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\dokumente und einstellungen\Wolfgang\Startmenü\Programme\Autostart\
Hardcopy.LNK - g:\hardcopy\hardcopy.exe [2012-6-26 3541504]
Twonky 7.1.lnk - c:\programme\Twonky\TwonkyServer\twonkytray.exe [2012-10-22 1135432]
.
c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\
Bluetooth Manager.lnk - c:\programme\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe [2005-6-16 49152]
Box Sync.lnk - c:\programme\Box Sync\BoxSync.exe [2012-12-19 8706560]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2005-05-20 16:42        73728        ----a-w-        c:\windows\system32\VESWinlogon.dll
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programme\\Adobe\\Photoshop Elements 4.0\\AdobePhotoshopElementsMediaServer.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programme\\Twonky\\TwonkyServer\\twonkystarter.exe"=
"c:\\Programme\\Twonky\\TwonkyServer\\twonkyserver.exe"=
"c:\\Programme\\ubuntuone\\dist\\ubuntuone-syncdaemon.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1030:UDP"= 1030:UDP:Beam UDP 1030
"9000:TCP"= 9000:TCP:Beam TCP 9000
"9085:TCP"= 9085:TCP:Beam TCP 9085
"9050:TCP"= 9050:TCP:Beam TCP 9050
"9055:TCP"= 9055:TCP:Beam TCP 9055
"9443:TCP"= 9443:TCP:Beam TCP HTTPS 9443
.
R3 esihdrv;esihdrv;c:\dokume~1\Wolfgang\LOKALE~1\Temp\esihdrv.sys [x]
R3 FSORSPClient;F-Secure ORSP Client;g:\eigene programme\F-Secure\ORSP Client\fsorsp.exe [x]
R3 SQLAgent$VAIO_VEDB;SQLAgent$VAIO_VEDB;c:\programme\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlagent.EXE [x]
R3 VUAgent;VUAgent;c:\programme\Sony\VAIO Update Common\VUAgent.exe [x]
R4 F-Secure Filter;F-Secure File System Filter;g:\eigene programme\F-Secure\Anti-Virus\Win2K\FSfilter.sys [x]
R4 F-Secure Recognizer;F-Secure File System Recognizer;g:\eigene programme\F-Secure\Anti-Virus\Win2K\FSrec.sys [x]
S0 fsbts;fsbts;c:\windows\system32\Drivers\fsbts.sys [x]
S0 FSFW;F-Secure Firewall Driver;c:\windows\System32\drivers\fsdfw.sys [x]
S0 NBVol;Nero Backup Volume Filter Driver;c:\windows\system32\DRIVERS\NBVol.sys [x]
S0 NBVolUp;Nero Backup Volume Upper Filter Driver;c:\windows\system32\DRIVERS\NBVolUp.sys [x]
S1 F-Secure HIPS;F-Secure HIPS Driver;g:\eigene programme\F-Secure\HIPS\drivers\fshs.sys [x]
S2 MSSQL$VAIO_VEDB;MSSQL$VAIO_VEDB;c:\programme\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe [x]
S2 NAUpdate;@c:\programme\Nero\Update\NASvc.exe,-200;c:\programme\Nero\Update\NASvc.exe [x]
S2 STRATO HiDrive Service;STRATO HiDrive Service;g:\programme\STRATO AG\STRATO HiDrive\STRATO HiDrive Service.exe [x]
S2 TwonkyProxy;TwonkyProxy;c:\programme\Twonky\TwonkyServer\twonkyproxy.exe [x]
S2 TwonkyWebDav;TwonkyWebDav;c:\programme\Twonky\TwonkyServer\twonkywebdav.exe [x]
S3 F-Secure Gatekeeper;F-Secure Gatekeeper;g:\eigene programme\F-Secure\Anti-Virus\minifilter\fsgk.sys [x]
S3 SonyImgF;Sony Image Conversion Filter Driver;c:\windows\system32\DRIVERS\SonyImgF.sys [x]
S3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [x]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - SONYCPU
*Deregistered* - SonyCPU
.
Inhalt des "geplante Tasks" Ordners
.
2013-01-08 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-12 21:38]
.
2013-01-08 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\programme\Ask.com\UpdateTask.exe [2012-05-04 13:43]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://de.ask.com/?l=dis&o=100000013&gct=hp
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: &Google-Suche - c:\programme\Google\GoogleToolbar1.dll/cmsearch.html
IE: &Ins Deutsche übersetzen - c:\programme\Google\GoogleToolbar1.dll/cmwordtrans.html
IE: Im Cache gespeicherte Seite - c:\programme\Google\GoogleToolbar1.dll/cmcache.html
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: Verweisseiten - c:\programme\Google\GoogleToolbar1.dll/cmbacklinks.html
IE: Ähnliche Seiten - c:\programme\Google\GoogleToolbar1.dll/cmsimilar.html
LSP: g:\eigene programme\F-Secure\FSPS\program\FSLSP.DLL
Trusted Zone: sony-europe.com
Trusted Zone: sonystyle-europe.com
Trusted Zone: vaio-link.com
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\dokumente und einstellungen\Wolfgang\Anwendungsdaten\Mozilla\Firefox\Profiles\jp8vstay.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.kottowski.de
FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=FKR&o=100000013&locale=de_DE&apn_uid=20f87da0-8a57-4582-a7cf-f83df4dd67e0&apn_ptnrs=2T&apn_sauid=E6103EC5-827E-45F3-9103-1CA704EF6625&apn_dtid=YYYYYYYYDE&&q=
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: 2012-12-02 20:03; spam@trashmail.net; c:\dokumente und einstellungen\Wolfgang\Anwendungsdaten\Mozilla\Firefox\Profiles\jp8vstay.default\extensions\spam@trashmail.net.xpi
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKCU-Run-fsm - (no file)
AddRemove-Wubi - i:\linuxmint\uninstall-wubi.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2013-01-08 22:56
Windows 5.1.2600 Service Pack 3 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'winlogon.exe'(1060)
c:\windows\system32\VESWinlogon.dll
g:\eigene programme\f-secure\hips\fshook32.dll
.
- - - - - - - > 'lsass.exe'(1132)
g:\eigene programme\F-Secure\FSPS\program\FSLSP.DLL
g:\eigene programme\f-secure\hips\fshook32.dll
.
Zeit der Fertigstellung: 2013-01-08  22:57:52
ComboFix-quarantined-files.txt  2013-01-08 21:57
.
Vor Suchlauf: 8 Verzeichnis(se), 22.455.701.504 Bytes frei
Nach Suchlauf: 10 Verzeichnis(se), 27.950.784.512 Bytes frei
.
WindowsXP-KB310994-SP2-Home-BootDisk-DEU.exe
;
;Warning: Boot.ini is used on Windows XP and earlier operating systems.
;Warning: Use BCDEDIT.exe to modify Windows Vista boot options.
;
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft WinXP (on Volume 1)" /NOEXECUTE=OPTIN /FASTDETECT
C:\wubildr.mbr = "Linux Mint"
.
- - End Of File - - 87626632478DAC9B8FA3E46960374BC6

cosinus 09.01.2013 10:44
Combofix - Scripten

1. Starte das Notepad (Start / Ausführen / notepad[Enter])

2. Jetzt füge mit copy/paste den ganzen Inhalt der untenstehenden Codebox in das Notepad Fenster ein.

Code:
File::
c:\dokumente und einstellungen\All Users\Anwendungsdaten\dsgsdgdsgdsgw.js

Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"=-
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1030:UDP"=-
"9000:TCP"=-
"9085:TCP"=-
"9050:TCP"=-
"9055:TCP"=-
"9443:TCP"=-

Dirlook::
c:\dokumente und einstellungen\Wolfgang\Lokale Einstellungen\Anwendungsdaten\xdg
3. Speichere im Notepad als CFScript.txt auf dem Desktop.

4. Deaktivere den Guard Deines Antivirenprogramms und eine eventuell vorhandene Software Firewall.
(Auch Guards von Ad-, Spyware Programmen und den Tea Timer (wenn vorhanden) !)

5. Dann ziehe die CFScript.txt auf die cofi.exe, so wie es im unteren Bild zu sehen ist. Damit wird Combofix neu gestartet.

http://users.pandora.be/bluepatchy/m...s/CFScript.gif

6. Nach dem Neustart (es wird gefragt ob Du neustarten willst), poste bitte die folgenden Log Dateien:
Combofix.txt

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

wolfk 09.01.2013 22:45
Hallo Cosinus,

zunächst habe ich

-das Notepad gestartet und den Inhalt der
Codebox in das Notepad Fenster eingefügt.
-Die Datei wurde anschließend als SFScript.txt
auf dem Desktop gespeichert.
-Nun erfolgte das Deaktivieren des Antivirenprogramms
und der Software-Firewall.
-Dann habe ich die SFScript.txt auf die cofi.exe gezogen
(wie im Bild beschrieben). Damit wurde Combofix neu
gestartet.
-Nach dem Neustart ist die LogDatei Combofix.txt zu posten
(anbei).

Weiterhin habe ich eine ganz andere Frage. Hat das Trojaner-Board
auch eine offizielle Bankverbindung? "Paypal" ist nicht meine Welt.
Die Frage hat sich schon erledigt, ich habe die Veröffentlichung
gesehen.

Wie immer vielen Dank für das Geleistete und das Verständnis

wolfk

Code:
ComboFix 13-01-08.01 - Wolfgang 09.01.2013  21:50:26.2.2 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.49.1031.18.2046.1064 [GMT 1:00]
ausgeführt von:: c:\dokumente und einstellungen\Wolfgang\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\dokumente und einstellungen\Wolfgang\Desktop\CFScript.txt
AV: F-Secure Internet Security 2009 10.12 *Disabled/Updated* {E7512ED5-4245-4B4D-AF3A-382D3F313F15}
FW: F-Secure Internet Security 2009 10.12 *Disabled* {D4747503-0346-49EB-9262-997542F79BF4}
.
FILE ::
"c:\dokumente und einstellungen\All Users\Anwendungsdaten\dsgsdgdsgdsgw.js"
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\setupapi.log
.
.
(((((((((((((((((((((((  Dateien erstellt von 2012-12-09 bis 2013-01-09  ))))))))))))))))))))))))))))))
.
.
2013-01-09 20:31 . 2013-01-09 20:31        --------        d-----w-        c:\dokumente und einstellungen\Wolfgang\Lokale Einstellungen\Anwendungsdaten\PCHealth
2013-01-06 16:32 . 2013-01-06 16:32        --------        d-----w-        c:\dokumente und einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Box Sync
2013-01-06 16:18 . 2013-01-06 16:18        --------        d-sh--w-        c:\dokumente und einstellungen\Administrator\IETldCache
2013-01-05 22:08 . 2013-01-05 22:18        --------        d-----w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\boost_interprocess
2013-01-03 20:53 . 2013-01-03 20:53        --------        d-----w-        c:\programme\ESET
2013-01-02 23:30 . 2013-01-02 23:30        --------        d-----w-        c:\dokumente und einstellungen\Wolfgang\Anwendungsdaten\Malwarebytes
2013-01-02 23:30 . 2013-01-02 23:30        --------        d-----w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes
2013-01-02 23:30 . 2013-01-02 23:30        --------        d-----w-        c:\programme\Malwarebytes' Anti-Malware
2013-01-02 23:30 . 2012-12-14 15:49        21104        ----a-w-        c:\windows\system32\drivers\mbam.sys
2013-01-02 21:16 . 2013-01-02 21:16        --------        d-----w-        c:\dokumente und einstellungen\Wolfgang\Anwendungsdaten\F-Secure
2012-12-22 23:00 . 2012-12-22 23:00        3027        ----a-w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\dsgsdgdsgdsgw.js
2012-12-22 00:54 . 2013-01-03 01:12        --------        d-----w-        c:\dokumente und einstellungen\Wolfgang\Pictures - GT-P5100
2012-12-21 23:34 . 2012-12-22 00:53        --------        d-----w-        c:\dokumente und einstellungen\Wolfgang\Ubuntu One
2012-12-21 23:34 . 2012-12-21 23:34        --------        d-----w-        c:\dokumente und einstellungen\Wolfgang\Lokale Einstellungen\Anwendungsdaten\ubuntuone
2012-12-21 23:34 . 2012-12-21 23:34        --------        d-----w-        c:\dokumente und einstellungen\Wolfgang\Lokale Einstellungen\Anwendungsdaten\xdg
2012-12-21 23:34 . 2012-12-21 23:34        --------        d-----w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\ubuntuone
2012-12-21 23:34 . 2012-12-21 23:34        --------        d-----w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\ubuntuone-storageprotocol
2012-12-21 23:34 . 2012-12-21 23:34        --------        d-----w-        c:\programme\ubuntuone
2012-12-21 00:26 . 2012-12-21 00:26        --------        d-sh--w-        c:\dokumente und einstellungen\Wolfgang\IECompatCache
2012-12-20 22:59 . 2012-12-20 22:59        --------        d-----w-        c:\dokumente und einstellungen\Wolfgang\Lokale Einstellungen\Anwendungsdaten\IsolatedStorage
2012-12-20 20:16 . 2013-01-09 20:27        --------        d-----w-        c:\dokumente und einstellungen\Wolfgang\Anwendungsdaten\TwonkyServer
2012-12-20 20:15 . 2013-01-09 20:55        --------        d-----w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\twonkyserver
2012-12-20 20:15 . 2012-12-20 20:15        --------        d-----w-        c:\programme\Twonky
2012-12-20 19:39 . 2012-12-20 19:40        --------        d-----w-        c:\dokumente und einstellungen\Wolfgang\Anwendungsdaten\MioNetApplet
2012-12-18 14:28 . 2012-12-18 14:28        186584        ----a-w-        c:\programme\Internet Explorer\PLUGINS\nppdf32.dll
2012-12-15 21:17 . 2012-12-15 21:17        --------        d-----w-        c:\dokumente und einstellungen\Wolfgang\Anwendungsdaten\Try2
2012-12-15 21:17 . 2012-12-15 21:17        --------        d-----w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\Try2
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-09 20:39 . 2012-07-12 19:28        697864        ----a-w-        c:\windows\system32\FlashPlayerApp.exe
2013-01-09 20:39 . 2012-06-27 21:26        74248        ----a-w-        c:\windows\system32\FlashPlayerCPLApp.cpl
2012-12-16 12:23 . 2005-12-12 08:22        290560        ----a-w-        c:\windows\system32\atmfd.dll
2012-11-13 11:55 . 2005-12-12 08:23        1866496        ----a-w-        c:\windows\system32\win32k.sys
2012-11-06 02:01 . 2009-08-19 15:07        1371648        ----a-w-        c:\windows\system32\msxml6.dll
2012-11-02 02:02 . 2005-12-12 08:22        375296        ----a-w-        c:\windows\system32\dpnet.dll
2012-11-01 12:17 . 2005-12-12 08:23        916992        ----a-w-        c:\windows\system32\wininet.dll
2012-11-01 12:17 . 2005-12-12 08:22        43520        ------w-        c:\windows\system32\licmgr10.dll
2012-11-01 12:17 . 2005-12-12 08:22        1469440        ------w-        c:\windows\system32\inetcpl.cpl
2012-11-01 00:35 . 2005-12-12 08:22        385024        ------w-        c:\windows\system32\html.iec
.
.
((((((((((((((((((((((((((((((((((((((((((((  Look  )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of c:\dokumente und einstellungen\Wolfgang\Lokale Einstellungen\Anwendungsdaten\xdg ----
.
2013-01-09 20:28 . 2013-01-09 20:28        36        ----a-w-        c:\dokumente und einstellungen\Wolfgang\Lokale Einstellungen\Anwendungsdaten\xdg\ubuntuone\syncdaemon\tritcask\1357670229614244.inactive.tritcask-v1.data.hint
2013-01-08 22:28 . 2013-01-09 20:28        884        ----a-w-        c:\dokumente und einstellungen\Wolfgang\Lokale Einstellungen\Anwendungsdaten\xdg\ubuntuone\syncdaemon\tritcask\1357684137340935.live.tritcask-v1.data
2013-01-08 22:28 . 2013-01-08 22:28        36        ----a-w-        c:\dokumente und einstellungen\Wolfgang\Lokale Einstellungen\Anwendungsdaten\xdg\ubuntuone\syncdaemon\tritcask\1357597577852017.inactive.tritcask-v1.data.hint
2013-01-08 18:37 . 2013-01-08 21:00        884        ----a-w-        c:\dokumente und einstellungen\Wolfgang\Lokale Einstellungen\Anwendungsdaten\xdg\ubuntuone\syncdaemon\tritcask\1357670229614244.inactive.tritcask-v1.data
2013-01-07 22:54 . 2013-01-07 22:54        36        ----a-w-        c:\dokumente und einstellungen\Wolfgang\Lokale Einstellungen\Anwendungsdaten\xdg\ubuntuone\syncdaemon\tritcask\1357423349271404.inactive.tritcask-v1.data.hint
2013-01-07 22:26 . 2013-01-07 22:56        884        ----a-w-        c:\dokumente und einstellungen\Wolfgang\Lokale Einstellungen\Anwendungsdaten\xdg\ubuntuone\syncdaemon\tritcask\1357597577852017.inactive.tritcask-v1.data
2013-01-07 22:26 . 2013-01-07 22:26        216        ----a-w-        c:\dokumente und einstellungen\Wolfgang\Lokale Einstellungen\Anwendungsdaten\xdg\ubuntuone\syncdaemon\tritcask\1357319403553521.inactive.tritcask-v1.data.hint
2013-01-05 22:02 . 2013-01-07 01:22        1768        ----a-w-        c:\dokumente und einstellungen\Wolfgang\Lokale Einstellungen\Anwendungsdaten\xdg\ubuntuone\syncdaemon\tritcask\1357423349271404.inactive.tritcask-v1.data
2013-01-04 17:10 . 2013-01-05 19:51        8320        ----a-w-        c:\dokumente und einstellungen\Wolfgang\Lokale Einstellungen\Anwendungsdaten\xdg\ubuntuone\syncdaemon\tritcask\1357319403553521.inactive.tritcask-v1.data
2013-01-04 17:10 . 2013-01-04 17:10        3816        ----a-w-        c:\dokumente und einstellungen\Wolfgang\Lokale Einstellungen\Anwendungsdaten\xdg\ubuntuone\syncdaemon\tritcask\1357319402607138.inactive.tritcask-v1.data.hint
2013-01-04 17:10 . 2013-01-04 17:10        41095        ----a-w-        c:\dokumente und einstellungen\Wolfgang\Lokale Einstellungen\Anwendungsdaten\xdg\ubuntuone\syncdaemon\tritcask\1357319402607138.inactive.tritcask-v1.data
2012-12-22 00:52 . 2013-01-09 20:51        1001        ----a-w-        c:\dokumente und einstellungen\Wolfgang\Lokale Einstellungen\Anwendungsdaten\xdg\cache\ubuntuone\log\status.log
2012-12-22 00:52 . 2012-12-22 18:08        27578        ----a-w-        c:\dokumente und einstellungen\Wolfgang\Lokale Einstellungen\Anwendungsdaten\xdg\cache\ubuntuone\log\status.log.2012-12-22_19-08-35
2012-12-22 00:52 . 2012-12-23 22:22        154        ----a-w-        c:\dokumente und einstellungen\Wolfgang\Lokale Einstellungen\Anwendungsdaten\xdg\cache\ubuntuone\log\status.log.2012-12-23_23-22-36
2012-12-22 00:52 . 2013-01-05 01:23        25943        ----a-w-        c:\dokumente und einstellungen\Wolfgang\Lokale Einstellungen\Anwendungsdaten\xdg\cache\ubuntuone\log\status.log.2013-01-04_17-23-52
2012-12-22 00:52 . 2013-01-06 15:41        539        ----a-w-        c:\dokumente und einstellungen\Wolfgang\Lokale Einstellungen\Anwendungsdaten\xdg\cache\ubuntuone\log\status.log.2013-01-05_20-51-07
2012-12-21 23:46 . 2013-01-09 20:28        0        ----a-w-        c:\dokumente und einstellungen\Wolfgang\Lokale Einstellungen\Anwendungsdaten\xdg\cache\ubuntuone\log\syncdaemon-exceptions.log
2012-12-21 23:46 . 2013-01-06 15:41        602        ----a-w-        c:\dokumente und einstellungen\Wolfgang\Lokale Einstellungen\Anwendungsdaten\xdg\cache\ubuntuone\log\syncdaemon-exceptions.log.2013-01-06_16-41-46
2012-12-21 23:46 . 2013-01-07 22:26        0        ----a-w-        c:\dokumente und einstellungen\Wolfgang\Lokale Einstellungen\Anwendungsdaten\xdg\cache\ubuntuone\log\syncdaemon-exceptions.log.2013-01-07_23-26-17
2012-12-21 23:46 . 2013-01-07 22:54        0        ----a-w-        c:\dokumente und einstellungen\Wolfgang\Lokale Einstellungen\Anwendungsdaten\xdg\cache\ubuntuone\log\syncdaemon-exceptions.log.2013-01-07_23-54-51
2012-12-21 23:46 . 2013-01-08 20:59        301        ----a-w-        c:\dokumente und einstellungen\Wolfgang\Lokale Einstellungen\Anwendungsdaten\xdg\cache\ubuntuone\log\syncdaemon-exceptions.log.2013-01-08_21-59-39
2012-12-21 23:46 . 2013-01-08 22:28        0        ----a-w-        c:\dokumente und einstellungen\Wolfgang\Lokale Einstellungen\Anwendungsdaten\xdg\cache\ubuntuone\log\syncdaemon-exceptions.log.2013-01-08_23-28-56
2012-12-21 23:34 . 2013-01-09 20:51        60180        ----a-w-        c:\dokumente und einstellungen\Wolfgang\Lokale Einstellungen\Anwendungsdaten\xdg\cache\ubuntuone\log\proxy.log
2012-12-21 23:34 . 2012-12-22 00:54        1048543        ----a-w-        c:\dokumente und einstellungen\Wolfgang\Lokale Einstellungen\Anwendungsdaten\xdg\cache\ubuntuone\log\proxy.log.2012-12-22_00-34-47
2012-12-21 23:34 . 2012-12-23 22:25        247073        ----a-w-        c:\dokumente und einstellungen\Wolfgang\Lokale Einstellungen\Anwendungsdaten\xdg\cache\ubuntuone\log\proxy.log.2012-12-23_23-25-33
2012-12-21 23:34 . 2013-01-05 19:49        996001        ----a-w-        c:\dokumente und einstellungen\Wolfgang\Lokale Einstellungen\Anwendungsdaten\xdg\cache\ubuntuone\log\proxy.log.2013-01-04_17-56-55
2012-12-21 23:34 . 2013-01-06 21:58        73663        ----a-w-        c:\dokumente und einstellungen\Wolfgang\Lokale Einstellungen\Anwendungsdaten\xdg\cache\ubuntuone\log\proxy.log.2013-01-05_22-59-32
2012-12-21 23:34 . 2012-12-21 23:34        1        ----a-w-        c:\dokumente und einstellungen\Wolfgang\Lokale Einstellungen\Anwendungsdaten\xdg\ubuntuone\syncdaemon\metadata_version
2012-12-21 23:34 . 2012-12-21 23:34        1        ----a-w-        c:\dokumente und einstellungen\Wolfgang\Lokale Einstellungen\Anwendungsdaten\xdg\ubuntuone\syncdaemon\vm\.version
2012-12-21 23:34 . 2013-01-09 20:53        45680        ----a-w-        c:\dokumente und einstellungen\Wolfgang\Lokale Einstellungen\Anwendungsdaten\xdg\cache\ubuntuone\log\syncdaemon.log
2012-12-21 23:34 . 2013-01-07 22:26        86        ----a-w-        c:\dokumente und einstellungen\Wolfgang\Lokale Einstellungen\Anwendungsdaten\xdg\cache\ubuntuone\log\syncdaemon.log.2013-01-07_23-26-15
2012-12-21 23:34 . 2013-01-07 22:54        40201        ----a-w-        c:\dokumente und einstellungen\Wolfgang\Lokale Einstellungen\Anwendungsdaten\xdg\cache\ubuntuone\log\syncdaemon.log.2013-01-07_23-48-38
2012-12-21 23:34 . 2013-01-08 18:37        46121        ----a-w-        c:\dokumente und einstellungen\Wolfgang\Lokale Einstellungen\Anwendungsdaten\xdg\cache\ubuntuone\log\syncdaemon.log.2013-01-08_02-00-06
2012-12-21 23:34 . 2013-01-08 22:28        71276        ----a-w-        c:\dokumente und einstellungen\Wolfgang\Lokale Einstellungen\Anwendungsdaten\xdg\cache\ubuntuone\log\syncdaemon.log.2013-01-08_23-23-54
2012-12-21 23:34 . 2013-01-09 20:28        44851        ----a-w-        c:\dokumente und einstellungen\Wolfgang\Lokale Einstellungen\Anwendungsdaten\xdg\cache\ubuntuone\log\syncdaemon.log.2013-01-09_01-05-01
2012-12-21 23:34 . 2013-01-09 20:28        20387        ----a-w-        c:\dokumente und einstellungen\Wolfgang\Lokale Einstellungen\Anwendungsdaten\xdg\cache\ubuntuone\log\credentials.log
2012-12-21 23:34 . 2013-01-09 20:53        151886        ----a-w-        c:\dokumente und einstellungen\Wolfgang\Lokale Einstellungen\Anwendungsdaten\xdg\cache\ubuntuone\log\controlpanel.log
2012-12-21 23:34 . 2012-12-22 00:52        4401        ----a-w-        c:\dokumente und einstellungen\Wolfgang\Lokale Einstellungen\Anwendungsdaten\xdg\cache\sso\sso-client-gui.log
2012-12-21 23:34 . 2013-01-09 20:28        55444        ----a-w-        c:\dokumente und einstellungen\Wolfgang\Lokale Einstellungen\Anwendungsdaten\xdg\cache\sso\sso-client.log
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\programme\Ask.com\GenericAskToolbar.dll" [2012-05-04 1519272]
.
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\000BoxDesktopFileLocked]
@="{C253B817-3A00-475f-A5A3-6F2DD704B48D}"
[HKEY_CLASSES_ROOT\CLSID\{C253B817-3A00-475f-A5A3-6F2DD704B48D}]
2010-03-18 08:09        297808        ----a-w-        c:\windows\system32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\000BoxDesktopNotSynced]
@="{19ACC806-F7AA-46AA-A80A-726A07CA6637}"
[HKEY_CLASSES_ROOT\CLSID\{19ACC806-F7AA-46AA-A80A-726A07CA6637}]
2010-03-18 08:09        297808        ----a-w-        c:\windows\system32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\000BoxDesktopNotSyncedCollabs]
@="{337D9DE0-3F8B-4430-AF0F-FFC24A95AE8F}"
[HKEY_CLASSES_ROOT\CLSID\{337D9DE0-3F8B-4430-AF0F-FFC24A95AE8F}]
2010-03-18 08:09        297808        ----a-w-        c:\windows\system32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\000BoxDesktopSynced]
@="{B7AC9C6D-F15B-4B1A-A88D-F518D13861D9}"
[HKEY_CLASSES_ROOT\CLSID\{B7AC9C6D-F15B-4B1A-A88D-F518D13861D9}]
2010-03-18 08:09        297808        ----a-w-        c:\windows\system32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\000BoxDesktopSyncedCollab]
@="{9E48C232-F601-4E41-BB3E-16CBAF317AA4}"
[HKEY_CLASSES_ROOT\CLSID\{9E48C232-F601-4E41-BB3E-16CBAF317AA4}]
2010-03-18 08:09        297808        ----a-w-        c:\windows\system32\mscoree.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Software Informer"="c:\programme\Software Informer\softinfo.exe" [2011-10-27 2920517]
"Ubuntu One"="c:\programme\ubuntuone\dist\ubuntuone-syncdaemon.exe" [2012-12-11 137408]
"Ubuntu One Icon"="c:\programme\ubuntuone\dist\ubuntuone-control-panel-qt.exe" [2012-12-11 129728]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-11-29 7335936]
"Apoint"="c:\programme\Apoint\Apoint.exe" [2004-11-17 118784]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"Mouse Suite 98 Daemon"="ICO.EXE" [2002-03-14 45056]
"SonyPowerCfg"="c:\programme\Sony\VAIO Power Management\SPMgr.exe" [2005-11-28 217088]
"ISBMgr.exe"="c:\programme\Sony\ISB Utility\ISBMgr.exe" [2004-02-20 32768]
"Switcher.exe"="c:\programme\Sony\Wireless Switch Setting Utility\Switcher.exe" [2005-11-24 167936]
"VAIOCameraUtility"="c:\programme\Sony\VAIO Camera Utility\VCUServe.exe" [2005-12-01 69632]
"Acrobat Assistant 7.0"="c:\programme\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2005-03-03 483328]
"Adobe ARM"="c:\programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"F-Secure Manager"="g:\eigene programme\F-Secure\Common\FSM32.EXE" [2009-11-18 201128]
"F-Secure TNB"="g:\eigene programme\F-Secure\FSGUI\TNBUtil.exe" [2009-11-18 1655208]
"NBAgent"="c:\programme\Nero\Nero 11\Nero BackItUp\NBAgent.exe" [2011-09-20 1493288]
"VAIO Update 5"="c:\programme\Sony\VAIO Update 5\VAIOUpdt.exe" [2012-01-17 1015912]
"Ulead AutoDetector v2"="c:\programme\Gemeinsame Dateien\Ulead Systems\AutoDetector\monitor.exe" [2007-08-02 95504]
"SunJavaUpdateSched"="c:\programme\Gemeinsame Dateien\Java\Java Update\jusched.exe" [2012-07-03 252848]
"PDFPrint"="g:\programme\PDF24\pdf24.exe" [2012-09-06 162408]
"ApnUpdater"="c:\programme\Ask.com\Updater\Updater.exe" [2012-05-04 1561768]
"BoxSyncHelper"="c:\programme\Box Sync\BoxSyncHelper.exe" [2012-12-19 393216]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\dokumente und einstellungen\Wolfgang\Startmenü\Programme\Autostart\
Hardcopy.LNK - g:\hardcopy\hardcopy.exe [2012-6-26 3541504]
Twonky 7.1.lnk - c:\programme\Twonky\TwonkyServer\twonkytray.exe [2012-10-22 1135432]
.
c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\
Bluetooth Manager.lnk - c:\programme\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe [2005-6-16 49152]
Box Sync.lnk - c:\programme\Box Sync\BoxSync.exe [2012-12-19 8706560]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2005-05-20 16:42        73728        ----a-w-        c:\windows\system32\VESWinlogon.dll
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programme\\Adobe\\Photoshop Elements 4.0\\AdobePhotoshopElementsMediaServer.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programme\\Twonky\\TwonkyServer\\twonkystarter.exe"=
"c:\\Programme\\Twonky\\TwonkyServer\\twonkyserver.exe"=
"c:\\Programme\\ubuntuone\\dist\\ubuntuone-syncdaemon.exe"=
.
R0 fsbts;fsbts;c:\windows\system32\drivers\fsbts.sys [26.06.2012 20:09 44240]
R0 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys [26.06.2012 20:09 81864]
R0 NBVol;Nero Backup Volume Filter Driver;c:\windows\system32\drivers\NBVol.sys [27.06.2012 22:26 56496]
R0 NBVolUp;Nero Backup Volume Upper Filter Driver;c:\windows\system32\drivers\NBVolUp.sys [27.06.2012 22:26 12464]
R1 F-Secure HIPS;F-Secure HIPS Driver;g:\eigene programme\F-Secure\HIPS\drivers\fshs.sys [26.06.2012 20:08 69928]
R2 MSSQL$VAIO_VEDB;MSSQL$VAIO_VEDB;c:\programme\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe -sVAIO_VEDB --> c:\programme\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe -sVAIO_VEDB [?]
R2 NAUpdate;@c:\programme\Nero\Update\NASvc.exe,-200;c:\programme\Nero\Update\NASvc.exe [23.09.2011 17:37 641832]
R2 STRATO HiDrive Service;STRATO HiDrive Service;g:\programme\STRATO AG\STRATO HiDrive\STRATO HiDrive Service.exe [15.11.2011 00:49 32768]
R2 TwonkyProxy;TwonkyProxy;c:\programme\Twonky\TwonkyServer\twonkyproxy.exe -start --> c:\programme\Twonky\TwonkyServer\twonkyproxy.exe -start [?]
R2 TwonkyWebDav;TwonkyWebDav;c:\programme\Twonky\TwonkyServer\twonkywebdav.exe -start --> c:\programme\Twonky\TwonkyServer\twonkywebdav.exe -start [?]
R3 F-Secure Gatekeeper;F-Secure Gatekeeper;g:\eigene programme\F-Secure\Anti-Virus\minifilter\fsgk.sys [26.06.2012 20:08 144952]
R3 SonyImgF;Sony Image Conversion Filter Driver;c:\windows\system32\drivers\SonyImgF.sys [12.12.2005 09:24 28800]
R3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [12.12.2005 09:24 217472]
R3 VUAgent;VUAgent;c:\programme\Sony\VAIO Update Common\VUAgent.exe [13.01.2012 09:53 939624]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [09.06.2012 21:58 11520]
S3 esihdrv;esihdrv;\??\c:\dokume~1\Wolfgang\LOKALE~1\Temp\esihdrv.sys --> c:\dokume~1\Wolfgang\LOKALE~1\Temp\esihdrv.sys [?]
S3 FSORSPClient;F-Secure ORSP Client;g:\eigene programme\F-Secure\ORSP Client\fsorsp.exe [26.06.2012 20:08 61088]
S3 SQLAgent$VAIO_VEDB;SQLAgent$VAIO_VEDB;c:\programme\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlagent.EXE -i VAIO_VEDB --> c:\programme\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlagent.EXE -i VAIO_VEDB [?]
S4 F-Secure Filter;F-Secure File System Filter;g:\eigene programme\F-Secure\Anti-Virus\win2k\fsfilter.sys [26.06.2012 20:08 41640]
S4 F-Secure Recognizer;F-Secure File System Recognizer;g:\eigene programme\F-Secure\Anti-Virus\win2k\fsrec.sys [26.06.2012 20:08 27048]
.
Inhalt des "geplante Tasks" Ordners
.
2013-01-09 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-12 20:39]
.
2013-01-09 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\programme\Ask.com\UpdateTask.exe [2012-05-04 13:43]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://de.ask.com/?l=dis&o=100000013&gct=hp
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: &Google-Suche - c:\programme\Google\GoogleToolbar1.dll/cmsearch.html
IE: &Ins Deutsche übersetzen - c:\programme\Google\GoogleToolbar1.dll/cmwordtrans.html
IE: Im Cache gespeicherte Seite - c:\programme\Google\GoogleToolbar1.dll/cmcache.html
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: Verweisseiten - c:\programme\Google\GoogleToolbar1.dll/cmbacklinks.html
IE: Ähnliche Seiten - c:\programme\Google\GoogleToolbar1.dll/cmsimilar.html
LSP: g:\eigene programme\F-Secure\FSPS\program\FSLSP.DLL
Trusted Zone: sony-europe.com
Trusted Zone: sonystyle-europe.com
Trusted Zone: vaio-link.com
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\dokumente und einstellungen\Wolfgang\Anwendungsdaten\Mozilla\Firefox\Profiles\jp8vstay.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.kottowski.de
FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=FKR&o=100000013&locale=de_DE&apn_uid=20f87da0-8a57-4582-a7cf-f83df4dd67e0&apn_ptnrs=2T&apn_sauid=E6103EC5-827E-45F3-9103-1CA704EF6625&apn_dtid=YYYYYYYYDE&&q=
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: 2012-12-02 20:03; spam@trashmail.net; c:\dokumente und einstellungen\Wolfgang\Anwendungsdaten\Mozilla\Firefox\Profiles\jp8vstay.default\extensions\spam@trashmail.net.xpi
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2013-01-09 21:56
Windows 5.1.2600 Service Pack 3 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'winlogon.exe'(1060)
c:\windows\system32\VESWinlogon.dll
g:\eigene programme\f-secure\hips\fshook32.dll
.
- - - - - - - > 'lsass.exe'(1124)
g:\eigene programme\F-Secure\FSPS\program\FSLSP.DLL
g:\eigene programme\f-secure\hips\fshook32.dll
.
Zeit der Fertigstellung: 2013-01-09  21:58:13
ComboFix-quarantined-files.txt  2013-01-09 20:58
ComboFix2.txt  2013-01-08 21:57
.
Vor Suchlauf: 9 Verzeichnis(se), 27.335.028.736 Bytes frei
Nach Suchlauf: 10 Verzeichnis(se), 27.373.719.552 Bytes frei
.
- - End Of File - - E93629B086EFB4B515D423BF6D9B2473

cosinus 10.01.2013 00:28
Malwarebytes Anti-Rootkit http://img.trojaner-board.de/malware...otkit/logo.png

Downloade dir bitte Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Entpacke das Archiv auf deinem Desktop.
  • Im neu erstellten Ordner starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers

wolfk 10.01.2013 01:38
Hallo Cosinus,

ich habe

-den Download von Malwarenbytes Anti-Rootkit
und die Speicherung auf dem Desktop vorgenommen.
-Das Archiv wurde entpackt und in dem neu
erstellten Ordner die mbar.exe gestartet.
-Den Anweisungen auf dem Bildschirm folgend,
habe ich dem Tool erlaubt, upzudaten und
anschließend mein System zu scannen.
-Der Scan wurde beendet mit dem Hinweis, daß
keine Malware gefunden wurde. Insofern ist
auch kein Neustart programmseitig erforderlich
geworden.

-Anbei das vom Tool erstellte Logfile
( mbar-log-<Jahr-Monat-Tag>.txt ).
-Es wurde keine andere Datei in dem Ordner
gestartet.

Vielen Dank

wolfk

Code:
Malwarebytes Anti-Rootkit 1.01.0.1011
www.malwarebytes.org

Database version: v2013.01.09.10

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Wolfgang :: LAPTOP-PC [administrator]

10.01.2013 01:23:36
mbar-log-2013-01-10 (01-23-36).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 27562
Time elapsed: 16 minute(s), 25 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

cosinus 10.01.2013 11:41
adwCleaner - Toolbars und ungewollte Start-/Suchseiten aufspüren

Downloade Dir bitte AdwCleaner auf deinen Desktop.

Falls der adwCleaner schon mal in der runtergeladen wurde, bitte die alte adwcleaner.exe löschen und neu runterladen!!
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Suche.
  • Nach Ende des Suchlaufs öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[Rx].txt. (x=fortlaufende Nummer)

wolfk 10.01.2013 22:25
Hallo Cosinus,

habe mir den

-AdwCleaner auf den Desktop geladen
(alte adwcleaner.exe wurde gelöscht).
-AdwCleaner.exe mit Doppelklick gestartet
und auf "Suche" geklickt.
-Die sich öffnende Textdatei ist mit der
nächsten Antwort zu posten (anbei)

Herzlichen Dank für Deine Mühen

wolfk

Code:
# AdwCleaner v2.105 - Datei am 10/01/2013 um 21:49:37 erstellt
# Aktualisiert am 08/01/2013 von Xplode
# Betriebssystem : Microsoft Windows XP Service Pack 3 (32 bits)
# Benutzer : Wolfgang - LAPTOP-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Dokumente und Einstellungen\Wolfgang\Desktop\adwcleaner.exe
# Option [Suche]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gefunden : C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job
Ordner Gefunden : C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\boost_interprocess
Ordner Gefunden : C:\Programme\Ask.com
Ordner Gefunden : C:\WINDOWS\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

***** [Registrierungsdatenbank] *****

Schlüssel Gefunden : HKCU\Software\APN
Schlüssel Gefunden : HKCU\Software\Ask.com
Schlüssel Gefunden : HKCU\Software\AskToolbar
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Schlüssel Gefunden : HKLM\Software\APN
Schlüssel Gefunden : HKLM\Software\AskToolbar
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Schlüssel Gefunden : HKLM\Software\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gefunden : HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Schlüssel Gefunden : HKLM\Software\Description
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Schlüssel Gefunden : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0CFE535C35F99574E8340BFA75BF92C2
Schlüssel Gefunden : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E
Schlüssel Gefunden : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\120DFADEB50841F408F04D2A278F9509
Schlüssel Gefunden : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6
Schlüssel Gefunden : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\261F213D1F55267499B1F87D0CC3BCF7
Schlüssel Gefunden : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852
Schlüssel Gefunden : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0
Schlüssel Gefunden : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA
Schlüssel Gefunden : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96
Schlüssel Gefunden : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8
Schlüssel Gefunden : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01
Schlüssel Gefunden : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59
Schlüssel Gefunden : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED
Schlüssel Gefunden : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472
Schlüssel Gefunden : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296
Schlüssel Gefunden : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888
Schlüssel Gefunden : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC
Schlüssel Gefunden : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA
Schlüssel Gefunden : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E
Schlüssel Gefunden : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF
Schlüssel Gefunden : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E
Schlüssel Gefunden : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Wert Gefunden : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{00000000-6E41-4FD3-8538-502F5495E5FC}]
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater]

***** [Internet Browser] *****

-\\ Internet Explorer v8.0.6001.18702

[HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://de.ask.com/?l=dis&o=100000013&gct=hp

*************************

AdwCleaner[R1].txt - [6833 octets] - [04/01/2013 17:52:17]
AdwCleaner[R2].txt - [6043 octets] - [10/01/2013 21:49:37]

########## EOF - C:\AdwCleaner[R2].txt - [6103 octets] ##########

cosinus 11.01.2013 00:04
adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen
  • Schließe alle offenen Programme und Browser.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Löschen.
  • Bestätige jeweils mit Ok.
  • Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[Sx].txt. (x=fortlaufende Nummer)

Danach eine Kontrolle mit OTL bitte:
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles in CODE-Tags hier in den Thread.

wolfk 11.01.2013 01:06
Hallo Cosinus,

zunächst habe ich

-alle offenen Programme und Browser geschlossen um dann
-die adwcleaner.exe mit einem Doppelklick zu starten.
-Anschließend habe ich den "Löschen"-Knopf betätigt und
die folgenden Fragen mit "OK" beantwortet.
-Der Rechner wurde neu gestartet und es öffnete sich
eine Textdatei, deren Inhalt ich nun poste (anbei).

Danach die Kontrolle mit OTL

-Doppelklick auf die OTL.exe und mittig den Haken bei
scanne alle Benutzer setzen.
-Minimalen Output und Use SafeList wählen.
-Auf Run Scan links oben klicken.
-Wenn der Scan beendet ist, sind die beiden Logfiles,
die erstellt wurden in CODE-Tags in den Thread zu posten.
(Anbei)

Vielen Dank für Hilfen, Hinweise und Vorgehensweisen.

wolfk

Code:
# AdwCleaner v2.105 - Datei am 11/01/2013 um 00:14:37 erstellt
# Aktualisiert am 08/01/2013 von Xplode
# Betriebssystem : Microsoft Windows XP Service Pack 3 (32 bits)
# Benutzer : Wolfgang - LAPTOP-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Dokumente und Einstellungen\Wolfgang\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gelöscht : C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job
Ordner Gelöscht : C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\boost_interprocess
Ordner Gelöscht : C:\Programme\Ask.com
Ordner Gelöscht : C:\WINDOWS\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\APN
Schlüssel Gelöscht : HKCU\Software\Ask.com
Schlüssel Gelöscht : HKCU\Software\AskToolbar
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Schlüssel Gelöscht : HKLM\Software\APN
Schlüssel Gelöscht : HKLM\Software\AskToolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Schlüssel Gelöscht : HKLM\Software\Description
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0CFE535C35F99574E8340BFA75BF92C2
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\120DFADEB50841F408F04D2A278F9509
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\261F213D1F55267499B1F87D0CC3BCF7
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{00000000-6E41-4FD3-8538-502F5495E5FC}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater]

***** [Internet Browser] *****

-\\ Internet Explorer v8.0.6001.18702

Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://de.ask.com/?l=dis&o=100000013&gct=hp --> hxxp://www.google.com

*************************

AdwCleaner[R1].txt - [6833 octets] - [04/01/2013 17:52:17]
AdwCleaner[R2].txt - [6172 octets] - [10/01/2013 21:49:37]
AdwCleaner[S2].txt - [6141 octets] - [11/01/2013 00:14:37]

########## EOF - C:\AdwCleaner[S2].txt - [6201 octets] ##########
Code:
OTL logfile created on: 11.01.2013 00:41:23 - Run 4
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Dokumente und Einstellungen\Wolfgang\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,14 Gb Available Physical Memory | 56,91% Memory free
3,85 Gb Paging File | 2,99 Gb Available in Paging File | 77,63% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 48,83 Gb Total Space | 25,70 Gb Free Space | 52,63% Space Free | Partition Type: NTFS
Drive D: | 140,58 Gb Total Space | 125,16 Gb Free Space | 89,03% Space Free | Partition Type: FAT32
Drive F: | 48,83 Gb Total Space | 35,30 Gb Free Space | 72,30% Space Free | Partition Type: NTFS
Drive G: | 75,89 Gb Total Space | 68,84 Gb Free Space | 90,71% Space Free | Partition Type: NTFS
Drive J: | 50,27 Gb Total Space | 50,27 Gb Free Space | 100,00% Space Free | Partition Type: FAT32
Drive N: | 465,73 Gb Total Space | 115,08 Gb Free Space | 24,71% Space Free | Partition Type: NTFS
 
Computer Name: LAPTOP-PC | User Name: Wolfgang | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - G:\Programme\mozilla firefox\firefox.exe (Mozilla Corporation)
PRC - G:\Eigene Programme\F-Secure\Anti-Virus\fsav32.exe (F-Secure Corporation)
PRC - G:\Eigene Programme\F-Secure\Anti-Virus\fssm32.exe (F-Secure Corporation)
PRC - G:\Eigene Programme\F-Secure\Anti-Virus\fsgk32.exe (F-Secure Corporation)
PRC - C:\Dokumente und Einstellungen\Wolfgang\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Box Sync\BoxSyncHelper.exe (Box, Inc.)
PRC - C:\Programme\Box Sync\BoxSync.exe (Box, Inc.)
PRC - C:\Programme\ubuntuone\dist\ubuntu-sso-login.exe ()
PRC - C:\Programme\ubuntuone\dist\ubuntuone-syncdaemon.exe ()
PRC - C:\Programme\ubuntuone\dist\ubuntuone-proxy-tunnel.exe ()
PRC - C:\Programme\ubuntuone\dist\ubuntuone-control-panel-qt.exe ()
PRC - C:\Programme\Twonky\TwonkyServer\twonkyproxy.exe ()
PRC - C:\Programme\Twonky\TwonkyServer\twonkywebdav.exe ()
PRC - C:\Programme\Twonky\TwonkyServer\twonkytray.exe (PacketVideo)
PRC - C:\Programme\Java\jre7\bin\jqs.exe (Oracle Corporation)
PRC - G:\Programme\PDF24\pdf24.exe (Geek Software GmbH)
PRC - G:\Programme\Notepad++\notepad++.exe (Don HO don.h@free.fr)
PRC - C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
PRC - G:\Eigene Programme\F-Secure\ORSP Client\fsorsp.exe (F-Secure Corporation)
PRC - G:\hardcopy\hardcopy.exe (sw4you, Siegfried Weckmann)
PRC - C:\Programme\Sony\VAIO Update 5\VAIOUpdt.exe (Sony Corporation)
PRC - C:\Programme\Sony\VAIO Update Common\VUAgent.exe (Sony Corporation)
PRC - G:\Programme\STRATO AG\STRATO HiDrive\STRATO HiDrive Service.exe (STRATO)
PRC - C:\Programme\Software Informer\softinfo.exe (Informer Technologies, Inc.)
PRC - C:\Programme\Nero\Update\NASvc.exe (Nero AG)
PRC - G:\Eigene Programme\F-Secure\Common\FSM32.EXE (F-Secure Corporation)
PRC - G:\Eigene Programme\F-Secure\Common\FSMA32.EXE (F-Secure Corporation)
PRC - G:\Eigene Programme\F-Secure\Common\FSHDLL32.EXE (F-Secure Corporation)
PRC - G:\Eigene Programme\F-Secure\FWES\program\fsdfwd.exe (F-Secure Corporation)
PRC - G:\Eigene Programme\F-Secure\Anti-Virus\fsgk32st.exe (F-Secure Corporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Gemeinsame Dateien\Ulead Systems\AutoDetector\Monitor.exe (Ulead Systems, Inc.)
PRC - C:\Programme\Sony\VAIO Camera Utility\VCUServe.exe (Sony Corporation)
PRC - C:\Programme\Sony\VAIO Power Management\SPMgr.exe (Sony Corporation)
PRC - C:\Programme\Sony\Wireless Switch Setting Utility\Switcher.exe (Sony Corporation)
PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.)
PRC - C:\Programme\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe ()
PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe (TOSHIBA CORPORATION.)
PRC - C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe (Sony Corporation)
PRC - C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe (Sony Corporation)
PRC - C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe (Sony Corporation)
PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe (TOSHIBA CORPORATION.)
PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe (TOSHIBA CORPORATION.)
PRC - C:\Programme\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation)
PRC - C:\Programme\Adobe\Acrobat 7.0\Distillr\acrotray.exe (Adobe Systems Inc.)
PRC - C:\Programme\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
PRC - C:\Programme\Apoint\ApntEx.exe (Alps Electric Co., Ltd.)
PRC - C:\Programme\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
PRC - C:\WINDOWS\system32\ico.exe (Primax Electronics Ltd.)
 
 
========== Modules (No Company Name) ==========
 
MOD - G:\Programme\mozilla firefox\mozjs.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\BoxSyncHelper\69a33ca4d86dd204a06bebc087d60b26\BoxSyncHelper.ni.exe ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Newtonsoft.Json.Net#\ad7f1ab6eb4d4760d6a44da93a726174\Newtonsoft.Json.Net20.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Python.Runtime\e504461905e60c71e7b15698bca2b340\Python.Runtime.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Management\1a6f9e23985e3159e6dd9827fd81c2fd\System.Management.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\ZetaLongPaths\79a6c14accd5a637a81f08525630c90e\ZetaLongPaths.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\BoxUtils\8fcb0e3bc42873044d8bb5ba01a4fd68\BoxUtils.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\BoxSync\a3b01b2b9821350be75712b900bf5589\BoxSync.ni.exe ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\5f287bf8e66e3b9bfc5562ad7e3c7857\System.Configuration.Install.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\d8e6b9c70a9456677c5d746fa603013f\System.Web.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\d7a2248a76f0e94d56c92c5bf96f5175\System.Runtime.Remoting.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Transactions\ad737988d5bde126a3b7770eacc51e5b\System.Transactions.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data\8462c03b4f10c4624feb95790d6d1e30\System.Data.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Accessibility\cbee94ec6a0fe649e3b4643cea6e1259\Accessibility.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\4c91371e83d124ecb39664613e7e0417\System.Windows.Forms.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\7782f356a838c403b4a8e9c80df5a577\System.Drawing.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Security\203f25ba39b45027d2d0c8f849a471db\System.Security.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\d8f621506aee1c8eb8fdb948d4640dca\System.Data.SqlXml.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\fe025743210c22bea2f009e1612c38bf\System.Xml.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\96b7a0136e9e72e8f4eb0230c20766d2\System.Configuration.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\aeac298c43c77d8860db8e7634d9f2eb\System.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\eab2340ead8e1a84bdf1a87868659979\mscorlib.ni.dll ()
MOD - C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll ()
MOD - C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll ()
MOD - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.DEU ()
MOD - C:\Programme\ubuntuone\dist\ubuntu-sso-login.exe ()
MOD - C:\Programme\ubuntuone\dist\ubuntuone-syncdaemon.exe ()
MOD - C:\Programme\ubuntuone\dist\ubuntuone-proxy-tunnel.exe ()
MOD - C:\Programme\ubuntuone\dist\ubuntuone-control-panel-qt.exe ()
MOD - C:\Programme\Twonky\TwonkyServer\twonkyproxy.exe ()
MOD - C:\Programme\Twonky\TwonkyServer\twonkywebdav.exe ()
MOD - C:\Programme\ubuntuone\dist\zope.interface._zope_interface_coptimizations.pyd ()
MOD - C:\Programme\ubuntuone\dist\OpenSSL.crypto.pyd ()
MOD - C:\Programme\ubuntuone\dist\OpenSSL.SSL.pyd ()
MOD - C:\Programme\ubuntuone\dist\OpenSSL.rand.pyd ()
MOD - C:\Programme\ubuntuone\dist\Crypto.Cipher.AES.pyd ()
MOD - C:\Programme\ubuntuone\dist\twisted.python._initgroups.pyd ()
MOD - C:\Programme\Box Sync\_ssl.pyd ()
MOD - C:\Programme\Box Sync\unicodedata.pyd ()
MOD - C:\Programme\Box Sync\sqlite3.dll ()
MOD - C:\Programme\Box Sync\_hashlib.pyd ()
MOD - C:\Programme\Box Sync\pyexpat.pyd ()
MOD - C:\Programme\Box Sync\win32file.pyd ()
MOD - C:\Programme\Box Sync\pywintypes27.dll ()
MOD - C:\Programme\Box Sync\win32security.pyd ()
MOD - C:\Programme\Box Sync\win32api.pyd ()
MOD - C:\Programme\Box Sync\_elementtree.pyd ()
MOD - C:\Programme\Box Sync\_ctypes.pyd ()
MOD - C:\Programme\Box Sync\_sqlite3.pyd ()
MOD - C:\Programme\Box Sync\_socket.pyd ()
MOD - C:\Programme\Box Sync\_testcapi.pyd ()
MOD - C:\Programme\Box Sync\_win32sysloader.pyd ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Core\a2b1103ad3d9f329e0c9164994137c81\System.Core.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml\21071fcc838660d96f10920c4c3cd206\System.Xml.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Configuration\363b05dd092178671e56531a9c4999b6\System.Configuration.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System\3ff4657a86a0e14b4be577969e0ec762\System.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\mscorlib\52f4f785f7cf45a64606a8e13c8cf04c\mscorlib.ni.dll ()
MOD - C:\Programme\ubuntuone\dist\PyQt4.QtNetwork.pyd ()
MOD - C:\Programme\ubuntuone\dist\PyQt4.QtGui.pyd ()
MOD - C:\Programme\ubuntuone\dist\PyQt4.QtCore.pyd ()
MOD - C:\Programme\ubuntuone\dist\sip.pyd ()
MOD - G:\Eigene Programme\F-Secure\Anti-Virus\minifilter\hashlib_x86.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - G:\hardcopy\HcDllS.dll ()
MOD - C:\Programme\ubuntuone\dist\_ssl.pyd ()
MOD - C:\Programme\ubuntuone\dist\_hashlib.pyd ()
MOD - C:\Programme\ubuntuone\dist\_ctypes.pyd ()
MOD - C:\Programme\ubuntuone\dist\select.pyd ()
MOD - C:\Programme\ubuntuone\dist\unicodedata.pyd ()
MOD - C:\Programme\ubuntuone\dist\_socket.pyd ()
MOD - G:\hardcopy\HcDLL2_36_Win32.dll ()
MOD - C:\Programme\ubuntuone\dist\win32com.shell.shell.pyd ()
MOD - C:\Programme\ubuntuone\dist\pythoncom27.dll ()
MOD - C:\Programme\ubuntuone\dist\win32gui.pyd ()
MOD - C:\Programme\ubuntuone\dist\win32api.pyd ()
MOD - C:\Programme\ubuntuone\dist\win32trace.pyd ()
MOD - C:\Programme\ubuntuone\dist\win32security.pyd ()
MOD - C:\Programme\ubuntuone\dist\win32process.pyd ()
MOD - C:\Programme\ubuntuone\dist\win32pipe.pyd ()
MOD - C:\Programme\ubuntuone\dist\win32event.pyd ()
MOD - C:\Programme\ubuntuone\dist\win32file.pyd ()
MOD - C:\Programme\ubuntuone\dist\pywintypes27.dll ()
MOD - G:\hardcopy\hardcopy_04.dll ()
MOD - G:\Programme\Notepad++\plugins\NppFTP.dll ()
MOD - G:\Programme\Notepad++\plugins\NppExport.dll ()
MOD - C:\WINDOWS\system32\sbe.dll ()
MOD - G:\Eigene Programme\F-Secure\Spam Control\fsas.dll ()
MOD - \\?\g:\eigene programme\f-secure\hips\fsumi.dll ()
MOD - G:\Eigene Programme\F-Secure\FSGUI\strres.eng ()
MOD - G:\Eigene Programme\F-Secure\FSGUI\gres.dll ()
MOD - G:\Eigene Programme\F-Secure\FSGUI\fsavures.eng ()
MOD - G:\Eigene Programme\F-Secure\FSGUI\flyerres.eng ()
MOD - G:\Eigene Programme\F-Secure\FSGUI\about.dll ()
MOD - G:\Eigene Programme\F-Secure\FSGUI\aboutres.dll ()
MOD - G:\Eigene Programme\F-Secure\Anti-Virus\fsavhres.eng ()
MOD - g:\Eigene Programme\F-Secure\DAAS2\daas2.dll ()
MOD - C:\WINDOWS\system32\msdmo.dll ()
MOD - C:\Programme\Gemeinsame Dateien\Ulead Systems\AutoDetector\DetMethod.dll ()
MOD - C:\WINDOWS\system32\msjetoledb40.dll ()
MOD - C:\Programme\Sony\VAIO Camera Utility\VCULib.dll ()
MOD - C:\Programme\Intel\Wireless\Bin\Libeay32.dll ()
MOD - C:\Programme\Intel\Wireless\Bin\iWMSProv.dll ()
MOD - C:\Programme\Intel\Wireless\Bin\IntStngs.dll ()
MOD - C:\Programme\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe ()
MOD - C:\WINDOWS\system32\TosCommAPI.dll ()
MOD - C:\Programme\Sony\VAIO Event Service\VESBasePS.dll ()
MOD - C:\Programme\Adobe\Acrobat 7.0\Distillr\AdistRes.DEU ()
MOD - C:\WINDOWS\system32\TosBtHcrpAPI.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (HidServ) -- %SystemRoot%\System32\hidserv.dll File not found
SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (TwonkyProxy) -- C:\Programme\Twonky\TwonkyServer\twonkyproxy.exe ()
SRV - (TwonkyWebDav) -- C:\Programme\Twonky\TwonkyServer\twonkywebdav.exe ()
SRV - (JavaQuickStarterService) -- C:\Programme\Java\jre7\bin\jqs.exe (Oracle Corporation)
SRV - (FSORSPClient) -- G:\Eigene Programme\F-Secure\ORSP Client\fsorsp.exe (F-Secure Corporation)
SRV - (VUAgent) -- C:\Programme\Sony\VAIO Update Common\VUAgent.exe (Sony Corporation)
SRV - (STRATO HiDrive Service) -- G:\Programme\STRATO AG\STRATO HiDrive\STRATO HiDrive Service.exe (STRATO)
SRV - (NAUpdate) -- C:\Programme\Nero\Update\NASvc.exe (Nero AG)
SRV - (FSMA) -- G:\Eigene Programme\F-Secure\Common\FSMA32.EXE (F-Secure Corporation)
SRV - (FSDFWD) -- G:\Eigene Programme\F-Secure\FWES\program\fsdfwd.exe (F-Secure Corporation)
SRV - (F-Secure Gatekeeper Handler Starter) -- G:\Eigene Programme\F-Secure\Anti-Virus\fsgk32st.exe (F-Secure Corporation)
SRV - (VAIOMediaPlatform-IntegratedServer-AppServer) -- C:\Programme\Sony\VAIO Media Integrated Server\VMISrv.exe (Sony Corporation)
SRV - (VAIOMediaPlatform-IntegratedServer-UPnP) -- C:\Programme\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe (Sony Corporation)
SRV - (VAIOMediaPlatform-IntegratedServer-HTTP) -- C:\Programme\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe (Sony Corporation)
SRV - (VAIOMediaPlatform-Mobile-Gateway) -- C:\Programme\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe (Sony Corporation)
SRV - (VAIO Entertainment TV Device Arbitration Service) -- C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe (Sony Corporation)
SRV - (SSScsiSV) -- C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\SSScsiSV.exe (Sony Corporation)
SRV - (AdobeActiveFileMonitor4.0) -- C:\Programme\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe ()
SRV - (VzCdbSvc) -- C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe (Sony Corporation)
SRV - (VzFw) -- C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe (Sony Corporation)
SRV - (Vcsw) -- C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe (Sony Corporation)
SRV - (MSCSPTISRV) -- C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\MSCSPTISRV.exe (Sony Corporation)
SRV - (PACSPTISVR) -- C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\PACSPTISVR.exe (Sony Corporation)
SRV - (SPTISRV) -- C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\SPTISRV.exe (Sony Corporation)
SRV - (Image Converter video recording monitor for VAIO Entertainment) -- C:\Programme\Sony\Image Converter 2\IcVzMon.exe (Sony Corporation)
SRV - (VAIO Event Service) -- C:\Programme\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation)
SRV - (VCI) -- C:\Programme\Sony\VAIO Cooperated Initialisation\VCI_svc.exe (Sony Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (WDICA) --  File not found
DRV - (PDRFRAME) --  File not found
DRV - (PDRELI) --  File not found
DRV - (PDFRAME) --  File not found
DRV - (PDCOMP) --  File not found
DRV - (PCIDump) --  File not found
DRV - (lbrtfdc) --  File not found
DRV - (i2omgmt) --  File not found
DRV - (esihdrv) -- C:\DOKUME~1\Wolfgang\LOKALE~1\Temp\esihdrv.sys File not found
DRV - (Changer) --  File not found
DRV - (catchme) -- C:\DOKUME~1\Wolfgang\LOKALE~1\Temp\catchme.sys File not found
DRV - (F-Secure Gatekeeper) -- G:\Eigene Programme\F-Secure\Anti-Virus\minifilter\fsgk.sys ()
DRV - (fsbts) -- C:\WINDOWS\system32\drivers\fsbts.sys ()
DRV - (NBVol) -- C:\WINDOWS\system32\drivers\NBVol.sys (Nero AG)
DRV - (NBVolUp) -- C:\WINDOWS\system32\drivers\NBVolUp.sys (Nero AG)
DRV - (tap0901) -- C:\WINDOWS\system32\drivers\tap0901.sys (The OpenVPN Project)
DRV - (F-Secure HIPS) -- G:\Eigene Programme\F-Secure\HIPS\drivers\fshs.sys (F-Secure Corporation)
DRV - (FSFW) -- C:\WINDOWS\system32\drivers\fsdfw.sys (F-Secure Corporation)
DRV - (F-Secure Filter) -- G:\Eigene Programme\F-Secure\Anti-Virus\win2k\fsfilter.sys ()
DRV - (F-Secure Recognizer) -- G:\Eigene Programme\F-Secure\Anti-Virus\win2k\fsrec.sys ()
DRV - (WDC_SAM) -- C:\WINDOWS\system32\drivers\wdcsam.sys (Western Digital Technologies)
DRV - (SonyImgF) -- C:\WINDOWS\system32\drivers\SonyImgF.sys (Sony Corporation)
DRV - (s24trans) -- C:\WINDOWS\system32\drivers\s24trans.sys (Intel Corporation)
DRV - (w39n51) -- C:\WINDOWS\system32\drivers\w39n51.sys (Intel® Corporation)
DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (SigmaTel, Inc.)
DRV - (Tosrfusb) -- C:\WINDOWS\system32\drivers\tosrfusb.sys (TOSHIBA CORPORATION)
DRV - (TosRfSnd) -- C:\WINDOWS\system32\drivers\tosrfsnd.sys (TOSHIBA Corporation)
DRV - (usbvm321) -- C:\WINDOWS\system32\drivers\usbvm321.sys (Vimicro Corporation)
DRV - (HSF_DPV) -- C:\WINDOWS\system32\drivers\HSF_DPV.sys (Conexant Systems, Inc.)
DRV - (HSFHWAZL) -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (Tosrfbd) -- C:\WINDOWS\system32\drivers\tosrfbd.sys (TOSHIBA CORPORATION)
DRV - (Tosrfhid) -- C:\WINDOWS\system32\drivers\tosrfhid.sys (TOSHIBA Corporation.)
DRV - (ti21sony) -- C:\WINDOWS\system32\drivers\ti21sony.sys (Texas Instruments)
DRV - (SI3132) -- C:\WINDOWS\system32\drivers\SI3132.sys (Silicon Image, Inc.)
DRV - (SiRemFil) -- C:\WINDOWS\system32\drivers\SiRemFil.sys (Silicon Image, Inc.)
DRV - (tosporte) -- C:\WINDOWS\system32\drivers\tosporte.sys (TOSHIBA Corporation)
DRV - (Tosrfbnp) -- C:\WINDOWS\system32\drivers\tosrfbnp.sys (TOSHIBA Corporation)
DRV - (Tosrfcom) -- C:\WINDOWS\system32\drivers\tosrfcom.sys (TOSHIBA Corporation)
DRV - (toshidpt) -- C:\WINDOWS\system32\drivers\toshidpt.sys (TOSHIBA Corporation.)
DRV - (tosrfnds) -- C:\WINDOWS\system32\drivers\tosrfnds.sys (TOSHIBA Corporation.)
DRV - (ApfiltrService) -- C:\WINDOWS\system32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (SiFilter) -- C:\WINDOWS\system32\drivers\SiWinAcc.sys (Silicon Image, Inc.)
DRV - (DMICall) -- C:\WINDOWS\system32\drivers\DMICall.sys (Sony Corporation)
DRV - (SNC) -- C:\WINDOWS\system32\drivers\SonyNC.sys (Sony Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.club-vaio.com/de/
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.club-vaio.com/de/
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-21-2067509887-573568312-3817669188-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-21-2067509887-573568312-3817669188-1006\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-2067509887-573568312-3817669188-1006\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-2067509887-573568312-3817669188-1006\..\SearchScopes\{0F9E37E5-7094-4B2A-BA63-45728792B28B}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=FKR&o=100000013&src=crm&q={searchTerms}&locale=&apn_ptnrs=2T&apn_dtid=YYYYYYYYDE&apn_uid=20f87da0-8a57-4582-a7cf-f83df4dd67e0&apn_sauid=E6103EC5-827E-45F3-9103-1CA704EF6625
IE - HKU\S-1-5-21-2067509887-573568312-3817669188-1006\..\SearchScopes\{AF0B3699-313C-47CE-B187-97C181997C92}: "URL" = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKU\S-1-5-21-2067509887-573568312-3817669188-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "hxxp://www.kottowski.de"
FF - prefs.js..extensions.enabledAddons: spam%40trashmail.net:2.6.2
FF - prefs.js..extensions.enabledAddons: litmus-ff%40f-secure.com:1.10
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0
FF - prefs.js..keyword.URL: "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=FKR&o=100000013&locale=de_DE&apn_uid=20f87da0-8a57-4582-a7cf-f83df4dd67e0&apn_ptnrs=2T&apn_sauid=E6103EC5-827E-45F3-9103-1CA704EF6625&apn_dtid=YYYYYYYYDE&&q="
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Programme\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Nero.com/KM: C:\PROGRA~1\GEMEIN~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.4: G:\Programme\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: G:\Programme\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101753.dll (Amazon.com, Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\litmus-ff@f-secure.com: G:\Eigene Programme\F-Secure\NRS\litmus-ff@f-secure.com [2013.01.03 20:18:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0\extensions\\Components: g:\programme\mozilla firefox\components [2013.01.10 20:43:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0\extensions\\Plugins: g:\programme\mozilla firefox\plugins
 
[2012.06.10 19:48:52 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Wolfgang\Anwendungsdaten\Mozilla\Extensions
[2012.12.02 20:03:37 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Wolfgang\Anwendungsdaten\Mozilla\Firefox\Profiles\jp8vstay.default\extensions
[2012.10.24 21:55:03 | 000,000,000 | ---D | M] (Fotosketcher Toolbar) -- C:\Dokumente und Einstellungen\Wolfgang\Anwendungsdaten\Mozilla\Firefox\Profiles\jp8vstay.default\extensions\toolbar@ask.com
[2012.12.02 20:03:37 | 000,217,069 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\Wolfgang\Anwendungsdaten\Mozilla\Firefox\Profiles\jp8vstay.default\extensions\spam@trashmail.net.xpi
[2012.10.24 21:55:04 | 000,002,331 | ---- | M] () -- C:\Dokumente und Einstellungen\Wolfgang\Anwendungsdaten\Mozilla\Firefox\Profiles\jp8vstay.default\searchplugins\askcom.xml
[2013.01.03 20:18:32 | 000,000,000 | ---D | M] ("urn:mozilla:install-manifest" em:creator="(c) 2007 by F-Secure" em:description="Browsing Protection Toolbar" em:homepageURL="hxxp://www.f-secure.com/" em:iconURL="chrome://litmus-ff/skin/logo.png" em:id="litmus-ff@f-secure.com" em:name="Browsing Protection" em:updateURL="https://10.70.0.25/fireup/update.rdf" em:version="1.10">) -- G:\EIGENE PROGRAMME\F-SECURE\NRS\LITMUS-FF@F-SECURE.COM
 
O1 HOSTS File: ([2013.01.09 21:56:43 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Programme\Google\GoogleToolbar1.dll (Google Inc.)
O2 - BHO: (Browsing Protection Class) - {C6867EB7-8350-4856-877F-93CF8AE3DC9C} - G:\Eigene Programme\F-Secure\NRS\iescript\baselitmus.dll (F-Secure Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Programme\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Browsing Protection Toolbar) - {265EEE8E-3228-44D3-AEA5-F7FDF5860049} - G:\Eigene Programme\F-Secure\NRS\iescript\baselitmus.dll (F-Secure Corporation)
O3 - HKU\S-1-5-21-2067509887-573568312-3817669188-1006\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-21-2067509887-573568312-3817669188-1006\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKU\S-1-5-21-2067509887-573568312-3817669188-1006\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Programme\Google\GoogleToolbar1.dll (Google Inc.)
O4 - HKLM..\Run: [Acrobat Assistant 7.0] C:\Programme\Adobe\Acrobat 7.0\Distillr\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Apoint] C:\Programme\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [BoxSyncHelper] C:\Programme\Box Sync\BoxSyncHelper.exe (Box, Inc.)
O4 - HKLM..\Run: [F-Secure Manager] G:\Eigene Programme\F-Secure\Common\FSM32.EXE (F-Secure Corporation)
O4 - HKLM..\Run: [F-Secure TNB] G:\Eigene Programme\F-Secure\FSGUI\TNBUtil.exe (F-Secure Corporation)
O4 - HKLM..\Run: [ISBMgr.exe] C:\Programme\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [Mouse Suite 98 Daemon] C:\WINDOWS\System32\ico.exe (Primax Electronics Ltd.)
O4 - HKLM..\Run: [NBAgent] C:\Programme\Nero\Nero 11\Nero BackItUp\NBAgent.exe (Nero AG)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [PDFPrint] G:\Programme\PDF24\pdf24.exe (Geek Software GmbH)
O4 - HKLM..\Run: [SonyPowerCfg] C:\Programme\Sony\VAIO Power Management\SPMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Switcher.exe] C:\Programme\Sony\Wireless Switch Setting Utility\Switcher.exe (Sony Corporation)
O4 - HKLM..\Run: [Ulead AutoDetector v2] C:\Programme\Gemeinsame Dateien\Ulead Systems\AutoDetector\Monitor.exe (Ulead Systems, Inc.)
O4 - HKLM..\Run: [VAIO Update 5] C:\Programme\Sony\VAIO Update 5\VAIOUpdt.exe (Sony Corporation)
O4 - HKLM..\Run: [VAIOCameraUtility] C:\Programme\Sony\VAIO Camera Utility\VCUServe.exe (Sony Corporation)
O4 - HKU\S-1-5-21-2067509887-573568312-3817669188-1006..\Run: [Software Informer] C:\Programme\Software Informer\softinfo.exe (Informer Technologies, Inc.)
O4 - HKU\S-1-5-21-2067509887-573568312-3817669188-1006..\Run: [Ubuntu One] C:\Programme\ubuntuone\dist\ubuntuone-syncdaemon.exe ()
O4 - HKU\S-1-5-21-2067509887-573568312-3817669188-1006..\Run: [Ubuntu One Icon] C:\Programme\ubuntuone\dist\ubuntuone-control-panel-qt.exe ()
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Bluetooth Manager.lnk = C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe ()
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Box Sync.lnk = C:\Programme\Box Sync\BoxSync.exe (Box, Inc.)
O4 - Startup: C:\Dokumente und Einstellungen\Wolfgang\Startmenü\Programme\Autostart\Hardcopy.LNK = G:\hardcopy\hardcopy.exe (sw4you, Siegfried Weckmann)
O4 - Startup: C:\Dokumente und Einstellungen\Wolfgang\Startmenü\Programme\Autostart\Twonky 7.1.lnk = C:\Programme\Twonky\TwonkyServer\twonkytray.exe (PacketVideo)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2067509887-573568312-3817669188-1006\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2067509887-573568312-3817669188-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-2067509887-573568312-3817669188-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-2067509887-573568312-3817669188-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &Google-Suche - C:\Programme\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: &Ins Deutsche übersetzen - C:\Programme\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Ähnliche Seiten - C:\Programme\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Im Cache gespeicherte Seite - C:\Programme\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Verweisseiten - C:\Programme\Google\GoogleToolbar1.dll (Google Inc.)
O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_05\bin\NPJPI150_05.dll (Sun Microsystems, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - G:\Eigene Programme\F-Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - G:\Eigene Programme\F-Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - G:\Eigene Programme\F-Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - G:\Eigene Programme\F-Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O15 - HKU\.DEFAULT\..Trusted Domains: sony-europe.com ([] in Lokales Intranet)
O15 - HKU\.DEFAULT\..Trusted Domains: sony-europe.com ([]* in Vertrauenswürdige Sites)
O15 - HKU\.DEFAULT\..Trusted Domains: sonystyle-europe.com ([] in Lokales Intranet)
O15 - HKU\.DEFAULT\..Trusted Domains: sonystyle-europe.com ([]* in Vertrauenswürdige Sites)
O15 - HKU\.DEFAULT\..Trusted Domains: vaio-link.com ([] in Lokales Intranet)
O15 - HKU\.DEFAULT\..Trusted Domains: vaio-link.com ([]* in Vertrauenswürdige Sites)
O15 - HKU\S-1-5-18\..Trusted Domains: sony-europe.com ([] in Lokales Intranet)
O15 - HKU\S-1-5-18\..Trusted Domains: sony-europe.com ([]* in Vertrauenswürdige Sites)
O15 - HKU\S-1-5-18\..Trusted Domains: sonystyle-europe.com ([] in Lokales Intranet)
O15 - HKU\S-1-5-18\..Trusted Domains: sonystyle-europe.com ([]* in Vertrauenswürdige Sites)
O15 - HKU\S-1-5-18\..Trusted Domains: vaio-link.com ([] in Lokales Intranet)
O15 - HKU\S-1-5-18\..Trusted Domains: vaio-link.com ([]* in Vertrauenswürdige Sites)
O15 - HKU\S-1-5-21-2067509887-573568312-3817669188-1006\..Trusted Domains: sony-europe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-2067509887-573568312-3817669188-1006\..Trusted Domains: sonystyle-europe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-2067509887-573568312-3817669188-1006\..Trusted Domains: vaio-link.com ([]* in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab (Java Plug-in 1.5.0_05)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D736588D-959B-4DE4-8835-3D3DDD703445}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\VESWinlogon: DllName - (VESWinlogon.dll) - C:\WINDOWS\System32\VESWinlogon.dll (Sony Corporation)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\WINDOWS\VAIO Sea Wallpaper TrueColor 1280x800.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\VAIO Sea Wallpaper TrueColor 1280x800.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005.12.12 17:40:12 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - F:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.01.10 19:53:32 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2013.01.10 01:04:17 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\mbar-1.01.0.1011
[2013.01.09 21:40:45 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Wolfgang\Anwendungsdaten\Opera
[2013.01.09 21:31:25 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Wolfgang\Lokale Einstellungen\Anwendungsdaten\PCHealth
[2013.01.08 22:49:57 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2013.01.08 22:46:23 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2013.01.08 22:46:23 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2013.01.08 22:46:22 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2013.01.08 22:46:22 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2013.01.08 22:45:53 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.01.08 22:45:50 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\Wolfgang\Startmenü\Programme\Verwaltung
[2013.01.08 22:45:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
[2013.01.08 22:41:04 | 005,019,950 | R--- | C] (Swearware) -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\ComboFix.exe
[2013.01.06 17:50:24 | 002,213,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\tdsskiller.exe
[2013.01.06 17:02:38 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\aswMBR.exe
[2013.01.06 00:57:18 | 002,841,344 | ---- | C] (ESET) -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\SysInspector.exe
[2013.01.04 18:58:43 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\OTL.exe
[2013.01.03 21:53:20 | 000,000,000 | ---D | C] -- C:\Programme\ESET
[2013.01.03 00:30:55 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Wolfgang\Anwendungsdaten\Malwarebytes
[2013.01.03 00:30:32 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware
[2013.01.03 00:30:29 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
[2013.01.03 00:30:25 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2013.01.03 00:30:25 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2013.01.02 22:16:19 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Wolfgang\Anwendungsdaten\F-Secure
[2012.12.22 19:33:58 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Wolfgang\Startmenü\Programme\The GodFather
[2012.12.22 01:54:27 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Wolfgang\Pictures - GT-P5100
[2012.12.22 00:34:45 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Wolfgang\Ubuntu One
[2012.12.22 00:34:43 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Wolfgang\Lokale Einstellungen\Anwendungsdaten\ubuntuone
[2012.12.22 00:34:31 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Wolfgang\Lokale Einstellungen\Anwendungsdaten\xdg
[2012.12.22 00:34:31 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ubuntuone-storageprotocol
[2012.12.22 00:34:31 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ubuntuone
[2012.12.22 00:34:22 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Ubuntu One
[2012.12.22 00:34:10 | 000,000,000 | ---D | C] -- C:\Programme\ubuntuone
[2012.12.21 20:51:21 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Box Sync
[2012.12.21 01:26:56 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen\Wolfgang\IECompatCache
[2012.12.20 23:59:17 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Wolfgang\Lokale Einstellungen\Anwendungsdaten\IsolatedStorage
[2012.12.20 23:57:37 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Western Digital
[2012.12.20 23:37:20 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\WD Link
[2012.12.20 21:16:52 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Wolfgang\Anwendungsdaten\TwonkyServer
[2012.12.20 21:15:50 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\twonkyserver
[2012.12.20 21:15:45 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Wolfgang\Startmenü\Programme\Twonky 7.1
[2012.12.20 21:15:32 | 000,000,000 | ---D | C] -- C:\Programme\Twonky
[2012.12.20 20:39:37 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Wolfgang\Anwendungsdaten\MioNetApplet
[2012.12.17 00:56:12 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\VideoLAN
[2012.12.15 22:17:44 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Wolfgang\Anwendungsdaten\Try2
[2012.12.15 22:17:44 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Try2
[2012.12.15 22:15:51 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\rondomedia
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.01.11 00:38:15 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013.01.11 00:17:24 | 000,041,156 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2013.01.11 00:17:07 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013.01.11 00:17:04 | 2145,570,816 | -HS- | M] () -- C:\hiberfil.sys
[2013.01.10 21:33:42 | 000,554,087 | ---- | M] () -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\adwcleaner.exe
[2013.01.10 01:02:20 | 013,485,902 | ---- | M] () -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\mbar-1.01.0.1011.zip
[2013.01.09 22:39:06 | 000,697,864 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2013.01.09 22:39:06 | 000,074,248 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2013.01.09 21:56:43 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2013.01.09 01:20:56 | 000,532,878 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2013.01.09 01:20:56 | 000,506,794 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013.01.09 01:20:56 | 000,108,784 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2013.01.09 01:20:56 | 000,090,702 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013.01.09 01:12:59 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2013.01.08 22:50:01 | 000,000,498 | RHS- | M] () -- C:\boot.ini
[2013.01.08 22:40:54 | 005,019,950 | R--- | M] (Swearware) -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\ComboFix.exe
[2013.01.07 23:24:51 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013.01.06 17:50:28 | 002,213,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\tdsskiller.exe
[2013.01.06 17:32:30 | 000,000,512 | ---- | M] () -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\MBR.dat
[2013.01.06 17:03:30 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\aswMBR.exe
[2013.01.06 00:57:24 | 002,841,344 | ---- | M] (ESET) -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\SysInspector.exe
[2013.01.05 23:17:40 | 000,000,315 | ---- | M] () -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\F-Secure Health Check.url
[2013.01.04 18:49:59 | 000,000,000 | ---- | M] () -- C:\Dokumente und Einstellungen\Wolfgang\defogger_reenable
[2013.01.04 18:41:40 | 000,050,477 | ---- | M] () -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\Defogger.exe
[2013.01.04 18:08:40 | 000,381,632 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013.01.03 16:25:54 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\OTL.exe
[2013.01.03 00:30:32 | 000,000,763 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012.12.23 00:00:41 | 000,003,027 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\dsgsdgdsgdsgw.js
[2012.12.22 23:57:40 | 000,000,000 | ---- | M] () -- C:\1.htm
[2012.12.22 23:39:23 | 000,007,026 | ---- | M] () -- C:\WINDOWS\cdplayer.ini
[2012.12.22 19:40:20 | 000,000,609 | ---- | M] () -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\TheGodFather.lnk
[2012.12.22 00:34:23 | 000,001,743 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Ubuntu One.lnk
[2012.12.21 20:52:03 | 000,001,333 | ---- | M] () -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\My Box Files.lnk
[2012.12.21 20:51:21 | 000,001,616 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Box Sync.lnk
[2012.12.20 23:57:37 | 000,001,807 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\My Net View.lnk
[2012.12.20 23:37:20 | 000,001,001 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\WD Link.lnk
[2012.12.20 21:16:10 | 000,000,804 | ---- | M] () -- C:\Dokumente und Einstellungen\Wolfgang\Startmenü\Programme\Autostart\Twonky 7.1.lnk
[2012.12.20 21:15:52 | 000,000,792 | ---- | M] () -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\Twonky 7.1.lnk
[2012.12.17 00:56:12 | 000,000,603 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\VLC media player.lnk
[2012.12.16 13:23:59 | 000,290,560 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\dllcache\atmfd.dll
[2012.12.16 13:23:59 | 000,290,560 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\atmfd.dll
[2012.12.15 22:15:51 | 000,000,926 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Jewel Empire - Hidden Secrets.lnk
[2012.12.14 16:49:28 | 000,021,104 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.01.10 21:33:45 | 000,554,087 | ---- | C] () -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\adwcleaner.exe
[2013.01.10 01:01:49 | 013,485,902 | ---- | C] () -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\mbar-1.01.0.1011.zip
[2013.01.08 22:49:59 | 000,262,448 | RHS- | C] () -- C:\cmldr
[2013.01.08 22:46:23 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2013.01.08 22:46:23 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2013.01.08 22:46:23 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2013.01.08 22:46:22 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2013.01.08 22:46:22 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2013.01.06 17:32:30 | 000,000,512 | ---- | C] () -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\MBR.dat
[2013.01.05 23:17:40 | 000,000,315 | ---- | C] () -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\F-Secure Health Check.url
[2013.01.04 20:02:56 | 000,357,376 | ---- | C] () -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\wd4c1uoj.exe
[2013.01.04 18:49:59 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\Wolfgang\defogger_reenable
[2013.01.04 18:41:44 | 000,050,477 | ---- | C] () -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\Defogger.exe
[2013.01.03 00:30:32 | 000,000,763 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012.12.23 00:00:41 | 000,003,027 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\dsgsdgdsgdsgw.js
[2012.12.22 23:57:05 | 000,000,000 | ---- | C] () -- C:\1.htm
[2012.12.22 19:40:20 | 000,000,609 | ---- | C] () -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\TheGodFather.lnk
[2012.12.22 00:34:23 | 000,001,743 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Ubuntu One.lnk
[2012.12.21 20:51:21 | 000,001,616 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Box Sync.lnk
[2012.12.20 23:57:37 | 000,001,807 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\My Net View.lnk
[2012.12.20 23:37:20 | 000,001,001 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\WD Link.lnk
[2012.12.20 21:16:10 | 000,000,804 | ---- | C] () -- C:\Dokumente und Einstellungen\Wolfgang\Startmenü\Programme\Autostart\Twonky 7.1.lnk
[2012.12.20 21:15:52 | 000,000,792 | ---- | C] () -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\Twonky 7.1.lnk
[2012.12.17 00:56:12 | 000,000,603 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\VLC media player.lnk
[2012.12.15 22:15:51 | 000,000,926 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Jewel Empire - Hidden Secrets.lnk
[2012.11.07 22:23:10 | 000,003,396 | ---- | C] () -- C:\Dokumente und Einstellungen\Wolfgang\Lokale Einstellungen\Anwendungsdaten\recently-used.xbel
[2012.10.10 21:11:33 | 000,001,158 | ---- | C] () -- C:\Dokumente und Einstellungen\Wolfgang\Anwendungsdaten\ShiftN.ini
[2012.10.01 23:04:30 | 000,345,366 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\WPFFontCache_v0400-S-1-5-21-2067509887-573568312-3817669188-1007-0.dat
[2012.07.23 22:16:08 | 013,476,602 | ---- | C] () -- C:\Dokumente und Einstellungen\Wolfgang\ZDFneo-Der_Adler_-_Codename__Sisyphus-120705_adler_sisyphus_neo.asx.asf
[2012.07.22 20:14:51 | 000,000,030 | ---- | C] () -- C:\WINDOWS\Iedit_.INI
[2012.07.22 19:51:26 | 000,120,200 | ---- | C] () -- C:\WINDOWS\System32\DLLDEV32i.dll
[2012.07.22 19:46:39 | 000,007,119 | ---- | C] () -- C:\WINDOWS\mgxoschk.ini
[2012.06.28 15:06:13 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012.06.28 01:39:10 | 000,891,902 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\WPFFontCache_v0400-S-1-5-21-2067509887-573568312-3817669188-1006-0.dat
[2012.06.28 01:39:08 | 000,345,366 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\WPFFontCache_v0400-System.dat
[2012.06.26 21:04:22 | 000,007,026 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2012.06.26 20:09:31 | 000,044,240 | ---- | C] () -- C:\WINDOWS\System32\drivers\fsbts.sys
[2012.06.10 20:11:28 | 000,000,166 | ---- | C] () -- C:\Dokumente und Einstellungen\Wolfgang\Anwendungsdaten\wklnhst.dat
[2012.06.10 16:58:38 | 000,004,608 | ---- | C] () -- C:\Dokumente und Einstellungen\Wolfgang\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.06.10 16:36:14 | 000,000,272 | ---- | C] () -- C:\Dokumente und Einstellungen\Wolfgang\Anwendungsdaten\.backup.dm
[2012.06.09 21:25:28 | 000,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2012.06.09 21:16:26 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\Cpuinf32.dll
[2012.06.09 21:12:07 | 000,000,059 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2012.06.09 21:05:27 | 000,000,146 | ---- | C] () -- C:\Dokumente und Einstellungen\Wolfgang\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
 
========== ZeroAccess Check ==========
 
[2005.12.12 17:36:51 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2012.04.20 20:29:44 | 001,510,400 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.02.09 11:51:44 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008.04.14 03:22:32 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >
Code:
OTL Extras logfile created on: 11.01.2013 00:41:23 - Run 4
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Dokumente und Einstellungen\Wolfgang\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,14 Gb Available Physical Memory | 56,91% Memory free
3,85 Gb Paging File | 2,99 Gb Available in Paging File | 77,63% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 48,83 Gb Total Space | 25,70 Gb Free Space | 52,63% Space Free | Partition Type: NTFS
Drive D: | 140,58 Gb Total Space | 125,16 Gb Free Space | 89,03% Space Free | Partition Type: FAT32
Drive F: | 48,83 Gb Total Space | 35,30 Gb Free Space | 72,30% Space Free | Partition Type: NTFS
Drive G: | 75,89 Gb Total Space | 68,84 Gb Free Space | 90,71% Space Free | Partition Type: NTFS
Drive J: | 50,27 Gb Total Space | 50,27 Gb Free Space | 100,00% Space Free | Partition Type: FAT32
Drive N: | 465,73 Gb Total Space | 115,08 Gb Free Space | 24,71% Space Free | Partition Type: NTFS
 
Computer Name: LAPTOP-PC | User Name: Wolfgang | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
 
[HKEY_USERS\S-1-5-21-2067509887-573568312-3817669188-1006\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- g:\programme\mozilla firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "G:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [CEWE FOTOSCHAU] -- "G:\Programme\CEWE COLOR\Mein CEWE FOTOBUCH\CEWE FOTOSCHAU.exe" -d "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Mein CEWE FOTOBUCH] -- "G:\Programme\CEWE COLOR\Mein CEWE FOTOBUCH\Mein CEWE FOTOBUCH.exe" "%1" ()
Directory [PlayWithVLC] -- "G:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Programme\Adobe\Photoshop Elements 4.0\AdobePhotoshopElementsMediaServer.exe" = C:\Programme\Adobe\Photoshop Elements 4.0\AdobePhotoshopElementsMediaServer.exe:*:Disabled:Adobe Photoshop Elements Media Server -- ()
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Programme\Twonky\TwonkyServer\twonkystarter.exe" = C:\Programme\Twonky\TwonkyServer\twonkystarter.exe:*:Enabled:TwonkyServer -- (PacketVideo)
"C:\Programme\Twonky\TwonkyServer\twonkyserver.exe" = C:\Programme\Twonky\TwonkyServer\twonkyserver.exe:*:Enabled:TwonkyServer -- ()
"C:\Programme\ubuntuone\dist\ubuntuone-syncdaemon.exe" = C:\Programme\ubuntuone\dist\ubuntuone-syncdaemon.exe:*:Enabled:Ubuntu One -- ()
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00F8608F-BA6A-4B32-843A-1A568ACD1198}" = VAIO Sea Wallpaper
"{013E1BA8-C815-4E27-BCB9-D6B1B2E24094}" = SonicStage Mastering Studio Audio Filter Custom Preset
"{01E9B2FF-DAF4-4529-9CC9-2101625517C7}" = nero.prerequisites.msi
"{01FDC9FC-4D4F-4DB0-ACD1-D3E8E1D52902}" = Sony MP4 Shared Library
"{034DCAF9-96E7-4936-9A07-712F80B5181E}" = Nero RescueAgent 11
"{0673654C-5296-453B-9798-B61CD7E03FEB}" = SES Driver
"{0713D1F9-DD77-42C1-8C7D-54D479E2E743}" = Nero SoundTrax 11
"{075473F5-846A-448B-BCB3-104AA1760205}" = Roxio DigitalMedia Data
"{0D7A4289-99CF-4B8D-B812-86BE50A54552}" = Nero Video 11
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{11C98E1A-EC91-4B38-B44C-C562292D8453}" = Adobe Premiere Elements 2.0
"{11D3EF85-63E1-4AE4-A7C1-9241BDB16B51}" = Nero ControlCenter 11
"{1417F599-1DBD-4499-9375-B2813E9F890C}" = VAIO Camera Utility
"{14DC0059-00F1-4F62-BD1A-AB23CD51A95E}" = Adobe AIR
"{15803703-25FA-4C01-A062-3F4A59937E87}" = Ulead PhotoImpact X3
"{1BEF9285-5530-426B-A5F1-5836B95C7EB1}" = VAIO Original Screen Saver
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2063C2E8-3812-4BBD-9998-6610F80C1DD4}" = VAIO Media AC3 Decoder 1.0
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 9
"{27337663-2619-11D4-99DC-0000F49094C7}" = Memory Stick Formatter
"{28C70D19-6DE9-43EF-BFA3-342F4A11B727}" = LibreOffice 3.5
"{2A0F3EF9-68EE-49E9-A05B-ED5B82DF63E5}" = Wireless Switch Setting Utility
"{2AEDC172-479F-47AE-8A48-A0524D4AED5B}_is1" = Inpaint 4.7
"{2CA7225D-CB12-462A-9DD1-50319E158BA5}" = Nero 11 PiP Effects Basic
"{3248F0A8-6813-11D6-A77B-00B0D0150050}" = J2SE Runtime Environment 5.0 Update 5
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{390757AA-8830-43DC-AEE0-4E5B6F8439EB}" = Nero SoundTrax 11 Help (CHM)
"{3966711E-1F98-4C9F-AE0B-6AD28137FE64}" = Multiple Image Resizer .NET 4
"{3B418709-D688-4E3A-BE0E-7D71FA84C948}" = Nero 11 PiP Effects 1
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4382FC76-8100-4951-8658-31834E625E88}" = Nero 11 Video Transitions 1
"{498A4E3D-562E-4129-8722-6DCAB12384AE}" = Windows Communication Foundation Language Pack - DEU
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{529125EF-E3AC-4B74-97E6-F688A7C0F1BF}" = Paint.NET v3.5.10
"{53F7746A-96AA-49A5-86B8-59989680DAC5}" = Nero Burning ROM 11 Help (CHM)
"{55C2143E-FBA5-442F-9AFA-726FF068F39D}" = Nero CoverDesigner 11 Help (CHM)
"{560F6B2E-F0DF-44E5-8190-A4A161F0E205}" = VAIO Media 5.0
"{57F80ECF-E27C-4EEE-AB58-E971BACE2639}" = Nero Recode 11 Help (CHM)
"{5855C127-1F20-404D-B7FB-1FD84D7EAB5E}" = VAIO Media Redistribution 5.0
"{59452470-A902-477F-9338-9B88101681BD}" = Setting Utility Series
"{5958CAC6-373E-402F-84FE-0A699AA920B9}" = LAN Setting Utility
"{5A212B2D-140D-46F4-B625-2D1CA5A00594}" = Nero 11 Kwik Themes Basic
"{5BEE8F1F-BD32-4553-8107-500439E43BD7}" = VAIO Update
"{5E940FC7-90C4-8583-3DCB-A2C86224B726}" = Shrink O’Matic
"{5E98FDD6-3672-4DBE-AB8B-2C9A0BED1382}" = Nero 11 Disc Menus 3
"{60356853-8141-8377-6786-288431479053}" = Jewel Empire-Hidden Secrets
"{61D6E4FB-1A62-4EB1-BE56-929B00C155CF}" = Wireless LAN Starter
"{63B8FB69-A1B6-425D-B67D-5257B7A1F663}" = Image Converter 2 Plus
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{668B1BD6-4593-4959-970E-249AFFE6F35C}" = VOR
"{685BCC47-B8EC-45EC-BBCE-77DF2451502C}" = DVgate Plus
"{6AB2427E-A18F-4809-9A12-29F5EBABBB3A}" = Nero BackItUp 11 Help (CHM)
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6B1F20F2-6321-4669-A58C-33DF8E7517FF}" = VAIO Entertainment Platform
"{7228FD8C-3B9E-4204-AE36-8A466107685B}" = Windows Workflow Foundation DE Language Pack
"{785EB1D4-ECEC-4195-99B4-73C47E187721}" = VAIO Media Integrated Server 5.0
"{7DF2B5EE-2C16-4E86-9C71-8678068AD805}" = Nero 11 Disc Menus 2
"{7F9C9908-69E3-4474-A081-256F27995A18}" = My Net View
"{8014FACB-1D1D-48C2-94AA-E29EE2E6B9CE}" = Nero WaveEditor 11
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 4.9.0
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8937FCB2-2FC6-4FC3-9FB5-DE2C92DB9C38}" = Microsoft .NET Framework 2.0 Language Pack - DEU
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8EDBA74D-0686-4C99-BFDD-F894678E5102}" = Adobe Common File Installer
"{8FFC924C-ED06-44CB-8867-3CA778ECE903}" = Adobe Help Center 2.0
"{9080C5D2-82FA-452A-87FA-CBB4B05D67A5}" = VPS
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD for VAIO
"{9193490D-5229-4FC4-9BB9-A6D63C09574A}" = High-Definition Video Playback
"{92DF2F1B-F63C-4D9A-B3E1-B2D11AE29790}" = Windows Presentation Foundation Language Pack (DEU)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9CC89556-3578-48DD-8408-04E66EBEF401}" = mXML
"{9E319E96-ED8E-4B01-9775-C521A1869A25}" = VAIO Power Management
"{9E407618-D9CD-4F39-9490-9ED45294073D}" = Click to DVD 2.0.03 Menu Data
"{9FC86590-AC98-4845-80D4-3EB37B51947B}" = Nero 11
"{A0EB195B-5876-48E6-879D-33D4B2102610}" = SonicStage 3.3
"{A0F34849-D9AB-46DD-B1BE-BB0DB60B1FE8}" = Nero 11 Disc Menus 1
"{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}" = mDriver
"{A2CDC001-F8B3-4C64-9E74-2E3FA0FAC9D9}" = Nero 11 Video Samples
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A3810BEE-967B-41DC-9662-F941A3F7D689}" = calibre
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A4F6BE36-4826-45BA-A396-04F265A3B61D}" = Nero 11 Kwik Themes 2
"{A7A0BF2E-31CC-49E3-9913-52C503EB969D}" = Nero Audio Pack 1
"{AB2BBC64-8AC8-4E66-BBF3-E22D5EACEECA}" = Nero BackItUp 11
"{AB467B85-4F52-48C2-AEED-0673D00417B0}" = SonicStage Mastering Studio Audio Filter
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Roxio DigitalMedia Audio
"{ABBD2A2E-2424-4078-966F-F319A88D5F21}" = VAIO Starfish Wallpaper
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.5) - Deutsch
"{ACD6B383-EC5B-4000-A455-CCB308B447FE}" = Nero 11 Kwik Themes 4
"{AF9A04EB-7D8E-41DE-9EDE-4AB9BB2B71B6}" = VAIO Media Registration Tool 5.0
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Roxio DigitalMedia Copy
"{B160A672-F326-4414-9BB0-A056C61B357C}" = Nero 11 Cliparts
"{B1846721-A8E6-46C7-83B6-0DCF7ADB4267}" = Nero Burning ROM 11
"{B1F69AF3-B5B5-4CA5-ADC5-8A738EB6E574}" = Nero 11 Kwik Themes 1
"{B26E3B0D-C2FA-4370-B068-7C476766F029}" = Microsoft Works
"{B3F1E526-180B-4480-9FEC-3E2DCB8EA9CE}" = F-Secure PSC Prerequisites
"{B7C03E84-AF46-42F4-809D-D4127D9086D0}" = VAIO Edit Components 6.0
"{B9B1BA7F-7E07-49DD-A713-5B397A5BB66B}" = Nero Kwik Media Help (CHM)
"{BA499CC0-12C0-4BA5-9007-76844B721158}" = Nero 11 Kwik Themes 3
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BE56FEF0-1A0F-4719-B3AD-34B5087AFA6D}" = Sony Video Shared Library
"{BE814218-3919-4EA3-868A-2F60BC135CB4}" = Nero Kwik Media
"{BEBEE34D-84A2-4EDD-8BEA-96CC54371263}" = Nero Core Components 11
"{BF3B304B-8A18-452D-A19F-6012CA8418D7}" = SonicStage Mastering Studio 2.1
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C27BF761-C499-488D-A964-A3718BC6EC3E}" = DSD Direct
"{C89EB8CD-675F-44F4-9729-4C9A8FAC2D4F}" = DSD Playback Plug-In 1.0
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCE210DF-7EEF-4A76-A63C-3EB091FDB992}" = welcome
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE518445-0054-44F8-8315-2AD45BF3701E}" = Raw Therapee V4.0.9.50 x86
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{D010EBB6-6CDB-4360-90ED-743156F3E11F}" = LibreOffice 3.5 Help Pack (German)
"{D01CE99A-8802-483C-A79F-298B691EB432}" = Nero RescueAgent 11 Help (CHM)
"{D2CBEFA4-F2D3-4E97-A171-8BFD6A31A5EC}" = Nero Express 11 Help (CHM)
"{D2D23D08-D10E-43D6-883C-78E0B2AC9CC6}" = VU5x86
"{D4D66270-9147-4BDF-9946-FCA2B303AA8F}" = Nero ControlCenter 11 Help (CHM)
"{E09B48B5-E141-427A-AB0C-D3605127224A}" = Microsoft SQL Server Desktop Engine (VAIO_VEDB)
"{E10AAE4A-98B8-420A-BD93-E0520C23D624}" = Nero Express 11
"{E4715C25-7114-4F40-A915-C1951D4D7520}" = VAIO Update Merge Module x86
"{E51BC4B0-EA5E-49CC-AF3B-93B5C627EC22}" = Nero 11 Effects Basic
"{E5E6E687-1031-0000-0000-000000000002}" = Adobe Acrobat  7.0 Elements - Deutsch
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{E809063C-51A3-4269-8984-D1EB742F2151}" = Click to DVD 2.5.00
"{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore
"{EB8DED20-A887-4A9C-BB5A-F3E7523DFB44}" = Nero WaveEditor 11 Help (CHM)
"{EBB7C1C1-D439-4D9B-9FDC-954C10F266B0}" = Adobe Photoshop Elements 4.0
"{EE7EB179-5AA2-4B28-AC92-5CBAAF82BA7F}" = SonicStage Mastering Studio Plugins
"{EF3D45BB-2260-4008-88EA-492E7744A9DF}" = Sony Utilities DLL
"{F0AC2E59-2AD8-4D4C-8677-4EFE8F8AFC37}" = Box Sync
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0D85ADD-DD61-4B43-87A0-6DA52A211A8B}" = VAIO Event Service
"{F2A7F421-1679-48D5-B918-96999014ED53}" = Microsoft .NET Framework 3.0 German Language Pack
"{F3743A2C-5D5F-4456-8F98-5DF36A954C50}" = Nero 11 Image Samples
"{F49EF443-B2BD-4F10-8A46-87AFCDB90EDD}" = Nero 11 Disc Menus Basic
"{F5E4C38C-73BC-4D44-8BFC-969C2B4DABCA}" = OpenMG Secure Module 4.3.00
"{F69FB940-5031-4FE8-AFAD-085802D0BF63}" = Nero Recode 11
"{F8EF9B71-53E7-41F5-8E54-47B4C979CB38}" = Nero Backup Drivers
"{FAC3C37E-EDAB-4F3A-A173-A7C70CC88F09}" = Nero Video 11 Help (CHM)
"{FB714F13-10C9-48DB-91C9-DDBCCCBF9370}" = VAIO Original Screen Saver VAIO Cozy Screen SD Wide Contents
"{FC37C108-821D-4EDE-8F40-D5B497586805}" = VAIO Control Center
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"{FF44BCE5-5A18-4051-85F0-BC172D7B4695}" = Nero CoverDesigner 11
"7-Zip" = 7-Zip 9.20
"Adobe Acrobat  7.0 Elements - Deutsch" = Adobe Acrobat  7.0 Elements - Deutsch
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop Elements 4" = Adobe Photoshop Elements 4.0
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.17
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_20030003" = HDAUDIO SoftV92 Data Fax Modem with SmartCP
"Digital Editions" = Adobe Digital Editions
"ESET Online Scanner" = ESET Online Scanner v3
"Exact Audio Copy" = Exact Audio Copy 1.0beta3
"Exif-Viewer" = Exif-Viewer 2.51
"FastStone Photo Resizer" = FastStone Photo Resizer 3.1
"F-Secure Product 444" = F-Secure Internet Security 2009
"GIMP-2_is1" = GIMP 2.8.0
"Hardcopy(G__hardcopy)" = Hardcopy (G:\hardcopy)
"HxD Hex Editor_is1" = HxD Hex Editor Version 1.7.7.0
"ie8" = Windows Internet Explorer 8
"Inkscape" = Inkscape 0.48.2
"InstallShield_{15803703-25FA-4C01-A062-3F4A59937E87}" = Ulead PhotoImpact X3
"InstallShield_{668B1BD6-4593-4959-970E-249AFFE6F35C}" = VAIO-Online-Registrierung (Deutsch)
"InstallShield_{9080C5D2-82FA-452A-87FA-CBB4B05D67A5}" = VAIO Product Survey
"InstallShield_{F5E4C38C-73BC-4D44-8BFC-969C2B4DABCA}" = OpenMG Secure Module 4.3.00
"MAGIX Xtreme Druck Center D" = MAGIX Xtreme Druck Center 5.0.0.7399 (D)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"Mein CEWE FOTOBUCH" = Mein CEWE FOTOBUCH
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 2.0 Language Pack - DEU" = Microsoft .NET Framework 2.0 Language Pack - DEU
"Microsoft .NET Framework 3.0 German Language Pack" = Microsoft .NET Framework 3.0 German Language Pack
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"MouseSuite98" = Sony USB Mouse
"Mozilla Firefox 18.0 (x86 de)" = Mozilla Firefox 18.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MP4 To MP3 Converter_is1" = MP4 To MP3 Converter V3.0.4
"Multiple Image Resizer .NET 4" = Multiple Image Resizer .NET 4
"My Club VAIO Media Center Edition_is1" = My Club VAIO MCE (German) 1.0.1
"net.tw.air.ShrinkOMatic.7C34F9BA9FAD6689FAABBE85F1F5B46BA5A32DE5.1" = Shrink O’Matic
"Notepad++" = Notepad++
"NVIDIA Drivers" = NVIDIA Drivers
"OpenMG HotFix4.3-05-09-14-01" = OpenMG Limited Patch 4.3-05-10-05-01
"PremElem20" = Adobe Premiere Elements 2.0
"ProInst" = Intel(R) PROSet/Wireless Software
"PROSet" = Intel(R) PRO Network Connections Drivers
"ShiftN_is1" = ShiftN 3.6.1
"Software Informer_is1" = Software Informer 1.1
"STRATO HiDrive" = STRATO HiDrive (remove only)
"The GodFather" = The GodFather
"Ubuntu One 4.0.0" = Ubuntu One
"UnderCoverXP_is1" = UnderCoverXP 1.23
"VLC media player" = VLC media player 2.0.4
"WD Link" = WD Link
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows XP Service Pack" = Windows XP Service Pack 3
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-2067509887-573568312-3817669188-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"TwonkyServer" = Twonky 7
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 10.01.2013 14:35:55 | Computer Name = LAPTOP-PC | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung fsm32.exe, Version 8.10.30091.0, fehlgeschlagenes
 Modul gdiplus.dll, Version 5.2.6002.22791, Fehleradresse 0x000445f4.
 
Error - 10.01.2013 14:35:58 | Computer Name = LAPTOP-PC | Source = F-Secure Anti-Virus | ID = 103
Description = 1  2013-01-10  19:35:36+02:00  LAPTOP-PC  LAPTOP-PC\Wolfgang  F-Secure
 Anti-Virus  An error occurred while scanning \DEVICE\HARDDISKVOLUME13\DOKUMENTE
UND EINSTELLUNGEN\WOLFGANG\ANWENDUNGSDATEN\SOFTWARE INFORMER\CACHE\ICONS\SIC4.TMP.
   
 
Error - 10.01.2013 14:37:55 | Computer Name = LAPTOP-PC | Source = F-Secure Anti-Virus | ID = 103
Description = 2  2013-01-10  19:37:55+02:00  LAPTOP-PC  LAPTOP-PC\Wolfgang  F-Secure
 Anti-Virus  An error occurred while scanning \DEVICE\HARDDISKVOLUME13\PROGRAMME\SONY\WLANSET\WLANSET.EXE.
   
 
Error - 10.01.2013 14:38:54 | Computer Name = LAPTOP-PC | Source = MsiInstaller | ID = 11706
Description = Produkt: Microsoft .NET Framework 1.1 -- Fehler 1706.Für das Produkt
 "Microsoft .NET Framework 1.1" wurde kein gültiger Quellcode gefunden.  Windows
 Installer kann nicht fortfahren.
 
Error - 10.01.2013 14:38:56 | Computer Name = LAPTOP-PC | Source = MsiInstaller | ID = 1023
Description = Produkt: Microsoft .NET Framework 1.1 - Update "{6C298884-91FD-408C-9D90-5A59D2C29FD1}"
 konnte nicht installiert werden. Fehlercode 1603. Weitere Informationen sind in
 der Protokolldatei C:\WINDOWS\TEMP\NDP1.1sp1-KB2742597-X86\NDP1.1sp1-KB2742597-X86-msi.0.log
 enthalten.
 
Error - 10.01.2013 14:38:57 | Computer Name = LAPTOP-PC | Source = NativeWrapper | ID = 5000
Description =
 
Error - 10.01.2013 14:52:55 | Computer Name = LAPTOP-PC | Source = MsiInstaller | ID = 11706
Description = Produkt: Microsoft .NET Framework 1.1 -- Fehler 1706.Für das Produkt
 "Microsoft .NET Framework 1.1" wurde kein gültiger Quellcode gefunden.  Windows
 Installer kann nicht fortfahren.
 
Error - 10.01.2013 14:52:58 | Computer Name = LAPTOP-PC | Source = MsiInstaller | ID = 1023
Description = Produkt: Microsoft .NET Framework 1.1 - Update "{6C298884-91FD-408C-9D90-5A59D2C29FD1}"
 konnte nicht installiert werden. Fehlercode 1603. Weitere Informationen sind in
 der Protokolldatei C:\DOKUME~1\Wolfgang\LOKALE~1\Temp\NDP1.1sp1-KB2742597-X86\NDP1.1sp1-KB2742597-X86-msi.0.log
 enthalten.
 
Error - 10.01.2013 14:52:58 | Computer Name = LAPTOP-PC | Source = NativeWrapper | ID = 5000
Description =
 
Error - 10.01.2013 19:50:27 | Computer Name = LAPTOP-PC | Source = F-Secure Anti-Virus | ID = 103
Description = 1  2013-01-11  00:50:26+02:00  LAPTOP-PC  LAPTOP-PC\Wolfgang  F-Secure
 Anti-Virus  Malicious code found in file C:\Dokumente und Einstellungen\Wolfgang\Desktop\wd4c1uoj.exe.
    Infection: Trojan.Generic.8544936    Action: The file was quarantined.   
 
[ System Events ]
Error - 10.01.2013 16:54:36 | Computer Name = LAPTOP-PC | Source = DCOM | ID = 10010
Description = Der Server "{4B635ECB-0887-4015-8CA6-D621362F98D1}" konnte innerhalb
 des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
 
Error - 10.01.2013 17:25:06 | Computer Name = LAPTOP-PC | Source = DCOM | ID = 10010
Description = Der Server "{4B635ECB-0887-4015-8CA6-D621362F98D1}" konnte innerhalb
 des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
 
Error - 10.01.2013 17:55:36 | Computer Name = LAPTOP-PC | Source = DCOM | ID = 10010
Description = Der Server "{4B635ECB-0887-4015-8CA6-D621362F98D1}" konnte innerhalb
 des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
 
Error - 10.01.2013 18:26:06 | Computer Name = LAPTOP-PC | Source = DCOM | ID = 10010
Description = Der Server "{4B635ECB-0887-4015-8CA6-D621362F98D1}" konnte innerhalb
 des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
 
Error - 10.01.2013 18:56:36 | Computer Name = LAPTOP-PC | Source = DCOM | ID = 10010
Description = Der Server "{4B635ECB-0887-4015-8CA6-D621362F98D1}" konnte innerhalb
 des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
 
Error - 10.01.2013 19:18:41 | Computer Name = LAPTOP-PC | Source = DCOM | ID = 10010
Description = Der Server "{4B635ECB-0887-4015-8CA6-D621362F98D1}" konnte innerhalb
 des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
 
Error - 10.01.2013 19:20:12 | Computer Name = LAPTOP-PC | Source = DCOM | ID = 10010
Description = Der Server "{4B635ECB-0887-4015-8CA6-D621362F98D1}" konnte innerhalb
 des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
 
Error - 10.01.2013 19:21:42 | Computer Name = LAPTOP-PC | Source = DCOM | ID = 10010
Description = Der Server "{4B635ECB-0887-4015-8CA6-D621362F98D1}" konnte innerhalb
 des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
 
Error - 10.01.2013 19:23:12 | Computer Name = LAPTOP-PC | Source = DCOM | ID = 10010
Description = Der Server "{4B635ECB-0887-4015-8CA6-D621362F98D1}" konnte innerhalb
 des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
 
Error - 10.01.2013 19:24:42 | Computer Name = LAPTOP-PC | Source = DCOM | ID = 10010
Description = Der Server "{4B635ECB-0887-4015-8CA6-D621362F98D1}" konnte innerhalb
 des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
 
 
< End of report >

wolfk 11.01.2013 01:08
Hallo Cosinus,

zunächst habe ich

-alle offenen Programme und Browser geschlossen um dann
-die adwcleaner.exe mit einem Doppelklick zu starten.
-Anschließend habe ich den "Löschen"-Knopf betätigt und
die folgenden Fragen mit "OK" beantwortet.
-Der Rechner wurde neu gestartet und es öffnete sich
eine Textdatei, deren Inhalt ich nun poste (anbei).

Danach die Kontrolle mit OTL

-Doppelklick auf die OTL.exe und mittig den Haken bei
scanne alle Benutzer setzen.
-Minimalen Output und Use SafeList wählen.
-Auf Run Scan links oben klicken.
-Wenn der Scan beendet ist, sind die beiden Logfiles,
die erstellt wurden in CODE-Tags in den Thread zu posten.
(Anbei)

Unter Heute 00.50 meldet mein Antivirenprogramm
"Trojan.Generic.8544936" entfernt.

Vielen Dank für Hilfen, Hinweise und Vorgehensweisen.

wolfk

Code:
# AdwCleaner v2.105 - Datei am 11/01/2013 um 00:14:37 erstellt
# Aktualisiert am 08/01/2013 von Xplode
# Betriebssystem : Microsoft Windows XP Service Pack 3 (32 bits)
# Benutzer : Wolfgang - LAPTOP-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Dokumente und Einstellungen\Wolfgang\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gelöscht : C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job
Ordner Gelöscht : C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\boost_interprocess
Ordner Gelöscht : C:\Programme\Ask.com
Ordner Gelöscht : C:\WINDOWS\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\APN
Schlüssel Gelöscht : HKCU\Software\Ask.com
Schlüssel Gelöscht : HKCU\Software\AskToolbar
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Schlüssel Gelöscht : HKLM\Software\APN
Schlüssel Gelöscht : HKLM\Software\AskToolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Schlüssel Gelöscht : HKLM\Software\Description
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0CFE535C35F99574E8340BFA75BF92C2
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\120DFADEB50841F408F04D2A278F9509
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\261F213D1F55267499B1F87D0CC3BCF7
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{00000000-6E41-4FD3-8538-502F5495E5FC}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater]

***** [Internet Browser] *****

-\\ Internet Explorer v8.0.6001.18702

Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://de.ask.com/?l=dis&o=100000013&gct=hp --> hxxp://www.google.com

*************************

AdwCleaner[R1].txt - [6833 octets] - [04/01/2013 17:52:17]
AdwCleaner[R2].txt - [6172 octets] - [10/01/2013 21:49:37]
AdwCleaner[S2].txt - [6141 octets] - [11/01/2013 00:14:37]

########## EOF - C:\AdwCleaner[S2].txt - [6201 octets] ##########
Code:
OTL logfile created on: 11.01.2013 00:41:23 - Run 4
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Dokumente und Einstellungen\Wolfgang\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,14 Gb Available Physical Memory | 56,91% Memory free
3,85 Gb Paging File | 2,99 Gb Available in Paging File | 77,63% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 48,83 Gb Total Space | 25,70 Gb Free Space | 52,63% Space Free | Partition Type: NTFS
Drive D: | 140,58 Gb Total Space | 125,16 Gb Free Space | 89,03% Space Free | Partition Type: FAT32
Drive F: | 48,83 Gb Total Space | 35,30 Gb Free Space | 72,30% Space Free | Partition Type: NTFS
Drive G: | 75,89 Gb Total Space | 68,84 Gb Free Space | 90,71% Space Free | Partition Type: NTFS
Drive J: | 50,27 Gb Total Space | 50,27 Gb Free Space | 100,00% Space Free | Partition Type: FAT32
Drive N: | 465,73 Gb Total Space | 115,08 Gb Free Space | 24,71% Space Free | Partition Type: NTFS
 
Computer Name: LAPTOP-PC | User Name: Wolfgang | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - G:\Programme\mozilla firefox\firefox.exe (Mozilla Corporation)
PRC - G:\Eigene Programme\F-Secure\Anti-Virus\fsav32.exe (F-Secure Corporation)
PRC - G:\Eigene Programme\F-Secure\Anti-Virus\fssm32.exe (F-Secure Corporation)
PRC - G:\Eigene Programme\F-Secure\Anti-Virus\fsgk32.exe (F-Secure Corporation)
PRC - C:\Dokumente und Einstellungen\Wolfgang\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Box Sync\BoxSyncHelper.exe (Box, Inc.)
PRC - C:\Programme\Box Sync\BoxSync.exe (Box, Inc.)
PRC - C:\Programme\ubuntuone\dist\ubuntu-sso-login.exe ()
PRC - C:\Programme\ubuntuone\dist\ubuntuone-syncdaemon.exe ()
PRC - C:\Programme\ubuntuone\dist\ubuntuone-proxy-tunnel.exe ()
PRC - C:\Programme\ubuntuone\dist\ubuntuone-control-panel-qt.exe ()
PRC - C:\Programme\Twonky\TwonkyServer\twonkyproxy.exe ()
PRC - C:\Programme\Twonky\TwonkyServer\twonkywebdav.exe ()
PRC - C:\Programme\Twonky\TwonkyServer\twonkytray.exe (PacketVideo)
PRC - C:\Programme\Java\jre7\bin\jqs.exe (Oracle Corporation)
PRC - G:\Programme\PDF24\pdf24.exe (Geek Software GmbH)
PRC - G:\Programme\Notepad++\notepad++.exe (Don HO don.h@free.fr)
PRC - C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
PRC - G:\Eigene Programme\F-Secure\ORSP Client\fsorsp.exe (F-Secure Corporation)
PRC - G:\hardcopy\hardcopy.exe (sw4you, Siegfried Weckmann)
PRC - C:\Programme\Sony\VAIO Update 5\VAIOUpdt.exe (Sony Corporation)
PRC - C:\Programme\Sony\VAIO Update Common\VUAgent.exe (Sony Corporation)
PRC - G:\Programme\STRATO AG\STRATO HiDrive\STRATO HiDrive Service.exe (STRATO)
PRC - C:\Programme\Software Informer\softinfo.exe (Informer Technologies, Inc.)
PRC - C:\Programme\Nero\Update\NASvc.exe (Nero AG)
PRC - G:\Eigene Programme\F-Secure\Common\FSM32.EXE (F-Secure Corporation)
PRC - G:\Eigene Programme\F-Secure\Common\FSMA32.EXE (F-Secure Corporation)
PRC - G:\Eigene Programme\F-Secure\Common\FSHDLL32.EXE (F-Secure Corporation)
PRC - G:\Eigene Programme\F-Secure\FWES\program\fsdfwd.exe (F-Secure Corporation)
PRC - G:\Eigene Programme\F-Secure\Anti-Virus\fsgk32st.exe (F-Secure Corporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Gemeinsame Dateien\Ulead Systems\AutoDetector\Monitor.exe (Ulead Systems, Inc.)
PRC - C:\Programme\Sony\VAIO Camera Utility\VCUServe.exe (Sony Corporation)
PRC - C:\Programme\Sony\VAIO Power Management\SPMgr.exe (Sony Corporation)
PRC - C:\Programme\Sony\Wireless Switch Setting Utility\Switcher.exe (Sony Corporation)
PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.)
PRC - C:\Programme\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe ()
PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe (TOSHIBA CORPORATION.)
PRC - C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe (Sony Corporation)
PRC - C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe (Sony Corporation)
PRC - C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe (Sony Corporation)
PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe (TOSHIBA CORPORATION.)
PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe (TOSHIBA CORPORATION.)
PRC - C:\Programme\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation)
PRC - C:\Programme\Adobe\Acrobat 7.0\Distillr\acrotray.exe (Adobe Systems Inc.)
PRC - C:\Programme\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
PRC - C:\Programme\Apoint\ApntEx.exe (Alps Electric Co., Ltd.)
PRC - C:\Programme\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
PRC - C:\WINDOWS\system32\ico.exe (Primax Electronics Ltd.)
 
 
========== Modules (No Company Name) ==========
 
MOD - G:\Programme\mozilla firefox\mozjs.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\BoxSyncHelper\69a33ca4d86dd204a06bebc087d60b26\BoxSyncHelper.ni.exe ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Newtonsoft.Json.Net#\ad7f1ab6eb4d4760d6a44da93a726174\Newtonsoft.Json.Net20.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Python.Runtime\e504461905e60c71e7b15698bca2b340\Python.Runtime.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Management\1a6f9e23985e3159e6dd9827fd81c2fd\System.Management.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\ZetaLongPaths\79a6c14accd5a637a81f08525630c90e\ZetaLongPaths.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\BoxUtils\8fcb0e3bc42873044d8bb5ba01a4fd68\BoxUtils.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\BoxSync\a3b01b2b9821350be75712b900bf5589\BoxSync.ni.exe ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\5f287bf8e66e3b9bfc5562ad7e3c7857\System.Configuration.Install.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\d8e6b9c70a9456677c5d746fa603013f\System.Web.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\d7a2248a76f0e94d56c92c5bf96f5175\System.Runtime.Remoting.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Transactions\ad737988d5bde126a3b7770eacc51e5b\System.Transactions.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data\8462c03b4f10c4624feb95790d6d1e30\System.Data.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Accessibility\cbee94ec6a0fe649e3b4643cea6e1259\Accessibility.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\4c91371e83d124ecb39664613e7e0417\System.Windows.Forms.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\7782f356a838c403b4a8e9c80df5a577\System.Drawing.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Security\203f25ba39b45027d2d0c8f849a471db\System.Security.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\d8f621506aee1c8eb8fdb948d4640dca\System.Data.SqlXml.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\fe025743210c22bea2f009e1612c38bf\System.Xml.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\96b7a0136e9e72e8f4eb0230c20766d2\System.Configuration.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\aeac298c43c77d8860db8e7634d9f2eb\System.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\eab2340ead8e1a84bdf1a87868659979\mscorlib.ni.dll ()
MOD - C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll ()
MOD - C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll ()
MOD - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.DEU ()
MOD - C:\Programme\ubuntuone\dist\ubuntu-sso-login.exe ()
MOD - C:\Programme\ubuntuone\dist\ubuntuone-syncdaemon.exe ()
MOD - C:\Programme\ubuntuone\dist\ubuntuone-proxy-tunnel.exe ()
MOD - C:\Programme\ubuntuone\dist\ubuntuone-control-panel-qt.exe ()
MOD - C:\Programme\Twonky\TwonkyServer\twonkyproxy.exe ()
MOD - C:\Programme\Twonky\TwonkyServer\twonkywebdav.exe ()
MOD - C:\Programme\ubuntuone\dist\zope.interface._zope_interface_coptimizations.pyd ()
MOD - C:\Programme\ubuntuone\dist\OpenSSL.crypto.pyd ()
MOD - C:\Programme\ubuntuone\dist\OpenSSL.SSL.pyd ()
MOD - C:\Programme\ubuntuone\dist\OpenSSL.rand.pyd ()
MOD - C:\Programme\ubuntuone\dist\Crypto.Cipher.AES.pyd ()
MOD - C:\Programme\ubuntuone\dist\twisted.python._initgroups.pyd ()
MOD - C:\Programme\Box Sync\_ssl.pyd ()
MOD - C:\Programme\Box Sync\unicodedata.pyd ()
MOD - C:\Programme\Box Sync\sqlite3.dll ()
MOD - C:\Programme\Box Sync\_hashlib.pyd ()
MOD - C:\Programme\Box Sync\pyexpat.pyd ()
MOD - C:\Programme\Box Sync\win32file.pyd ()
MOD - C:\Programme\Box Sync\pywintypes27.dll ()
MOD - C:\Programme\Box Sync\win32security.pyd ()
MOD - C:\Programme\Box Sync\win32api.pyd ()
MOD - C:\Programme\Box Sync\_elementtree.pyd ()
MOD - C:\Programme\Box Sync\_ctypes.pyd ()
MOD - C:\Programme\Box Sync\_sqlite3.pyd ()
MOD - C:\Programme\Box Sync\_socket.pyd ()
MOD - C:\Programme\Box Sync\_testcapi.pyd ()
MOD - C:\Programme\Box Sync\_win32sysloader.pyd ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Core\a2b1103ad3d9f329e0c9164994137c81\System.Core.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml\21071fcc838660d96f10920c4c3cd206\System.Xml.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Configuration\363b05dd092178671e56531a9c4999b6\System.Configuration.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System\3ff4657a86a0e14b4be577969e0ec762\System.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\mscorlib\52f4f785f7cf45a64606a8e13c8cf04c\mscorlib.ni.dll ()
MOD - C:\Programme\ubuntuone\dist\PyQt4.QtNetwork.pyd ()
MOD - C:\Programme\ubuntuone\dist\PyQt4.QtGui.pyd ()
MOD - C:\Programme\ubuntuone\dist\PyQt4.QtCore.pyd ()
MOD - C:\Programme\ubuntuone\dist\sip.pyd ()
MOD - G:\Eigene Programme\F-Secure\Anti-Virus\minifilter\hashlib_x86.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - G:\hardcopy\HcDllS.dll ()
MOD - C:\Programme\ubuntuone\dist\_ssl.pyd ()
MOD - C:\Programme\ubuntuone\dist\_hashlib.pyd ()
MOD - C:\Programme\ubuntuone\dist\_ctypes.pyd ()
MOD - C:\Programme\ubuntuone\dist\select.pyd ()
MOD - C:\Programme\ubuntuone\dist\unicodedata.pyd ()
MOD - C:\Programme\ubuntuone\dist\_socket.pyd ()
MOD - G:\hardcopy\HcDLL2_36_Win32.dll ()
MOD - C:\Programme\ubuntuone\dist\win32com.shell.shell.pyd ()
MOD - C:\Programme\ubuntuone\dist\pythoncom27.dll ()
MOD - C:\Programme\ubuntuone\dist\win32gui.pyd ()
MOD - C:\Programme\ubuntuone\dist\win32api.pyd ()
MOD - C:\Programme\ubuntuone\dist\win32trace.pyd ()
MOD - C:\Programme\ubuntuone\dist\win32security.pyd ()
MOD - C:\Programme\ubuntuone\dist\win32process.pyd ()
MOD - C:\Programme\ubuntuone\dist\win32pipe.pyd ()
MOD - C:\Programme\ubuntuone\dist\win32event.pyd ()
MOD - C:\Programme\ubuntuone\dist\win32file.pyd ()
MOD - C:\Programme\ubuntuone\dist\pywintypes27.dll ()
MOD - G:\hardcopy\hardcopy_04.dll ()
MOD - G:\Programme\Notepad++\plugins\NppFTP.dll ()
MOD - G:\Programme\Notepad++\plugins\NppExport.dll ()
MOD - C:\WINDOWS\system32\sbe.dll ()
MOD - G:\Eigene Programme\F-Secure\Spam Control\fsas.dll ()
MOD - \\?\g:\eigene programme\f-secure\hips\fsumi.dll ()
MOD - G:\Eigene Programme\F-Secure\FSGUI\strres.eng ()
MOD - G:\Eigene Programme\F-Secure\FSGUI\gres.dll ()
MOD - G:\Eigene Programme\F-Secure\FSGUI\fsavures.eng ()
MOD - G:\Eigene Programme\F-Secure\FSGUI\flyerres.eng ()
MOD - G:\Eigene Programme\F-Secure\FSGUI\about.dll ()
MOD - G:\Eigene Programme\F-Secure\FSGUI\aboutres.dll ()
MOD - G:\Eigene Programme\F-Secure\Anti-Virus\fsavhres.eng ()
MOD - g:\Eigene Programme\F-Secure\DAAS2\daas2.dll ()
MOD - C:\WINDOWS\system32\msdmo.dll ()
MOD - C:\Programme\Gemeinsame Dateien\Ulead Systems\AutoDetector\DetMethod.dll ()
MOD - C:\WINDOWS\system32\msjetoledb40.dll ()
MOD - C:\Programme\Sony\VAIO Camera Utility\VCULib.dll ()
MOD - C:\Programme\Intel\Wireless\Bin\Libeay32.dll ()
MOD - C:\Programme\Intel\Wireless\Bin\iWMSProv.dll ()
MOD - C:\Programme\Intel\Wireless\Bin\IntStngs.dll ()
MOD - C:\Programme\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe ()
MOD - C:\WINDOWS\system32\TosCommAPI.dll ()
MOD - C:\Programme\Sony\VAIO Event Service\VESBasePS.dll ()
MOD - C:\Programme\Adobe\Acrobat 7.0\Distillr\AdistRes.DEU ()
MOD - C:\WINDOWS\system32\TosBtHcrpAPI.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (HidServ) -- %SystemRoot%\System32\hidserv.dll File not found
SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (TwonkyProxy) -- C:\Programme\Twonky\TwonkyServer\twonkyproxy.exe ()
SRV - (TwonkyWebDav) -- C:\Programme\Twonky\TwonkyServer\twonkywebdav.exe ()
SRV - (JavaQuickStarterService) -- C:\Programme\Java\jre7\bin\jqs.exe (Oracle Corporation)
SRV - (FSORSPClient) -- G:\Eigene Programme\F-Secure\ORSP Client\fsorsp.exe (F-Secure Corporation)
SRV - (VUAgent) -- C:\Programme\Sony\VAIO Update Common\VUAgent.exe (Sony Corporation)
SRV - (STRATO HiDrive Service) -- G:\Programme\STRATO AG\STRATO HiDrive\STRATO HiDrive Service.exe (STRATO)
SRV - (NAUpdate) -- C:\Programme\Nero\Update\NASvc.exe (Nero AG)
SRV - (FSMA) -- G:\Eigene Programme\F-Secure\Common\FSMA32.EXE (F-Secure Corporation)
SRV - (FSDFWD) -- G:\Eigene Programme\F-Secure\FWES\program\fsdfwd.exe (F-Secure Corporation)
SRV - (F-Secure Gatekeeper Handler Starter) -- G:\Eigene Programme\F-Secure\Anti-Virus\fsgk32st.exe (F-Secure Corporation)
SRV - (VAIOMediaPlatform-IntegratedServer-AppServer) -- C:\Programme\Sony\VAIO Media Integrated Server\VMISrv.exe (Sony Corporation)
SRV - (VAIOMediaPlatform-IntegratedServer-UPnP) -- C:\Programme\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe (Sony Corporation)
SRV - (VAIOMediaPlatform-IntegratedServer-HTTP) -- C:\Programme\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe (Sony Corporation)
SRV - (VAIOMediaPlatform-Mobile-Gateway) -- C:\Programme\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe (Sony Corporation)
SRV - (VAIO Entertainment TV Device Arbitration Service) -- C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe (Sony Corporation)
SRV - (SSScsiSV) -- C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\SSScsiSV.exe (Sony Corporation)
SRV - (AdobeActiveFileMonitor4.0) -- C:\Programme\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe ()
SRV - (VzCdbSvc) -- C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe (Sony Corporation)
SRV - (VzFw) -- C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe (Sony Corporation)
SRV - (Vcsw) -- C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe (Sony Corporation)
SRV - (MSCSPTISRV) -- C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\MSCSPTISRV.exe (Sony Corporation)
SRV - (PACSPTISVR) -- C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\PACSPTISVR.exe (Sony Corporation)
SRV - (SPTISRV) -- C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\SPTISRV.exe (Sony Corporation)
SRV - (Image Converter video recording monitor for VAIO Entertainment) -- C:\Programme\Sony\Image Converter 2\IcVzMon.exe (Sony Corporation)
SRV - (VAIO Event Service) -- C:\Programme\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation)
SRV - (VCI) -- C:\Programme\Sony\VAIO Cooperated Initialisation\VCI_svc.exe (Sony Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (WDICA) --  File not found
DRV - (PDRFRAME) --  File not found
DRV - (PDRELI) --  File not found
DRV - (PDFRAME) --  File not found
DRV - (PDCOMP) --  File not found
DRV - (PCIDump) --  File not found
DRV - (lbrtfdc) --  File not found
DRV - (i2omgmt) --  File not found
DRV - (esihdrv) -- C:\DOKUME~1\Wolfgang\LOKALE~1\Temp\esihdrv.sys File not found
DRV - (Changer) --  File not found
DRV - (catchme) -- C:\DOKUME~1\Wolfgang\LOKALE~1\Temp\catchme.sys File not found
DRV - (F-Secure Gatekeeper) -- G:\Eigene Programme\F-Secure\Anti-Virus\minifilter\fsgk.sys ()
DRV - (fsbts) -- C:\WINDOWS\system32\drivers\fsbts.sys ()
DRV - (NBVol) -- C:\WINDOWS\system32\drivers\NBVol.sys (Nero AG)
DRV - (NBVolUp) -- C:\WINDOWS\system32\drivers\NBVolUp.sys (Nero AG)
DRV - (tap0901) -- C:\WINDOWS\system32\drivers\tap0901.sys (The OpenVPN Project)
DRV - (F-Secure HIPS) -- G:\Eigene Programme\F-Secure\HIPS\drivers\fshs.sys (F-Secure Corporation)
DRV - (FSFW) -- C:\WINDOWS\system32\drivers\fsdfw.sys (F-Secure Corporation)
DRV - (F-Secure Filter) -- G:\Eigene Programme\F-Secure\Anti-Virus\win2k\fsfilter.sys ()
DRV - (F-Secure Recognizer) -- G:\Eigene Programme\F-Secure\Anti-Virus\win2k\fsrec.sys ()
DRV - (WDC_SAM) -- C:\WINDOWS\system32\drivers\wdcsam.sys (Western Digital Technologies)
DRV - (SonyImgF) -- C:\WINDOWS\system32\drivers\SonyImgF.sys (Sony Corporation)
DRV - (s24trans) -- C:\WINDOWS\system32\drivers\s24trans.sys (Intel Corporation)
DRV - (w39n51) -- C:\WINDOWS\system32\drivers\w39n51.sys (Intel® Corporation)
DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (SigmaTel, Inc.)
DRV - (Tosrfusb) -- C:\WINDOWS\system32\drivers\tosrfusb.sys (TOSHIBA CORPORATION)
DRV - (TosRfSnd) -- C:\WINDOWS\system32\drivers\tosrfsnd.sys (TOSHIBA Corporation)
DRV - (usbvm321) -- C:\WINDOWS\system32\drivers\usbvm321.sys (Vimicro Corporation)
DRV - (HSF_DPV) -- C:\WINDOWS\system32\drivers\HSF_DPV.sys (Conexant Systems, Inc.)
DRV - (HSFHWAZL) -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (Tosrfbd) -- C:\WINDOWS\system32\drivers\tosrfbd.sys (TOSHIBA CORPORATION)
DRV - (Tosrfhid) -- C:\WINDOWS\system32\drivers\tosrfhid.sys (TOSHIBA Corporation.)
DRV - (ti21sony) -- C:\WINDOWS\system32\drivers\ti21sony.sys (Texas Instruments)
DRV - (SI3132) -- C:\WINDOWS\system32\drivers\SI3132.sys (Silicon Image, Inc.)
DRV - (SiRemFil) -- C:\WINDOWS\system32\drivers\SiRemFil.sys (Silicon Image, Inc.)
DRV - (tosporte) -- C:\WINDOWS\system32\drivers\tosporte.sys (TOSHIBA Corporation)
DRV - (Tosrfbnp) -- C:\WINDOWS\system32\drivers\tosrfbnp.sys (TOSHIBA Corporation)
DRV - (Tosrfcom) -- C:\WINDOWS\system32\drivers\tosrfcom.sys (TOSHIBA Corporation)
DRV - (toshidpt) -- C:\WINDOWS\system32\drivers\toshidpt.sys (TOSHIBA Corporation.)
DRV - (tosrfnds) -- C:\WINDOWS\system32\drivers\tosrfnds.sys (TOSHIBA Corporation.)
DRV - (ApfiltrService) -- C:\WINDOWS\system32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (SiFilter) -- C:\WINDOWS\system32\drivers\SiWinAcc.sys (Silicon Image, Inc.)
DRV - (DMICall) -- C:\WINDOWS\system32\drivers\DMICall.sys (Sony Corporation)
DRV - (SNC) -- C:\WINDOWS\system32\drivers\SonyNC.sys (Sony Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.club-vaio.com/de/
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.club-vaio.com/de/
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-21-2067509887-573568312-3817669188-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-21-2067509887-573568312-3817669188-1006\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-2067509887-573568312-3817669188-1006\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-2067509887-573568312-3817669188-1006\..\SearchScopes\{0F9E37E5-7094-4B2A-BA63-45728792B28B}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=FKR&o=100000013&src=crm&q={searchTerms}&locale=&apn_ptnrs=2T&apn_dtid=YYYYYYYYDE&apn_uid=20f87da0-8a57-4582-a7cf-f83df4dd67e0&apn_sauid=E6103EC5-827E-45F3-9103-1CA704EF6625
IE - HKU\S-1-5-21-2067509887-573568312-3817669188-1006\..\SearchScopes\{AF0B3699-313C-47CE-B187-97C181997C92}: "URL" = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKU\S-1-5-21-2067509887-573568312-3817669188-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "hxxp://www.kottowski.de"
FF - prefs.js..extensions.enabledAddons: spam%40trashmail.net:2.6.2
FF - prefs.js..extensions.enabledAddons: litmus-ff%40f-secure.com:1.10
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0
FF - prefs.js..keyword.URL: "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=FKR&o=100000013&locale=de_DE&apn_uid=20f87da0-8a57-4582-a7cf-f83df4dd67e0&apn_ptnrs=2T&apn_sauid=E6103EC5-827E-45F3-9103-1CA704EF6625&apn_dtid=YYYYYYYYDE&&q="
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Programme\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Nero.com/KM: C:\PROGRA~1\GEMEIN~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.4: G:\Programme\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: G:\Programme\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101753.dll (Amazon.com, Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\litmus-ff@f-secure.com: G:\Eigene Programme\F-Secure\NRS\litmus-ff@f-secure.com [2013.01.03 20:18:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0\extensions\\Components: g:\programme\mozilla firefox\components [2013.01.10 20:43:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0\extensions\\Plugins: g:\programme\mozilla firefox\plugins
 
[2012.06.10 19:48:52 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Wolfgang\Anwendungsdaten\Mozilla\Extensions
[2012.12.02 20:03:37 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Wolfgang\Anwendungsdaten\Mozilla\Firefox\Profiles\jp8vstay.default\extensions
[2012.10.24 21:55:03 | 000,000,000 | ---D | M] (Fotosketcher Toolbar) -- C:\Dokumente und Einstellungen\Wolfgang\Anwendungsdaten\Mozilla\Firefox\Profiles\jp8vstay.default\extensions\toolbar@ask.com
[2012.12.02 20:03:37 | 000,217,069 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\Wolfgang\Anwendungsdaten\Mozilla\Firefox\Profiles\jp8vstay.default\extensions\spam@trashmail.net.xpi
[2012.10.24 21:55:04 | 000,002,331 | ---- | M] () -- C:\Dokumente und Einstellungen\Wolfgang\Anwendungsdaten\Mozilla\Firefox\Profiles\jp8vstay.default\searchplugins\askcom.xml
[2013.01.03 20:18:32 | 000,000,000 | ---D | M] ("urn:mozilla:install-manifest" em:creator="(c) 2007 by F-Secure" em:description="Browsing Protection Toolbar" em:homepageURL="hxxp://www.f-secure.com/" em:iconURL="chrome://litmus-ff/skin/logo.png" em:id="litmus-ff@f-secure.com" em:name="Browsing Protection" em:updateURL="https://10.70.0.25/fireup/update.rdf" em:version="1.10">) -- G:\EIGENE PROGRAMME\F-SECURE\NRS\LITMUS-FF@F-SECURE.COM
 
O1 HOSTS File: ([2013.01.09 21:56:43 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Programme\Google\GoogleToolbar1.dll (Google Inc.)
O2 - BHO: (Browsing Protection Class) - {C6867EB7-8350-4856-877F-93CF8AE3DC9C} - G:\Eigene Programme\F-Secure\NRS\iescript\baselitmus.dll (F-Secure Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Programme\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Browsing Protection Toolbar) - {265EEE8E-3228-44D3-AEA5-F7FDF5860049} - G:\Eigene Programme\F-Secure\NRS\iescript\baselitmus.dll (F-Secure Corporation)
O3 - HKU\S-1-5-21-2067509887-573568312-3817669188-1006\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-21-2067509887-573568312-3817669188-1006\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKU\S-1-5-21-2067509887-573568312-3817669188-1006\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Programme\Google\GoogleToolbar1.dll (Google Inc.)
O4 - HKLM..\Run: [Acrobat Assistant 7.0] C:\Programme\Adobe\Acrobat 7.0\Distillr\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Apoint] C:\Programme\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [BoxSyncHelper] C:\Programme\Box Sync\BoxSyncHelper.exe (Box, Inc.)
O4 - HKLM..\Run: [F-Secure Manager] G:\Eigene Programme\F-Secure\Common\FSM32.EXE (F-Secure Corporation)
O4 - HKLM..\Run: [F-Secure TNB] G:\Eigene Programme\F-Secure\FSGUI\TNBUtil.exe (F-Secure Corporation)
O4 - HKLM..\Run: [ISBMgr.exe] C:\Programme\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [Mouse Suite 98 Daemon] C:\WINDOWS\System32\ico.exe (Primax Electronics Ltd.)
O4 - HKLM..\Run: [NBAgent] C:\Programme\Nero\Nero 11\Nero BackItUp\NBAgent.exe (Nero AG)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [PDFPrint] G:\Programme\PDF24\pdf24.exe (Geek Software GmbH)
O4 - HKLM..\Run: [SonyPowerCfg] C:\Programme\Sony\VAIO Power Management\SPMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Switcher.exe] C:\Programme\Sony\Wireless Switch Setting Utility\Switcher.exe (Sony Corporation)
O4 - HKLM..\Run: [Ulead AutoDetector v2] C:\Programme\Gemeinsame Dateien\Ulead Systems\AutoDetector\Monitor.exe (Ulead Systems, Inc.)
O4 - HKLM..\Run: [VAIO Update 5] C:\Programme\Sony\VAIO Update 5\VAIOUpdt.exe (Sony Corporation)
O4 - HKLM..\Run: [VAIOCameraUtility] C:\Programme\Sony\VAIO Camera Utility\VCUServe.exe (Sony Corporation)
O4 - HKU\S-1-5-21-2067509887-573568312-3817669188-1006..\Run: [Software Informer] C:\Programme\Software Informer\softinfo.exe (Informer Technologies, Inc.)
O4 - HKU\S-1-5-21-2067509887-573568312-3817669188-1006..\Run: [Ubuntu One] C:\Programme\ubuntuone\dist\ubuntuone-syncdaemon.exe ()
O4 - HKU\S-1-5-21-2067509887-573568312-3817669188-1006..\Run: [Ubuntu One Icon] C:\Programme\ubuntuone\dist\ubuntuone-control-panel-qt.exe ()
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Bluetooth Manager.lnk = C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe ()
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Box Sync.lnk = C:\Programme\Box Sync\BoxSync.exe (Box, Inc.)
O4 - Startup: C:\Dokumente und Einstellungen\Wolfgang\Startmenü\Programme\Autostart\Hardcopy.LNK = G:\hardcopy\hardcopy.exe (sw4you, Siegfried Weckmann)
O4 - Startup: C:\Dokumente und Einstellungen\Wolfgang\Startmenü\Programme\Autostart\Twonky 7.1.lnk = C:\Programme\Twonky\TwonkyServer\twonkytray.exe (PacketVideo)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2067509887-573568312-3817669188-1006\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2067509887-573568312-3817669188-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-2067509887-573568312-3817669188-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-2067509887-573568312-3817669188-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &Google-Suche - C:\Programme\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: &Ins Deutsche übersetzen - C:\Programme\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Ähnliche Seiten - C:\Programme\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Im Cache gespeicherte Seite - C:\Programme\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Verweisseiten - C:\Programme\Google\GoogleToolbar1.dll (Google Inc.)
O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_05\bin\NPJPI150_05.dll (Sun Microsystems, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - G:\Eigene Programme\F-Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - G:\Eigene Programme\F-Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - G:\Eigene Programme\F-Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - G:\Eigene Programme\F-Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O15 - HKU\.DEFAULT\..Trusted Domains: sony-europe.com ([] in Lokales Intranet)
O15 - HKU\.DEFAULT\..Trusted Domains: sony-europe.com ([]* in Vertrauenswürdige Sites)
O15 - HKU\.DEFAULT\..Trusted Domains: sonystyle-europe.com ([] in Lokales Intranet)
O15 - HKU\.DEFAULT\..Trusted Domains: sonystyle-europe.com ([]* in Vertrauenswürdige Sites)
O15 - HKU\.DEFAULT\..Trusted Domains: vaio-link.com ([] in Lokales Intranet)
O15 - HKU\.DEFAULT\..Trusted Domains: vaio-link.com ([]* in Vertrauenswürdige Sites)
O15 - HKU\S-1-5-18\..Trusted Domains: sony-europe.com ([] in Lokales Intranet)
O15 - HKU\S-1-5-18\..Trusted Domains: sony-europe.com ([]* in Vertrauenswürdige Sites)
O15 - HKU\S-1-5-18\..Trusted Domains: sonystyle-europe.com ([] in Lokales Intranet)
O15 - HKU\S-1-5-18\..Trusted Domains: sonystyle-europe.com ([]* in Vertrauenswürdige Sites)
O15 - HKU\S-1-5-18\..Trusted Domains: vaio-link.com ([] in Lokales Intranet)
O15 - HKU\S-1-5-18\..Trusted Domains: vaio-link.com ([]* in Vertrauenswürdige Sites)
O15 - HKU\S-1-5-21-2067509887-573568312-3817669188-1006\..Trusted Domains: sony-europe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-2067509887-573568312-3817669188-1006\..Trusted Domains: sonystyle-europe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-2067509887-573568312-3817669188-1006\..Trusted Domains: vaio-link.com ([]* in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab (Java Plug-in 1.5.0_05)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D736588D-959B-4DE4-8835-3D3DDD703445}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\VESWinlogon: DllName - (VESWinlogon.dll) - C:\WINDOWS\System32\VESWinlogon.dll (Sony Corporation)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\WINDOWS\VAIO Sea Wallpaper TrueColor 1280x800.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\VAIO Sea Wallpaper TrueColor 1280x800.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005.12.12 17:40:12 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - F:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.01.10 19:53:32 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2013.01.10 01:04:17 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\mbar-1.01.0.1011
[2013.01.09 21:40:45 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Wolfgang\Anwendungsdaten\Opera
[2013.01.09 21:31:25 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Wolfgang\Lokale Einstellungen\Anwendungsdaten\PCHealth
[2013.01.08 22:49:57 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2013.01.08 22:46:23 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2013.01.08 22:46:23 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2013.01.08 22:46:22 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2013.01.08 22:46:22 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2013.01.08 22:45:53 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.01.08 22:45:50 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\Wolfgang\Startmenü\Programme\Verwaltung
[2013.01.08 22:45:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
[2013.01.08 22:41:04 | 005,019,950 | R--- | C] (Swearware) -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\ComboFix.exe
[2013.01.06 17:50:24 | 002,213,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\tdsskiller.exe
[2013.01.06 17:02:38 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\aswMBR.exe
[2013.01.06 00:57:18 | 002,841,344 | ---- | C] (ESET) -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\SysInspector.exe
[2013.01.04 18:58:43 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\OTL.exe
[2013.01.03 21:53:20 | 000,000,000 | ---D | C] -- C:\Programme\ESET
[2013.01.03 00:30:55 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Wolfgang\Anwendungsdaten\Malwarebytes
[2013.01.03 00:30:32 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware
[2013.01.03 00:30:29 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
[2013.01.03 00:30:25 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2013.01.03 00:30:25 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2013.01.02 22:16:19 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Wolfgang\Anwendungsdaten\F-Secure
[2012.12.22 19:33:58 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Wolfgang\Startmenü\Programme\The GodFather
[2012.12.22 01:54:27 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Wolfgang\Pictures - GT-P5100
[2012.12.22 00:34:45 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Wolfgang\Ubuntu One
[2012.12.22 00:34:43 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Wolfgang\Lokale Einstellungen\Anwendungsdaten\ubuntuone
[2012.12.22 00:34:31 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Wolfgang\Lokale Einstellungen\Anwendungsdaten\xdg
[2012.12.22 00:34:31 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ubuntuone-storageprotocol
[2012.12.22 00:34:31 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ubuntuone
[2012.12.22 00:34:22 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Ubuntu One
[2012.12.22 00:34:10 | 000,000,000 | ---D | C] -- C:\Programme\ubuntuone
[2012.12.21 20:51:21 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Box Sync
[2012.12.21 01:26:56 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen\Wolfgang\IECompatCache
[2012.12.20 23:59:17 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Wolfgang\Lokale Einstellungen\Anwendungsdaten\IsolatedStorage
[2012.12.20 23:57:37 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Western Digital
[2012.12.20 23:37:20 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\WD Link
[2012.12.20 21:16:52 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Wolfgang\Anwendungsdaten\TwonkyServer
[2012.12.20 21:15:50 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\twonkyserver
[2012.12.20 21:15:45 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Wolfgang\Startmenü\Programme\Twonky 7.1
[2012.12.20 21:15:32 | 000,000,000 | ---D | C] -- C:\Programme\Twonky
[2012.12.20 20:39:37 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Wolfgang\Anwendungsdaten\MioNetApplet
[2012.12.17 00:56:12 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\VideoLAN
[2012.12.15 22:17:44 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Wolfgang\Anwendungsdaten\Try2
[2012.12.15 22:17:44 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Try2
[2012.12.15 22:15:51 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\rondomedia
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.01.11 00:38:15 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013.01.11 00:17:24 | 000,041,156 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2013.01.11 00:17:07 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013.01.11 00:17:04 | 2145,570,816 | -HS- | M] () -- C:\hiberfil.sys
[2013.01.10 21:33:42 | 000,554,087 | ---- | M] () -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\adwcleaner.exe
[2013.01.10 01:02:20 | 013,485,902 | ---- | M] () -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\mbar-1.01.0.1011.zip
[2013.01.09 22:39:06 | 000,697,864 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2013.01.09 22:39:06 | 000,074,248 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2013.01.09 21:56:43 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2013.01.09 01:20:56 | 000,532,878 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2013.01.09 01:20:56 | 000,506,794 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013.01.09 01:20:56 | 000,108,784 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2013.01.09 01:20:56 | 000,090,702 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013.01.09 01:12:59 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2013.01.08 22:50:01 | 000,000,498 | RHS- | M] () -- C:\boot.ini
[2013.01.08 22:40:54 | 005,019,950 | R--- | M] (Swearware) -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\ComboFix.exe
[2013.01.07 23:24:51 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013.01.06 17:50:28 | 002,213,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\tdsskiller.exe
[2013.01.06 17:32:30 | 000,000,512 | ---- | M] () -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\MBR.dat
[2013.01.06 17:03:30 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\aswMBR.exe
[2013.01.06 00:57:24 | 002,841,344 | ---- | M] (ESET) -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\SysInspector.exe
[2013.01.05 23:17:40 | 000,000,315 | ---- | M] () -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\F-Secure Health Check.url
[2013.01.04 18:49:59 | 000,000,000 | ---- | M] () -- C:\Dokumente und Einstellungen\Wolfgang\defogger_reenable
[2013.01.04 18:41:40 | 000,050,477 | ---- | M] () -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\Defogger.exe
[2013.01.04 18:08:40 | 000,381,632 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013.01.03 16:25:54 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\OTL.exe
[2013.01.03 00:30:32 | 000,000,763 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012.12.23 00:00:41 | 000,003,027 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\dsgsdgdsgdsgw.js
[2012.12.22 23:57:40 | 000,000,000 | ---- | M] () -- C:\1.htm
[2012.12.22 23:39:23 | 000,007,026 | ---- | M] () -- C:\WINDOWS\cdplayer.ini
[2012.12.22 19:40:20 | 000,000,609 | ---- | M] () -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\TheGodFather.lnk
[2012.12.22 00:34:23 | 000,001,743 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Ubuntu One.lnk
[2012.12.21 20:52:03 | 000,001,333 | ---- | M] () -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\My Box Files.lnk
[2012.12.21 20:51:21 | 000,001,616 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Box Sync.lnk
[2012.12.20 23:57:37 | 000,001,807 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\My Net View.lnk
[2012.12.20 23:37:20 | 000,001,001 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\WD Link.lnk
[2012.12.20 21:16:10 | 000,000,804 | ---- | M] () -- C:\Dokumente und Einstellungen\Wolfgang\Startmenü\Programme\Autostart\Twonky 7.1.lnk
[2012.12.20 21:15:52 | 000,000,792 | ---- | M] () -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\Twonky 7.1.lnk
[2012.12.17 00:56:12 | 000,000,603 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\VLC media player.lnk
[2012.12.16 13:23:59 | 000,290,560 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\dllcache\atmfd.dll
[2012.12.16 13:23:59 | 000,290,560 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\atmfd.dll
[2012.12.15 22:15:51 | 000,000,926 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Jewel Empire - Hidden Secrets.lnk
[2012.12.14 16:49:28 | 000,021,104 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.01.10 21:33:45 | 000,554,087 | ---- | C] () -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\adwcleaner.exe
[2013.01.10 01:01:49 | 013,485,902 | ---- | C] () -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\mbar-1.01.0.1011.zip
[2013.01.08 22:49:59 | 000,262,448 | RHS- | C] () -- C:\cmldr
[2013.01.08 22:46:23 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2013.01.08 22:46:23 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2013.01.08 22:46:23 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2013.01.08 22:46:22 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2013.01.08 22:46:22 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2013.01.06 17:32:30 | 000,000,512 | ---- | C] () -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\MBR.dat
[2013.01.05 23:17:40 | 000,000,315 | ---- | C] () -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\F-Secure Health Check.url
[2013.01.04 20:02:56 | 000,357,376 | ---- | C] () -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\wd4c1uoj.exe
[2013.01.04 18:49:59 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\Wolfgang\defogger_reenable
[2013.01.04 18:41:44 | 000,050,477 | ---- | C] () -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\Defogger.exe
[2013.01.03 00:30:32 | 000,000,763 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012.12.23 00:00:41 | 000,003,027 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\dsgsdgdsgdsgw.js
[2012.12.22 23:57:05 | 000,000,000 | ---- | C] () -- C:\1.htm
[2012.12.22 19:40:20 | 000,000,609 | ---- | C] () -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\TheGodFather.lnk
[2012.12.22 00:34:23 | 000,001,743 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Ubuntu One.lnk
[2012.12.21 20:51:21 | 000,001,616 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Box Sync.lnk
[2012.12.20 23:57:37 | 000,001,807 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\My Net View.lnk
[2012.12.20 23:37:20 | 000,001,001 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\WD Link.lnk
[2012.12.20 21:16:10 | 000,000,804 | ---- | C] () -- C:\Dokumente und Einstellungen\Wolfgang\Startmenü\Programme\Autostart\Twonky 7.1.lnk
[2012.12.20 21:15:52 | 000,000,792 | ---- | C] () -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\Twonky 7.1.lnk
[2012.12.17 00:56:12 | 000,000,603 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\VLC media player.lnk
[2012.12.15 22:15:51 | 000,000,926 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Jewel Empire - Hidden Secrets.lnk
[2012.11.07 22:23:10 | 000,003,396 | ---- | C] () -- C:\Dokumente und Einstellungen\Wolfgang\Lokale Einstellungen\Anwendungsdaten\recently-used.xbel
[2012.10.10 21:11:33 | 000,001,158 | ---- | C] () -- C:\Dokumente und Einstellungen\Wolfgang\Anwendungsdaten\ShiftN.ini
[2012.10.01 23:04:30 | 000,345,366 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\WPFFontCache_v0400-S-1-5-21-2067509887-573568312-3817669188-1007-0.dat
[2012.07.23 22:16:08 | 013,476,602 | ---- | C] () -- C:\Dokumente und Einstellungen\Wolfgang\ZDFneo-Der_Adler_-_Codename__Sisyphus-120705_adler_sisyphus_neo.asx.asf
[2012.07.22 20:14:51 | 000,000,030 | ---- | C] () -- C:\WINDOWS\Iedit_.INI
[2012.07.22 19:51:26 | 000,120,200 | ---- | C] () -- C:\WINDOWS\System32\DLLDEV32i.dll
[2012.07.22 19:46:39 | 000,007,119 | ---- | C] () -- C:\WINDOWS\mgxoschk.ini
[2012.06.28 15:06:13 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012.06.28 01:39:10 | 000,891,902 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\WPFFontCache_v0400-S-1-5-21-2067509887-573568312-3817669188-1006-0.dat
[2012.06.28 01:39:08 | 000,345,366 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\WPFFontCache_v0400-System.dat
[2012.06.26 21:04:22 | 000,007,026 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2012.06.26 20:09:31 | 000,044,240 | ---- | C] () -- C:\WINDOWS\System32\drivers\fsbts.sys
[2012.06.10 20:11:28 | 000,000,166 | ---- | C] () -- C:\Dokumente und Einstellungen\Wolfgang\Anwendungsdaten\wklnhst.dat
[2012.06.10 16:58:38 | 000,004,608 | ---- | C] () -- C:\Dokumente und Einstellungen\Wolfgang\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.06.10 16:36:14 | 000,000,272 | ---- | C] () -- C:\Dokumente und Einstellungen\Wolfgang\Anwendungsdaten\.backup.dm
[2012.06.09 21:25:28 | 000,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2012.06.09 21:16:26 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\Cpuinf32.dll
[2012.06.09 21:12:07 | 000,000,059 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2012.06.09 21:05:27 | 000,000,146 | ---- | C] () -- C:\Dokumente und Einstellungen\Wolfgang\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
 
========== ZeroAccess Check ==========
 
[2005.12.12 17:36:51 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2012.04.20 20:29:44 | 001,510,400 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.02.09 11:51:44 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008.04.14 03:22:32 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >
Code:
OTL Extras logfile created on: 11.01.2013 00:41:23 - Run 4
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Dokumente und Einstellungen\Wolfgang\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,14 Gb Available Physical Memory | 56,91% Memory free
3,85 Gb Paging File | 2,99 Gb Available in Paging File | 77,63% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 48,83 Gb Total Space | 25,70 Gb Free Space | 52,63% Space Free | Partition Type: NTFS
Drive D: | 140,58 Gb Total Space | 125,16 Gb Free Space | 89,03% Space Free | Partition Type: FAT32
Drive F: | 48,83 Gb Total Space | 35,30 Gb Free Space | 72,30% Space Free | Partition Type: NTFS
Drive G: | 75,89 Gb Total Space | 68,84 Gb Free Space | 90,71% Space Free | Partition Type: NTFS
Drive J: | 50,27 Gb Total Space | 50,27 Gb Free Space | 100,00% Space Free | Partition Type: FAT32
Drive N: | 465,73 Gb Total Space | 115,08 Gb Free Space | 24,71% Space Free | Partition Type: NTFS
 
Computer Name: LAPTOP-PC | User Name: Wolfgang | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
 
[HKEY_USERS\S-1-5-21-2067509887-573568312-3817669188-1006\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- g:\programme\mozilla firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "G:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [CEWE FOTOSCHAU] -- "G:\Programme\CEWE COLOR\Mein CEWE FOTOBUCH\CEWE FOTOSCHAU.exe" -d "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Mein CEWE FOTOBUCH] -- "G:\Programme\CEWE COLOR\Mein CEWE FOTOBUCH\Mein CEWE FOTOBUCH.exe" "%1" ()
Directory [PlayWithVLC] -- "G:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Programme\Adobe\Photoshop Elements 4.0\AdobePhotoshopElementsMediaServer.exe" = C:\Programme\Adobe\Photoshop Elements 4.0\AdobePhotoshopElementsMediaServer.exe:*:Disabled:Adobe Photoshop Elements Media Server -- ()
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Programme\Twonky\TwonkyServer\twonkystarter.exe" = C:\Programme\Twonky\TwonkyServer\twonkystarter.exe:*:Enabled:TwonkyServer -- (PacketVideo)
"C:\Programme\Twonky\TwonkyServer\twonkyserver.exe" = C:\Programme\Twonky\TwonkyServer\twonkyserver.exe:*:Enabled:TwonkyServer -- ()
"C:\Programme\ubuntuone\dist\ubuntuone-syncdaemon.exe" = C:\Programme\ubuntuone\dist\ubuntuone-syncdaemon.exe:*:Enabled:Ubuntu One -- ()
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00F8608F-BA6A-4B32-843A-1A568ACD1198}" = VAIO Sea Wallpaper
"{013E1BA8-C815-4E27-BCB9-D6B1B2E24094}" = SonicStage Mastering Studio Audio Filter Custom Preset
"{01E9B2FF-DAF4-4529-9CC9-2101625517C7}" = nero.prerequisites.msi
"{01FDC9FC-4D4F-4DB0-ACD1-D3E8E1D52902}" = Sony MP4 Shared Library
"{034DCAF9-96E7-4936-9A07-712F80B5181E}" = Nero RescueAgent 11
"{0673654C-5296-453B-9798-B61CD7E03FEB}" = SES Driver
"{0713D1F9-DD77-42C1-8C7D-54D479E2E743}" = Nero SoundTrax 11
"{075473F5-846A-448B-BCB3-104AA1760205}" = Roxio DigitalMedia Data
"{0D7A4289-99CF-4B8D-B812-86BE50A54552}" = Nero Video 11
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{11C98E1A-EC91-4B38-B44C-C562292D8453}" = Adobe Premiere Elements 2.0
"{11D3EF85-63E1-4AE4-A7C1-9241BDB16B51}" = Nero ControlCenter 11
"{1417F599-1DBD-4499-9375-B2813E9F890C}" = VAIO Camera Utility
"{14DC0059-00F1-4F62-BD1A-AB23CD51A95E}" = Adobe AIR
"{15803703-25FA-4C01-A062-3F4A59937E87}" = Ulead PhotoImpact X3
"{1BEF9285-5530-426B-A5F1-5836B95C7EB1}" = VAIO Original Screen Saver
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2063C2E8-3812-4BBD-9998-6610F80C1DD4}" = VAIO Media AC3 Decoder 1.0
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 9
"{27337663-2619-11D4-99DC-0000F49094C7}" = Memory Stick Formatter
"{28C70D19-6DE9-43EF-BFA3-342F4A11B727}" = LibreOffice 3.5
"{2A0F3EF9-68EE-49E9-A05B-ED5B82DF63E5}" = Wireless Switch Setting Utility
"{2AEDC172-479F-47AE-8A48-A0524D4AED5B}_is1" = Inpaint 4.7
"{2CA7225D-CB12-462A-9DD1-50319E158BA5}" = Nero 11 PiP Effects Basic
"{3248F0A8-6813-11D6-A77B-00B0D0150050}" = J2SE Runtime Environment 5.0 Update 5
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{390757AA-8830-43DC-AEE0-4E5B6F8439EB}" = Nero SoundTrax 11 Help (CHM)
"{3966711E-1F98-4C9F-AE0B-6AD28137FE64}" = Multiple Image Resizer .NET 4
"{3B418709-D688-4E3A-BE0E-7D71FA84C948}" = Nero 11 PiP Effects 1
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4382FC76-8100-4951-8658-31834E625E88}" = Nero 11 Video Transitions 1
"{498A4E3D-562E-4129-8722-6DCAB12384AE}" = Windows Communication Foundation Language Pack - DEU
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{529125EF-E3AC-4B74-97E6-F688A7C0F1BF}" = Paint.NET v3.5.10
"{53F7746A-96AA-49A5-86B8-59989680DAC5}" = Nero Burning ROM 11 Help (CHM)
"{55C2143E-FBA5-442F-9AFA-726FF068F39D}" = Nero CoverDesigner 11 Help (CHM)
"{560F6B2E-F0DF-44E5-8190-A4A161F0E205}" = VAIO Media 5.0
"{57F80ECF-E27C-4EEE-AB58-E971BACE2639}" = Nero Recode 11 Help (CHM)
"{5855C127-1F20-404D-B7FB-1FD84D7EAB5E}" = VAIO Media Redistribution 5.0
"{59452470-A902-477F-9338-9B88101681BD}" = Setting Utility Series
"{5958CAC6-373E-402F-84FE-0A699AA920B9}" = LAN Setting Utility
"{5A212B2D-140D-46F4-B625-2D1CA5A00594}" = Nero 11 Kwik Themes Basic
"{5BEE8F1F-BD32-4553-8107-500439E43BD7}" = VAIO Update
"{5E940FC7-90C4-8583-3DCB-A2C86224B726}" = Shrink O’Matic
"{5E98FDD6-3672-4DBE-AB8B-2C9A0BED1382}" = Nero 11 Disc Menus 3
"{60356853-8141-8377-6786-288431479053}" = Jewel Empire-Hidden Secrets
"{61D6E4FB-1A62-4EB1-BE56-929B00C155CF}" = Wireless LAN Starter
"{63B8FB69-A1B6-425D-B67D-5257B7A1F663}" = Image Converter 2 Plus
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{668B1BD6-4593-4959-970E-249AFFE6F35C}" = VOR
"{685BCC47-B8EC-45EC-BBCE-77DF2451502C}" = DVgate Plus
"{6AB2427E-A18F-4809-9A12-29F5EBABBB3A}" = Nero BackItUp 11 Help (CHM)
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6B1F20F2-6321-4669-A58C-33DF8E7517FF}" = VAIO Entertainment Platform
"{7228FD8C-3B9E-4204-AE36-8A466107685B}" = Windows Workflow Foundation DE Language Pack
"{785EB1D4-ECEC-4195-99B4-73C47E187721}" = VAIO Media Integrated Server 5.0
"{7DF2B5EE-2C16-4E86-9C71-8678068AD805}" = Nero 11 Disc Menus 2
"{7F9C9908-69E3-4474-A081-256F27995A18}" = My Net View
"{8014FACB-1D1D-48C2-94AA-E29EE2E6B9CE}" = Nero WaveEditor 11
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 4.9.0
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8937FCB2-2FC6-4FC3-9FB5-DE2C92DB9C38}" = Microsoft .NET Framework 2.0 Language Pack - DEU
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8EDBA74D-0686-4C99-BFDD-F894678E5102}" = Adobe Common File Installer
"{8FFC924C-ED06-44CB-8867-3CA778ECE903}" = Adobe Help Center 2.0
"{9080C5D2-82FA-452A-87FA-CBB4B05D67A5}" = VPS
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD for VAIO
"{9193490D-5229-4FC4-9BB9-A6D63C09574A}" = High-Definition Video Playback
"{92DF2F1B-F63C-4D9A-B3E1-B2D11AE29790}" = Windows Presentation Foundation Language Pack (DEU)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9CC89556-3578-48DD-8408-04E66EBEF401}" = mXML
"{9E319E96-ED8E-4B01-9775-C521A1869A25}" = VAIO Power Management
"{9E407618-D9CD-4F39-9490-9ED45294073D}" = Click to DVD 2.0.03 Menu Data
"{9FC86590-AC98-4845-80D4-3EB37B51947B}" = Nero 11
"{A0EB195B-5876-48E6-879D-33D4B2102610}" = SonicStage 3.3
"{A0F34849-D9AB-46DD-B1BE-BB0DB60B1FE8}" = Nero 11 Disc Menus 1
"{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}" = mDriver
"{A2CDC001-F8B3-4C64-9E74-2E3FA0FAC9D9}" = Nero 11 Video Samples
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A3810BEE-967B-41DC-9662-F941A3F7D689}" = calibre
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A4F6BE36-4826-45BA-A396-04F265A3B61D}" = Nero 11 Kwik Themes 2
"{A7A0BF2E-31CC-49E3-9913-52C503EB969D}" = Nero Audio Pack 1
"{AB2BBC64-8AC8-4E66-BBF3-E22D5EACEECA}" = Nero BackItUp 11
"{AB467B85-4F52-48C2-AEED-0673D00417B0}" = SonicStage Mastering Studio Audio Filter
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Roxio DigitalMedia Audio
"{ABBD2A2E-2424-4078-966F-F319A88D5F21}" = VAIO Starfish Wallpaper
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.5) - Deutsch
"{ACD6B383-EC5B-4000-A455-CCB308B447FE}" = Nero 11 Kwik Themes 4
"{AF9A04EB-7D8E-41DE-9EDE-4AB9BB2B71B6}" = VAIO Media Registration Tool 5.0
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Roxio DigitalMedia Copy
"{B160A672-F326-4414-9BB0-A056C61B357C}" = Nero 11 Cliparts
"{B1846721-A8E6-46C7-83B6-0DCF7ADB4267}" = Nero Burning ROM 11
"{B1F69AF3-B5B5-4CA5-ADC5-8A738EB6E574}" = Nero 11 Kwik Themes 1
"{B26E3B0D-C2FA-4370-B068-7C476766F029}" = Microsoft Works
"{B3F1E526-180B-4480-9FEC-3E2DCB8EA9CE}" = F-Secure PSC Prerequisites
"{B7C03E84-AF46-42F4-809D-D4127D9086D0}" = VAIO Edit Components 6.0
"{B9B1BA7F-7E07-49DD-A713-5B397A5BB66B}" = Nero Kwik Media Help (CHM)
"{BA499CC0-12C0-4BA5-9007-76844B721158}" = Nero 11 Kwik Themes 3
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BE56FEF0-1A0F-4719-B3AD-34B5087AFA6D}" = Sony Video Shared Library
"{BE814218-3919-4EA3-868A-2F60BC135CB4}" = Nero Kwik Media
"{BEBEE34D-84A2-4EDD-8BEA-96CC54371263}" = Nero Core Components 11
"{BF3B304B-8A18-452D-A19F-6012CA8418D7}" = SonicStage Mastering Studio 2.1
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C27BF761-C499-488D-A964-A3718BC6EC3E}" = DSD Direct
"{C89EB8CD-675F-44F4-9729-4C9A8FAC2D4F}" = DSD Playback Plug-In 1.0
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCE210DF-7EEF-4A76-A63C-3EB091FDB992}" = welcome
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE518445-0054-44F8-8315-2AD45BF3701E}" = Raw Therapee V4.0.9.50 x86
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{D010EBB6-6CDB-4360-90ED-743156F3E11F}" = LibreOffice 3.5 Help Pack (German)
"{D01CE99A-8802-483C-A79F-298B691EB432}" = Nero RescueAgent 11 Help (CHM)
"{D2CBEFA4-F2D3-4E97-A171-8BFD6A31A5EC}" = Nero Express 11 Help (CHM)
"{D2D23D08-D10E-43D6-883C-78E0B2AC9CC6}" = VU5x86
"{D4D66270-9147-4BDF-9946-FCA2B303AA8F}" = Nero ControlCenter 11 Help (CHM)
"{E09B48B5-E141-427A-AB0C-D3605127224A}" = Microsoft SQL Server Desktop Engine (VAIO_VEDB)
"{E10AAE4A-98B8-420A-BD93-E0520C23D624}" = Nero Express 11
"{E4715C25-7114-4F40-A915-C1951D4D7520}" = VAIO Update Merge Module x86
"{E51BC4B0-EA5E-49CC-AF3B-93B5C627EC22}" = Nero 11 Effects Basic
"{E5E6E687-1031-0000-0000-000000000002}" = Adobe Acrobat  7.0 Elements - Deutsch
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{E809063C-51A3-4269-8984-D1EB742F2151}" = Click to DVD 2.5.00
"{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore
"{EB8DED20-A887-4A9C-BB5A-F3E7523DFB44}" = Nero WaveEditor 11 Help (CHM)
"{EBB7C1C1-D439-4D9B-9FDC-954C10F266B0}" = Adobe Photoshop Elements 4.0
"{EE7EB179-5AA2-4B28-AC92-5CBAAF82BA7F}" = SonicStage Mastering Studio Plugins
"{EF3D45BB-2260-4008-88EA-492E7744A9DF}" = Sony Utilities DLL
"{F0AC2E59-2AD8-4D4C-8677-4EFE8F8AFC37}" = Box Sync
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0D85ADD-DD61-4B43-87A0-6DA52A211A8B}" = VAIO Event Service
"{F2A7F421-1679-48D5-B918-96999014ED53}" = Microsoft .NET Framework 3.0 German Language Pack
"{F3743A2C-5D5F-4456-8F98-5DF36A954C50}" = Nero 11 Image Samples
"{F49EF443-B2BD-4F10-8A46-87AFCDB90EDD}" = Nero 11 Disc Menus Basic
"{F5E4C38C-73BC-4D44-8BFC-969C2B4DABCA}" = OpenMG Secure Module 4.3.00
"{F69FB940-5031-4FE8-AFAD-085802D0BF63}" = Nero Recode 11
"{F8EF9B71-53E7-41F5-8E54-47B4C979CB38}" = Nero Backup Drivers
"{FAC3C37E-EDAB-4F3A-A173-A7C70CC88F09}" = Nero Video 11 Help (CHM)
"{FB714F13-10C9-48DB-91C9-DDBCCCBF9370}" = VAIO Original Screen Saver VAIO Cozy Screen SD Wide Contents
"{FC37C108-821D-4EDE-8F40-D5B497586805}" = VAIO Control Center
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"{FF44BCE5-5A18-4051-85F0-BC172D7B4695}" = Nero CoverDesigner 11
"7-Zip" = 7-Zip 9.20
"Adobe Acrobat  7.0 Elements - Deutsch" = Adobe Acrobat  7.0 Elements - Deutsch
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop Elements 4" = Adobe Photoshop Elements 4.0
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.17
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_20030003" = HDAUDIO SoftV92 Data Fax Modem with SmartCP
"Digital Editions" = Adobe Digital Editions
"ESET Online Scanner" = ESET Online Scanner v3
"Exact Audio Copy" = Exact Audio Copy 1.0beta3
"Exif-Viewer" = Exif-Viewer 2.51
"FastStone Photo Resizer" = FastStone Photo Resizer 3.1
"F-Secure Product 444" = F-Secure Internet Security 2009
"GIMP-2_is1" = GIMP 2.8.0
"Hardcopy(G__hardcopy)" = Hardcopy (G:\hardcopy)
"HxD Hex Editor_is1" = HxD Hex Editor Version 1.7.7.0
"ie8" = Windows Internet Explorer 8
"Inkscape" = Inkscape 0.48.2
"InstallShield_{15803703-25FA-4C01-A062-3F4A59937E87}" = Ulead PhotoImpact X3
"InstallShield_{668B1BD6-4593-4959-970E-249AFFE6F35C}" = VAIO-Online-Registrierung (Deutsch)
"InstallShield_{9080C5D2-82FA-452A-87FA-CBB4B05D67A5}" = VAIO Product Survey
"InstallShield_{F5E4C38C-73BC-4D44-8BFC-969C2B4DABCA}" = OpenMG Secure Module 4.3.00
"MAGIX Xtreme Druck Center D" = MAGIX Xtreme Druck Center 5.0.0.7399 (D)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"Mein CEWE FOTOBUCH" = Mein CEWE FOTOBUCH
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 2.0 Language Pack - DEU" = Microsoft .NET Framework 2.0 Language Pack - DEU
"Microsoft .NET Framework 3.0 German Language Pack" = Microsoft .NET Framework 3.0 German Language Pack
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"MouseSuite98" = Sony USB Mouse
"Mozilla Firefox 18.0 (x86 de)" = Mozilla Firefox 18.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MP4 To MP3 Converter_is1" = MP4 To MP3 Converter V3.0.4
"Multiple Image Resizer .NET 4" = Multiple Image Resizer .NET 4
"My Club VAIO Media Center Edition_is1" = My Club VAIO MCE (German) 1.0.1
"net.tw.air.ShrinkOMatic.7C34F9BA9FAD6689FAABBE85F1F5B46BA5A32DE5.1" = Shrink O’Matic
"Notepad++" = Notepad++
"NVIDIA Drivers" = NVIDIA Drivers
"OpenMG HotFix4.3-05-09-14-01" = OpenMG Limited Patch 4.3-05-10-05-01
"PremElem20" = Adobe Premiere Elements 2.0
"ProInst" = Intel(R) PROSet/Wireless Software
"PROSet" = Intel(R) PRO Network Connections Drivers
"ShiftN_is1" = ShiftN 3.6.1
"Software Informer_is1" = Software Informer 1.1
"STRATO HiDrive" = STRATO HiDrive (remove only)
"The GodFather" = The GodFather
"Ubuntu One 4.0.0" = Ubuntu One
"UnderCoverXP_is1" = UnderCoverXP 1.23
"VLC media player" = VLC media player 2.0.4
"WD Link" = WD Link
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows XP Service Pack" = Windows XP Service Pack 3
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-2067509887-573568312-3817669188-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"TwonkyServer" = Twonky 7
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 10.01.2013 14:35:55 | Computer Name = LAPTOP-PC | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung fsm32.exe, Version 8.10.30091.0, fehlgeschlagenes
 Modul gdiplus.dll, Version 5.2.6002.22791, Fehleradresse 0x000445f4.
 
Error - 10.01.2013 14:35:58 | Computer Name = LAPTOP-PC | Source = F-Secure Anti-Virus | ID = 103
Description = 1  2013-01-10  19:35:36+02:00  LAPTOP-PC  LAPTOP-PC\Wolfgang  F-Secure
 Anti-Virus  An error occurred while scanning \DEVICE\HARDDISKVOLUME13\DOKUMENTE
UND EINSTELLUNGEN\WOLFGANG\ANWENDUNGSDATEN\SOFTWARE INFORMER\CACHE\ICONS\SIC4.TMP.
   
 
Error - 10.01.2013 14:37:55 | Computer Name = LAPTOP-PC | Source = F-Secure Anti-Virus | ID = 103
Description = 2  2013-01-10  19:37:55+02:00  LAPTOP-PC  LAPTOP-PC\Wolfgang  F-Secure
 Anti-Virus  An error occurred while scanning \DEVICE\HARDDISKVOLUME13\PROGRAMME\SONY\WLANSET\WLANSET.EXE.
   
 
Error - 10.01.2013 14:38:54 | Computer Name = LAPTOP-PC | Source = MsiInstaller | ID = 11706
Description = Produkt: Microsoft .NET Framework 1.1 -- Fehler 1706.Für das Produkt
 "Microsoft .NET Framework 1.1" wurde kein gültiger Quellcode gefunden.  Windows
 Installer kann nicht fortfahren.
 
Error - 10.01.2013 14:38:56 | Computer Name = LAPTOP-PC | Source = MsiInstaller | ID = 1023
Description = Produkt: Microsoft .NET Framework 1.1 - Update "{6C298884-91FD-408C-9D90-5A59D2C29FD1}"
 konnte nicht installiert werden. Fehlercode 1603. Weitere Informationen sind in
 der Protokolldatei C:\WINDOWS\TEMP\NDP1.1sp1-KB2742597-X86\NDP1.1sp1-KB2742597-X86-msi.0.log
 enthalten.
 
Error - 10.01.2013 14:38:57 | Computer Name = LAPTOP-PC | Source = NativeWrapper | ID = 5000
Description =
 
Error - 10.01.2013 14:52:55 | Computer Name = LAPTOP-PC | Source = MsiInstaller | ID = 11706
Description = Produkt: Microsoft .NET Framework 1.1 -- Fehler 1706.Für das Produkt
 "Microsoft .NET Framework 1.1" wurde kein gültiger Quellcode gefunden.  Windows
 Installer kann nicht fortfahren.
 
Error - 10.01.2013 14:52:58 | Computer Name = LAPTOP-PC | Source = MsiInstaller | ID = 1023
Description = Produkt: Microsoft .NET Framework 1.1 - Update "{6C298884-91FD-408C-9D90-5A59D2C29FD1}"
 konnte nicht installiert werden. Fehlercode 1603. Weitere Informationen sind in
 der Protokolldatei C:\DOKUME~1\Wolfgang\LOKALE~1\Temp\NDP1.1sp1-KB2742597-X86\NDP1.1sp1-KB2742597-X86-msi.0.log
 enthalten.
 
Error - 10.01.2013 14:52:58 | Computer Name = LAPTOP-PC | Source = NativeWrapper | ID = 5000
Description =
 
Error - 10.01.2013 19:50:27 | Computer Name = LAPTOP-PC | Source = F-Secure Anti-Virus | ID = 103
Description = 1  2013-01-11  00:50:26+02:00  LAPTOP-PC  LAPTOP-PC\Wolfgang  F-Secure
 Anti-Virus  Malicious code found in file C:\Dokumente und Einstellungen\Wolfgang\Desktop\wd4c1uoj.exe.
    Infection: Trojan.Generic.8544936    Action: The file was quarantined.   
 
[ System Events ]
Error - 10.01.2013 16:54:36 | Computer Name = LAPTOP-PC | Source = DCOM | ID = 10010
Description = Der Server "{4B635ECB-0887-4015-8CA6-D621362F98D1}" konnte innerhalb
 des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
 
Error - 10.01.2013 17:25:06 | Computer Name = LAPTOP-PC | Source = DCOM | ID = 10010
Description = Der Server "{4B635ECB-0887-4015-8CA6-D621362F98D1}" konnte innerhalb
 des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
 
Error - 10.01.2013 17:55:36 | Computer Name = LAPTOP-PC | Source = DCOM | ID = 10010
Description = Der Server "{4B635ECB-0887-4015-8CA6-D621362F98D1}" konnte innerhalb
 des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
 
Error - 10.01.2013 18:26:06 | Computer Name = LAPTOP-PC | Source = DCOM | ID = 10010
Description = Der Server "{4B635ECB-0887-4015-8CA6-D621362F98D1}" konnte innerhalb
 des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
 
Error - 10.01.2013 18:56:36 | Computer Name = LAPTOP-PC | Source = DCOM | ID = 10010
Description = Der Server "{4B635ECB-0887-4015-8CA6-D621362F98D1}" konnte innerhalb
 des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
 
Error - 10.01.2013 19:18:41 | Computer Name = LAPTOP-PC | Source = DCOM | ID = 10010
Description = Der Server "{4B635ECB-0887-4015-8CA6-D621362F98D1}" konnte innerhalb
 des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
 
Error - 10.01.2013 19:20:12 | Computer Name = LAPTOP-PC | Source = DCOM | ID = 10010
Description = Der Server "{4B635ECB-0887-4015-8CA6-D621362F98D1}" konnte innerhalb
 des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
 
Error - 10.01.2013 19:21:42 | Computer Name = LAPTOP-PC | Source = DCOM | ID = 10010
Description = Der Server "{4B635ECB-0887-4015-8CA6-D621362F98D1}" konnte innerhalb
 des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
 
Error - 10.01.2013 19:23:12 | Computer Name = LAPTOP-PC | Source = DCOM | ID = 10010
Description = Der Server "{4B635ECB-0887-4015-8CA6-D621362F98D1}" konnte innerhalb
 des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
 
Error - 10.01.2013 19:24:42 | Computer Name = LAPTOP-PC | Source = DCOM | ID = 10010
Description = Der Server "{4B635ECB-0887-4015-8CA6-D621362F98D1}" konnte innerhalb
 des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
 
 
< End of report >

wolfk 15.01.2013 15:23
Erinnerung an meinen Thread

Hallo Cosinus,

ich hoffe, die Freizeit war angenehm. Nun geht es sicher wie immer mit voller Kraft
weiter.

Gruß

Wolfk

cosinus 15.01.2013 16:44
Hm, da ist immer noch Toolbar-Müll drin
Bitte mal den aktuellen adwCleaner runterladen, also die alte adwcleaner löschen und neu runterladen

adwCleaner - Toolbars und ungewollte Start-/Suchseiten aufspüren

Downloade Dir bitte AdwCleaner auf deinen Desktop.

Falls der adwCleaner schon mal in der runtergeladen wurde, bitte die alte adwcleaner.exe löschen und neu runterladen!!
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Suche.
  • Nach Ende des Suchlaufs öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[Rx].txt. (x=fortlaufende Nummer)

wolfk 15.01.2013 18:20
Hallo Cosinus,

habe die alte adwcleaner gelöscht und die Datei noch einmal neu heruntergeladen
und auf "Suche" geklickt. Anbei die entstandene Logdatei.

Ich habe per Zufall eine Removal.log-Editor-Datei meines Virenwächters gefunden.
Sie wird ebenfalls gepostet.

Vielen Dank für Deine Bemühungen und einen guten Start in die Woche.

Wolfk

Code:
# AdwCleaner v2.105 - Datei am 15/01/2013 um 17:22:16 erstellt
# Aktualisiert am 08/01/2013 von Xplode
# Betriebssystem : Microsoft Windows XP Service Pack 3 (32 bits)
# Benutzer : Wolfgang - LAPTOP-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Dokumente und Einstellungen\Wolfgang\Desktop\adwcleaner.exe
# Option [Suche]


**** [Dienste] ****


***** [Dateien / Ordner] *****


***** [Registrierungsdatenbank] *****

Schlüssel Gefunden : HKLM\Software\Description

***** [Internet Browser] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Die Registrierungsdatenbank ist sauber.

*************************

AdwCleaner[R1].txt - [6833 octets] - [04/01/2013 17:52:17]
AdwCleaner[R2].txt - [6172 octets] - [10/01/2013 21:49:37]
AdwCleaner[R3].txt - [759 octets] - [15/01/2013 17:22:16]
AdwCleaner[S2].txt - [6270 octets] - [11/01/2013 00:14:37]

########## EOF - C:\AdwCleaner[R3].txt - [878 octets] ##########
Hier die Removal-Log.Editor-Datei

Code:
23.12.2012 00:00:17 Exploit:W32/CVE-2011-3402.A BEGIN
;
;Log created by USS version 5.1.18250
;
23.12.2012 00:00:17  Exploit:W32/CVE-2011-3402.A file "C:\Dokumente und Einstellungen\Wolfgang\Lokale Einstellungen\Temporary Internet Files\Content.IE5\5RLGOV1T\dissolve.culture[1].htm" quarantined success
23.12.2012 00:00:17  Exploit:W32/CVE-2011-3402.A file "C:\Dokumente und Einstellungen\Wolfgang\Lokale Einstellungen\Temporary Internet Files\Content.IE5\5RLGOV1T\dissolve.culture[1].htm" deleted success reboot
23.12.2012 00:00:17  Exploit:W32/CVE-2011-3402.A END

23.12.2012 16:08:52 Trojan.Generic.KD BEGIN
;
;Log created by USS version 5.1.18250
;
23.12.2012 16:08:53  Trojan.Generic.KD process "3172|c:\dokumente und einstellungen\wolfgang\wgsdgsdgdsgsd.dll" terminated success
23.12.2012 16:08:53  Trojan.Generic.KD process "3908|c:\dokumente und einstellungen\wolfgang\wgsdgsdgdsgsd.dll" terminated success
23.12.2012 16:08:54  Trojan.Generic.KD file "c:\dokumente und einstellungen\wolfgang\wgsdgsdgdsgsd.dll" quarantined success
23.12.2012 16:08:54  Trojan.Generic.KD registry "HKEY_LOCAL_MACHINE\System\ControlSet001\Services\winmgmt" quarantined success
23.12.2012 16:08:54  Trojan.Generic.KD registry "HKEY_LOCAL_MACHINE\System\ControlSet002\Services\winmgmt" quarantined success
23.12.2012 16:08:54  Trojan.Generic.KD registry "HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\winmgmt" quarantined success
23.12.2012 16:08:54  Trojan.Generic.KD registry "HKEY_USERS\S-1-5-21-2067509887-573568312-3817669188-1007\Software\Microsoft\Internet Explorer\Main|Search Page" quarantined failed
23.12.2012 16:08:54  Trojan.Generic.KD registry "HKEY_USERS\S-1-5-21-2067509887-573568312-3817669188-500\Software\Microsoft\Internet Explorer\Main|Search Page" quarantined failed
23.12.2012 16:08:54  Trojan.Generic.KD registry "HKEY_USERS\S-1-5-21-2067509887-573568312-3817669188-500\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced|ShowSuperHidden" quarantined failed
23.12.2012 16:08:55  Trojan.Generic.KD registry "HKEY_USERS\S-1-5-21-2067509887-573568312-3817669188-500\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced|ShowSuperHidden" restored failed
23.12.2012 16:08:55  Trojan.Generic.KD registry "HKEY_LOCAL_MACHINE\System\ControlSet001\Services\winmgmt" deleted success
23.12.2012 16:08:55  Trojan.Generic.KD registry "HKEY_LOCAL_MACHINE\System\ControlSet002\Services\winmgmt" deleted success
23.12.2012 16:08:55  Trojan.Generic.KD registry "HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\winmgmt" deleted success
23.12.2012 16:08:55  Trojan.Generic.KD registry "HKEY_USERS\S-1-5-21-2067509887-573568312-3817669188-1007\Software\Microsoft\Internet Explorer\Main|Search Page" deleted failed
23.12.2012 16:08:55  Trojan.Generic.KD registry "HKEY_USERS\S-1-5-21-2067509887-573568312-3817669188-500\Software\Microsoft\Internet Explorer\Main|Search Page" deleted failed
23.12.2012 16:08:55  Trojan.Generic.KD file "c:\dokumente und einstellungen\wolfgang\wgsdgsdgdsgsd.dll" deleted success reboot
23.12.2012 16:08:55  Trojan.Generic.KD END

23.12.2012 16:08:55 Trojan.Generic.KD.815879 BEGIN
;
;Log created by USS version 5.1.18250
;
23.12.2012 16:08:55  Trojan.Generic.KD.815879 file "C:\DOKUMENTE UND EINSTELLUNGEN\WOLFGANG\WGSDGSDGDSGSD.DLL" quarantined success
23.12.2012 16:08:55  Trojan.Generic.KD.815879 file "C:\DOKUMENTE UND EINSTELLUNGEN\WOLFGANG\WGSDGSDGDSGSD.DLL" deleted failed reboot
23.12.2012 16:08:55  Trojan.Generic.KD.815879 END

03.01.2013 01:17:55 Trojan.Generic.KD.815879 BEGIN
;
;Log created by USS version 5.1.18250
;
03.01.2013 01:17:55  Trojan.Generic.KD.815879 file "C:\System Volume Information\_restore{2C76FB69-9053-4B39-942F-CBA82E44F704}\RP102\A0020447.dll.vir" quarantined success
03.01.2013 01:17:55  Trojan.Generic.KD.815879 file "C:\System Volume Information\_restore{2C76FB69-9053-4B39-942F-CBA82E44F704}\RP102\A0020447.dll.vir" deleted success
03.01.2013 01:17:55  Trojan.Generic.KD.815879 END

11.01.2013 00:50:26 Trojan.Generic.8544936 BEGIN
;
;Log created by USS version 5.1.18250
;
11.01.2013 00:50:26  Trojan.Generic.8544936 file "C:\Dokumente und Einstellungen\Wolfgang\Desktop\wd4c1uoj.exe" quarantined success
11.01.2013 00:50:26  Trojan.Generic.8544936 file "C:\Dokumente und Einstellungen\Wolfgang\Desktop\wd4c1uoj.exe" deleted success
11.01.2013 00:50:26  Trojan.Generic.8544936 END

11.01.2013 04:39:14 Trojan.Generic.8544936 BEGIN
;
;Log created by USS version 5.1.18250
;
11.01.2013 04:39:14  Trojan.Generic.8544936 file "C:\System Volume Information\_restore{2C76FB69-9053-4B39-942F-CBA82E44F704}\RP109\A0024070.exe" quarantined success
11.01.2013 04:39:14  Trojan.Generic.8544936 file "C:\System Volume Information\_restore{2C76FB69-9053-4B39-942F-CBA82E44F704}\RP109\A0024070.exe" deleted success
11.01.2013 04:39:14  Trojan.Generic.8544936 END

12.01.2013 17:14:56 Trojan.Script.480412 BEGIN
;
;Log created by USS version 5.1.18250
;
12.01.2013 17:15:24  Trojan.Script.480412 file "C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\dsgsdgdsgdsgw.js" quarantined success
12.01.2013 17:15:24  Trojan.Script.480412 registry "HKEY_USERS\S-1-5-21-2067509887-573568312-3817669188-1007\Software\Microsoft\Internet Explorer\Main|Search Page" quarantined failed
12.01.2013 17:15:24  Trojan.Script.480412 registry "HKEY_USERS\S-1-5-21-2067509887-573568312-3817669188-500\Software\Microsoft\Internet Explorer\Main|Search Page" quarantined failed
12.01.2013 17:15:25  Trojan.Script.480412 registry "HKEY_USERS\S-1-5-21-2067509887-573568312-3817669188-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Hidden" quarantined success
12.01.2013 17:15:25  Trojan.Script.480412 registry "HKEY_USERS\S-1-5-21-2067509887-573568312-3817669188-500\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced|ShowSuperHidden" quarantined failed
12.01.2013 17:15:25  Trojan.Script.480412 registry "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path|Debugger" quarantined success
12.01.2013 17:15:26  Trojan.Script.480412 registry "HKEY_USERS\S-1-5-21-2067509887-573568312-3817669188-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Hidden" restored success
12.01.2013 17:15:26  Trojan.Script.480412 registry "HKEY_USERS\S-1-5-21-2067509887-573568312-3817669188-500\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced|ShowSuperHidden" restored failed
12.01.2013 17:15:26  Trojan.Script.480412 registry "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path|Debugger" restored success
12.01.2013 17:15:26  Trojan.Script.480412 registry "HKEY_USERS\S-1-5-21-2067509887-573568312-3817669188-1007\Software\Microsoft\Internet Explorer\Main|Search Page" deleted failed
12.01.2013 17:15:26  Trojan.Script.480412 registry "HKEY_USERS\S-1-5-21-2067509887-573568312-3817669188-500\Software\Microsoft\Internet Explorer\Main|Search Page" deleted failed
12.01.2013 17:15:26  Trojan.Script.480412 file "C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\dsgsdgdsgdsgw.js" deleted success
12.01.2013 17:15:26  Trojan.Script.480412 END

cosinus 16.01.2013 12:18
adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen
  • Schließe alle offenen Programme und Browser.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Löschen.
  • Bestätige jeweils mit Ok.
  • Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[Sx].txt. (x=fortlaufende Nummer)

Danach eine Kontrolle mit OTL bitte:
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles in CODE-Tags hier in den Thread.

wolfk 16.01.2013 13:47
Hallo Cosinus,

zuerst habe ich alle offenen Programme und Browser geschlossen und
dann mit einem Doppelklick die adwcleaner.exe gestartet.
Nach einem Klick auf "Löschen" und Bestätigung jeweils mit "OK"
startete der Rechner neu und es öffnete sich die beigefügte
Textdatei.

Danach war eine Kontrolle mit OTL durchzuführen mittels
Doppelklick auf die OTL.exe. Vorab war ein Haken bei
"Scanne alle Benutzer" zu setzen, minimaler Output und
unter Extra Registry "Use Safelist" zu wählen. Der Scan
wurde durch Klick auf Run gestartet. Die nach Beendigung
des Scans erstellten 2 Logfiles sind in CODE-Tags in den
Thread zu posten.

Vielen Dank für Deine Bemühungen

wolfk

Logdatei AdwCleaner[Sx].txt

Code:
# AdwCleaner v2.105 - Datei am 16/01/2013 um 13:05:39 erstellt
# Aktualisiert am 08/01/2013 von Xplode
# Betriebssystem : Microsoft Windows XP Service Pack 3 (32 bits)
# Benutzer : Wolfgang - LAPTOP-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Dokumente und Einstellungen\Wolfgang\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****


***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKLM\Software\Description

***** [Internet Browser] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Die Registrierungsdatenbank ist sauber.

*************************

AdwCleaner[R1].txt - [6833 octets] - [04/01/2013 17:52:17]
AdwCleaner[R2].txt - [6172 octets] - [10/01/2013 21:49:37]
AdwCleaner[R3].txt - [946 octets] - [15/01/2013 17:22:16]
AdwCleaner[S2].txt - [6270 octets] - [11/01/2013 00:14:37]
AdwCleaner[S3].txt - [880 octets] - [16/01/2013 13:05:39]

########## EOF - C:\AdwCleaner[S3].txt - [939 octets] ##########
2 Logfiles OTL.exe

Code:
OTL logfile created on: 16.01.2013 13:31:37 - Run 5
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Dokumente und Einstellungen\Wolfgang\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,10 Gb Available Physical Memory | 55,19% Memory free
3,85 Gb Paging File | 2,96 Gb Available in Paging File | 76,85% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 48,83 Gb Total Space | 25,39 Gb Free Space | 51,99% Space Free | Partition Type: NTFS
Drive D: | 140,58 Gb Total Space | 125,15 Gb Free Space | 89,03% Space Free | Partition Type: FAT32
Drive F: | 48,83 Gb Total Space | 35,30 Gb Free Space | 72,30% Space Free | Partition Type: NTFS
Drive G: | 75,89 Gb Total Space | 68,83 Gb Free Space | 90,70% Space Free | Partition Type: NTFS
Drive J: | 50,27 Gb Total Space | 50,26 Gb Free Space | 100,00% Space Free | Partition Type: FAT32
Drive N: | 465,73 Gb Total Space | 115,08 Gb Free Space | 24,71% Space Free | Partition Type: NTFS
 
Computer Name: LAPTOP-PC | User Name: Wolfgang | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - G:\Programme\mozilla firefox\firefox.exe (Mozilla Corporation)
PRC - G:\Eigene Programme\F-Secure\Anti-Virus\fsav32.exe (F-Secure Corporation)
PRC - G:\Eigene Programme\F-Secure\Anti-Virus\fssm32.exe (F-Secure Corporation)
PRC - G:\Eigene Programme\F-Secure\Anti-Virus\fsgk32.exe (F-Secure Corporation)
PRC - C:\Dokumente und Einstellungen\Wolfgang\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Box Sync\BoxSyncHelper.exe (Box, Inc.)
PRC - C:\Programme\Box Sync\BoxSync.exe (Box, Inc.)
PRC - C:\Programme\ubuntuone\dist\ubuntu-sso-login.exe ()
PRC - C:\Programme\ubuntuone\dist\ubuntuone-syncdaemon.exe ()
PRC - C:\Programme\ubuntuone\dist\ubuntuone-proxy-tunnel.exe ()
PRC - C:\Programme\ubuntuone\dist\ubuntuone-control-panel-qt.exe ()
PRC - C:\Programme\Twonky\TwonkyServer\twonkyproxy.exe ()
PRC - C:\Programme\Twonky\TwonkyServer\twonkywebdav.exe ()
PRC - C:\Programme\Twonky\TwonkyServer\twonkytray.exe (PacketVideo)
PRC - C:\Programme\Java\jre7\bin\jqs.exe (Oracle Corporation)
PRC - G:\Programme\PDF24\pdf24.exe (Geek Software GmbH)
PRC - G:\Programme\Notepad++\notepad++.exe (Don HO don.h@free.fr)
PRC - C:\Programme\Gemeinsame Dateien\Java\Java Update\jucheck.exe (Sun Microsystems, Inc.)
PRC - C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
PRC - G:\Eigene Programme\F-Secure\ORSP Client\fsorsp.exe (F-Secure Corporation)
PRC - G:\hardcopy\hardcopy.exe (sw4you, Siegfried Weckmann)
PRC - C:\Programme\Sony\VAIO Update 5\VAIOUpdt.exe (Sony Corporation)
PRC - C:\Programme\Sony\VAIO Update Common\VUAgent.exe (Sony Corporation)
PRC - G:\Programme\STRATO AG\STRATO HiDrive\STRATO HiDrive Service.exe (STRATO)
PRC - C:\Programme\Software Informer\softinfo.exe (Informer Technologies, Inc.)
PRC - C:\Programme\Nero\Update\NASvc.exe (Nero AG)
PRC - G:\Eigene Programme\F-Secure\Common\FSM32.EXE (F-Secure Corporation)
PRC - G:\Eigene Programme\F-Secure\Common\FSMA32.EXE (F-Secure Corporation)
PRC - G:\Eigene Programme\F-Secure\Common\FSHDLL32.EXE (F-Secure Corporation)
PRC - G:\Eigene Programme\F-Secure\FWES\program\fsdfwd.exe (F-Secure Corporation)
PRC - G:\Eigene Programme\F-Secure\Anti-Virus\fsgk32st.exe (F-Secure Corporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Gemeinsame Dateien\Ulead Systems\AutoDetector\Monitor.exe (Ulead Systems, Inc.)
PRC - C:\Programme\Sony\VAIO Camera Utility\VCUServe.exe (Sony Corporation)
PRC - C:\Programme\Sony\VAIO Power Management\SPMgr.exe (Sony Corporation)
PRC - C:\Programme\Sony\Wireless Switch Setting Utility\Switcher.exe (Sony Corporation)
PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.)
PRC - C:\Programme\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe ()
PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe (TOSHIBA CORPORATION.)
PRC - C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe (Sony Corporation)
PRC - C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe (Sony Corporation)
PRC - C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe (Sony Corporation)
PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe (TOSHIBA CORPORATION.)
PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe (TOSHIBA CORPORATION.)
PRC - C:\Programme\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation)
PRC - C:\Programme\Adobe\Acrobat 7.0\Distillr\acrotray.exe (Adobe Systems Inc.)
PRC - C:\Programme\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
PRC - C:\Programme\Apoint\ApntEx.exe (Alps Electric Co., Ltd.)
PRC - C:\Programme\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
PRC - C:\WINDOWS\system32\ico.exe (Primax Electronics Ltd.)
 
 
========== Modules (No Company Name) ==========
 
MOD - G:\Programme\mozilla firefox\mozjs.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\BoxSyncHelper\69a33ca4d86dd204a06bebc087d60b26\BoxSyncHelper.ni.exe ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Newtonsoft.Json.Net#\ad7f1ab6eb4d4760d6a44da93a726174\Newtonsoft.Json.Net20.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Python.Runtime\e504461905e60c71e7b15698bca2b340\Python.Runtime.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Management\1a6f9e23985e3159e6dd9827fd81c2fd\System.Management.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\ZetaLongPaths\79a6c14accd5a637a81f08525630c90e\ZetaLongPaths.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\BoxUtils\8fcb0e3bc42873044d8bb5ba01a4fd68\BoxUtils.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\BoxSync\a3b01b2b9821350be75712b900bf5589\BoxSync.ni.exe ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\5f287bf8e66e3b9bfc5562ad7e3c7857\System.Configuration.Install.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\d8e6b9c70a9456677c5d746fa603013f\System.Web.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\d7a2248a76f0e94d56c92c5bf96f5175\System.Runtime.Remoting.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Transactions\ad737988d5bde126a3b7770eacc51e5b\System.Transactions.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data\8462c03b4f10c4624feb95790d6d1e30\System.Data.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Accessibility\cbee94ec6a0fe649e3b4643cea6e1259\Accessibility.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\4c91371e83d124ecb39664613e7e0417\System.Windows.Forms.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\7782f356a838c403b4a8e9c80df5a577\System.Drawing.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Security\203f25ba39b45027d2d0c8f849a471db\System.Security.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\d8f621506aee1c8eb8fdb948d4640dca\System.Data.SqlXml.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\fe025743210c22bea2f009e1612c38bf\System.Xml.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\96b7a0136e9e72e8f4eb0230c20766d2\System.Configuration.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\aeac298c43c77d8860db8e7634d9f2eb\System.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\eab2340ead8e1a84bdf1a87868659979\mscorlib.ni.dll ()
MOD - C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll ()
MOD - C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll ()
MOD - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.DEU ()
MOD - C:\Programme\ubuntuone\dist\ubuntu-sso-login.exe ()
MOD - C:\Programme\ubuntuone\dist\ubuntuone-syncdaemon.exe ()
MOD - C:\Programme\ubuntuone\dist\ubuntuone-proxy-tunnel.exe ()
MOD - C:\Programme\ubuntuone\dist\ubuntuone-control-panel-qt.exe ()
MOD - C:\Programme\Twonky\TwonkyServer\twonkyproxy.exe ()
MOD - C:\Programme\Twonky\TwonkyServer\twonkywebdav.exe ()
MOD - C:\Programme\ubuntuone\dist\zope.interface._zope_interface_coptimizations.pyd ()
MOD - C:\Programme\ubuntuone\dist\OpenSSL.crypto.pyd ()
MOD - C:\Programme\ubuntuone\dist\OpenSSL.SSL.pyd ()
MOD - C:\Programme\ubuntuone\dist\OpenSSL.rand.pyd ()
MOD - C:\Programme\ubuntuone\dist\Crypto.Cipher.AES.pyd ()
MOD - C:\Programme\ubuntuone\dist\twisted.python._initgroups.pyd ()
MOD - C:\Programme\Box Sync\_ssl.pyd ()
MOD - C:\Programme\Box Sync\unicodedata.pyd ()
MOD - C:\Programme\Box Sync\sqlite3.dll ()
MOD - C:\Programme\Box Sync\_hashlib.pyd ()
MOD - C:\Programme\Box Sync\pyexpat.pyd ()
MOD - C:\Programme\Box Sync\win32file.pyd ()
MOD - C:\Programme\Box Sync\pywintypes27.dll ()
MOD - C:\Programme\Box Sync\win32security.pyd ()
MOD - C:\Programme\Box Sync\win32api.pyd ()
MOD - C:\Programme\Box Sync\_elementtree.pyd ()
MOD - C:\Programme\Box Sync\_ctypes.pyd ()
MOD - C:\Programme\Box Sync\_sqlite3.pyd ()
MOD - C:\Programme\Box Sync\_socket.pyd ()
MOD - C:\Programme\Box Sync\_testcapi.pyd ()
MOD - C:\Programme\Box Sync\_win32sysloader.pyd ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Core\a2b1103ad3d9f329e0c9164994137c81\System.Core.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml\21071fcc838660d96f10920c4c3cd206\System.Xml.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Configuration\363b05dd092178671e56531a9c4999b6\System.Configuration.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System\3ff4657a86a0e14b4be577969e0ec762\System.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\mscorlib\52f4f785f7cf45a64606a8e13c8cf04c\mscorlib.ni.dll ()
MOD - C:\Programme\ubuntuone\dist\PyQt4.QtNetwork.pyd ()
MOD - C:\Programme\ubuntuone\dist\PyQt4.QtGui.pyd ()
MOD - C:\Programme\ubuntuone\dist\PyQt4.QtCore.pyd ()
MOD - C:\Programme\ubuntuone\dist\sip.pyd ()
MOD - G:\Eigene Programme\F-Secure\Anti-Virus\minifilter\hashlib_x86.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - G:\hardcopy\HcDllS.dll ()
MOD - C:\Programme\ubuntuone\dist\_ssl.pyd ()
MOD - C:\Programme\ubuntuone\dist\_hashlib.pyd ()
MOD - C:\Programme\ubuntuone\dist\_ctypes.pyd ()
MOD - C:\Programme\ubuntuone\dist\select.pyd ()
MOD - C:\Programme\ubuntuone\dist\unicodedata.pyd ()
MOD - C:\Programme\ubuntuone\dist\_socket.pyd ()
MOD - G:\hardcopy\HcDLL2_36_Win32.dll ()
MOD - C:\Programme\ubuntuone\dist\win32com.shell.shell.pyd ()
MOD - C:\Programme\ubuntuone\dist\pythoncom27.dll ()
MOD - C:\Programme\ubuntuone\dist\win32gui.pyd ()
MOD - C:\Programme\ubuntuone\dist\win32api.pyd ()
MOD - C:\Programme\ubuntuone\dist\win32trace.pyd ()
MOD - C:\Programme\ubuntuone\dist\win32security.pyd ()
MOD - C:\Programme\ubuntuone\dist\win32process.pyd ()
MOD - C:\Programme\ubuntuone\dist\win32pipe.pyd ()
MOD - C:\Programme\ubuntuone\dist\win32event.pyd ()
MOD - C:\Programme\ubuntuone\dist\win32file.pyd ()
MOD - C:\Programme\ubuntuone\dist\pywintypes27.dll ()
MOD - G:\hardcopy\hardcopy_04.dll ()
MOD - G:\Programme\Notepad++\plugins\NppFTP.dll ()
MOD - G:\Programme\Notepad++\plugins\NppExport.dll ()
MOD - C:\WINDOWS\system32\sbe.dll ()
MOD - G:\Eigene Programme\F-Secure\Spam Control\fsas.dll ()
MOD - \\?\g:\eigene programme\f-secure\hips\fsumi.dll ()
MOD - G:\Eigene Programme\F-Secure\FSGUI\strres.eng ()
MOD - G:\Eigene Programme\F-Secure\FSGUI\gres.dll ()
MOD - G:\Eigene Programme\F-Secure\FSGUI\fsavures.eng ()
MOD - G:\Eigene Programme\F-Secure\FSGUI\flyerres.eng ()
MOD - G:\Eigene Programme\F-Secure\FSGUI\about.dll ()
MOD - G:\Eigene Programme\F-Secure\FSGUI\aboutres.dll ()
MOD - G:\Eigene Programme\F-Secure\Anti-Virus\fsavhres.eng ()
MOD - g:\Eigene Programme\F-Secure\DAAS2\daas2.dll ()
MOD - C:\WINDOWS\system32\msdmo.dll ()
MOD - C:\Programme\Gemeinsame Dateien\Ulead Systems\AutoDetector\DetMethod.dll ()
MOD - C:\WINDOWS\system32\msjetoledb40.dll ()
MOD - C:\Programme\Sony\VAIO Camera Utility\VCULib.dll ()
MOD - C:\Programme\Intel\Wireless\Bin\Libeay32.dll ()
MOD - C:\Programme\Intel\Wireless\Bin\iWMSProv.dll ()
MOD - C:\Programme\Intel\Wireless\Bin\IntStngs.dll ()
MOD - C:\Programme\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe ()
MOD - C:\WINDOWS\system32\TosCommAPI.dll ()
MOD - C:\Programme\Sony\VAIO Event Service\VESBasePS.dll ()
MOD - C:\Programme\Adobe\Acrobat 7.0\Distillr\AdistRes.DEU ()
MOD - C:\WINDOWS\system32\TosBtHcrpAPI.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (HidServ) -- %SystemRoot%\System32\hidserv.dll File not found
SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (TwonkyProxy) -- C:\Programme\Twonky\TwonkyServer\twonkyproxy.exe ()
SRV - (TwonkyWebDav) -- C:\Programme\Twonky\TwonkyServer\twonkywebdav.exe ()
SRV - (JavaQuickStarterService) -- C:\Programme\Java\jre7\bin\jqs.exe (Oracle Corporation)
SRV - (FSORSPClient) -- G:\Eigene Programme\F-Secure\ORSP Client\fsorsp.exe (F-Secure Corporation)
SRV - (VUAgent) -- C:\Programme\Sony\VAIO Update Common\VUAgent.exe (Sony Corporation)
SRV - (STRATO HiDrive Service) -- G:\Programme\STRATO AG\STRATO HiDrive\STRATO HiDrive Service.exe (STRATO)
SRV - (NAUpdate) -- C:\Programme\Nero\Update\NASvc.exe (Nero AG)
SRV - (FSMA) -- G:\Eigene Programme\F-Secure\Common\FSMA32.EXE (F-Secure Corporation)
SRV - (FSDFWD) -- G:\Eigene Programme\F-Secure\FWES\program\fsdfwd.exe (F-Secure Corporation)
SRV - (F-Secure Gatekeeper Handler Starter) -- G:\Eigene Programme\F-Secure\Anti-Virus\fsgk32st.exe (F-Secure Corporation)
SRV - (VAIOMediaPlatform-IntegratedServer-AppServer) -- C:\Programme\Sony\VAIO Media Integrated Server\VMISrv.exe (Sony Corporation)
SRV - (VAIOMediaPlatform-IntegratedServer-UPnP) -- C:\Programme\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe (Sony Corporation)
SRV - (VAIOMediaPlatform-IntegratedServer-HTTP) -- C:\Programme\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe (Sony Corporation)
SRV - (VAIOMediaPlatform-Mobile-Gateway) -- C:\Programme\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe (Sony Corporation)
SRV - (VAIO Entertainment TV Device Arbitration Service) -- C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe (Sony Corporation)
SRV - (SSScsiSV) -- C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\SSScsiSV.exe (Sony Corporation)
SRV - (AdobeActiveFileMonitor4.0) -- C:\Programme\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe ()
SRV - (VzCdbSvc) -- C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe (Sony Corporation)
SRV - (VzFw) -- C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe (Sony Corporation)
SRV - (Vcsw) -- C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe (Sony Corporation)
SRV - (MSCSPTISRV) -- C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\MSCSPTISRV.exe (Sony Corporation)
SRV - (PACSPTISVR) -- C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\PACSPTISVR.exe (Sony Corporation)
SRV - (SPTISRV) -- C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\SPTISRV.exe (Sony Corporation)
SRV - (Image Converter video recording monitor for VAIO Entertainment) -- C:\Programme\Sony\Image Converter 2\IcVzMon.exe (Sony Corporation)
SRV - (VAIO Event Service) -- C:\Programme\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation)
SRV - (VCI) -- C:\Programme\Sony\VAIO Cooperated Initialisation\VCI_svc.exe (Sony Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (WDICA) --  File not found
DRV - (PDRFRAME) --  File not found
DRV - (PDRELI) --  File not found
DRV - (PDFRAME) --  File not found
DRV - (PDCOMP) --  File not found
DRV - (PCIDump) --  File not found
DRV - (lbrtfdc) --  File not found
DRV - (i2omgmt) --  File not found
DRV - (esihdrv) -- C:\DOKUME~1\Wolfgang\LOKALE~1\Temp\esihdrv.sys File not found
DRV - (Changer) --  File not found
DRV - (catchme) -- C:\DOKUME~1\Wolfgang\LOKALE~1\Temp\catchme.sys File not found
DRV - (F-Secure Gatekeeper) -- G:\Eigene Programme\F-Secure\Anti-Virus\minifilter\fsgk.sys ()
DRV - (fsbts) -- C:\WINDOWS\system32\drivers\fsbts.sys ()
DRV - (NBVol) -- C:\WINDOWS\system32\drivers\NBVol.sys (Nero AG)
DRV - (NBVolUp) -- C:\WINDOWS\system32\drivers\NBVolUp.sys (Nero AG)
DRV - (tap0901) -- C:\WINDOWS\system32\drivers\tap0901.sys (The OpenVPN Project)
DRV - (F-Secure HIPS) -- G:\Eigene Programme\F-Secure\HIPS\drivers\fshs.sys (F-Secure Corporation)
DRV - (FSFW) -- C:\WINDOWS\system32\drivers\fsdfw.sys (F-Secure Corporation)
DRV - (F-Secure Filter) -- G:\Eigene Programme\F-Secure\Anti-Virus\win2k\fsfilter.sys ()
DRV - (F-Secure Recognizer) -- G:\Eigene Programme\F-Secure\Anti-Virus\win2k\fsrec.sys ()
DRV - (WDC_SAM) -- C:\WINDOWS\system32\drivers\wdcsam.sys (Western Digital Technologies)
DRV - (SonyImgF) -- C:\WINDOWS\system32\drivers\SonyImgF.sys (Sony Corporation)
DRV - (s24trans) -- C:\WINDOWS\system32\drivers\s24trans.sys (Intel Corporation)
DRV - (w39n51) -- C:\WINDOWS\system32\drivers\w39n51.sys (Intel® Corporation)
DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (SigmaTel, Inc.)
DRV - (Tosrfusb) -- C:\WINDOWS\system32\drivers\tosrfusb.sys (TOSHIBA CORPORATION)
DRV - (TosRfSnd) -- C:\WINDOWS\system32\drivers\tosrfsnd.sys (TOSHIBA Corporation)
DRV - (usbvm321) -- C:\WINDOWS\system32\drivers\usbvm321.sys (Vimicro Corporation)
DRV - (HSF_DPV) -- C:\WINDOWS\system32\drivers\HSF_DPV.sys (Conexant Systems, Inc.)
DRV - (HSFHWAZL) -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (Tosrfbd) -- C:\WINDOWS\system32\drivers\tosrfbd.sys (TOSHIBA CORPORATION)
DRV - (Tosrfhid) -- C:\WINDOWS\system32\drivers\tosrfhid.sys (TOSHIBA Corporation.)
DRV - (ti21sony) -- C:\WINDOWS\system32\drivers\ti21sony.sys (Texas Instruments)
DRV - (SI3132) -- C:\WINDOWS\system32\drivers\SI3132.sys (Silicon Image, Inc.)
DRV - (SiRemFil) -- C:\WINDOWS\system32\drivers\SiRemFil.sys (Silicon Image, Inc.)
DRV - (tosporte) -- C:\WINDOWS\system32\drivers\tosporte.sys (TOSHIBA Corporation)
DRV - (Tosrfbnp) -- C:\WINDOWS\system32\drivers\tosrfbnp.sys (TOSHIBA Corporation)
DRV - (Tosrfcom) -- C:\WINDOWS\system32\drivers\tosrfcom.sys (TOSHIBA Corporation)
DRV - (toshidpt) -- C:\WINDOWS\system32\drivers\toshidpt.sys (TOSHIBA Corporation.)
DRV - (tosrfnds) -- C:\WINDOWS\system32\drivers\tosrfnds.sys (TOSHIBA Corporation.)
DRV - (ApfiltrService) -- C:\WINDOWS\system32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (SiFilter) -- C:\WINDOWS\system32\drivers\SiWinAcc.sys (Silicon Image, Inc.)
DRV - (DMICall) -- C:\WINDOWS\system32\drivers\DMICall.sys (Sony Corporation)
DRV - (SNC) -- C:\WINDOWS\system32\drivers\SonyNC.sys (Sony Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.club-vaio.com/de/
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.club-vaio.com/de/
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-21-2067509887-573568312-3817669188-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-21-2067509887-573568312-3817669188-1006\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-2067509887-573568312-3817669188-1006\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-2067509887-573568312-3817669188-1006\..\SearchScopes\{0F9E37E5-7094-4B2A-BA63-45728792B28B}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=FKR&o=100000013&src=crm&q={searchTerms}&locale=&apn_ptnrs=2T&apn_dtid=YYYYYYYYDE&apn_uid=20f87da0-8a57-4582-a7cf-f83df4dd67e0&apn_sauid=E6103EC5-827E-45F3-9103-1CA704EF6625
IE - HKU\S-1-5-21-2067509887-573568312-3817669188-1006\..\SearchScopes\{AF0B3699-313C-47CE-B187-97C181997C92}: "URL" = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKU\S-1-5-21-2067509887-573568312-3817669188-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "hxxp://www.kottowski.de"
FF - prefs.js..extensions.enabledAddons: spam%40trashmail.net:2.6.2
FF - prefs.js..extensions.enabledAddons: litmus-ff%40f-secure.com:1.10
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0
FF - prefs.js..keyword.URL: "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=FKR&o=100000013&locale=de_DE&apn_uid=20f87da0-8a57-4582-a7cf-f83df4dd67e0&apn_ptnrs=2T&apn_sauid=E6103EC5-827E-45F3-9103-1CA704EF6625&apn_dtid=YYYYYYYYDE&&q="
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Programme\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Nero.com/KM: C:\PROGRA~1\GEMEIN~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.4: G:\Programme\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: G:\Programme\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101753.dll (Amazon.com, Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\litmus-ff@f-secure.com: G:\Eigene Programme\F-Secure\NRS\litmus-ff@f-secure.com [2013.01.03 20:18:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0\extensions\\Components: g:\programme\mozilla firefox\components [2013.01.10 20:43:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0\extensions\\Plugins: g:\programme\mozilla firefox\plugins
 
[2012.06.10 19:48:52 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Wolfgang\Anwendungsdaten\Mozilla\Extensions
[2012.12.02 20:03:37 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Wolfgang\Anwendungsdaten\Mozilla\Firefox\Profiles\jp8vstay.default\extensions
[2012.10.24 21:55:03 | 000,000,000 | ---D | M] (Fotosketcher Toolbar) -- C:\Dokumente und Einstellungen\Wolfgang\Anwendungsdaten\Mozilla\Firefox\Profiles\jp8vstay.default\extensions\toolbar@ask.com
[2012.12.02 20:03:37 | 000,217,069 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\Wolfgang\Anwendungsdaten\Mozilla\Firefox\Profiles\jp8vstay.default\extensions\spam@trashmail.net.xpi
[2012.10.24 21:55:04 | 000,002,331 | ---- | M] () -- C:\Dokumente und Einstellungen\Wolfgang\Anwendungsdaten\Mozilla\Firefox\Profiles\jp8vstay.default\searchplugins\askcom.xml
[2013.01.03 20:18:32 | 000,000,000 | ---D | M] ("urn:mozilla:install-manifest" em:creator="(c) 2007 by F-Secure" em:description="Browsing Protection Toolbar" em:homepageURL="hxxp://www.f-secure.com/" em:iconURL="chrome://litmus-ff/skin/logo.png" em:id="litmus-ff@f-secure.com" em:name="Browsing Protection" em:updateURL="https://10.70.0.25/fireup/update.rdf" em:version="1.10">) -- G:\EIGENE PROGRAMME\F-SECURE\NRS\LITMUS-FF@F-SECURE.COM
 
O1 HOSTS File: ([2013.01.09 21:56:43 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Programme\Google\GoogleToolbar1.dll (Google Inc.)
O2 - BHO: (Browsing Protection Class) - {C6867EB7-8350-4856-877F-93CF8AE3DC9C} - G:\Eigene Programme\F-Secure\NRS\iescript\baselitmus.dll (F-Secure Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Programme\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Browsing Protection Toolbar) - {265EEE8E-3228-44D3-AEA5-F7FDF5860049} - G:\Eigene Programme\F-Secure\NRS\iescript\baselitmus.dll (F-Secure Corporation)
O3 - HKU\S-1-5-21-2067509887-573568312-3817669188-1006\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-21-2067509887-573568312-3817669188-1006\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKU\S-1-5-21-2067509887-573568312-3817669188-1006\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Programme\Google\GoogleToolbar1.dll (Google Inc.)
O4 - HKLM..\Run: [Acrobat Assistant 7.0] C:\Programme\Adobe\Acrobat 7.0\Distillr\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Apoint] C:\Programme\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [BoxSyncHelper] C:\Programme\Box Sync\BoxSyncHelper.exe (Box, Inc.)
O4 - HKLM..\Run: [F-Secure Manager] G:\Eigene Programme\F-Secure\Common\FSM32.EXE (F-Secure Corporation)
O4 - HKLM..\Run: [F-Secure TNB] G:\Eigene Programme\F-Secure\FSGUI\TNBUtil.exe (F-Secure Corporation)
O4 - HKLM..\Run: [ISBMgr.exe] C:\Programme\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [Mouse Suite 98 Daemon] C:\WINDOWS\System32\ico.exe (Primax Electronics Ltd.)
O4 - HKLM..\Run: [NBAgent] C:\Programme\Nero\Nero 11\Nero BackItUp\NBAgent.exe (Nero AG)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [PDFPrint] G:\Programme\PDF24\pdf24.exe (Geek Software GmbH)
O4 - HKLM..\Run: [SonyPowerCfg] C:\Programme\Sony\VAIO Power Management\SPMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Switcher.exe] C:\Programme\Sony\Wireless Switch Setting Utility\Switcher.exe (Sony Corporation)
O4 - HKLM..\Run: [Ulead AutoDetector v2] C:\Programme\Gemeinsame Dateien\Ulead Systems\AutoDetector\Monitor.exe (Ulead Systems, Inc.)
O4 - HKLM..\Run: [VAIO Update 5] C:\Programme\Sony\VAIO Update 5\VAIOUpdt.exe (Sony Corporation)
O4 - HKLM..\Run: [VAIOCameraUtility] C:\Programme\Sony\VAIO Camera Utility\VCUServe.exe (Sony Corporation)
O4 - HKU\S-1-5-21-2067509887-573568312-3817669188-1006..\Run: [Software Informer] C:\Programme\Software Informer\softinfo.exe (Informer Technologies, Inc.)
O4 - HKU\S-1-5-21-2067509887-573568312-3817669188-1006..\Run: [Ubuntu One] C:\Programme\ubuntuone\dist\ubuntuone-syncdaemon.exe ()
O4 - HKU\S-1-5-21-2067509887-573568312-3817669188-1006..\Run: [Ubuntu One Icon] C:\Programme\ubuntuone\dist\ubuntuone-control-panel-qt.exe ()
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Bluetooth Manager.lnk = C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe ()
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Box Sync.lnk = C:\Programme\Box Sync\BoxSync.exe (Box, Inc.)
O4 - Startup: C:\Dokumente und Einstellungen\Wolfgang\Startmenü\Programme\Autostart\Hardcopy.LNK = G:\hardcopy\hardcopy.exe (sw4you, Siegfried Weckmann)
O4 - Startup: C:\Dokumente und Einstellungen\Wolfgang\Startmenü\Programme\Autostart\Twonky 7.1.lnk = C:\Programme\Twonky\TwonkyServer\twonkytray.exe (PacketVideo)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2067509887-573568312-3817669188-1006\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2067509887-573568312-3817669188-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-2067509887-573568312-3817669188-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-2067509887-573568312-3817669188-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &Google-Suche - C:\Programme\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: &Ins Deutsche übersetzen - C:\Programme\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Ähnliche Seiten - C:\Programme\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Im Cache gespeicherte Seite - C:\Programme\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Verweisseiten - C:\Programme\Google\GoogleToolbar1.dll (Google Inc.)
O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_05\bin\NPJPI150_05.dll (Sun Microsystems, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - G:\Eigene Programme\F-Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - G:\Eigene Programme\F-Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - G:\Eigene Programme\F-Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - G:\Eigene Programme\F-Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O15 - HKU\.DEFAULT\..Trusted Domains: sony-europe.com ([] in Lokales Intranet)
O15 - HKU\.DEFAULT\..Trusted Domains: sony-europe.com ([]* in Vertrauenswürdige Sites)
O15 - HKU\.DEFAULT\..Trusted Domains: sonystyle-europe.com ([] in Lokales Intranet)
O15 - HKU\.DEFAULT\..Trusted Domains: sonystyle-europe.com ([]* in Vertrauenswürdige Sites)
O15 - HKU\.DEFAULT\..Trusted Domains: vaio-link.com ([] in Lokales Intranet)
O15 - HKU\.DEFAULT\..Trusted Domains: vaio-link.com ([]* in Vertrauenswürdige Sites)
O15 - HKU\S-1-5-18\..Trusted Domains: sony-europe.com ([] in Lokales Intranet)
O15 - HKU\S-1-5-18\..Trusted Domains: sony-europe.com ([]* in Vertrauenswürdige Sites)
O15 - HKU\S-1-5-18\..Trusted Domains: sonystyle-europe.com ([] in Lokales Intranet)
O15 - HKU\S-1-5-18\..Trusted Domains: sonystyle-europe.com ([]* in Vertrauenswürdige Sites)
O15 - HKU\S-1-5-18\..Trusted Domains: vaio-link.com ([] in Lokales Intranet)
O15 - HKU\S-1-5-18\..Trusted Domains: vaio-link.com ([]* in Vertrauenswürdige Sites)
O15 - HKU\S-1-5-21-2067509887-573568312-3817669188-1006\..Trusted Domains: sony-europe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-2067509887-573568312-3817669188-1006\..Trusted Domains: sonystyle-europe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-2067509887-573568312-3817669188-1006\..Trusted Domains: vaio-link.com ([]* in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab (Java Plug-in 1.5.0_05)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D736588D-959B-4DE4-8835-3D3DDD703445}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\VESWinlogon: DllName - (VESWinlogon.dll) - C:\WINDOWS\System32\VESWinlogon.dll (Sony Corporation)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\WINDOWS\VAIO Sea Wallpaper TrueColor 1280x800.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\VAIO Sea Wallpaper TrueColor 1280x800.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005.12.12 17:40:12 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - F:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.01.10 19:53:32 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2013.01.10 01:04:17 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\mbar-1.01.0.1011
[2013.01.09 21:40:45 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Wolfgang\Anwendungsdaten\Opera
[2013.01.09 21:31:25 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Wolfgang\Lokale Einstellungen\Anwendungsdaten\PCHealth
[2013.01.08 22:49:57 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2013.01.08 22:46:23 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2013.01.08 22:46:23 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2013.01.08 22:46:22 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2013.01.08 22:46:22 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2013.01.08 22:45:53 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.01.08 22:45:50 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\Wolfgang\Startmenü\Programme\Verwaltung
[2013.01.08 22:45:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
[2013.01.08 22:41:04 | 005,019,950 | R--- | C] (Swearware) -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\ComboFix.exe
[2013.01.06 17:50:24 | 002,213,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\tdsskiller.exe
[2013.01.06 17:02:38 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\aswMBR.exe
[2013.01.06 00:57:18 | 002,841,344 | ---- | C] (ESET) -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\SysInspector.exe
[2013.01.04 18:58:43 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\OTL.exe
[2013.01.03 21:53:20 | 000,000,000 | ---D | C] -- C:\Programme\ESET
[2013.01.03 00:30:55 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Wolfgang\Anwendungsdaten\Malwarebytes
[2013.01.03 00:30:32 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware
[2013.01.03 00:30:29 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
[2013.01.03 00:30:25 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2013.01.03 00:30:25 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2013.01.02 22:16:19 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Wolfgang\Anwendungsdaten\F-Secure
[2012.12.22 19:33:58 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Wolfgang\Startmenü\Programme\The GodFather
[2012.12.22 01:54:27 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Wolfgang\Pictures - GT-P5100
[2012.12.22 00:34:45 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Wolfgang\Ubuntu One
[2012.12.22 00:34:43 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Wolfgang\Lokale Einstellungen\Anwendungsdaten\ubuntuone
[2012.12.22 00:34:31 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Wolfgang\Lokale Einstellungen\Anwendungsdaten\xdg
[2012.12.22 00:34:31 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ubuntuone-storageprotocol
[2012.12.22 00:34:31 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ubuntuone
[2012.12.22 00:34:22 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Ubuntu One
[2012.12.22 00:34:10 | 000,000,000 | ---D | C] -- C:\Programme\ubuntuone
[2012.12.21 20:51:21 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Box Sync
[2012.12.21 01:26:56 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen\Wolfgang\IECompatCache
[2012.12.20 23:59:17 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Wolfgang\Lokale Einstellungen\Anwendungsdaten\IsolatedStorage
[2012.12.20 23:57:37 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Western Digital
[2012.12.20 23:37:20 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\WD Link
[2012.12.20 21:16:52 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Wolfgang\Anwendungsdaten\TwonkyServer
[2012.12.20 21:15:50 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\twonkyserver
[2012.12.20 21:15:45 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Wolfgang\Startmenü\Programme\Twonky 7.1
[2012.12.20 21:15:32 | 000,000,000 | ---D | C] -- C:\Programme\Twonky
[2012.12.20 20:39:37 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Wolfgang\Anwendungsdaten\MioNetApplet
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.01.16 13:38:15 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013.01.16 13:08:00 | 000,041,156 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2013.01.16 13:07:39 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013.01.16 13:07:37 | 2145,570,816 | -HS- | M] () -- C:\hiberfil.sys
[2013.01.15 17:20:34 | 000,554,087 | ---- | M] () -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\adwcleaner.exe
[2013.01.10 01:02:20 | 013,485,902 | ---- | M] () -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\mbar-1.01.0.1011.zip
[2013.01.09 22:39:06 | 000,697,864 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2013.01.09 22:39:06 | 000,074,248 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2013.01.09 21:56:43 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2013.01.09 01:20:56 | 000,532,878 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2013.01.09 01:20:56 | 000,506,794 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013.01.09 01:20:56 | 000,108,784 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2013.01.09 01:20:56 | 000,090,702 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013.01.09 01:14:02 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2013.01.08 22:50:01 | 000,000,498 | RHS- | M] () -- C:\boot.ini
[2013.01.08 22:40:54 | 005,019,950 | R--- | M] (Swearware) -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\ComboFix.exe
[2013.01.07 23:24:51 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013.01.06 17:50:28 | 002,213,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\tdsskiller.exe
[2013.01.06 17:32:30 | 000,000,512 | ---- | M] () -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\MBR.dat
[2013.01.06 17:03:30 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\aswMBR.exe
[2013.01.06 06:33:34 | 006,009,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
[2013.01.06 00:57:24 | 002,841,344 | ---- | M] (ESET) -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\SysInspector.exe
[2013.01.05 23:17:40 | 000,000,315 | ---- | M] () -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\F-Secure Health Check.url
[2013.01.04 18:49:59 | 000,000,000 | ---- | M] () -- C:\Dokumente und Einstellungen\Wolfgang\defogger_reenable
[2013.01.04 18:41:40 | 000,050,477 | ---- | M] () -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\Defogger.exe
[2013.01.04 18:08:40 | 000,381,632 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013.01.03 16:25:54 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\OTL.exe
[2013.01.03 00:30:32 | 000,000,763 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012.12.22 23:57:40 | 000,000,000 | ---- | M] () -- C:\1.htm
[2012.12.22 23:39:23 | 000,007,026 | ---- | M] () -- C:\WINDOWS\cdplayer.ini
[2012.12.22 19:40:20 | 000,000,609 | ---- | M] () -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\TheGodFather.lnk
[2012.12.22 00:34:23 | 000,001,743 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Ubuntu One.lnk
[2012.12.21 20:52:03 | 000,001,333 | ---- | M] () -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\My Box Files.lnk
[2012.12.21 20:51:21 | 000,001,616 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Box Sync.lnk
[2012.12.20 23:57:37 | 000,001,807 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\My Net View.lnk
[2012.12.20 23:37:20 | 000,001,001 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\WD Link.lnk
[2012.12.20 21:16:10 | 000,000,804 | ---- | M] () -- C:\Dokumente und Einstellungen\Wolfgang\Startmenü\Programme\Autostart\Twonky 7.1.lnk
[2012.12.20 21:15:52 | 000,000,792 | ---- | M] () -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\Twonky 7.1.lnk
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.01.15 17:20:35 | 000,554,087 | ---- | C] () -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\adwcleaner.exe
[2013.01.10 01:01:49 | 013,485,902 | ---- | C] () -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\mbar-1.01.0.1011.zip
[2013.01.08 22:49:59 | 000,262,448 | RHS- | C] () -- C:\cmldr
[2013.01.08 22:46:23 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2013.01.08 22:46:23 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2013.01.08 22:46:23 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2013.01.08 22:46:22 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2013.01.08 22:46:22 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2013.01.06 17:32:30 | 000,000,512 | ---- | C] () -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\MBR.dat
[2013.01.05 23:17:40 | 000,000,315 | ---- | C] () -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\F-Secure Health Check.url
[2013.01.04 18:49:59 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\Wolfgang\defogger_reenable
[2013.01.04 18:41:44 | 000,050,477 | ---- | C] () -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\Defogger.exe
[2013.01.03 00:30:32 | 000,000,763 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012.12.22 23:57:05 | 000,000,000 | ---- | C] () -- C:\1.htm
[2012.12.22 19:40:20 | 000,000,609 | ---- | C] () -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\TheGodFather.lnk
[2012.12.22 00:34:23 | 000,001,743 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Ubuntu One.lnk
[2012.12.21 20:51:21 | 000,001,616 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Box Sync.lnk
[2012.12.20 23:57:37 | 000,001,807 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\My Net View.lnk
[2012.12.20 23:37:20 | 000,001,001 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\WD Link.lnk
[2012.12.20 21:16:10 | 000,000,804 | ---- | C] () -- C:\Dokumente und Einstellungen\Wolfgang\Startmenü\Programme\Autostart\Twonky 7.1.lnk
[2012.12.20 21:15:52 | 000,000,792 | ---- | C] () -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\Twonky 7.1.lnk
[2012.11.07 22:23:10 | 000,003,396 | ---- | C] () -- C:\Dokumente und Einstellungen\Wolfgang\Lokale Einstellungen\Anwendungsdaten\recently-used.xbel
[2012.10.10 21:11:33 | 000,001,158 | ---- | C] () -- C:\Dokumente und Einstellungen\Wolfgang\Anwendungsdaten\ShiftN.ini
[2012.10.01 23:04:30 | 000,345,366 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\WPFFontCache_v0400-S-1-5-21-2067509887-573568312-3817669188-1007-0.dat
[2012.07.23 22:16:08 | 013,476,602 | ---- | C] () -- C:\Dokumente und Einstellungen\Wolfgang\ZDFneo-Der_Adler_-_Codename__Sisyphus-120705_adler_sisyphus_neo.asx.asf
[2012.07.22 20:14:51 | 000,000,030 | ---- | C] () -- C:\WINDOWS\Iedit_.INI
[2012.07.22 19:51:26 | 000,120,200 | ---- | C] () -- C:\WINDOWS\System32\DLLDEV32i.dll
[2012.07.22 19:46:39 | 000,007,119 | ---- | C] () -- C:\WINDOWS\mgxoschk.ini
[2012.06.28 15:06:13 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012.06.28 01:39:10 | 000,891,902 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\WPFFontCache_v0400-S-1-5-21-2067509887-573568312-3817669188-1006-0.dat
[2012.06.28 01:39:08 | 000,345,366 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\WPFFontCache_v0400-System.dat
[2012.06.26 21:04:22 | 000,007,026 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2012.06.26 20:09:31 | 000,044,240 | ---- | C] () -- C:\WINDOWS\System32\drivers\fsbts.sys
[2012.06.10 20:11:28 | 000,000,166 | ---- | C] () -- C:\Dokumente und Einstellungen\Wolfgang\Anwendungsdaten\wklnhst.dat
[2012.06.10 16:58:38 | 000,004,608 | ---- | C] () -- C:\Dokumente und Einstellungen\Wolfgang\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.06.10 16:36:14 | 000,000,272 | ---- | C] () -- C:\Dokumente und Einstellungen\Wolfgang\Anwendungsdaten\.backup.dm
[2012.06.09 21:25:28 | 000,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2012.06.09 21:16:26 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\Cpuinf32.dll
[2012.06.09 21:12:07 | 000,000,059 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2012.06.09 21:05:27 | 000,000,146 | ---- | C] () -- C:\Dokumente und Einstellungen\Wolfgang\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
 
========== ZeroAccess Check ==========
 
[2005.12.12 17:36:51 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2012.04.20 20:29:44 | 001,510,400 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.02.09 11:51:44 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008.04.14 03:22:32 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >
Code:
OTL Extras logfile created on: 16.01.2013 13:31:37 - Run 5
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Dokumente und Einstellungen\Wolfgang\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,10 Gb Available Physical Memory | 55,19% Memory free
3,85 Gb Paging File | 2,96 Gb Available in Paging File | 76,85% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 48,83 Gb Total Space | 25,39 Gb Free Space | 51,99% Space Free | Partition Type: NTFS
Drive D: | 140,58 Gb Total Space | 125,15 Gb Free Space | 89,03% Space Free | Partition Type: FAT32
Drive F: | 48,83 Gb Total Space | 35,30 Gb Free Space | 72,30% Space Free | Partition Type: NTFS
Drive G: | 75,89 Gb Total Space | 68,83 Gb Free Space | 90,70% Space Free | Partition Type: NTFS
Drive J: | 50,27 Gb Total Space | 50,26 Gb Free Space | 100,00% Space Free | Partition Type: FAT32
Drive N: | 465,73 Gb Total Space | 115,08 Gb Free Space | 24,71% Space Free | Partition Type: NTFS
 
Computer Name: LAPTOP-PC | User Name: Wolfgang | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
 
[HKEY_USERS\S-1-5-21-2067509887-573568312-3817669188-1006\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- g:\programme\mozilla firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "G:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [CEWE FOTOSCHAU] -- "G:\Programme\CEWE COLOR\Mein CEWE FOTOBUCH\CEWE FOTOSCHAU.exe" -d "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Mein CEWE FOTOBUCH] -- "G:\Programme\CEWE COLOR\Mein CEWE FOTOBUCH\Mein CEWE FOTOBUCH.exe" "%1" ()
Directory [PlayWithVLC] -- "G:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Programme\Adobe\Photoshop Elements 4.0\AdobePhotoshopElementsMediaServer.exe" = C:\Programme\Adobe\Photoshop Elements 4.0\AdobePhotoshopElementsMediaServer.exe:*:Disabled:Adobe Photoshop Elements Media Server -- ()
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Programme\Twonky\TwonkyServer\twonkystarter.exe" = C:\Programme\Twonky\TwonkyServer\twonkystarter.exe:*:Enabled:TwonkyServer -- (PacketVideo)
"C:\Programme\Twonky\TwonkyServer\twonkyserver.exe" = C:\Programme\Twonky\TwonkyServer\twonkyserver.exe:*:Enabled:TwonkyServer -- ()
"C:\Programme\ubuntuone\dist\ubuntuone-syncdaemon.exe" = C:\Programme\ubuntuone\dist\ubuntuone-syncdaemon.exe:*:Enabled:Ubuntu One -- ()
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00F8608F-BA6A-4B32-843A-1A568ACD1198}" = VAIO Sea Wallpaper
"{013E1BA8-C815-4E27-BCB9-D6B1B2E24094}" = SonicStage Mastering Studio Audio Filter Custom Preset
"{01E9B2FF-DAF4-4529-9CC9-2101625517C7}" = nero.prerequisites.msi
"{01FDC9FC-4D4F-4DB0-ACD1-D3E8E1D52902}" = Sony MP4 Shared Library
"{034DCAF9-96E7-4936-9A07-712F80B5181E}" = Nero RescueAgent 11
"{0673654C-5296-453B-9798-B61CD7E03FEB}" = SES Driver
"{0713D1F9-DD77-42C1-8C7D-54D479E2E743}" = Nero SoundTrax 11
"{075473F5-846A-448B-BCB3-104AA1760205}" = Roxio DigitalMedia Data
"{0D7A4289-99CF-4B8D-B812-86BE50A54552}" = Nero Video 11
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{11C98E1A-EC91-4B38-B44C-C562292D8453}" = Adobe Premiere Elements 2.0
"{11D3EF85-63E1-4AE4-A7C1-9241BDB16B51}" = Nero ControlCenter 11
"{1417F599-1DBD-4499-9375-B2813E9F890C}" = VAIO Camera Utility
"{14DC0059-00F1-4F62-BD1A-AB23CD51A95E}" = Adobe AIR
"{15803703-25FA-4C01-A062-3F4A59937E87}" = Ulead PhotoImpact X3
"{1BEF9285-5530-426B-A5F1-5836B95C7EB1}" = VAIO Original Screen Saver
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2063C2E8-3812-4BBD-9998-6610F80C1DD4}" = VAIO Media AC3 Decoder 1.0
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 9
"{27337663-2619-11D4-99DC-0000F49094C7}" = Memory Stick Formatter
"{28C70D19-6DE9-43EF-BFA3-342F4A11B727}" = LibreOffice 3.5
"{2A0F3EF9-68EE-49E9-A05B-ED5B82DF63E5}" = Wireless Switch Setting Utility
"{2AEDC172-479F-47AE-8A48-A0524D4AED5B}_is1" = Inpaint 4.7
"{2CA7225D-CB12-462A-9DD1-50319E158BA5}" = Nero 11 PiP Effects Basic
"{3248F0A8-6813-11D6-A77B-00B0D0150050}" = J2SE Runtime Environment 5.0 Update 5
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{390757AA-8830-43DC-AEE0-4E5B6F8439EB}" = Nero SoundTrax 11 Help (CHM)
"{3966711E-1F98-4C9F-AE0B-6AD28137FE64}" = Multiple Image Resizer .NET 4
"{3B418709-D688-4E3A-BE0E-7D71FA84C948}" = Nero 11 PiP Effects 1
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4382FC76-8100-4951-8658-31834E625E88}" = Nero 11 Video Transitions 1
"{498A4E3D-562E-4129-8722-6DCAB12384AE}" = Windows Communication Foundation Language Pack - DEU
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{529125EF-E3AC-4B74-97E6-F688A7C0F1BF}" = Paint.NET v3.5.10
"{53F7746A-96AA-49A5-86B8-59989680DAC5}" = Nero Burning ROM 11 Help (CHM)
"{55C2143E-FBA5-442F-9AFA-726FF068F39D}" = Nero CoverDesigner 11 Help (CHM)
"{560F6B2E-F0DF-44E5-8190-A4A161F0E205}" = VAIO Media 5.0
"{57F80ECF-E27C-4EEE-AB58-E971BACE2639}" = Nero Recode 11 Help (CHM)
"{5855C127-1F20-404D-B7FB-1FD84D7EAB5E}" = VAIO Media Redistribution 5.0
"{59452470-A902-477F-9338-9B88101681BD}" = Setting Utility Series
"{5958CAC6-373E-402F-84FE-0A699AA920B9}" = LAN Setting Utility
"{5A212B2D-140D-46F4-B625-2D1CA5A00594}" = Nero 11 Kwik Themes Basic
"{5BEE8F1F-BD32-4553-8107-500439E43BD7}" = VAIO Update
"{5E940FC7-90C4-8583-3DCB-A2C86224B726}" = Shrink O’Matic
"{5E98FDD6-3672-4DBE-AB8B-2C9A0BED1382}" = Nero 11 Disc Menus 3
"{60356853-8141-8377-6786-288431479053}" = Jewel Empire-Hidden Secrets
"{61D6E4FB-1A62-4EB1-BE56-929B00C155CF}" = Wireless LAN Starter
"{63B8FB69-A1B6-425D-B67D-5257B7A1F663}" = Image Converter 2 Plus
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{668B1BD6-4593-4959-970E-249AFFE6F35C}" = VOR
"{685BCC47-B8EC-45EC-BBCE-77DF2451502C}" = DVgate Plus
"{6AB2427E-A18F-4809-9A12-29F5EBABBB3A}" = Nero BackItUp 11 Help (CHM)
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6B1F20F2-6321-4669-A58C-33DF8E7517FF}" = VAIO Entertainment Platform
"{7228FD8C-3B9E-4204-AE36-8A466107685B}" = Windows Workflow Foundation DE Language Pack
"{785EB1D4-ECEC-4195-99B4-73C47E187721}" = VAIO Media Integrated Server 5.0
"{7DF2B5EE-2C16-4E86-9C71-8678068AD805}" = Nero 11 Disc Menus 2
"{7F9C9908-69E3-4474-A081-256F27995A18}" = My Net View
"{8014FACB-1D1D-48C2-94AA-E29EE2E6B9CE}" = Nero WaveEditor 11
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 4.9.0
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8937FCB2-2FC6-4FC3-9FB5-DE2C92DB9C38}" = Microsoft .NET Framework 2.0 Language Pack - DEU
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8EDBA74D-0686-4C99-BFDD-F894678E5102}" = Adobe Common File Installer
"{8FFC924C-ED06-44CB-8867-3CA778ECE903}" = Adobe Help Center 2.0
"{9080C5D2-82FA-452A-87FA-CBB4B05D67A5}" = VPS
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD for VAIO
"{9193490D-5229-4FC4-9BB9-A6D63C09574A}" = High-Definition Video Playback
"{92DF2F1B-F63C-4D9A-B3E1-B2D11AE29790}" = Windows Presentation Foundation Language Pack (DEU)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9CC89556-3578-48DD-8408-04E66EBEF401}" = mXML
"{9E319E96-ED8E-4B01-9775-C521A1869A25}" = VAIO Power Management
"{9E407618-D9CD-4F39-9490-9ED45294073D}" = Click to DVD 2.0.03 Menu Data
"{9FC86590-AC98-4845-80D4-3EB37B51947B}" = Nero 11
"{A0EB195B-5876-48E6-879D-33D4B2102610}" = SonicStage 3.3
"{A0F34849-D9AB-46DD-B1BE-BB0DB60B1FE8}" = Nero 11 Disc Menus 1
"{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}" = mDriver
"{A2CDC001-F8B3-4C64-9E74-2E3FA0FAC9D9}" = Nero 11 Video Samples
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A3810BEE-967B-41DC-9662-F941A3F7D689}" = calibre
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A4F6BE36-4826-45BA-A396-04F265A3B61D}" = Nero 11 Kwik Themes 2
"{A7A0BF2E-31CC-49E3-9913-52C503EB969D}" = Nero Audio Pack 1
"{AB2BBC64-8AC8-4E66-BBF3-E22D5EACEECA}" = Nero BackItUp 11
"{AB467B85-4F52-48C2-AEED-0673D00417B0}" = SonicStage Mastering Studio Audio Filter
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Roxio DigitalMedia Audio
"{ABBD2A2E-2424-4078-966F-F319A88D5F21}" = VAIO Starfish Wallpaper
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.5) - Deutsch
"{ACD6B383-EC5B-4000-A455-CCB308B447FE}" = Nero 11 Kwik Themes 4
"{AF9A04EB-7D8E-41DE-9EDE-4AB9BB2B71B6}" = VAIO Media Registration Tool 5.0
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Roxio DigitalMedia Copy
"{B160A672-F326-4414-9BB0-A056C61B357C}" = Nero 11 Cliparts
"{B1846721-A8E6-46C7-83B6-0DCF7ADB4267}" = Nero Burning ROM 11
"{B1F69AF3-B5B5-4CA5-ADC5-8A738EB6E574}" = Nero 11 Kwik Themes 1
"{B26E3B0D-C2FA-4370-B068-7C476766F029}" = Microsoft Works
"{B3F1E526-180B-4480-9FEC-3E2DCB8EA9CE}" = F-Secure PSC Prerequisites
"{B7C03E84-AF46-42F4-809D-D4127D9086D0}" = VAIO Edit Components 6.0
"{B9B1BA7F-7E07-49DD-A713-5B397A5BB66B}" = Nero Kwik Media Help (CHM)
"{BA499CC0-12C0-4BA5-9007-76844B721158}" = Nero 11 Kwik Themes 3
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BE56FEF0-1A0F-4719-B3AD-34B5087AFA6D}" = Sony Video Shared Library
"{BE814218-3919-4EA3-868A-2F60BC135CB4}" = Nero Kwik Media
"{BEBEE34D-84A2-4EDD-8BEA-96CC54371263}" = Nero Core Components 11
"{BF3B304B-8A18-452D-A19F-6012CA8418D7}" = SonicStage Mastering Studio 2.1
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C27BF761-C499-488D-A964-A3718BC6EC3E}" = DSD Direct
"{C89EB8CD-675F-44F4-9729-4C9A8FAC2D4F}" = DSD Playback Plug-In 1.0
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCE210DF-7EEF-4A76-A63C-3EB091FDB992}" = welcome
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE518445-0054-44F8-8315-2AD45BF3701E}" = Raw Therapee V4.0.9.50 x86
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{D010EBB6-6CDB-4360-90ED-743156F3E11F}" = LibreOffice 3.5 Help Pack (German)
"{D01CE99A-8802-483C-A79F-298B691EB432}" = Nero RescueAgent 11 Help (CHM)
"{D2CBEFA4-F2D3-4E97-A171-8BFD6A31A5EC}" = Nero Express 11 Help (CHM)
"{D2D23D08-D10E-43D6-883C-78E0B2AC9CC6}" = VU5x86
"{D4D66270-9147-4BDF-9946-FCA2B303AA8F}" = Nero ControlCenter 11 Help (CHM)
"{E09B48B5-E141-427A-AB0C-D3605127224A}" = Microsoft SQL Server Desktop Engine (VAIO_VEDB)
"{E10AAE4A-98B8-420A-BD93-E0520C23D624}" = Nero Express 11
"{E4715C25-7114-4F40-A915-C1951D4D7520}" = VAIO Update Merge Module x86
"{E51BC4B0-EA5E-49CC-AF3B-93B5C627EC22}" = Nero 11 Effects Basic
"{E5E6E687-1031-0000-0000-000000000002}" = Adobe Acrobat  7.0 Elements - Deutsch
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{E809063C-51A3-4269-8984-D1EB742F2151}" = Click to DVD 2.5.00
"{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore
"{EB8DED20-A887-4A9C-BB5A-F3E7523DFB44}" = Nero WaveEditor 11 Help (CHM)
"{EBB7C1C1-D439-4D9B-9FDC-954C10F266B0}" = Adobe Photoshop Elements 4.0
"{EE7EB179-5AA2-4B28-AC92-5CBAAF82BA7F}" = SonicStage Mastering Studio Plugins
"{EF3D45BB-2260-4008-88EA-492E7744A9DF}" = Sony Utilities DLL
"{F0AC2E59-2AD8-4D4C-8677-4EFE8F8AFC37}" = Box Sync
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0D85ADD-DD61-4B43-87A0-6DA52A211A8B}" = VAIO Event Service
"{F2A7F421-1679-48D5-B918-96999014ED53}" = Microsoft .NET Framework 3.0 German Language Pack
"{F3743A2C-5D5F-4456-8F98-5DF36A954C50}" = Nero 11 Image Samples
"{F49EF443-B2BD-4F10-8A46-87AFCDB90EDD}" = Nero 11 Disc Menus Basic
"{F5E4C38C-73BC-4D44-8BFC-969C2B4DABCA}" = OpenMG Secure Module 4.3.00
"{F69FB940-5031-4FE8-AFAD-085802D0BF63}" = Nero Recode 11
"{F8EF9B71-53E7-41F5-8E54-47B4C979CB38}" = Nero Backup Drivers
"{FAC3C37E-EDAB-4F3A-A173-A7C70CC88F09}" = Nero Video 11 Help (CHM)
"{FB714F13-10C9-48DB-91C9-DDBCCCBF9370}" = VAIO Original Screen Saver VAIO Cozy Screen SD Wide Contents
"{FC37C108-821D-4EDE-8F40-D5B497586805}" = VAIO Control Center
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"{FF44BCE5-5A18-4051-85F0-BC172D7B4695}" = Nero CoverDesigner 11
"7-Zip" = 7-Zip 9.20
"Adobe Acrobat  7.0 Elements - Deutsch" = Adobe Acrobat  7.0 Elements - Deutsch
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop Elements 4" = Adobe Photoshop Elements 4.0
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.17
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_20030003" = HDAUDIO SoftV92 Data Fax Modem with SmartCP
"Digital Editions" = Adobe Digital Editions
"ESET Online Scanner" = ESET Online Scanner v3
"Exact Audio Copy" = Exact Audio Copy 1.0beta3
"Exif-Viewer" = Exif-Viewer 2.51
"FastStone Photo Resizer" = FastStone Photo Resizer 3.1
"F-Secure Product 444" = F-Secure Internet Security 2009
"GIMP-2_is1" = GIMP 2.8.0
"Hardcopy(G__hardcopy)" = Hardcopy (G:\hardcopy)
"HxD Hex Editor_is1" = HxD Hex Editor Version 1.7.7.0
"ie8" = Windows Internet Explorer 8
"Inkscape" = Inkscape 0.48.2
"InstallShield_{15803703-25FA-4C01-A062-3F4A59937E87}" = Ulead PhotoImpact X3
"InstallShield_{668B1BD6-4593-4959-970E-249AFFE6F35C}" = VAIO-Online-Registrierung (Deutsch)
"InstallShield_{9080C5D2-82FA-452A-87FA-CBB4B05D67A5}" = VAIO Product Survey
"InstallShield_{F5E4C38C-73BC-4D44-8BFC-969C2B4DABCA}" = OpenMG Secure Module 4.3.00
"MAGIX Xtreme Druck Center D" = MAGIX Xtreme Druck Center 5.0.0.7399 (D)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"Mein CEWE FOTOBUCH" = Mein CEWE FOTOBUCH
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 2.0 Language Pack - DEU" = Microsoft .NET Framework 2.0 Language Pack - DEU
"Microsoft .NET Framework 3.0 German Language Pack" = Microsoft .NET Framework 3.0 German Language Pack
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"MouseSuite98" = Sony USB Mouse
"Mozilla Firefox 18.0 (x86 de)" = Mozilla Firefox 18.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MP4 To MP3 Converter_is1" = MP4 To MP3 Converter V3.0.4
"Multiple Image Resizer .NET 4" = Multiple Image Resizer .NET 4
"My Club VAIO Media Center Edition_is1" = My Club VAIO MCE (German) 1.0.1
"net.tw.air.ShrinkOMatic.7C34F9BA9FAD6689FAABBE85F1F5B46BA5A32DE5.1" = Shrink O’Matic
"Notepad++" = Notepad++
"NVIDIA Drivers" = NVIDIA Drivers
"OpenMG HotFix4.3-05-09-14-01" = OpenMG Limited Patch 4.3-05-10-05-01
"PremElem20" = Adobe Premiere Elements 2.0
"ProInst" = Intel(R) PROSet/Wireless Software
"PROSet" = Intel(R) PRO Network Connections Drivers
"ShiftN_is1" = ShiftN 3.6.1
"Software Informer_is1" = Software Informer 1.1
"STRATO HiDrive" = STRATO HiDrive (remove only)
"The GodFather" = The GodFather
"Ubuntu One 4.0.0" = Ubuntu One
"UnderCoverXP_is1" = UnderCoverXP 1.23
"VLC media player" = VLC media player 2.0.4
"WD Link" = WD Link
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows XP Service Pack" = Windows XP Service Pack 3
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-2067509887-573568312-3817669188-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"TwonkyServer" = Twonky 7
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 21.07.2012 16:55:28 | Computer Name = LAPTOP-PC | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung firefox.exe, Version 13.0.1.4548, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
Error - 21.07.2012 18:22:07 | Computer Name = LAPTOP-PC | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung firefox.exe, Version 13.0.1.4548, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
Error - 21.07.2012 18:27:20 | Computer Name = LAPTOP-PC | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung firefox.exe, Version 13.0.1.4548, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
Error - 23.07.2012 14:08:02 | Computer Name = LAPTOP-PC | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung FlashPlayerUpdateService.exe, Version 11.3.300.265,
 fehlgeschlagenes Modul ntdll.dll, Version 5.1.2600.6055, Fehleradresse 0x000113c0.
 
Error - 31.07.2012 16:08:18 | Computer Name = LAPTOP-PC | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung FlashPlayerUpdateService.exe, Version 11.3.300.268,
 fehlgeschlagenes Modul ntdll.dll, Version 5.1.2600.6055, Fehleradresse 0x000113c0.
 
[ System Events ]
Error - 16.01.2013 07:57:17 | Computer Name = LAPTOP-PC | Source = DCOM | ID = 10010
Description = Der Server "{4B635ECB-0887-4015-8CA6-D621362F98D1}" konnte innerhalb
 des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
 
Error - 16.01.2013 07:58:53 | Computer Name = LAPTOP-PC | Source = DCOM | ID = 10010
Description = Der Server "{4B635ECB-0887-4015-8CA6-D621362F98D1}" konnte innerhalb
 des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
 
Error - 16.01.2013 08:00:23 | Computer Name = LAPTOP-PC | Source = DCOM | ID = 10010
Description = Der Server "{4B635ECB-0887-4015-8CA6-D621362F98D1}" konnte innerhalb
 des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
 
Error - 16.01.2013 08:01:53 | Computer Name = LAPTOP-PC | Source = DCOM | ID = 10010
Description = Der Server "{4B635ECB-0887-4015-8CA6-D621362F98D1}" konnte innerhalb
 des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
 
Error - 16.01.2013 08:03:23 | Computer Name = LAPTOP-PC | Source = DCOM | ID = 10010
Description = Der Server "{4B635ECB-0887-4015-8CA6-D621362F98D1}" konnte innerhalb
 des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
 
Error - 16.01.2013 08:09:02 | Computer Name = LAPTOP-PC | Source = DCOM | ID = 10010
Description = Der Server "{4B635ECB-0887-4015-8CA6-D621362F98D1}" konnte innerhalb
 des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
 
Error - 16.01.2013 08:10:32 | Computer Name = LAPTOP-PC | Source = DCOM | ID = 10010
Description = Der Server "{4B635ECB-0887-4015-8CA6-D621362F98D1}" konnte innerhalb
 des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
 
Error - 16.01.2013 08:12:02 | Computer Name = LAPTOP-PC | Source = DCOM | ID = 10010
Description = Der Server "{4B635ECB-0887-4015-8CA6-D621362F98D1}" konnte innerhalb
 des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
 
Error - 16.01.2013 08:13:32 | Computer Name = LAPTOP-PC | Source = DCOM | ID = 10010
Description = Der Server "{4B635ECB-0887-4015-8CA6-D621362F98D1}" konnte innerhalb
 des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
 
Error - 16.01.2013 08:15:02 | Computer Name = LAPTOP-PC | Source = DCOM | ID = 10010
Description = Der Server "{4B635ECB-0887-4015-8CA6-D621362F98D1}" konnte innerhalb
 des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
 
 
< End of report >

wolfk 16.01.2013 13:51
Hallo Cosinus,

zuerst habe ich alle offenen Programme und Browser geschlossen und
dann mit einem Doppelklick die adwcleaner.exe gestartet.
Nach einem Klick auf "Löschen" und Bestätigung jeweils mit "OK"
startete der Rechner neu und es öffnete sich die beigefügte
Textdatei.

Danach war eine Kontrolle mit OTL durchzuführen mittels
Doppelklick auf die OTL.exe. Vorab war ein Haken bei
"Scanne alle Benutzer" zu setzen, minimaler Output und
unter Extra Registry "Use Safelist" zu wählen. Der Scan
wurde durch Klick auf Run gestartet. Die nach Beendigung
des Scans erstellten 2 Logfiles sind in CODE-Tags in den
Thread zu posten.

Vielen Dank für Deine Bemühungen

wolfk

Logdatei AdwCleaner[Sx].txt

Code:
# AdwCleaner v2.105 - Datei am 16/01/2013 um 13:05:39 erstellt
# Aktualisiert am 08/01/2013 von Xplode
# Betriebssystem : Microsoft Windows XP Service Pack 3 (32 bits)
# Benutzer : Wolfgang - LAPTOP-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Dokumente und Einstellungen\Wolfgang\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****


***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKLM\Software\Description

***** [Internet Browser] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Die Registrierungsdatenbank ist sauber.

*************************

AdwCleaner[R1].txt - [6833 octets] - [04/01/2013 17:52:17]
AdwCleaner[R2].txt - [6172 octets] - [10/01/2013 21:49:37]
AdwCleaner[R3].txt - [946 octets] - [15/01/2013 17:22:16]
AdwCleaner[S2].txt - [6270 octets] - [11/01/2013 00:14:37]
AdwCleaner[S3].txt - [880 octets] - [16/01/2013 13:05:39]

########## EOF - C:\AdwCleaner[S3].txt - [939 octets] ##########
2 Logfiles OTL.exe

Code:
OTL logfile created on: 16.01.2013 13:31:37 - Run 5
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Dokumente und Einstellungen\Wolfgang\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,10 Gb Available Physical Memory | 55,19% Memory free
3,85 Gb Paging File | 2,96 Gb Available in Paging File | 76,85% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 48,83 Gb Total Space | 25,39 Gb Free Space | 51,99% Space Free | Partition Type: NTFS
Drive D: | 140,58 Gb Total Space | 125,15 Gb Free Space | 89,03% Space Free | Partition Type: FAT32
Drive F: | 48,83 Gb Total Space | 35,30 Gb Free Space | 72,30% Space Free | Partition Type: NTFS
Drive G: | 75,89 Gb Total Space | 68,83 Gb Free Space | 90,70% Space Free | Partition Type: NTFS
Drive J: | 50,27 Gb Total Space | 50,26 Gb Free Space | 100,00% Space Free | Partition Type: FAT32
Drive N: | 465,73 Gb Total Space | 115,08 Gb Free Space | 24,71% Space Free | Partition Type: NTFS
 
Computer Name: LAPTOP-PC | User Name: Wolfgang | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - G:\Programme\mozilla firefox\firefox.exe (Mozilla Corporation)
PRC - G:\Eigene Programme\F-Secure\Anti-Virus\fsav32.exe (F-Secure Corporation)
PRC - G:\Eigene Programme\F-Secure\Anti-Virus\fssm32.exe (F-Secure Corporation)
PRC - G:\Eigene Programme\F-Secure\Anti-Virus\fsgk32.exe (F-Secure Corporation)
PRC - C:\Dokumente und Einstellungen\Wolfgang\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Box Sync\BoxSyncHelper.exe (Box, Inc.)
PRC - C:\Programme\Box Sync\BoxSync.exe (Box, Inc.)
PRC - C:\Programme\ubuntuone\dist\ubuntu-sso-login.exe ()
PRC - C:\Programme\ubuntuone\dist\ubuntuone-syncdaemon.exe ()
PRC - C:\Programme\ubuntuone\dist\ubuntuone-proxy-tunnel.exe ()
PRC - C:\Programme\ubuntuone\dist\ubuntuone-control-panel-qt.exe ()
PRC - C:\Programme\Twonky\TwonkyServer\twonkyproxy.exe ()
PRC - C:\Programme\Twonky\TwonkyServer\twonkywebdav.exe ()
PRC - C:\Programme\Twonky\TwonkyServer\twonkytray.exe (PacketVideo)
PRC - C:\Programme\Java\jre7\bin\jqs.exe (Oracle Corporation)
PRC - G:\Programme\PDF24\pdf24.exe (Geek Software GmbH)
PRC - G:\Programme\Notepad++\notepad++.exe (Don HO don.h@free.fr)
PRC - C:\Programme\Gemeinsame Dateien\Java\Java Update\jucheck.exe (Sun Microsystems, Inc.)
PRC - C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
PRC - G:\Eigene Programme\F-Secure\ORSP Client\fsorsp.exe (F-Secure Corporation)
PRC - G:\hardcopy\hardcopy.exe (sw4you, Siegfried Weckmann)
PRC - C:\Programme\Sony\VAIO Update 5\VAIOUpdt.exe (Sony Corporation)
PRC - C:\Programme\Sony\VAIO Update Common\VUAgent.exe (Sony Corporation)
PRC - G:\Programme\STRATO AG\STRATO HiDrive\STRATO HiDrive Service.exe (STRATO)
PRC - C:\Programme\Software Informer\softinfo.exe (Informer Technologies, Inc.)
PRC - C:\Programme\Nero\Update\NASvc.exe (Nero AG)
PRC - G:\Eigene Programme\F-Secure\Common\FSM32.EXE (F-Secure Corporation)
PRC - G:\Eigene Programme\F-Secure\Common\FSMA32.EXE (F-Secure Corporation)
PRC - G:\Eigene Programme\F-Secure\Common\FSHDLL32.EXE (F-Secure Corporation)
PRC - G:\Eigene Programme\F-Secure\FWES\program\fsdfwd.exe (F-Secure Corporation)
PRC - G:\Eigene Programme\F-Secure\Anti-Virus\fsgk32st.exe (F-Secure Corporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Gemeinsame Dateien\Ulead Systems\AutoDetector\Monitor.exe (Ulead Systems, Inc.)
PRC - C:\Programme\Sony\VAIO Camera Utility\VCUServe.exe (Sony Corporation)
PRC - C:\Programme\Sony\VAIO Power Management\SPMgr.exe (Sony Corporation)
PRC - C:\Programme\Sony\Wireless Switch Setting Utility\Switcher.exe (Sony Corporation)
PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.)
PRC - C:\Programme\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe ()
PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe (TOSHIBA CORPORATION.)
PRC - C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe (Sony Corporation)
PRC - C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe (Sony Corporation)
PRC - C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe (Sony Corporation)
PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe (TOSHIBA CORPORATION.)
PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe (TOSHIBA CORPORATION.)
PRC - C:\Programme\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation)
PRC - C:\Programme\Adobe\Acrobat 7.0\Distillr\acrotray.exe (Adobe Systems Inc.)
PRC - C:\Programme\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
PRC - C:\Programme\Apoint\ApntEx.exe (Alps Electric Co., Ltd.)
PRC - C:\Programme\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
PRC - C:\WINDOWS\system32\ico.exe (Primax Electronics Ltd.)
 
 
========== Modules (No Company Name) ==========
 
MOD - G:\Programme\mozilla firefox\mozjs.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\BoxSyncHelper\69a33ca4d86dd204a06bebc087d60b26\BoxSyncHelper.ni.exe ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Newtonsoft.Json.Net#\ad7f1ab6eb4d4760d6a44da93a726174\Newtonsoft.Json.Net20.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Python.Runtime\e504461905e60c71e7b15698bca2b340\Python.Runtime.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Management\1a6f9e23985e3159e6dd9827fd81c2fd\System.Management.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\ZetaLongPaths\79a6c14accd5a637a81f08525630c90e\ZetaLongPaths.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\BoxUtils\8fcb0e3bc42873044d8bb5ba01a4fd68\BoxUtils.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\BoxSync\a3b01b2b9821350be75712b900bf5589\BoxSync.ni.exe ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\5f287bf8e66e3b9bfc5562ad7e3c7857\System.Configuration.Install.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\d8e6b9c70a9456677c5d746fa603013f\System.Web.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\d7a2248a76f0e94d56c92c5bf96f5175\System.Runtime.Remoting.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Transactions\ad737988d5bde126a3b7770eacc51e5b\System.Transactions.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data\8462c03b4f10c4624feb95790d6d1e30\System.Data.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Accessibility\cbee94ec6a0fe649e3b4643cea6e1259\Accessibility.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\4c91371e83d124ecb39664613e7e0417\System.Windows.Forms.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\7782f356a838c403b4a8e9c80df5a577\System.Drawing.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Security\203f25ba39b45027d2d0c8f849a471db\System.Security.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\d8f621506aee1c8eb8fdb948d4640dca\System.Data.SqlXml.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\fe025743210c22bea2f009e1612c38bf\System.Xml.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\96b7a0136e9e72e8f4eb0230c20766d2\System.Configuration.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\aeac298c43c77d8860db8e7634d9f2eb\System.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\eab2340ead8e1a84bdf1a87868659979\mscorlib.ni.dll ()
MOD - C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll ()
MOD - C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll ()
MOD - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.DEU ()
MOD - C:\Programme\ubuntuone\dist\ubuntu-sso-login.exe ()
MOD - C:\Programme\ubuntuone\dist\ubuntuone-syncdaemon.exe ()
MOD - C:\Programme\ubuntuone\dist\ubuntuone-proxy-tunnel.exe ()
MOD - C:\Programme\ubuntuone\dist\ubuntuone-control-panel-qt.exe ()
MOD - C:\Programme\Twonky\TwonkyServer\twonkyproxy.exe ()
MOD - C:\Programme\Twonky\TwonkyServer\twonkywebdav.exe ()
MOD - C:\Programme\ubuntuone\dist\zope.interface._zope_interface_coptimizations.pyd ()
MOD - C:\Programme\ubuntuone\dist\OpenSSL.crypto.pyd ()
MOD - C:\Programme\ubuntuone\dist\OpenSSL.SSL.pyd ()
MOD - C:\Programme\ubuntuone\dist\OpenSSL.rand.pyd ()
MOD - C:\Programme\ubuntuone\dist\Crypto.Cipher.AES.pyd ()
MOD - C:\Programme\ubuntuone\dist\twisted.python._initgroups.pyd ()
MOD - C:\Programme\Box Sync\_ssl.pyd ()
MOD - C:\Programme\Box Sync\unicodedata.pyd ()
MOD - C:\Programme\Box Sync\sqlite3.dll ()
MOD - C:\Programme\Box Sync\_hashlib.pyd ()
MOD - C:\Programme\Box Sync\pyexpat.pyd ()
MOD - C:\Programme\Box Sync\win32file.pyd ()
MOD - C:\Programme\Box Sync\pywintypes27.dll ()
MOD - C:\Programme\Box Sync\win32security.pyd ()
MOD - C:\Programme\Box Sync\win32api.pyd ()
MOD - C:\Programme\Box Sync\_elementtree.pyd ()
MOD - C:\Programme\Box Sync\_ctypes.pyd ()
MOD - C:\Programme\Box Sync\_sqlite3.pyd ()
MOD - C:\Programme\Box Sync\_socket.pyd ()
MOD - C:\Programme\Box Sync\_testcapi.pyd ()
MOD - C:\Programme\Box Sync\_win32sysloader.pyd ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Core\a2b1103ad3d9f329e0c9164994137c81\System.Core.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml\21071fcc838660d96f10920c4c3cd206\System.Xml.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Configuration\363b05dd092178671e56531a9c4999b6\System.Configuration.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System\3ff4657a86a0e14b4be577969e0ec762\System.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\mscorlib\52f4f785f7cf45a64606a8e13c8cf04c\mscorlib.ni.dll ()
MOD - C:\Programme\ubuntuone\dist\PyQt4.QtNetwork.pyd ()
MOD - C:\Programme\ubuntuone\dist\PyQt4.QtGui.pyd ()
MOD - C:\Programme\ubuntuone\dist\PyQt4.QtCore.pyd ()
MOD - C:\Programme\ubuntuone\dist\sip.pyd ()
MOD - G:\Eigene Programme\F-Secure\Anti-Virus\minifilter\hashlib_x86.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - G:\hardcopy\HcDllS.dll ()
MOD - C:\Programme\ubuntuone\dist\_ssl.pyd ()
MOD - C:\Programme\ubuntuone\dist\_hashlib.pyd ()
MOD - C:\Programme\ubuntuone\dist\_ctypes.pyd ()
MOD - C:\Programme\ubuntuone\dist\select.pyd ()
MOD - C:\Programme\ubuntuone\dist\unicodedata.pyd ()
MOD - C:\Programme\ubuntuone\dist\_socket.pyd ()
MOD - G:\hardcopy\HcDLL2_36_Win32.dll ()
MOD - C:\Programme\ubuntuone\dist\win32com.shell.shell.pyd ()
MOD - C:\Programme\ubuntuone\dist\pythoncom27.dll ()
MOD - C:\Programme\ubuntuone\dist\win32gui.pyd ()
MOD - C:\Programme\ubuntuone\dist\win32api.pyd ()
MOD - C:\Programme\ubuntuone\dist\win32trace.pyd ()
MOD - C:\Programme\ubuntuone\dist\win32security.pyd ()
MOD - C:\Programme\ubuntuone\dist\win32process.pyd ()
MOD - C:\Programme\ubuntuone\dist\win32pipe.pyd ()
MOD - C:\Programme\ubuntuone\dist\win32event.pyd ()
MOD - C:\Programme\ubuntuone\dist\win32file.pyd ()
MOD - C:\Programme\ubuntuone\dist\pywintypes27.dll ()
MOD - G:\hardcopy\hardcopy_04.dll ()
MOD - G:\Programme\Notepad++\plugins\NppFTP.dll ()
MOD - G:\Programme\Notepad++\plugins\NppExport.dll ()
MOD - C:\WINDOWS\system32\sbe.dll ()
MOD - G:\Eigene Programme\F-Secure\Spam Control\fsas.dll ()
MOD - \\?\g:\eigene programme\f-secure\hips\fsumi.dll ()
MOD - G:\Eigene Programme\F-Secure\FSGUI\strres.eng ()
MOD - G:\Eigene Programme\F-Secure\FSGUI\gres.dll ()
MOD - G:\Eigene Programme\F-Secure\FSGUI\fsavures.eng ()
MOD - G:\Eigene Programme\F-Secure\FSGUI\flyerres.eng ()
MOD - G:\Eigene Programme\F-Secure\FSGUI\about.dll ()
MOD - G:\Eigene Programme\F-Secure\FSGUI\aboutres.dll ()
MOD - G:\Eigene Programme\F-Secure\Anti-Virus\fsavhres.eng ()
MOD - g:\Eigene Programme\F-Secure\DAAS2\daas2.dll ()
MOD - C:\WINDOWS\system32\msdmo.dll ()
MOD - C:\Programme\Gemeinsame Dateien\Ulead Systems\AutoDetector\DetMethod.dll ()
MOD - C:\WINDOWS\system32\msjetoledb40.dll ()
MOD - C:\Programme\Sony\VAIO Camera Utility\VCULib.dll ()
MOD - C:\Programme\Intel\Wireless\Bin\Libeay32.dll ()
MOD - C:\Programme\Intel\Wireless\Bin\iWMSProv.dll ()
MOD - C:\Programme\Intel\Wireless\Bin\IntStngs.dll ()
MOD - C:\Programme\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe ()
MOD - C:\WINDOWS\system32\TosCommAPI.dll ()
MOD - C:\Programme\Sony\VAIO Event Service\VESBasePS.dll ()
MOD - C:\Programme\Adobe\Acrobat 7.0\Distillr\AdistRes.DEU ()
MOD - C:\WINDOWS\system32\TosBtHcrpAPI.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (HidServ) -- %SystemRoot%\System32\hidserv.dll File not found
SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (TwonkyProxy) -- C:\Programme\Twonky\TwonkyServer\twonkyproxy.exe ()
SRV - (TwonkyWebDav) -- C:\Programme\Twonky\TwonkyServer\twonkywebdav.exe ()
SRV - (JavaQuickStarterService) -- C:\Programme\Java\jre7\bin\jqs.exe (Oracle Corporation)
SRV - (FSORSPClient) -- G:\Eigene Programme\F-Secure\ORSP Client\fsorsp.exe (F-Secure Corporation)
SRV - (VUAgent) -- C:\Programme\Sony\VAIO Update Common\VUAgent.exe (Sony Corporation)
SRV - (STRATO HiDrive Service) -- G:\Programme\STRATO AG\STRATO HiDrive\STRATO HiDrive Service.exe (STRATO)
SRV - (NAUpdate) -- C:\Programme\Nero\Update\NASvc.exe (Nero AG)
SRV - (FSMA) -- G:\Eigene Programme\F-Secure\Common\FSMA32.EXE (F-Secure Corporation)
SRV - (FSDFWD) -- G:\Eigene Programme\F-Secure\FWES\program\fsdfwd.exe (F-Secure Corporation)
SRV - (F-Secure Gatekeeper Handler Starter) -- G:\Eigene Programme\F-Secure\Anti-Virus\fsgk32st.exe (F-Secure Corporation)
SRV - (VAIOMediaPlatform-IntegratedServer-AppServer) -- C:\Programme\Sony\VAIO Media Integrated Server\VMISrv.exe (Sony Corporation)
SRV - (VAIOMediaPlatform-IntegratedServer-UPnP) -- C:\Programme\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe (Sony Corporation)
SRV - (VAIOMediaPlatform-IntegratedServer-HTTP) -- C:\Programme\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe (Sony Corporation)
SRV - (VAIOMediaPlatform-Mobile-Gateway) -- C:\Programme\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe (Sony Corporation)
SRV - (VAIO Entertainment TV Device Arbitration Service) -- C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe (Sony Corporation)
SRV - (SSScsiSV) -- C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\SSScsiSV.exe (Sony Corporation)
SRV - (AdobeActiveFileMonitor4.0) -- C:\Programme\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe ()
SRV - (VzCdbSvc) -- C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe (Sony Corporation)
SRV - (VzFw) -- C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe (Sony Corporation)
SRV - (Vcsw) -- C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe (Sony Corporation)
SRV - (MSCSPTISRV) -- C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\MSCSPTISRV.exe (Sony Corporation)
SRV - (PACSPTISVR) -- C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\PACSPTISVR.exe (Sony Corporation)
SRV - (SPTISRV) -- C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\SPTISRV.exe (Sony Corporation)
SRV - (Image Converter video recording monitor for VAIO Entertainment) -- C:\Programme\Sony\Image Converter 2\IcVzMon.exe (Sony Corporation)
SRV - (VAIO Event Service) -- C:\Programme\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation)
SRV - (VCI) -- C:\Programme\Sony\VAIO Cooperated Initialisation\VCI_svc.exe (Sony Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (WDICA) --  File not found
DRV - (PDRFRAME) --  File not found
DRV - (PDRELI) --  File not found
DRV - (PDFRAME) --  File not found
DRV - (PDCOMP) --  File not found
DRV - (PCIDump) --  File not found
DRV - (lbrtfdc) --  File not found
DRV - (i2omgmt) --  File not found
DRV - (esihdrv) -- C:\DOKUME~1\Wolfgang\LOKALE~1\Temp\esihdrv.sys File not found
DRV - (Changer) --  File not found
DRV - (catchme) -- C:\DOKUME~1\Wolfgang\LOKALE~1\Temp\catchme.sys File not found
DRV - (F-Secure Gatekeeper) -- G:\Eigene Programme\F-Secure\Anti-Virus\minifilter\fsgk.sys ()
DRV - (fsbts) -- C:\WINDOWS\system32\drivers\fsbts.sys ()
DRV - (NBVol) -- C:\WINDOWS\system32\drivers\NBVol.sys (Nero AG)
DRV - (NBVolUp) -- C:\WINDOWS\system32\drivers\NBVolUp.sys (Nero AG)
DRV - (tap0901) -- C:\WINDOWS\system32\drivers\tap0901.sys (The OpenVPN Project)
DRV - (F-Secure HIPS) -- G:\Eigene Programme\F-Secure\HIPS\drivers\fshs.sys (F-Secure Corporation)
DRV - (FSFW) -- C:\WINDOWS\system32\drivers\fsdfw.sys (F-Secure Corporation)
DRV - (F-Secure Filter) -- G:\Eigene Programme\F-Secure\Anti-Virus\win2k\fsfilter.sys ()
DRV - (F-Secure Recognizer) -- G:\Eigene Programme\F-Secure\Anti-Virus\win2k\fsrec.sys ()
DRV - (WDC_SAM) -- C:\WINDOWS\system32\drivers\wdcsam.sys (Western Digital Technologies)
DRV - (SonyImgF) -- C:\WINDOWS\system32\drivers\SonyImgF.sys (Sony Corporation)
DRV - (s24trans) -- C:\WINDOWS\system32\drivers\s24trans.sys (Intel Corporation)
DRV - (w39n51) -- C:\WINDOWS\system32\drivers\w39n51.sys (Intel® Corporation)
DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (SigmaTel, Inc.)
DRV - (Tosrfusb) -- C:\WINDOWS\system32\drivers\tosrfusb.sys (TOSHIBA CORPORATION)
DRV - (TosRfSnd) -- C:\WINDOWS\system32\drivers\tosrfsnd.sys (TOSHIBA Corporation)
DRV - (usbvm321) -- C:\WINDOWS\system32\drivers\usbvm321.sys (Vimicro Corporation)
DRV - (HSF_DPV) -- C:\WINDOWS\system32\drivers\HSF_DPV.sys (Conexant Systems, Inc.)
DRV - (HSFHWAZL) -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (Tosrfbd) -- C:\WINDOWS\system32\drivers\tosrfbd.sys (TOSHIBA CORPORATION)
DRV - (Tosrfhid) -- C:\WINDOWS\system32\drivers\tosrfhid.sys (TOSHIBA Corporation.)
DRV - (ti21sony) -- C:\WINDOWS\system32\drivers\ti21sony.sys (Texas Instruments)
DRV - (SI3132) -- C:\WINDOWS\system32\drivers\SI3132.sys (Silicon Image, Inc.)
DRV - (SiRemFil) -- C:\WINDOWS\system32\drivers\SiRemFil.sys (Silicon Image, Inc.)
DRV - (tosporte) -- C:\WINDOWS\system32\drivers\tosporte.sys (TOSHIBA Corporation)
DRV - (Tosrfbnp) -- C:\WINDOWS\system32\drivers\tosrfbnp.sys (TOSHIBA Corporation)
DRV - (Tosrfcom) -- C:\WINDOWS\system32\drivers\tosrfcom.sys (TOSHIBA Corporation)
DRV - (toshidpt) -- C:\WINDOWS\system32\drivers\toshidpt.sys (TOSHIBA Corporation.)
DRV - (tosrfnds) -- C:\WINDOWS\system32\drivers\tosrfnds.sys (TOSHIBA Corporation.)
DRV - (ApfiltrService) -- C:\WINDOWS\system32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (SiFilter) -- C:\WINDOWS\system32\drivers\SiWinAcc.sys (Silicon Image, Inc.)
DRV - (DMICall) -- C:\WINDOWS\system32\drivers\DMICall.sys (Sony Corporation)
DRV - (SNC) -- C:\WINDOWS\system32\drivers\SonyNC.sys (Sony Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.club-vaio.com/de/
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.club-vaio.com/de/
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-21-2067509887-573568312-3817669188-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-21-2067509887-573568312-3817669188-1006\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-2067509887-573568312-3817669188-1006\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-2067509887-573568312-3817669188-1006\..\SearchScopes\{0F9E37E5-7094-4B2A-BA63-45728792B28B}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=FKR&o=100000013&src=crm&q={searchTerms}&locale=&apn_ptnrs=2T&apn_dtid=YYYYYYYYDE&apn_uid=20f87da0-8a57-4582-a7cf-f83df4dd67e0&apn_sauid=E6103EC5-827E-45F3-9103-1CA704EF6625
IE - HKU\S-1-5-21-2067509887-573568312-3817669188-1006\..\SearchScopes\{AF0B3699-313C-47CE-B187-97C181997C92}: "URL" = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKU\S-1-5-21-2067509887-573568312-3817669188-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "hxxp://www.kottowski.de"
FF - prefs.js..extensions.enabledAddons: spam%40trashmail.net:2.6.2
FF - prefs.js..extensions.enabledAddons: litmus-ff%40f-secure.com:1.10
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0
FF - prefs.js..keyword.URL: "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=FKR&o=100000013&locale=de_DE&apn_uid=20f87da0-8a57-4582-a7cf-f83df4dd67e0&apn_ptnrs=2T&apn_sauid=E6103EC5-827E-45F3-9103-1CA704EF6625&apn_dtid=YYYYYYYYDE&&q="
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Programme\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Nero.com/KM: C:\PROGRA~1\GEMEIN~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.4: G:\Programme\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: G:\Programme\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101753.dll (Amazon.com, Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\litmus-ff@f-secure.com: G:\Eigene Programme\F-Secure\NRS\litmus-ff@f-secure.com [2013.01.03 20:18:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0\extensions\\Components: g:\programme\mozilla firefox\components [2013.01.10 20:43:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0\extensions\\Plugins: g:\programme\mozilla firefox\plugins
 
[2012.06.10 19:48:52 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Wolfgang\Anwendungsdaten\Mozilla\Extensions
[2012.12.02 20:03:37 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Wolfgang\Anwendungsdaten\Mozilla\Firefox\Profiles\jp8vstay.default\extensions
[2012.10.24 21:55:03 | 000,000,000 | ---D | M] (Fotosketcher Toolbar) -- C:\Dokumente und Einstellungen\Wolfgang\Anwendungsdaten\Mozilla\Firefox\Profiles\jp8vstay.default\extensions\toolbar@ask.com
[2012.12.02 20:03:37 | 000,217,069 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\Wolfgang\Anwendungsdaten\Mozilla\Firefox\Profiles\jp8vstay.default\extensions\spam@trashmail.net.xpi
[2012.10.24 21:55:04 | 000,002,331 | ---- | M] () -- C:\Dokumente und Einstellungen\Wolfgang\Anwendungsdaten\Mozilla\Firefox\Profiles\jp8vstay.default\searchplugins\askcom.xml
[2013.01.03 20:18:32 | 000,000,000 | ---D | M] ("urn:mozilla:install-manifest" em:creator="(c) 2007 by F-Secure" em:description="Browsing Protection Toolbar" em:homepageURL="hxxp://www.f-secure.com/" em:iconURL="chrome://litmus-ff/skin/logo.png" em:id="litmus-ff@f-secure.com" em:name="Browsing Protection" em:updateURL="https://10.70.0.25/fireup/update.rdf" em:version="1.10">) -- G:\EIGENE PROGRAMME\F-SECURE\NRS\LITMUS-FF@F-SECURE.COM
 
O1 HOSTS File: ([2013.01.09 21:56:43 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Programme\Google\GoogleToolbar1.dll (Google Inc.)
O2 - BHO: (Browsing Protection Class) - {C6867EB7-8350-4856-877F-93CF8AE3DC9C} - G:\Eigene Programme\F-Secure\NRS\iescript\baselitmus.dll (F-Secure Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Programme\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Browsing Protection Toolbar) - {265EEE8E-3228-44D3-AEA5-F7FDF5860049} - G:\Eigene Programme\F-Secure\NRS\iescript\baselitmus.dll (F-Secure Corporation)
O3 - HKU\S-1-5-21-2067509887-573568312-3817669188-1006\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-21-2067509887-573568312-3817669188-1006\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKU\S-1-5-21-2067509887-573568312-3817669188-1006\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Programme\Google\GoogleToolbar1.dll (Google Inc.)
O4 - HKLM..\Run: [Acrobat Assistant 7.0] C:\Programme\Adobe\Acrobat 7.0\Distillr\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Apoint] C:\Programme\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [BoxSyncHelper] C:\Programme\Box Sync\BoxSyncHelper.exe (Box, Inc.)
O4 - HKLM..\Run: [F-Secure Manager] G:\Eigene Programme\F-Secure\Common\FSM32.EXE (F-Secure Corporation)
O4 - HKLM..\Run: [F-Secure TNB] G:\Eigene Programme\F-Secure\FSGUI\TNBUtil.exe (F-Secure Corporation)
O4 - HKLM..\Run: [ISBMgr.exe] C:\Programme\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [Mouse Suite 98 Daemon] C:\WINDOWS\System32\ico.exe (Primax Electronics Ltd.)
O4 - HKLM..\Run: [NBAgent] C:\Programme\Nero\Nero 11\Nero BackItUp\NBAgent.exe (Nero AG)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [PDFPrint] G:\Programme\PDF24\pdf24.exe (Geek Software GmbH)
O4 - HKLM..\Run: [SonyPowerCfg] C:\Programme\Sony\VAIO Power Management\SPMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Switcher.exe] C:\Programme\Sony\Wireless Switch Setting Utility\Switcher.exe (Sony Corporation)
O4 - HKLM..\Run: [Ulead AutoDetector v2] C:\Programme\Gemeinsame Dateien\Ulead Systems\AutoDetector\Monitor.exe (Ulead Systems, Inc.)
O4 - HKLM..\Run: [VAIO Update 5] C:\Programme\Sony\VAIO Update 5\VAIOUpdt.exe (Sony Corporation)
O4 - HKLM..\Run: [VAIOCameraUtility] C:\Programme\Sony\VAIO Camera Utility\VCUServe.exe (Sony Corporation)
O4 - HKU\S-1-5-21-2067509887-573568312-3817669188-1006..\Run: [Software Informer] C:\Programme\Software Informer\softinfo.exe (Informer Technologies, Inc.)
O4 - HKU\S-1-5-21-2067509887-573568312-3817669188-1006..\Run: [Ubuntu One] C:\Programme\ubuntuone\dist\ubuntuone-syncdaemon.exe ()
O4 - HKU\S-1-5-21-2067509887-573568312-3817669188-1006..\Run: [Ubuntu One Icon] C:\Programme\ubuntuone\dist\ubuntuone-control-panel-qt.exe ()
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Bluetooth Manager.lnk = C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe ()
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Box Sync.lnk = C:\Programme\Box Sync\BoxSync.exe (Box, Inc.)
O4 - Startup: C:\Dokumente und Einstellungen\Wolfgang\Startmenü\Programme\Autostart\Hardcopy.LNK = G:\hardcopy\hardcopy.exe (sw4you, Siegfried Weckmann)
O4 - Startup: C:\Dokumente und Einstellungen\Wolfgang\Startmenü\Programme\Autostart\Twonky 7.1.lnk = C:\Programme\Twonky\TwonkyServer\twonkytray.exe (PacketVideo)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2067509887-573568312-3817669188-1006\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2067509887-573568312-3817669188-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-2067509887-573568312-3817669188-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-2067509887-573568312-3817669188-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &Google-Suche - C:\Programme\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: &Ins Deutsche übersetzen - C:\Programme\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Ähnliche Seiten - C:\Programme\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Im Cache gespeicherte Seite - C:\Programme\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Verweisseiten - C:\Programme\Google\GoogleToolbar1.dll (Google Inc.)
O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_05\bin\NPJPI150_05.dll (Sun Microsystems, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - G:\Eigene Programme\F-Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - G:\Eigene Programme\F-Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - G:\Eigene Programme\F-Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - G:\Eigene Programme\F-Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O15 - HKU\.DEFAULT\..Trusted Domains: sony-europe.com ([] in Lokales Intranet)
O15 - HKU\.DEFAULT\..Trusted Domains: sony-europe.com ([]* in Vertrauenswürdige Sites)
O15 - HKU\.DEFAULT\..Trusted Domains: sonystyle-europe.com ([] in Lokales Intranet)
O15 - HKU\.DEFAULT\..Trusted Domains: sonystyle-europe.com ([]* in Vertrauenswürdige Sites)
O15 - HKU\.DEFAULT\..Trusted Domains: vaio-link.com ([] in Lokales Intranet)
O15 - HKU\.DEFAULT\..Trusted Domains: vaio-link.com ([]* in Vertrauenswürdige Sites)
O15 - HKU\S-1-5-18\..Trusted Domains: sony-europe.com ([] in Lokales Intranet)
O15 - HKU\S-1-5-18\..Trusted Domains: sony-europe.com ([]* in Vertrauenswürdige Sites)
O15 - HKU\S-1-5-18\..Trusted Domains: sonystyle-europe.com ([] in Lokales Intranet)
O15 - HKU\S-1-5-18\..Trusted Domains: sonystyle-europe.com ([]* in Vertrauenswürdige Sites)
O15 - HKU\S-1-5-18\..Trusted Domains: vaio-link.com ([] in Lokales Intranet)
O15 - HKU\S-1-5-18\..Trusted Domains: vaio-link.com ([]* in Vertrauenswürdige Sites)
O15 - HKU\S-1-5-21-2067509887-573568312-3817669188-1006\..Trusted Domains: sony-europe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-2067509887-573568312-3817669188-1006\..Trusted Domains: sonystyle-europe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-2067509887-573568312-3817669188-1006\..Trusted Domains: vaio-link.com ([]* in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab (Java Plug-in 1.5.0_05)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D736588D-959B-4DE4-8835-3D3DDD703445}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\VESWinlogon: DllName - (VESWinlogon.dll) - C:\WINDOWS\System32\VESWinlogon.dll (Sony Corporation)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\WINDOWS\VAIO Sea Wallpaper TrueColor 1280x800.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\VAIO Sea Wallpaper TrueColor 1280x800.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005.12.12 17:40:12 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - F:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.01.10 19:53:32 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2013.01.10 01:04:17 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\mbar-1.01.0.1011
[2013.01.09 21:40:45 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Wolfgang\Anwendungsdaten\Opera
[2013.01.09 21:31:25 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Wolfgang\Lokale Einstellungen\Anwendungsdaten\PCHealth
[2013.01.08 22:49:57 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2013.01.08 22:46:23 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2013.01.08 22:46:23 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2013.01.08 22:46:22 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2013.01.08 22:46:22 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2013.01.08 22:45:53 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.01.08 22:45:50 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\Wolfgang\Startmenü\Programme\Verwaltung
[2013.01.08 22:45:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
[2013.01.08 22:41:04 | 005,019,950 | R--- | C] (Swearware) -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\ComboFix.exe
[2013.01.06 17:50:24 | 002,213,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\tdsskiller.exe
[2013.01.06 17:02:38 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\aswMBR.exe
[2013.01.06 00:57:18 | 002,841,344 | ---- | C] (ESET) -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\SysInspector.exe
[2013.01.04 18:58:43 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\OTL.exe
[2013.01.03 21:53:20 | 000,000,000 | ---D | C] -- C:\Programme\ESET
[2013.01.03 00:30:55 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Wolfgang\Anwendungsdaten\Malwarebytes
[2013.01.03 00:30:32 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware
[2013.01.03 00:30:29 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
[2013.01.03 00:30:25 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2013.01.03 00:30:25 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2013.01.02 22:16:19 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Wolfgang\Anwendungsdaten\F-Secure
[2012.12.22 19:33:58 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Wolfgang\Startmenü\Programme\The GodFather
[2012.12.22 01:54:27 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Wolfgang\Pictures - GT-P5100
[2012.12.22 00:34:45 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Wolfgang\Ubuntu One
[2012.12.22 00:34:43 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Wolfgang\Lokale Einstellungen\Anwendungsdaten\ubuntuone
[2012.12.22 00:34:31 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Wolfgang\Lokale Einstellungen\Anwendungsdaten\xdg
[2012.12.22 00:34:31 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ubuntuone-storageprotocol
[2012.12.22 00:34:31 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ubuntuone
[2012.12.22 00:34:22 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Ubuntu One
[2012.12.22 00:34:10 | 000,000,000 | ---D | C] -- C:\Programme\ubuntuone
[2012.12.21 20:51:21 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Box Sync
[2012.12.21 01:26:56 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen\Wolfgang\IECompatCache
[2012.12.20 23:59:17 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Wolfgang\Lokale Einstellungen\Anwendungsdaten\IsolatedStorage
[2012.12.20 23:57:37 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Western Digital
[2012.12.20 23:37:20 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\WD Link
[2012.12.20 21:16:52 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Wolfgang\Anwendungsdaten\TwonkyServer
[2012.12.20 21:15:50 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\twonkyserver
[2012.12.20 21:15:45 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Wolfgang\Startmenü\Programme\Twonky 7.1
[2012.12.20 21:15:32 | 000,000,000 | ---D | C] -- C:\Programme\Twonky
[2012.12.20 20:39:37 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Wolfgang\Anwendungsdaten\MioNetApplet
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.01.16 13:38:15 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013.01.16 13:08:00 | 000,041,156 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2013.01.16 13:07:39 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013.01.16 13:07:37 | 2145,570,816 | -HS- | M] () -- C:\hiberfil.sys
[2013.01.15 17:20:34 | 000,554,087 | ---- | M] () -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\adwcleaner.exe
[2013.01.10 01:02:20 | 013,485,902 | ---- | M] () -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\mbar-1.01.0.1011.zip
[2013.01.09 22:39:06 | 000,697,864 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2013.01.09 22:39:06 | 000,074,248 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2013.01.09 21:56:43 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2013.01.09 01:20:56 | 000,532,878 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2013.01.09 01:20:56 | 000,506,794 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013.01.09 01:20:56 | 000,108,784 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2013.01.09 01:20:56 | 000,090,702 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013.01.09 01:14:02 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2013.01.08 22:50:01 | 000,000,498 | RHS- | M] () -- C:\boot.ini
[2013.01.08 22:40:54 | 005,019,950 | R--- | M] (Swearware) -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\ComboFix.exe
[2013.01.07 23:24:51 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013.01.06 17:50:28 | 002,213,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\tdsskiller.exe
[2013.01.06 17:32:30 | 000,000,512 | ---- | M] () -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\MBR.dat
[2013.01.06 17:03:30 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\aswMBR.exe
[2013.01.06 06:33:34 | 006,009,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
[2013.01.06 00:57:24 | 002,841,344 | ---- | M] (ESET) -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\SysInspector.exe
[2013.01.05 23:17:40 | 000,000,315 | ---- | M] () -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\F-Secure Health Check.url
[2013.01.04 18:49:59 | 000,000,000 | ---- | M] () -- C:\Dokumente und Einstellungen\Wolfgang\defogger_reenable
[2013.01.04 18:41:40 | 000,050,477 | ---- | M] () -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\Defogger.exe
[2013.01.04 18:08:40 | 000,381,632 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013.01.03 16:25:54 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\OTL.exe
[2013.01.03 00:30:32 | 000,000,763 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012.12.22 23:57:40 | 000,000,000 | ---- | M] () -- C:\1.htm
[2012.12.22 23:39:23 | 000,007,026 | ---- | M] () -- C:\WINDOWS\cdplayer.ini
[2012.12.22 19:40:20 | 000,000,609 | ---- | M] () -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\TheGodFather.lnk
[2012.12.22 00:34:23 | 000,001,743 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Ubuntu One.lnk
[2012.12.21 20:52:03 | 000,001,333 | ---- | M] () -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\My Box Files.lnk
[2012.12.21 20:51:21 | 000,001,616 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Box Sync.lnk
[2012.12.20 23:57:37 | 000,001,807 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\My Net View.lnk
[2012.12.20 23:37:20 | 000,001,001 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\WD Link.lnk
[2012.12.20 21:16:10 | 000,000,804 | ---- | M] () -- C:\Dokumente und Einstellungen\Wolfgang\Startmenü\Programme\Autostart\Twonky 7.1.lnk
[2012.12.20 21:15:52 | 000,000,792 | ---- | M] () -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\Twonky 7.1.lnk
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.01.15 17:20:35 | 000,554,087 | ---- | C] () -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\adwcleaner.exe
[2013.01.10 01:01:49 | 013,485,902 | ---- | C] () -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\mbar-1.01.0.1011.zip
[2013.01.08 22:49:59 | 000,262,448 | RHS- | C] () -- C:\cmldr
[2013.01.08 22:46:23 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2013.01.08 22:46:23 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2013.01.08 22:46:23 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2013.01.08 22:46:22 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2013.01.08 22:46:22 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2013.01.06 17:32:30 | 000,000,512 | ---- | C] () -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\MBR.dat
[2013.01.05 23:17:40 | 000,000,315 | ---- | C] () -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\F-Secure Health Check.url
[2013.01.04 18:49:59 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\Wolfgang\defogger_reenable
[2013.01.04 18:41:44 | 000,050,477 | ---- | C] () -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\Defogger.exe
[2013.01.03 00:30:32 | 000,000,763 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012.12.22 23:57:05 | 000,000,000 | ---- | C] () -- C:\1.htm
[2012.12.22 19:40:20 | 000,000,609 | ---- | C] () -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\TheGodFather.lnk
[2012.12.22 00:34:23 | 000,001,743 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Ubuntu One.lnk
[2012.12.21 20:51:21 | 000,001,616 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Box Sync.lnk
[2012.12.20 23:57:37 | 000,001,807 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\My Net View.lnk
[2012.12.20 23:37:20 | 000,001,001 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\WD Link.lnk
[2012.12.20 21:16:10 | 000,000,804 | ---- | C] () -- C:\Dokumente und Einstellungen\Wolfgang\Startmenü\Programme\Autostart\Twonky 7.1.lnk
[2012.12.20 21:15:52 | 000,000,792 | ---- | C] () -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\Twonky 7.1.lnk
[2012.11.07 22:23:10 | 000,003,396 | ---- | C] () -- C:\Dokumente und Einstellungen\Wolfgang\Lokale Einstellungen\Anwendungsdaten\recently-used.xbel
[2012.10.10 21:11:33 | 000,001,158 | ---- | C] () -- C:\Dokumente und Einstellungen\Wolfgang\Anwendungsdaten\ShiftN.ini
[2012.10.01 23:04:30 | 000,345,366 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\WPFFontCache_v0400-S-1-5-21-2067509887-573568312-3817669188-1007-0.dat
[2012.07.23 22:16:08 | 013,476,602 | ---- | C] () -- C:\Dokumente und Einstellungen\Wolfgang\ZDFneo-Der_Adler_-_Codename__Sisyphus-120705_adler_sisyphus_neo.asx.asf
[2012.07.22 20:14:51 | 000,000,030 | ---- | C] () -- C:\WINDOWS\Iedit_.INI
[2012.07.22 19:51:26 | 000,120,200 | ---- | C] () -- C:\WINDOWS\System32\DLLDEV32i.dll
[2012.07.22 19:46:39 | 000,007,119 | ---- | C] () -- C:\WINDOWS\mgxoschk.ini
[2012.06.28 15:06:13 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012.06.28 01:39:10 | 000,891,902 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\WPFFontCache_v0400-S-1-5-21-2067509887-573568312-3817669188-1006-0.dat
[2012.06.28 01:39:08 | 000,345,366 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\WPFFontCache_v0400-System.dat
[2012.06.26 21:04:22 | 000,007,026 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2012.06.26 20:09:31 | 000,044,240 | ---- | C] () -- C:\WINDOWS\System32\drivers\fsbts.sys
[2012.06.10 20:11:28 | 000,000,166 | ---- | C] () -- C:\Dokumente und Einstellungen\Wolfgang\Anwendungsdaten\wklnhst.dat
[2012.06.10 16:58:38 | 000,004,608 | ---- | C] () -- C:\Dokumente und Einstellungen\Wolfgang\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.06.10 16:36:14 | 000,000,272 | ---- | C] () -- C:\Dokumente und Einstellungen\Wolfgang\Anwendungsdaten\.backup.dm
[2012.06.09 21:25:28 | 000,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2012.06.09 21:16:26 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\Cpuinf32.dll
[2012.06.09 21:12:07 | 000,000,059 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2012.06.09 21:05:27 | 000,000,146 | ---- | C] () -- C:\Dokumente und Einstellungen\Wolfgang\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
 
========== ZeroAccess Check ==========
 
[2005.12.12 17:36:51 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2012.04.20 20:29:44 | 001,510,400 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.02.09 11:51:44 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008.04.14 03:22:32 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >
Code:
OTL Extras logfile created on: 16.01.2013 13:31:37 - Run 5
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Dokumente und Einstellungen\Wolfgang\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,10 Gb Available Physical Memory | 55,19% Memory free
3,85 Gb Paging File | 2,96 Gb Available in Paging File | 76,85% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 48,83 Gb Total Space | 25,39 Gb Free Space | 51,99% Space Free | Partition Type: NTFS
Drive D: | 140,58 Gb Total Space | 125,15 Gb Free Space | 89,03% Space Free | Partition Type: FAT32
Drive F: | 48,83 Gb Total Space | 35,30 Gb Free Space | 72,30% Space Free | Partition Type: NTFS
Drive G: | 75,89 Gb Total Space | 68,83 Gb Free Space | 90,70% Space Free | Partition Type: NTFS
Drive J: | 50,27 Gb Total Space | 50,26 Gb Free Space | 100,00% Space Free | Partition Type: FAT32
Drive N: | 465,73 Gb Total Space | 115,08 Gb Free Space | 24,71% Space Free | Partition Type: NTFS
 
Computer Name: LAPTOP-PC | User Name: Wolfgang | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
 
[HKEY_USERS\S-1-5-21-2067509887-573568312-3817669188-1006\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- g:\programme\mozilla firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "G:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [CEWE FOTOSCHAU] -- "G:\Programme\CEWE COLOR\Mein CEWE FOTOBUCH\CEWE FOTOSCHAU.exe" -d "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Mein CEWE FOTOBUCH] -- "G:\Programme\CEWE COLOR\Mein CEWE FOTOBUCH\Mein CEWE FOTOBUCH.exe" "%1" ()
Directory [PlayWithVLC] -- "G:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Programme\Adobe\Photoshop Elements 4.0\AdobePhotoshopElementsMediaServer.exe" = C:\Programme\Adobe\Photoshop Elements 4.0\AdobePhotoshopElementsMediaServer.exe:*:Disabled:Adobe Photoshop Elements Media Server -- ()
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Programme\Twonky\TwonkyServer\twonkystarter.exe" = C:\Programme\Twonky\TwonkyServer\twonkystarter.exe:*:Enabled:TwonkyServer -- (PacketVideo)
"C:\Programme\Twonky\TwonkyServer\twonkyserver.exe" = C:\Programme\Twonky\TwonkyServer\twonkyserver.exe:*:Enabled:TwonkyServer -- ()
"C:\Programme\ubuntuone\dist\ubuntuone-syncdaemon.exe" = C:\Programme\ubuntuone\dist\ubuntuone-syncdaemon.exe:*:Enabled:Ubuntu One -- ()
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00F8608F-BA6A-4B32-843A-1A568ACD1198}" = VAIO Sea Wallpaper
"{013E1BA8-C815-4E27-BCB9-D6B1B2E24094}" = SonicStage Mastering Studio Audio Filter Custom Preset
"{01E9B2FF-DAF4-4529-9CC9-2101625517C7}" = nero.prerequisites.msi
"{01FDC9FC-4D4F-4DB0-ACD1-D3E8E1D52902}" = Sony MP4 Shared Library
"{034DCAF9-96E7-4936-9A07-712F80B5181E}" = Nero RescueAgent 11
"{0673654C-5296-453B-9798-B61CD7E03FEB}" = SES Driver
"{0713D1F9-DD77-42C1-8C7D-54D479E2E743}" = Nero SoundTrax 11
"{075473F5-846A-448B-BCB3-104AA1760205}" = Roxio DigitalMedia Data
"{0D7A4289-99CF-4B8D-B812-86BE50A54552}" = Nero Video 11
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{11C98E1A-EC91-4B38-B44C-C562292D8453}" = Adobe Premiere Elements 2.0
"{11D3EF85-63E1-4AE4-A7C1-9241BDB16B51}" = Nero ControlCenter 11
"{1417F599-1DBD-4499-9375-B2813E9F890C}" = VAIO Camera Utility
"{14DC0059-00F1-4F62-BD1A-AB23CD51A95E}" = Adobe AIR
"{15803703-25FA-4C01-A062-3F4A59937E87}" = Ulead PhotoImpact X3
"{1BEF9285-5530-426B-A5F1-5836B95C7EB1}" = VAIO Original Screen Saver
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2063C2E8-3812-4BBD-9998-6610F80C1DD4}" = VAIO Media AC3 Decoder 1.0
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 9
"{27337663-2619-11D4-99DC-0000F49094C7}" = Memory Stick Formatter
"{28C70D19-6DE9-43EF-BFA3-342F4A11B727}" = LibreOffice 3.5
"{2A0F3EF9-68EE-49E9-A05B-ED5B82DF63E5}" = Wireless Switch Setting Utility
"{2AEDC172-479F-47AE-8A48-A0524D4AED5B}_is1" = Inpaint 4.7
"{2CA7225D-CB12-462A-9DD1-50319E158BA5}" = Nero 11 PiP Effects Basic
"{3248F0A8-6813-11D6-A77B-00B0D0150050}" = J2SE Runtime Environment 5.0 Update 5
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{390757AA-8830-43DC-AEE0-4E5B6F8439EB}" = Nero SoundTrax 11 Help (CHM)
"{3966711E-1F98-4C9F-AE0B-6AD28137FE64}" = Multiple Image Resizer .NET 4
"{3B418709-D688-4E3A-BE0E-7D71FA84C948}" = Nero 11 PiP Effects 1
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4382FC76-8100-4951-8658-31834E625E88}" = Nero 11 Video Transitions 1
"{498A4E3D-562E-4129-8722-6DCAB12384AE}" = Windows Communication Foundation Language Pack - DEU
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{529125EF-E3AC-4B74-97E6-F688A7C0F1BF}" = Paint.NET v3.5.10
"{53F7746A-96AA-49A5-86B8-59989680DAC5}" = Nero Burning ROM 11 Help (CHM)
"{55C2143E-FBA5-442F-9AFA-726FF068F39D}" = Nero CoverDesigner 11 Help (CHM)
"{560F6B2E-F0DF-44E5-8190-A4A161F0E205}" = VAIO Media 5.0
"{57F80ECF-E27C-4EEE-AB58-E971BACE2639}" = Nero Recode 11 Help (CHM)
"{5855C127-1F20-404D-B7FB-1FD84D7EAB5E}" = VAIO Media Redistribution 5.0
"{59452470-A902-477F-9338-9B88101681BD}" = Setting Utility Series
"{5958CAC6-373E-402F-84FE-0A699AA920B9}" = LAN Setting Utility
"{5A212B2D-140D-46F4-B625-2D1CA5A00594}" = Nero 11 Kwik Themes Basic
"{5BEE8F1F-BD32-4553-8107-500439E43BD7}" = VAIO Update
"{5E940FC7-90C4-8583-3DCB-A2C86224B726}" = Shrink O’Matic
"{5E98FDD6-3672-4DBE-AB8B-2C9A0BED1382}" = Nero 11 Disc Menus 3
"{60356853-8141-8377-6786-288431479053}" = Jewel Empire-Hidden Secrets
"{61D6E4FB-1A62-4EB1-BE56-929B00C155CF}" = Wireless LAN Starter
"{63B8FB69-A1B6-425D-B67D-5257B7A1F663}" = Image Converter 2 Plus
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{668B1BD6-4593-4959-970E-249AFFE6F35C}" = VOR
"{685BCC47-B8EC-45EC-BBCE-77DF2451502C}" = DVgate Plus
"{6AB2427E-A18F-4809-9A12-29F5EBABBB3A}" = Nero BackItUp 11 Help (CHM)
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6B1F20F2-6321-4669-A58C-33DF8E7517FF}" = VAIO Entertainment Platform
"{7228FD8C-3B9E-4204-AE36-8A466107685B}" = Windows Workflow Foundation DE Language Pack
"{785EB1D4-ECEC-4195-99B4-73C47E187721}" = VAIO Media Integrated Server 5.0
"{7DF2B5EE-2C16-4E86-9C71-8678068AD805}" = Nero 11 Disc Menus 2
"{7F9C9908-69E3-4474-A081-256F27995A18}" = My Net View
"{8014FACB-1D1D-48C2-94AA-E29EE2E6B9CE}" = Nero WaveEditor 11
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 4.9.0
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8937FCB2-2FC6-4FC3-9FB5-DE2C92DB9C38}" = Microsoft .NET Framework 2.0 Language Pack - DEU
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8EDBA74D-0686-4C99-BFDD-F894678E5102}" = Adobe Common File Installer
"{8FFC924C-ED06-44CB-8867-3CA778ECE903}" = Adobe Help Center 2.0
"{9080C5D2-82FA-452A-87FA-CBB4B05D67A5}" = VPS
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD for VAIO
"{9193490D-5229-4FC4-9BB9-A6D63C09574A}" = High-Definition Video Playback
"{92DF2F1B-F63C-4D9A-B3E1-B2D11AE29790}" = Windows Presentation Foundation Language Pack (DEU)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9CC89556-3578-48DD-8408-04E66EBEF401}" = mXML
"{9E319E96-ED8E-4B01-9775-C521A1869A25}" = VAIO Power Management
"{9E407618-D9CD-4F39-9490-9ED45294073D}" = Click to DVD 2.0.03 Menu Data
"{9FC86590-AC98-4845-80D4-3EB37B51947B}" = Nero 11
"{A0EB195B-5876-48E6-879D-33D4B2102610}" = SonicStage 3.3
"{A0F34849-D9AB-46DD-B1BE-BB0DB60B1FE8}" = Nero 11 Disc Menus 1
"{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}" = mDriver
"{A2CDC001-F8B3-4C64-9E74-2E3FA0FAC9D9}" = Nero 11 Video Samples
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A3810BEE-967B-41DC-9662-F941A3F7D689}" = calibre
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A4F6BE36-4826-45BA-A396-04F265A3B61D}" = Nero 11 Kwik Themes 2
"{A7A0BF2E-31CC-49E3-9913-52C503EB969D}" = Nero Audio Pack 1
"{AB2BBC64-8AC8-4E66-BBF3-E22D5EACEECA}" = Nero BackItUp 11
"{AB467B85-4F52-48C2-AEED-0673D00417B0}" = SonicStage Mastering Studio Audio Filter
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Roxio DigitalMedia Audio
"{ABBD2A2E-2424-4078-966F-F319A88D5F21}" = VAIO Starfish Wallpaper
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.5) - Deutsch
"{ACD6B383-EC5B-4000-A455-CCB308B447FE}" = Nero 11 Kwik Themes 4
"{AF9A04EB-7D8E-41DE-9EDE-4AB9BB2B71B6}" = VAIO Media Registration Tool 5.0
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Roxio DigitalMedia Copy
"{B160A672-F326-4414-9BB0-A056C61B357C}" = Nero 11 Cliparts
"{B1846721-A8E6-46C7-83B6-0DCF7ADB4267}" = Nero Burning ROM 11
"{B1F69AF3-B5B5-4CA5-ADC5-8A738EB6E574}" = Nero 11 Kwik Themes 1
"{B26E3B0D-C2FA-4370-B068-7C476766F029}" = Microsoft Works
"{B3F1E526-180B-4480-9FEC-3E2DCB8EA9CE}" = F-Secure PSC Prerequisites
"{B7C03E84-AF46-42F4-809D-D4127D9086D0}" = VAIO Edit Components 6.0
"{B9B1BA7F-7E07-49DD-A713-5B397A5BB66B}" = Nero Kwik Media Help (CHM)
"{BA499CC0-12C0-4BA5-9007-76844B721158}" = Nero 11 Kwik Themes 3
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BE56FEF0-1A0F-4719-B3AD-34B5087AFA6D}" = Sony Video Shared Library
"{BE814218-3919-4EA3-868A-2F60BC135CB4}" = Nero Kwik Media
"{BEBEE34D-84A2-4EDD-8BEA-96CC54371263}" = Nero Core Components 11
"{BF3B304B-8A18-452D-A19F-6012CA8418D7}" = SonicStage Mastering Studio 2.1
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C27BF761-C499-488D-A964-A3718BC6EC3E}" = DSD Direct
"{C89EB8CD-675F-44F4-9729-4C9A8FAC2D4F}" = DSD Playback Plug-In 1.0
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCE210DF-7EEF-4A76-A63C-3EB091FDB992}" = welcome
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE518445-0054-44F8-8315-2AD45BF3701E}" = Raw Therapee V4.0.9.50 x86
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{D010EBB6-6CDB-4360-90ED-743156F3E11F}" = LibreOffice 3.5 Help Pack (German)
"{D01CE99A-8802-483C-A79F-298B691EB432}" = Nero RescueAgent 11 Help (CHM)
"{D2CBEFA4-F2D3-4E97-A171-8BFD6A31A5EC}" = Nero Express 11 Help (CHM)
"{D2D23D08-D10E-43D6-883C-78E0B2AC9CC6}" = VU5x86
"{D4D66270-9147-4BDF-9946-FCA2B303AA8F}" = Nero ControlCenter 11 Help (CHM)
"{E09B48B5-E141-427A-AB0C-D3605127224A}" = Microsoft SQL Server Desktop Engine (VAIO_VEDB)
"{E10AAE4A-98B8-420A-BD93-E0520C23D624}" = Nero Express 11
"{E4715C25-7114-4F40-A915-C1951D4D7520}" = VAIO Update Merge Module x86
"{E51BC4B0-EA5E-49CC-AF3B-93B5C627EC22}" = Nero 11 Effects Basic
"{E5E6E687-1031-0000-0000-000000000002}" = Adobe Acrobat  7.0 Elements - Deutsch
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{E809063C-51A3-4269-8984-D1EB742F2151}" = Click to DVD 2.5.00
"{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore
"{EB8DED20-A887-4A9C-BB5A-F3E7523DFB44}" = Nero WaveEditor 11 Help (CHM)
"{EBB7C1C1-D439-4D9B-9FDC-954C10F266B0}" = Adobe Photoshop Elements 4.0
"{EE7EB179-5AA2-4B28-AC92-5CBAAF82BA7F}" = SonicStage Mastering Studio Plugins
"{EF3D45BB-2260-4008-88EA-492E7744A9DF}" = Sony Utilities DLL
"{F0AC2E59-2AD8-4D4C-8677-4EFE8F8AFC37}" = Box Sync
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0D85ADD-DD61-4B43-87A0-6DA52A211A8B}" = VAIO Event Service
"{F2A7F421-1679-48D5-B918-96999014ED53}" = Microsoft .NET Framework 3.0 German Language Pack
"{F3743A2C-5D5F-4456-8F98-5DF36A954C50}" = Nero 11 Image Samples
"{F49EF443-B2BD-4F10-8A46-87AFCDB90EDD}" = Nero 11 Disc Menus Basic
"{F5E4C38C-73BC-4D44-8BFC-969C2B4DABCA}" = OpenMG Secure Module 4.3.00
"{F69FB940-5031-4FE8-AFAD-085802D0BF63}" = Nero Recode 11
"{F8EF9B71-53E7-41F5-8E54-47B4C979CB38}" = Nero Backup Drivers
"{FAC3C37E-EDAB-4F3A-A173-A7C70CC88F09}" = Nero Video 11 Help (CHM)
"{FB714F13-10C9-48DB-91C9-DDBCCCBF9370}" = VAIO Original Screen Saver VAIO Cozy Screen SD Wide Contents
"{FC37C108-821D-4EDE-8F40-D5B497586805}" = VAIO Control Center
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"{FF44BCE5-5A18-4051-85F0-BC172D7B4695}" = Nero CoverDesigner 11
"7-Zip" = 7-Zip 9.20
"Adobe Acrobat  7.0 Elements - Deutsch" = Adobe Acrobat  7.0 Elements - Deutsch
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop Elements 4" = Adobe Photoshop Elements 4.0
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.17
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_20030003" = HDAUDIO SoftV92 Data Fax Modem with SmartCP
"Digital Editions" = Adobe Digital Editions
"ESET Online Scanner" = ESET Online Scanner v3
"Exact Audio Copy" = Exact Audio Copy 1.0beta3
"Exif-Viewer" = Exif-Viewer 2.51
"FastStone Photo Resizer" = FastStone Photo Resizer 3.1
"F-Secure Product 444" = F-Secure Internet Security 2009
"GIMP-2_is1" = GIMP 2.8.0
"Hardcopy(G__hardcopy)" = Hardcopy (G:\hardcopy)
"HxD Hex Editor_is1" = HxD Hex Editor Version 1.7.7.0
"ie8" = Windows Internet Explorer 8
"Inkscape" = Inkscape 0.48.2
"InstallShield_{15803703-25FA-4C01-A062-3F4A59937E87}" = Ulead PhotoImpact X3
"InstallShield_{668B1BD6-4593-4959-970E-249AFFE6F35C}" = VAIO-Online-Registrierung (Deutsch)
"InstallShield_{9080C5D2-82FA-452A-87FA-CBB4B05D67A5}" = VAIO Product Survey
"InstallShield_{F5E4C38C-73BC-4D44-8BFC-969C2B4DABCA}" = OpenMG Secure Module 4.3.00
"MAGIX Xtreme Druck Center D" = MAGIX Xtreme Druck Center 5.0.0.7399 (D)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"Mein CEWE FOTOBUCH" = Mein CEWE FOTOBUCH
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 2.0 Language Pack - DEU" = Microsoft .NET Framework 2.0 Language Pack - DEU
"Microsoft .NET Framework 3.0 German Language Pack" = Microsoft .NET Framework 3.0 German Language Pack
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"MouseSuite98" = Sony USB Mouse
"Mozilla Firefox 18.0 (x86 de)" = Mozilla Firefox 18.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MP4 To MP3 Converter_is1" = MP4 To MP3 Converter V3.0.4
"Multiple Image Resizer .NET 4" = Multiple Image Resizer .NET 4
"My Club VAIO Media Center Edition_is1" = My Club VAIO MCE (German) 1.0.1
"net.tw.air.ShrinkOMatic.7C34F9BA9FAD6689FAABBE85F1F5B46BA5A32DE5.1" = Shrink O’Matic
"Notepad++" = Notepad++
"NVIDIA Drivers" = NVIDIA Drivers
"OpenMG HotFix4.3-05-09-14-01" = OpenMG Limited Patch 4.3-05-10-05-01
"PremElem20" = Adobe Premiere Elements 2.0
"ProInst" = Intel(R) PROSet/Wireless Software
"PROSet" = Intel(R) PRO Network Connections Drivers
"ShiftN_is1" = ShiftN 3.6.1
"Software Informer_is1" = Software Informer 1.1
"STRATO HiDrive" = STRATO HiDrive (remove only)
"The GodFather" = The GodFather
"Ubuntu One 4.0.0" = Ubuntu One
"UnderCoverXP_is1" = UnderCoverXP 1.23
"VLC media player" = VLC media player 2.0.4
"WD Link" = WD Link
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows XP Service Pack" = Windows XP Service Pack 3
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-2067509887-573568312-3817669188-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"TwonkyServer" = Twonky 7
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 21.07.2012 16:55:28 | Computer Name = LAPTOP-PC | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung firefox.exe, Version 13.0.1.4548, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
Error - 21.07.2012 18:22:07 | Computer Name = LAPTOP-PC | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung firefox.exe, Version 13.0.1.4548, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
Error - 21.07.2012 18:27:20 | Computer Name = LAPTOP-PC | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung firefox.exe, Version 13.0.1.4548, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
Error - 23.07.2012 14:08:02 | Computer Name = LAPTOP-PC | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung FlashPlayerUpdateService.exe, Version 11.3.300.265,
 fehlgeschlagenes Modul ntdll.dll, Version 5.1.2600.6055, Fehleradresse 0x000113c0.
 
Error - 31.07.2012 16:08:18 | Computer Name = LAPTOP-PC | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung FlashPlayerUpdateService.exe, Version 11.3.300.268,
 fehlgeschlagenes Modul ntdll.dll, Version 5.1.2600.6055, Fehleradresse 0x000113c0.
 
[ System Events ]
Error - 16.01.2013 07:57:17 | Computer Name = LAPTOP-PC | Source = DCOM | ID = 10010
Description = Der Server "{4B635ECB-0887-4015-8CA6-D621362F98D1}" konnte innerhalb
 des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
 
Error - 16.01.2013 07:58:53 | Computer Name = LAPTOP-PC | Source = DCOM | ID = 10010
Description = Der Server "{4B635ECB-0887-4015-8CA6-D621362F98D1}" konnte innerhalb
 des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
 
Error - 16.01.2013 08:00:23 | Computer Name = LAPTOP-PC | Source = DCOM | ID = 10010
Description = Der Server "{4B635ECB-0887-4015-8CA6-D621362F98D1}" konnte innerhalb
 des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
 
Error - 16.01.2013 08:01:53 | Computer Name = LAPTOP-PC | Source = DCOM | ID = 10010
Description = Der Server "{4B635ECB-0887-4015-8CA6-D621362F98D1}" konnte innerhalb
 des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
 
Error - 16.01.2013 08:03:23 | Computer Name = LAPTOP-PC | Source = DCOM | ID = 10010
Description = Der Server "{4B635ECB-0887-4015-8CA6-D621362F98D1}" konnte innerhalb
 des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
 
Error - 16.01.2013 08:09:02 | Computer Name = LAPTOP-PC | Source = DCOM | ID = 10010
Description = Der Server "{4B635ECB-0887-4015-8CA6-D621362F98D1}" konnte innerhalb
 des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
 
Error - 16.01.2013 08:10:32 | Computer Name = LAPTOP-PC | Source = DCOM | ID = 10010
Description = Der Server "{4B635ECB-0887-4015-8CA6-D621362F98D1}" konnte innerhalb
 des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
 
Error - 16.01.2013 08:12:02 | Computer Name = LAPTOP-PC | Source = DCOM | ID = 10010
Description = Der Server "{4B635ECB-0887-4015-8CA6-D621362F98D1}" konnte innerhalb
 des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
 
Error - 16.01.2013 08:13:32 | Computer Name = LAPTOP-PC | Source = DCOM | ID = 10010
Description = Der Server "{4B635ECB-0887-4015-8CA6-D621362F98D1}" konnte innerhalb
 des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
 
Error - 16.01.2013 08:15:02 | Computer Name = LAPTOP-PC | Source = DCOM | ID = 10010
Description = Der Server "{4B635ECB-0887-4015-8CA6-D621362F98D1}" konnte innerhalb
 des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
 
 
< End of report >

cosinus 16.01.2013 15:52

Fixen mit OTL

  • Starte bitte die OTL.exe.
  • Kopiere nun den Inhalt aus der Codebox in die Textbox.
Code:
:OTL
MOD - C:\Programme\vShare\vshare_toolbar.dll ()
MOD - C:\Programme\Windows iLivid Toolbar\ToolBar\searchqudtx.dll ()
SRV - (Winmgmt) -- C:\Users\User\wgsdgsdgdsgsd.exe File not found
SRV - (SDWSCService) -- C:\Program Files\Spybot File not found
SRV - (SDUpdateService) -- C:\Program Files\Spybot File not found
SRV - (SDScannerService) -- C:\Program Files\Spybot File not found
IE - HKLM\..\SearchScopes\{8A96AF9E-4074-43b7-BEA3-87217BDA7406}: "URL" = http://www.searchqu.com/web?src=ieb&systemid=406&q={searchTerms}
IE - HKU\S-1-5-21-3015292610-3859147213-2815788766-1000\..\SearchScopes\{043C5167-00BB-4324-AF7E-62013FAEDACF}: "URL" = http://vshare.toolbarhome.com.anonymize-me.de/?anonymto=687474703A2F2F7673686172652E746F6F6C626172686F6D652E636F6D2F7365617263682E617370783F713D7B7365617263685465726D737D26737263683D647370&st={searchTerms}&clid=1d34d434-b538-4954-8725-2e21a19c401b&pid=winsoftware&k=0
IE - HKU\S-1-5-21-3015292610-3859147213-2815788766-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com.anonymize-me.de/?anonymto=687474703A2F2F7777772E62696E672E636F6D2F7365617263683F713D7B7365617263685465726D737D267372633D49452D536561726368426F7826464F524D3D494538535243&st={searchTerms}&clid=1d34d434-b538-4954-8725-2e21a19c401b&pid=winsoftware&k=0
IE - HKU\S-1-5-21-3015292610-3859147213-2815788766-1000\..\SearchScopes\{8A96AF9E-4074-43b7-BEA3-87217BDA7406}: "URL" = http://www.searchqu.com.anonymize-me.de/?anonymto=687474703A2F2F7777772E73656172636871752E636F6D2F7765623F7372633D6965622673797374656D69643D34303626713D7B7365617263685465726D737D&st={searchTerms}&clid=1d34d434-b538-4954-8725-2e21a19c401b&pid=winsoftware&k=0
IE - HKU\S-1-5-21-3015292610-3859147213-2815788766-1000\..\SearchScopes\{8C3FFAEA-8D30-45DC-8130-ACCC3EAFE8C5}: "URL" = http://www.myvideo.de.anonymize-me.de/?to=6D79766964656F2E6465&st={searchTerms}&clid=1d34d434-b538-4954-8725-2e21a19c401b&pid=winsoftware&mode=bounce&k=0
IE - HKU\S-1-5-21-3015292610-3859147213-2815788766-1000\..\SearchScopes\{A41F9BD5-8099-4C95-A6BD-5F29BC9EDE9E}: "URL" = http://search.ebay.de.anonymize-me.de/?to=656261792E6465&st={searchTerms}&clid=1d34d434-b538-4954-8725-2e21a19c401b&pid=winsoftware&mode=bounce&k=0
IE - HKU\S-1-5-21-3015292610-3859147213-2815788766-1000\..\SearchScopes\{BBC2C47B-A90A-49A1-B872-03D9EF581AAA}: "URL" = http://www.pricerunner.de.anonymize-me.de/?to=707269636572756E6E65722E6465&st={searchTerms}&clid=1d34d434-b538-4954-8725-2e21a19c401b&pid=winsoftware&mode=bounce&k=0
IE - HKU\S-1-5-21-3015292610-3859147213-2815788766-1000\..\SearchScopes\{C241842D-C18B-4927-962C-6E030D14110B}: "URL" = http://www.otto.de.anonymize-me.de/?to=6F74746F2E6465&st={searchTerms}&clid=1d34d434-b538-4954-8725-2e21a19c401b&pid=winsoftware&mode=bounce&k=0
IE - HKU\S-1-5-21-3015292610-3859147213-2815788766-1000\..\SearchScopes\{D1969390-1B2E-4274-8C03-3CA34A894085}: "URL" = http://de.wikipedia.org.anonymize-me.de/?to=64652E77696B6970656469612E6F7267&st={searchTerms}&clid=1d34d434-b538-4954-8725-2e21a19c401b&pid=winsoftware&mode=bounce&k=0
IE - HKU\S-1-5-21-3015292610-3859147213-2815788766-1000\..\SearchScopes\{F0A98150-2135-4DCF-AEA5-9C15D5E26FD6}: "URL" = http://www.amazon.de.anonymize-me.de/?to=616D617A6F6E2E6465&st={searchTerms}&clid=1d34d434-b538-4954-8725-2e21a19c401b&pid=winsoftware&mode=bounce&k=0
FF - prefs.js..extensions.enabledAddons: software%40loadtubes.com:1.01
[2012.05.03 19:12:04 | 000,000,000 | ---D | M] (loadtbs) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\wpp3pji7.default\extensions\software@loadtubes.com
[2012.02.15 15:48:02 | 000,378,880 | ---- | M] (InfiniAd GmbH) -- C:\Program Files\mozilla firefox\plugins\npmieze.dll
O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Programme\Windows iLivid Toolbar\ToolBar\searchqudtx.dll ()O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Programme\Windows iLivid Toolbar\ToolBar\searchqudtx.dll ()
O3 - HKLM\..\Toolbar: (loadtbs) - {DFEFCDEE-CF1A-4FC8-88AD-129872198372} - C:\Users\User\AppData\Roaming\loadtbs\toolbar.dll (InfiniAd GmbH)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (vShare Toolbar) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Programme\vShare\vshare_toolbar.dll ()
O3 - HKLM\..\Toolbar: (VShareToolBar) - {7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} - C:\Programme\vShare.tv plugin\BarLcher.dll (VShare Inc.)
O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Programme\Windows iLivid Toolbar\ToolBar\searchqudtx.dll ()
O3 - HKLM\..\Toolbar: (loadtbs) - {DFEFCDEE-CF1A-4FC8-88AD-129872198372} - C:\Users\User\AppData\Roaming\loadtbs\toolbar.dll (InfiniAd GmbH)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKU\S-1-5-21-3015292610-3859147213-2815788766-1000\..\Toolbar\WebBrowser: (vShare Toolbar) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Programme\vShare\vshare_toolbar.dll ()
O3 - HKU\S-1-5-21-3015292610-3859147213-2815788766-1003\..\Toolbar\WebBrowser: (vShare Toolbar) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Programme\vShare\vshare_toolbar.dll ()
O3 - HKU\S-1-5-21-3015292610-3859147213-2815788766-1003\..\Toolbar\WebBrowser: (VShareToolBar) - {7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} - C:\Programme\vShare.tv plugin\BarLcher.dll (VShare Inc.)
O18 - Protocol\Handler\vsharechrome {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - C:\Programme\vShare\vshare_toolbar.dll ()
O20 - AppInit_DLLs: (C:\PROGRA~1\WI3C8A~1\Datamngr\datamngr.dll) - C:\Programme\Windows iLivid Toolbar\Datamngr\datamngr.dll (Discordia, LTD)
O20 - AppInit_DLLs: (C:\PROGRA~1\WI3C8A~1\Datamngr\IEBHO.dll) - C:\Programme\Windows iLivid Toolbar\Datamngr\IEBHO.dll (Discordia, LTD)
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) -  File not found
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:C64BF02A
:Files
C:\ProgramData\dsgsdgdsgdsgw.pad
C:\Programme\Windows iLivid Toolbar
C:\ProgramData\dsgsdgdsgdsgw.js
:Files
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[resethosts]
  • Solltest du deinen Benutzernamen z. B. durch "*****" unkenntlich gemacht haben, so füge an entsprechender Stelle deinen richtigen Benutzernamen ein. Andernfalls wird der Fix nicht funktionieren.
  • Schließe bitte nun alle Programme.
  • Klicke nun bitte auf den Fix Button.
  • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
  • Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
    ( Auch zu finden unter C:\_OTL\MovedFiles\<Uhrzeit_Datum>.txt)
    Kopiere nun den Inhalt hier in Deinen Thread

wolfk 16.01.2013 17:37
Hallo Cosinus,

habe die OTL.exe gestartet und den Inhalt aus der Codebox
in OTL in die Benutzerdefinierte Scans/Fixes Textbox kopiert.
Benutzernamen waren nicht zu ändern. Der Fix Button wurde
angeklickt, nach dem alle Programme und Fenster geschlossen
waren.

Nach erfolgtem Neustart befand sich das folgende Log auf dem
Desktop (anbei).

Vielen Dank für Deine enorm umfangreiche Arbeit.

wolfk

Code:
All processes killed
========== OTL ==========
Error: Unable to stop service Winmgmt!
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Winmgmt deleted successfully.
File  C:\Users\User\wgsdgsdgdsgsd.exe File not found not found.
Error: No service named SDWSCService was found to stop!
Service\Driver key SDWSCService not found.
File  C:\Program Files\Spybot File not found not found.
Error: No service named SDUpdateService was found to stop!
Service\Driver key SDUpdateService not found.
File  C:\Program Files\Spybot File not found not found.
Error: No service named SDScannerService was found to stop!
Service\Driver key SDScannerService not found.
File  C:\Program Files\Spybot File not found not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{8A96AF9E-4074-43b7-BEA3-87217BDA7406}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8A96AF9E-4074-43b7-BEA3-87217BDA7406}\ not found.
Registry key HKEY_USERS\S-1-5-21-3015292610-3859147213-2815788766-1000\Software\Microsoft\Internet Explorer\SearchScopes\{043C5167-00BB-4324-AF7E-62013FAEDACF}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{043C5167-00BB-4324-AF7E-62013FAEDACF}\ not found.
Registry key HKEY_USERS\S-1-5-21-3015292610-3859147213-2815788766-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_USERS\S-1-5-21-3015292610-3859147213-2815788766-1000\Software\Microsoft\Internet Explorer\SearchScopes\{8A96AF9E-4074-43b7-BEA3-87217BDA7406}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8A96AF9E-4074-43b7-BEA3-87217BDA7406}\ not found.
Registry key HKEY_USERS\S-1-5-21-3015292610-3859147213-2815788766-1000\Software\Microsoft\Internet Explorer\SearchScopes\{8C3FFAEA-8D30-45DC-8130-ACCC3EAFE8C5}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8C3FFAEA-8D30-45DC-8130-ACCC3EAFE8C5}\ not found.
Registry key HKEY_USERS\S-1-5-21-3015292610-3859147213-2815788766-1000\Software\Microsoft\Internet Explorer\SearchScopes\{A41F9BD5-8099-4C95-A6BD-5F29BC9EDE9E}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A41F9BD5-8099-4C95-A6BD-5F29BC9EDE9E}\ not found.
Registry key HKEY_USERS\S-1-5-21-3015292610-3859147213-2815788766-1000\Software\Microsoft\Internet Explorer\SearchScopes\{BBC2C47B-A90A-49A1-B872-03D9EF581AAA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BBC2C47B-A90A-49A1-B872-03D9EF581AAA}\ not found.
Registry key HKEY_USERS\S-1-5-21-3015292610-3859147213-2815788766-1000\Software\Microsoft\Internet Explorer\SearchScopes\{C241842D-C18B-4927-962C-6E030D14110B}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C241842D-C18B-4927-962C-6E030D14110B}\ not found.
Registry key HKEY_USERS\S-1-5-21-3015292610-3859147213-2815788766-1000\Software\Microsoft\Internet Explorer\SearchScopes\{D1969390-1B2E-4274-8C03-3CA34A894085}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D1969390-1B2E-4274-8C03-3CA34A894085}\ not found.
Registry key HKEY_USERS\S-1-5-21-3015292610-3859147213-2815788766-1000\Software\Microsoft\Internet Explorer\SearchScopes\{F0A98150-2135-4DCF-AEA5-9C15D5E26FD6}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F0A98150-2135-4DCF-AEA5-9C15D5E26FD6}\ not found.
Prefs.js: software%40loadtubes.com:1.01 removed from extensions.enabledAddons
Folder C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\wpp3pji7.default\extensions\software@loadtubes.com\ not found.
File C:\Program Files\mozilla firefox\plugins\npmieze.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99079a25-328f-4bd4-be04-00955acaa0a7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\ not found.
File C:\Programme\Windows iLivid Toolbar\ToolBar\searchqudtx.dll ()O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Programme\Windows iLivid Toolbar\ToolBar\searchqudtx.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{DFEFCDEE-CF1A-4FC8-88AD-129872198372} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DFEFCDEE-CF1A-4FC8-88AD-129872198372}\ not found.
File C:\Users\User\AppData\Roaming\loadtbs\toolbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{043C5167-00BB-4324-AF7E-62013FAEDACF} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{043C5167-00BB-4324-AF7E-62013FAEDACF}\ not found.
File C:\Programme\vShare\vshare_toolbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5}\ not found.
File C:\Programme\vShare.tv plugin\BarLcher.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{99079a25-328f-4bd4-be04-00955acaa0a7} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\ not found.
File C:\Programme\Windows iLivid Toolbar\ToolBar\searchqudtx.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{DFEFCDEE-CF1A-4FC8-88AD-129872198372} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DFEFCDEE-CF1A-4FC8-88AD-129872198372}\ not found.
File C:\Users\User\AppData\Roaming\loadtbs\toolbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 not found.
Registry key HKEY_USERS\S-1-5-21-3015292610-3859147213-2815788766-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{043C5167-00BB-4324-AF7E-62013FAEDACF}\ not found.
File C:\Programme\vShare\vshare_toolbar.dll not found.
Registry key HKEY_USERS\S-1-5-21-3015292610-3859147213-2815788766-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{043C5167-00BB-4324-AF7E-62013FAEDACF}\ not found.
File C:\Programme\vShare\vshare_toolbar.dll not found.
Registry key HKEY_USERS\S-1-5-21-3015292610-3859147213-2815788766-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5}\ not found.
File C:\Programme\vShare.tv plugin\BarLcher.dll not found.
File C:\Programme\vShare\vshare_toolbar.dll not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\vsharechrome\ not found.
File C:\Programme\vShare\vshare_toolbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls not found.
File C:\Programme\Windows iLivid Toolbar\Datamngr\datamngr.dll not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls not found.
File C:\Programme\Windows iLivid Toolbar\Datamngr\IEBHO.dll not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SDWinLogon\ not found.
Unable to delete ADS C:\ProgramData\TEMP:C64BF02A .
========== FILES ==========
File\Folder C:\ProgramData\dsgsdgdsgdsgw.pad not found.
File\Folder C:\Programme\Windows iLivid Toolbar not found.
File\Folder C:\ProgramData\dsgsdgdsgdsgw.js not found.
========== FILES ==========
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Auflösungscache wurde geleert.
C:\Dokumente und Einstellungen\Wolfgang\Desktop\cmd.bat deleted successfully.
C:\Dokumente und Einstellungen\Wolfgang\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 302 bytes
 
User: All Users
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
->Flash cache emptied: 56806 bytes
 
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
->Flash cache emptied: 492 bytes
 
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
 
User: Petra
->Temp folder emptied: 1569483009 bytes
->Temporary Internet Files folder emptied: 851111 bytes
->FireFox cache emptied: 447710438 bytes
->Flash cache emptied: 3624 bytes
 
User: Wolfgang
->Temp folder emptied: 5181326 bytes
->Temporary Internet Files folder emptied: 909314 bytes
->FireFox cache emptied: 140551316 bytes
->Flash cache emptied: 188341 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 19569 bytes
%systemroot%\System32 .tmp files removed: 2951 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 3914951 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 2.068,00 mb
 
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.69.0 log created on 01162013_172201

Files\Folders moved on Reboot...
File\Folder C:\WINDOWS\temp\Perflib_Perfdata_6b0.dat not found!

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

cosinus 17.01.2013 09:33
Eine Kontrolle mit OTL bitte:
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in CODE-Tags in den Thread.

wolfk 17.01.2013 14:00
Hallo Cosinus,

hier nun die Kontrolle mit OTL:

Gestartet wurde mit Doppelklick auf die OTL.exe., vorab war mittig
der Haken bei "Scanne alle Benutzer" zu setzen. Ferner war minimaler
Output und unter "Extra Registry" "Use SafeList" zu wählen. Das
Programm startete, in dem links oben auf "Run Scan" geklickt wurde.

Die nach Programmbeendigung erstellten 2 Logfiles sind in CODE-TAGS
in den Thread zu posten (anbei).

Vielen Dank für Deine Bemühungen.

wolfk

Code:
OTL logfile created on: 17.01.2013 13:49:18 - Run 6
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Dokumente und Einstellungen\Wolfgang\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,10 Gb Available Physical Memory | 55,08% Memory free
3,85 Gb Paging File | 2,93 Gb Available in Paging File | 76,24% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 48,83 Gb Total Space | 27,39 Gb Free Space | 56,09% Space Free | Partition Type: NTFS
Drive D: | 140,58 Gb Total Space | 125,15 Gb Free Space | 89,03% Space Free | Partition Type: FAT32
Drive F: | 48,83 Gb Total Space | 35,30 Gb Free Space | 72,30% Space Free | Partition Type: NTFS
Drive G: | 75,89 Gb Total Space | 68,82 Gb Free Space | 90,68% Space Free | Partition Type: NTFS
Drive J: | 50,27 Gb Total Space | 50,26 Gb Free Space | 100,00% Space Free | Partition Type: FAT32
Drive N: | 465,73 Gb Total Space | 115,08 Gb Free Space | 24,71% Space Free | Partition Type: NTFS
 
Computer Name: LAPTOP-PC | User Name: Wolfgang | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - G:\Programme\mozilla firefox\firefox.exe (Mozilla Corporation)
PRC - G:\Eigene Programme\F-Secure\Anti-Virus\fsav32.exe (F-Secure Corporation)
PRC - G:\Eigene Programme\F-Secure\Anti-Virus\fssm32.exe (F-Secure Corporation)
PRC - G:\Eigene Programme\F-Secure\Anti-Virus\fsgk32.exe (F-Secure Corporation)
PRC - C:\Dokumente und Einstellungen\Wolfgang\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Box Sync\BoxSyncHelper.exe (Box, Inc.)
PRC - C:\Programme\Box Sync\BoxSync.exe (Box, Inc.)
PRC - C:\Programme\ubuntuone\dist\ubuntu-sso-login.exe ()
PRC - C:\Programme\ubuntuone\dist\ubuntuone-syncdaemon.exe ()
PRC - C:\Programme\ubuntuone\dist\ubuntuone-proxy-tunnel.exe ()
PRC - C:\Programme\ubuntuone\dist\ubuntuone-control-panel-qt.exe ()
PRC - C:\Programme\Twonky\TwonkyServer\twonkyproxy.exe ()
PRC - C:\Programme\Twonky\TwonkyServer\twonkywebdav.exe ()
PRC - C:\Programme\Twonky\TwonkyServer\twonkytray.exe (PacketVideo)
PRC - C:\Programme\Java\jre7\bin\jqs.exe (Oracle Corporation)
PRC - G:\Programme\PDF24\pdf24.exe (Geek Software GmbH)
PRC - G:\Programme\Notepad++\notepad++.exe (Don HO don.h@free.fr)
PRC - C:\Programme\Gemeinsame Dateien\Java\Java Update\jucheck.exe (Sun Microsystems, Inc.)
PRC - C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
PRC - G:\Eigene Programme\F-Secure\ORSP Client\fsorsp.exe (F-Secure Corporation)
PRC - G:\hardcopy\hardcopy.exe (sw4you, Siegfried Weckmann)
PRC - G:\Programme\STRATO AG\STRATO HiDrive\STRATO HiDrive Service.exe (STRATO)
PRC - C:\Programme\Software Informer\softinfo.exe (Informer Technologies, Inc.)
PRC - C:\Programme\Nero\Update\NASvc.exe (Nero AG)
PRC - G:\Eigene Programme\F-Secure\Common\FSM32.EXE (F-Secure Corporation)
PRC - G:\Eigene Programme\F-Secure\Common\FSMA32.EXE (F-Secure Corporation)
PRC - G:\Eigene Programme\F-Secure\Common\FSHDLL32.EXE (F-Secure Corporation)
PRC - G:\Eigene Programme\F-Secure\FWES\program\fsdfwd.exe (F-Secure Corporation)
PRC - G:\Eigene Programme\F-Secure\Anti-Virus\fsgk32st.exe (F-Secure Corporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Gemeinsame Dateien\Ulead Systems\AutoDetector\Monitor.exe (Ulead Systems, Inc.)
PRC - C:\Programme\Sony\VAIO Camera Utility\VCUServe.exe (Sony Corporation)
PRC - C:\Programme\Sony\VAIO Power Management\SPMgr.exe (Sony Corporation)
PRC - C:\Programme\Sony\Wireless Switch Setting Utility\Switcher.exe (Sony Corporation)
PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.)
PRC - C:\Programme\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe ()
PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe (TOSHIBA CORPORATION.)
PRC - C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe (Sony Corporation)
PRC - C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe (Sony Corporation)
PRC - C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe (Sony Corporation)
PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe (TOSHIBA CORPORATION.)
PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe (TOSHIBA CORPORATION.)
PRC - C:\Programme\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation)
PRC - C:\Programme\Adobe\Acrobat 7.0\Distillr\acrotray.exe (Adobe Systems Inc.)
PRC - C:\Programme\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
PRC - C:\Programme\Apoint\ApntEx.exe (Alps Electric Co., Ltd.)
PRC - C:\Programme\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
PRC - C:\WINDOWS\system32\ico.exe (Primax Electronics Ltd.)
 
 
========== Modules (No Company Name) ==========
 
MOD - G:\Programme\mozilla firefox\mozjs.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\BoxSyncHelper\69a33ca4d86dd204a06bebc087d60b26\BoxSyncHelper.ni.exe ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Newtonsoft.Json.Net#\ad7f1ab6eb4d4760d6a44da93a726174\Newtonsoft.Json.Net20.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Python.Runtime\e504461905e60c71e7b15698bca2b340\Python.Runtime.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Management\1a6f9e23985e3159e6dd9827fd81c2fd\System.Management.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\ZetaLongPaths\79a6c14accd5a637a81f08525630c90e\ZetaLongPaths.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\BoxUtils\8fcb0e3bc42873044d8bb5ba01a4fd68\BoxUtils.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\BoxSync\a3b01b2b9821350be75712b900bf5589\BoxSync.ni.exe ()
MOD - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\5f287bf8e66e3b9bfc5562ad7e3c7857\System.Configuration.Install.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\d8e6b9c70a9456677c5d746fa603013f\System.Web.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\d7a2248a76f0e94d56c92c5bf96f5175\System.Runtime.Remoting.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Transactions\ad737988d5bde126a3b7770eacc51e5b\System.Transactions.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data\8462c03b4f10c4624feb95790d6d1e30\System.Data.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Accessibility\cbee94ec6a0fe649e3b4643cea6e1259\Accessibility.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\4c91371e83d124ecb39664613e7e0417\System.Windows.Forms.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\7782f356a838c403b4a8e9c80df5a577\System.Drawing.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Security\203f25ba39b45027d2d0c8f849a471db\System.Security.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\d8f621506aee1c8eb8fdb948d4640dca\System.Data.SqlXml.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\fe025743210c22bea2f009e1612c38bf\System.Xml.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\96b7a0136e9e72e8f4eb0230c20766d2\System.Configuration.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\aeac298c43c77d8860db8e7634d9f2eb\System.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\eab2340ead8e1a84bdf1a87868659979\mscorlib.ni.dll ()
MOD - C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll ()
MOD - C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll ()
MOD - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.DEU ()
MOD - C:\Programme\ubuntuone\dist\ubuntu-sso-login.exe ()
MOD - C:\Programme\ubuntuone\dist\ubuntuone-syncdaemon.exe ()
MOD - C:\Programme\ubuntuone\dist\ubuntuone-proxy-tunnel.exe ()
MOD - C:\Programme\ubuntuone\dist\ubuntuone-control-panel-qt.exe ()
MOD - C:\Programme\Twonky\TwonkyServer\twonkyproxy.exe ()
MOD - C:\Programme\Twonky\TwonkyServer\twonkywebdav.exe ()
MOD - C:\Programme\ubuntuone\dist\zope.interface._zope_interface_coptimizations.pyd ()
MOD - C:\Programme\ubuntuone\dist\OpenSSL.crypto.pyd ()
MOD - C:\Programme\ubuntuone\dist\OpenSSL.SSL.pyd ()
MOD - C:\Programme\ubuntuone\dist\OpenSSL.rand.pyd ()
MOD - C:\Programme\ubuntuone\dist\Crypto.Cipher.AES.pyd ()
MOD - C:\Programme\ubuntuone\dist\twisted.python._initgroups.pyd ()
MOD - C:\Programme\Box Sync\_ssl.pyd ()
MOD - C:\Programme\Box Sync\unicodedata.pyd ()
MOD - C:\Programme\Box Sync\sqlite3.dll ()
MOD - C:\Programme\Box Sync\_hashlib.pyd ()
MOD - C:\Programme\Box Sync\pyexpat.pyd ()
MOD - C:\Programme\Box Sync\win32file.pyd ()
MOD - C:\Programme\Box Sync\pywintypes27.dll ()
MOD - C:\Programme\Box Sync\win32security.pyd ()
MOD - C:\Programme\Box Sync\win32api.pyd ()
MOD - C:\Programme\Box Sync\_elementtree.pyd ()
MOD - C:\Programme\Box Sync\_ctypes.pyd ()
MOD - C:\Programme\Box Sync\_sqlite3.pyd ()
MOD - C:\Programme\Box Sync\_socket.pyd ()
MOD - C:\Programme\Box Sync\_testcapi.pyd ()
MOD - C:\Programme\Box Sync\_win32sysloader.pyd ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Core\a2b1103ad3d9f329e0c9164994137c81\System.Core.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml\21071fcc838660d96f10920c4c3cd206\System.Xml.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Configuration\363b05dd092178671e56531a9c4999b6\System.Configuration.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System\3ff4657a86a0e14b4be577969e0ec762\System.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\mscorlib\52f4f785f7cf45a64606a8e13c8cf04c\mscorlib.ni.dll ()
MOD - C:\Programme\ubuntuone\dist\PyQt4.QtNetwork.pyd ()
MOD - C:\Programme\ubuntuone\dist\PyQt4.QtGui.pyd ()
MOD - C:\Programme\ubuntuone\dist\PyQt4.QtCore.pyd ()
MOD - C:\Programme\ubuntuone\dist\sip.pyd ()
MOD - G:\Eigene Programme\F-Secure\Anti-Virus\minifilter\hashlib_x86.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - G:\hardcopy\HcDllS.dll ()
MOD - C:\Programme\ubuntuone\dist\_ssl.pyd ()
MOD - C:\Programme\ubuntuone\dist\_hashlib.pyd ()
MOD - C:\Programme\ubuntuone\dist\_ctypes.pyd ()
MOD - C:\Programme\ubuntuone\dist\select.pyd ()
MOD - C:\Programme\ubuntuone\dist\unicodedata.pyd ()
MOD - C:\Programme\ubuntuone\dist\_socket.pyd ()
MOD - G:\hardcopy\HcDLL2_36_Win32.dll ()
MOD - C:\Programme\ubuntuone\dist\win32com.shell.shell.pyd ()
MOD - C:\Programme\ubuntuone\dist\pythoncom27.dll ()
MOD - C:\Programme\ubuntuone\dist\win32gui.pyd ()
MOD - C:\Programme\ubuntuone\dist\win32api.pyd ()
MOD - C:\Programme\ubuntuone\dist\win32trace.pyd ()
MOD - C:\Programme\ubuntuone\dist\win32security.pyd ()
MOD - C:\Programme\ubuntuone\dist\win32process.pyd ()
MOD - C:\Programme\ubuntuone\dist\win32pipe.pyd ()
MOD - C:\Programme\ubuntuone\dist\win32event.pyd ()
MOD - C:\Programme\ubuntuone\dist\win32file.pyd ()
MOD - C:\Programme\ubuntuone\dist\pywintypes27.dll ()
MOD - G:\hardcopy\hardcopy_04.dll ()
MOD - G:\Programme\Notepad++\plugins\NppFTP.dll ()
MOD - G:\Programme\Notepad++\plugins\NppExport.dll ()
MOD - C:\WINDOWS\system32\sbe.dll ()
MOD - G:\Eigene Programme\F-Secure\Spam Control\fsas.dll ()
MOD - \\?\g:\eigene programme\f-secure\hips\fsumi.dll ()
MOD - G:\Eigene Programme\F-Secure\FSGUI\strres.eng ()
MOD - G:\Eigene Programme\F-Secure\FSGUI\gres.dll ()
MOD - G:\Eigene Programme\F-Secure\FSGUI\fsavures.eng ()
MOD - G:\Eigene Programme\F-Secure\FSGUI\flyerres.eng ()
MOD - G:\Eigene Programme\F-Secure\FSGUI\about.dll ()
MOD - G:\Eigene Programme\F-Secure\FSGUI\aboutres.dll ()
MOD - G:\Eigene Programme\F-Secure\Anti-Virus\fsavhres.eng ()
MOD - g:\Eigene Programme\F-Secure\DAAS2\daas2.dll ()
MOD - C:\WINDOWS\system32\msdmo.dll ()
MOD - C:\Programme\Gemeinsame Dateien\Ulead Systems\AutoDetector\DetMethod.dll ()
MOD - C:\WINDOWS\system32\msjetoledb40.dll ()
MOD - C:\Programme\Sony\VAIO Camera Utility\VCULib.dll ()
MOD - C:\Programme\Intel\Wireless\Bin\Libeay32.dll ()
MOD - C:\Programme\Intel\Wireless\Bin\iWMSProv.dll ()
MOD - C:\Programme\Intel\Wireless\Bin\IntStngs.dll ()
MOD - C:\Programme\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe ()
MOD - C:\WINDOWS\system32\TosCommAPI.dll ()
MOD - C:\Programme\Sony\VAIO Event Service\VESBasePS.dll ()
MOD - C:\Programme\Adobe\Acrobat 7.0\Distillr\AdistRes.DEU ()
MOD - C:\WINDOWS\system32\TosBtHcrpAPI.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (HidServ) -- %SystemRoot%\System32\hidserv.dll File not found
SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (TwonkyProxy) -- C:\Programme\Twonky\TwonkyServer\twonkyproxy.exe ()
SRV - (TwonkyWebDav) -- C:\Programme\Twonky\TwonkyServer\twonkywebdav.exe ()
SRV - (JavaQuickStarterService) -- C:\Programme\Java\jre7\bin\jqs.exe (Oracle Corporation)
SRV - (FSORSPClient) -- G:\Eigene Programme\F-Secure\ORSP Client\fsorsp.exe (F-Secure Corporation)
SRV - (VUAgent) -- C:\Programme\Sony\VAIO Update Common\VUAgent.exe (Sony Corporation)
SRV - (STRATO HiDrive Service) -- G:\Programme\STRATO AG\STRATO HiDrive\STRATO HiDrive Service.exe (STRATO)
SRV - (NAUpdate) -- C:\Programme\Nero\Update\NASvc.exe (Nero AG)
SRV - (FSMA) -- G:\Eigene Programme\F-Secure\Common\FSMA32.EXE (F-Secure Corporation)
SRV - (FSDFWD) -- G:\Eigene Programme\F-Secure\FWES\program\fsdfwd.exe (F-Secure Corporation)
SRV - (F-Secure Gatekeeper Handler Starter) -- G:\Eigene Programme\F-Secure\Anti-Virus\fsgk32st.exe (F-Secure Corporation)
SRV - (VAIOMediaPlatform-IntegratedServer-AppServer) -- C:\Programme\Sony\VAIO Media Integrated Server\VMISrv.exe (Sony Corporation)
SRV - (VAIOMediaPlatform-IntegratedServer-UPnP) -- C:\Programme\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe (Sony Corporation)
SRV - (VAIOMediaPlatform-IntegratedServer-HTTP) -- C:\Programme\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe (Sony Corporation)
SRV - (VAIOMediaPlatform-Mobile-Gateway) -- C:\Programme\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe (Sony Corporation)
SRV - (VAIO Entertainment TV Device Arbitration Service) -- C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe (Sony Corporation)
SRV - (SSScsiSV) -- C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\SSScsiSV.exe (Sony Corporation)
SRV - (AdobeActiveFileMonitor4.0) -- C:\Programme\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe ()
SRV - (VzCdbSvc) -- C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe (Sony Corporation)
SRV - (VzFw) -- C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe (Sony Corporation)
SRV - (Vcsw) -- C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe (Sony Corporation)
SRV - (MSCSPTISRV) -- C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\MSCSPTISRV.exe (Sony Corporation)
SRV - (PACSPTISVR) -- C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\PACSPTISVR.exe (Sony Corporation)
SRV - (SPTISRV) -- C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\SPTISRV.exe (Sony Corporation)
SRV - (Image Converter video recording monitor for VAIO Entertainment) -- C:\Programme\Sony\Image Converter 2\IcVzMon.exe (Sony Corporation)
SRV - (VAIO Event Service) -- C:\Programme\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation)
SRV - (VCI) -- C:\Programme\Sony\VAIO Cooperated Initialisation\VCI_svc.exe (Sony Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (WDICA) --  File not found
DRV - (PDRFRAME) --  File not found
DRV - (PDRELI) --  File not found
DRV - (PDFRAME) --  File not found
DRV - (PDCOMP) --  File not found
DRV - (PCIDump) --  File not found
DRV - (lbrtfdc) --  File not found
DRV - (i2omgmt) --  File not found
DRV - (esihdrv) -- C:\DOKUME~1\Wolfgang\LOKALE~1\Temp\esihdrv.sys File not found
DRV - (Changer) --  File not found
DRV - (catchme) -- C:\DOKUME~1\Wolfgang\LOKALE~1\Temp\catchme.sys File not found
DRV - (F-Secure Gatekeeper) -- G:\Eigene Programme\F-Secure\Anti-Virus\minifilter\fsgk.sys ()
DRV - (fsbts) -- C:\WINDOWS\system32\drivers\fsbts.sys ()
DRV - (NBVol) -- C:\WINDOWS\system32\drivers\NBVol.sys (Nero AG)
DRV - (NBVolUp) -- C:\WINDOWS\system32\drivers\NBVolUp.sys (Nero AG)
DRV - (tap0901) -- C:\WINDOWS\system32\drivers\tap0901.sys (The OpenVPN Project)
DRV - (F-Secure HIPS) -- G:\Eigene Programme\F-Secure\HIPS\drivers\fshs.sys (F-Secure Corporation)
DRV - (FSFW) -- C:\WINDOWS\system32\drivers\fsdfw.sys (F-Secure Corporation)
DRV - (F-Secure Filter) -- G:\Eigene Programme\F-Secure\Anti-Virus\win2k\fsfilter.sys ()
DRV - (F-Secure Recognizer) -- G:\Eigene Programme\F-Secure\Anti-Virus\win2k\fsrec.sys ()
DRV - (WDC_SAM) -- C:\WINDOWS\system32\drivers\wdcsam.sys (Western Digital Technologies)
DRV - (SonyImgF) -- C:\WINDOWS\system32\drivers\SonyImgF.sys (Sony Corporation)
DRV - (s24trans) -- C:\WINDOWS\system32\drivers\s24trans.sys (Intel Corporation)
DRV - (w39n51) -- C:\WINDOWS\system32\drivers\w39n51.sys (Intel® Corporation)
DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (SigmaTel, Inc.)
DRV - (Tosrfusb) -- C:\WINDOWS\system32\drivers\tosrfusb.sys (TOSHIBA CORPORATION)
DRV - (TosRfSnd) -- C:\WINDOWS\system32\drivers\tosrfsnd.sys (TOSHIBA Corporation)
DRV - (usbvm321) -- C:\WINDOWS\system32\drivers\usbvm321.sys (Vimicro Corporation)
DRV - (HSF_DPV) -- C:\WINDOWS\system32\drivers\HSF_DPV.sys (Conexant Systems, Inc.)
DRV - (HSFHWAZL) -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (Tosrfbd) -- C:\WINDOWS\system32\drivers\tosrfbd.sys (TOSHIBA CORPORATION)
DRV - (Tosrfhid) -- C:\WINDOWS\system32\drivers\tosrfhid.sys (TOSHIBA Corporation.)
DRV - (ti21sony) -- C:\WINDOWS\system32\drivers\ti21sony.sys (Texas Instruments)
DRV - (SI3132) -- C:\WINDOWS\system32\drivers\SI3132.sys (Silicon Image, Inc.)
DRV - (SiRemFil) -- C:\WINDOWS\system32\drivers\SiRemFil.sys (Silicon Image, Inc.)
DRV - (tosporte) -- C:\WINDOWS\system32\drivers\tosporte.sys (TOSHIBA Corporation)
DRV - (Tosrfbnp) -- C:\WINDOWS\system32\drivers\tosrfbnp.sys (TOSHIBA Corporation)
DRV - (Tosrfcom) -- C:\WINDOWS\system32\drivers\tosrfcom.sys (TOSHIBA Corporation)
DRV - (toshidpt) -- C:\WINDOWS\system32\drivers\toshidpt.sys (TOSHIBA Corporation.)
DRV - (tosrfnds) -- C:\WINDOWS\system32\drivers\tosrfnds.sys (TOSHIBA Corporation.)
DRV - (ApfiltrService) -- C:\WINDOWS\system32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (SiFilter) -- C:\WINDOWS\system32\drivers\SiWinAcc.sys (Silicon Image, Inc.)
DRV - (DMICall) -- C:\WINDOWS\system32\drivers\DMICall.sys (Sony Corporation)
DRV - (SNC) -- C:\WINDOWS\system32\drivers\SonyNC.sys (Sony Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.club-vaio.com/de/
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.club-vaio.com/de/
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-21-2067509887-573568312-3817669188-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-21-2067509887-573568312-3817669188-1006\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-2067509887-573568312-3817669188-1006\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-2067509887-573568312-3817669188-1006\..\SearchScopes\{0F9E37E5-7094-4B2A-BA63-45728792B28B}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=FKR&o=100000013&src=crm&q={searchTerms}&locale=&apn_ptnrs=2T&apn_dtid=YYYYYYYYDE&apn_uid=20f87da0-8a57-4582-a7cf-f83df4dd67e0&apn_sauid=E6103EC5-827E-45F3-9103-1CA704EF6625
IE - HKU\S-1-5-21-2067509887-573568312-3817669188-1006\..\SearchScopes\{AF0B3699-313C-47CE-B187-97C181997C92}: "URL" = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKU\S-1-5-21-2067509887-573568312-3817669188-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "hxxp://www.kottowski.de"
FF - prefs.js..extensions.enabledAddons: spam%40trashmail.net:2.6.2
FF - prefs.js..extensions.enabledAddons: litmus-ff%40f-secure.com:1.10
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0
FF - prefs.js..keyword.URL: "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=FKR&o=100000013&locale=de_DE&apn_uid=20f87da0-8a57-4582-a7cf-f83df4dd67e0&apn_ptnrs=2T&apn_sauid=E6103EC5-827E-45F3-9103-1CA704EF6625&apn_dtid=YYYYYYYYDE&&q="
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Programme\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Nero.com/KM: C:\PROGRA~1\GEMEIN~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.4: G:\Programme\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: G:\Programme\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101753.dll (Amazon.com, Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\litmus-ff@f-secure.com: G:\Eigene Programme\F-Secure\NRS\litmus-ff@f-secure.com [2013.01.03 20:18:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0\extensions\\Components: g:\programme\mozilla firefox\components [2013.01.10 20:43:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0\extensions\\Plugins: g:\programme\mozilla firefox\plugins
 
[2012.06.10 19:48:52 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Wolfgang\Anwendungsdaten\Mozilla\Extensions
[2012.12.02 20:03:37 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Wolfgang\Anwendungsdaten\Mozilla\Firefox\Profiles\jp8vstay.default\extensions
[2012.10.24 21:55:03 | 000,000,000 | ---D | M] (Fotosketcher Toolbar) -- C:\Dokumente und Einstellungen\Wolfgang\Anwendungsdaten\Mozilla\Firefox\Profiles\jp8vstay.default\extensions\toolbar@ask.com
[2012.12.02 20:03:37 | 000,217,069 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\Wolfgang\Anwendungsdaten\Mozilla\Firefox\Profiles\jp8vstay.default\extensions\spam@trashmail.net.xpi
[2012.10.24 21:55:04 | 000,002,331 | ---- | M] () -- C:\Dokumente und Einstellungen\Wolfgang\Anwendungsdaten\Mozilla\Firefox\Profiles\jp8vstay.default\searchplugins\askcom.xml
[2013.01.03 20:18:32 | 000,000,000 | ---D | M] ("urn:mozilla:install-manifest" em:creator="(c) 2007 by F-Secure" em:description="Browsing Protection Toolbar" em:homepageURL="hxxp://www.f-secure.com/" em:iconURL="chrome://litmus-ff/skin/logo.png" em:id="litmus-ff@f-secure.com" em:name="Browsing Protection" em:updateURL="https://10.70.0.25/fireup/update.rdf" em:version="1.10">) -- G:\EIGENE PROGRAMME\F-SECURE\NRS\LITMUS-FF@F-SECURE.COM
 
O1 HOSTS File: ([2013.01.16 17:25:42 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: ::1      localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Programme\Google\GoogleToolbar1.dll (Google Inc.)
O2 - BHO: (Browsing Protection Class) - {C6867EB7-8350-4856-877F-93CF8AE3DC9C} - G:\Eigene Programme\F-Secure\NRS\iescript\baselitmus.dll (F-Secure Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Programme\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Browsing Protection Toolbar) - {265EEE8E-3228-44D3-AEA5-F7FDF5860049} - G:\Eigene Programme\F-Secure\NRS\iescript\baselitmus.dll (F-Secure Corporation)
O3 - HKU\S-1-5-21-2067509887-573568312-3817669188-1006\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-21-2067509887-573568312-3817669188-1006\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKU\S-1-5-21-2067509887-573568312-3817669188-1006\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Programme\Google\GoogleToolbar1.dll (Google Inc.)
O4 - HKLM..\Run: [Acrobat Assistant 7.0] C:\Programme\Adobe\Acrobat 7.0\Distillr\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Apoint] C:\Programme\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [BoxSyncHelper] C:\Programme\Box Sync\BoxSyncHelper.exe (Box, Inc.)
O4 - HKLM..\Run: [F-Secure Manager] G:\Eigene Programme\F-Secure\Common\FSM32.EXE (F-Secure Corporation)
O4 - HKLM..\Run: [F-Secure TNB] G:\Eigene Programme\F-Secure\FSGUI\TNBUtil.exe (F-Secure Corporation)
O4 - HKLM..\Run: [ISBMgr.exe] C:\Programme\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [Mouse Suite 98 Daemon] C:\WINDOWS\System32\ico.exe (Primax Electronics Ltd.)
O4 - HKLM..\Run: [NBAgent] C:\Programme\Nero\Nero 11\Nero BackItUp\NBAgent.exe (Nero AG)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [PDFPrint] G:\Programme\PDF24\pdf24.exe (Geek Software GmbH)
O4 - HKLM..\Run: [SonyPowerCfg] C:\Programme\Sony\VAIO Power Management\SPMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Switcher.exe] C:\Programme\Sony\Wireless Switch Setting Utility\Switcher.exe (Sony Corporation)
O4 - HKLM..\Run: [Ulead AutoDetector v2] C:\Programme\Gemeinsame Dateien\Ulead Systems\AutoDetector\Monitor.exe (Ulead Systems, Inc.)
O4 - HKLM..\Run: [VAIO Update 5] C:\Programme\Sony\VAIO Update 5\VAIOUpdt.exe (Sony Corporation)
O4 - HKLM..\Run: [VAIOCameraUtility] C:\Programme\Sony\VAIO Camera Utility\VCUServe.exe (Sony Corporation)
O4 - HKU\S-1-5-21-2067509887-573568312-3817669188-1006..\Run: [Software Informer] C:\Programme\Software Informer\softinfo.exe (Informer Technologies, Inc.)
O4 - HKU\S-1-5-21-2067509887-573568312-3817669188-1006..\Run: [Ubuntu One] C:\Programme\ubuntuone\dist\ubuntuone-syncdaemon.exe ()
O4 - HKU\S-1-5-21-2067509887-573568312-3817669188-1006..\Run: [Ubuntu One Icon] C:\Programme\ubuntuone\dist\ubuntuone-control-panel-qt.exe ()
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Bluetooth Manager.lnk = C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe ()
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Box Sync.lnk = C:\Programme\Box Sync\BoxSync.exe (Box, Inc.)
O4 - Startup: C:\Dokumente und Einstellungen\Wolfgang\Startmenü\Programme\Autostart\Hardcopy.LNK = G:\hardcopy\hardcopy.exe (sw4you, Siegfried Weckmann)
O4 - Startup: C:\Dokumente und Einstellungen\Wolfgang\Startmenü\Programme\Autostart\Twonky 7.1.lnk = C:\Programme\Twonky\TwonkyServer\twonkytray.exe (PacketVideo)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2067509887-573568312-3817669188-1006\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2067509887-573568312-3817669188-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-2067509887-573568312-3817669188-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-2067509887-573568312-3817669188-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &Google-Suche - C:\Programme\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: &Ins Deutsche übersetzen - C:\Programme\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Ähnliche Seiten - C:\Programme\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Im Cache gespeicherte Seite - C:\Programme\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Verweisseiten - C:\Programme\Google\GoogleToolbar1.dll (Google Inc.)
O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_05\bin\NPJPI150_05.dll (Sun Microsystems, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - G:\Eigene Programme\F-Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - G:\Eigene Programme\F-Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - G:\Eigene Programme\F-Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - G:\Eigene Programme\F-Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O15 - HKU\.DEFAULT\..Trusted Domains: sony-europe.com ([] in Lokales Intranet)
O15 - HKU\.DEFAULT\..Trusted Domains: sony-europe.com ([]* in Vertrauenswürdige Sites)
O15 - HKU\.DEFAULT\..Trusted Domains: sonystyle-europe.com ([] in Lokales Intranet)
O15 - HKU\.DEFAULT\..Trusted Domains: sonystyle-europe.com ([]* in Vertrauenswürdige Sites)
O15 - HKU\.DEFAULT\..Trusted Domains: vaio-link.com ([] in Lokales Intranet)
O15 - HKU\.DEFAULT\..Trusted Domains: vaio-link.com ([]* in Vertrauenswürdige Sites)
O15 - HKU\S-1-5-18\..Trusted Domains: sony-europe.com ([] in Lokales Intranet)
O15 - HKU\S-1-5-18\..Trusted Domains: sony-europe.com ([]* in Vertrauenswürdige Sites)
O15 - HKU\S-1-5-18\..Trusted Domains: sonystyle-europe.com ([] in Lokales Intranet)
O15 - HKU\S-1-5-18\..Trusted Domains: sonystyle-europe.com ([]* in Vertrauenswürdige Sites)
O15 - HKU\S-1-5-18\..Trusted Domains: vaio-link.com ([] in Lokales Intranet)
O15 - HKU\S-1-5-18\..Trusted Domains: vaio-link.com ([]* in Vertrauenswürdige Sites)
O15 - HKU\S-1-5-21-2067509887-573568312-3817669188-1006\..Trusted Domains: sony-europe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-2067509887-573568312-3817669188-1006\..Trusted Domains: sonystyle-europe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-2067509887-573568312-3817669188-1006\..Trusted Domains: vaio-link.com ([]* in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab (Java Plug-in 1.5.0_05)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D736588D-959B-4DE4-8835-3D3DDD703445}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\VESWinlogon: DllName - (VESWinlogon.dll) - C:\WINDOWS\System32\VESWinlogon.dll (Sony Corporation)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\WINDOWS\VAIO Sea Wallpaper TrueColor 1280x800.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\VAIO Sea Wallpaper TrueColor 1280x800.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005.12.12 17:40:12 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - F:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.01.16 17:22:01 | 000,000,000 | ---D | C] -- C:\_OTL
[2013.01.10 19:53:32 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2013.01.10 01:04:17 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\mbar-1.01.0.1011
[2013.01.09 21:40:45 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Wolfgang\Anwendungsdaten\Opera
[2013.01.09 21:31:25 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Wolfgang\Lokale Einstellungen\Anwendungsdaten\PCHealth
[2013.01.08 22:49:57 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2013.01.08 22:46:23 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2013.01.08 22:46:23 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2013.01.08 22:46:22 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2013.01.08 22:46:22 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2013.01.08 22:45:53 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.01.08 22:45:50 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\Wolfgang\Startmenü\Programme\Verwaltung
[2013.01.08 22:45:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
[2013.01.08 22:41:04 | 005,019,950 | R--- | C] (Swearware) -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\ComboFix.exe
[2013.01.06 17:50:24 | 002,213,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\tdsskiller.exe
[2013.01.06 17:02:38 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\aswMBR.exe
[2013.01.06 00:57:18 | 002,841,344 | ---- | C] (ESET) -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\SysInspector.exe
[2013.01.04 18:58:43 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\OTL.exe
[2013.01.03 21:53:20 | 000,000,000 | ---D | C] -- C:\Programme\ESET
[2013.01.03 00:30:55 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Wolfgang\Anwendungsdaten\Malwarebytes
[2013.01.03 00:30:32 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware
[2013.01.03 00:30:29 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
[2013.01.03 00:30:25 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2013.01.03 00:30:25 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2013.01.02 22:16:19 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Wolfgang\Anwendungsdaten\F-Secure
[2012.12.22 19:33:58 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Wolfgang\Startmenü\Programme\The GodFather
[2012.12.22 01:54:27 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Wolfgang\Pictures - GT-P5100
[2012.12.22 00:34:45 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Wolfgang\Ubuntu One
[2012.12.22 00:34:43 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Wolfgang\Lokale Einstellungen\Anwendungsdaten\ubuntuone
[2012.12.22 00:34:31 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Wolfgang\Lokale Einstellungen\Anwendungsdaten\xdg
[2012.12.22 00:34:31 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ubuntuone-storageprotocol
[2012.12.22 00:34:31 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ubuntuone
[2012.12.22 00:34:22 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Ubuntu One
[2012.12.22 00:34:10 | 000,000,000 | ---D | C] -- C:\Programme\ubuntuone
[2012.12.21 20:51:21 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Box Sync
[2012.12.21 01:26:56 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen\Wolfgang\IECompatCache
[2012.12.20 23:59:17 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Wolfgang\Lokale Einstellungen\Anwendungsdaten\IsolatedStorage
[2012.12.20 23:57:37 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Western Digital
[2012.12.20 23:37:20 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\WD Link
[2012.12.20 21:16:52 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Wolfgang\Anwendungsdaten\TwonkyServer
[2012.12.20 21:15:50 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\twonkyserver
[2012.12.20 21:15:45 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Wolfgang\Startmenü\Programme\Twonky 7.1
[2012.12.20 21:15:32 | 000,000,000 | ---D | C] -- C:\Programme\Twonky
[2012.12.20 20:39:37 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Wolfgang\Anwendungsdaten\MioNetApplet
 
========== Files - Modified Within 30 Days ==========
 
[2013.01.17 13:38:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013.01.17 13:29:59 | 000,041,156 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2013.01.17 13:29:37 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013.01.17 13:29:34 | 2145,570,816 | -HS- | M] () -- C:\hiberfil.sys
[2013.01.16 17:25:42 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2013.01.15 17:20:34 | 000,554,087 | ---- | M] () -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\adwcleaner.exe
[2013.01.10 01:02:20 | 013,485,902 | ---- | M] () -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\mbar-1.01.0.1011.zip
[2013.01.09 22:39:06 | 000,697,864 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2013.01.09 22:39:06 | 000,074,248 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2013.01.09 01:20:56 | 000,532,878 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2013.01.09 01:20:56 | 000,506,794 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013.01.09 01:20:56 | 000,108,784 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2013.01.09 01:20:56 | 000,090,702 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013.01.09 01:14:02 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2013.01.08 22:50:01 | 000,000,498 | RHS- | M] () -- C:\boot.ini
[2013.01.08 22:40:54 | 005,019,950 | R--- | M] (Swearware) -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\ComboFix.exe
[2013.01.07 23:24:51 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013.01.06 17:50:28 | 002,213,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\tdsskiller.exe
[2013.01.06 17:32:30 | 000,000,512 | ---- | M] () -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\MBR.dat
[2013.01.06 17:03:30 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\aswMBR.exe
[2013.01.06 06:33:34 | 006,009,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
[2013.01.06 00:57:24 | 002,841,344 | ---- | M] (ESET) -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\SysInspector.exe
[2013.01.05 23:17:40 | 000,000,315 | ---- | M] () -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\F-Secure Health Check.url
[2013.01.04 18:49:59 | 000,000,000 | ---- | M] () -- C:\Dokumente und Einstellungen\Wolfgang\defogger_reenable
[2013.01.04 18:41:40 | 000,050,477 | ---- | M] () -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\Defogger.exe
[2013.01.04 18:08:40 | 000,381,632 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013.01.03 16:25:54 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\OTL.exe
[2013.01.03 00:30:32 | 000,000,763 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012.12.22 23:57:40 | 000,000,000 | ---- | M] () -- C:\1.htm
[2012.12.22 23:39:23 | 000,007,026 | ---- | M] () -- C:\WINDOWS\cdplayer.ini
[2012.12.22 19:40:20 | 000,000,609 | ---- | M] () -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\TheGodFather.lnk
[2012.12.22 00:34:23 | 000,001,743 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Ubuntu One.lnk
[2012.12.21 20:52:03 | 000,001,333 | ---- | M] () -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\My Box Files.lnk
[2012.12.21 20:51:21 | 000,001,616 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Box Sync.lnk
[2012.12.20 23:57:37 | 000,001,807 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\My Net View.lnk
[2012.12.20 23:37:20 | 000,001,001 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\WD Link.lnk
[2012.12.20 21:16:10 | 000,000,804 | ---- | M] () -- C:\Dokumente und Einstellungen\Wolfgang\Startmenü\Programme\Autostart\Twonky 7.1.lnk
[2012.12.20 21:15:52 | 000,000,792 | ---- | M] () -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\Twonky 7.1.lnk
 
========== Files Created - No Company Name ==========
 
[2013.01.15 17:20:35 | 000,554,087 | ---- | C] () -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\adwcleaner.exe
[2013.01.10 01:01:49 | 013,485,902 | ---- | C] () -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\mbar-1.01.0.1011.zip
[2013.01.08 22:49:59 | 000,262,448 | RHS- | C] () -- C:\cmldr
[2013.01.08 22:46:23 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2013.01.08 22:46:23 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2013.01.08 22:46:23 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2013.01.08 22:46:22 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2013.01.08 22:46:22 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2013.01.06 17:32:30 | 000,000,512 | ---- | C] () -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\MBR.dat
[2013.01.05 23:17:40 | 000,000,315 | ---- | C] () -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\F-Secure Health Check.url
[2013.01.04 18:49:59 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\Wolfgang\defogger_reenable
[2013.01.04 18:41:44 | 000,050,477 | ---- | C] () -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\Defogger.exe
[2013.01.03 00:30:32 | 000,000,763 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012.12.22 23:57:05 | 000,000,000 | ---- | C] () -- C:\1.htm
[2012.12.22 19:40:20 | 000,000,609 | ---- | C] () -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\TheGodFather.lnk
[2012.12.22 00:34:23 | 000,001,743 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Ubuntu One.lnk
[2012.12.21 20:51:21 | 000,001,616 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Box Sync.lnk
[2012.12.20 23:57:37 | 000,001,807 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\My Net View.lnk
[2012.12.20 23:37:20 | 000,001,001 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\WD Link.lnk
[2012.12.20 21:16:10 | 000,000,804 | ---- | C] () -- C:\Dokumente und Einstellungen\Wolfgang\Startmenü\Programme\Autostart\Twonky 7.1.lnk
[2012.12.20 21:15:52 | 000,000,792 | ---- | C] () -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\Twonky 7.1.lnk
[2012.11.07 22:23:10 | 000,003,396 | ---- | C] () -- C:\Dokumente und Einstellungen\Wolfgang\Lokale Einstellungen\Anwendungsdaten\recently-used.xbel
[2012.10.10 21:11:33 | 000,001,158 | ---- | C] () -- C:\Dokumente und Einstellungen\Wolfgang\Anwendungsdaten\ShiftN.ini
[2012.10.01 23:04:30 | 000,345,366 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\WPFFontCache_v0400-S-1-5-21-2067509887-573568312-3817669188-1007-0.dat
[2012.07.23 22:16:08 | 013,476,602 | ---- | C] () -- C:\Dokumente und Einstellungen\Wolfgang\ZDFneo-Der_Adler_-_Codename__Sisyphus-120705_adler_sisyphus_neo.asx.asf
[2012.07.22 20:14:51 | 000,000,030 | ---- | C] () -- C:\WINDOWS\Iedit_.INI
[2012.07.22 19:51:26 | 000,120,200 | ---- | C] () -- C:\WINDOWS\System32\DLLDEV32i.dll
[2012.07.22 19:46:39 | 000,007,119 | ---- | C] () -- C:\WINDOWS\mgxoschk.ini
[2012.06.28 15:06:13 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012.06.28 01:39:10 | 000,891,902 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\WPFFontCache_v0400-S-1-5-21-2067509887-573568312-3817669188-1006-0.dat
[2012.06.28 01:39:08 | 000,345,366 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\WPFFontCache_v0400-System.dat
[2012.06.26 21:04:22 | 000,007,026 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2012.06.26 20:09:31 | 000,044,240 | ---- | C] () -- C:\WINDOWS\System32\drivers\fsbts.sys
[2012.06.10 20:11:28 | 000,000,166 | ---- | C] () -- C:\Dokumente und Einstellungen\Wolfgang\Anwendungsdaten\wklnhst.dat
[2012.06.10 16:58:38 | 000,004,608 | ---- | C] () -- C:\Dokumente und Einstellungen\Wolfgang\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.06.10 16:36:14 | 000,000,272 | ---- | C] () -- C:\Dokumente und Einstellungen\Wolfgang\Anwendungsdaten\.backup.dm
[2012.06.09 21:25:28 | 000,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2012.06.09 21:16:26 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\Cpuinf32.dll
[2012.06.09 21:12:07 | 000,000,059 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2012.06.09 21:05:27 | 000,000,146 | ---- | C] () -- C:\Dokumente und Einstellungen\Wolfgang\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
 
========== ZeroAccess Check ==========
 
[2005.12.12 17:36:51 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2012.04.20 20:29:44 | 001,510,400 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.02.09 11:51:44 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008.04.14 03:22:32 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >
Code:
OTL Extras logfile created on: 17.01.2013 13:49:18 - Run 6
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Dokumente und Einstellungen\Wolfgang\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,10 Gb Available Physical Memory | 55,08% Memory free
3,85 Gb Paging File | 2,93 Gb Available in Paging File | 76,24% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 48,83 Gb Total Space | 27,39 Gb Free Space | 56,09% Space Free | Partition Type: NTFS
Drive D: | 140,58 Gb Total Space | 125,15 Gb Free Space | 89,03% Space Free | Partition Type: FAT32
Drive F: | 48,83 Gb Total Space | 35,30 Gb Free Space | 72,30% Space Free | Partition Type: NTFS
Drive G: | 75,89 Gb Total Space | 68,82 Gb Free Space | 90,68% Space Free | Partition Type: NTFS
Drive J: | 50,27 Gb Total Space | 50,26 Gb Free Space | 100,00% Space Free | Partition Type: FAT32
Drive N: | 465,73 Gb Total Space | 115,08 Gb Free Space | 24,71% Space Free | Partition Type: NTFS
 
Computer Name: LAPTOP-PC | User Name: Wolfgang | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
 
[HKEY_USERS\S-1-5-21-2067509887-573568312-3817669188-1006\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- g:\programme\mozilla firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "G:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [CEWE FOTOSCHAU] -- "G:\Programme\CEWE COLOR\Mein CEWE FOTOBUCH\CEWE FOTOSCHAU.exe" -d "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Mein CEWE FOTOBUCH] -- "G:\Programme\CEWE COLOR\Mein CEWE FOTOBUCH\Mein CEWE FOTOBUCH.exe" "%1" ()
Directory [PlayWithVLC] -- "G:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Programme\Adobe\Photoshop Elements 4.0\AdobePhotoshopElementsMediaServer.exe" = C:\Programme\Adobe\Photoshop Elements 4.0\AdobePhotoshopElementsMediaServer.exe:*:Disabled:Adobe Photoshop Elements Media Server -- ()
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Programme\Twonky\TwonkyServer\twonkystarter.exe" = C:\Programme\Twonky\TwonkyServer\twonkystarter.exe:*:Enabled:TwonkyServer -- (PacketVideo)
"C:\Programme\Twonky\TwonkyServer\twonkyserver.exe" = C:\Programme\Twonky\TwonkyServer\twonkyserver.exe:*:Enabled:TwonkyServer -- ()
"C:\Programme\ubuntuone\dist\ubuntuone-syncdaemon.exe" = C:\Programme\ubuntuone\dist\ubuntuone-syncdaemon.exe:*:Enabled:Ubuntu One -- ()
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00F8608F-BA6A-4B32-843A-1A568ACD1198}" = VAIO Sea Wallpaper
"{013E1BA8-C815-4E27-BCB9-D6B1B2E24094}" = SonicStage Mastering Studio Audio Filter Custom Preset
"{01E9B2FF-DAF4-4529-9CC9-2101625517C7}" = nero.prerequisites.msi
"{01FDC9FC-4D4F-4DB0-ACD1-D3E8E1D52902}" = Sony MP4 Shared Library
"{034DCAF9-96E7-4936-9A07-712F80B5181E}" = Nero RescueAgent 11
"{0673654C-5296-453B-9798-B61CD7E03FEB}" = SES Driver
"{0713D1F9-DD77-42C1-8C7D-54D479E2E743}" = Nero SoundTrax 11
"{075473F5-846A-448B-BCB3-104AA1760205}" = Roxio DigitalMedia Data
"{0D7A4289-99CF-4B8D-B812-86BE50A54552}" = Nero Video 11
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{11C98E1A-EC91-4B38-B44C-C562292D8453}" = Adobe Premiere Elements 2.0
"{11D3EF85-63E1-4AE4-A7C1-9241BDB16B51}" = Nero ControlCenter 11
"{1417F599-1DBD-4499-9375-B2813E9F890C}" = VAIO Camera Utility
"{14DC0059-00F1-4F62-BD1A-AB23CD51A95E}" = Adobe AIR
"{15803703-25FA-4C01-A062-3F4A59937E87}" = Ulead PhotoImpact X3
"{1BEF9285-5530-426B-A5F1-5836B95C7EB1}" = VAIO Original Screen Saver
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2063C2E8-3812-4BBD-9998-6610F80C1DD4}" = VAIO Media AC3 Decoder 1.0
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 9
"{27337663-2619-11D4-99DC-0000F49094C7}" = Memory Stick Formatter
"{28C70D19-6DE9-43EF-BFA3-342F4A11B727}" = LibreOffice 3.5
"{2A0F3EF9-68EE-49E9-A05B-ED5B82DF63E5}" = Wireless Switch Setting Utility
"{2AEDC172-479F-47AE-8A48-A0524D4AED5B}_is1" = Inpaint 4.7
"{2CA7225D-CB12-462A-9DD1-50319E158BA5}" = Nero 11 PiP Effects Basic
"{3248F0A8-6813-11D6-A77B-00B0D0150050}" = J2SE Runtime Environment 5.0 Update 5
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{390757AA-8830-43DC-AEE0-4E5B6F8439EB}" = Nero SoundTrax 11 Help (CHM)
"{3966711E-1F98-4C9F-AE0B-6AD28137FE64}" = Multiple Image Resizer .NET 4
"{3B418709-D688-4E3A-BE0E-7D71FA84C948}" = Nero 11 PiP Effects 1
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4382FC76-8100-4951-8658-31834E625E88}" = Nero 11 Video Transitions 1
"{498A4E3D-562E-4129-8722-6DCAB12384AE}" = Windows Communication Foundation Language Pack - DEU
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{529125EF-E3AC-4B74-97E6-F688A7C0F1BF}" = Paint.NET v3.5.10
"{53F7746A-96AA-49A5-86B8-59989680DAC5}" = Nero Burning ROM 11 Help (CHM)
"{55C2143E-FBA5-442F-9AFA-726FF068F39D}" = Nero CoverDesigner 11 Help (CHM)
"{560F6B2E-F0DF-44E5-8190-A4A161F0E205}" = VAIO Media 5.0
"{57F80ECF-E27C-4EEE-AB58-E971BACE2639}" = Nero Recode 11 Help (CHM)
"{5855C127-1F20-404D-B7FB-1FD84D7EAB5E}" = VAIO Media Redistribution 5.0
"{59452470-A902-477F-9338-9B88101681BD}" = Setting Utility Series
"{5958CAC6-373E-402F-84FE-0A699AA920B9}" = LAN Setting Utility
"{5A212B2D-140D-46F4-B625-2D1CA5A00594}" = Nero 11 Kwik Themes Basic
"{5BEE8F1F-BD32-4553-8107-500439E43BD7}" = VAIO Update
"{5E940FC7-90C4-8583-3DCB-A2C86224B726}" = Shrink O’Matic
"{5E98FDD6-3672-4DBE-AB8B-2C9A0BED1382}" = Nero 11 Disc Menus 3
"{60356853-8141-8377-6786-288431479053}" = Jewel Empire-Hidden Secrets
"{61D6E4FB-1A62-4EB1-BE56-929B00C155CF}" = Wireless LAN Starter
"{63B8FB69-A1B6-425D-B67D-5257B7A1F663}" = Image Converter 2 Plus
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{668B1BD6-4593-4959-970E-249AFFE6F35C}" = VOR
"{685BCC47-B8EC-45EC-BBCE-77DF2451502C}" = DVgate Plus
"{6AB2427E-A18F-4809-9A12-29F5EBABBB3A}" = Nero BackItUp 11 Help (CHM)
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6B1F20F2-6321-4669-A58C-33DF8E7517FF}" = VAIO Entertainment Platform
"{7228FD8C-3B9E-4204-AE36-8A466107685B}" = Windows Workflow Foundation DE Language Pack
"{785EB1D4-ECEC-4195-99B4-73C47E187721}" = VAIO Media Integrated Server 5.0
"{7DF2B5EE-2C16-4E86-9C71-8678068AD805}" = Nero 11 Disc Menus 2
"{7F9C9908-69E3-4474-A081-256F27995A18}" = My Net View
"{8014FACB-1D1D-48C2-94AA-E29EE2E6B9CE}" = Nero WaveEditor 11
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 4.9.0
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8937FCB2-2FC6-4FC3-9FB5-DE2C92DB9C38}" = Microsoft .NET Framework 2.0 Language Pack - DEU
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8EDBA74D-0686-4C99-BFDD-F894678E5102}" = Adobe Common File Installer
"{8FFC924C-ED06-44CB-8867-3CA778ECE903}" = Adobe Help Center 2.0
"{9080C5D2-82FA-452A-87FA-CBB4B05D67A5}" = VPS
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD for VAIO
"{9193490D-5229-4FC4-9BB9-A6D63C09574A}" = High-Definition Video Playback
"{92DF2F1B-F63C-4D9A-B3E1-B2D11AE29790}" = Windows Presentation Foundation Language Pack (DEU)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9CC89556-3578-48DD-8408-04E66EBEF401}" = mXML
"{9E319E96-ED8E-4B01-9775-C521A1869A25}" = VAIO Power Management
"{9E407618-D9CD-4F39-9490-9ED45294073D}" = Click to DVD 2.0.03 Menu Data
"{9FC86590-AC98-4845-80D4-3EB37B51947B}" = Nero 11
"{A0EB195B-5876-48E6-879D-33D4B2102610}" = SonicStage 3.3
"{A0F34849-D9AB-46DD-B1BE-BB0DB60B1FE8}" = Nero 11 Disc Menus 1
"{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}" = mDriver
"{A2CDC001-F8B3-4C64-9E74-2E3FA0FAC9D9}" = Nero 11 Video Samples
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A3810BEE-967B-41DC-9662-F941A3F7D689}" = calibre
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A4F6BE36-4826-45BA-A396-04F265A3B61D}" = Nero 11 Kwik Themes 2
"{A7A0BF2E-31CC-49E3-9913-52C503EB969D}" = Nero Audio Pack 1
"{AB2BBC64-8AC8-4E66-BBF3-E22D5EACEECA}" = Nero BackItUp 11
"{AB467B85-4F52-48C2-AEED-0673D00417B0}" = SonicStage Mastering Studio Audio Filter
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Roxio DigitalMedia Audio
"{ABBD2A2E-2424-4078-966F-F319A88D5F21}" = VAIO Starfish Wallpaper
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.5) - Deutsch
"{ACD6B383-EC5B-4000-A455-CCB308B447FE}" = Nero 11 Kwik Themes 4
"{AF9A04EB-7D8E-41DE-9EDE-4AB9BB2B71B6}" = VAIO Media Registration Tool 5.0
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Roxio DigitalMedia Copy
"{B160A672-F326-4414-9BB0-A056C61B357C}" = Nero 11 Cliparts
"{B1846721-A8E6-46C7-83B6-0DCF7ADB4267}" = Nero Burning ROM 11
"{B1F69AF3-B5B5-4CA5-ADC5-8A738EB6E574}" = Nero 11 Kwik Themes 1
"{B26E3B0D-C2FA-4370-B068-7C476766F029}" = Microsoft Works
"{B3F1E526-180B-4480-9FEC-3E2DCB8EA9CE}" = F-Secure PSC Prerequisites
"{B7C03E84-AF46-42F4-809D-D4127D9086D0}" = VAIO Edit Components 6.0
"{B9B1BA7F-7E07-49DD-A713-5B397A5BB66B}" = Nero Kwik Media Help (CHM)
"{BA499CC0-12C0-4BA5-9007-76844B721158}" = Nero 11 Kwik Themes 3
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BE56FEF0-1A0F-4719-B3AD-34B5087AFA6D}" = Sony Video Shared Library
"{BE814218-3919-4EA3-868A-2F60BC135CB4}" = Nero Kwik Media
"{BEBEE34D-84A2-4EDD-8BEA-96CC54371263}" = Nero Core Components 11
"{BF3B304B-8A18-452D-A19F-6012CA8418D7}" = SonicStage Mastering Studio 2.1
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C27BF761-C499-488D-A964-A3718BC6EC3E}" = DSD Direct
"{C89EB8CD-675F-44F4-9729-4C9A8FAC2D4F}" = DSD Playback Plug-In 1.0
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCE210DF-7EEF-4A76-A63C-3EB091FDB992}" = welcome
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE518445-0054-44F8-8315-2AD45BF3701E}" = Raw Therapee V4.0.9.50 x86
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{D010EBB6-6CDB-4360-90ED-743156F3E11F}" = LibreOffice 3.5 Help Pack (German)
"{D01CE99A-8802-483C-A79F-298B691EB432}" = Nero RescueAgent 11 Help (CHM)
"{D2CBEFA4-F2D3-4E97-A171-8BFD6A31A5EC}" = Nero Express 11 Help (CHM)
"{D2D23D08-D10E-43D6-883C-78E0B2AC9CC6}" = VU5x86
"{D4D66270-9147-4BDF-9946-FCA2B303AA8F}" = Nero ControlCenter 11 Help (CHM)
"{E09B48B5-E141-427A-AB0C-D3605127224A}" = Microsoft SQL Server Desktop Engine (VAIO_VEDB)
"{E10AAE4A-98B8-420A-BD93-E0520C23D624}" = Nero Express 11
"{E4715C25-7114-4F40-A915-C1951D4D7520}" = VAIO Update Merge Module x86
"{E51BC4B0-EA5E-49CC-AF3B-93B5C627EC22}" = Nero 11 Effects Basic
"{E5E6E687-1031-0000-0000-000000000002}" = Adobe Acrobat  7.0 Elements - Deutsch
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{E809063C-51A3-4269-8984-D1EB742F2151}" = Click to DVD 2.5.00
"{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore
"{EB8DED20-A887-4A9C-BB5A-F3E7523DFB44}" = Nero WaveEditor 11 Help (CHM)
"{EBB7C1C1-D439-4D9B-9FDC-954C10F266B0}" = Adobe Photoshop Elements 4.0
"{EE7EB179-5AA2-4B28-AC92-5CBAAF82BA7F}" = SonicStage Mastering Studio Plugins
"{EF3D45BB-2260-4008-88EA-492E7744A9DF}" = Sony Utilities DLL
"{F0AC2E59-2AD8-4D4C-8677-4EFE8F8AFC37}" = Box Sync
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0D85ADD-DD61-4B43-87A0-6DA52A211A8B}" = VAIO Event Service
"{F2A7F421-1679-48D5-B918-96999014ED53}" = Microsoft .NET Framework 3.0 German Language Pack
"{F3743A2C-5D5F-4456-8F98-5DF36A954C50}" = Nero 11 Image Samples
"{F49EF443-B2BD-4F10-8A46-87AFCDB90EDD}" = Nero 11 Disc Menus Basic
"{F5E4C38C-73BC-4D44-8BFC-969C2B4DABCA}" = OpenMG Secure Module 4.3.00
"{F69FB940-5031-4FE8-AFAD-085802D0BF63}" = Nero Recode 11
"{F8EF9B71-53E7-41F5-8E54-47B4C979CB38}" = Nero Backup Drivers
"{FAC3C37E-EDAB-4F3A-A173-A7C70CC88F09}" = Nero Video 11 Help (CHM)
"{FB714F13-10C9-48DB-91C9-DDBCCCBF9370}" = VAIO Original Screen Saver VAIO Cozy Screen SD Wide Contents
"{FC37C108-821D-4EDE-8F40-D5B497586805}" = VAIO Control Center
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"{FF44BCE5-5A18-4051-85F0-BC172D7B4695}" = Nero CoverDesigner 11
"7-Zip" = 7-Zip 9.20
"Adobe Acrobat  7.0 Elements - Deutsch" = Adobe Acrobat  7.0 Elements - Deutsch
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop Elements 4" = Adobe Photoshop Elements 4.0
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.17
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_20030003" = HDAUDIO SoftV92 Data Fax Modem with SmartCP
"Digital Editions" = Adobe Digital Editions
"ESET Online Scanner" = ESET Online Scanner v3
"Exact Audio Copy" = Exact Audio Copy 1.0beta3
"Exif-Viewer" = Exif-Viewer 2.51
"FastStone Photo Resizer" = FastStone Photo Resizer 3.1
"F-Secure Product 444" = F-Secure Internet Security 2009
"GIMP-2_is1" = GIMP 2.8.0
"Hardcopy(G__hardcopy)" = Hardcopy (G:\hardcopy)
"HxD Hex Editor_is1" = HxD Hex Editor Version 1.7.7.0
"ie8" = Windows Internet Explorer 8
"Inkscape" = Inkscape 0.48.2
"InstallShield_{15803703-25FA-4C01-A062-3F4A59937E87}" = Ulead PhotoImpact X3
"InstallShield_{668B1BD6-4593-4959-970E-249AFFE6F35C}" = VAIO-Online-Registrierung (Deutsch)
"InstallShield_{9080C5D2-82FA-452A-87FA-CBB4B05D67A5}" = VAIO Product Survey
"InstallShield_{F5E4C38C-73BC-4D44-8BFC-969C2B4DABCA}" = OpenMG Secure Module 4.3.00
"MAGIX Xtreme Druck Center D" = MAGIX Xtreme Druck Center 5.0.0.7399 (D)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"Mein CEWE FOTOBUCH" = Mein CEWE FOTOBUCH
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 2.0 Language Pack - DEU" = Microsoft .NET Framework 2.0 Language Pack - DEU
"Microsoft .NET Framework 3.0 German Language Pack" = Microsoft .NET Framework 3.0 German Language Pack
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"MouseSuite98" = Sony USB Mouse
"Mozilla Firefox 18.0 (x86 de)" = Mozilla Firefox 18.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MP4 To MP3 Converter_is1" = MP4 To MP3 Converter V3.0.4
"Multiple Image Resizer .NET 4" = Multiple Image Resizer .NET 4
"My Club VAIO Media Center Edition_is1" = My Club VAIO MCE (German) 1.0.1
"net.tw.air.ShrinkOMatic.7C34F9BA9FAD6689FAABBE85F1F5B46BA5A32DE5.1" = Shrink O’Matic
"Notepad++" = Notepad++
"NVIDIA Drivers" = NVIDIA Drivers
"OpenMG HotFix4.3-05-09-14-01" = OpenMG Limited Patch 4.3-05-10-05-01
"PremElem20" = Adobe Premiere Elements 2.0
"ProInst" = Intel(R) PROSet/Wireless Software
"PROSet" = Intel(R) PRO Network Connections Drivers
"ShiftN_is1" = ShiftN 3.6.1
"Software Informer_is1" = Software Informer 1.1
"STRATO HiDrive" = STRATO HiDrive (remove only)
"The GodFather" = The GodFather
"Ubuntu One 4.0.0" = Ubuntu One
"UnderCoverXP_is1" = UnderCoverXP 1.23
"VLC media player" = VLC media player 2.0.4
"WD Link" = WD Link
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows XP Service Pack" = Windows XP Service Pack 3
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-2067509887-573568312-3817669188-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"TwonkyServer" = Twonky 7
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 21.07.2012 16:55:28 | Computer Name = LAPTOP-PC | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung firefox.exe, Version 13.0.1.4548, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
Error - 21.07.2012 18:22:07 | Computer Name = LAPTOP-PC | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung firefox.exe, Version 13.0.1.4548, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
Error - 21.07.2012 18:27:20 | Computer Name = LAPTOP-PC | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung firefox.exe, Version 13.0.1.4548, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
Error - 23.07.2012 14:08:02 | Computer Name = LAPTOP-PC | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung FlashPlayerUpdateService.exe, Version 11.3.300.265,
 fehlgeschlagenes Modul ntdll.dll, Version 5.1.2600.6055, Fehleradresse 0x000113c0.
 
Error - 31.07.2012 16:08:18 | Computer Name = LAPTOP-PC | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung FlashPlayerUpdateService.exe, Version 11.3.300.268,
 fehlgeschlagenes Modul ntdll.dll, Version 5.1.2600.6055, Fehleradresse 0x000113c0.
 
Error - 07.08.2012 15:58:13 | Computer Name = LAPTOP-PC | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung pdf24-Editor.exe, Version 4.6.0.0, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
Error - 07.08.2012 16:03:45 | Computer Name = LAPTOP-PC | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung pdf24-Editor.exe, Version 4.6.0.0, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
Error - 07.08.2012 16:09:08 | Computer Name = LAPTOP-PC | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung pdf24-Editor.exe, Version 4.6.0.0, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
[ System Events ]
Error - 16.01.2013 16:08:24 | Computer Name = LAPTOP-PC | Source = DCOM | ID = 10010
Description = Der Server "{4B635ECB-0887-4015-8CA6-D621362F98D1}" konnte innerhalb
 des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
 
Error - 16.01.2013 16:38:55 | Computer Name = LAPTOP-PC | Source = DCOM | ID = 10010
Description = Der Server "{4B635ECB-0887-4015-8CA6-D621362F98D1}" konnte innerhalb
 des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
 
Error - 16.01.2013 17:09:25 | Computer Name = LAPTOP-PC | Source = DCOM | ID = 10010
Description = Der Server "{4B635ECB-0887-4015-8CA6-D621362F98D1}" konnte innerhalb
 des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
 
Error - 16.01.2013 17:38:53 | Computer Name = LAPTOP-PC | Source = DCOM | ID = 10010
Description = Der Server "{4B635ECB-0887-4015-8CA6-D621362F98D1}" konnte innerhalb
 des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
 
Error - 16.01.2013 18:03:42 | Computer Name = LAPTOP-PC | Source = Windows Update Agent | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
 Fehler 0x80070643 fehlgeschlagen: Sicherheitsupdate für Microsoft .NET Framework
 1.1 SP1 unter Windows XP, Windows Vista und Windows Server 2008 x86 (KB2742597)
 
Error - 17.01.2013 08:31:12 | Computer Name = LAPTOP-PC | Source = DCOM | ID = 10010
Description = Der Server "{4B635ECB-0887-4015-8CA6-D621362F98D1}" konnte innerhalb
 des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
 
Error - 17.01.2013 08:32:43 | Computer Name = LAPTOP-PC | Source = DCOM | ID = 10010
Description = Der Server "{4B635ECB-0887-4015-8CA6-D621362F98D1}" konnte innerhalb
 des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
 
Error - 17.01.2013 08:34:13 | Computer Name = LAPTOP-PC | Source = DCOM | ID = 10010
Description = Der Server "{4B635ECB-0887-4015-8CA6-D621362F98D1}" konnte innerhalb
 des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
 
Error - 17.01.2013 08:35:43 | Computer Name = LAPTOP-PC | Source = DCOM | ID = 10010
Description = Der Server "{4B635ECB-0887-4015-8CA6-D621362F98D1}" konnte innerhalb
 des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
 
Error - 17.01.2013 08:37:13 | Computer Name = LAPTOP-PC | Source = DCOM | ID = 10010
Description = Der Server "{4B635ECB-0887-4015-8CA6-D621362F98D1}" konnte innerhalb
 des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
 
 
< End of report >

wolfk 17.01.2013 14:02
Hallo Cosinus,

hier nun die Kontrolle mit OTL:

Gestartet wurde mit Doppelklick auf die OTL.exe., vorab war mittig
der Haken bei "Scanne alle Benutzer" zu setzen. Ferner war minimaler
Output und unter "Extra Registry" "Use SafeList" zu wählen. Das
Programm startete, in dem links oben auf "Run Scan" geklickt wurde.

Die nach Programmbeendigung erstellten 2 Logfiles sind in CODE-TAGS
in den Thread zu posten (anbei).

Vielen Dank für Deine Bemühungen.

wolfk

Code:
OTL logfile created on: 17.01.2013 13:49:18 - Run 6
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Dokumente und Einstellungen\Wolfgang\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,10 Gb Available Physical Memory | 55,08% Memory free
3,85 Gb Paging File | 2,93 Gb Available in Paging File | 76,24% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 48,83 Gb Total Space | 27,39 Gb Free Space | 56,09% Space Free | Partition Type: NTFS
Drive D: | 140,58 Gb Total Space | 125,15 Gb Free Space | 89,03% Space Free | Partition Type: FAT32
Drive F: | 48,83 Gb Total Space | 35,30 Gb Free Space | 72,30% Space Free | Partition Type: NTFS
Drive G: | 75,89 Gb Total Space | 68,82 Gb Free Space | 90,68% Space Free | Partition Type: NTFS
Drive J: | 50,27 Gb Total Space | 50,26 Gb Free Space | 100,00% Space Free | Partition Type: FAT32
Drive N: | 465,73 Gb Total Space | 115,08 Gb Free Space | 24,71% Space Free | Partition Type: NTFS
 
Computer Name: LAPTOP-PC | User Name: Wolfgang | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - G:\Programme\mozilla firefox\firefox.exe (Mozilla Corporation)
PRC - G:\Eigene Programme\F-Secure\Anti-Virus\fsav32.exe (F-Secure Corporation)
PRC - G:\Eigene Programme\F-Secure\Anti-Virus\fssm32.exe (F-Secure Corporation)
PRC - G:\Eigene Programme\F-Secure\Anti-Virus\fsgk32.exe (F-Secure Corporation)
PRC - C:\Dokumente und Einstellungen\Wolfgang\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Box Sync\BoxSyncHelper.exe (Box, Inc.)
PRC - C:\Programme\Box Sync\BoxSync.exe (Box, Inc.)
PRC - C:\Programme\ubuntuone\dist\ubuntu-sso-login.exe ()
PRC - C:\Programme\ubuntuone\dist\ubuntuone-syncdaemon.exe ()
PRC - C:\Programme\ubuntuone\dist\ubuntuone-proxy-tunnel.exe ()
PRC - C:\Programme\ubuntuone\dist\ubuntuone-control-panel-qt.exe ()
PRC - C:\Programme\Twonky\TwonkyServer\twonkyproxy.exe ()
PRC - C:\Programme\Twonky\TwonkyServer\twonkywebdav.exe ()
PRC - C:\Programme\Twonky\TwonkyServer\twonkytray.exe (PacketVideo)
PRC - C:\Programme\Java\jre7\bin\jqs.exe (Oracle Corporation)
PRC - G:\Programme\PDF24\pdf24.exe (Geek Software GmbH)
PRC - G:\Programme\Notepad++\notepad++.exe (Don HO don.h@free.fr)
PRC - C:\Programme\Gemeinsame Dateien\Java\Java Update\jucheck.exe (Sun Microsystems, Inc.)
PRC - C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
PRC - G:\Eigene Programme\F-Secure\ORSP Client\fsorsp.exe (F-Secure Corporation)
PRC - G:\hardcopy\hardcopy.exe (sw4you, Siegfried Weckmann)
PRC - G:\Programme\STRATO AG\STRATO HiDrive\STRATO HiDrive Service.exe (STRATO)
PRC - C:\Programme\Software Informer\softinfo.exe (Informer Technologies, Inc.)
PRC - C:\Programme\Nero\Update\NASvc.exe (Nero AG)
PRC - G:\Eigene Programme\F-Secure\Common\FSM32.EXE (F-Secure Corporation)
PRC - G:\Eigene Programme\F-Secure\Common\FSMA32.EXE (F-Secure Corporation)
PRC - G:\Eigene Programme\F-Secure\Common\FSHDLL32.EXE (F-Secure Corporation)
PRC - G:\Eigene Programme\F-Secure\FWES\program\fsdfwd.exe (F-Secure Corporation)
PRC - G:\Eigene Programme\F-Secure\Anti-Virus\fsgk32st.exe (F-Secure Corporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Gemeinsame Dateien\Ulead Systems\AutoDetector\Monitor.exe (Ulead Systems, Inc.)
PRC - C:\Programme\Sony\VAIO Camera Utility\VCUServe.exe (Sony Corporation)
PRC - C:\Programme\Sony\VAIO Power Management\SPMgr.exe (Sony Corporation)
PRC - C:\Programme\Sony\Wireless Switch Setting Utility\Switcher.exe (Sony Corporation)
PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.)
PRC - C:\Programme\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe ()
PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe (TOSHIBA CORPORATION.)
PRC - C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe (Sony Corporation)
PRC - C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe (Sony Corporation)
PRC - C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe (Sony Corporation)
PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe (TOSHIBA CORPORATION.)
PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe (TOSHIBA CORPORATION.)
PRC - C:\Programme\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation)
PRC - C:\Programme\Adobe\Acrobat 7.0\Distillr\acrotray.exe (Adobe Systems Inc.)
PRC - C:\Programme\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
PRC - C:\Programme\Apoint\ApntEx.exe (Alps Electric Co., Ltd.)
PRC - C:\Programme\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
PRC - C:\WINDOWS\system32\ico.exe (Primax Electronics Ltd.)
 
 
========== Modules (No Company Name) ==========
 
MOD - G:\Programme\mozilla firefox\mozjs.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\BoxSyncHelper\69a33ca4d86dd204a06bebc087d60b26\BoxSyncHelper.ni.exe ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Newtonsoft.Json.Net#\ad7f1ab6eb4d4760d6a44da93a726174\Newtonsoft.Json.Net20.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Python.Runtime\e504461905e60c71e7b15698bca2b340\Python.Runtime.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Management\1a6f9e23985e3159e6dd9827fd81c2fd\System.Management.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\ZetaLongPaths\79a6c14accd5a637a81f08525630c90e\ZetaLongPaths.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\BoxUtils\8fcb0e3bc42873044d8bb5ba01a4fd68\BoxUtils.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\BoxSync\a3b01b2b9821350be75712b900bf5589\BoxSync.ni.exe ()
MOD - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\5f287bf8e66e3b9bfc5562ad7e3c7857\System.Configuration.Install.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\d8e6b9c70a9456677c5d746fa603013f\System.Web.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\d7a2248a76f0e94d56c92c5bf96f5175\System.Runtime.Remoting.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Transactions\ad737988d5bde126a3b7770eacc51e5b\System.Transactions.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data\8462c03b4f10c4624feb95790d6d1e30\System.Data.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Accessibility\cbee94ec6a0fe649e3b4643cea6e1259\Accessibility.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\4c91371e83d124ecb39664613e7e0417\System.Windows.Forms.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\7782f356a838c403b4a8e9c80df5a577\System.Drawing.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Security\203f25ba39b45027d2d0c8f849a471db\System.Security.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\d8f621506aee1c8eb8fdb948d4640dca\System.Data.SqlXml.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\fe025743210c22bea2f009e1612c38bf\System.Xml.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\96b7a0136e9e72e8f4eb0230c20766d2\System.Configuration.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\aeac298c43c77d8860db8e7634d9f2eb\System.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\eab2340ead8e1a84bdf1a87868659979\mscorlib.ni.dll ()
MOD - C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll ()
MOD - C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll ()
MOD - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.DEU ()
MOD - C:\Programme\ubuntuone\dist\ubuntu-sso-login.exe ()
MOD - C:\Programme\ubuntuone\dist\ubuntuone-syncdaemon.exe ()
MOD - C:\Programme\ubuntuone\dist\ubuntuone-proxy-tunnel.exe ()
MOD - C:\Programme\ubuntuone\dist\ubuntuone-control-panel-qt.exe ()
MOD - C:\Programme\Twonky\TwonkyServer\twonkyproxy.exe ()
MOD - C:\Programme\Twonky\TwonkyServer\twonkywebdav.exe ()
MOD - C:\Programme\ubuntuone\dist\zope.interface._zope_interface_coptimizations.pyd ()
MOD - C:\Programme\ubuntuone\dist\OpenSSL.crypto.pyd ()
MOD - C:\Programme\ubuntuone\dist\OpenSSL.SSL.pyd ()
MOD - C:\Programme\ubuntuone\dist\OpenSSL.rand.pyd ()
MOD - C:\Programme\ubuntuone\dist\Crypto.Cipher.AES.pyd ()
MOD - C:\Programme\ubuntuone\dist\twisted.python._initgroups.pyd ()
MOD - C:\Programme\Box Sync\_ssl.pyd ()
MOD - C:\Programme\Box Sync\unicodedata.pyd ()
MOD - C:\Programme\Box Sync\sqlite3.dll ()
MOD - C:\Programme\Box Sync\_hashlib.pyd ()
MOD - C:\Programme\Box Sync\pyexpat.pyd ()
MOD - C:\Programme\Box Sync\win32file.pyd ()
MOD - C:\Programme\Box Sync\pywintypes27.dll ()
MOD - C:\Programme\Box Sync\win32security.pyd ()
MOD - C:\Programme\Box Sync\win32api.pyd ()
MOD - C:\Programme\Box Sync\_elementtree.pyd ()
MOD - C:\Programme\Box Sync\_ctypes.pyd ()
MOD - C:\Programme\Box Sync\_sqlite3.pyd ()
MOD - C:\Programme\Box Sync\_socket.pyd ()
MOD - C:\Programme\Box Sync\_testcapi.pyd ()
MOD - C:\Programme\Box Sync\_win32sysloader.pyd ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Core\a2b1103ad3d9f329e0c9164994137c81\System.Core.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml\21071fcc838660d96f10920c4c3cd206\System.Xml.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Configuration\363b05dd092178671e56531a9c4999b6\System.Configuration.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System\3ff4657a86a0e14b4be577969e0ec762\System.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\mscorlib\52f4f785f7cf45a64606a8e13c8cf04c\mscorlib.ni.dll ()
MOD - C:\Programme\ubuntuone\dist\PyQt4.QtNetwork.pyd ()
MOD - C:\Programme\ubuntuone\dist\PyQt4.QtGui.pyd ()
MOD - C:\Programme\ubuntuone\dist\PyQt4.QtCore.pyd ()
MOD - C:\Programme\ubuntuone\dist\sip.pyd ()
MOD - G:\Eigene Programme\F-Secure\Anti-Virus\minifilter\hashlib_x86.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - G:\hardcopy\HcDllS.dll ()
MOD - C:\Programme\ubuntuone\dist\_ssl.pyd ()
MOD - C:\Programme\ubuntuone\dist\_hashlib.pyd ()
MOD - C:\Programme\ubuntuone\dist\_ctypes.pyd ()
MOD - C:\Programme\ubuntuone\dist\select.pyd ()
MOD - C:\Programme\ubuntuone\dist\unicodedata.pyd ()
MOD - C:\Programme\ubuntuone\dist\_socket.pyd ()
MOD - G:\hardcopy\HcDLL2_36_Win32.dll ()
MOD - C:\Programme\ubuntuone\dist\win32com.shell.shell.pyd ()
MOD - C:\Programme\ubuntuone\dist\pythoncom27.dll ()
MOD - C:\Programme\ubuntuone\dist\win32gui.pyd ()
MOD - C:\Programme\ubuntuone\dist\win32api.pyd ()
MOD - C:\Programme\ubuntuone\dist\win32trace.pyd ()
MOD - C:\Programme\ubuntuone\dist\win32security.pyd ()
MOD - C:\Programme\ubuntuone\dist\win32process.pyd ()
MOD - C:\Programme\ubuntuone\dist\win32pipe.pyd ()
MOD - C:\Programme\ubuntuone\dist\win32event.pyd ()
MOD - C:\Programme\ubuntuone\dist\win32file.pyd ()
MOD - C:\Programme\ubuntuone\dist\pywintypes27.dll ()
MOD - G:\hardcopy\hardcopy_04.dll ()
MOD - G:\Programme\Notepad++\plugins\NppFTP.dll ()
MOD - G:\Programme\Notepad++\plugins\NppExport.dll ()
MOD - C:\WINDOWS\system32\sbe.dll ()
MOD - G:\Eigene Programme\F-Secure\Spam Control\fsas.dll ()
MOD - \\?\g:\eigene programme\f-secure\hips\fsumi.dll ()
MOD - G:\Eigene Programme\F-Secure\FSGUI\strres.eng ()
MOD - G:\Eigene Programme\F-Secure\FSGUI\gres.dll ()
MOD - G:\Eigene Programme\F-Secure\FSGUI\fsavures.eng ()
MOD - G:\Eigene Programme\F-Secure\FSGUI\flyerres.eng ()
MOD - G:\Eigene Programme\F-Secure\FSGUI\about.dll ()
MOD - G:\Eigene Programme\F-Secure\FSGUI\aboutres.dll ()
MOD - G:\Eigene Programme\F-Secure\Anti-Virus\fsavhres.eng ()
MOD - g:\Eigene Programme\F-Secure\DAAS2\daas2.dll ()
MOD - C:\WINDOWS\system32\msdmo.dll ()
MOD - C:\Programme\Gemeinsame Dateien\Ulead Systems\AutoDetector\DetMethod.dll ()
MOD - C:\WINDOWS\system32\msjetoledb40.dll ()
MOD - C:\Programme\Sony\VAIO Camera Utility\VCULib.dll ()
MOD - C:\Programme\Intel\Wireless\Bin\Libeay32.dll ()
MOD - C:\Programme\Intel\Wireless\Bin\iWMSProv.dll ()
MOD - C:\Programme\Intel\Wireless\Bin\IntStngs.dll ()
MOD - C:\Programme\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe ()
MOD - C:\WINDOWS\system32\TosCommAPI.dll ()
MOD - C:\Programme\Sony\VAIO Event Service\VESBasePS.dll ()
MOD - C:\Programme\Adobe\Acrobat 7.0\Distillr\AdistRes.DEU ()
MOD - C:\WINDOWS\system32\TosBtHcrpAPI.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (HidServ) -- %SystemRoot%\System32\hidserv.dll File not found
SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (TwonkyProxy) -- C:\Programme\Twonky\TwonkyServer\twonkyproxy.exe ()
SRV - (TwonkyWebDav) -- C:\Programme\Twonky\TwonkyServer\twonkywebdav.exe ()
SRV - (JavaQuickStarterService) -- C:\Programme\Java\jre7\bin\jqs.exe (Oracle Corporation)
SRV - (FSORSPClient) -- G:\Eigene Programme\F-Secure\ORSP Client\fsorsp.exe (F-Secure Corporation)
SRV - (VUAgent) -- C:\Programme\Sony\VAIO Update Common\VUAgent.exe (Sony Corporation)
SRV - (STRATO HiDrive Service) -- G:\Programme\STRATO AG\STRATO HiDrive\STRATO HiDrive Service.exe (STRATO)
SRV - (NAUpdate) -- C:\Programme\Nero\Update\NASvc.exe (Nero AG)
SRV - (FSMA) -- G:\Eigene Programme\F-Secure\Common\FSMA32.EXE (F-Secure Corporation)
SRV - (FSDFWD) -- G:\Eigene Programme\F-Secure\FWES\program\fsdfwd.exe (F-Secure Corporation)
SRV - (F-Secure Gatekeeper Handler Starter) -- G:\Eigene Programme\F-Secure\Anti-Virus\fsgk32st.exe (F-Secure Corporation)
SRV - (VAIOMediaPlatform-IntegratedServer-AppServer) -- C:\Programme\Sony\VAIO Media Integrated Server\VMISrv.exe (Sony Corporation)
SRV - (VAIOMediaPlatform-IntegratedServer-UPnP) -- C:\Programme\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe (Sony Corporation)
SRV - (VAIOMediaPlatform-IntegratedServer-HTTP) -- C:\Programme\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe (Sony Corporation)
SRV - (VAIOMediaPlatform-Mobile-Gateway) -- C:\Programme\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe (Sony Corporation)
SRV - (VAIO Entertainment TV Device Arbitration Service) -- C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe (Sony Corporation)
SRV - (SSScsiSV) -- C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\SSScsiSV.exe (Sony Corporation)
SRV - (AdobeActiveFileMonitor4.0) -- C:\Programme\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe ()
SRV - (VzCdbSvc) -- C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe (Sony Corporation)
SRV - (VzFw) -- C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe (Sony Corporation)
SRV - (Vcsw) -- C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe (Sony Corporation)
SRV - (MSCSPTISRV) -- C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\MSCSPTISRV.exe (Sony Corporation)
SRV - (PACSPTISVR) -- C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\PACSPTISVR.exe (Sony Corporation)
SRV - (SPTISRV) -- C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\SPTISRV.exe (Sony Corporation)
SRV - (Image Converter video recording monitor for VAIO Entertainment) -- C:\Programme\Sony\Image Converter 2\IcVzMon.exe (Sony Corporation)
SRV - (VAIO Event Service) -- C:\Programme\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation)
SRV - (VCI) -- C:\Programme\Sony\VAIO Cooperated Initialisation\VCI_svc.exe (Sony Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (WDICA) --  File not found
DRV - (PDRFRAME) --  File not found
DRV - (PDRELI) --  File not found
DRV - (PDFRAME) --  File not found
DRV - (PDCOMP) --  File not found
DRV - (PCIDump) --  File not found
DRV - (lbrtfdc) --  File not found
DRV - (i2omgmt) --  File not found
DRV - (esihdrv) -- C:\DOKUME~1\Wolfgang\LOKALE~1\Temp\esihdrv.sys File not found
DRV - (Changer) --  File not found
DRV - (catchme) -- C:\DOKUME~1\Wolfgang\LOKALE~1\Temp\catchme.sys File not found
DRV - (F-Secure Gatekeeper) -- G:\Eigene Programme\F-Secure\Anti-Virus\minifilter\fsgk.sys ()
DRV - (fsbts) -- C:\WINDOWS\system32\drivers\fsbts.sys ()
DRV - (NBVol) -- C:\WINDOWS\system32\drivers\NBVol.sys (Nero AG)
DRV - (NBVolUp) -- C:\WINDOWS\system32\drivers\NBVolUp.sys (Nero AG)
DRV - (tap0901) -- C:\WINDOWS\system32\drivers\tap0901.sys (The OpenVPN Project)
DRV - (F-Secure HIPS) -- G:\Eigene Programme\F-Secure\HIPS\drivers\fshs.sys (F-Secure Corporation)
DRV - (FSFW) -- C:\WINDOWS\system32\drivers\fsdfw.sys (F-Secure Corporation)
DRV - (F-Secure Filter) -- G:\Eigene Programme\F-Secure\Anti-Virus\win2k\fsfilter.sys ()
DRV - (F-Secure Recognizer) -- G:\Eigene Programme\F-Secure\Anti-Virus\win2k\fsrec.sys ()
DRV - (WDC_SAM) -- C:\WINDOWS\system32\drivers\wdcsam.sys (Western Digital Technologies)
DRV - (SonyImgF) -- C:\WINDOWS\system32\drivers\SonyImgF.sys (Sony Corporation)
DRV - (s24trans) -- C:\WINDOWS\system32\drivers\s24trans.sys (Intel Corporation)
DRV - (w39n51) -- C:\WINDOWS\system32\drivers\w39n51.sys (Intel® Corporation)
DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (SigmaTel, Inc.)
DRV - (Tosrfusb) -- C:\WINDOWS\system32\drivers\tosrfusb.sys (TOSHIBA CORPORATION)
DRV - (TosRfSnd) -- C:\WINDOWS\system32\drivers\tosrfsnd.sys (TOSHIBA Corporation)
DRV - (usbvm321) -- C:\WINDOWS\system32\drivers\usbvm321.sys (Vimicro Corporation)
DRV - (HSF_DPV) -- C:\WINDOWS\system32\drivers\HSF_DPV.sys (Conexant Systems, Inc.)
DRV - (HSFHWAZL) -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (Tosrfbd) -- C:\WINDOWS\system32\drivers\tosrfbd.sys (TOSHIBA CORPORATION)
DRV - (Tosrfhid) -- C:\WINDOWS\system32\drivers\tosrfhid.sys (TOSHIBA Corporation.)
DRV - (ti21sony) -- C:\WINDOWS\system32\drivers\ti21sony.sys (Texas Instruments)
DRV - (SI3132) -- C:\WINDOWS\system32\drivers\SI3132.sys (Silicon Image, Inc.)
DRV - (SiRemFil) -- C:\WINDOWS\system32\drivers\SiRemFil.sys (Silicon Image, Inc.)
DRV - (tosporte) -- C:\WINDOWS\system32\drivers\tosporte.sys (TOSHIBA Corporation)
DRV - (Tosrfbnp) -- C:\WINDOWS\system32\drivers\tosrfbnp.sys (TOSHIBA Corporation)
DRV - (Tosrfcom) -- C:\WINDOWS\system32\drivers\tosrfcom.sys (TOSHIBA Corporation)
DRV - (toshidpt) -- C:\WINDOWS\system32\drivers\toshidpt.sys (TOSHIBA Corporation.)
DRV - (tosrfnds) -- C:\WINDOWS\system32\drivers\tosrfnds.sys (TOSHIBA Corporation.)
DRV - (ApfiltrService) -- C:\WINDOWS\system32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (SiFilter) -- C:\WINDOWS\system32\drivers\SiWinAcc.sys (Silicon Image, Inc.)
DRV - (DMICall) -- C:\WINDOWS\system32\drivers\DMICall.sys (Sony Corporation)
DRV - (SNC) -- C:\WINDOWS\system32\drivers\SonyNC.sys (Sony Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.club-vaio.com/de/
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.club-vaio.com/de/
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-21-2067509887-573568312-3817669188-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-21-2067509887-573568312-3817669188-1006\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-2067509887-573568312-3817669188-1006\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-2067509887-573568312-3817669188-1006\..\SearchScopes\{0F9E37E5-7094-4B2A-BA63-45728792B28B}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=FKR&o=100000013&src=crm&q={searchTerms}&locale=&apn_ptnrs=2T&apn_dtid=YYYYYYYYDE&apn_uid=20f87da0-8a57-4582-a7cf-f83df4dd67e0&apn_sauid=E6103EC5-827E-45F3-9103-1CA704EF6625
IE - HKU\S-1-5-21-2067509887-573568312-3817669188-1006\..\SearchScopes\{AF0B3699-313C-47CE-B187-97C181997C92}: "URL" = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKU\S-1-5-21-2067509887-573568312-3817669188-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "hxxp://www.kottowski.de"
FF - prefs.js..extensions.enabledAddons: spam%40trashmail.net:2.6.2
FF - prefs.js..extensions.enabledAddons: litmus-ff%40f-secure.com:1.10
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0
FF - prefs.js..keyword.URL: "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=FKR&o=100000013&locale=de_DE&apn_uid=20f87da0-8a57-4582-a7cf-f83df4dd67e0&apn_ptnrs=2T&apn_sauid=E6103EC5-827E-45F3-9103-1CA704EF6625&apn_dtid=YYYYYYYYDE&&q="
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Programme\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Nero.com/KM: C:\PROGRA~1\GEMEIN~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.4: G:\Programme\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: G:\Programme\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101753.dll (Amazon.com, Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\litmus-ff@f-secure.com: G:\Eigene Programme\F-Secure\NRS\litmus-ff@f-secure.com [2013.01.03 20:18:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0\extensions\\Components: g:\programme\mozilla firefox\components [2013.01.10 20:43:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0\extensions\\Plugins: g:\programme\mozilla firefox\plugins
 
[2012.06.10 19:48:52 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Wolfgang\Anwendungsdaten\Mozilla\Extensions
[2012.12.02 20:03:37 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Wolfgang\Anwendungsdaten\Mozilla\Firefox\Profiles\jp8vstay.default\extensions
[2012.10.24 21:55:03 | 000,000,000 | ---D | M] (Fotosketcher Toolbar) -- C:\Dokumente und Einstellungen\Wolfgang\Anwendungsdaten\Mozilla\Firefox\Profiles\jp8vstay.default\extensions\toolbar@ask.com
[2012.12.02 20:03:37 | 000,217,069 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\Wolfgang\Anwendungsdaten\Mozilla\Firefox\Profiles\jp8vstay.default\extensions\spam@trashmail.net.xpi
[2012.10.24 21:55:04 | 000,002,331 | ---- | M] () -- C:\Dokumente und Einstellungen\Wolfgang\Anwendungsdaten\Mozilla\Firefox\Profiles\jp8vstay.default\searchplugins\askcom.xml
[2013.01.03 20:18:32 | 000,000,000 | ---D | M] ("urn:mozilla:install-manifest" em:creator="(c) 2007 by F-Secure" em:description="Browsing Protection Toolbar" em:homepageURL="hxxp://www.f-secure.com/" em:iconURL="chrome://litmus-ff/skin/logo.png" em:id="litmus-ff@f-secure.com" em:name="Browsing Protection" em:updateURL="https://10.70.0.25/fireup/update.rdf" em:version="1.10">) -- G:\EIGENE PROGRAMME\F-SECURE\NRS\LITMUS-FF@F-SECURE.COM
 
O1 HOSTS File: ([2013.01.16 17:25:42 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: ::1      localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Programme\Google\GoogleToolbar1.dll (Google Inc.)
O2 - BHO: (Browsing Protection Class) - {C6867EB7-8350-4856-877F-93CF8AE3DC9C} - G:\Eigene Programme\F-Secure\NRS\iescript\baselitmus.dll (F-Secure Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Programme\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Browsing Protection Toolbar) - {265EEE8E-3228-44D3-AEA5-F7FDF5860049} - G:\Eigene Programme\F-Secure\NRS\iescript\baselitmus.dll (F-Secure Corporation)
O3 - HKU\S-1-5-21-2067509887-573568312-3817669188-1006\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-21-2067509887-573568312-3817669188-1006\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKU\S-1-5-21-2067509887-573568312-3817669188-1006\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Programme\Google\GoogleToolbar1.dll (Google Inc.)
O4 - HKLM..\Run: [Acrobat Assistant 7.0] C:\Programme\Adobe\Acrobat 7.0\Distillr\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Apoint] C:\Programme\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [BoxSyncHelper] C:\Programme\Box Sync\BoxSyncHelper.exe (Box, Inc.)
O4 - HKLM..\Run: [F-Secure Manager] G:\Eigene Programme\F-Secure\Common\FSM32.EXE (F-Secure Corporation)
O4 - HKLM..\Run: [F-Secure TNB] G:\Eigene Programme\F-Secure\FSGUI\TNBUtil.exe (F-Secure Corporation)
O4 - HKLM..\Run: [ISBMgr.exe] C:\Programme\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [Mouse Suite 98 Daemon] C:\WINDOWS\System32\ico.exe (Primax Electronics Ltd.)
O4 - HKLM..\Run: [NBAgent] C:\Programme\Nero\Nero 11\Nero BackItUp\NBAgent.exe (Nero AG)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [PDFPrint] G:\Programme\PDF24\pdf24.exe (Geek Software GmbH)
O4 - HKLM..\Run: [SonyPowerCfg] C:\Programme\Sony\VAIO Power Management\SPMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Switcher.exe] C:\Programme\Sony\Wireless Switch Setting Utility\Switcher.exe (Sony Corporation)
O4 - HKLM..\Run: [Ulead AutoDetector v2] C:\Programme\Gemeinsame Dateien\Ulead Systems\AutoDetector\Monitor.exe (Ulead Systems, Inc.)
O4 - HKLM..\Run: [VAIO Update 5] C:\Programme\Sony\VAIO Update 5\VAIOUpdt.exe (Sony Corporation)
O4 - HKLM..\Run: [VAIOCameraUtility] C:\Programme\Sony\VAIO Camera Utility\VCUServe.exe (Sony Corporation)
O4 - HKU\S-1-5-21-2067509887-573568312-3817669188-1006..\Run: [Software Informer] C:\Programme\Software Informer\softinfo.exe (Informer Technologies, Inc.)
O4 - HKU\S-1-5-21-2067509887-573568312-3817669188-1006..\Run: [Ubuntu One] C:\Programme\ubuntuone\dist\ubuntuone-syncdaemon.exe ()
O4 - HKU\S-1-5-21-2067509887-573568312-3817669188-1006..\Run: [Ubuntu One Icon] C:\Programme\ubuntuone\dist\ubuntuone-control-panel-qt.exe ()
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Bluetooth Manager.lnk = C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe ()
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Box Sync.lnk = C:\Programme\Box Sync\BoxSync.exe (Box, Inc.)
O4 - Startup: C:\Dokumente und Einstellungen\Wolfgang\Startmenü\Programme\Autostart\Hardcopy.LNK = G:\hardcopy\hardcopy.exe (sw4you, Siegfried Weckmann)
O4 - Startup: C:\Dokumente und Einstellungen\Wolfgang\Startmenü\Programme\Autostart\Twonky 7.1.lnk = C:\Programme\Twonky\TwonkyServer\twonkytray.exe (PacketVideo)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2067509887-573568312-3817669188-1006\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2067509887-573568312-3817669188-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-2067509887-573568312-3817669188-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-2067509887-573568312-3817669188-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &Google-Suche - C:\Programme\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: &Ins Deutsche übersetzen - C:\Programme\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Ähnliche Seiten - C:\Programme\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Im Cache gespeicherte Seite - C:\Programme\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Verweisseiten - C:\Programme\Google\GoogleToolbar1.dll (Google Inc.)
O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_05\bin\NPJPI150_05.dll (Sun Microsystems, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - G:\Eigene Programme\F-Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - G:\Eigene Programme\F-Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - G:\Eigene Programme\F-Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - G:\Eigene Programme\F-Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O15 - HKU\.DEFAULT\..Trusted Domains: sony-europe.com ([] in Lokales Intranet)
O15 - HKU\.DEFAULT\..Trusted Domains: sony-europe.com ([]* in Vertrauenswürdige Sites)
O15 - HKU\.DEFAULT\..Trusted Domains: sonystyle-europe.com ([] in Lokales Intranet)
O15 - HKU\.DEFAULT\..Trusted Domains: sonystyle-europe.com ([]* in Vertrauenswürdige Sites)
O15 - HKU\.DEFAULT\..Trusted Domains: vaio-link.com ([] in Lokales Intranet)
O15 - HKU\.DEFAULT\..Trusted Domains: vaio-link.com ([]* in Vertrauenswürdige Sites)
O15 - HKU\S-1-5-18\..Trusted Domains: sony-europe.com ([] in Lokales Intranet)
O15 - HKU\S-1-5-18\..Trusted Domains: sony-europe.com ([]* in Vertrauenswürdige Sites)
O15 - HKU\S-1-5-18\..Trusted Domains: sonystyle-europe.com ([] in Lokales Intranet)
O15 - HKU\S-1-5-18\..Trusted Domains: sonystyle-europe.com ([]* in Vertrauenswürdige Sites)
O15 - HKU\S-1-5-18\..Trusted Domains: vaio-link.com ([] in Lokales Intranet)
O15 - HKU\S-1-5-18\..Trusted Domains: vaio-link.com ([]* in Vertrauenswürdige Sites)
O15 - HKU\S-1-5-21-2067509887-573568312-3817669188-1006\..Trusted Domains: sony-europe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-2067509887-573568312-3817669188-1006\..Trusted Domains: sonystyle-europe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-2067509887-573568312-3817669188-1006\..Trusted Domains: vaio-link.com ([]* in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab (Java Plug-in 1.5.0_05)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D736588D-959B-4DE4-8835-3D3DDD703445}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\VESWinlogon: DllName - (VESWinlogon.dll) - C:\WINDOWS\System32\VESWinlogon.dll (Sony Corporation)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\WINDOWS\VAIO Sea Wallpaper TrueColor 1280x800.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\VAIO Sea Wallpaper TrueColor 1280x800.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005.12.12 17:40:12 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - F:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.01.16 17:22:01 | 000,000,000 | ---D | C] -- C:\_OTL
[2013.01.10 19:53:32 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2013.01.10 01:04:17 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\mbar-1.01.0.1011
[2013.01.09 21:40:45 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Wolfgang\Anwendungsdaten\Opera
[2013.01.09 21:31:25 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Wolfgang\Lokale Einstellungen\Anwendungsdaten\PCHealth
[2013.01.08 22:49:57 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2013.01.08 22:46:23 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2013.01.08 22:46:23 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2013.01.08 22:46:22 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2013.01.08 22:46:22 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2013.01.08 22:45:53 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.01.08 22:45:50 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\Wolfgang\Startmenü\Programme\Verwaltung
[2013.01.08 22:45:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
[2013.01.08 22:41:04 | 005,019,950 | R--- | C] (Swearware) -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\ComboFix.exe
[2013.01.06 17:50:24 | 002,213,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\tdsskiller.exe
[2013.01.06 17:02:38 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\aswMBR.exe
[2013.01.06 00:57:18 | 002,841,344 | ---- | C] (ESET) -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\SysInspector.exe
[2013.01.04 18:58:43 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\OTL.exe
[2013.01.03 21:53:20 | 000,000,000 | ---D | C] -- C:\Programme\ESET
[2013.01.03 00:30:55 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Wolfgang\Anwendungsdaten\Malwarebytes
[2013.01.03 00:30:32 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware
[2013.01.03 00:30:29 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
[2013.01.03 00:30:25 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2013.01.03 00:30:25 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2013.01.02 22:16:19 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Wolfgang\Anwendungsdaten\F-Secure
[2012.12.22 19:33:58 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Wolfgang\Startmenü\Programme\The GodFather
[2012.12.22 01:54:27 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Wolfgang\Pictures - GT-P5100
[2012.12.22 00:34:45 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Wolfgang\Ubuntu One
[2012.12.22 00:34:43 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Wolfgang\Lokale Einstellungen\Anwendungsdaten\ubuntuone
[2012.12.22 00:34:31 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Wolfgang\Lokale Einstellungen\Anwendungsdaten\xdg
[2012.12.22 00:34:31 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ubuntuone-storageprotocol
[2012.12.22 00:34:31 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ubuntuone
[2012.12.22 00:34:22 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Ubuntu One
[2012.12.22 00:34:10 | 000,000,000 | ---D | C] -- C:\Programme\ubuntuone
[2012.12.21 20:51:21 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Box Sync
[2012.12.21 01:26:56 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen\Wolfgang\IECompatCache
[2012.12.20 23:59:17 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Wolfgang\Lokale Einstellungen\Anwendungsdaten\IsolatedStorage
[2012.12.20 23:57:37 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Western Digital
[2012.12.20 23:37:20 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\WD Link
[2012.12.20 21:16:52 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Wolfgang\Anwendungsdaten\TwonkyServer
[2012.12.20 21:15:50 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\twonkyserver
[2012.12.20 21:15:45 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Wolfgang\Startmenü\Programme\Twonky 7.1
[2012.12.20 21:15:32 | 000,000,000 | ---D | C] -- C:\Programme\Twonky
[2012.12.20 20:39:37 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Wolfgang\Anwendungsdaten\MioNetApplet
 
========== Files - Modified Within 30 Days ==========
 
[2013.01.17 13:38:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013.01.17 13:29:59 | 000,041,156 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2013.01.17 13:29:37 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013.01.17 13:29:34 | 2145,570,816 | -HS- | M] () -- C:\hiberfil.sys
[2013.01.16 17:25:42 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2013.01.15 17:20:34 | 000,554,087 | ---- | M] () -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\adwcleaner.exe
[2013.01.10 01:02:20 | 013,485,902 | ---- | M] () -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\mbar-1.01.0.1011.zip
[2013.01.09 22:39:06 | 000,697,864 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2013.01.09 22:39:06 | 000,074,248 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2013.01.09 01:20:56 | 000,532,878 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2013.01.09 01:20:56 | 000,506,794 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013.01.09 01:20:56 | 000,108,784 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2013.01.09 01:20:56 | 000,090,702 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013.01.09 01:14:02 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2013.01.08 22:50:01 | 000,000,498 | RHS- | M] () -- C:\boot.ini
[2013.01.08 22:40:54 | 005,019,950 | R--- | M] (Swearware) -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\ComboFix.exe
[2013.01.07 23:24:51 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013.01.06 17:50:28 | 002,213,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\tdsskiller.exe
[2013.01.06 17:32:30 | 000,000,512 | ---- | M] () -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\MBR.dat
[2013.01.06 17:03:30 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\aswMBR.exe
[2013.01.06 06:33:34 | 006,009,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
[2013.01.06 00:57:24 | 002,841,344 | ---- | M] (ESET) -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\SysInspector.exe
[2013.01.05 23:17:40 | 000,000,315 | ---- | M] () -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\F-Secure Health Check.url
[2013.01.04 18:49:59 | 000,000,000 | ---- | M] () -- C:\Dokumente und Einstellungen\Wolfgang\defogger_reenable
[2013.01.04 18:41:40 | 000,050,477 | ---- | M] () -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\Defogger.exe
[2013.01.04 18:08:40 | 000,381,632 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013.01.03 16:25:54 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\OTL.exe
[2013.01.03 00:30:32 | 000,000,763 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012.12.22 23:57:40 | 000,000,000 | ---- | M] () -- C:\1.htm
[2012.12.22 23:39:23 | 000,007,026 | ---- | M] () -- C:\WINDOWS\cdplayer.ini
[2012.12.22 19:40:20 | 000,000,609 | ---- | M] () -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\TheGodFather.lnk
[2012.12.22 00:34:23 | 000,001,743 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Ubuntu One.lnk
[2012.12.21 20:52:03 | 000,001,333 | ---- | M] () -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\My Box Files.lnk
[2012.12.21 20:51:21 | 000,001,616 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Box Sync.lnk
[2012.12.20 23:57:37 | 000,001,807 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\My Net View.lnk
[2012.12.20 23:37:20 | 000,001,001 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\WD Link.lnk
[2012.12.20 21:16:10 | 000,000,804 | ---- | M] () -- C:\Dokumente und Einstellungen\Wolfgang\Startmenü\Programme\Autostart\Twonky 7.1.lnk
[2012.12.20 21:15:52 | 000,000,792 | ---- | M] () -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\Twonky 7.1.lnk
 
========== Files Created - No Company Name ==========
 
[2013.01.15 17:20:35 | 000,554,087 | ---- | C] () -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\adwcleaner.exe
[2013.01.10 01:01:49 | 013,485,902 | ---- | C] () -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\mbar-1.01.0.1011.zip
[2013.01.08 22:49:59 | 000,262,448 | RHS- | C] () -- C:\cmldr
[2013.01.08 22:46:23 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2013.01.08 22:46:23 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2013.01.08 22:46:23 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2013.01.08 22:46:22 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2013.01.08 22:46:22 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2013.01.06 17:32:30 | 000,000,512 | ---- | C] () -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\MBR.dat
[2013.01.05 23:17:40 | 000,000,315 | ---- | C] () -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\F-Secure Health Check.url
[2013.01.04 18:49:59 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\Wolfgang\defogger_reenable
[2013.01.04 18:41:44 | 000,050,477 | ---- | C] () -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\Defogger.exe
[2013.01.03 00:30:32 | 000,000,763 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012.12.22 23:57:05 | 000,000,000 | ---- | C] () -- C:\1.htm
[2012.12.22 19:40:20 | 000,000,609 | ---- | C] () -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\TheGodFather.lnk
[2012.12.22 00:34:23 | 000,001,743 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Ubuntu One.lnk
[2012.12.21 20:51:21 | 000,001,616 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Box Sync.lnk
[2012.12.20 23:57:37 | 000,001,807 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\My Net View.lnk
[2012.12.20 23:37:20 | 000,001,001 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\WD Link.lnk
[2012.12.20 21:16:10 | 000,000,804 | ---- | C] () -- C:\Dokumente und Einstellungen\Wolfgang\Startmenü\Programme\Autostart\Twonky 7.1.lnk
[2012.12.20 21:15:52 | 000,000,792 | ---- | C] () -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\Twonky 7.1.lnk
[2012.11.07 22:23:10 | 000,003,396 | ---- | C] () -- C:\Dokumente und Einstellungen\Wolfgang\Lokale Einstellungen\Anwendungsdaten\recently-used.xbel
[2012.10.10 21:11:33 | 000,001,158 | ---- | C] () -- C:\Dokumente und Einstellungen\Wolfgang\Anwendungsdaten\ShiftN.ini
[2012.10.01 23:04:30 | 000,345,366 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\WPFFontCache_v0400-S-1-5-21-2067509887-573568312-3817669188-1007-0.dat
[2012.07.23 22:16:08 | 013,476,602 | ---- | C] () -- C:\Dokumente und Einstellungen\Wolfgang\ZDFneo-Der_Adler_-_Codename__Sisyphus-120705_adler_sisyphus_neo.asx.asf
[2012.07.22 20:14:51 | 000,000,030 | ---- | C] () -- C:\WINDOWS\Iedit_.INI
[2012.07.22 19:51:26 | 000,120,200 | ---- | C] () -- C:\WINDOWS\System32\DLLDEV32i.dll
[2012.07.22 19:46:39 | 000,007,119 | ---- | C] () -- C:\WINDOWS\mgxoschk.ini
[2012.06.28 15:06:13 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012.06.28 01:39:10 | 000,891,902 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\WPFFontCache_v0400-S-1-5-21-2067509887-573568312-3817669188-1006-0.dat
[2012.06.28 01:39:08 | 000,345,366 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\WPFFontCache_v0400-System.dat
[2012.06.26 21:04:22 | 000,007,026 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2012.06.26 20:09:31 | 000,044,240 | ---- | C] () -- C:\WINDOWS\System32\drivers\fsbts.sys
[2012.06.10 20:11:28 | 000,000,166 | ---- | C] () -- C:\Dokumente und Einstellungen\Wolfgang\Anwendungsdaten\wklnhst.dat
[2012.06.10 16:58:38 | 000,004,608 | ---- | C] () -- C:\Dokumente und Einstellungen\Wolfgang\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.06.10 16:36:14 | 000,000,272 | ---- | C] () -- C:\Dokumente und Einstellungen\Wolfgang\Anwendungsdaten\.backup.dm
[2012.06.09 21:25:28 | 000,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2012.06.09 21:16:26 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\Cpuinf32.dll
[2012.06.09 21:12:07 | 000,000,059 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2012.06.09 21:05:27 | 000,000,146 | ---- | C] () -- C:\Dokumente und Einstellungen\Wolfgang\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
 
========== ZeroAccess Check ==========
 
[2005.12.12 17:36:51 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2012.04.20 20:29:44 | 001,510,400 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.02.09 11:51:44 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008.04.14 03:22:32 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >
Code:
OTL Extras logfile created on: 17.01.2013 13:49:18 - Run 6
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Dokumente und Einstellungen\Wolfgang\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,10 Gb Available Physical Memory | 55,08% Memory free
3,85 Gb Paging File | 2,93 Gb Available in Paging File | 76,24% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 48,83 Gb Total Space | 27,39 Gb Free Space | 56,09% Space Free | Partition Type: NTFS
Drive D: | 140,58 Gb Total Space | 125,15 Gb Free Space | 89,03% Space Free | Partition Type: FAT32
Drive F: | 48,83 Gb Total Space | 35,30 Gb Free Space | 72,30% Space Free | Partition Type: NTFS
Drive G: | 75,89 Gb Total Space | 68,82 Gb Free Space | 90,68% Space Free | Partition Type: NTFS
Drive J: | 50,27 Gb Total Space | 50,26 Gb Free Space | 100,00% Space Free | Partition Type: FAT32
Drive N: | 465,73 Gb Total Space | 115,08 Gb Free Space | 24,71% Space Free | Partition Type: NTFS
 
Computer Name: LAPTOP-PC | User Name: Wolfgang | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
 
[HKEY_USERS\S-1-5-21-2067509887-573568312-3817669188-1006\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- g:\programme\mozilla firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "G:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [CEWE FOTOSCHAU] -- "G:\Programme\CEWE COLOR\Mein CEWE FOTOBUCH\CEWE FOTOSCHAU.exe" -d "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Mein CEWE FOTOBUCH] -- "G:\Programme\CEWE COLOR\Mein CEWE FOTOBUCH\Mein CEWE FOTOBUCH.exe" "%1" ()
Directory [PlayWithVLC] -- "G:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Programme\Adobe\Photoshop Elements 4.0\AdobePhotoshopElementsMediaServer.exe" = C:\Programme\Adobe\Photoshop Elements 4.0\AdobePhotoshopElementsMediaServer.exe:*:Disabled:Adobe Photoshop Elements Media Server -- ()
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Programme\Twonky\TwonkyServer\twonkystarter.exe" = C:\Programme\Twonky\TwonkyServer\twonkystarter.exe:*:Enabled:TwonkyServer -- (PacketVideo)
"C:\Programme\Twonky\TwonkyServer\twonkyserver.exe" = C:\Programme\Twonky\TwonkyServer\twonkyserver.exe:*:Enabled:TwonkyServer -- ()
"C:\Programme\ubuntuone\dist\ubuntuone-syncdaemon.exe" = C:\Programme\ubuntuone\dist\ubuntuone-syncdaemon.exe:*:Enabled:Ubuntu One -- ()
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00F8608F-BA6A-4B32-843A-1A568ACD1198}" = VAIO Sea Wallpaper
"{013E1BA8-C815-4E27-BCB9-D6B1B2E24094}" = SonicStage Mastering Studio Audio Filter Custom Preset
"{01E9B2FF-DAF4-4529-9CC9-2101625517C7}" = nero.prerequisites.msi
"{01FDC9FC-4D4F-4DB0-ACD1-D3E8E1D52902}" = Sony MP4 Shared Library
"{034DCAF9-96E7-4936-9A07-712F80B5181E}" = Nero RescueAgent 11
"{0673654C-5296-453B-9798-B61CD7E03FEB}" = SES Driver
"{0713D1F9-DD77-42C1-8C7D-54D479E2E743}" = Nero SoundTrax 11
"{075473F5-846A-448B-BCB3-104AA1760205}" = Roxio DigitalMedia Data
"{0D7A4289-99CF-4B8D-B812-86BE50A54552}" = Nero Video 11
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{11C98E1A-EC91-4B38-B44C-C562292D8453}" = Adobe Premiere Elements 2.0
"{11D3EF85-63E1-4AE4-A7C1-9241BDB16B51}" = Nero ControlCenter 11
"{1417F599-1DBD-4499-9375-B2813E9F890C}" = VAIO Camera Utility
"{14DC0059-00F1-4F62-BD1A-AB23CD51A95E}" = Adobe AIR
"{15803703-25FA-4C01-A062-3F4A59937E87}" = Ulead PhotoImpact X3
"{1BEF9285-5530-426B-A5F1-5836B95C7EB1}" = VAIO Original Screen Saver
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2063C2E8-3812-4BBD-9998-6610F80C1DD4}" = VAIO Media AC3 Decoder 1.0
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 9
"{27337663-2619-11D4-99DC-0000F49094C7}" = Memory Stick Formatter
"{28C70D19-6DE9-43EF-BFA3-342F4A11B727}" = LibreOffice 3.5
"{2A0F3EF9-68EE-49E9-A05B-ED5B82DF63E5}" = Wireless Switch Setting Utility
"{2AEDC172-479F-47AE-8A48-A0524D4AED5B}_is1" = Inpaint 4.7
"{2CA7225D-CB12-462A-9DD1-50319E158BA5}" = Nero 11 PiP Effects Basic
"{3248F0A8-6813-11D6-A77B-00B0D0150050}" = J2SE Runtime Environment 5.0 Update 5
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{390757AA-8830-43DC-AEE0-4E5B6F8439EB}" = Nero SoundTrax 11 Help (CHM)
"{3966711E-1F98-4C9F-AE0B-6AD28137FE64}" = Multiple Image Resizer .NET 4
"{3B418709-D688-4E3A-BE0E-7D71FA84C948}" = Nero 11 PiP Effects 1
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4382FC76-8100-4951-8658-31834E625E88}" = Nero 11 Video Transitions 1
"{498A4E3D-562E-4129-8722-6DCAB12384AE}" = Windows Communication Foundation Language Pack - DEU
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{529125EF-E3AC-4B74-97E6-F688A7C0F1BF}" = Paint.NET v3.5.10
"{53F7746A-96AA-49A5-86B8-59989680DAC5}" = Nero Burning ROM 11 Help (CHM)
"{55C2143E-FBA5-442F-9AFA-726FF068F39D}" = Nero CoverDesigner 11 Help (CHM)
"{560F6B2E-F0DF-44E5-8190-A4A161F0E205}" = VAIO Media 5.0
"{57F80ECF-E27C-4EEE-AB58-E971BACE2639}" = Nero Recode 11 Help (CHM)
"{5855C127-1F20-404D-B7FB-1FD84D7EAB5E}" = VAIO Media Redistribution 5.0
"{59452470-A902-477F-9338-9B88101681BD}" = Setting Utility Series
"{5958CAC6-373E-402F-84FE-0A699AA920B9}" = LAN Setting Utility
"{5A212B2D-140D-46F4-B625-2D1CA5A00594}" = Nero 11 Kwik Themes Basic
"{5BEE8F1F-BD32-4553-8107-500439E43BD7}" = VAIO Update
"{5E940FC7-90C4-8583-3DCB-A2C86224B726}" = Shrink O’Matic
"{5E98FDD6-3672-4DBE-AB8B-2C9A0BED1382}" = Nero 11 Disc Menus 3
"{60356853-8141-8377-6786-288431479053}" = Jewel Empire-Hidden Secrets
"{61D6E4FB-1A62-4EB1-BE56-929B00C155CF}" = Wireless LAN Starter
"{63B8FB69-A1B6-425D-B67D-5257B7A1F663}" = Image Converter 2 Plus
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{668B1BD6-4593-4959-970E-249AFFE6F35C}" = VOR
"{685BCC47-B8EC-45EC-BBCE-77DF2451502C}" = DVgate Plus
"{6AB2427E-A18F-4809-9A12-29F5EBABBB3A}" = Nero BackItUp 11 Help (CHM)
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6B1F20F2-6321-4669-A58C-33DF8E7517FF}" = VAIO Entertainment Platform
"{7228FD8C-3B9E-4204-AE36-8A466107685B}" = Windows Workflow Foundation DE Language Pack
"{785EB1D4-ECEC-4195-99B4-73C47E187721}" = VAIO Media Integrated Server 5.0
"{7DF2B5EE-2C16-4E86-9C71-8678068AD805}" = Nero 11 Disc Menus 2
"{7F9C9908-69E3-4474-A081-256F27995A18}" = My Net View
"{8014FACB-1D1D-48C2-94AA-E29EE2E6B9CE}" = Nero WaveEditor 11
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 4.9.0
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8937FCB2-2FC6-4FC3-9FB5-DE2C92DB9C38}" = Microsoft .NET Framework 2.0 Language Pack - DEU
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8EDBA74D-0686-4C99-BFDD-F894678E5102}" = Adobe Common File Installer
"{8FFC924C-ED06-44CB-8867-3CA778ECE903}" = Adobe Help Center 2.0
"{9080C5D2-82FA-452A-87FA-CBB4B05D67A5}" = VPS
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD for VAIO
"{9193490D-5229-4FC4-9BB9-A6D63C09574A}" = High-Definition Video Playback
"{92DF2F1B-F63C-4D9A-B3E1-B2D11AE29790}" = Windows Presentation Foundation Language Pack (DEU)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9CC89556-3578-48DD-8408-04E66EBEF401}" = mXML
"{9E319E96-ED8E-4B01-9775-C521A1869A25}" = VAIO Power Management
"{9E407618-D9CD-4F39-9490-9ED45294073D}" = Click to DVD 2.0.03 Menu Data
"{9FC86590-AC98-4845-80D4-3EB37B51947B}" = Nero 11
"{A0EB195B-5876-48E6-879D-33D4B2102610}" = SonicStage 3.3
"{A0F34849-D9AB-46DD-B1BE-BB0DB60B1FE8}" = Nero 11 Disc Menus 1
"{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}" = mDriver
"{A2CDC001-F8B3-4C64-9E74-2E3FA0FAC9D9}" = Nero 11 Video Samples
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A3810BEE-967B-41DC-9662-F941A3F7D689}" = calibre
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A4F6BE36-4826-45BA-A396-04F265A3B61D}" = Nero 11 Kwik Themes 2
"{A7A0BF2E-31CC-49E3-9913-52C503EB969D}" = Nero Audio Pack 1
"{AB2BBC64-8AC8-4E66-BBF3-E22D5EACEECA}" = Nero BackItUp 11
"{AB467B85-4F52-48C2-AEED-0673D00417B0}" = SonicStage Mastering Studio Audio Filter
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Roxio DigitalMedia Audio
"{ABBD2A2E-2424-4078-966F-F319A88D5F21}" = VAIO Starfish Wallpaper
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.5) - Deutsch
"{ACD6B383-EC5B-4000-A455-CCB308B447FE}" = Nero 11 Kwik Themes 4
"{AF9A04EB-7D8E-41DE-9EDE-4AB9BB2B71B6}" = VAIO Media Registration Tool 5.0
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Roxio DigitalMedia Copy
"{B160A672-F326-4414-9BB0-A056C61B357C}" = Nero 11 Cliparts
"{B1846721-A8E6-46C7-83B6-0DCF7ADB4267}" = Nero Burning ROM 11
"{B1F69AF3-B5B5-4CA5-ADC5-8A738EB6E574}" = Nero 11 Kwik Themes 1
"{B26E3B0D-C2FA-4370-B068-7C476766F029}" = Microsoft Works
"{B3F1E526-180B-4480-9FEC-3E2DCB8EA9CE}" = F-Secure PSC Prerequisites
"{B7C03E84-AF46-42F4-809D-D4127D9086D0}" = VAIO Edit Components 6.0
"{B9B1BA7F-7E07-49DD-A713-5B397A5BB66B}" = Nero Kwik Media Help (CHM)
"{BA499CC0-12C0-4BA5-9007-76844B721158}" = Nero 11 Kwik Themes 3
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BE56FEF0-1A0F-4719-B3AD-34B5087AFA6D}" = Sony Video Shared Library
"{BE814218-3919-4EA3-868A-2F60BC135CB4}" = Nero Kwik Media
"{BEBEE34D-84A2-4EDD-8BEA-96CC54371263}" = Nero Core Components 11
"{BF3B304B-8A18-452D-A19F-6012CA8418D7}" = SonicStage Mastering Studio 2.1
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C27BF761-C499-488D-A964-A3718BC6EC3E}" = DSD Direct
"{C89EB8CD-675F-44F4-9729-4C9A8FAC2D4F}" = DSD Playback Plug-In 1.0
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCE210DF-7EEF-4A76-A63C-3EB091FDB992}" = welcome
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE518445-0054-44F8-8315-2AD45BF3701E}" = Raw Therapee V4.0.9.50 x86
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{D010EBB6-6CDB-4360-90ED-743156F3E11F}" = LibreOffice 3.5 Help Pack (German)
"{D01CE99A-8802-483C-A79F-298B691EB432}" = Nero RescueAgent 11 Help (CHM)
"{D2CBEFA4-F2D3-4E97-A171-8BFD6A31A5EC}" = Nero Express 11 Help (CHM)
"{D2D23D08-D10E-43D6-883C-78E0B2AC9CC6}" = VU5x86
"{D4D66270-9147-4BDF-9946-FCA2B303AA8F}" = Nero ControlCenter 11 Help (CHM)
"{E09B48B5-E141-427A-AB0C-D3605127224A}" = Microsoft SQL Server Desktop Engine (VAIO_VEDB)
"{E10AAE4A-98B8-420A-BD93-E0520C23D624}" = Nero Express 11
"{E4715C25-7114-4F40-A915-C1951D4D7520}" = VAIO Update Merge Module x86
"{E51BC4B0-EA5E-49CC-AF3B-93B5C627EC22}" = Nero 11 Effects Basic
"{E5E6E687-1031-0000-0000-000000000002}" = Adobe Acrobat  7.0 Elements - Deutsch
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{E809063C-51A3-4269-8984-D1EB742F2151}" = Click to DVD 2.5.00
"{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore
"{EB8DED20-A887-4A9C-BB5A-F3E7523DFB44}" = Nero WaveEditor 11 Help (CHM)
"{EBB7C1C1-D439-4D9B-9FDC-954C10F266B0}" = Adobe Photoshop Elements 4.0
"{EE7EB179-5AA2-4B28-AC92-5CBAAF82BA7F}" = SonicStage Mastering Studio Plugins
"{EF3D45BB-2260-4008-88EA-492E7744A9DF}" = Sony Utilities DLL
"{F0AC2E59-2AD8-4D4C-8677-4EFE8F8AFC37}" = Box Sync
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0D85ADD-DD61-4B43-87A0-6DA52A211A8B}" = VAIO Event Service
"{F2A7F421-1679-48D5-B918-96999014ED53}" = Microsoft .NET Framework 3.0 German Language Pack
"{F3743A2C-5D5F-4456-8F98-5DF36A954C50}" = Nero 11 Image Samples
"{F49EF443-B2BD-4F10-8A46-87AFCDB90EDD}" = Nero 11 Disc Menus Basic
"{F5E4C38C-73BC-4D44-8BFC-969C2B4DABCA}" = OpenMG Secure Module 4.3.00
"{F69FB940-5031-4FE8-AFAD-085802D0BF63}" = Nero Recode 11
"{F8EF9B71-53E7-41F5-8E54-47B4C979CB38}" = Nero Backup Drivers
"{FAC3C37E-EDAB-4F3A-A173-A7C70CC88F09}" = Nero Video 11 Help (CHM)
"{FB714F13-10C9-48DB-91C9-DDBCCCBF9370}" = VAIO Original Screen Saver VAIO Cozy Screen SD Wide Contents
"{FC37C108-821D-4EDE-8F40-D5B497586805}" = VAIO Control Center
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"{FF44BCE5-5A18-4051-85F0-BC172D7B4695}" = Nero CoverDesigner 11
"7-Zip" = 7-Zip 9.20
"Adobe Acrobat  7.0 Elements - Deutsch" = Adobe Acrobat  7.0 Elements - Deutsch
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop Elements 4" = Adobe Photoshop Elements 4.0
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.17
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_20030003" = HDAUDIO SoftV92 Data Fax Modem with SmartCP
"Digital Editions" = Adobe Digital Editions
"ESET Online Scanner" = ESET Online Scanner v3
"Exact Audio Copy" = Exact Audio Copy 1.0beta3
"Exif-Viewer" = Exif-Viewer 2.51
"FastStone Photo Resizer" = FastStone Photo Resizer 3.1
"F-Secure Product 444" = F-Secure Internet Security 2009
"GIMP-2_is1" = GIMP 2.8.0
"Hardcopy(G__hardcopy)" = Hardcopy (G:\hardcopy)
"HxD Hex Editor_is1" = HxD Hex Editor Version 1.7.7.0
"ie8" = Windows Internet Explorer 8
"Inkscape" = Inkscape 0.48.2
"InstallShield_{15803703-25FA-4C01-A062-3F4A59937E87}" = Ulead PhotoImpact X3
"InstallShield_{668B1BD6-4593-4959-970E-249AFFE6F35C}" = VAIO-Online-Registrierung (Deutsch)
"InstallShield_{9080C5D2-82FA-452A-87FA-CBB4B05D67A5}" = VAIO Product Survey
"InstallShield_{F5E4C38C-73BC-4D44-8BFC-969C2B4DABCA}" = OpenMG Secure Module 4.3.00
"MAGIX Xtreme Druck Center D" = MAGIX Xtreme Druck Center 5.0.0.7399 (D)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"Mein CEWE FOTOBUCH" = Mein CEWE FOTOBUCH
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 2.0 Language Pack - DEU" = Microsoft .NET Framework 2.0 Language Pack - DEU
"Microsoft .NET Framework 3.0 German Language Pack" = Microsoft .NET Framework 3.0 German Language Pack
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"MouseSuite98" = Sony USB Mouse
"Mozilla Firefox 18.0 (x86 de)" = Mozilla Firefox 18.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MP4 To MP3 Converter_is1" = MP4 To MP3 Converter V3.0.4
"Multiple Image Resizer .NET 4" = Multiple Image Resizer .NET 4
"My Club VAIO Media Center Edition_is1" = My Club VAIO MCE (German) 1.0.1
"net.tw.air.ShrinkOMatic.7C34F9BA9FAD6689FAABBE85F1F5B46BA5A32DE5.1" = Shrink O’Matic
"Notepad++" = Notepad++
"NVIDIA Drivers" = NVIDIA Drivers
"OpenMG HotFix4.3-05-09-14-01" = OpenMG Limited Patch 4.3-05-10-05-01
"PremElem20" = Adobe Premiere Elements 2.0
"ProInst" = Intel(R) PROSet/Wireless Software
"PROSet" = Intel(R) PRO Network Connections Drivers
"ShiftN_is1" = ShiftN 3.6.1
"Software Informer_is1" = Software Informer 1.1
"STRATO HiDrive" = STRATO HiDrive (remove only)
"The GodFather" = The GodFather
"Ubuntu One 4.0.0" = Ubuntu One
"UnderCoverXP_is1" = UnderCoverXP 1.23
"VLC media player" = VLC media player 2.0.4
"WD Link" = WD Link
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows XP Service Pack" = Windows XP Service Pack 3
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-2067509887-573568312-3817669188-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"TwonkyServer" = Twonky 7
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 21.07.2012 16:55:28 | Computer Name = LAPTOP-PC | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung firefox.exe, Version 13.0.1.4548, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
Error - 21.07.2012 18:22:07 | Computer Name = LAPTOP-PC | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung firefox.exe, Version 13.0.1.4548, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
Error - 21.07.2012 18:27:20 | Computer Name = LAPTOP-PC | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung firefox.exe, Version 13.0.1.4548, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
Error - 23.07.2012 14:08:02 | Computer Name = LAPTOP-PC | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung FlashPlayerUpdateService.exe, Version 11.3.300.265,
 fehlgeschlagenes Modul ntdll.dll, Version 5.1.2600.6055, Fehleradresse 0x000113c0.
 
Error - 31.07.2012 16:08:18 | Computer Name = LAPTOP-PC | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung FlashPlayerUpdateService.exe, Version 11.3.300.268,
 fehlgeschlagenes Modul ntdll.dll, Version 5.1.2600.6055, Fehleradresse 0x000113c0.
 
Error - 07.08.2012 15:58:13 | Computer Name = LAPTOP-PC | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung pdf24-Editor.exe, Version 4.6.0.0, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
Error - 07.08.2012 16:03:45 | Computer Name = LAPTOP-PC | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung pdf24-Editor.exe, Version 4.6.0.0, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
Error - 07.08.2012 16:09:08 | Computer Name = LAPTOP-PC | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung pdf24-Editor.exe, Version 4.6.0.0, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
[ System Events ]
Error - 16.01.2013 16:08:24 | Computer Name = LAPTOP-PC | Source = DCOM | ID = 10010
Description = Der Server "{4B635ECB-0887-4015-8CA6-D621362F98D1}" konnte innerhalb
 des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
 
Error - 16.01.2013 16:38:55 | Computer Name = LAPTOP-PC | Source = DCOM | ID = 10010
Description = Der Server "{4B635ECB-0887-4015-8CA6-D621362F98D1}" konnte innerhalb
 des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
 
Error - 16.01.2013 17:09:25 | Computer Name = LAPTOP-PC | Source = DCOM | ID = 10010
Description = Der Server "{4B635ECB-0887-4015-8CA6-D621362F98D1}" konnte innerhalb
 des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
 
Error - 16.01.2013 17:38:53 | Computer Name = LAPTOP-PC | Source = DCOM | ID = 10010
Description = Der Server "{4B635ECB-0887-4015-8CA6-D621362F98D1}" konnte innerhalb
 des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
 
Error - 16.01.2013 18:03:42 | Computer Name = LAPTOP-PC | Source = Windows Update Agent | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
 Fehler 0x80070643 fehlgeschlagen: Sicherheitsupdate für Microsoft .NET Framework
 1.1 SP1 unter Windows XP, Windows Vista und Windows Server 2008 x86 (KB2742597)
 
Error - 17.01.2013 08:31:12 | Computer Name = LAPTOP-PC | Source = DCOM | ID = 10010
Description = Der Server "{4B635ECB-0887-4015-8CA6-D621362F98D1}" konnte innerhalb
 des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
 
Error - 17.01.2013 08:32:43 | Computer Name = LAPTOP-PC | Source = DCOM | ID = 10010
Description = Der Server "{4B635ECB-0887-4015-8CA6-D621362F98D1}" konnte innerhalb
 des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
 
Error - 17.01.2013 08:34:13 | Computer Name = LAPTOP-PC | Source = DCOM | ID = 10010
Description = Der Server "{4B635ECB-0887-4015-8CA6-D621362F98D1}" konnte innerhalb
 des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
 
Error - 17.01.2013 08:35:43 | Computer Name = LAPTOP-PC | Source = DCOM | ID = 10010
Description = Der Server "{4B635ECB-0887-4015-8CA6-D621362F98D1}" konnte innerhalb
 des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
 
Error - 17.01.2013 08:37:13 | Computer Name = LAPTOP-PC | Source = DCOM | ID = 10010
Description = Der Server "{4B635ECB-0887-4015-8CA6-D621362F98D1}" konnte innerhalb
 des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
 
 
< End of report >

cosinus 17.01.2013 16:09

Fixen mit OTL

  • Starte bitte die OTL.exe.
  • Kopiere nun den Inhalt aus der Codebox in die Textbox.
Code:
:OTL
IE - HKU\S-1-5-21-2067509887-573568312-3817669188-1006\..\SearchScopes\{0F9E37E5-7094-4B2A-BA63-45728792B28B}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=FKR&o=100000013&src=crm&q={searchTerms}&locale=&apn_ptnrs=2T&apn_dtid=YYYYYYYYDE&apn_uid=20f87da0-8a57-4582-a7cf-f83df4dd67e0&apn_sauid=E6103EC5-827E-45F3-9103-1CA704EF6625
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..keyword.URL: "http://websearch.ask.com/redirect?client=ff&src=kw&tb=FKR&o=100000013&locale=de_DE&apn_uid=20f87da0-8a57-4582-a7cf-f83df4dd67e0&apn_ptnrs=2T&apn_sauid=E6103EC5-827E-45F3-9103-1CA704EF6625&apn_dtid=YYYYYYYYDE&&q="
FF - user.js - File not found
[2012.10.24 21:55:03 | 000,000,000 | ---D | M] (Fotosketcher Toolbar) -- C:\Dokumente und Einstellungen\Wolfgang\Anwendungsdaten\Mozilla\Firefox\Profiles\jp8vstay.default\extensions\toolbar@ask.com
[2012.10.24 21:55:04 | 000,002,331 | ---- | M] () -- C:\Dokumente und Einstellungen\Wolfgang\Anwendungsdaten\Mozilla\Firefox\Profiles\jp8vstay.default\searchplugins\askcom.xml
O3 - HKU\S-1-5-21-2067509887-573568312-3817669188-1006\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-21-2067509887-573568312-3817669188-1006\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
:Files
C:\Dokumente und Einstellungen\Wolfgang\Desktop\MBR.dat
C:\1.htm
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[resethosts]
  • Solltest du deinen Benutzernamen z. B. durch "*****" unkenntlich gemacht haben, so füge an entsprechender Stelle deinen richtigen Benutzernamen ein. Andernfalls wird der Fix nicht funktionieren.
  • Schließe bitte nun alle Programme.
  • Klicke nun bitte auf den Fix Button.
  • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
  • Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
    ( Auch zu finden unter C:\_OTL\MovedFiles\<Uhrzeit_Datum>.txt)
    Kopiere nun den Inhalt hier in Deinen Thread

wolfk 17.01.2013 18:43
Hallo Cosinus,

die OTL.exe wurder neu gestartet und der Inhalt aus der Codebox in
die "Benutzerdefinierte Scans/Fixes"-Box kopiert. Änderungen, wie
z. B. Benutzernamen waren nicht vorzunehmen, da im Vorfeld nichts
durch "*******" unkenntlich gemacht worden ist.

Anschließend habe ich alle Programme geschlossen und auf den Fix-Button
geklickt.

OTL hat einen Neustart verlangt, den ich zugelassen habe. Das nach
dem Neustart auf dem Desktop vorgefundene Textdokument sollte hier
in den Thread kopiert werden (anbei).

Für Deine Arbeit ein herzliches Dankeschön.

wolfk

Code:
All processes killed
========== OTL ==========
Registry key HKEY_USERS\S-1-5-21-2067509887-573568312-3817669188-1006\Software\Microsoft\Internet Explorer\SearchScopes\{0F9E37E5-7094-4B2A-BA63-45728792B28B}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F9E37E5-7094-4B2A-BA63-45728792B28B}\ not found.
Prefs.js: "Ask.com" removed from browser.search.defaultengine
Prefs.js: "Ask.com" removed from browser.search.defaultenginename
Prefs.js: "Ask.com" removed from browser.search.order.1
Prefs.js: "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=FKR&o=100000013&locale=de_DE&apn_uid=20f87da0-8a57-4582-a7cf-f83df4dd67e0&apn_ptnrs=2T&apn_sauid=E6103EC5-827E-45F3-9103-1CA704EF6625&apn_dtid=YYYYYYYYDE&&q=" removed from keyword.URL
C:\Dokumente und Einstellungen\Wolfgang\Anwendungsdaten\Mozilla\Firefox\Profiles\jp8vstay.default\extensions\toolbar@ask.com\searchplugins folder moved successfully.
C:\Dokumente und Einstellungen\Wolfgang\Anwendungsdaten\Mozilla\Firefox\Profiles\jp8vstay.default\extensions\toolbar@ask.com\defaults\preferences folder moved successfully.
C:\Dokumente und Einstellungen\Wolfgang\Anwendungsdaten\Mozilla\Firefox\Profiles\jp8vstay.default\extensions\toolbar@ask.com\defaults folder moved successfully.
C:\Dokumente und Einstellungen\Wolfgang\Anwendungsdaten\Mozilla\Firefox\Profiles\jp8vstay.default\extensions\toolbar@ask.com\chrome\skin folder moved successfully.
C:\Dokumente und Einstellungen\Wolfgang\Anwendungsdaten\Mozilla\Firefox\Profiles\jp8vstay.default\extensions\toolbar@ask.com\chrome\content folder moved successfully.
C:\Dokumente und Einstellungen\Wolfgang\Anwendungsdaten\Mozilla\Firefox\Profiles\jp8vstay.default\extensions\toolbar@ask.com\chrome folder moved successfully.
C:\Dokumente und Einstellungen\Wolfgang\Anwendungsdaten\Mozilla\Firefox\Profiles\jp8vstay.default\extensions\toolbar@ask.com folder moved successfully.
C:\Dokumente und Einstellungen\Wolfgang\Anwendungsdaten\Mozilla\Firefox\Profiles\jp8vstay.default\searchplugins\askcom.xml moved successfully.
Registry value HKEY_USERS\S-1-5-21-2067509887-573568312-3817669188-1006\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found.
Registry value HKEY_USERS\S-1-5-21-2067509887-573568312-3817669188-1006\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}\ not found.
========== FILES ==========
C:\Dokumente und Einstellungen\Wolfgang\Desktop\MBR.dat moved successfully.
C:\1.htm moved successfully.
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Auflösungscache wurde geleert.
C:\Dokumente und Einstellungen\Wolfgang\Desktop\cmd.bat deleted successfully.
C:\Dokumente und Einstellungen\Wolfgang\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: All Users
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes
 
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: Petra
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Wolfgang
->Temp folder emptied: 926017 bytes
->Temporary Internet Files folder emptied: 36403 bytes
->FireFox cache emptied: 12432896 bytes
->Flash cache emptied: 492 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 3860527 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 17,00 mb
 
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.69.0 log created on 01172013_183350

Files\Folders moved on Reboot...
File\Folder C:\WINDOWS\temp\Perflib_Perfdata_790.dat not found!

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

cosinus 18.01.2013 11:47
So, nun die hoffentlich letzte Kontrolle mit OTL bitte:
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in CODE-Tags in den Thread.

wolfk 18.01.2013 13:03
Hallo Cosinus,

ich hatte ja gehofft, dass wir so weit kommen würden. Nur der Aufwand und das
Wissen, das erforderlich ist um zu diesem Ergebnis zu kommen, ist phänomenal.
An dieser Stelle schon einmal ein dickes Dankeschön. Danke auch für die Zeit,
die Du Dir genommen hast und für die Geduld, die zumindest zu Anfang erforderlich
war. Ich bin zu einem verständnisvolleren "Benutzer mit Kenntnissen" gereift und
werde auch künftig dem Trojaner-Board verbunden sein und vor allen Dingen Werbung
machen.

Nun zur heutigen Aufgabenstellung. Den Doppelklick auf die OTL.exe habe ich
vorgenommen und durch einen Klick auf Run Scan links oben das Programm gestartet.
Vorab hatte ich mittig den Haken bei "Scanne alle Benutzer" gesetzt, minimalen
Output gewählt und unter Extra Registry Use Safelist gewählt.

Die nach Beendigung des Scans erstellten 2 Logfiles habe ich in CODE-Tags in den
Thread gepostet (anbei).

Gruß

Wolfk

OTL.Txt-Editor

Code:
OTL logfile created on: 18.01.2013 12:50:12 - Run 7
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Dokumente und Einstellungen\Wolfgang\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,34 Gb Available Physical Memory | 66,87% Memory free
3,85 Gb Paging File | 3,24 Gb Available in Paging File | 84,27% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 48,83 Gb Total Space | 27,36 Gb Free Space | 56,02% Space Free | Partition Type: NTFS
Drive D: | 140,58 Gb Total Space | 125,15 Gb Free Space | 89,03% Space Free | Partition Type: FAT32
Drive F: | 48,83 Gb Total Space | 35,30 Gb Free Space | 72,30% Space Free | Partition Type: NTFS
Drive G: | 75,89 Gb Total Space | 68,83 Gb Free Space | 90,70% Space Free | Partition Type: NTFS
Drive J: | 50,27 Gb Total Space | 50,26 Gb Free Space | 100,00% Space Free | Partition Type: FAT32
Drive N: | 465,73 Gb Total Space | 115,08 Gb Free Space | 24,71% Space Free | Partition Type: NTFS
 
Computer Name: LAPTOP-PC | User Name: Wolfgang | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - G:\Eigene Programme\F-Secure\Anti-Virus\fssm32.exe (F-Secure Corporation)
PRC - G:\Eigene Programme\F-Secure\Anti-Virus\fsgk32.exe (F-Secure Corporation)
PRC - C:\Dokumente und Einstellungen\Wolfgang\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Box Sync\BoxSyncHelper.exe (Box, Inc.)
PRC - C:\Programme\Box Sync\BoxSync.exe (Box, Inc.)
PRC - C:\Programme\ubuntuone\dist\ubuntu-sso-login.exe ()
PRC - C:\Programme\ubuntuone\dist\ubuntuone-syncdaemon.exe ()
PRC - C:\Programme\ubuntuone\dist\ubuntuone-proxy-tunnel.exe ()
PRC - C:\Programme\ubuntuone\dist\ubuntuone-control-panel-qt.exe ()
PRC - C:\Programme\Twonky\TwonkyServer\twonkyproxy.exe ()
PRC - C:\Programme\Twonky\TwonkyServer\twonkywebdav.exe ()
PRC - C:\Programme\Twonky\TwonkyServer\twonkytray.exe (PacketVideo)
PRC - C:\Programme\Java\jre7\bin\jqs.exe (Oracle Corporation)
PRC - G:\Programme\PDF24\pdf24.exe (Geek Software GmbH)
PRC - C:\Programme\Gemeinsame Dateien\Java\Java Update\jucheck.exe (Sun Microsystems, Inc.)
PRC - C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
PRC - G:\hardcopy\hardcopy.exe (sw4you, Siegfried Weckmann)
PRC - G:\Programme\STRATO AG\STRATO HiDrive\STRATO HiDrive Service.exe (STRATO)
PRC - C:\Programme\Software Informer\softinfo.exe (Informer Technologies, Inc.)
PRC - C:\Programme\Nero\Update\NASvc.exe (Nero AG)
PRC - G:\Eigene Programme\F-Secure\Common\FSMA32.EXE (F-Secure Corporation)
PRC - G:\Eigene Programme\F-Secure\Common\FSLAUNCH.EXE (F-Secure Corporation)
PRC - G:\Eigene Programme\F-Secure\Anti-Virus\fsgk32st.exe (F-Secure Corporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Gemeinsame Dateien\Ulead Systems\AutoDetector\Monitor.exe (Ulead Systems, Inc.)
PRC - C:\Programme\Sony\VAIO Camera Utility\VCUServe.exe (Sony Corporation)
PRC - C:\Programme\Sony\VAIO Power Management\SPMgr.exe (Sony Corporation)
PRC - C:\Programme\Sony\Wireless Switch Setting Utility\Switcher.exe (Sony Corporation)
PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.)
PRC - C:\Programme\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe ()
PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe (TOSHIBA CORPORATION.)
PRC - C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe (Sony Corporation)
PRC - C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe (Sony Corporation)
PRC - C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe (Sony Corporation)
PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe (TOSHIBA CORPORATION.)
PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe (TOSHIBA CORPORATION.)
PRC - C:\Programme\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation)
PRC - C:\Programme\Adobe\Acrobat 7.0\Distillr\acrotray.exe (Adobe Systems Inc.)
PRC - C:\Programme\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
PRC - C:\Programme\Apoint\ApntEx.exe (Alps Electric Co., Ltd.)
PRC - C:\Programme\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
PRC - C:\WINDOWS\system32\ico.exe (Primax Electronics Ltd.)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\BoxSyncHelper\69a33ca4d86dd204a06bebc087d60b26\BoxSyncHelper.ni.exe ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Newtonsoft.Json.Net#\ad7f1ab6eb4d4760d6a44da93a726174\Newtonsoft.Json.Net20.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Python.Runtime\e504461905e60c71e7b15698bca2b340\Python.Runtime.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Management\1a6f9e23985e3159e6dd9827fd81c2fd\System.Management.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\ZetaLongPaths\79a6c14accd5a637a81f08525630c90e\ZetaLongPaths.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\BoxUtils\8fcb0e3bc42873044d8bb5ba01a4fd68\BoxUtils.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\BoxSync\a3b01b2b9821350be75712b900bf5589\BoxSync.ni.exe ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\5f287bf8e66e3b9bfc5562ad7e3c7857\System.Configuration.Install.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\d8e6b9c70a9456677c5d746fa603013f\System.Web.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\d7a2248a76f0e94d56c92c5bf96f5175\System.Runtime.Remoting.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Transactions\ad737988d5bde126a3b7770eacc51e5b\System.Transactions.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data\8462c03b4f10c4624feb95790d6d1e30\System.Data.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Accessibility\cbee94ec6a0fe649e3b4643cea6e1259\Accessibility.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\4c91371e83d124ecb39664613e7e0417\System.Windows.Forms.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\7782f356a838c403b4a8e9c80df5a577\System.Drawing.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Security\203f25ba39b45027d2d0c8f849a471db\System.Security.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\d8f621506aee1c8eb8fdb948d4640dca\System.Data.SqlXml.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\fe025743210c22bea2f009e1612c38bf\System.Xml.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\96b7a0136e9e72e8f4eb0230c20766d2\System.Configuration.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\aeac298c43c77d8860db8e7634d9f2eb\System.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\eab2340ead8e1a84bdf1a87868659979\mscorlib.ni.dll ()
MOD - C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll ()
MOD - C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll ()
MOD - C:\Programme\ubuntuone\dist\ubuntu-sso-login.exe ()
MOD - C:\Programme\ubuntuone\dist\ubuntuone-syncdaemon.exe ()
MOD - C:\Programme\ubuntuone\dist\ubuntuone-proxy-tunnel.exe ()
MOD - C:\Programme\ubuntuone\dist\ubuntuone-control-panel-qt.exe ()
MOD - C:\Programme\Twonky\TwonkyServer\twonkyproxy.exe ()
MOD - C:\Programme\Twonky\TwonkyServer\twonkywebdav.exe ()
MOD - C:\Programme\ubuntuone\dist\zope.interface._zope_interface_coptimizations.pyd ()
MOD - C:\Programme\ubuntuone\dist\OpenSSL.crypto.pyd ()
MOD - C:\Programme\ubuntuone\dist\OpenSSL.SSL.pyd ()
MOD - C:\Programme\ubuntuone\dist\OpenSSL.rand.pyd ()
MOD - C:\Programme\ubuntuone\dist\Crypto.Cipher.AES.pyd ()
MOD - C:\Programme\ubuntuone\dist\twisted.python._initgroups.pyd ()
MOD - C:\Programme\Box Sync\_ssl.pyd ()
MOD - C:\Programme\Box Sync\unicodedata.pyd ()
MOD - C:\Programme\Box Sync\sqlite3.dll ()
MOD - C:\Programme\Box Sync\_hashlib.pyd ()
MOD - C:\Programme\Box Sync\pyexpat.pyd ()
MOD - C:\Programme\Box Sync\win32file.pyd ()
MOD - C:\Programme\Box Sync\pywintypes27.dll ()
MOD - C:\Programme\Box Sync\win32security.pyd ()
MOD - C:\Programme\Box Sync\win32api.pyd ()
MOD - C:\Programme\Box Sync\_elementtree.pyd ()
MOD - C:\Programme\Box Sync\_ctypes.pyd ()
MOD - C:\Programme\Box Sync\_sqlite3.pyd ()
MOD - C:\Programme\Box Sync\_socket.pyd ()
MOD - C:\Programme\Box Sync\_testcapi.pyd ()
MOD - C:\Programme\Box Sync\_win32sysloader.pyd ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Core\a2b1103ad3d9f329e0c9164994137c81\System.Core.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml\21071fcc838660d96f10920c4c3cd206\System.Xml.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Configuration\363b05dd092178671e56531a9c4999b6\System.Configuration.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System\3ff4657a86a0e14b4be577969e0ec762\System.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\mscorlib\52f4f785f7cf45a64606a8e13c8cf04c\mscorlib.ni.dll ()
MOD - C:\Programme\ubuntuone\dist\PyQt4.QtNetwork.pyd ()
MOD - C:\Programme\ubuntuone\dist\PyQt4.QtGui.pyd ()
MOD - C:\Programme\ubuntuone\dist\PyQt4.QtCore.pyd ()
MOD - C:\Programme\ubuntuone\dist\sip.pyd ()
MOD - G:\Eigene Programme\F-Secure\Anti-Virus\minifilter\hashlib_x86.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - G:\hardcopy\HcDllS.dll ()
MOD - C:\Programme\ubuntuone\dist\_ssl.pyd ()
MOD - C:\Programme\ubuntuone\dist\_hashlib.pyd ()
MOD - C:\Programme\ubuntuone\dist\_ctypes.pyd ()
MOD - C:\Programme\ubuntuone\dist\select.pyd ()
MOD - C:\Programme\ubuntuone\dist\unicodedata.pyd ()
MOD - C:\Programme\ubuntuone\dist\_socket.pyd ()
MOD - G:\hardcopy\HcDLL2_36_Win32.dll ()
MOD - C:\Programme\ubuntuone\dist\win32com.shell.shell.pyd ()
MOD - C:\Programme\ubuntuone\dist\pythoncom27.dll ()
MOD - C:\Programme\ubuntuone\dist\win32gui.pyd ()
MOD - C:\Programme\ubuntuone\dist\win32api.pyd ()
MOD - C:\Programme\ubuntuone\dist\win32trace.pyd ()
MOD - C:\Programme\ubuntuone\dist\win32security.pyd ()
MOD - C:\Programme\ubuntuone\dist\win32process.pyd ()
MOD - C:\Programme\ubuntuone\dist\win32pipe.pyd ()
MOD - C:\Programme\ubuntuone\dist\win32event.pyd ()
MOD - C:\Programme\ubuntuone\dist\win32file.pyd ()
MOD - C:\Programme\ubuntuone\dist\pywintypes27.dll ()
MOD - G:\hardcopy\hardcopy_04.dll ()
MOD - C:\WINDOWS\system32\sbe.dll ()
MOD - G:\Eigene Programme\F-Secure\Spam Control\fsas.dll ()
MOD - \\?\g:\eigene programme\f-secure\hips\fsumi.dll ()
MOD - g:\Eigene Programme\F-Secure\DAAS2\daas2.dll ()
MOD - C:\WINDOWS\system32\msdmo.dll ()
MOD - C:\Programme\Gemeinsame Dateien\Ulead Systems\AutoDetector\DetMethod.dll ()
MOD - C:\WINDOWS\system32\msjetoledb40.dll ()
MOD - C:\Programme\Sony\VAIO Camera Utility\VCULib.dll ()
MOD - C:\Programme\Intel\Wireless\Bin\Libeay32.dll ()
MOD - C:\Programme\Intel\Wireless\Bin\iWMSProv.dll ()
MOD - C:\Programme\Intel\Wireless\Bin\IntStngs.dll ()
MOD - C:\Programme\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe ()
MOD - C:\WINDOWS\system32\TosCommAPI.dll ()
MOD - C:\Programme\Sony\VAIO Event Service\VESBasePS.dll ()
MOD - C:\Programme\Adobe\Acrobat 7.0\Distillr\AdistRes.DEU ()
MOD - C:\WINDOWS\system32\TosBtHcrpAPI.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (HidServ) -- %SystemRoot%\System32\hidserv.dll File not found
SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (TwonkyProxy) -- C:\Programme\Twonky\TwonkyServer\twonkyproxy.exe ()
SRV - (TwonkyWebDav) -- C:\Programme\Twonky\TwonkyServer\twonkywebdav.exe ()
SRV - (JavaQuickStarterService) -- C:\Programme\Java\jre7\bin\jqs.exe (Oracle Corporation)
SRV - (FSORSPClient) -- G:\Eigene Programme\F-Secure\ORSP Client\fsorsp.exe (F-Secure Corporation)
SRV - (VUAgent) -- C:\Programme\Sony\VAIO Update Common\VUAgent.exe (Sony Corporation)
SRV - (STRATO HiDrive Service) -- G:\Programme\STRATO AG\STRATO HiDrive\STRATO HiDrive Service.exe (STRATO)
SRV - (NAUpdate) -- C:\Programme\Nero\Update\NASvc.exe (Nero AG)
SRV - (FSMA) -- G:\Eigene Programme\F-Secure\Common\FSMA32.EXE (F-Secure Corporation)
SRV - (FSDFWD) -- G:\Eigene Programme\F-Secure\FWES\program\fsdfwd.exe (F-Secure Corporation)
SRV - (F-Secure Gatekeeper Handler Starter) -- G:\Eigene Programme\F-Secure\Anti-Virus\fsgk32st.exe (F-Secure Corporation)
SRV - (VAIOMediaPlatform-IntegratedServer-AppServer) -- C:\Programme\Sony\VAIO Media Integrated Server\VMISrv.exe (Sony Corporation)
SRV - (VAIOMediaPlatform-IntegratedServer-UPnP) -- C:\Programme\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe (Sony Corporation)
SRV - (VAIOMediaPlatform-IntegratedServer-HTTP) -- C:\Programme\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe (Sony Corporation)
SRV - (VAIOMediaPlatform-Mobile-Gateway) -- C:\Programme\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe (Sony Corporation)
SRV - (VAIO Entertainment TV Device Arbitration Service) -- C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe (Sony Corporation)
SRV - (SSScsiSV) -- C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\SSScsiSV.exe (Sony Corporation)
SRV - (AdobeActiveFileMonitor4.0) -- C:\Programme\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe ()
SRV - (VzCdbSvc) -- C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe (Sony Corporation)
SRV - (VzFw) -- C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe (Sony Corporation)
SRV - (Vcsw) -- C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe (Sony Corporation)
SRV - (MSCSPTISRV) -- C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\MSCSPTISRV.exe (Sony Corporation)
SRV - (PACSPTISVR) -- C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\PACSPTISVR.exe (Sony Corporation)
SRV - (SPTISRV) -- C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\SPTISRV.exe (Sony Corporation)
SRV - (Image Converter video recording monitor for VAIO Entertainment) -- C:\Programme\Sony\Image Converter 2\IcVzMon.exe (Sony Corporation)
SRV - (VAIO Event Service) -- C:\Programme\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation)
SRV - (VCI) -- C:\Programme\Sony\VAIO Cooperated Initialisation\VCI_svc.exe (Sony Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (WDICA) --  File not found
DRV - (PDRFRAME) --  File not found
DRV - (PDRELI) --  File not found
DRV - (PDFRAME) --  File not found
DRV - (PDCOMP) --  File not found
DRV - (PCIDump) --  File not found
DRV - (lbrtfdc) --  File not found
DRV - (i2omgmt) --  File not found
DRV - (esihdrv) -- C:\DOKUME~1\Wolfgang\LOKALE~1\Temp\esihdrv.sys File not found
DRV - (Changer) --  File not found
DRV - (catchme) -- C:\DOKUME~1\Wolfgang\LOKALE~1\Temp\catchme.sys File not found
DRV - (F-Secure Gatekeeper) -- G:\Eigene Programme\F-Secure\Anti-Virus\minifilter\fsgk.sys ()
DRV - (fsbts) -- C:\WINDOWS\system32\drivers\fsbts.sys ()
DRV - (NBVol) -- C:\WINDOWS\system32\drivers\NBVol.sys (Nero AG)
DRV - (NBVolUp) -- C:\WINDOWS\system32\drivers\NBVolUp.sys (Nero AG)
DRV - (tap0901) -- C:\WINDOWS\system32\drivers\tap0901.sys (The OpenVPN Project)
DRV - (F-Secure HIPS) -- G:\Eigene Programme\F-Secure\HIPS\drivers\fshs.sys (F-Secure Corporation)
DRV - (FSFW) -- C:\WINDOWS\system32\drivers\fsdfw.sys (F-Secure Corporation)
DRV - (F-Secure Filter) -- G:\Eigene Programme\F-Secure\Anti-Virus\win2k\fsfilter.sys ()
DRV - (F-Secure Recognizer) -- G:\Eigene Programme\F-Secure\Anti-Virus\win2k\fsrec.sys ()
DRV - (WDC_SAM) -- C:\WINDOWS\system32\drivers\wdcsam.sys (Western Digital Technologies)
DRV - (SonyImgF) -- C:\WINDOWS\system32\drivers\SonyImgF.sys (Sony Corporation)
DRV - (s24trans) -- C:\WINDOWS\system32\drivers\s24trans.sys (Intel Corporation)
DRV - (w39n51) -- C:\WINDOWS\system32\drivers\w39n51.sys (Intel® Corporation)
DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (SigmaTel, Inc.)
DRV - (Tosrfusb) -- C:\WINDOWS\system32\drivers\tosrfusb.sys (TOSHIBA CORPORATION)
DRV - (TosRfSnd) -- C:\WINDOWS\system32\drivers\tosrfsnd.sys (TOSHIBA Corporation)
DRV - (usbvm321) -- C:\WINDOWS\system32\drivers\usbvm321.sys (Vimicro Corporation)
DRV - (HSF_DPV) -- C:\WINDOWS\system32\drivers\HSF_DPV.sys (Conexant Systems, Inc.)
DRV - (HSFHWAZL) -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (Tosrfbd) -- C:\WINDOWS\system32\drivers\tosrfbd.sys (TOSHIBA CORPORATION)
DRV - (Tosrfhid) -- C:\WINDOWS\system32\drivers\tosrfhid.sys (TOSHIBA Corporation.)
DRV - (ti21sony) -- C:\WINDOWS\system32\drivers\ti21sony.sys (Texas Instruments)
DRV - (SI3132) -- C:\WINDOWS\system32\drivers\SI3132.sys (Silicon Image, Inc.)
DRV - (SiRemFil) -- C:\WINDOWS\system32\drivers\SiRemFil.sys (Silicon Image, Inc.)
DRV - (tosporte) -- C:\WINDOWS\system32\drivers\tosporte.sys (TOSHIBA Corporation)
DRV - (Tosrfbnp) -- C:\WINDOWS\system32\drivers\tosrfbnp.sys (TOSHIBA Corporation)
DRV - (Tosrfcom) -- C:\WINDOWS\system32\drivers\tosrfcom.sys (TOSHIBA Corporation)
DRV - (toshidpt) -- C:\WINDOWS\system32\drivers\toshidpt.sys (TOSHIBA Corporation.)
DRV - (tosrfnds) -- C:\WINDOWS\system32\drivers\tosrfnds.sys (TOSHIBA Corporation.)
DRV - (ApfiltrService) -- C:\WINDOWS\system32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (SiFilter) -- C:\WINDOWS\system32\drivers\SiWinAcc.sys (Silicon Image, Inc.)
DRV - (DMICall) -- C:\WINDOWS\system32\drivers\DMICall.sys (Sony Corporation)
DRV - (SNC) -- C:\WINDOWS\system32\drivers\SonyNC.sys (Sony Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.club-vaio.com/de/
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.club-vaio.com/de/
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-21-2067509887-573568312-3817669188-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-21-2067509887-573568312-3817669188-1006\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-2067509887-573568312-3817669188-1006\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-2067509887-573568312-3817669188-1006\..\SearchScopes\{AF0B3699-313C-47CE-B187-97C181997C92}: "URL" = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKU\S-1-5-21-2067509887-573568312-3817669188-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: ""
FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.order.1: ""
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "hxxp://www.kottowski.de"
FF - prefs.js..extensions.enabledAddons: spam%40trashmail.net:2.6.2
FF - prefs.js..extensions.enabledAddons: litmus-ff%40f-secure.com:1.10
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Programme\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Nero.com/KM: C:\PROGRA~1\GEMEIN~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.4: G:\Programme\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: G:\Programme\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101753.dll (Amazon.com, Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\litmus-ff@f-secure.com: G:\Eigene Programme\F-Secure\NRS\litmus-ff@f-secure.com [2013.01.03 20:18:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0\extensions\\Components: g:\programme\mozilla firefox\components [2013.01.10 20:43:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0\extensions\\Plugins: g:\programme\mozilla firefox\plugins
 
[2012.06.10 19:48:52 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Wolfgang\Anwendungsdaten\Mozilla\Extensions
[2012.12.02 20:03:37 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Wolfgang\Anwendungsdaten\Mozilla\Firefox\Profiles\jp8vstay.default\extensions
[2012.12.02 20:03:37 | 000,217,069 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\Wolfgang\Anwendungsdaten\Mozilla\Firefox\Profiles\jp8vstay.default\extensions\spam@trashmail.net.xpi
[2013.01.03 20:18:32 | 000,000,000 | ---D | M] ("urn:mozilla:install-manifest" em:creator="(c) 2007 by F-Secure" em:description="Browsing Protection Toolbar" em:homepageURL="hxxp://www.f-secure.com/" em:iconURL="chrome://litmus-ff/skin/logo.png" em:id="litmus-ff@f-secure.com" em:name="Browsing Protection" em:updateURL="https://10.70.0.25/fireup/update.rdf" em:version="1.10">) -- G:\EIGENE PROGRAMME\F-SECURE\NRS\LITMUS-FF@F-SECURE.COM
 
O1 HOSTS File: ([2013.01.17 18:34:06 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: ::1      localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Programme\Google\GoogleToolbar1.dll (Google Inc.)
O2 - BHO: (Browsing Protection Class) - {C6867EB7-8350-4856-877F-93CF8AE3DC9C} - G:\Eigene Programme\F-Secure\NRS\iescript\baselitmus.dll (F-Secure Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Programme\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Browsing Protection Toolbar) - {265EEE8E-3228-44D3-AEA5-F7FDF5860049} - G:\Eigene Programme\F-Secure\NRS\iescript\baselitmus.dll (F-Secure Corporation)
O3 - HKU\S-1-5-21-2067509887-573568312-3817669188-1006\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Programme\Google\GoogleToolbar1.dll (Google Inc.)
O4 - HKLM..\Run: [Acrobat Assistant 7.0] C:\Programme\Adobe\Acrobat 7.0\Distillr\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Apoint] C:\Programme\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [BoxSyncHelper] C:\Programme\Box Sync\BoxSyncHelper.exe (Box, Inc.)
O4 - HKLM..\Run: [F-Secure Manager] G:\Eigene Programme\F-Secure\Common\FSM32.EXE (F-Secure Corporation)
O4 - HKLM..\Run: [F-Secure TNB] G:\Eigene Programme\F-Secure\FSGUI\TNBUtil.exe (F-Secure Corporation)
O4 - HKLM..\Run: [ISBMgr.exe] C:\Programme\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [Mouse Suite 98 Daemon] C:\WINDOWS\System32\ico.exe (Primax Electronics Ltd.)
O4 - HKLM..\Run: [NBAgent] C:\Programme\Nero\Nero 11\Nero BackItUp\NBAgent.exe (Nero AG)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [PDFPrint] G:\Programme\PDF24\pdf24.exe (Geek Software GmbH)
O4 - HKLM..\Run: [SonyPowerCfg] C:\Programme\Sony\VAIO Power Management\SPMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Switcher.exe] C:\Programme\Sony\Wireless Switch Setting Utility\Switcher.exe (Sony Corporation)
O4 - HKLM..\Run: [Ulead AutoDetector v2] C:\Programme\Gemeinsame Dateien\Ulead Systems\AutoDetector\Monitor.exe (Ulead Systems, Inc.)
O4 - HKLM..\Run: [VAIO Update 5] C:\Programme\Sony\VAIO Update 5\VAIOUpdt.exe (Sony Corporation)
O4 - HKLM..\Run: [VAIOCameraUtility] C:\Programme\Sony\VAIO Camera Utility\VCUServe.exe (Sony Corporation)
O4 - HKU\S-1-5-21-2067509887-573568312-3817669188-1006..\Run: [Software Informer] C:\Programme\Software Informer\softinfo.exe (Informer Technologies, Inc.)
O4 - HKU\S-1-5-21-2067509887-573568312-3817669188-1006..\Run: [Ubuntu One] C:\Programme\ubuntuone\dist\ubuntuone-syncdaemon.exe ()
O4 - HKU\S-1-5-21-2067509887-573568312-3817669188-1006..\Run: [Ubuntu One Icon] C:\Programme\ubuntuone\dist\ubuntuone-control-panel-qt.exe ()
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Bluetooth Manager.lnk = C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe ()
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Box Sync.lnk = C:\Programme\Box Sync\BoxSync.exe (Box, Inc.)
O4 - Startup: C:\Dokumente und Einstellungen\Wolfgang\Startmenü\Programme\Autostart\Hardcopy.LNK = G:\hardcopy\hardcopy.exe (sw4you, Siegfried Weckmann)
O4 - Startup: C:\Dokumente und Einstellungen\Wolfgang\Startmenü\Programme\Autostart\Twonky 7.1.lnk = C:\Programme\Twonky\TwonkyServer\twonkytray.exe (PacketVideo)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2067509887-573568312-3817669188-1006\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2067509887-573568312-3817669188-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-2067509887-573568312-3817669188-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-2067509887-573568312-3817669188-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &Google-Suche - C:\Programme\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: &Ins Deutsche übersetzen - C:\Programme\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Ähnliche Seiten - C:\Programme\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Im Cache gespeicherte Seite - C:\Programme\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Verweisseiten - C:\Programme\Google\GoogleToolbar1.dll (Google Inc.)
O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_05\bin\NPJPI150_05.dll (Sun Microsystems, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - G:\Eigene Programme\F-Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - G:\Eigene Programme\F-Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - G:\Eigene Programme\F-Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - G:\Eigene Programme\F-Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O15 - HKU\.DEFAULT\..Trusted Domains: sony-europe.com ([] in Lokales Intranet)
O15 - HKU\.DEFAULT\..Trusted Domains: sony-europe.com ([]* in Vertrauenswürdige Sites)
O15 - HKU\.DEFAULT\..Trusted Domains: sonystyle-europe.com ([] in Lokales Intranet)
O15 - HKU\.DEFAULT\..Trusted Domains: sonystyle-europe.com ([]* in Vertrauenswürdige Sites)
O15 - HKU\.DEFAULT\..Trusted Domains: vaio-link.com ([] in Lokales Intranet)
O15 - HKU\.DEFAULT\..Trusted Domains: vaio-link.com ([]* in Vertrauenswürdige Sites)
O15 - HKU\S-1-5-18\..Trusted Domains: sony-europe.com ([] in Lokales Intranet)
O15 - HKU\S-1-5-18\..Trusted Domains: sony-europe.com ([]* in Vertrauenswürdige Sites)
O15 - HKU\S-1-5-18\..Trusted Domains: sonystyle-europe.com ([] in Lokales Intranet)
O15 - HKU\S-1-5-18\..Trusted Domains: sonystyle-europe.com ([]* in Vertrauenswürdige Sites)
O15 - HKU\S-1-5-18\..Trusted Domains: vaio-link.com ([] in Lokales Intranet)
O15 - HKU\S-1-5-18\..Trusted Domains: vaio-link.com ([]* in Vertrauenswürdige Sites)
O15 - HKU\S-1-5-21-2067509887-573568312-3817669188-1006\..Trusted Domains: sony-europe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-2067509887-573568312-3817669188-1006\..Trusted Domains: sonystyle-europe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-2067509887-573568312-3817669188-1006\..Trusted Domains: vaio-link.com ([]* in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab (Java Plug-in 1.5.0_05)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D736588D-959B-4DE4-8835-3D3DDD703445}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\VESWinlogon: DllName - (VESWinlogon.dll) - C:\WINDOWS\System32\VESWinlogon.dll (Sony Corporation)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\WINDOWS\VAIO Sea Wallpaper TrueColor 1280x800.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\VAIO Sea Wallpaper TrueColor 1280x800.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005.12.12 17:40:12 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - F:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.01.16 17:22:01 | 000,000,000 | ---D | C] -- C:\_OTL
[2013.01.10 19:53:32 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2013.01.10 01:04:17 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\mbar-1.01.0.1011
[2013.01.09 21:40:45 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Wolfgang\Anwendungsdaten\Opera
[2013.01.09 21:31:25 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Wolfgang\Lokale Einstellungen\Anwendungsdaten\PCHealth
[2013.01.08 22:49:57 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2013.01.08 22:46:23 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2013.01.08 22:46:23 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2013.01.08 22:46:22 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2013.01.08 22:46:22 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2013.01.08 22:45:53 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.01.08 22:45:50 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\Wolfgang\Startmenü\Programme\Verwaltung
[2013.01.08 22:45:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
[2013.01.08 22:41:04 | 005,019,950 | R--- | C] (Swearware) -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\ComboFix.exe
[2013.01.06 17:50:24 | 002,213,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\tdsskiller.exe
[2013.01.06 17:02:38 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\aswMBR.exe
[2013.01.06 00:57:18 | 002,841,344 | ---- | C] (ESET) -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\SysInspector.exe
[2013.01.04 18:58:43 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\OTL.exe
[2013.01.03 21:53:20 | 000,000,000 | ---D | C] -- C:\Programme\ESET
[2013.01.03 00:30:55 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Wolfgang\Anwendungsdaten\Malwarebytes
[2013.01.03 00:30:32 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware
[2013.01.03 00:30:29 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
[2013.01.03 00:30:25 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2013.01.03 00:30:25 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2013.01.02 22:16:19 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Wolfgang\Anwendungsdaten\F-Secure
[2012.12.22 19:33:58 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Wolfgang\Startmenü\Programme\The GodFather
[2012.12.22 01:54:27 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Wolfgang\Pictures - GT-P5100
[2012.12.22 00:34:45 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Wolfgang\Ubuntu One
[2012.12.22 00:34:43 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Wolfgang\Lokale Einstellungen\Anwendungsdaten\ubuntuone
[2012.12.22 00:34:31 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Wolfgang\Lokale Einstellungen\Anwendungsdaten\xdg
[2012.12.22 00:34:31 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ubuntuone-storageprotocol
[2012.12.22 00:34:31 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ubuntuone
[2012.12.22 00:34:22 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Ubuntu One
[2012.12.22 00:34:10 | 000,000,000 | ---D | C] -- C:\Programme\ubuntuone
[2012.12.21 20:51:21 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Box Sync
[2012.12.21 01:26:56 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen\Wolfgang\IECompatCache
[2012.12.20 23:59:17 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Wolfgang\Lokale Einstellungen\Anwendungsdaten\IsolatedStorage
[2012.12.20 23:57:37 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Western Digital
[2012.12.20 23:37:20 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\WD Link
[2012.12.20 21:16:52 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Wolfgang\Anwendungsdaten\TwonkyServer
[2012.12.20 21:15:50 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\twonkyserver
[2012.12.20 21:15:45 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Wolfgang\Startmenü\Programme\Twonky 7.1
[2012.12.20 21:15:32 | 000,000,000 | ---D | C] -- C:\Programme\Twonky
[2012.12.20 20:39:37 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Wolfgang\Anwendungsdaten\MioNetApplet
 
========== Files - Modified Within 30 Days ==========
 
[2013.01.18 12:38:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013.01.18 12:24:20 | 000,041,156 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2013.01.18 12:23:58 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013.01.18 12:23:55 | 2145,570,816 | -HS- | M] () -- C:\hiberfil.sys
[2013.01.17 18:34:06 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2013.01.15 17:20:34 | 000,554,087 | ---- | M] () -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\adwcleaner.exe
[2013.01.10 01:02:20 | 013,485,902 | ---- | M] () -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\mbar-1.01.0.1011.zip
[2013.01.09 22:39:06 | 000,697,864 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2013.01.09 22:39:06 | 000,074,248 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2013.01.09 01:20:56 | 000,532,878 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2013.01.09 01:20:56 | 000,506,794 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013.01.09 01:20:56 | 000,108,784 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2013.01.09 01:20:56 | 000,090,702 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013.01.09 01:14:02 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2013.01.08 22:50:01 | 000,000,498 | RHS- | M] () -- C:\boot.ini
[2013.01.08 22:40:54 | 005,019,950 | R--- | M] (Swearware) -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\ComboFix.exe
[2013.01.07 23:24:51 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013.01.06 17:50:28 | 002,213,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\tdsskiller.exe
[2013.01.06 17:03:30 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\aswMBR.exe
[2013.01.06 06:33:34 | 006,009,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
[2013.01.06 00:57:24 | 002,841,344 | ---- | M] (ESET) -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\SysInspector.exe
[2013.01.05 23:17:40 | 000,000,315 | ---- | M] () -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\F-Secure Health Check.url
[2013.01.04 18:49:59 | 000,000,000 | ---- | M] () -- C:\Dokumente und Einstellungen\Wolfgang\defogger_reenable
[2013.01.04 18:41:40 | 000,050,477 | ---- | M] () -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\Defogger.exe
[2013.01.04 18:08:40 | 000,381,632 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013.01.03 16:25:54 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\OTL.exe
[2013.01.03 00:30:32 | 000,000,763 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012.12.22 23:39:23 | 000,007,026 | ---- | M] () -- C:\WINDOWS\cdplayer.ini
[2012.12.22 19:40:20 | 000,000,609 | ---- | M] () -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\TheGodFather.lnk
[2012.12.22 00:34:23 | 000,001,743 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Ubuntu One.lnk
[2012.12.21 20:52:03 | 000,001,333 | ---- | M] () -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\My Box Files.lnk
[2012.12.21 20:51:21 | 000,001,616 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Box Sync.lnk
[2012.12.20 23:57:37 | 000,001,807 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\My Net View.lnk
[2012.12.20 23:37:20 | 000,001,001 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\WD Link.lnk
[2012.12.20 21:16:10 | 000,000,804 | ---- | M] () -- C:\Dokumente und Einstellungen\Wolfgang\Startmenü\Programme\Autostart\Twonky 7.1.lnk
[2012.12.20 21:15:52 | 000,000,792 | ---- | M] () -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\Twonky 7.1.lnk
 
========== Files Created - No Company Name ==========
 
[2013.01.15 17:20:35 | 000,554,087 | ---- | C] () -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\adwcleaner.exe
[2013.01.10 01:01:49 | 013,485,902 | ---- | C] () -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\mbar-1.01.0.1011.zip
[2013.01.08 22:49:59 | 000,262,448 | RHS- | C] () -- C:\cmldr
[2013.01.08 22:46:23 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2013.01.08 22:46:23 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2013.01.08 22:46:23 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2013.01.08 22:46:22 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2013.01.08 22:46:22 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2013.01.05 23:17:40 | 000,000,315 | ---- | C] () -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\F-Secure Health Check.url
[2013.01.04 18:49:59 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\Wolfgang\defogger_reenable
[2013.01.04 18:41:44 | 000,050,477 | ---- | C] () -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\Defogger.exe
[2013.01.03 00:30:32 | 000,000,763 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012.12.22 19:40:20 | 000,000,609 | ---- | C] () -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\TheGodFather.lnk
[2012.12.22 00:34:23 | 000,001,743 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Ubuntu One.lnk
[2012.12.21 20:51:21 | 000,001,616 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Box Sync.lnk
[2012.12.20 23:57:37 | 000,001,807 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\My Net View.lnk
[2012.12.20 23:37:20 | 000,001,001 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\WD Link.lnk
[2012.12.20 21:16:10 | 000,000,804 | ---- | C] () -- C:\Dokumente und Einstellungen\Wolfgang\Startmenü\Programme\Autostart\Twonky 7.1.lnk
[2012.12.20 21:15:52 | 000,000,792 | ---- | C] () -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\Twonky 7.1.lnk
[2012.11.07 22:23:10 | 000,003,396 | ---- | C] () -- C:\Dokumente und Einstellungen\Wolfgang\Lokale Einstellungen\Anwendungsdaten\recently-used.xbel
[2012.10.10 21:11:33 | 000,001,158 | ---- | C] () -- C:\Dokumente und Einstellungen\Wolfgang\Anwendungsdaten\ShiftN.ini
[2012.10.01 23:04:30 | 000,345,366 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\WPFFontCache_v0400-S-1-5-21-2067509887-573568312-3817669188-1007-0.dat
[2012.07.23 22:16:08 | 013,476,602 | ---- | C] () -- C:\Dokumente und Einstellungen\Wolfgang\ZDFneo-Der_Adler_-_Codename__Sisyphus-120705_adler_sisyphus_neo.asx.asf
[2012.07.22 20:14:51 | 000,000,030 | ---- | C] () -- C:\WINDOWS\Iedit_.INI
[2012.07.22 19:51:26 | 000,120,200 | ---- | C] () -- C:\WINDOWS\System32\DLLDEV32i.dll
[2012.07.22 19:46:39 | 000,007,119 | ---- | C] () -- C:\WINDOWS\mgxoschk.ini
[2012.06.28 15:06:13 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012.06.28 01:39:10 | 000,891,902 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\WPFFontCache_v0400-S-1-5-21-2067509887-573568312-3817669188-1006-0.dat
[2012.06.28 01:39:08 | 000,345,366 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\WPFFontCache_v0400-System.dat
[2012.06.26 21:04:22 | 000,007,026 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2012.06.26 20:09:31 | 000,044,240 | ---- | C] () -- C:\WINDOWS\System32\drivers\fsbts.sys
[2012.06.10 20:11:28 | 000,000,166 | ---- | C] () -- C:\Dokumente und Einstellungen\Wolfgang\Anwendungsdaten\wklnhst.dat
[2012.06.10 16:58:38 | 000,004,608 | ---- | C] () -- C:\Dokumente und Einstellungen\Wolfgang\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.06.10 16:36:14 | 000,000,272 | ---- | C] () -- C:\Dokumente und Einstellungen\Wolfgang\Anwendungsdaten\.backup.dm
[2012.06.09 21:25:28 | 000,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2012.06.09 21:16:26 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\Cpuinf32.dll
[2012.06.09 21:12:07 | 000,000,059 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2012.06.09 21:05:27 | 000,000,146 | ---- | C] () -- C:\Dokumente und Einstellungen\Wolfgang\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
 
========== ZeroAccess Check ==========
 
[2005.12.12 17:36:51 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2012.04.20 20:29:44 | 001,510,400 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.02.09 11:51:44 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008.04.14 03:22:32 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >
Extra.Txt-Editor

Code:
OTL Extras logfile created on: 18.01.2013 12:50:12 - Run 7
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Dokumente und Einstellungen\Wolfgang\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,34 Gb Available Physical Memory | 66,87% Memory free
3,85 Gb Paging File | 3,24 Gb Available in Paging File | 84,27% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 48,83 Gb Total Space | 27,36 Gb Free Space | 56,02% Space Free | Partition Type: NTFS
Drive D: | 140,58 Gb Total Space | 125,15 Gb Free Space | 89,03% Space Free | Partition Type: FAT32
Drive F: | 48,83 Gb Total Space | 35,30 Gb Free Space | 72,30% Space Free | Partition Type: NTFS
Drive G: | 75,89 Gb Total Space | 68,83 Gb Free Space | 90,70% Space Free | Partition Type: NTFS
Drive J: | 50,27 Gb Total Space | 50,26 Gb Free Space | 100,00% Space Free | Partition Type: FAT32
Drive N: | 465,73 Gb Total Space | 115,08 Gb Free Space | 24,71% Space Free | Partition Type: NTFS
 
Computer Name: LAPTOP-PC | User Name: Wolfgang | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
 
[HKEY_USERS\S-1-5-21-2067509887-573568312-3817669188-1006\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- g:\programme\mozilla firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "G:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [CEWE FOTOSCHAU] -- "G:\Programme\CEWE COLOR\Mein CEWE FOTOBUCH\CEWE FOTOSCHAU.exe" -d "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Mein CEWE FOTOBUCH] -- "G:\Programme\CEWE COLOR\Mein CEWE FOTOBUCH\Mein CEWE FOTOBUCH.exe" "%1" ()
Directory [PlayWithVLC] -- "G:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Programme\Adobe\Photoshop Elements 4.0\AdobePhotoshopElementsMediaServer.exe" = C:\Programme\Adobe\Photoshop Elements 4.0\AdobePhotoshopElementsMediaServer.exe:*:Disabled:Adobe Photoshop Elements Media Server -- ()
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Programme\Twonky\TwonkyServer\twonkystarter.exe" = C:\Programme\Twonky\TwonkyServer\twonkystarter.exe:*:Enabled:TwonkyServer -- (PacketVideo)
"C:\Programme\Twonky\TwonkyServer\twonkyserver.exe" = C:\Programme\Twonky\TwonkyServer\twonkyserver.exe:*:Enabled:TwonkyServer -- ()
"C:\Programme\ubuntuone\dist\ubuntuone-syncdaemon.exe" = C:\Programme\ubuntuone\dist\ubuntuone-syncdaemon.exe:*:Enabled:Ubuntu One -- ()
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00F8608F-BA6A-4B32-843A-1A568ACD1198}" = VAIO Sea Wallpaper
"{013E1BA8-C815-4E27-BCB9-D6B1B2E24094}" = SonicStage Mastering Studio Audio Filter Custom Preset
"{01E9B2FF-DAF4-4529-9CC9-2101625517C7}" = nero.prerequisites.msi
"{01FDC9FC-4D4F-4DB0-ACD1-D3E8E1D52902}" = Sony MP4 Shared Library
"{034DCAF9-96E7-4936-9A07-712F80B5181E}" = Nero RescueAgent 11
"{0673654C-5296-453B-9798-B61CD7E03FEB}" = SES Driver
"{0713D1F9-DD77-42C1-8C7D-54D479E2E743}" = Nero SoundTrax 11
"{075473F5-846A-448B-BCB3-104AA1760205}" = Roxio DigitalMedia Data
"{0D7A4289-99CF-4B8D-B812-86BE50A54552}" = Nero Video 11
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{11C98E1A-EC91-4B38-B44C-C562292D8453}" = Adobe Premiere Elements 2.0
"{11D3EF85-63E1-4AE4-A7C1-9241BDB16B51}" = Nero ControlCenter 11
"{1417F599-1DBD-4499-9375-B2813E9F890C}" = VAIO Camera Utility
"{14DC0059-00F1-4F62-BD1A-AB23CD51A95E}" = Adobe AIR
"{15803703-25FA-4C01-A062-3F4A59937E87}" = Ulead PhotoImpact X3
"{1BEF9285-5530-426B-A5F1-5836B95C7EB1}" = VAIO Original Screen Saver
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2063C2E8-3812-4BBD-9998-6610F80C1DD4}" = VAIO Media AC3 Decoder 1.0
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 9
"{27337663-2619-11D4-99DC-0000F49094C7}" = Memory Stick Formatter
"{28C70D19-6DE9-43EF-BFA3-342F4A11B727}" = LibreOffice 3.5
"{2A0F3EF9-68EE-49E9-A05B-ED5B82DF63E5}" = Wireless Switch Setting Utility
"{2AEDC172-479F-47AE-8A48-A0524D4AED5B}_is1" = Inpaint 4.7
"{2CA7225D-CB12-462A-9DD1-50319E158BA5}" = Nero 11 PiP Effects Basic
"{3248F0A8-6813-11D6-A77B-00B0D0150050}" = J2SE Runtime Environment 5.0 Update 5
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{390757AA-8830-43DC-AEE0-4E5B6F8439EB}" = Nero SoundTrax 11 Help (CHM)
"{3966711E-1F98-4C9F-AE0B-6AD28137FE64}" = Multiple Image Resizer .NET 4
"{3B418709-D688-4E3A-BE0E-7D71FA84C948}" = Nero 11 PiP Effects 1
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4382FC76-8100-4951-8658-31834E625E88}" = Nero 11 Video Transitions 1
"{498A4E3D-562E-4129-8722-6DCAB12384AE}" = Windows Communication Foundation Language Pack - DEU
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{529125EF-E3AC-4B74-97E6-F688A7C0F1BF}" = Paint.NET v3.5.10
"{53F7746A-96AA-49A5-86B8-59989680DAC5}" = Nero Burning ROM 11 Help (CHM)
"{55C2143E-FBA5-442F-9AFA-726FF068F39D}" = Nero CoverDesigner 11 Help (CHM)
"{560F6B2E-F0DF-44E5-8190-A4A161F0E205}" = VAIO Media 5.0
"{57F80ECF-E27C-4EEE-AB58-E971BACE2639}" = Nero Recode 11 Help (CHM)
"{5855C127-1F20-404D-B7FB-1FD84D7EAB5E}" = VAIO Media Redistribution 5.0
"{59452470-A902-477F-9338-9B88101681BD}" = Setting Utility Series
"{5958CAC6-373E-402F-84FE-0A699AA920B9}" = LAN Setting Utility
"{5A212B2D-140D-46F4-B625-2D1CA5A00594}" = Nero 11 Kwik Themes Basic
"{5BEE8F1F-BD32-4553-8107-500439E43BD7}" = VAIO Update
"{5E940FC7-90C4-8583-3DCB-A2C86224B726}" = Shrink O’Matic
"{5E98FDD6-3672-4DBE-AB8B-2C9A0BED1382}" = Nero 11 Disc Menus 3
"{60356853-8141-8377-6786-288431479053}" = Jewel Empire-Hidden Secrets
"{61D6E4FB-1A62-4EB1-BE56-929B00C155CF}" = Wireless LAN Starter
"{63B8FB69-A1B6-425D-B67D-5257B7A1F663}" = Image Converter 2 Plus
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{668B1BD6-4593-4959-970E-249AFFE6F35C}" = VOR
"{685BCC47-B8EC-45EC-BBCE-77DF2451502C}" = DVgate Plus
"{6AB2427E-A18F-4809-9A12-29F5EBABBB3A}" = Nero BackItUp 11 Help (CHM)
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6B1F20F2-6321-4669-A58C-33DF8E7517FF}" = VAIO Entertainment Platform
"{7228FD8C-3B9E-4204-AE36-8A466107685B}" = Windows Workflow Foundation DE Language Pack
"{785EB1D4-ECEC-4195-99B4-73C47E187721}" = VAIO Media Integrated Server 5.0
"{7DF2B5EE-2C16-4E86-9C71-8678068AD805}" = Nero 11 Disc Menus 2
"{7F9C9908-69E3-4474-A081-256F27995A18}" = My Net View
"{8014FACB-1D1D-48C2-94AA-E29EE2E6B9CE}" = Nero WaveEditor 11
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 4.9.0
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8937FCB2-2FC6-4FC3-9FB5-DE2C92DB9C38}" = Microsoft .NET Framework 2.0 Language Pack - DEU
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8EDBA74D-0686-4C99-BFDD-F894678E5102}" = Adobe Common File Installer
"{8FFC924C-ED06-44CB-8867-3CA778ECE903}" = Adobe Help Center 2.0
"{9080C5D2-82FA-452A-87FA-CBB4B05D67A5}" = VPS
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD for VAIO
"{9193490D-5229-4FC4-9BB9-A6D63C09574A}" = High-Definition Video Playback
"{92DF2F1B-F63C-4D9A-B3E1-B2D11AE29790}" = Windows Presentation Foundation Language Pack (DEU)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9CC89556-3578-48DD-8408-04E66EBEF401}" = mXML
"{9E319E96-ED8E-4B01-9775-C521A1869A25}" = VAIO Power Management
"{9E407618-D9CD-4F39-9490-9ED45294073D}" = Click to DVD 2.0.03 Menu Data
"{9FC86590-AC98-4845-80D4-3EB37B51947B}" = Nero 11
"{A0EB195B-5876-48E6-879D-33D4B2102610}" = SonicStage 3.3
"{A0F34849-D9AB-46DD-B1BE-BB0DB60B1FE8}" = Nero 11 Disc Menus 1
"{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}" = mDriver
"{A2CDC001-F8B3-4C64-9E74-2E3FA0FAC9D9}" = Nero 11 Video Samples
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A3810BEE-967B-41DC-9662-F941A3F7D689}" = calibre
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A4F6BE36-4826-45BA-A396-04F265A3B61D}" = Nero 11 Kwik Themes 2
"{A7A0BF2E-31CC-49E3-9913-52C503EB969D}" = Nero Audio Pack 1
"{AB2BBC64-8AC8-4E66-BBF3-E22D5EACEECA}" = Nero BackItUp 11
"{AB467B85-4F52-48C2-AEED-0673D00417B0}" = SonicStage Mastering Studio Audio Filter
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Roxio DigitalMedia Audio
"{ABBD2A2E-2424-4078-966F-F319A88D5F21}" = VAIO Starfish Wallpaper
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.5) - Deutsch
"{ACD6B383-EC5B-4000-A455-CCB308B447FE}" = Nero 11 Kwik Themes 4
"{AF9A04EB-7D8E-41DE-9EDE-4AB9BB2B71B6}" = VAIO Media Registration Tool 5.0
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Roxio DigitalMedia Copy
"{B160A672-F326-4414-9BB0-A056C61B357C}" = Nero 11 Cliparts
"{B1846721-A8E6-46C7-83B6-0DCF7ADB4267}" = Nero Burning ROM 11
"{B1F69AF3-B5B5-4CA5-ADC5-8A738EB6E574}" = Nero 11 Kwik Themes 1
"{B26E3B0D-C2FA-4370-B068-7C476766F029}" = Microsoft Works
"{B3F1E526-180B-4480-9FEC-3E2DCB8EA9CE}" = F-Secure PSC Prerequisites
"{B7C03E84-AF46-42F4-809D-D4127D9086D0}" = VAIO Edit Components 6.0
"{B9B1BA7F-7E07-49DD-A713-5B397A5BB66B}" = Nero Kwik Media Help (CHM)
"{BA499CC0-12C0-4BA5-9007-76844B721158}" = Nero 11 Kwik Themes 3
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BE56FEF0-1A0F-4719-B3AD-34B5087AFA6D}" = Sony Video Shared Library
"{BE814218-3919-4EA3-868A-2F60BC135CB4}" = Nero Kwik Media
"{BEBEE34D-84A2-4EDD-8BEA-96CC54371263}" = Nero Core Components 11
"{BF3B304B-8A18-452D-A19F-6012CA8418D7}" = SonicStage Mastering Studio 2.1
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C27BF761-C499-488D-A964-A3718BC6EC3E}" = DSD Direct
"{C89EB8CD-675F-44F4-9729-4C9A8FAC2D4F}" = DSD Playback Plug-In 1.0
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCE210DF-7EEF-4A76-A63C-3EB091FDB992}" = welcome
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE518445-0054-44F8-8315-2AD45BF3701E}" = Raw Therapee V4.0.9.50 x86
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{D010EBB6-6CDB-4360-90ED-743156F3E11F}" = LibreOffice 3.5 Help Pack (German)
"{D01CE99A-8802-483C-A79F-298B691EB432}" = Nero RescueAgent 11 Help (CHM)
"{D2CBEFA4-F2D3-4E97-A171-8BFD6A31A5EC}" = Nero Express 11 Help (CHM)
"{D2D23D08-D10E-43D6-883C-78E0B2AC9CC6}" = VU5x86
"{D4D66270-9147-4BDF-9946-FCA2B303AA8F}" = Nero ControlCenter 11 Help (CHM)
"{E09B48B5-E141-427A-AB0C-D3605127224A}" = Microsoft SQL Server Desktop Engine (VAIO_VEDB)
"{E10AAE4A-98B8-420A-BD93-E0520C23D624}" = Nero Express 11
"{E4715C25-7114-4F40-A915-C1951D4D7520}" = VAIO Update Merge Module x86
"{E51BC4B0-EA5E-49CC-AF3B-93B5C627EC22}" = Nero 11 Effects Basic
"{E5E6E687-1031-0000-0000-000000000002}" = Adobe Acrobat  7.0 Elements - Deutsch
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{E809063C-51A3-4269-8984-D1EB742F2151}" = Click to DVD 2.5.00
"{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore
"{EB8DED20-A887-4A9C-BB5A-F3E7523DFB44}" = Nero WaveEditor 11 Help (CHM)
"{EBB7C1C1-D439-4D9B-9FDC-954C10F266B0}" = Adobe Photoshop Elements 4.0
"{EE7EB179-5AA2-4B28-AC92-5CBAAF82BA7F}" = SonicStage Mastering Studio Plugins
"{EF3D45BB-2260-4008-88EA-492E7744A9DF}" = Sony Utilities DLL
"{F0AC2E59-2AD8-4D4C-8677-4EFE8F8AFC37}" = Box Sync
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0D85ADD-DD61-4B43-87A0-6DA52A211A8B}" = VAIO Event Service
"{F2A7F421-1679-48D5-B918-96999014ED53}" = Microsoft .NET Framework 3.0 German Language Pack
"{F3743A2C-5D5F-4456-8F98-5DF36A954C50}" = Nero 11 Image Samples
"{F49EF443-B2BD-4F10-8A46-87AFCDB90EDD}" = Nero 11 Disc Menus Basic
"{F5E4C38C-73BC-4D44-8BFC-969C2B4DABCA}" = OpenMG Secure Module 4.3.00
"{F69FB940-5031-4FE8-AFAD-085802D0BF63}" = Nero Recode 11
"{F8EF9B71-53E7-41F5-8E54-47B4C979CB38}" = Nero Backup Drivers
"{FAC3C37E-EDAB-4F3A-A173-A7C70CC88F09}" = Nero Video 11 Help (CHM)
"{FB714F13-10C9-48DB-91C9-DDBCCCBF9370}" = VAIO Original Screen Saver VAIO Cozy Screen SD Wide Contents
"{FC37C108-821D-4EDE-8F40-D5B497586805}" = VAIO Control Center
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"{FF44BCE5-5A18-4051-85F0-BC172D7B4695}" = Nero CoverDesigner 11
"7-Zip" = 7-Zip 9.20
"Adobe Acrobat  7.0 Elements - Deutsch" = Adobe Acrobat  7.0 Elements - Deutsch
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop Elements 4" = Adobe Photoshop Elements 4.0
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.17
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_20030003" = HDAUDIO SoftV92 Data Fax Modem with SmartCP
"Digital Editions" = Adobe Digital Editions
"ESET Online Scanner" = ESET Online Scanner v3
"Exact Audio Copy" = Exact Audio Copy 1.0beta3
"Exif-Viewer" = Exif-Viewer 2.51
"FastStone Photo Resizer" = FastStone Photo Resizer 3.1
"F-Secure Product 444" = F-Secure Internet Security 2009
"GIMP-2_is1" = GIMP 2.8.0
"Hardcopy(G__hardcopy)" = Hardcopy (G:\hardcopy)
"HxD Hex Editor_is1" = HxD Hex Editor Version 1.7.7.0
"ie8" = Windows Internet Explorer 8
"Inkscape" = Inkscape 0.48.2
"InstallShield_{15803703-25FA-4C01-A062-3F4A59937E87}" = Ulead PhotoImpact X3
"InstallShield_{668B1BD6-4593-4959-970E-249AFFE6F35C}" = VAIO-Online-Registrierung (Deutsch)
"InstallShield_{9080C5D2-82FA-452A-87FA-CBB4B05D67A5}" = VAIO Product Survey
"InstallShield_{F5E4C38C-73BC-4D44-8BFC-969C2B4DABCA}" = OpenMG Secure Module 4.3.00
"MAGIX Xtreme Druck Center D" = MAGIX Xtreme Druck Center 5.0.0.7399 (D)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"Mein CEWE FOTOBUCH" = Mein CEWE FOTOBUCH
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 2.0 Language Pack - DEU" = Microsoft .NET Framework 2.0 Language Pack - DEU
"Microsoft .NET Framework 3.0 German Language Pack" = Microsoft .NET Framework 3.0 German Language Pack
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"MouseSuite98" = Sony USB Mouse
"Mozilla Firefox 18.0 (x86 de)" = Mozilla Firefox 18.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MP4 To MP3 Converter_is1" = MP4 To MP3 Converter V3.0.4
"Multiple Image Resizer .NET 4" = Multiple Image Resizer .NET 4
"My Club VAIO Media Center Edition_is1" = My Club VAIO MCE (German) 1.0.1
"net.tw.air.ShrinkOMatic.7C34F9BA9FAD6689FAABBE85F1F5B46BA5A32DE5.1" = Shrink O’Matic
"Notepad++" = Notepad++
"NVIDIA Drivers" = NVIDIA Drivers
"OpenMG HotFix4.3-05-09-14-01" = OpenMG Limited Patch 4.3-05-10-05-01
"PremElem20" = Adobe Premiere Elements 2.0
"ProInst" = Intel(R) PROSet/Wireless Software
"PROSet" = Intel(R) PRO Network Connections Drivers
"ShiftN_is1" = ShiftN 3.6.1
"Software Informer_is1" = Software Informer 1.1
"STRATO HiDrive" = STRATO HiDrive (remove only)
"The GodFather" = The GodFather
"Ubuntu One 4.0.0" = Ubuntu One
"UnderCoverXP_is1" = UnderCoverXP 1.23
"VLC media player" = VLC media player 2.0.4
"WD Link" = WD Link
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows XP Service Pack" = Windows XP Service Pack 3
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-2067509887-573568312-3817669188-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"TwonkyServer" = Twonky 7
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 21.07.2012 16:55:28 | Computer Name = LAPTOP-PC | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung firefox.exe, Version 13.0.1.4548, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
Error - 21.07.2012 18:22:07 | Computer Name = LAPTOP-PC | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung firefox.exe, Version 13.0.1.4548, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
Error - 21.07.2012 18:27:20 | Computer Name = LAPTOP-PC | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung firefox.exe, Version 13.0.1.4548, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
Error - 23.07.2012 14:08:02 | Computer Name = LAPTOP-PC | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung FlashPlayerUpdateService.exe, Version 11.3.300.265,
 fehlgeschlagenes Modul ntdll.dll, Version 5.1.2600.6055, Fehleradresse 0x000113c0.
 
Error - 31.07.2012 16:08:18 | Computer Name = LAPTOP-PC | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung FlashPlayerUpdateService.exe, Version 11.3.300.268,
 fehlgeschlagenes Modul ntdll.dll, Version 5.1.2600.6055, Fehleradresse 0x000113c0.
 
Error - 07.08.2012 15:58:13 | Computer Name = LAPTOP-PC | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung pdf24-Editor.exe, Version 4.6.0.0, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
Error - 07.08.2012 16:03:45 | Computer Name = LAPTOP-PC | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung pdf24-Editor.exe, Version 4.6.0.0, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
Error - 07.08.2012 16:09:08 | Computer Name = LAPTOP-PC | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung pdf24-Editor.exe, Version 4.6.0.0, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
[ System Events ]
Error - 17.01.2013 18:15:56 | Computer Name = LAPTOP-PC | Source = DCOM | ID = 10010
Description = Der Server "{4B635ECB-0887-4015-8CA6-D621362F98D1}" konnte innerhalb
 des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
 
Error - 17.01.2013 18:46:26 | Computer Name = LAPTOP-PC | Source = DCOM | ID = 10010
Description = Der Server "{4B635ECB-0887-4015-8CA6-D621362F98D1}" konnte innerhalb
 des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
 
Error - 17.01.2013 19:16:56 | Computer Name = LAPTOP-PC | Source = DCOM | ID = 10010
Description = Der Server "{4B635ECB-0887-4015-8CA6-D621362F98D1}" konnte innerhalb
 des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
 
Error - 17.01.2013 19:47:26 | Computer Name = LAPTOP-PC | Source = DCOM | ID = 10010
Description = Der Server "{4B635ECB-0887-4015-8CA6-D621362F98D1}" konnte innerhalb
 des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
 
Error - 17.01.2013 20:08:01 | Computer Name = LAPTOP-PC | Source = Windows Update Agent | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
 Fehler 0x80070643 fehlgeschlagen: Sicherheitsupdate für Microsoft .NET Framework
 1.1 SP1 unter Windows XP, Windows Vista und Windows Server 2008 x86 (KB2742597)
 
Error - 18.01.2013 07:25:22 | Computer Name = LAPTOP-PC | Source = DCOM | ID = 10010
Description = Der Server "{4B635ECB-0887-4015-8CA6-D621362F98D1}" konnte innerhalb
 des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
 
Error - 18.01.2013 07:26:53 | Computer Name = LAPTOP-PC | Source = DCOM | ID = 10010
Description = Der Server "{4B635ECB-0887-4015-8CA6-D621362F98D1}" konnte innerhalb
 des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
 
Error - 18.01.2013 07:28:23 | Computer Name = LAPTOP-PC | Source = DCOM | ID = 10010
Description = Der Server "{4B635ECB-0887-4015-8CA6-D621362F98D1}" konnte innerhalb
 des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
 
Error - 18.01.2013 07:29:53 | Computer Name = LAPTOP-PC | Source = DCOM | ID = 10010
Description = Der Server "{4B635ECB-0887-4015-8CA6-D621362F98D1}" konnte innerhalb
 des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
 
Error - 18.01.2013 07:31:23 | Computer Name = LAPTOP-PC | Source = DCOM | ID = 10010
Description = Der Server "{4B635ECB-0887-4015-8CA6-D621362F98D1}" konnte innerhalb
 des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
 
 
< End of report >

wolfk 18.01.2013 13:06
Hallo Cosinus, :taenzer:

ich hatte ja gehofft, dass wir so weit kommen würden. Nur der Aufwand und das
Wissen, das erforderlich ist um zu diesem Ergebnis zu kommen, ist phänomenal.
An dieser Stelle schon einmal ein dickes Dankeschön. Danke auch für die Zeit,
die Du Dir genommen hast und für die Geduld, die zumindest zu Anfang erforderlich
war. Ich bin zu einem verständnisvolleren "Benutzer mit Kenntnissen" gereift und
werde auch künftig dem Trojaner-Board verbunden sein und vor allen Dingen Werbung
machen.

Nun zur heutigen Aufgabenstellung. Den Doppelklick auf die OTL.exe habe ich
vorgenommen und durch einen Klick auf Run Scan links oben das Programm gestartet.
Vorab hatte ich mittig den Haken bei "Scanne alle Benutzer" gesetzt, minimalen
Output gewählt und unter Extra Registry Use Safelist gewählt.

Die nach Beendigung des Scans erstellten 2 Logfiles habe ich in CODE-Tags in den
Thread gepostet (anbei).

Gruß

Wolfk

OTL.Txt-Editor

Code:
OTL logfile created on: 18.01.2013 12:50:12 - Run 7
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Dokumente und Einstellungen\Wolfgang\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,34 Gb Available Physical Memory | 66,87% Memory free
3,85 Gb Paging File | 3,24 Gb Available in Paging File | 84,27% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 48,83 Gb Total Space | 27,36 Gb Free Space | 56,02% Space Free | Partition Type: NTFS
Drive D: | 140,58 Gb Total Space | 125,15 Gb Free Space | 89,03% Space Free | Partition Type: FAT32
Drive F: | 48,83 Gb Total Space | 35,30 Gb Free Space | 72,30% Space Free | Partition Type: NTFS
Drive G: | 75,89 Gb Total Space | 68,83 Gb Free Space | 90,70% Space Free | Partition Type: NTFS
Drive J: | 50,27 Gb Total Space | 50,26 Gb Free Space | 100,00% Space Free | Partition Type: FAT32
Drive N: | 465,73 Gb Total Space | 115,08 Gb Free Space | 24,71% Space Free | Partition Type: NTFS
 
Computer Name: LAPTOP-PC | User Name: Wolfgang | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - G:\Eigene Programme\F-Secure\Anti-Virus\fssm32.exe (F-Secure Corporation)
PRC - G:\Eigene Programme\F-Secure\Anti-Virus\fsgk32.exe (F-Secure Corporation)
PRC - C:\Dokumente und Einstellungen\Wolfgang\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Box Sync\BoxSyncHelper.exe (Box, Inc.)
PRC - C:\Programme\Box Sync\BoxSync.exe (Box, Inc.)
PRC - C:\Programme\ubuntuone\dist\ubuntu-sso-login.exe ()
PRC - C:\Programme\ubuntuone\dist\ubuntuone-syncdaemon.exe ()
PRC - C:\Programme\ubuntuone\dist\ubuntuone-proxy-tunnel.exe ()
PRC - C:\Programme\ubuntuone\dist\ubuntuone-control-panel-qt.exe ()
PRC - C:\Programme\Twonky\TwonkyServer\twonkyproxy.exe ()
PRC - C:\Programme\Twonky\TwonkyServer\twonkywebdav.exe ()
PRC - C:\Programme\Twonky\TwonkyServer\twonkytray.exe (PacketVideo)
PRC - C:\Programme\Java\jre7\bin\jqs.exe (Oracle Corporation)
PRC - G:\Programme\PDF24\pdf24.exe (Geek Software GmbH)
PRC - C:\Programme\Gemeinsame Dateien\Java\Java Update\jucheck.exe (Sun Microsystems, Inc.)
PRC - C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
PRC - G:\hardcopy\hardcopy.exe (sw4you, Siegfried Weckmann)
PRC - G:\Programme\STRATO AG\STRATO HiDrive\STRATO HiDrive Service.exe (STRATO)
PRC - C:\Programme\Software Informer\softinfo.exe (Informer Technologies, Inc.)
PRC - C:\Programme\Nero\Update\NASvc.exe (Nero AG)
PRC - G:\Eigene Programme\F-Secure\Common\FSMA32.EXE (F-Secure Corporation)
PRC - G:\Eigene Programme\F-Secure\Common\FSLAUNCH.EXE (F-Secure Corporation)
PRC - G:\Eigene Programme\F-Secure\Anti-Virus\fsgk32st.exe (F-Secure Corporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Gemeinsame Dateien\Ulead Systems\AutoDetector\Monitor.exe (Ulead Systems, Inc.)
PRC - C:\Programme\Sony\VAIO Camera Utility\VCUServe.exe (Sony Corporation)
PRC - C:\Programme\Sony\VAIO Power Management\SPMgr.exe (Sony Corporation)
PRC - C:\Programme\Sony\Wireless Switch Setting Utility\Switcher.exe (Sony Corporation)
PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.)
PRC - C:\Programme\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe ()
PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe (TOSHIBA CORPORATION.)
PRC - C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe (Sony Corporation)
PRC - C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe (Sony Corporation)
PRC - C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe (Sony Corporation)
PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe (TOSHIBA CORPORATION.)
PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe (TOSHIBA CORPORATION.)
PRC - C:\Programme\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation)
PRC - C:\Programme\Adobe\Acrobat 7.0\Distillr\acrotray.exe (Adobe Systems Inc.)
PRC - C:\Programme\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
PRC - C:\Programme\Apoint\ApntEx.exe (Alps Electric Co., Ltd.)
PRC - C:\Programme\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
PRC - C:\WINDOWS\system32\ico.exe (Primax Electronics Ltd.)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\BoxSyncHelper\69a33ca4d86dd204a06bebc087d60b26\BoxSyncHelper.ni.exe ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Newtonsoft.Json.Net#\ad7f1ab6eb4d4760d6a44da93a726174\Newtonsoft.Json.Net20.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Python.Runtime\e504461905e60c71e7b15698bca2b340\Python.Runtime.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Management\1a6f9e23985e3159e6dd9827fd81c2fd\System.Management.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\ZetaLongPaths\79a6c14accd5a637a81f08525630c90e\ZetaLongPaths.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\BoxUtils\8fcb0e3bc42873044d8bb5ba01a4fd68\BoxUtils.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\BoxSync\a3b01b2b9821350be75712b900bf5589\BoxSync.ni.exe ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\5f287bf8e66e3b9bfc5562ad7e3c7857\System.Configuration.Install.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\d8e6b9c70a9456677c5d746fa603013f\System.Web.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\d7a2248a76f0e94d56c92c5bf96f5175\System.Runtime.Remoting.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Transactions\ad737988d5bde126a3b7770eacc51e5b\System.Transactions.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data\8462c03b4f10c4624feb95790d6d1e30\System.Data.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Accessibility\cbee94ec6a0fe649e3b4643cea6e1259\Accessibility.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\4c91371e83d124ecb39664613e7e0417\System.Windows.Forms.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\7782f356a838c403b4a8e9c80df5a577\System.Drawing.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Security\203f25ba39b45027d2d0c8f849a471db\System.Security.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\d8f621506aee1c8eb8fdb948d4640dca\System.Data.SqlXml.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\fe025743210c22bea2f009e1612c38bf\System.Xml.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\96b7a0136e9e72e8f4eb0230c20766d2\System.Configuration.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\aeac298c43c77d8860db8e7634d9f2eb\System.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\eab2340ead8e1a84bdf1a87868659979\mscorlib.ni.dll ()
MOD - C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll ()
MOD - C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll ()
MOD - C:\Programme\ubuntuone\dist\ubuntu-sso-login.exe ()
MOD - C:\Programme\ubuntuone\dist\ubuntuone-syncdaemon.exe ()
MOD - C:\Programme\ubuntuone\dist\ubuntuone-proxy-tunnel.exe ()
MOD - C:\Programme\ubuntuone\dist\ubuntuone-control-panel-qt.exe ()
MOD - C:\Programme\Twonky\TwonkyServer\twonkyproxy.exe ()
MOD - C:\Programme\Twonky\TwonkyServer\twonkywebdav.exe ()
MOD - C:\Programme\ubuntuone\dist\zope.interface._zope_interface_coptimizations.pyd ()
MOD - C:\Programme\ubuntuone\dist\OpenSSL.crypto.pyd ()
MOD - C:\Programme\ubuntuone\dist\OpenSSL.SSL.pyd ()
MOD - C:\Programme\ubuntuone\dist\OpenSSL.rand.pyd ()
MOD - C:\Programme\ubuntuone\dist\Crypto.Cipher.AES.pyd ()
MOD - C:\Programme\ubuntuone\dist\twisted.python._initgroups.pyd ()
MOD - C:\Programme\Box Sync\_ssl.pyd ()
MOD - C:\Programme\Box Sync\unicodedata.pyd ()
MOD - C:\Programme\Box Sync\sqlite3.dll ()
MOD - C:\Programme\Box Sync\_hashlib.pyd ()
MOD - C:\Programme\Box Sync\pyexpat.pyd ()
MOD - C:\Programme\Box Sync\win32file.pyd ()
MOD - C:\Programme\Box Sync\pywintypes27.dll ()
MOD - C:\Programme\Box Sync\win32security.pyd ()
MOD - C:\Programme\Box Sync\win32api.pyd ()
MOD - C:\Programme\Box Sync\_elementtree.pyd ()
MOD - C:\Programme\Box Sync\_ctypes.pyd ()
MOD - C:\Programme\Box Sync\_sqlite3.pyd ()
MOD - C:\Programme\Box Sync\_socket.pyd ()
MOD - C:\Programme\Box Sync\_testcapi.pyd ()
MOD - C:\Programme\Box Sync\_win32sysloader.pyd ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Core\a2b1103ad3d9f329e0c9164994137c81\System.Core.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml\21071fcc838660d96f10920c4c3cd206\System.Xml.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Configuration\363b05dd092178671e56531a9c4999b6\System.Configuration.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System\3ff4657a86a0e14b4be577969e0ec762\System.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\mscorlib\52f4f785f7cf45a64606a8e13c8cf04c\mscorlib.ni.dll ()
MOD - C:\Programme\ubuntuone\dist\PyQt4.QtNetwork.pyd ()
MOD - C:\Programme\ubuntuone\dist\PyQt4.QtGui.pyd ()
MOD - C:\Programme\ubuntuone\dist\PyQt4.QtCore.pyd ()
MOD - C:\Programme\ubuntuone\dist\sip.pyd ()
MOD - G:\Eigene Programme\F-Secure\Anti-Virus\minifilter\hashlib_x86.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - G:\hardcopy\HcDllS.dll ()
MOD - C:\Programme\ubuntuone\dist\_ssl.pyd ()
MOD - C:\Programme\ubuntuone\dist\_hashlib.pyd ()
MOD - C:\Programme\ubuntuone\dist\_ctypes.pyd ()
MOD - C:\Programme\ubuntuone\dist\select.pyd ()
MOD - C:\Programme\ubuntuone\dist\unicodedata.pyd ()
MOD - C:\Programme\ubuntuone\dist\_socket.pyd ()
MOD - G:\hardcopy\HcDLL2_36_Win32.dll ()
MOD - C:\Programme\ubuntuone\dist\win32com.shell.shell.pyd ()
MOD - C:\Programme\ubuntuone\dist\pythoncom27.dll ()
MOD - C:\Programme\ubuntuone\dist\win32gui.pyd ()
MOD - C:\Programme\ubuntuone\dist\win32api.pyd ()
MOD - C:\Programme\ubuntuone\dist\win32trace.pyd ()
MOD - C:\Programme\ubuntuone\dist\win32security.pyd ()
MOD - C:\Programme\ubuntuone\dist\win32process.pyd ()
MOD - C:\Programme\ubuntuone\dist\win32pipe.pyd ()
MOD - C:\Programme\ubuntuone\dist\win32event.pyd ()
MOD - C:\Programme\ubuntuone\dist\win32file.pyd ()
MOD - C:\Programme\ubuntuone\dist\pywintypes27.dll ()
MOD - G:\hardcopy\hardcopy_04.dll ()
MOD - C:\WINDOWS\system32\sbe.dll ()
MOD - G:\Eigene Programme\F-Secure\Spam Control\fsas.dll ()
MOD - \\?\g:\eigene programme\f-secure\hips\fsumi.dll ()
MOD - g:\Eigene Programme\F-Secure\DAAS2\daas2.dll ()
MOD - C:\WINDOWS\system32\msdmo.dll ()
MOD - C:\Programme\Gemeinsame Dateien\Ulead Systems\AutoDetector\DetMethod.dll ()
MOD - C:\WINDOWS\system32\msjetoledb40.dll ()
MOD - C:\Programme\Sony\VAIO Camera Utility\VCULib.dll ()
MOD - C:\Programme\Intel\Wireless\Bin\Libeay32.dll ()
MOD - C:\Programme\Intel\Wireless\Bin\iWMSProv.dll ()
MOD - C:\Programme\Intel\Wireless\Bin\IntStngs.dll ()
MOD - C:\Programme\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe ()
MOD - C:\WINDOWS\system32\TosCommAPI.dll ()
MOD - C:\Programme\Sony\VAIO Event Service\VESBasePS.dll ()
MOD - C:\Programme\Adobe\Acrobat 7.0\Distillr\AdistRes.DEU ()
MOD - C:\WINDOWS\system32\TosBtHcrpAPI.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (HidServ) -- %SystemRoot%\System32\hidserv.dll File not found
SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (TwonkyProxy) -- C:\Programme\Twonky\TwonkyServer\twonkyproxy.exe ()
SRV - (TwonkyWebDav) -- C:\Programme\Twonky\TwonkyServer\twonkywebdav.exe ()
SRV - (JavaQuickStarterService) -- C:\Programme\Java\jre7\bin\jqs.exe (Oracle Corporation)
SRV - (FSORSPClient) -- G:\Eigene Programme\F-Secure\ORSP Client\fsorsp.exe (F-Secure Corporation)
SRV - (VUAgent) -- C:\Programme\Sony\VAIO Update Common\VUAgent.exe (Sony Corporation)
SRV - (STRATO HiDrive Service) -- G:\Programme\STRATO AG\STRATO HiDrive\STRATO HiDrive Service.exe (STRATO)
SRV - (NAUpdate) -- C:\Programme\Nero\Update\NASvc.exe (Nero AG)
SRV - (FSMA) -- G:\Eigene Programme\F-Secure\Common\FSMA32.EXE (F-Secure Corporation)
SRV - (FSDFWD) -- G:\Eigene Programme\F-Secure\FWES\program\fsdfwd.exe (F-Secure Corporation)
SRV - (F-Secure Gatekeeper Handler Starter) -- G:\Eigene Programme\F-Secure\Anti-Virus\fsgk32st.exe (F-Secure Corporation)
SRV - (VAIOMediaPlatform-IntegratedServer-AppServer) -- C:\Programme\Sony\VAIO Media Integrated Server\VMISrv.exe (Sony Corporation)
SRV - (VAIOMediaPlatform-IntegratedServer-UPnP) -- C:\Programme\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe (Sony Corporation)
SRV - (VAIOMediaPlatform-IntegratedServer-HTTP) -- C:\Programme\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe (Sony Corporation)
SRV - (VAIOMediaPlatform-Mobile-Gateway) -- C:\Programme\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe (Sony Corporation)
SRV - (VAIO Entertainment TV Device Arbitration Service) -- C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe (Sony Corporation)
SRV - (SSScsiSV) -- C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\SSScsiSV.exe (Sony Corporation)
SRV - (AdobeActiveFileMonitor4.0) -- C:\Programme\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe ()
SRV - (VzCdbSvc) -- C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe (Sony Corporation)
SRV - (VzFw) -- C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe (Sony Corporation)
SRV - (Vcsw) -- C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe (Sony Corporation)
SRV - (MSCSPTISRV) -- C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\MSCSPTISRV.exe (Sony Corporation)
SRV - (PACSPTISVR) -- C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\PACSPTISVR.exe (Sony Corporation)
SRV - (SPTISRV) -- C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\SPTISRV.exe (Sony Corporation)
SRV - (Image Converter video recording monitor for VAIO Entertainment) -- C:\Programme\Sony\Image Converter 2\IcVzMon.exe (Sony Corporation)
SRV - (VAIO Event Service) -- C:\Programme\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation)
SRV - (VCI) -- C:\Programme\Sony\VAIO Cooperated Initialisation\VCI_svc.exe (Sony Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (WDICA) --  File not found
DRV - (PDRFRAME) --  File not found
DRV - (PDRELI) --  File not found
DRV - (PDFRAME) --  File not found
DRV - (PDCOMP) --  File not found
DRV - (PCIDump) --  File not found
DRV - (lbrtfdc) --  File not found
DRV - (i2omgmt) --  File not found
DRV - (esihdrv) -- C:\DOKUME~1\Wolfgang\LOKALE~1\Temp\esihdrv.sys File not found
DRV - (Changer) --  File not found
DRV - (catchme) -- C:\DOKUME~1\Wolfgang\LOKALE~1\Temp\catchme.sys File not found
DRV - (F-Secure Gatekeeper) -- G:\Eigene Programme\F-Secure\Anti-Virus\minifilter\fsgk.sys ()
DRV - (fsbts) -- C:\WINDOWS\system32\drivers\fsbts.sys ()
DRV - (NBVol) -- C:\WINDOWS\system32\drivers\NBVol.sys (Nero AG)
DRV - (NBVolUp) -- C:\WINDOWS\system32\drivers\NBVolUp.sys (Nero AG)
DRV - (tap0901) -- C:\WINDOWS\system32\drivers\tap0901.sys (The OpenVPN Project)
DRV - (F-Secure HIPS) -- G:\Eigene Programme\F-Secure\HIPS\drivers\fshs.sys (F-Secure Corporation)
DRV - (FSFW) -- C:\WINDOWS\system32\drivers\fsdfw.sys (F-Secure Corporation)
DRV - (F-Secure Filter) -- G:\Eigene Programme\F-Secure\Anti-Virus\win2k\fsfilter.sys ()
DRV - (F-Secure Recognizer) -- G:\Eigene Programme\F-Secure\Anti-Virus\win2k\fsrec.sys ()
DRV - (WDC_SAM) -- C:\WINDOWS\system32\drivers\wdcsam.sys (Western Digital Technologies)
DRV - (SonyImgF) -- C:\WINDOWS\system32\drivers\SonyImgF.sys (Sony Corporation)
DRV - (s24trans) -- C:\WINDOWS\system32\drivers\s24trans.sys (Intel Corporation)
DRV - (w39n51) -- C:\WINDOWS\system32\drivers\w39n51.sys (Intel® Corporation)
DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (SigmaTel, Inc.)
DRV - (Tosrfusb) -- C:\WINDOWS\system32\drivers\tosrfusb.sys (TOSHIBA CORPORATION)
DRV - (TosRfSnd) -- C:\WINDOWS\system32\drivers\tosrfsnd.sys (TOSHIBA Corporation)
DRV - (usbvm321) -- C:\WINDOWS\system32\drivers\usbvm321.sys (Vimicro Corporation)
DRV - (HSF_DPV) -- C:\WINDOWS\system32\drivers\HSF_DPV.sys (Conexant Systems, Inc.)
DRV - (HSFHWAZL) -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (Tosrfbd) -- C:\WINDOWS\system32\drivers\tosrfbd.sys (TOSHIBA CORPORATION)
DRV - (Tosrfhid) -- C:\WINDOWS\system32\drivers\tosrfhid.sys (TOSHIBA Corporation.)
DRV - (ti21sony) -- C:\WINDOWS\system32\drivers\ti21sony.sys (Texas Instruments)
DRV - (SI3132) -- C:\WINDOWS\system32\drivers\SI3132.sys (Silicon Image, Inc.)
DRV - (SiRemFil) -- C:\WINDOWS\system32\drivers\SiRemFil.sys (Silicon Image, Inc.)
DRV - (tosporte) -- C:\WINDOWS\system32\drivers\tosporte.sys (TOSHIBA Corporation)
DRV - (Tosrfbnp) -- C:\WINDOWS\system32\drivers\tosrfbnp.sys (TOSHIBA Corporation)
DRV - (Tosrfcom) -- C:\WINDOWS\system32\drivers\tosrfcom.sys (TOSHIBA Corporation)
DRV - (toshidpt) -- C:\WINDOWS\system32\drivers\toshidpt.sys (TOSHIBA Corporation.)
DRV - (tosrfnds) -- C:\WINDOWS\system32\drivers\tosrfnds.sys (TOSHIBA Corporation.)
DRV - (ApfiltrService) -- C:\WINDOWS\system32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (SiFilter) -- C:\WINDOWS\system32\drivers\SiWinAcc.sys (Silicon Image, Inc.)
DRV - (DMICall) -- C:\WINDOWS\system32\drivers\DMICall.sys (Sony Corporation)
DRV - (SNC) -- C:\WINDOWS\system32\drivers\SonyNC.sys (Sony Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.club-vaio.com/de/
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.club-vaio.com/de/
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-21-2067509887-573568312-3817669188-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-21-2067509887-573568312-3817669188-1006\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-2067509887-573568312-3817669188-1006\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-2067509887-573568312-3817669188-1006\..\SearchScopes\{AF0B3699-313C-47CE-B187-97C181997C92}: "URL" = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKU\S-1-5-21-2067509887-573568312-3817669188-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: ""
FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.order.1: ""
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "hxxp://www.kottowski.de"
FF - prefs.js..extensions.enabledAddons: spam%40trashmail.net:2.6.2
FF - prefs.js..extensions.enabledAddons: litmus-ff%40f-secure.com:1.10
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Programme\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Nero.com/KM: C:\PROGRA~1\GEMEIN~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.4: G:\Programme\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: G:\Programme\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101753.dll (Amazon.com, Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\litmus-ff@f-secure.com: G:\Eigene Programme\F-Secure\NRS\litmus-ff@f-secure.com [2013.01.03 20:18:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0\extensions\\Components: g:\programme\mozilla firefox\components [2013.01.10 20:43:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0\extensions\\Plugins: g:\programme\mozilla firefox\plugins
 
[2012.06.10 19:48:52 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Wolfgang\Anwendungsdaten\Mozilla\Extensions
[2012.12.02 20:03:37 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Wolfgang\Anwendungsdaten\Mozilla\Firefox\Profiles\jp8vstay.default\extensions
[2012.12.02 20:03:37 | 000,217,069 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\Wolfgang\Anwendungsdaten\Mozilla\Firefox\Profiles\jp8vstay.default\extensions\spam@trashmail.net.xpi
[2013.01.03 20:18:32 | 000,000,000 | ---D | M] ("urn:mozilla:install-manifest" em:creator="(c) 2007 by F-Secure" em:description="Browsing Protection Toolbar" em:homepageURL="hxxp://www.f-secure.com/" em:iconURL="chrome://litmus-ff/skin/logo.png" em:id="litmus-ff@f-secure.com" em:name="Browsing Protection" em:updateURL="https://10.70.0.25/fireup/update.rdf" em:version="1.10">) -- G:\EIGENE PROGRAMME\F-SECURE\NRS\LITMUS-FF@F-SECURE.COM
 
O1 HOSTS File: ([2013.01.17 18:34:06 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: ::1      localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Programme\Google\GoogleToolbar1.dll (Google Inc.)
O2 - BHO: (Browsing Protection Class) - {C6867EB7-8350-4856-877F-93CF8AE3DC9C} - G:\Eigene Programme\F-Secure\NRS\iescript\baselitmus.dll (F-Secure Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Programme\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Browsing Protection Toolbar) - {265EEE8E-3228-44D3-AEA5-F7FDF5860049} - G:\Eigene Programme\F-Secure\NRS\iescript\baselitmus.dll (F-Secure Corporation)
O3 - HKU\S-1-5-21-2067509887-573568312-3817669188-1006\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Programme\Google\GoogleToolbar1.dll (Google Inc.)
O4 - HKLM..\Run: [Acrobat Assistant 7.0] C:\Programme\Adobe\Acrobat 7.0\Distillr\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Apoint] C:\Programme\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [BoxSyncHelper] C:\Programme\Box Sync\BoxSyncHelper.exe (Box, Inc.)
O4 - HKLM..\Run: [F-Secure Manager] G:\Eigene Programme\F-Secure\Common\FSM32.EXE (F-Secure Corporation)
O4 - HKLM..\Run: [F-Secure TNB] G:\Eigene Programme\F-Secure\FSGUI\TNBUtil.exe (F-Secure Corporation)
O4 - HKLM..\Run: [ISBMgr.exe] C:\Programme\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [Mouse Suite 98 Daemon] C:\WINDOWS\System32\ico.exe (Primax Electronics Ltd.)
O4 - HKLM..\Run: [NBAgent] C:\Programme\Nero\Nero 11\Nero BackItUp\NBAgent.exe (Nero AG)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [PDFPrint] G:\Programme\PDF24\pdf24.exe (Geek Software GmbH)
O4 - HKLM..\Run: [SonyPowerCfg] C:\Programme\Sony\VAIO Power Management\SPMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Switcher.exe] C:\Programme\Sony\Wireless Switch Setting Utility\Switcher.exe (Sony Corporation)
O4 - HKLM..\Run: [Ulead AutoDetector v2] C:\Programme\Gemeinsame Dateien\Ulead Systems\AutoDetector\Monitor.exe (Ulead Systems, Inc.)
O4 - HKLM..\Run: [VAIO Update 5] C:\Programme\Sony\VAIO Update 5\VAIOUpdt.exe (Sony Corporation)
O4 - HKLM..\Run: [VAIOCameraUtility] C:\Programme\Sony\VAIO Camera Utility\VCUServe.exe (Sony Corporation)
O4 - HKU\S-1-5-21-2067509887-573568312-3817669188-1006..\Run: [Software Informer] C:\Programme\Software Informer\softinfo.exe (Informer Technologies, Inc.)
O4 - HKU\S-1-5-21-2067509887-573568312-3817669188-1006..\Run: [Ubuntu One] C:\Programme\ubuntuone\dist\ubuntuone-syncdaemon.exe ()
O4 - HKU\S-1-5-21-2067509887-573568312-3817669188-1006..\Run: [Ubuntu One Icon] C:\Programme\ubuntuone\dist\ubuntuone-control-panel-qt.exe ()
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Bluetooth Manager.lnk = C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe ()
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Box Sync.lnk = C:\Programme\Box Sync\BoxSync.exe (Box, Inc.)
O4 - Startup: C:\Dokumente und Einstellungen\Wolfgang\Startmenü\Programme\Autostart\Hardcopy.LNK = G:\hardcopy\hardcopy.exe (sw4you, Siegfried Weckmann)
O4 - Startup: C:\Dokumente und Einstellungen\Wolfgang\Startmenü\Programme\Autostart\Twonky 7.1.lnk = C:\Programme\Twonky\TwonkyServer\twonkytray.exe (PacketVideo)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2067509887-573568312-3817669188-1006\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2067509887-573568312-3817669188-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-2067509887-573568312-3817669188-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-2067509887-573568312-3817669188-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &Google-Suche - C:\Programme\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: &Ins Deutsche übersetzen - C:\Programme\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Ähnliche Seiten - C:\Programme\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Im Cache gespeicherte Seite - C:\Programme\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Verweisseiten - C:\Programme\Google\GoogleToolbar1.dll (Google Inc.)
O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_05\bin\NPJPI150_05.dll (Sun Microsystems, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - G:\Eigene Programme\F-Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - G:\Eigene Programme\F-Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - G:\Eigene Programme\F-Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - G:\Eigene Programme\F-Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O15 - HKU\.DEFAULT\..Trusted Domains: sony-europe.com ([] in Lokales Intranet)
O15 - HKU\.DEFAULT\..Trusted Domains: sony-europe.com ([]* in Vertrauenswürdige Sites)
O15 - HKU\.DEFAULT\..Trusted Domains: sonystyle-europe.com ([] in Lokales Intranet)
O15 - HKU\.DEFAULT\..Trusted Domains: sonystyle-europe.com ([]* in Vertrauenswürdige Sites)
O15 - HKU\.DEFAULT\..Trusted Domains: vaio-link.com ([] in Lokales Intranet)
O15 - HKU\.DEFAULT\..Trusted Domains: vaio-link.com ([]* in Vertrauenswürdige Sites)
O15 - HKU\S-1-5-18\..Trusted Domains: sony-europe.com ([] in Lokales Intranet)
O15 - HKU\S-1-5-18\..Trusted Domains: sony-europe.com ([]* in Vertrauenswürdige Sites)
O15 - HKU\S-1-5-18\..Trusted Domains: sonystyle-europe.com ([] in Lokales Intranet)
O15 - HKU\S-1-5-18\..Trusted Domains: sonystyle-europe.com ([]* in Vertrauenswürdige Sites)
O15 - HKU\S-1-5-18\..Trusted Domains: vaio-link.com ([] in Lokales Intranet)
O15 - HKU\S-1-5-18\..Trusted Domains: vaio-link.com ([]* in Vertrauenswürdige Sites)
O15 - HKU\S-1-5-21-2067509887-573568312-3817669188-1006\..Trusted Domains: sony-europe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-2067509887-573568312-3817669188-1006\..Trusted Domains: sonystyle-europe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-2067509887-573568312-3817669188-1006\..Trusted Domains: vaio-link.com ([]* in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab (Java Plug-in 1.5.0_05)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D736588D-959B-4DE4-8835-3D3DDD703445}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\VESWinlogon: DllName - (VESWinlogon.dll) - C:\WINDOWS\System32\VESWinlogon.dll (Sony Corporation)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\WINDOWS\VAIO Sea Wallpaper TrueColor 1280x800.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\VAIO Sea Wallpaper TrueColor 1280x800.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005.12.12 17:40:12 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - F:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.01.16 17:22:01 | 000,000,000 | ---D | C] -- C:\_OTL
[2013.01.10 19:53:32 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2013.01.10 01:04:17 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\mbar-1.01.0.1011
[2013.01.09 21:40:45 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Wolfgang\Anwendungsdaten\Opera
[2013.01.09 21:31:25 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Wolfgang\Lokale Einstellungen\Anwendungsdaten\PCHealth
[2013.01.08 22:49:57 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2013.01.08 22:46:23 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2013.01.08 22:46:23 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2013.01.08 22:46:22 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2013.01.08 22:46:22 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2013.01.08 22:45:53 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.01.08 22:45:50 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\Wolfgang\Startmenü\Programme\Verwaltung
[2013.01.08 22:45:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
[2013.01.08 22:41:04 | 005,019,950 | R--- | C] (Swearware) -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\ComboFix.exe
[2013.01.06 17:50:24 | 002,213,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\tdsskiller.exe
[2013.01.06 17:02:38 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\aswMBR.exe
[2013.01.06 00:57:18 | 002,841,344 | ---- | C] (ESET) -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\SysInspector.exe
[2013.01.04 18:58:43 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\OTL.exe
[2013.01.03 21:53:20 | 000,000,000 | ---D | C] -- C:\Programme\ESET
[2013.01.03 00:30:55 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Wolfgang\Anwendungsdaten\Malwarebytes
[2013.01.03 00:30:32 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware
[2013.01.03 00:30:29 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
[2013.01.03 00:30:25 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2013.01.03 00:30:25 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2013.01.02 22:16:19 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Wolfgang\Anwendungsdaten\F-Secure
[2012.12.22 19:33:58 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Wolfgang\Startmenü\Programme\The GodFather
[2012.12.22 01:54:27 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Wolfgang\Pictures - GT-P5100
[2012.12.22 00:34:45 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Wolfgang\Ubuntu One
[2012.12.22 00:34:43 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Wolfgang\Lokale Einstellungen\Anwendungsdaten\ubuntuone
[2012.12.22 00:34:31 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Wolfgang\Lokale Einstellungen\Anwendungsdaten\xdg
[2012.12.22 00:34:31 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ubuntuone-storageprotocol
[2012.12.22 00:34:31 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ubuntuone
[2012.12.22 00:34:22 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Ubuntu One
[2012.12.22 00:34:10 | 000,000,000 | ---D | C] -- C:\Programme\ubuntuone
[2012.12.21 20:51:21 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Box Sync
[2012.12.21 01:26:56 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen\Wolfgang\IECompatCache
[2012.12.20 23:59:17 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Wolfgang\Lokale Einstellungen\Anwendungsdaten\IsolatedStorage
[2012.12.20 23:57:37 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Western Digital
[2012.12.20 23:37:20 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\WD Link
[2012.12.20 21:16:52 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Wolfgang\Anwendungsdaten\TwonkyServer
[2012.12.20 21:15:50 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\twonkyserver
[2012.12.20 21:15:45 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Wolfgang\Startmenü\Programme\Twonky 7.1
[2012.12.20 21:15:32 | 000,000,000 | ---D | C] -- C:\Programme\Twonky
[2012.12.20 20:39:37 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Wolfgang\Anwendungsdaten\MioNetApplet
 
========== Files - Modified Within 30 Days ==========
 
[2013.01.18 12:38:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013.01.18 12:24:20 | 000,041,156 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2013.01.18 12:23:58 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013.01.18 12:23:55 | 2145,570,816 | -HS- | M] () -- C:\hiberfil.sys
[2013.01.17 18:34:06 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2013.01.15 17:20:34 | 000,554,087 | ---- | M] () -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\adwcleaner.exe
[2013.01.10 01:02:20 | 013,485,902 | ---- | M] () -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\mbar-1.01.0.1011.zip
[2013.01.09 22:39:06 | 000,697,864 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2013.01.09 22:39:06 | 000,074,248 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2013.01.09 01:20:56 | 000,532,878 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2013.01.09 01:20:56 | 000,506,794 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013.01.09 01:20:56 | 000,108,784 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2013.01.09 01:20:56 | 000,090,702 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013.01.09 01:14:02 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2013.01.08 22:50:01 | 000,000,498 | RHS- | M] () -- C:\boot.ini
[2013.01.08 22:40:54 | 005,019,950 | R--- | M] (Swearware) -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\ComboFix.exe
[2013.01.07 23:24:51 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013.01.06 17:50:28 | 002,213,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\tdsskiller.exe
[2013.01.06 17:03:30 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\aswMBR.exe
[2013.01.06 06:33:34 | 006,009,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
[2013.01.06 00:57:24 | 002,841,344 | ---- | M] (ESET) -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\SysInspector.exe
[2013.01.05 23:17:40 | 000,000,315 | ---- | M] () -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\F-Secure Health Check.url
[2013.01.04 18:49:59 | 000,000,000 | ---- | M] () -- C:\Dokumente und Einstellungen\Wolfgang\defogger_reenable
[2013.01.04 18:41:40 | 000,050,477 | ---- | M] () -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\Defogger.exe
[2013.01.04 18:08:40 | 000,381,632 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013.01.03 16:25:54 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\OTL.exe
[2013.01.03 00:30:32 | 000,000,763 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012.12.22 23:39:23 | 000,007,026 | ---- | M] () -- C:\WINDOWS\cdplayer.ini
[2012.12.22 19:40:20 | 000,000,609 | ---- | M] () -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\TheGodFather.lnk
[2012.12.22 00:34:23 | 000,001,743 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Ubuntu One.lnk
[2012.12.21 20:52:03 | 000,001,333 | ---- | M] () -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\My Box Files.lnk
[2012.12.21 20:51:21 | 000,001,616 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Box Sync.lnk
[2012.12.20 23:57:37 | 000,001,807 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\My Net View.lnk
[2012.12.20 23:37:20 | 000,001,001 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\WD Link.lnk
[2012.12.20 21:16:10 | 000,000,804 | ---- | M] () -- C:\Dokumente und Einstellungen\Wolfgang\Startmenü\Programme\Autostart\Twonky 7.1.lnk
[2012.12.20 21:15:52 | 000,000,792 | ---- | M] () -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\Twonky 7.1.lnk
 
========== Files Created - No Company Name ==========
 
[2013.01.15 17:20:35 | 000,554,087 | ---- | C] () -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\adwcleaner.exe
[2013.01.10 01:01:49 | 013,485,902 | ---- | C] () -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\mbar-1.01.0.1011.zip
[2013.01.08 22:49:59 | 000,262,448 | RHS- | C] () -- C:\cmldr
[2013.01.08 22:46:23 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2013.01.08 22:46:23 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2013.01.08 22:46:23 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2013.01.08 22:46:22 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2013.01.08 22:46:22 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2013.01.05 23:17:40 | 000,000,315 | ---- | C] () -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\F-Secure Health Check.url
[2013.01.04 18:49:59 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\Wolfgang\defogger_reenable
[2013.01.04 18:41:44 | 000,050,477 | ---- | C] () -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\Defogger.exe
[2013.01.03 00:30:32 | 000,000,763 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012.12.22 19:40:20 | 000,000,609 | ---- | C] () -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\TheGodFather.lnk
[2012.12.22 00:34:23 | 000,001,743 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Ubuntu One.lnk
[2012.12.21 20:51:21 | 000,001,616 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Box Sync.lnk
[2012.12.20 23:57:37 | 000,001,807 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\My Net View.lnk
[2012.12.20 23:37:20 | 000,001,001 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\WD Link.lnk
[2012.12.20 21:16:10 | 000,000,804 | ---- | C] () -- C:\Dokumente und Einstellungen\Wolfgang\Startmenü\Programme\Autostart\Twonky 7.1.lnk
[2012.12.20 21:15:52 | 000,000,792 | ---- | C] () -- C:\Dokumente und Einstellungen\Wolfgang\Desktop\Twonky 7.1.lnk
[2012.11.07 22:23:10 | 000,003,396 | ---- | C] () -- C:\Dokumente und Einstellungen\Wolfgang\Lokale Einstellungen\Anwendungsdaten\recently-used.xbel
[2012.10.10 21:11:33 | 000,001,158 | ---- | C] () -- C:\Dokumente und Einstellungen\Wolfgang\Anwendungsdaten\ShiftN.ini
[2012.10.01 23:04:30 | 000,345,366 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\WPFFontCache_v0400-S-1-5-21-2067509887-573568312-3817669188-1007-0.dat
[2012.07.23 22:16:08 | 013,476,602 | ---- | C] () -- C:\Dokumente und Einstellungen\Wolfgang\ZDFneo-Der_Adler_-_Codename__Sisyphus-120705_adler_sisyphus_neo.asx.asf
[2012.07.22 20:14:51 | 000,000,030 | ---- | C] () -- C:\WINDOWS\Iedit_.INI
[2012.07.22 19:51:26 | 000,120,200 | ---- | C] () -- C:\WINDOWS\System32\DLLDEV32i.dll
[2012.07.22 19:46:39 | 000,007,119 | ---- | C] () -- C:\WINDOWS\mgxoschk.ini
[2012.06.28 15:06:13 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012.06.28 01:39:10 | 000,891,902 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\WPFFontCache_v0400-S-1-5-21-2067509887-573568312-3817669188-1006-0.dat
[2012.06.28 01:39:08 | 000,345,366 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\WPFFontCache_v0400-System.dat
[2012.06.26 21:04:22 | 000,007,026 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2012.06.26 20:09:31 | 000,044,240 | ---- | C] () -- C:\WINDOWS\System32\drivers\fsbts.sys
[2012.06.10 20:11:28 | 000,000,166 | ---- | C] () -- C:\Dokumente und Einstellungen\Wolfgang\Anwendungsdaten\wklnhst.dat
[2012.06.10 16:58:38 | 000,004,608 | ---- | C] () -- C:\Dokumente und Einstellungen\Wolfgang\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.06.10 16:36:14 | 000,000,272 | ---- | C] () -- C:\Dokumente und Einstellungen\Wolfgang\Anwendungsdaten\.backup.dm
[2012.06.09 21:25:28 | 000,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2012.06.09 21:16:26 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\Cpuinf32.dll
[2012.06.09 21:12:07 | 000,000,059 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2012.06.09 21:05:27 | 000,000,146 | ---- | C] () -- C:\Dokumente und Einstellungen\Wolfgang\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
 
========== ZeroAccess Check ==========
 
[2005.12.12 17:36:51 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2012.04.20 20:29:44 | 001,510,400 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.02.09 11:51:44 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008.04.14 03:22:32 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >
Extra.Txt-Editor

Code:
OTL Extras logfile created on: 18.01.2013 12:50:12 - Run 7
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Dokumente und Einstellungen\Wolfgang\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,34 Gb Available Physical Memory | 66,87% Memory free
3,85 Gb Paging File | 3,24 Gb Available in Paging File | 84,27% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 48,83 Gb Total Space | 27,36 Gb Free Space | 56,02% Space Free | Partition Type: NTFS
Drive D: | 140,58 Gb Total Space | 125,15 Gb Free Space | 89,03% Space Free | Partition Type: FAT32
Drive F: | 48,83 Gb Total Space | 35,30 Gb Free Space | 72,30% Space Free | Partition Type: NTFS
Drive G: | 75,89 Gb Total Space | 68,83 Gb Free Space | 90,70% Space Free | Partition Type: NTFS
Drive J: | 50,27 Gb Total Space | 50,26 Gb Free Space | 100,00% Space Free | Partition Type: FAT32
Drive N: | 465,73 Gb Total Space | 115,08 Gb Free Space | 24,71% Space Free | Partition Type: NTFS
 
Computer Name: LAPTOP-PC | User Name: Wolfgang | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
 
[HKEY_USERS\S-1-5-21-2067509887-573568312-3817669188-1006\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- g:\programme\mozilla firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "G:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [CEWE FOTOSCHAU] -- "G:\Programme\CEWE COLOR\Mein CEWE FOTOBUCH\CEWE FOTOSCHAU.exe" -d "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Mein CEWE FOTOBUCH] -- "G:\Programme\CEWE COLOR\Mein CEWE FOTOBUCH\Mein CEWE FOTOBUCH.exe" "%1" ()
Directory [PlayWithVLC] -- "G:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Programme\Adobe\Photoshop Elements 4.0\AdobePhotoshopElementsMediaServer.exe" = C:\Programme\Adobe\Photoshop Elements 4.0\AdobePhotoshopElementsMediaServer.exe:*:Disabled:Adobe Photoshop Elements Media Server -- ()
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Programme\Twonky\TwonkyServer\twonkystarter.exe" = C:\Programme\Twonky\TwonkyServer\twonkystarter.exe:*:Enabled:TwonkyServer -- (PacketVideo)
"C:\Programme\Twonky\TwonkyServer\twonkyserver.exe" = C:\Programme\Twonky\TwonkyServer\twonkyserver.exe:*:Enabled:TwonkyServer -- ()
"C:\Programme\ubuntuone\dist\ubuntuone-syncdaemon.exe" = C:\Programme\ubuntuone\dist\ubuntuone-syncdaemon.exe:*:Enabled:Ubuntu One -- ()
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00F8608F-BA6A-4B32-843A-1A568ACD1198}" = VAIO Sea Wallpaper
"{013E1BA8-C815-4E27-BCB9-D6B1B2E24094}" = SonicStage Mastering Studio Audio Filter Custom Preset
"{01E9B2FF-DAF4-4529-9CC9-2101625517C7}" = nero.prerequisites.msi
"{01FDC9FC-4D4F-4DB0-ACD1-D3E8E1D52902}" = Sony MP4 Shared Library
"{034DCAF9-96E7-4936-9A07-712F80B5181E}" = Nero RescueAgent 11
"{0673654C-5296-453B-9798-B61CD7E03FEB}" = SES Driver
"{0713D1F9-DD77-42C1-8C7D-54D479E2E743}" = Nero SoundTrax 11
"{075473F5-846A-448B-BCB3-104AA1760205}" = Roxio DigitalMedia Data
"{0D7A4289-99CF-4B8D-B812-86BE50A54552}" = Nero Video 11
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{11C98E1A-EC91-4B38-B44C-C562292D8453}" = Adobe Premiere Elements 2.0
"{11D3EF85-63E1-4AE4-A7C1-9241BDB16B51}" = Nero ControlCenter 11
"{1417F599-1DBD-4499-9375-B2813E9F890C}" = VAIO Camera Utility
"{14DC0059-00F1-4F62-BD1A-AB23CD51A95E}" = Adobe AIR
"{15803703-25FA-4C01-A062-3F4A59937E87}" = Ulead PhotoImpact X3
"{1BEF9285-5530-426B-A5F1-5836B95C7EB1}" = VAIO Original Screen Saver
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2063C2E8-3812-4BBD-9998-6610F80C1DD4}" = VAIO Media AC3 Decoder 1.0
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 9
"{27337663-2619-11D4-99DC-0000F49094C7}" = Memory Stick Formatter
"{28C70D19-6DE9-43EF-BFA3-342F4A11B727}" = LibreOffice 3.5
"{2A0F3EF9-68EE-49E9-A05B-ED5B82DF63E5}" = Wireless Switch Setting Utility
"{2AEDC172-479F-47AE-8A48-A0524D4AED5B}_is1" = Inpaint 4.7
"{2CA7225D-CB12-462A-9DD1-50319E158BA5}" = Nero 11 PiP Effects Basic
"{3248F0A8-6813-11D6-A77B-00B0D0150050}" = J2SE Runtime Environment 5.0 Update 5
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{390757AA-8830-43DC-AEE0-4E5B6F8439EB}" = Nero SoundTrax 11 Help (CHM)
"{3966711E-1F98-4C9F-AE0B-6AD28137FE64}" = Multiple Image Resizer .NET 4
"{3B418709-D688-4E3A-BE0E-7D71FA84C948}" = Nero 11 PiP Effects 1
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4382FC76-8100-4951-8658-31834E625E88}" = Nero 11 Video Transitions 1
"{498A4E3D-562E-4129-8722-6DCAB12384AE}" = Windows Communication Foundation Language Pack - DEU
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{529125EF-E3AC-4B74-97E6-F688A7C0F1BF}" = Paint.NET v3.5.10
"{53F7746A-96AA-49A5-86B8-59989680DAC5}" = Nero Burning ROM 11 Help (CHM)
"{55C2143E-FBA5-442F-9AFA-726FF068F39D}" = Nero CoverDesigner 11 Help (CHM)
"{560F6B2E-F0DF-44E5-8190-A4A161F0E205}" = VAIO Media 5.0
"{57F80ECF-E27C-4EEE-AB58-E971BACE2639}" = Nero Recode 11 Help (CHM)
"{5855C127-1F20-404D-B7FB-1FD84D7EAB5E}" = VAIO Media Redistribution 5.0
"{59452470-A902-477F-9338-9B88101681BD}" = Setting Utility Series
"{5958CAC6-373E-402F-84FE-0A699AA920B9}" = LAN Setting Utility
"{5A212B2D-140D-46F4-B625-2D1CA5A00594}" = Nero 11 Kwik Themes Basic
"{5BEE8F1F-BD32-4553-8107-500439E43BD7}" = VAIO Update
"{5E940FC7-90C4-8583-3DCB-A2C86224B726}" = Shrink O’Matic
"{5E98FDD6-3672-4DBE-AB8B-2C9A0BED1382}" = Nero 11 Disc Menus 3
"{60356853-8141-8377-6786-288431479053}" = Jewel Empire-Hidden Secrets
"{61D6E4FB-1A62-4EB1-BE56-929B00C155CF}" = Wireless LAN Starter
"{63B8FB69-A1B6-425D-B67D-5257B7A1F663}" = Image Converter 2 Plus
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{668B1BD6-4593-4959-970E-249AFFE6F35C}" = VOR
"{685BCC47-B8EC-45EC-BBCE-77DF2451502C}" = DVgate Plus
"{6AB2427E-A18F-4809-9A12-29F5EBABBB3A}" = Nero BackItUp 11 Help (CHM)
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6B1F20F2-6321-4669-A58C-33DF8E7517FF}" = VAIO Entertainment Platform
"{7228FD8C-3B9E-4204-AE36-8A466107685B}" = Windows Workflow Foundation DE Language Pack
"{785EB1D4-ECEC-4195-99B4-73C47E187721}" = VAIO Media Integrated Server 5.0
"{7DF2B5EE-2C16-4E86-9C71-8678068AD805}" = Nero 11 Disc Menus 2
"{7F9C9908-69E3-4474-A081-256F27995A18}" = My Net View
"{8014FACB-1D1D-48C2-94AA-E29EE2E6B9CE}" = Nero WaveEditor 11
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 4.9.0
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8937FCB2-2FC6-4FC3-9FB5-DE2C92DB9C38}" = Microsoft .NET Framework 2.0 Language Pack - DEU
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8EDBA74D-0686-4C99-BFDD-F894678E5102}" = Adobe Common File Installer
"{8FFC924C-ED06-44CB-8867-3CA778ECE903}" = Adobe Help Center 2.0
"{9080C5D2-82FA-452A-87FA-CBB4B05D67A5}" = VPS
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD for VAIO
"{9193490D-5229-4FC4-9BB9-A6D63C09574A}" = High-Definition Video Playback
"{92DF2F1B-F63C-4D9A-B3E1-B2D11AE29790}" = Windows Presentation Foundation Language Pack (DEU)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9CC89556-3578-48DD-8408-04E66EBEF401}" = mXML
"{9E319E96-ED8E-4B01-9775-C521A1869A25}" = VAIO Power Management
"{9E407618-D9CD-4F39-9490-9ED45294073D}" = Click to DVD 2.0.03 Menu Data
"{9FC86590-AC98-4845-80D4-3EB37B51947B}" = Nero 11
"{A0EB195B-5876-48E6-879D-33D4B2102610}" = SonicStage 3.3
"{A0F34849-D9AB-46DD-B1BE-BB0DB60B1FE8}" = Nero 11 Disc Menus 1
"{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}" = mDriver
"{A2CDC001-F8B3-4C64-9E74-2E3FA0FAC9D9}" = Nero 11 Video Samples
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A3810BEE-967B-41DC-9662-F941A3F7D689}" = calibre
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A4F6BE36-4826-45BA-A396-04F265A3B61D}" = Nero 11 Kwik Themes 2
"{A7A0BF2E-31CC-49E3-9913-52C503EB969D}" = Nero Audio Pack 1
"{AB2BBC64-8AC8-4E66-BBF3-E22D5EACEECA}" = Nero BackItUp 11
"{AB467B85-4F52-48C2-AEED-0673D00417B0}" = SonicStage Mastering Studio Audio Filter
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Roxio DigitalMedia Audio
"{ABBD2A2E-2424-4078-966F-F319A88D5F21}" = VAIO Starfish Wallpaper
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.5) - Deutsch
"{ACD6B383-EC5B-4000-A455-CCB308B447FE}" = Nero 11 Kwik Themes 4
"{AF9A04EB-7D8E-41DE-9EDE-4AB9BB2B71B6}" = VAIO Media Registration Tool 5.0
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Roxio DigitalMedia Copy
"{B160A672-F326-4414-9BB0-A056C61B357C}" = Nero 11 Cliparts
"{B1846721-A8E6-46C7-83B6-0DCF7ADB4267}" = Nero Burning ROM 11
"{B1F69AF3-B5B5-4CA5-ADC5-8A738EB6E574}" = Nero 11 Kwik Themes 1
"{B26E3B0D-C2FA-4370-B068-7C476766F029}" = Microsoft Works
"{B3F1E526-180B-4480-9FEC-3E2DCB8EA9CE}" = F-Secure PSC Prerequisites
"{B7C03E84-AF46-42F4-809D-D4127D9086D0}" = VAIO Edit Components 6.0
"{B9B1BA7F-7E07-49DD-A713-5B397A5BB66B}" = Nero Kwik Media Help (CHM)
"{BA499CC0-12C0-4BA5-9007-76844B721158}" = Nero 11 Kwik Themes 3
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BE56FEF0-1A0F-4719-B3AD-34B5087AFA6D}" = Sony Video Shared Library
"{BE814218-3919-4EA3-868A-2F60BC135CB4}" = Nero Kwik Media
"{BEBEE34D-84A2-4EDD-8BEA-96CC54371263}" = Nero Core Components 11
"{BF3B304B-8A18-452D-A19F-6012CA8418D7}" = SonicStage Mastering Studio 2.1
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C27BF761-C499-488D-A964-A3718BC6EC3E}" = DSD Direct
"{C89EB8CD-675F-44F4-9729-4C9A8FAC2D4F}" = DSD Playback Plug-In 1.0
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCE210DF-7EEF-4A76-A63C-3EB091FDB992}" = welcome
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE518445-0054-44F8-8315-2AD45BF3701E}" = Raw Therapee V4.0.9.50 x86
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{D010EBB6-6CDB-4360-90ED-743156F3E11F}" = LibreOffice 3.5 Help Pack (German)
"{D01CE99A-8802-483C-A79F-298B691EB432}" = Nero RescueAgent 11 Help (CHM)
"{D2CBEFA4-F2D3-4E97-A171-8BFD6A31A5EC}" = Nero Express 11 Help (CHM)
"{D2D23D08-D10E-43D6-883C-78E0B2AC9CC6}" = VU5x86
"{D4D66270-9147-4BDF-9946-FCA2B303AA8F}" = Nero ControlCenter 11 Help (CHM)
"{E09B48B5-E141-427A-AB0C-D3605127224A}" = Microsoft SQL Server Desktop Engine (VAIO_VEDB)
"{E10AAE4A-98B8-420A-BD93-E0520C23D624}" = Nero Express 11
"{E4715C25-7114-4F40-A915-C1951D4D7520}" = VAIO Update Merge Module x86
"{E51BC4B0-EA5E-49CC-AF3B-93B5C627EC22}" = Nero 11 Effects Basic
"{E5E6E687-1031-0000-0000-000000000002}" = Adobe Acrobat  7.0 Elements - Deutsch
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{E809063C-51A3-4269-8984-D1EB742F2151}" = Click to DVD 2.5.00
"{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore
"{EB8DED20-A887-4A9C-BB5A-F3E7523DFB44}" = Nero WaveEditor 11 Help (CHM)
"{EBB7C1C1-D439-4D9B-9FDC-954C10F266B0}" = Adobe Photoshop Elements 4.0
"{EE7EB179-5AA2-4B28-AC92-5CBAAF82BA7F}" = SonicStage Mastering Studio Plugins
"{EF3D45BB-2260-4008-88EA-492E7744A9DF}" = Sony Utilities DLL
"{F0AC2E59-2AD8-4D4C-8677-4EFE8F8AFC37}" = Box Sync
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0D85ADD-DD61-4B43-87A0-6DA52A211A8B}" = VAIO Event Service
"{F2A7F421-1679-48D5-B918-96999014ED53}" = Microsoft .NET Framework 3.0 German Language Pack
"{F3743A2C-5D5F-4456-8F98-5DF36A954C50}" = Nero 11 Image Samples
"{F49EF443-B2BD-4F10-8A46-87AFCDB90EDD}" = Nero 11 Disc Menus Basic
"{F5E4C38C-73BC-4D44-8BFC-969C2B4DABCA}" = OpenMG Secure Module 4.3.00
"{F69FB940-5031-4FE8-AFAD-085802D0BF63}" = Nero Recode 11
"{F8EF9B71-53E7-41F5-8E54-47B4C979CB38}" = Nero Backup Drivers
"{FAC3C37E-EDAB-4F3A-A173-A7C70CC88F09}" = Nero Video 11 Help (CHM)
"{FB714F13-10C9-48DB-91C9-DDBCCCBF9370}" = VAIO Original Screen Saver VAIO Cozy Screen SD Wide Contents
"{FC37C108-821D-4EDE-8F40-D5B497586805}" = VAIO Control Center
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"{FF44BCE5-5A18-4051-85F0-BC172D7B4695}" = Nero CoverDesigner 11
"7-Zip" = 7-Zip 9.20
"Adobe Acrobat  7.0 Elements - Deutsch" = Adobe Acrobat  7.0 Elements - Deutsch
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop Elements 4" = Adobe Photoshop Elements 4.0
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.17
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_20030003" = HDAUDIO SoftV92 Data Fax Modem with SmartCP
"Digital Editions" = Adobe Digital Editions
"ESET Online Scanner" = ESET Online Scanner v3
"Exact Audio Copy" = Exact Audio Copy 1.0beta3
"Exif-Viewer" = Exif-Viewer 2.51
"FastStone Photo Resizer" = FastStone Photo Resizer 3.1
"F-Secure Product 444" = F-Secure Internet Security 2009
"GIMP-2_is1" = GIMP 2.8.0
"Hardcopy(G__hardcopy)" = Hardcopy (G:\hardcopy)
"HxD Hex Editor_is1" = HxD Hex Editor Version 1.7.7.0
"ie8" = Windows Internet Explorer 8
"Inkscape" = Inkscape 0.48.2
"InstallShield_{15803703-25FA-4C01-A062-3F4A59937E87}" = Ulead PhotoImpact X3
"InstallShield_{668B1BD6-4593-4959-970E-249AFFE6F35C}" = VAIO-Online-Registrierung (Deutsch)
"InstallShield_{9080C5D2-82FA-452A-87FA-CBB4B05D67A5}" = VAIO Product Survey
"InstallShield_{F5E4C38C-73BC-4D44-8BFC-969C2B4DABCA}" = OpenMG Secure Module 4.3.00
"MAGIX Xtreme Druck Center D" = MAGIX Xtreme Druck Center 5.0.0.7399 (D)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"Mein CEWE FOTOBUCH" = Mein CEWE FOTOBUCH
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 2.0 Language Pack - DEU" = Microsoft .NET Framework 2.0 Language Pack - DEU
"Microsoft .NET Framework 3.0 German Language Pack" = Microsoft .NET Framework 3.0 German Language Pack
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"MouseSuite98" = Sony USB Mouse
"Mozilla Firefox 18.0 (x86 de)" = Mozilla Firefox 18.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MP4 To MP3 Converter_is1" = MP4 To MP3 Converter V3.0.4
"Multiple Image Resizer .NET 4" = Multiple Image Resizer .NET 4
"My Club VAIO Media Center Edition_is1" = My Club VAIO MCE (German) 1.0.1
"net.tw.air.ShrinkOMatic.7C34F9BA9FAD6689FAABBE85F1F5B46BA5A32DE5.1" = Shrink O’Matic
"Notepad++" = Notepad++
"NVIDIA Drivers" = NVIDIA Drivers
"OpenMG HotFix4.3-05-09-14-01" = OpenMG Limited Patch 4.3-05-10-05-01
"PremElem20" = Adobe Premiere Elements 2.0
"ProInst" = Intel(R) PROSet/Wireless Software
"PROSet" = Intel(R) PRO Network Connections Drivers
"ShiftN_is1" = ShiftN 3.6.1
"Software Informer_is1" = Software Informer 1.1
"STRATO HiDrive" = STRATO HiDrive (remove only)
"The GodFather" = The GodFather
"Ubuntu One 4.0.0" = Ubuntu One
"UnderCoverXP_is1" = UnderCoverXP 1.23
"VLC media player" = VLC media player 2.0.4
"WD Link" = WD Link
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows XP Service Pack" = Windows XP Service Pack 3
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-2067509887-573568312-3817669188-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"TwonkyServer" = Twonky 7
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 21.07.2012 16:55:28 | Computer Name = LAPTOP-PC | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung firefox.exe, Version 13.0.1.4548, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
Error - 21.07.2012 18:22:07 | Computer Name = LAPTOP-PC | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung firefox.exe, Version 13.0.1.4548, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
Error - 21.07.2012 18:27:20 | Computer Name = LAPTOP-PC | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung firefox.exe, Version 13.0.1.4548, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
Error - 23.07.2012 14:08:02 | Computer Name = LAPTOP-PC | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung FlashPlayerUpdateService.exe, Version 11.3.300.265,
 fehlgeschlagenes Modul ntdll.dll, Version 5.1.2600.6055, Fehleradresse 0x000113c0.
 
Error - 31.07.2012 16:08:18 | Computer Name = LAPTOP-PC | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung FlashPlayerUpdateService.exe, Version 11.3.300.268,
 fehlgeschlagenes Modul ntdll.dll, Version 5.1.2600.6055, Fehleradresse 0x000113c0.
 
Error - 07.08.2012 15:58:13 | Computer Name = LAPTOP-PC | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung pdf24-Editor.exe, Version 4.6.0.0, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
Error - 07.08.2012 16:03:45 | Computer Name = LAPTOP-PC | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung pdf24-Editor.exe, Version 4.6.0.0, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
Error - 07.08.2012 16:09:08 | Computer Name = LAPTOP-PC | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung pdf24-Editor.exe, Version 4.6.0.0, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
[ System Events ]
Error - 17.01.2013 18:15:56 | Computer Name = LAPTOP-PC | Source = DCOM | ID = 10010
Description = Der Server "{4B635ECB-0887-4015-8CA6-D621362F98D1}" konnte innerhalb
 des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
 
Error - 17.01.2013 18:46:26 | Computer Name = LAPTOP-PC | Source = DCOM | ID = 10010
Description = Der Server "{4B635ECB-0887-4015-8CA6-D621362F98D1}" konnte innerhalb
 des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
 
Error - 17.01.2013 19:16:56 | Computer Name = LAPTOP-PC | Source = DCOM | ID = 10010
Description = Der Server "{4B635ECB-0887-4015-8CA6-D621362F98D1}" konnte innerhalb
 des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
 
Error - 17.01.2013 19:47:26 | Computer Name = LAPTOP-PC | Source = DCOM | ID = 10010
Description = Der Server "{4B635ECB-0887-4015-8CA6-D621362F98D1}" konnte innerhalb
 des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
 
Error - 17.01.2013 20:08:01 | Computer Name = LAPTOP-PC | Source = Windows Update Agent | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
 Fehler 0x80070643 fehlgeschlagen: Sicherheitsupdate für Microsoft .NET Framework
 1.1 SP1 unter Windows XP, Windows Vista und Windows Server 2008 x86 (KB2742597)
 
Error - 18.01.2013 07:25:22 | Computer Name = LAPTOP-PC | Source = DCOM | ID = 10010
Description = Der Server "{4B635ECB-0887-4015-8CA6-D621362F98D1}" konnte innerhalb
 des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
 
Error - 18.01.2013 07:26:53 | Computer Name = LAPTOP-PC | Source = DCOM | ID = 10010
Description = Der Server "{4B635ECB-0887-4015-8CA6-D621362F98D1}" konnte innerhalb
 des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
 
Error - 18.01.2013 07:28:23 | Computer Name = LAPTOP-PC | Source = DCOM | ID = 10010
Description = Der Server "{4B635ECB-0887-4015-8CA6-D621362F98D1}" konnte innerhalb
 des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
 
Error - 18.01.2013 07:29:53 | Computer Name = LAPTOP-PC | Source = DCOM | ID = 10010
Description = Der Server "{4B635ECB-0887-4015-8CA6-D621362F98D1}" konnte innerhalb
 des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
 
Error - 18.01.2013 07:31:23 | Computer Name = LAPTOP-PC | Source = DCOM | ID = 10010
Description = Der Server "{4B635ECB-0887-4015-8CA6-D621362F98D1}" konnte innerhalb
 des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
 
 
< End of report >

cosinus 18.01.2013 13:14
Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle einen Quickscan mit Malwarebytes - denk bitte vorher daran, Malwarebytes über den Updatebutton zu aktualisieren

Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt:


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


wolfk 18.01.2013 21:46
Hallo Cosinus,

zur Kontrolle erst einmal ein Quickscan mit Malwarebytes, vor dem Lauf war das Programm
mit dem Update-Button zu aktualisieren (ist erfolgt).

Da eine zusätzliche Meinung grundsätzlich nicht verkehrt ist, sollte über den
OnlineScanner von ESET ein Ergebnis eingeholt werden.

Im Vorfeld des Scans
-waren vorhandene externe Festplatten und/oder sonstige Wechselmedien an den
PC anzuschließen und
-während des Online-Scans Anti-Virus-Programm und Firewall zu deaktivieren.

Die Software wurde aktiviert

-durch laden und starten des ESET Smartinstallers.
-Vor dem Klick auf Start war bei "Yes, I accept
the Terms of Use" ein Haken zu setzen und
gleichzeitig sicherzustellen, daß bei "Remove
Found Threads" kein Haken gesetzt ist.
-Nun wurden die Signaturen heruntergeladen und
der Scan begann automatisch.
-Zum Abschluß war der Button "Finish" zu drücken.
-Das Programmfenster von ESET war zu schließen und
der Explorer zu öffnen um das Logfile zu suchen
und in den Thread zu posten.
C:\Programme\Eset\EsetOnlineScanner\log.txt,
bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt

Die Deinstallation des Programms geschieht wie folgt:
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset
Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Vielen Dank für Deine Arbeit.

wolfk

Malwarebytes Anti-Malware

Code:
Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Datenbank Version: v2013.01.18.07

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Wolfgang :: LAPTOP-PC [Administrator]

18.01.2013 17:46:22
mbam-log-2013-01-18 (17-46-22).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 250974
Laufzeit: 5 Minute(n), 37 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
ESET

Code:
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6844
# api_version=3.0.2
# EOSSerial=05f0cf9418a0b54f9390e4d2a4542dcd
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-01-04 01:00:20
# local_time=2013-01-04 02:00:20 (+0100, Westeuropäische Normalzeit)
# country="Germany"
# lang=1031
# osver=5.1.2600 NT Service Pack 3
# scanned=403823
# found=0
# cleaned=0
# scan_time=14585
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6889
# api_version=3.0.2
# EOSSerial=05f0cf9418a0b54f9390e4d2a4542dcd
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-01-18 08:30:59
# local_time=2013-01-18 09:30:59 (+0100, Westeuropäische Normalzeit)
# country="Germany"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# scanned=383463
# found=1
# cleaned=0
# scan_time=10191
C:\System Volume Information\_restore{2C76FB69-9053-4B39-942F-CBA82E44F704}\RP103\A0020529.lnk        Win32/Reveton.M trojan        FEEB80863802315AEB78B854EB96B917081C17ED        I
Diese Information gab der ESET-Scanner zusätzlich

Code:
C:\System Volume Information\_restore{2C76FB69-9053-4B39-942F-CBA82E44F704}\RP103\A0020529.lnk        Win32/Reveton.M trojan
Ist das ein neuer/alter Bekannter?

cosinus 20.01.2013 19:13
Das ist nur ein Überrest in der Systemwiederherstellung, kann man fast vergessen. Wenn du unbedingt loswerden und auf Nummer sicher gehen willst:

In System Volume Information sind die Dateien für Wiederherstellungspunkte gespeichert.

Deaktiviere die Systemwiederherstellung, im Verlauf der Infektion wurden auch Malwaredateien in Wiederherstellungspunkten mitgesichert - die sind alle nun unbrauchbar, da ein Zurücksetzen des Systems durch einen Wiederherstellungspunkt wahrscheinlich wieder eine Infektion nach sich ziehen würde.

wolfk 20.01.2013 21:01
Hallo Cosinus,

bin auf "Nummer sicher" gegangen und habe die Systemwiederherstellung deaktiviert.

Vielen Dank für die Information.

Wolfk

cosinus 21.01.2013 08:40
Gut, bitte daran denken sie auch wieder zu aktivieren.

Sieht soweit ok aus

Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) müsstest du dir mal sowas wie MVPS Hosts File anschauen => Blocking Unwanted Parasites with a Hosts File - sinnvollerweise solltest du alle 4 Wochen mal bei MVPS nachsehen, ob er eine neue Hosts Datei herausgebracht hat.

Info: Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie )

Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller
Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird.

Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?

wolfk 21.01.2013 21:28
Hallo Cosinus,

hinsichtlich der Cookies habe ich die Radikalkur gefahren. Ich habe alle Cookies gelöscht
und den CookieCuller für den FireFox installiert. Hier will ich jeweils bestimmen, welche
Kekse bleiben. Den InternetExplorer habe ich so eingestellt, dass nach Ablauf einer Sitzung
alle Cookies wieder gelöscht werden. Es steht ja noch Chrome zur Auswahl, sodass die Überlegung
angestellt wird, diesen z. B. für das "wilde Surfen" zu nutzen" und anschließend die gesammelten
Cookies hier auch automatisch zu löschen.

Unabhängig davon werde ich mir die Lösung mit MVPS Hosts Files anschauen.

Die Systemwiederherstellung werde ich wieder aktivieren.

Von meiner Seite ist nichts festzustellen, was dem PC Probleme bereiten könnte. Ich hoffe,
aus Deiner Sicht ergibt sich ein ähnliches Bild.

Vielleicht noch etwas persönliches. Mich interessiert die Auswertung von LOGS. So habe ich in
den letzten Tagen/Wochen immer wieder versucht entsprechende Stellen in den veröffentlichten
Unterlagen zu finden. Mit recht gutem Erfolg wenn z. B. der GUV-Trojaner gesucht wurde. Ich
habe nicht vor Dir und Deinen Mitstreitern Konkurrenz zu machen oder Euch ins Handwerk zu
pfuschen. Mir geht es dabei um Wissen und gegebenenfalls Hilfe für die Allgemeinheit. Kannst
Du mir hier helfen?

Vielen Dank für Deine Bemühungen.

wolfk

cosinus 22.01.2013 10:07
Dann wären wir durch! :abklatsch:

Die Programme, die hier zum Einsatz kamen, können alle wieder runter.

Combofix entfernen: Start/Ausführen (Tastenkombination WIN+R), dort den Befehl combofix /uninstall eintippen und ausführen

Mit Hilfe von OTL kannst du auch viele andere Tools entfernen: Starte dazu einfach OTL und klicke auf Bereinigung.
Dies wird die meisten Tools entfernen, die wir zur Bereinigung benötigt haben. Sollte etwas bestehen bleiben, bitte mit Rechtsklick --> Löschen entfernen.

Malwarebytes zu behalten ist zu empfehlen. Kannst ja 1x im Monat damit einen Vollscan machen, aber immer vorher ans Update denken.


Bitte abschließend die Updates prüfen, unten mein Leitfaden dazu. Um in Zukunft die Aktualität der installierten Programme besser im Überblick zu halten, kannst du zB Secunia PSI verwenden.
Für noch mehr Sicherheit solltest Du nach der beseitigten Infektion auch möglichst alle Passwörter ändern.


Microsoftupdate
Windows XP:Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren.
Windows Vista/7: Start, Systemsteuerung, Windows-Update


PDF-Reader aktualisieren
Ein veralteter AdobeReader stellt ein großes Sicherheitsrisiko dar. Du solltest daher besser alte Versionen vom AdobeReader über Systemsteuerung => Software bzw. Programme und Funktionen deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst. (falls du AdobeReader installiert hast)

Ich empfehle einen alternativen PDF-Reader wie PDF Xchange Viewer, SumatraPDF oder Foxit PDF Reader, die sind sehr viel schlanker und flotter als der AdobeReader.

Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers:
Prüfen => Adobe - Flash Player
Downloadlinks findest du hier => Browsers and Plugins - FilePony.de

Natürlich auch darauf achten, dass andere installierte Browser wie zB Firefox, Opera oder Chrome aktuell sind.


Java-Update
Veraltete Java-Installationen sind ein großes Sicherheitsrisiko, daher solltest Du die alten Versionen deinstallieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software (bzw. Programme und Funktionen) und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.


Zitat:
Kannst Du mir hier helfen?
Für sowas haben wir die TB-Akademie siehe => http://www.trojaner-board.de/88896-a...tml#post548085

wolfk 23.01.2013 01:10
Hallo Cosinus,

vielen herzlichen Dank für alle Deine Bemühungen. "Wir sind durch" und es ist so weit, es ist geschafft. :abklatsch:
Das System ist sauber Dank Deiner Hilfe und Deines Sachverstandes. Ich freue mich riesig. :taenzer:

Nun werde ich alle Programme, die hier zum Einsatz kamen, wieder entfernen mit Ausnahme Malwarebytes.
Damit werde ich nach einem Programmupdate einmal im Monat einen Vollscan machen.

Den "SoftwareInformer" habe ich gegen "Secunia PSI" getauscht. Damit werde ich das "update"-Thema etwas
versuchen zu entschärfen.

MicrosoftUpdates sind automatisch voreingestellt, sodaß hier kein wichtiges Update versäumt wird. Dachte ich.
Als ich den InternetExplorer entsprechend konfigurierte, gab es einigen Nachladebedarf. :party:

Zur Sicherheit will ich die Passwörter noch ändern, da ja nicht bekannt ist was ausgespäht worden ist.
Zur Vereinfachung will ich mir das Programm "RoboForm" zulegen.

Als Alternative zum Adobe PDF-Reader habe ich den Foxit PDF Reader installiert, ungeachtet der schlechten
Presse im IV. Quartal 2012. Hierzu kann ich nur kommentieren "ist zwar ärgerlich, aber nicht auszuschließen". :crazy:

Den Flashplayer nehme ich als nächstes Objekt in Angriff und besonderer Berücksichtigung des Downloadlinks
FilePony.de, den ich mir jetzt auch als Lesezeichen eingestellt habe. Bei der Installation gab es allerdings
gleich einen Dämpfer. "Fehler bei der Installation" hieß der Hinweis von Adobe.
Sie versuchen eine Version von AdobeFlashPlayer zu installieren, die nicht die aktuellste Version ist.
Besuchen Sie das PlayerDownloadCenter, um die neueste und sicherste Version zu erhalten. Hier kommt dann
wieder Deine These zum Tragen: "Nur von Herstellerseiten -wenn erreichbar- Programme downloaden". :stirn:

Gleiches gilt für Java und die Browser.

Alles in Allem wird es sicher noch ein wenig dauern, bis ich alles 100 %ig eingerichtet habe. Die große Kunst
wird es dann sein, alles beizubehalten.

Vielen Dank noch einmal und alles Gute für die Zukunft. :knuddel:

wolfk

cosinus 23.01.2013 13:14
Hm, also sind da nicht die aktuellen Versionen gerade bei filepony?
Überleg aber mal vorher ob du Java wirklich brauchst. Wenn ja, dann installier es und über die Pluginverwaltung vom Firefox das Java-Plugin deaktivieren, nur wenn es wirklich benötigt werden sollte, also nur im Bedarf, reaktivieren und anschließend wieder deaktivieren wenn es nicht mehr benötigt wird.

Dann nimm für Java und den Flashplayer diese Links:

Java Runtime Environment: Java SE Downloads
Flashplayer: Adobe Flash Player Distribution | Adobe

wolfk 23.01.2013 22:21
Hallo Cosinus,

Java war erforderlich geworden durch die Nutzung von LibreOffice (OpenOffice). Ich habe Java
installiert und über die Pluginverwaltung des Firefox das Java-Plugin wieder deaktiviert. So
kann ich im Bedarfsfall Java reaktivieren und anschließend wieder deaktivieren wenn es nicht
mehr benötigt wird. Ein sehr guter Vorschlag.

Für Java und den Flashplayer habe ich diese Links genommen.
Java Runtime Environment: Java SE Downloads
Flashplayer: Adobe Flash Player Distribution | Adobe

Vielen Dank für die weitere Unterstützung.

wolfk

cosinus 24.01.2013 00:28
Zitat:
Vielen Dank für die weitere Unterstützung
Wir waren eigentlich durch, wobei genau brauchst du noch Unterstützung?

wolfk 25.01.2013 00:40
Hallo Cosinus,

das Wort "Unterstützung" hatte hier lediglich rhetorischen Charakter. Wir sind wie Du so schön sagtest "durch".

Ich werde dann auf jeden Fall noch einen Abschlußbericht abgeben.

Vielleicht eine kleine Schwierigkeit am Rande. Ich bekomme das Update zu Microsoft
Net.Framework 1.1 Servicepack 1 nicht installiert, obwohl die Version 1.1 SP1 bereits
installiert sein soll. In der Übersicht der installierten Programme ist zwar die Version 1.1
aufgeführt, aber nicht mit dem Zusatz SP1. In einer Anfrage an Microsoft heißt es im
Netz, daß die Version 1.1 incl. der Sprachdatei gelöscht werden kann, da in der Regel die
aktuellste Version ausreichend ist (Usermeinung). Welchen Weg kann ich begehen?

Herzliche Grüße

wolfk

cosinus 25.01.2013 12:14
Das Thema, dass Updates nicht installiert werden können ist schon eine Welt für sich, ich würde dich daher lieber bitten dafür einen eigenen Strang im Windows-Bereich hier zu eröffnen. Danke.

wolfk 25.01.2013 20:01
Hallo Cosinus,

vielen Dank für Deine Antwort. Ich werde mich kundig machen und im Windows-Bereich einen eigenen Strang eröffnen.

Herzliche Grüße

wolfk

wolfk 30.01.2013 23:40
Hallo Cosinus,

wie angekündigt, hier nun ein letzter Bericht.

Alle Programme, die hier zum Einsatz kamen und auf dem Deskttop gespeichert waren, konnten problemlos
entfertwerden. Lediglich "Malwarebytes" habe ich behalten. Damit werde ich einmal monatlich einen
Vollscan nach vorherigem Updates des Programmes durchführen.

Den "SoftwareInformer" habe ich gegen "Secunia PSI" getauscht und damit die Update-Quote auf 91 %
anheben können. Die restlichen Programme verdienen auf jeden Fall eine Sonderbehandlung. Wie ich hier
vorgehen werde, muß ich im Einzelnen noch einmal überlegen. Auf jeden Fall sind alle wichtigen Progamme
"up to Date" und damit ist eine Angriffszone weniger vorhanden.

Die MicrosoftUpdates sind neu justiert, d. h. hier wurde die Uhrzeit korrigiert. Künftig sollte es
auch hier weniger Nachholbedarf geben bzw. sollten weniger Rückstände entstehen.

Das Programm "RoboForm" habe ich mir zur Vereinfachung der Paßwortbehandlung und damit zur Erhöhung der
Paßwortsicherheit zugelegt. Nach und nach will ich jetzt alle Paßworte ändern.

Alternativ zum "Adobe PDF-Reader" wurde der "Foxit PDF Reader" installiert.

Der "Adobe Flashplayer", "Java" und beide Browser (IE und FF) entsprechen dem neuesten Stand.

Das ".NET Framework"-Updateproblem konnte Dank der tatkräftigen Hilfe von Shadow ausgeräumt werden.

Es hat etwas gedauert, aber letztlich kommt man doch einmal zum Schluß. Die wenigen Handgriffe, die jetzt
noch zu tun sind, sind nicht mehr der Rede wert.

Herzlichen Dank noch einmal für Alles.

wolfk

cosinus 31.01.2013 11:25
Zitat:
Herzlichen Dank noch einmal für Alles.
Keine Ursache, schön dass man helfen konnte :) :abklatsch:


Alle Zeitangaben in WEZ +1. Es ist jetzt 19:09 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19